Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

A failure as result of an unsigned artifact doesn't trigger Download_error

Description

Download_error doesn’t get executed when deployment fails because of a bad signature.
The steps to reproduce are in the comments to not make noise here.

Acceptance criteria:

  • The Download_error state script gets executed for failures due to signature

Affects versions

None

Environment

None

Activity

Show:

Kristian AmlieMarch 28, 2023 at 7:51 AM

: Backlog material, medium priority. I would suggest putting this next to https://northerntech.atlassian.net/browse/MEN-6319, since both are in the same area, and both may be implicitly fixed by the C++ client (we are unlikely to make exactly the same bugs twice).

AlanMarch 20, 2023 at 1:19 PM

(FYI )
Please reject or add to backlog and prioritize

AlanMarch 20, 2023 at 1:18 PM

# On the PC curl -O https://raw.githubusercontent.com/mendersoftware/mender/3.4.0/support/modules-artifact-gen/single-file-artifact-gen chmod +x single-file-artifact-gen openssl ecparam -genkey -name prime256v1 -out private-and-params.key openssl ec -in private-and-params.key -out private.key openssl ec -in private-and-params.key -pubout -out public.key DEVICE_TYPE="raspberrypi3" UPDATE_MODULE="single-file" SW_NAME="single-file-SIGNED" SW_VERSION="v.1.0" UPDATE_PAYLOAD="update-content" DEST_DIR="/home/root" ./single-file-artifact-gen --artifact-name $SW_NAME-$SW_VERSION \ --device-type $DEVICE_TYPE \ --dest-dir $DEST_DIR \ --software-name $SW_NAME \ --software-version $SW_VERSION \ --output-path $SW_NAME-$SW_VERSION.mender \ $UPDATE_PAYLOAD mender-artifact sign single-file-SIGNED-v.1.0.mender -k private.key -o single-file-SIGNED-v.1.0.mender # On the device cat > /etc/mender/scripts/Download_Error_05 << EOF #!/bin/sh echo >&2 "##################################" echo >&2 "state_script My name is $STATE_SCRIPT and I am being executed" echo >&2 "##################################" EOF # Move the public.key to the device to /home/root/public.key # Add "ArtifactVerifyKey": "/home/root/public.key" to /etc/mender/mender.conf


Tracing the logs of the device as the deployment takes place, the output from the state script can’t be seen.


Mar 20 13:17:19 raspberrypi3 mender[5409]: time="2023-03-20T13:17:19Z" level=info msg="Validating the Update Info: <REMOVED_LINK_MANUALLY> [name: single-file-NOT_SIGNED-v.1.0; devices: [raspberrypi3]]" Mar 20 13:17:19 raspberrypi3 mender[5409]: time="2023-03-20T13:17:19Z" level=info msg="State transition: update-check [Sync] -> update-fetch [Download_Enter]" Mar 20 13:17:19 raspberrypi3 mender[5409]: time="2023-03-20T13:17:19Z" level=info msg="Running Mender client version: 3.4.0" Mar 20 13:17:19 raspberrypi3 mender[5409]: time="2023-03-20T13:17:19Z" level=info msg="State transition: update-fetch [Download_Enter] -> update-store [Download_Enter]" Mar 20 13:17:19 raspberrypi3 mender[5409]: time="2023-03-20T13:17:19Z" level=error msg="Fetching Artifact headers failed: installer: failed to read Artifact: reader: expecting signed artifact, but no signature file found" Mar 20 13:17:19 raspberrypi3 mender[5409]: time="2023-03-20T13:17:19Z" level=info msg="State transition: update-store [Download_Enter] -> update-status-report [none]" Mar 20 13:17:19 raspberrypi3 mender[5409]: time="2023-03-20T13:17:19Z" level=info msg="State transition: update-status-report [none] -> idle [Idle]" Mar 20 13:17:19 raspberrypi3 mender[5409]: time="2023-03-20T13:17:19Z" level=info msg="State transition: idle [Idle] -> check-wait [Idle]" Mar 20 13:17:19 raspberrypi3 mender[5409]: time="2023-03-20T13:17:19Z" level=info msg="State transition: check-wait [Idle] ->
Fixed

Details

Assignee

Reporter

Labels

Story Points

Priority

Days in progress

0

Fix versions

Backlog

yes

Zendesk Support

Checklist

Created March 20, 2023 at 1:13 PM
Updated June 25, 2024 at 12:02 PM
Resolved March 1, 2024 at 10:28 AM

Flag notifications