Mender client should log whether it verified artifact's digital signature
Description
Currently there is no way for a developer to confirm that the mender client verified a downloaded artifact's digital signature. The log output looks the same whether there was no attempt to verify, or there was a successful verification. Add a log message so that the developer can inspect a deployment log and confirm that a bad signature would be rejected if attempted.
Acceptance Criteria:
There must be no change in the logging or console output from the shared library mender-artifact, because it is used by code other than the mender client.
If the mender client approves a downloaded artifact without verifying the digital signature (for example, because it is not configured with any public key to do so), log an INFO message indicating such.
If the mender client approves a downloaded artifact after verifying a digital signature, log an INFO message indicating such.
Currently there is no way for a developer to confirm that the mender client verified a downloaded artifact's digital signature. The log output looks the same whether there was no attempt to verify, or there was a successful verification. Add a log message so that the developer can inspect a deployment log and confirm that a bad signature would be rejected if attempted.
Acceptance Criteria:
There must be no change in the logging or console output from the shared library mender-artifact, because it is used by code other than the mender client.
If the mender client approves a downloaded artifact without verifying the digital signature (for example, because it is not configured with any public key to do so), log an INFO message indicating such.
If the mender client approves a downloaded artifact after verifying a digital signature, log an INFO message indicating such.