would it be possible for you to add an option to
mender install to accept the artifact on STDIN rather than some filesystem? This would enable users to stream it directly from
gpg --decrypt rather than reserve space on the device to temporarily store the artifact.
gz does things.
It might be programmatically easy to do, as Linux provides both STDIN and regular files as file descriptors to the process. Perhaps all you’d have to do is for mender client to access the file descriptor at some hardcoded path if a certain CLI option is encountered, don’t know.
Hi @manuel_vps ,
Thanks for the feedback; could you explain a bit what you’re trying to achieve here? Are you wrapping the Mender artifact with some encryption?
We do have plans to support encrypted artifacts, which may be a better solution for your case?
exactly, that’s what we do. Some of our customers want to refrain from useing networking, hence we want to provide them another way of updating their devices. We don’t want to give them insight into our rootfs, though.
We already have our solution in place. Unless we run out of disk space to intermediately store the decrypted artifact, we are unlikely to pick this issue up again.
Note that apart from encryption, there might be other use cases where streaming the artifact to
mender install might be useful:
cat my-artifact | ssh email@example.com | mender install