From ee61cea8baac6810c702cadc64cc6e8df72deb25 Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Tue, 7 Oct 2025 16:15:38 -0700
Subject: [PATCH 1/2] fix(supplychain): set subject correctly for provenance
 generation

---
 .github/workflows/build.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a6cca677..2b94e6ae 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -162,7 +162,10 @@ jobs:
         id: hash
         run: |
           set -euo pipefail
-          echo "hashes=$(sha256sum ./secureblue/trivalent-1*.rpm | base64 -w0)" >> "$GITHUB_OUTPUT"
+
+          trivalent_rpm_file=$(find ./secureblue -name 'trivalent-*.rpm' ! -name 'trivalent-qt6-ui-*.rpm')
+          hashes=$(sha256sum "${trivalent_rpm_file}" | base64 -w0)
+          echo "hashes=${hashes}" >> "$GITHUB_OUTPUT"
 
       - name: Upload RPM and logs to R2 to trivalent Bucket
         shell: bash

From fa90564d9962dcb3d58511944cc8c85208c441ef Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Tue, 7 Oct 2025 17:14:54 -0700
Subject: [PATCH 2/2] Update build.yml

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 76e500af..58054de2 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -163,7 +163,7 @@ jobs:
         run: |
           set -euo pipefail
 
-          trivalent_rpm_file=$(find ./secureblue -name 'trivalent-*.rpm' ! -name 'trivalent-qt6-ui-*.rpm')
+          trivalent_rpm_file=$(find ./secureblue -name "trivalent-*.rpm" ! -name "trivalent-qt6-ui-*.rpm")
           hashes=$(sha256sum "${trivalent_rpm_file}" | base64 -w0)
           echo "hashes=${hashes}" >> "$GITHUB_OUTPUT"