Signer script to add update verification public key to an image

Change-Id: If51dd4f7d9e84f2f0f30506a3a9c354bc6a4b07b BUG=chromium-os:7388 TEST=manually tested on an image, verified that the permissions on the copied key were correct. Review URL: http://codereview.chromium.org/6543027
2025-12-25 17:27:18 +00:00 · 2011-02-18 15:51:52 -08:00
parent e73302caae
commit f6af9dde86
1 changed files with 34 additions and 0 deletions
--- a/scripts/image_signing/insert_au_publickey.sh
+++ b/scripts/image_signing/insert_au_publickey.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Install an update payload verification public key to the image.
+
+# Load common constants and variables.
+. "$(dirname "$0")/common.sh"
+
+main() {
+  set -e
+
+  local image="$1"
+  local pub_key="$2"
+  if [ $# -ne 2 ]; then
+    cat <<EOF
+Usage: $PROG <image.bin> <au_public_key.pem>
+Installs the update verification public key <au_public_key.pem> to <image.bin>.
+EOF
+    exit 1
+  fi
+  local rootfs=$(make_temp_dir)
+  local key_location="/usr/share/update_engine/"
+  mount_image_partition "$image" 3 "$rootfs"
+  sudo mkdir -p "$rootfs/$key_location"
+  sudo cp "$pub_key" "$rootfs/$key_location/update-payload-key.pub.pem"
+  sudo chown root:root "$rootfs/$key_location/update-payload-key.pub.pem"
+  sudo chmod 644 "$rootfs/$key_location/update-payload-key.pub.pem"
+  echo "AU verification key was installed. Do not forget to resign the image!"
+}
+
+main "$@"