From f1c81df7f386dc8af9d601b1f147d10a33468aa5 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Wed, 25 Jun 2014 22:20:56 -0700 Subject: [PATCH 1/3] updates: minor fixes for offline signing wrapper script - Fedora provides gpg2 by default, not gpg. - The zip file's root must be the current directory. --- offline_signing/sign.sh | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/offline_signing/sign.sh b/offline_signing/sign.sh index 9e77a6f5f3..e27b3c9625 100755 --- a/offline_signing/sign.sh +++ b/offline_signing/sign.sh @@ -1,17 +1,19 @@ #!/bin/bash set -ex -DATA_DIR="$1" +DATA_DIR="$(readlink -f "$1")" +KEYS_DIR="$(readlink -f "$(dirname "$0")")" -gpg --verify "${DATA_DIR}/coreos_production_update.bin.bz2.sig" -gpg --verify "${DATA_DIR}/coreos_production_update.zip.sig" +gpg2 --verify "${DATA_DIR}/coreos_production_update.bin.bz2.sig" +gpg2 --verify "${DATA_DIR}/coreos_production_update.zip.sig" bunzip2 --keep "${DATA_DIR}/coreos_production_update.bin.bz2" unzip "${DATA_DIR}/coreos_production_update.zip" -d "${DATA_DIR}" export PATH="${DATA_DIR}:${PATH}" -core_sign_update \ +cd "${DATA_DIR}" +./core_sign_update \ --image "${DATA_DIR}/coreos_production_update.bin" \ - --output "${DATA_DIR}/update.gz" \ - --private_keys "devel.key.pem:prod-2.key.pem" \ - --public_keys "devel.pub.pem:prod-2.pub.pem" + --output "${DATA_DIR}/coreos_production_update.gz" \ + --private_keys "${KEYS_DIR}/devel.key.pem:${KEYS_DIR}/prod-2.key.pem" \ + --public_keys "${KEYS_DIR}/devel.pub.pem:${KEYS_DIR}/prod-2.pub.pem" From 112b60690c1450e5d064885e98bbb0fee3338c37 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Wed, 25 Jun 2014 22:41:24 -0700 Subject: [PATCH 2/3] updates: fix running core_sign_update from update.zip --- core_sign_update | 3 +++ 1 file changed, 3 insertions(+) diff --git a/core_sign_update b/core_sign_update index c29cb563d1..f327fb7660 100755 --- a/core_sign_update +++ b/core_sign_update @@ -10,6 +10,9 @@ # --public_keys update.pub.pem:update2.pub.pem SCRIPT_ROOT=$(dirname $(readlink -f "$0")) +# We have to simple-mindedly set GCLIENT_ROOT in case we're running from +# au-generator.zip because common.sh will fail while auto-detect it. +export GCLIENT_ROOT=$(readlink -f "${SCRIPT_ROOT}/../../") . "${SCRIPT_ROOT}/common.sh" || exit 1 DEFINE_string image "" "The image that should be sent to clients." From 2a7c3f31e669d0b1c4e9859c8bb5dc847d4be64c Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Wed, 25 Jun 2014 22:42:07 -0700 Subject: [PATCH 3/3] updates: switch to updatectl 1.1.0, remove metadata option. --- core_roller_upload | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/core_roller_upload b/core_roller_upload index eb04023c97..ea337e6ab1 100755 --- a/core_roller_upload +++ b/core_roller_upload @@ -14,8 +14,6 @@ DEFINE_string board "amd64-usr" \ "Board type of the image" DEFINE_string payload "coreos_production_update.gz" \ "Path to the update payload" -DEFINE_string metadata "coreos_production_update.meta" \ - "Path to the update metadata" DEFINE_string version "${COREOS_VERSION_STRING}" \ "Version number of this build." DEFINE_string app_id "e96281a6-d1af-4bde-9a0a-97b76e56dc57" \ @@ -53,13 +51,12 @@ GS_URL="${FLAGS_storage}/${FLAGS_board}/${FLAGS_version}/update.gz" HTTP_URL="https://commondatastorage.googleapis.com/${GS_URL#gs://}" gsutil cp "${FLAGS_payload}" "${GS_URL}" -rollerctl \ - -s ${FLAGS_endpoint} \ - -u ${FLAGS_user} \ - -k ${FLAGS_api_key} \ - new-package \ - --url "${HTTP_URL}" \ - --file "${FLAGS_payload}" \ - --meta "${FLAGS_metadata}" \ - --version "${FLAGS_version}" \ - "${FLAGS_app_id}" +updatectl \ + --server="${FLAGS_endpoint}" \ + --user="${FLAGS_user}" \ + --key="${FLAGS_api_key}" \ + package create \ + --app-id="${FLAGS_app_id}" \ + --file="${FLAGS_payload}" \ + --url="${HTTP_URL}" \ + --version="${FLAGS_version}"