From d810293d9195d206a34a19d2cbab629e2c4e21cc Mon Sep 17 00:00:00 2001
From: delmarguillen <168364803+delmarguillen@users.noreply.github.com>
Date: Sun, 14 Jun 2026 08:49:13 -0600
Subject: [PATCH] Fix WOPI proof key signing failure

The awk command on line 146 flattens the PEM private key by replacing
real newlines with literal \n characters. When jq --arg receives this,
it treats \n as literal text and escapes it again. The resulting key in
local.json has no real newlines, which OpenSSL cannot decode.

Replace awk with cat so jq --arg receives the raw PEM with real newlines
and encodes them correctly in JSON.

Credit to @tiran133 for identifying the fix in #127.

Signed-off-by: delmarguillen <168364803+delmarguillen@users.noreply.github.com>
---
 build/scripts/standalone/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/scripts/standalone/entrypoint.sh b/build/scripts/standalone/entrypoint.sh
index 24d24b4a33..7fea010373 100644
--- a/build/scripts/standalone/entrypoint.sh
+++ b/build/scripts/standalone/entrypoint.sh
@@ -143,7 +143,7 @@ if [ "$WOPI_ENABLED" = "true" ]; then
   fi
   WOPI_MODULUS=$(openssl rsa -pubin -inform "MS PUBLICKEYBLOB" -modulus -noout -in "$WOPI_PUBLIC_KEY" | sed 's/Modulus=//' | xxd -r -p | openssl base64 -A)
   WOPI_EXPONENT=$(openssl rsa -pubin -inform "MS PUBLICKEYBLOB" -text -noout -in "$WOPI_PUBLIC_KEY" | grep -oP '(?<=Exponent: )\d+')
-  WOPI_PRIVATE_KEY_DATA=$(awk '{printf "%s\\n", $0}' "$WOPI_PRIVATE_KEY")
+  WOPI_PRIVATE_KEY_DATA=$(cat "$WOPI_PRIVATE_KEY")
   WOPI_PUBLIC_KEY_DATA=$(openssl base64 -in "$WOPI_PUBLIC_KEY" -A)
 fi