From 13b6962e8d8b89a3d8679c70a391a83d2368eb42 Mon Sep 17 00:00:00 2001
From: Tao Bao <tbao@google.com>
Date: Wed, 6 Jul 2016 15:28:59 -0700
Subject: [PATCH] releasetools: Fix the payload public key replacement.

update_engine expects the extracted public key instead of the
certificate.

Bug: 28701652
Change-Id: I292d39da9e039f96d01a4214226aeb46f8cb881d
(cherry picked from commit afaf295cb85eb4091bc8a82950acab618b4139ca)
---
 tools/releasetools/sign_target_files_apks.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 3341f9f5d6..b11225c180 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -502,10 +502,14 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info):
             " as payload verification key.\n\n")
 
     print "Using %s for payload verification." % (mapped_keys[0],)
-    common.ZipWrite(
+    cmd = common.Run(
+        ["openssl", "x509", "-pubkey", "-noout", "-in", mapped_keys[0]],
+        stdout=subprocess.PIPE)
+    pubkey, _ = cmd.communicate()
+    common.ZipWriteStr(
         output_tf_zip,
-        mapped_keys[0],
-        arcname="SYSTEM/etc/update_engine/update-payload-key.pub.pem")
+        "SYSTEM/etc/update_engine/update-payload-key.pub.pem",
+        pubkey)
 
   return new_recovery_keys