Mender 2.0 beta / mender-artifact 3.0.0b1: "Error selecting images for modification: error validating signature"

I have upgraded to mender 2.0 beta and mender-artifact 3.0.0b1. When I try signing my mender artifact I get this error: “Error selecting images for modification: error validating signature”.
When using mender 1.6 and mender-artifact version 2.3.0 with the same key, it was working as it should. I am using thud branch
Any suggestions?

Thanks for your help!

Hi @jostor,

Can you share the full command that you are running?

I am running./mender-artifact modify artifact-signed.mender -k private.key

Just realized there is also a mender-artifact sign command. This command runs without errors. What is the difference?

Oki, I see it

$ mender-artifact modify my-update-1.0-signed.mender -k private.key
Error selecting images for modification: error validating signature
$ mender-artifact -version
mender-artifact version 3.0.0b1

The difference is different code paths but I do not have detailed insights in this part. This looks like a bug to me and I have created a bug in the tracker where you can track progress of this.

https://tracker.mender.io/browse/MEN-2486

Thanks for reporting.

Ok, thanks for your help!

Hi @jostor and welcome to Mender Hub!

I am working in the bug you reported. I actually found two related issues, but not yet the root cause for yours.

I need to better understand your workflow. I think you do something like:

  1. Create the artifact with mender-artifact write rootfs ... (not signed)
  2. Then signing it with mender-artifact modify -k ...

Is that correct? That workflow is not how mender-artifact is meant to be used. And it fails the same way for me in v2.3.0 and v3.0.0b1

Are you doing something else?

Thanks!

@jostor, some further investigation from our side and it seems that the error you reported (or similar) has been present for a long time and last time this worked was in 2.2.0 version of mender-artifact.

Would be really helpful if you can share the exact commands you used and version when it worked, and when it did not.

I have added some additional information to the ticket and would like to see that we get comparable results to eliminate that it would be something environment specific.

Hi,
Sorry for replying so late. I have been busy with other stuff the last week, and had not checked this thread until today.
I have been building mender artifact with yocto.
After this I have been using the command found here: https://docs.mender.io/2.0/artifacts/signing-and-verification#an-existing-mender-artifact
mender-artifact modify artifact-signed.mender -k private.key
This was working fine before upgrading meta-mender, mender and mender-artifact.
The version I had of mender-artifact before was 2.3.0. Now I have 3.0.0b1

What is the correct way to sign the artifact after building it with bitbake?

Please let me know if you need additional information.

You can use the following command to sign artifacts:

mender-artifact sign -k private.key artifact-signed.mender

Doing this trough the modify command seemed to have some limitations and we have actually dropped the support of signing using modify completely in the upcoming 3.0.0 release.

Thanks! I switched to the sign command last week, and it looks like it is working ok.

Another thing: Are there any documentation describing how to upgrade to the newest versions (mender 2 and mender-artifact 3)? When I have built a version 3 mender artifact, this isn’t compatible with Mender 1.6.x / mender-artifact 2.3.x (which is on my device right now), so I cannot upload this to my device. I guess I have to build a version 2 artifact which is including mender 2 and mender-artifact 3, and after uploading this, I can upload version 3 artifacts. Is this correct?

That is correct. You first must update to the 2.0 client, before you can utilize the Mender Artifact V3.