ci: testing: build: Update search for SCITT notary key using key comment

intel · Dec 15, 2023 · ebb2721 · ebb2721
1 parent fbd4d42
commit ebb2721
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
@@ -85,7 +85,7 @@ jobs:
     - name: Generate keypair to sign SCITT statement
       id: scitt-gen-keypair
       run: |
-        ssh-keygen -q -f ssh-private -t ecdsa -b 384 -N '' -I "$(date -Iseconds)" <<<y
+        ssh-keygen -q -f ssh-private -t ecdsa -b 384 -N '' -C "$(head -n 100 /dev/urandom | sha384sum | awk '{print $1}')" -I "$(date -Iseconds)" <<<y
         cat ssh-private | python -c 'import sys; from cryptography.hazmat.primitives import serialization; print(serialization.load_ssh_private_key(sys.stdin.buffer.read(), password=None).private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()).decode().rstrip())' > private-key.pem
         cat ssh-private.pub | tee -a public-keys/authorized_keys
         rm -v ssh-private
@@ -107,8 +107,8 @@ jobs:
         set +e
         found=1
         while [ ${found} -eq 1 ]; do
-          curl -vfL https://raw.githubusercontent.com/intel/dffml/public-keys/authorized_keys | tee authorized_keys
-          grep "$(cat ../ssh-private.pub)" authorized_keys
+          curl -vfL https://raw.githubusercontent.com/${{ github.repository }}/public-keys/authorized_keys | tee authorized_keys
+          grep "$(cat ../ssh-private.pub | awk '{print $NF}')" authorized_keys
           found=$?
         done
     - name: Submit SBOM to SCITT