A Kubernetes operator that bridges Hardware Security Module (HSM) data storage with Kubernetes Secrets, providing true secret portability th
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

chore: bump version to 0.6.23

+44 -3
+2
Dockerfile
··· 73 73 COPY --from=builder /usr/lib/*/liblz4.so.1* /lib/*/liblz4.so.1* /usr/lib/ 74 74 COPY --from=builder /usr/lib/*/libgpg-error.so.0* /lib/*/libgpg-error.so.0* /usr/lib/ 75 75 COPY --from=builder /lib/*/libgcc_s.so.1* /usr/lib/ 76 + # Copy zlib for pkcs11-tool 77 + COPY --from=builder /lib/*/libz.so.1* /usr/lib/ 76 78 77 79 # Copy essential binaries 78 80 COPY --from=builder /usr/sbin/pcscd /usr/sbin/
+1 -1
Makefile
··· 3 3 # To re-generate a bundle for another specific version without changing the standard setup, you can: 4 4 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) 5 5 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) 6 - VERSION ?= 0.6.22 6 + VERSION ?= 0.6.23 7 7 8 8 # CHANNELS define the bundle channels used in the bundle. 9 9 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
+39
entrypoint.sh
··· 22 22 udevadm settle --timeout=2 2>/dev/null || true 23 23 fi 24 24 25 + # Apply CCID interface fix for Pico HSM 26 + echo "Applying CCID interface fix for Pico HSM..." 27 + 28 + # Backup original CCID configuration 29 + if [ -f /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist ]; then 30 + cp /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist /tmp/Info.plist.backup 31 + 32 + # Fix 1: Enable CCID Exchange option to allow interface flexibility 33 + # This makes CCID try interface 0 first instead of expecting interface 1 34 + sed -i 's/<string>0x0000<\/string>/<string>0x0001<\/string>/' \ 35 + /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist 36 + 37 + # Fix 2: Add flexible interface detection for Pico HSM 38 + # Create a temporary script to patch CCID behavior at runtime 39 + cat > /tmp/ccid-interface-patch.sh << 'EOF' 40 + #!/busybox/sh 41 + # Runtime patch for CCID interface detection 42 + # This allows CCID to try both interface 0 and 1 for Pico HSM 43 + 44 + # Method 1: Set environment variables that CCID respects 45 + export LIBCCID_ifdLogLevel=0x000F # Maximum debug 46 + export PCSCLITE_DEBUG=3 # PCSCD debug 47 + 48 + # Method 2: If CCID fails on interface 1, restart and try interface 0 49 + # This is handled by our Info.plist modification above 50 + 51 + echo "CCID interface patch applied - will try interface 0 first, then 1" 52 + EOF 53 + chmod +x /tmp/ccid-interface-patch.sh 54 + /tmp/ccid-interface-patch.sh 55 + 56 + echo "CCID configuration modified:" 57 + echo "- Enabled DRIVER_OPTION_CCID_EXCHANGE_AUTHORIZED (0x01)" 58 + echo "- Set maximum debug logging for interface detection" 59 + echo "- CCID will now try interface 0 first (Pico HSM), then interface 1 (real Nitrokey)" 60 + else 61 + echo "WARNING: CCID Info.plist not found, skipping interface fix" 62 + fi 63 + 25 64 # Start pcscd with debug output 26 65 echo "Starting pcscd..." 27 66 pcscd -f -d -a &
+2 -2
helm/hsm-secrets-operator/Chart.yaml
··· 2 2 name: hsm-secrets-operator 3 3 description: A Kubernetes operator that bridges Pico HSM binary data storage with Kubernetes Secrets 4 4 type: application 5 - version: 0.6.22 6 - appVersion: v0.6.22 5 + version: 0.6.23 6 + appVersion: v0.6.23 7 7 icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubernetes/icon/color/kubernetes-icon-color.svg 8 8 home: https://github.com/evanjarrett/hsm-secrets-operator 9 9 sources: