Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pass in private key as STDIN to TemurinSignSBOM #4094

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Haroon-Khel
Copy link
Contributor

As per #3946 (comment)

These changes allow a user to pass in the private key as STDIN using the --privateKeyFileSTDIN option

java temurin.sbom.TemurinSignSBOM --verbose --signSBOM --jsonFile $SBOM_FILE --privateKeyFileSTDIN

The way we intend to use it in https://ci.adoptium.net/job/build-scripts/job/release/job/sign_temurin_jsf is by piping the decrypted private key at STDIN into the above command, to prevent the decrypted key from being stored as a file

Copy link
Contributor

@andrew-m-leonard andrew-m-leonard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good I think

Copy link
Member

@sxa sxa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One other option that might be worth considering is that it's quite common to allow - as the filename to mean "read from stdin" but I'm also ok with this if that would be more problematic. Approving on the assumption that you've tested that both file name and stdin are working with these changes :-)

@Haroon-Khel
Copy link
Contributor Author

Ive only tested this locally so far. Will merge once I test it in https://ci.adoptium.net/job/build-scripts/job/release/job/sign_temurin_jsf

@Haroon-Khel Haroon-Khel marked this pull request as draft December 18, 2024 15:45
@Haroon-Khel
Copy link
Contributor Author

Haroon-Khel commented Dec 19, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants