fixup! Add support for password-protected signing key

Signed-off-by: jkr0103 <[email protected]>
gramineproject · Oct 3, 2023 · 3d6a456 · 3d6a456
1 parent 3d2cd72
commit 3d6a456
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/templates/Dockerfile.common.sign.template b/templates/Dockerfile.common.sign.template
@@ -3,11 +3,16 @@ FROM {{image}} as unsigned_image
 COPY gsc-signer-key.pem /gramine/app_files/gsc-signer-key.pem
 
 ARG passphrase
-RUN {% block path %}{% endblock %} gramine-sgx-sign \
+ARG passphrase_name="--passphrase"
+
+RUN if [ -z "$passphrase" ]; then \
+      passphrase_name=""; \
+    fi; \
+    {% block path %}{% endblock %} gramine-sgx-sign \
       --key /gramine/app_files/gsc-signer-key.pem \
       --manifest /gramine/app_files/entrypoint.manifest \
       --output /gramine/app_files/entrypoint.manifest.sgx \
-      --passphrase $passphrase
+      ${passphrase_name} ${passphrase}
 
 # This trick removes all temporary files from the previous commands (including gsc-signer-key.pem
 # and passphrase)