From 7480ee03b31c880ffdae4860aca8ff74f570ae1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 24 Jul 2024 17:21:52 +0200 Subject: [PATCH] jwt: fix passing private_key_file to command --- buildbot_nix/github/jwt_token.py | 9 ++++++++- nix/master.nix | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/buildbot_nix/github/jwt_token.py b/buildbot_nix/github/jwt_token.py index a0f9ad4..32fbabd 100644 --- a/buildbot_nix/github/jwt_token.py +++ b/buildbot_nix/github/jwt_token.py @@ -51,7 +51,14 @@ class JWTToken(RepoToken): def rs256_sign(data: str, private_key_file: Path) -> str: signature = subprocess.run( - ["openssl", "dgst", "-binary", "-sha256", "-sign", private_key_file], + [ + "openssl", + "dgst", + "-binary", + "-sha256", + "-sign", + str(private_key_file), + ], input=data.encode("utf-8"), stdout=subprocess.PIPE, check=True, diff --git a/nix/master.nix b/nix/master.nix index 9a4d520..43c3161 100644 --- a/nix/master.nix +++ b/nix/master.nix @@ -445,7 +445,7 @@ in else if (cfg.github.authType ? "app") then { id = cfg.github.authType.app.id; - secret_key_file = cfg.github.authType.app.secretKeyFile; + secret_key_file = "github-app-secret-key"; installation_token_map_file = "github-app-installation-token-map.json"; project_id_map_file = "github-app-project-id-map-name.json"; jwt_token_map = "github-app-jwt-token";