From f6af9dde86a72baa708caea3fd6bdef26bf3a0e3 Mon Sep 17 00:00:00 2001 From: Gaurav Shah Date: Fri, 18 Feb 2011 15:51:52 -0800 Subject: [PATCH] Signer script to add update verification public key to an image Change-Id: If51dd4f7d9e84f2f0f30506a3a9c354bc6a4b07b BUG=chromium-os:7388 TEST=manually tested on an image, verified that the permissions on the copied key were correct. Review URL: http://codereview.chromium.org/6543027 --- scripts/image_signing/insert_au_publickey.sh | 34 ++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100755 scripts/image_signing/insert_au_publickey.sh diff --git a/scripts/image_signing/insert_au_publickey.sh b/scripts/image_signing/insert_au_publickey.sh new file mode 100755 index 0000000000..d0ee960747 --- /dev/null +++ b/scripts/image_signing/insert_au_publickey.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# Copyright (c) 2011 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# Install an update payload verification public key to the image. + +# Load common constants and variables. +. "$(dirname "$0")/common.sh" + +main() { + set -e + + local image="$1" + local pub_key="$2" + if [ $# -ne 2 ]; then + cat < +Installs the update verification public key to . +EOF + exit 1 + fi + local rootfs=$(make_temp_dir) + local key_location="/usr/share/update_engine/" + mount_image_partition "$image" 3 "$rootfs" + sudo mkdir -p "$rootfs/$key_location" + sudo cp "$pub_key" "$rootfs/$key_location/update-payload-key.pub.pem" + sudo chown root:root "$rootfs/$key_location/update-payload-key.pub.pem" + sudo chmod 644 "$rootfs/$key_location/update-payload-key.pub.pem" + echo "AU verification key was installed. Do not forget to resign the image!" +} + +main "$@"