For Mender artifact signing, you must have the mender-artifact tool available
in the PATH. Visit the Mender documentation pages and
go to the "Downloads" section to find a download of a pre-built copy of this tool,
or follow the instructions there for building it from source. Installing it in
/usr/local/bin should make it available.
For Mender artifacts, the signing key is expected to be at
${DIGSIGSERVER_KEYFILE_URI}/${distro}/mender/private.key
where ${distro} is the value of the distro= parameter included in the signing request.
Request type: POST
Endpoint: /sign/mender
Expected parameters:
distro=<distro>- a name for the "distro", used to locate the signing keysartifact-uri=<url>- a URL thatdigsigservercan use to download the Mender artifact
Because Mender full-image artifacts are often hundreds of megabytes or larger, the artifact
itself is not posted in the body of the request. Instead, a URL is provided (currently
only supporting file:// and s3:// URLs). The client must upload the artifact to the
specified location. digsigserver will download it, apply the signature, then upload
the signed copy back to the same location.
Response: no body, just a status code
Example client: mendersign.bbclass