From 1aabe7111e6e71d48bb3d684880489f14b39b17e Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@chromium.org>
Date: Fri, 5 May 2017 17:04:26 -0400
Subject: image_signing: output pubkey in DER format

BRANCH=None
BUG=chromium:718184
TEST=new imageloader works

Change-Id: I430ed616954c820d3d1607eefd4f8e1c60863a8f
Reviewed-on: https://chromium-review.googlesource.com/497914
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
---
 scripts/image_signing/insert_container_publickey.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scripts/image_signing/insert_container_publickey.sh b/scripts/image_signing/insert_container_publickey.sh
index 8724e051..8cd60e4a 100755
--- a/scripts/image_signing/insert_container_publickey.sh
+++ b/scripts/image_signing/insert_container_publickey.sh
@@ -39,9 +39,14 @@ main() {
     mount_image_partition "${image}" 3 "${rootfs}"
   fi
 
+  # Imageloader likes DER as a runtime format as it's easier to read.
+  local tmpfile=$(mktemp)
+  trap "rm -f '${tmpfile}'" EXIT
+  openssl pkey -pubin -in "${pub_key}" -out "${tmpfile}" -pubout -outform DER
+
   sudo install \
     -D -o root -g root -m 644 \
-    "${pub_key}" "${rootfs}/${key_location}/oci-container-key-pub.pem"
+    "${tmpfile}" "${rootfs}/${key_location}/oci-container-key-pub.der"
   info "Container verification key was installed." \
        "Do not forget to resign the image!"
 }
-- 
cgit v1.2.1