diff --git a/core_roller_upload b/core_roller_upload
index eb04023c97..ea337e6ab1 100755
--- a/core_roller_upload
+++ b/core_roller_upload
@@ -14,8 +14,6 @@ DEFINE_string board "amd64-usr" \
     "Board type of the image"
 DEFINE_string payload "coreos_production_update.gz" \
     "Path to the update payload"
-DEFINE_string metadata "coreos_production_update.meta" \
-    "Path to the update metadata"
 DEFINE_string version "${COREOS_VERSION_STRING}" \
     "Version number of this build."
 DEFINE_string app_id "e96281a6-d1af-4bde-9a0a-97b76e56dc57" \
@@ -53,13 +51,12 @@ GS_URL="${FLAGS_storage}/${FLAGS_board}/${FLAGS_version}/update.gz"
 HTTP_URL="https://commondatastorage.googleapis.com/${GS_URL#gs://}"
 gsutil cp "${FLAGS_payload}" "${GS_URL}"
 
-rollerctl \
-	-s ${FLAGS_endpoint} \
-	-u ${FLAGS_user} \
-	-k ${FLAGS_api_key} \
-	new-package \
-	--url "${HTTP_URL}" \
-	--file "${FLAGS_payload}" \
-	--meta "${FLAGS_metadata}" \
-	--version "${FLAGS_version}" \
-	"${FLAGS_app_id}"
+updatectl \
+        --server="${FLAGS_endpoint}" \
+        --user="${FLAGS_user}" \
+        --key="${FLAGS_api_key}" \
+        package create \
+        --app-id="${FLAGS_app_id}" \
+        --file="${FLAGS_payload}" \
+        --url="${HTTP_URL}" \
+	--version="${FLAGS_version}"
diff --git a/core_sign_update b/core_sign_update
index c29cb563d1..f327fb7660 100755
--- a/core_sign_update
+++ b/core_sign_update
@@ -10,6 +10,9 @@
 #		--public_keys update.pub.pem:update2.pub.pem
 
 SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
+# We have to simple-mindedly set GCLIENT_ROOT in case we're running from
+# au-generator.zip because common.sh will fail while auto-detect it.
+export GCLIENT_ROOT=$(readlink -f "${SCRIPT_ROOT}/../../")
 . "${SCRIPT_ROOT}/common.sh" || exit 1
 
 DEFINE_string image "" "The image that should be sent to clients."
diff --git a/offline_signing/sign.sh b/offline_signing/sign.sh
index 9e77a6f5f3..e27b3c9625 100755
--- a/offline_signing/sign.sh
+++ b/offline_signing/sign.sh
@@ -1,17 +1,19 @@
 #!/bin/bash
 
 set -ex
-DATA_DIR="$1"
+DATA_DIR="$(readlink -f "$1")"
+KEYS_DIR="$(readlink -f "$(dirname "$0")")"
 
-gpg --verify "${DATA_DIR}/coreos_production_update.bin.bz2.sig"
-gpg --verify "${DATA_DIR}/coreos_production_update.zip.sig"
+gpg2 --verify "${DATA_DIR}/coreos_production_update.bin.bz2.sig"
+gpg2 --verify "${DATA_DIR}/coreos_production_update.zip.sig"
 bunzip2 --keep "${DATA_DIR}/coreos_production_update.bin.bz2"
 unzip "${DATA_DIR}/coreos_production_update.zip" -d "${DATA_DIR}"
 
 export PATH="${DATA_DIR}:${PATH}"
 
-core_sign_update \
+cd "${DATA_DIR}"
+./core_sign_update \
     --image "${DATA_DIR}/coreos_production_update.bin" \
-    --output "${DATA_DIR}/update.gz" \
-    --private_keys "devel.key.pem:prod-2.key.pem" \
-    --public_keys  "devel.pub.pem:prod-2.pub.pem"
+    --output "${DATA_DIR}/coreos_production_update.gz" \
+    --private_keys "${KEYS_DIR}/devel.key.pem:${KEYS_DIR}/prod-2.key.pem" \
+    --public_keys  "${KEYS_DIR}/devel.pub.pem:${KEYS_DIR}/prod-2.pub.pem"