Signer script to add update verification public key to an image

scripts/image_signing/insert_au_publickey.sh

Index: scripts/image_signing/insert_au_publickey.sh
diff --git a/scripts/image_signing/insert_au_publickey.sh b/scripts/image_signing/insert_au_publickey.sh
new file mode 100755
index 0000000000000000000000000000000000000000..cb269dccbce8c6be4840f680647f24b69e6cd756
--- /dev/null
+++ b/scripts/image_signing/insert_au_publickey.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Install an update payload verification public key to the image.
+
+# Load common constants and variables.
+. "$(dirname "$0")/common.sh"
+
+main() {
+  set -e
+
+  local image=$1

[petkov, 2011/02/18 23:38:49]

"$1"?

[gauravsh, 2011/02/18 23:51:24]

Done.

+  local pub_key=$2

[petkov, 2011/02/18 23:38:49]

"$2"?

[gauravsh, 2011/02/18 23:51:24]

Done.

+  if [ $# -ne 2 ]; then
+    cat <<EOF
+Usage: $PROG <image.bin> <au_public_key.pem>
+Installs the update verification public key <au_public_key.pem> to <image.bin>.
+EOF
+    exit 1
+  fi
+  local rootfs=$(make_temp_dir)
+  local key_location="/usr/share/update_engine/"
+  mount_image_partition "$image" 3 "$rootfs"
+  sudo mkdir -p "$rootfs/$key_location"
+  sudo cp "$pub_key" "$rootfs/$key_location/update-payload-key.pub.pem"
+  sudo chown root:root "$rootfs/$key_location/update-payload-key.pub.pem"

[petkov, 2011/02/18 23:38:49]

do we also want to chmod it explicitly or we'll just leave (semi-random?)
default?

[petkov, 2011/02/18 23:38:49]

I assume root UID/GUID is always 0/0 so this is safe...

[gauravsh, 2011/02/18 23:51:24]

I think so.

[gauravsh, 2011/02/18 23:51:24]

Good idea - in case the umask is screwed up or something. Changed to 644

+}
+
+main "$@"