Merge pull request #10 from philips/add-code-signing

feat(core_update_developer_track): add code signing

core_update_developer_track.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 usage="
-usage: $0 <image.bin> <api key>\n
+usage: $0 <image.bin> <api key> <public-rsa-key> <private-rsa-key>\n
 \n
 Setting everything up for use\n
 
@@ -13,9 +13,11 @@ update.
 "
 
 FILE=$1
-KEY=$2
+APIKEY=$2
+PUB=$3
+KEY=$4
 
-if [ $# -ne 2 ]; then
+if [ $# -ne 4 ]; then
   echo -e $usage
   exit
 fi
@@ -26,7 +28,19 @@ if [ ! -f $FILE ]; then
   exit
 fi
 
-cros_generate_update_payload --image $FILE --output /tmp/update.gz
+# Generate a payload and sign it with our private key
+cros_generate_update_payload --image $FILE --output /tmp/update.gz --private_key $KEY
+
+# Verify that the payload signature is OK
+delta_generator -in_file /tmp/update.gz -public_key $PUB || exit
+
+# Generate the metadata payload
+delta_generator -out_metadata /tmp/update.metadata -private_key $KEY -in_file /tmp/update.gz || exit
+
 MD5SUM=$(md5sum $FILE | cut -f1 -d" ")
 gsutil cp /tmp/update.gz gs://update-storage.core-os.net/developer-build/$MD5SUM/update.gz
-core-admin new-version -k $KEY -v 9999.0.0 -a {e96281a6-d1af-4bde-9a0a-97b76e56dc57} -t developer-build -p $MD5SUM /tmp/update.gz
+CORE_UPDATE_URL="https://core-api.appspot.com" core-admin new-version \
+	-k $APIKEY -v 9999.0.0 \
+	-a {e96281a6-d1af-4bde-9a0a-97b76e56dc57} \
+	-m /tmp/update.metadata \
+	-t developer-build -p $MD5SUM /tmp/update.gz