From 7a7494e99923616e32b585ca45ec3d23314e7539 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Wed, 30 Apr 2014 17:06:32 -0700
Subject: [PATCH 1/4] fix(prod_image_util): Do not install update test key
 anymore.

Leave this to the ebuild, no reason for it to be done here.
---
 build_image                      |  5 +----
 build_library/prod_image_util.sh | 12 ------------
 2 files changed, 1 insertion(+), 16 deletions(-)

diff --git a/build_image b/build_image
index 32eb1caf61..ed8ed5d2be 100755
--- a/build_image
+++ b/build_image
@@ -158,10 +158,7 @@ fi
 
 if should_build_image ${COREOS_PRODUCTION_IMAGE_NAME}; then
   copy_image ${CHROMEOS_BASE_IMAGE_NAME} ${COREOS_PRODUCTION_IMAGE_NAME}
-
-  setup_prod_image ${COREOS_PRODUCTION_IMAGE_NAME} ${DISK_LAYOUT} \
-    ${SRC_ROOT}/third_party/coreos-overlay/coreos-base/coreos-au-key/files/update-payload-key.pub.pem
-
+  setup_prod_image ${COREOS_PRODUCTION_IMAGE_NAME} ${DISK_LAYOUT}
   upload_image "${BUILD_DIR}/${COREOS_PRODUCTION_IMAGE_NAME}"
 fi
 
diff --git a/build_library/prod_image_util.sh b/build_library/prod_image_util.sh
index 0c8417fa30..66b1a44662 100755
--- a/build_library/prod_image_util.sh
+++ b/build_library/prod_image_util.sh
@@ -6,26 +6,14 @@
 setup_prod_image() {
   local image_name="$1"
   local disk_layout="$2"
-  local au_key="$3"
 
   info "Configuring production image ${image_name}"
   local root_fs_dir="${BUILD_DIR}/rootfs"
-  local enable_rootfs_verification_flag=--noenable_rootfs_verification
-  if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
-    enable_rootfs_verification_flag=--enable_rootfs_verification
-  fi
 
   "${BUILD_LIBRARY_DIR}/disk_util" --disk_layout="${disk_layout}" \
       mount "${BUILD_DIR}/${image_name}" "${root_fs_dir}"
   trap "cleanup_mounts '${root_fs_dir}' && delete_prompt" EXIT
 
-  # Install an auto update key on the root before sealing it off
-  local key_location=${root_fs_dir}"/usr/share/update_engine/"
-  sudo mkdir -p "${key_location}"
-  sudo cp "${au_key}" "$key_location/update-payload-key.pub.pem"
-  sudo chown root:root "$key_location/update-payload-key.pub.pem"
-  sudo chmod 644 "$key_location/update-payload-key.pub.pem"
-
   # clean-ups of things we do not need
   sudo rm ${root_fs_dir}/etc/csh.env
   sudo rm -rf ${root_fs_dir}/var/db/pkg

From e1d7b2943650dc9ad794ae7134defccecf8b37a7 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Wed, 30 Apr 2014 17:13:46 -0700
Subject: [PATCH 2/4] feat(disk_util): Add support for extracting partitions.

This will simplify the process of generating update payloads.
---
 build_library/disk_util | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/build_library/disk_util b/build_library/disk_util
index 1647c3c71c..5d220d755a 100755
--- a/build_library/disk_util
+++ b/build_library/disk_util
@@ -648,7 +648,7 @@ def Tune(options):
   part = GetPartition(partitions, options.partition)
 
   if not part['image_compat']:
-    raise InvalidLayout("Disk layout is incompatible existing image")
+    raise InvalidLayout("Disk layout is incompatible with existing image")
 
   if options.disable2fs_rw is not None:
     if part.get('fs_type', None) not in ('ext2', 'ext4'):
@@ -658,6 +658,31 @@ def Tune(options):
     raise Exception("No options specified!")
 
 
+def Extract(options):
+  """Write a single partition out to its own image file.
+
+  Args:
+    options: Flags passed to the script
+  """
+
+  config, partitions = LoadPartitionConfig(options)
+  GetPartitionTableFromImage(options, config, partitions)
+  part = GetPartition(partitions, options.partition)
+
+  if not part['image_compat']:
+    raise InvalidLayout("Disk layout is incompatible with existing image")
+
+  subprocess.check_call(['dd',
+                         'bs=10MB',
+                         'iflag=count_bytes,skip_bytes',
+                         'conv=sparse',
+                         'status=none',
+                         'if=%s' % options.disk_image,
+                         'of=%s' % options.output,
+                         'skip=%s' % part['image_first_byte'],
+                         'count=%s' % part['image_bytes']])
+
+
 def GetPartitionByNumber(partitions, num):
   """Given a partition table and number returns the partition object.
 
@@ -901,6 +926,12 @@ def main(argv):
   a.add_argument('partition', help='number or label of partition to edit')
   a.set_defaults(func=Tune)
 
+  a = actions.add_parser('extract', help='extract a single partition')
+  a.add_argument('disk_image', help='path to disk image file')
+  a.add_argument('partition', help='number or label of partition to edit')
+  a.add_argument('output', help='path to write the partition image to')
+  a.set_defaults(func=Extract)
+
   a = actions.add_parser('readblocksize', help='get device block size')
   a.set_defaults(func=GetBlockSize)
 

From 4e85b172df745e4decb71e71b8a01ca6255e7b6d Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Wed, 30 Apr 2014 19:35:13 -0700
Subject: [PATCH 3/4] feat(build_image): Optionally generate update payload
 with prod images.

