fixup! Add support for password-protected signing key

Signed-off-by: jkr0103 <[email protected]>
gramineproject · Oct 23, 2023 · 8606fce · 8606fce
1 parent 3d6a456
commit 8606fce
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 7 deletions.
diff --git a/gsc.py b/gsc.py
@@ -541,7 +541,7 @@ def gsc_info_image(args):
     default='config.yaml', help='Specify configuration file.')
 sub_sign.add_argument('image', help='Name of the application (base) Docker image.')
 sub_sign.add_argument('key', help='Key to sign the Intel SGX enclaves inside the Docker image.')
-sub_sign.add_argument('-p', '--passphrase', help='Passphrase for the signing key.')
+sub_sign.add_argument('-p', '--passphrase', "--password", help='Passphrase for the signing key.')
 sub_sign.add_argument('-D','--define', action='append', default=[],
     help='Set image sign-time variables.')
 sub_sign.add_argument('--remove-gramine-deps', action='append_const', dest='define',

diff --git a/templates/Dockerfile.common.sign.template b/templates/Dockerfile.common.sign.template
@@ -3,16 +3,12 @@ FROM {{image}} as unsigned_image
 COPY gsc-signer-key.pem /gramine/app_files/gsc-signer-key.pem
 
 ARG passphrase
-ARG passphrase_name="--passphrase"
 
-RUN if [ -z "$passphrase" ]; then \
-      passphrase_name=""; \
-    fi; \
-    {% block path %}{% endblock %} gramine-sgx-sign \
+RUN {% block path %}{% endblock %} gramine-sgx-sign \
       --key /gramine/app_files/gsc-signer-key.pem \
       --manifest /gramine/app_files/entrypoint.manifest \
       --output /gramine/app_files/entrypoint.manifest.sgx \
-      ${passphrase_name} ${passphrase}
+      ${passphrase:+--passphrase "$passphrase"}
 
 # This trick removes all temporary files from the previous commands (including gsc-signer-key.pem
 # and passphrase)