Update verification failed but update still applies on Linux and OS X
With all the updater patches applied, I was trying to update Tor Messenger. I generated the MAR signing key and signed the MAR file and then tried to update. (The build was completed with the associated DER file.)
On Linux and OS X, it complains that the signatures could not be verified but still goes on to complete the update.
On Windows it gives me error code 19, which Bugzilla #742008 tells me: "That is CERT_VERIFY_ERROR, which suggests that the mars are not signed correctly for some reason.". The update does not apply.
This is the log from updating on Linux:
*** AUS:SVC Downloader:onStopRequest - attempting to stage update: Tor Messenger 0.1.0b8
ERROR: Error verifying signature.
ERROR: Not all signatures were verified.
*** AUS:SVC readStatusFile - status: applied, path: /tmp/tor-messenger/Browser/updates/0/update.status
*** AUS:SVC UpdateManager:refreshUpdateStatus - Notifying observers that the update was staged. state: applied, status: applied
Why is Tor Messenger still updating if the signature could not be verified?