releasetools: Fix the payload public key replacement.
update_engine expects the extracted public key instead of the
certificate.
Bug: 28701652
Change-Id: I292d39da9e039f96d01a4214226aeb46f8cb881d
(cherry picked from commit afaf295cb85eb4091bc8a82950acab618b4139ca)
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 3341f9f..b11225c 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -502,10 +502,14 @@
" as payload verification key.\n\n")
print "Using %s for payload verification." % (mapped_keys[0],)
- common.ZipWrite(
+ cmd = common.Run(
+ ["openssl", "x509", "-pubkey", "-noout", "-in", mapped_keys[0]],
+ stdout=subprocess.PIPE)
+ pubkey, _ = cmd.communicate()
+ common.ZipWriteStr(
output_tf_zip,
- mapped_keys[0],
- arcname="SYSTEM/etc/update_engine/update-payload-key.pub.pem")
+ "SYSTEM/etc/update_engine/update-payload-key.pub.pem",
+ pubkey)
return new_recovery_keys