diff options
-rwxr-xr-x | scripts/image_signing/insert_container_publickey.sh | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/scripts/image_signing/insert_container_publickey.sh b/scripts/image_signing/insert_container_publickey.sh index 8724e051..8cd60e4a 100755 --- a/scripts/image_signing/insert_container_publickey.sh +++ b/scripts/image_signing/insert_container_publickey.sh @@ -39,9 +39,14 @@ main() { mount_image_partition "${image}" 3 "${rootfs}" fi + # Imageloader likes DER as a runtime format as it's easier to read. + local tmpfile=$(mktemp) + trap "rm -f '${tmpfile}'" EXIT + openssl pkey -pubin -in "${pub_key}" -out "${tmpfile}" -pubout -outform DER + sudo install \ -D -o root -g root -m 644 \ - "${pub_key}" "${rootfs}/${key_location}/oci-container-key-pub.pem" + "${tmpfile}" "${rootfs}/${key_location}/oci-container-key-pub.der" info "Container verification key was installed." \ "Do not forget to resign the image!" } |