ci: tests: build: Ensure only random sha used as ssh key comment

pdxjohnny · Dec 15, 2023 · b283d7a · b283d7a
1 parent f1eedec
commit b283d7a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -82,7 +82,7 @@ jobs:
     - name: Generate keypair to sign SCITT statement
       id: scitt-gen-keypair
       run: |
-        ssh-keygen -q -f ssh-private -t ecdsa -b 384 -N '' -C "$(head -n 100 /dev/urandom | sha384sum)" -I "$(date -Iseconds)" <<<y
+        ssh-keygen -q -f ssh-private -t ecdsa -b 384 -N '' -C "$(head -n 100 /dev/urandom | sha384sum | awk '{print $1}')" -I "$(date -Iseconds)" <<<y
         cat ssh-private | python -c 'import sys; from cryptography.hazmat.primitives import serialization; print(serialization.load_ssh_private_key(sys.stdin.buffer.read(), password=None).private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()).decode().rstrip())' > private-key.pem
         cat ssh-private.pub | tee -a public-keys/authorized_keys
         rm -v ssh-private