---
 build_image                       | 11 ++++++-----
 build_library/build_image_util.sh | 26 ++++++++++++++++++++------
 2 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/build_image b/build_image
index ed8ed5d2be..a5d641db9a 100755
--- a/build_image
+++ b/build_image
@@ -35,6 +35,8 @@ DEFINE_string disk_layout "base" \
   "The disk layout type to use for this image."
 DEFINE_string group "${DEFAULT_GROUP}" \
   "The update group."
+DEFINE_boolean generate_update "${FLAGS_FALSE}" \
+  "Generate update payload. (prod only)"
 
 # include upload options
 . "${BUILD_LIBRARY_DIR}/release_util.sh" || exit 1
@@ -160,15 +162,15 @@ if should_build_image ${COREOS_PRODUCTION_IMAGE_NAME}; then
   copy_image ${CHROMEOS_BASE_IMAGE_NAME} ${COREOS_PRODUCTION_IMAGE_NAME}
   setup_prod_image ${COREOS_PRODUCTION_IMAGE_NAME} ${DISK_LAYOUT}
   upload_image "${BUILD_DIR}/${COREOS_PRODUCTION_IMAGE_NAME}"
+  if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]]; then
+    generate_update "${COREOS_PRODUCTION_IMAGE_NAME}" ${DISK_LAYOUT}
+  fi
 fi
 
 if ! should_build_image ${PRISTINE_IMAGE_NAME}; then
   rm -f "${BUILD_DIR}/${PRISTINE_IMAGE_NAME}"
 fi
 
-# Generating AU generator zip file to run outside chroot
-generate_au_zip || echo "Failed generating AU zip file - ignoring Error..."
-
 # Write out a version.txt file, this will be used by image_to_vm.sh
 tee "${BUILD_DIR}/version.txt" <<EOF
 COREOS_BUILD=${COREOS_BUILD}
@@ -177,8 +179,7 @@ COREOS_PATCH=${COREOS_PATCH}
 COREOS_SDK_VERSION=${COREOS_SDK_VERSION}
 EOF
 
-upload_image -d "${BUILD_DIR}/au-generator.zip.DIGESTS" \
-    "${BUILD_DIR}/au-generator.zip" "${BUILD_DIR}/version.txt"
+upload_image "${BUILD_DIR}/version.txt"
 
 # Create a named symlink.
 LINK_NAME="${FLAGS_output_root}/${BOARD}/${FLAGS_symlink}"
diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh
index fb46c20975..8502d1ebf2 100755
--- a/build_library/build_image_util.sh
+++ b/build_library/build_image_util.sh
@@ -135,14 +135,28 @@ delete_prompt() {
   fi
 }
 
-generate_au_zip () {
-  local lgenerateauzip="${BUILD_LIBRARY_DIR}/generate_au_zip.py"
-  local largs="-o ${BUILD_DIR}"
-  test ! -d "${BUILD_DIR}" && mkdir -p "${BUILD_DIR}"
-  info "Running ${lgenerateauzip} ${largs} for generating AU updater zip file"
+generate_update() {
+  local image_name="$1"
+  local disk_layout="$2"
+  local update_prefix="${image_name%_image.bin}_update"
+  local update="${BUILD_DIR}/${update_prefix}"
+  local devkey="/usr/share/update_engine/update-payload-key.key.pem"
+
+  echo "Generating update payload, signed with a dev key"
+  "${BUILD_LIBRARY_DIR}/disk_util" --disk_layout="${disk_layout}" \
+    extract "${BUILD_DIR}/${image_name}" "USR-A" "${update}.bin"
+  delta_generator -private_key "${devkey}" \
+    -new_image "${update}.bin" -out_file "${update}.gz"
+  delta_generator -private_key "${devkey}" \
+    -in_file "${update}.gz" -out_metadata "${update}.meta"
+
+  info "Generating update tools zip"
   # Make sure some vars this script needs are exported
   export REPO_MANIFESTS_DIR SCRIPTS_DIR
-  $lgenerateauzip $largs
+  "${BUILD_LIBRARY_DIR}/generate_au_zip.py" \
+    --output-dir "${BUILD_DIR}" --zip-name "${update_prefix}.zip"
+
+  upload_image -d "${update}.DIGESTS" "${update}".{bin,gz,meta,zip}
 }
 
 # Basic command to emerge binary packages into the target image.

From 75999b5e2a6c7441ec91bb61df970177c329ead4 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 1 May 2014 10:21:51 -0700
Subject: [PATCH 4/4] fix(build_image): Add group prefix to image output
 directories.

---
 build_library/build_image_util.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh
index 8502d1ebf2..434bc0f8ed 100755
--- a/build_library/build_image_util.sh
+++ b/build_library/build_image_util.sh
@@ -12,9 +12,9 @@
 # Use canonical path since some tools (e.g. mount) do not like symlinks.
 # Append build attempt to output directory.
 if [ -z "${FLAGS_version}" ]; then
-  IMAGE_SUBDIR="${COREOS_VERSION_STRING}-a${FLAGS_build_attempt}"
+  IMAGE_SUBDIR="${FLAGS_group}-${COREOS_VERSION_STRING}-a${FLAGS_build_attempt}"
 else
-  IMAGE_SUBDIR="${FLAGS_version}"
+  IMAGE_SUBDIR="${FLAGS_group}-${FLAGS_version}"
 fi
 BUILD_DIR="${FLAGS_output_root}/${BOARD}/${IMAGE_SUBDIR}"
 OUTSIDE_OUTPUT_DIR="../build/images/${BOARD}/${IMAGE_SUBDIR}"