infra: use corrected certificate chain generation algorithm #5

	name: Execute Readme Steps

	on:
	push:
	branches:
	- feature/*

	jobs:
	sign-image-steps:
	runs-on: ubuntu-24.04
	container: python:3.9.2-buster
	steps:
	- name: Generate Certificates, Install c2pie, and Sign Image
	run: \|
	openssl genpkey \
	-algorithm RSA-PSS \
	-pkeyopt rsa_keygen_bits:2048
	-pkeyopt rsa_pss_keygen_md:sha256 \
	-pkeyopt rsa_pss_keygen_mgf1_md:sha256 \
	-pkeyopt rsa_pss_keygen_saltlen:32 \
	-out private_key.key

	openssl req -new -x509 \
	-key private_key.key \
	-sha256 -days 825 \
	-subj "/C=US/ST=CA/L=Somewhere/O=C2PA Test Signing Cert/OU=FOR TESTING_ONLY/CN=C2PA PSS Signer/emailAddress=pie@example.com" \
	-addext "basicConstraints=critical,CA:false" \
	-addext "keyUsage=critical,digitalSignature,nonRepudiation" \
	-addext "extendedKeyUsage=critical,emailProtection" \
	-out certificate_chain.pem

	pip install c2pie

	wget https://raw.githubusercontent.com/TourmalineCore/c2pie/refs/heads/master/example_app/test_files/test_image.jpg

	export C2PIE_PRIVATE_KEY_FILE=./private_key.key
	export C2PIE_CERTIFICATE_CHAIN_FILE=./certificate_chain.pem

	c2pie sign --input_file ./test_image.jpg

	- name: Upload Signed Image
	uses: actions/upload-artifact@v4
	with:
	name: signed_test_image
	path: signed_test_image.jpg

	verify-image-steps:
	needs: sign-image-steps
	runs-on: ubuntu-24.04
	container: rust:1.90.0-bullseye
	steps:
	- name: Download Signed Image
	uses: actions/download-artifact@v5
	with:
	name: signed_test_image

	- name: Install c2patool and Verify Signed Image
	run: \|
	cargo install c2patool

	c2patool signed_test_image.jpg

Provide feedback