Artifact-verify-key.pem missing

Hi,

I wanted to migrate from Mender 3.5 to 4.0 on kirkstone and noticed that the artifact verify key was not installed to /etc/mender. I think the reason is that the file is not assigned to the new mender-update package. Instead, bitbake creates a new package mender which gets not installed into the rootfs. I solved this by assigning the file to the mender-update package manually in the mender_%.bbappend:

FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRC_URI:append = " file://artifact-verify-key.pem"
FILES:mender-update += "${sysconfdir}/mender/artifact-verify-key.pem"

I think this should be either fixed or documented.

1 Like

Hi @hesmar,

Thanks a lot for bringing it up. Can you file a ticket on Jira? So you’ll get immediately notified on the progress :slight_smile:

Greets,
Josef

Hi @TheYoctoJester,

not sure how to do that. It seems that I am not allowed to create issues as guest. So I tried to join the team, was that correct?

Ok thanks, I was able to create the ticket now. The issue is tracked here.

2 Likes

Note that only the FILES:mender-update part should be implemented in the fix. If you are using the MENDER_ARTIFACT_VERIFY_KEY variable to specify the key file, you won’t want the FILESEXTRAPATHS:prepend or SRC_URI:append lines. And the need to have those lines in a bbappend file are documented in Building for production | Mender documentation

Hi @hesmar and @sschefter,

This flew under the radar way too long :frowning: But the fix was just merged: Merge pull request #2207 from TheYoctoJester/fix_verification_key_pac… · mendersoftware/meta-mender@c3cb005 · GitHub

Greetz,
Josef