From 882b969931f9febb6e85fbd03e86363786ce0662 Mon Sep 17 00:00:00 2001 From: Pascal Hartig Date: Tue, 10 Jan 2023 06:14:43 -0800 Subject: [PATCH] Reroll CircleCI secrets (#4433) Summary: Rerolled the secrets used to publish to maven and the key to encrypt the additional gradle properties. Changing to pbkdf2-based key derivation, too, which should hopefully be supported by the CircleCI host. Ref: https://circleci.com/blog/january-4-2023-security-alert/ Ref: T141744585 Pull Request resolved: https://github.com/facebook/flipper/pull/4433 Reviewed By: antonk52 Differential Revision: D42431128 Pulled By: passy fbshipit-source-id: ec0ba2c7eecfd8cb206ccf2086604bf28dbea313 --- scripts/gradle-publish-keys.enc | Bin 128 -> 128 bytes scripts/publish-android-snapshot.sh | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/gradle-publish-keys.enc b/scripts/gradle-publish-keys.enc index fc7d1b95abea83dd811f6d472740e63b99a8dc86..632242340b74a37e2abf5256902f3d99ca50c577 100644 GIT binary patch literal 128 zcmV-`0Du2eVQh3|WM5zN27qTP$7uCW%0r&J#+PZ(r~?4<`=u*sA}e$gk;MNuk{S$p z0}jJ^S)1Ew;Fo3ZzM5HJMVUi5O{?&@Wzg%CDHsTd4KxW;nyyni^VHX>hZ~IHE`aU6 i&@u(0N1;?=ECW^}U>)+&1-9Qd3TQ8I%A4`rxA?I{Bt4q| literal 128 zcmV-`0Du2eVQh3|WM5zRPbTjZU;l(*Hs$-j8G@WD#CMNNY}(i6!WXDsH%|TO5E}Ih z*QhFb->!9>uAJc}F!o=X;1HN&MxZCv^qKrCB&>+EqeFo5%L>@^@&v0eV4qaZ)*?-` i)~sFFi@t5Fg5BQFpUKVGX+>24 diff --git a/scripts/publish-android-snapshot.sh b/scripts/publish-android-snapshot.sh index 840ff7429..898675c78 100755 --- a/scripts/publish-android-snapshot.sh +++ b/scripts/publish-android-snapshot.sh @@ -16,6 +16,6 @@ elif [ "$IS_SNAPSHOT" == "" ]; then echo "Skipping build. Given build doesn't appear to be a SNAPSHOT release." exit 1 else - openssl aes-256-cbc -d -in scripts/gradle-publish-keys.enc -k "$ANDROID_PUBLISH_KEY" >> "$BASEDIR/gradle.properties" + openssl aes-256-cbc -pbkdf2 -d -in scripts/gradle-publish-keys.enc -k "$ANDROID_PUBLISH_KEY" >> "$BASEDIR/gradle.properties" "$BASEDIR"/gradlew publish fi