From 0733fbeaf84b6977942274d4614a635927ca9507 Mon Sep 17 00:00:00 2001
From: Tao Bao <tbao@google.com>
Date: Wed, 17 Apr 2019 15:08:17 -0700
Subject: [PATCH] Move update-payload-key.pub.pem into a module.

This allows update_engine listing the file as a required module,
regardless of the value in AB_OTA_UPDATER.

Bug: 130516531
Test: Build aosp_arm64-userdebug w/o setting AB_OTA_UPDATER. Check that
      /system/etc/update_engine/update-payload-key.pub.pem is available.
Change-Id: Ied041aca750e7260402ae8dbf65ff740d0b87205
---
 target/product/security/Android.mk | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk
index 1d695aedcc..a0b2d6dc65 100644
--- a/target/product/security/Android.mk
+++ b/target/product/security/Android.mk
@@ -60,3 +60,30 @@ $(LOCAL_BUILT_MODULE): \
 	    $(extra_recovery_keys)
 	$(SOONG_ZIP) -o $@ -j \
 	    $(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file))
+
+
+#######################################
+# update_engine_payload_key, used by update_engine. We use the same key as otacerts but in RSA
+# public key format.
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := update_engine_payload_key
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_STEM := update-payload-key.pub.pem
+LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/update_engine
+include $(BUILD_SYSTEM)/base_rules.mk
+$(LOCAL_BUILT_MODULE): $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+	openssl x509 -pubkey -noout -in $< > $@
+
+
+#######################################
+# update_engine_payload_key for recovery image, used by update_engine.
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := update_engine_payload_key.recovery
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_STEM := update-payload-key.pub.pem
+LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/etc/update_engine
+include $(BUILD_SYSTEM)/base_rules.mk
+$(LOCAL_BUILT_MODULE): $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+	openssl x509 -pubkey -noout -in $< > $@