.mender file incomplete

I’m having issues signing my artifacts since a few days. I did some digging, and somehow the .mender files are incomplete. mender-artifact read shows the rootfs image is over 200MB big, but the .mender file itself is only 90MB. I’m using version 2 of the artifact format.

The mender-artifact version is 3.0.1. Am I missing something obvious?

I already cleared out the cache of my yocto installation twice.

The Mender Artifact (.mender) is compressed, so it is expected to be smaller then the rootfs image.

Can you share the errors you are seeing, or steps to reproduce the problems you are experiencing.

The issue is that mender-artifact sign, gives the following error:

Could not finalize tar archive: archive/tar: missed writing 90393524 bytes

Ouch. Turns out, that using mender-artifact 2.4.1, it just works, but with 3.0.1, i get the mentioned error.

Hm, yepp. I can see it as well.

This worked just fine,

mender-artifact write rootfs-image -t beaglebone -n mender-2.0.1 -f core-image-base-beaglebone-yocto-grub.ext4 -k private.key -o artifact-signed.mender

But trying to sign an existing artifact gave me a similar error to yours,

$ mender-artifact sign artifact.mender -k private.key -o artifact-signed.mender
Could not finalize tar archive: archive/tar: missed writing 37277864 bytes

Created a bug,

https://tracker.mender.io/browse/MEN-2631

Don’t have time to test this yet, but can I use an old (2.4.1) mender-artifact to sign directory artifacts?

Did some investigation: If the artifact is less than 1M, than it should work with 3.0.1. If it’s larger, than unfortunately you cannot sign a directory artifact with that command (2.4.1 lacks the functionality, and 3.0.1 has the bug). However, you can sign it with 3.0.1 while making the initial artifact, like this:

directory-artifact-gen <OTHER_OPTIONS> -- -k private.key

You may get a message that the verification fails with the provided key, but this is just because the directory-artifact-gen script isn’t smart enough to pass the correct key to mender-artifact. You can verify it manually with mender-artifact read -k public.key <ARTIFACT>.