From c1e58bc9ebfbbcb86b9ee0d7fc987a43896d6996 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dongsu@kinvolk.io>
Date: Wed, 25 Jul 2018 12:06:50 +0200
Subject: [PATCH] Revert "signing/sign: pass user signatures to
 core_sign_update"

This reverts commit 447efbb575a7ea5b3c732e39df894bba8b5b0259.

This is just a temporary workaround to avoid conflicts when using fero.
In the future we should investigate use cases of fero, and use it
by following upstream changes.
---
 signing/sign.sh | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100755 signing/sign.sh

diff --git a/signing/sign.sh b/signing/sign.sh
new file mode 100755
index 0000000000..ecd690a951
--- /dev/null
+++ b/signing/sign.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -ex
+DATA_DIR="$(readlink -f "$1")"
+KEYS_DIR="$(readlink -f "$(dirname "$0")")"
+
+gpg2 --verify "${DATA_DIR}/coreos_production_update.bin.bz2.sig"
+gpg2 --verify "${DATA_DIR}/coreos_production_image.vmlinuz.sig"
+gpg2 --verify "${DATA_DIR}/coreos_production_update.zip.sig"
+bunzip2 --keep "${DATA_DIR}/coreos_production_update.bin.bz2"
+unzip "${DATA_DIR}/coreos_production_update.zip" -d "${DATA_DIR}"
+
+export PATH="${DATA_DIR}:${PATH}"
+
+cd "${DATA_DIR}"
+./core_sign_update \
+    --image "${DATA_DIR}/coreos_production_update.bin" \
+    --kernel "${DATA_DIR}/coreos_production_image.vmlinuz" \
+    --output "${DATA_DIR}/coreos_production_update.gz" \
+    --private_keys "${KEYS_DIR}/devel.key.pem+pkcs11:object=CoreOS_Update_Signing_Key;type=private" \
+    --public_keys  "${KEYS_DIR}/devel.pub.pem+${KEYS_DIR}/prod-2.pub.pem" \
+    --keys_separator "+"