+1 -1

Dockerfile

reviewed

··· 11 11 # and so that source changes don't invalidate our downloaded layer 12 12 RUN go mod download 13 13 14 14 - COPY cmd/ cmd/ 14 14 + COPY cmd/manager cmd/manager 15 15 COPY api/ api/ 16 16 COPY internal/ internal/ 17 17

+26 -1

Dockerfile.discovery

reviewed

··· 19 19 # Build discovery binary only 20 20 RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o discovery cmd/discovery/main.go 21 21 22 22 + FROM alpine:3.22 AS base 23 23 + 24 24 + # Update Alpine packages 25 25 + RUN apk update 26 26 + 27 27 + # Install compilation tools 28 28 + RUN apk add --no-cache \ 29 29 + git \ 30 30 + gcc \ 31 31 + g++ \ 32 32 + make \ 33 33 + cmake \ 34 34 + pkgconfig \ 35 35 + openssl-dev \ 36 36 + pcsc-lite-dev \ 37 37 + libusb-dev \ 38 38 + autoconf \ 39 39 + automake \ 40 40 + libtool 41 41 + 42 42 + RUN cd / && git clone https://github.com/CardContact/sc-hsm-embedded.git 43 43 + WORKDIR /sc-hsm-embedded 44 44 + RUN autoreconf -fi && ./configure 45 45 + RUN make && make install 46 46 + 22 47 FROM alpine:3.22 23 48 RUN apk add --no-cache opensc-dev ccid pcsc-lite openssl libtool libusb 24 49 ··· 30 55 COPY --from=builder /workspace/manager . 31 56 USER 65532:65532 32 57 33 33 - ENTRYPOINT ["/manager"] 58 58 + ENTRYPOINT ["/manager"]

+133 -5

internal/discovery/usb.go

reviewed

··· 274 274 return devices, nil 275 275 } 276 276 277 277 - // findHSMDevicePath looks for HSM device paths without requiring root access 278 278 - func (u *USBDiscoverer) findHSMDevicePath(vendorID, productID string) string { 277 277 + // findHSMDevicePath looks for HSM device paths using sysfs information 278 278 + func (u *USBDiscoverer) findHSMDevicePath(sysfsPath, vendorID, productID string) string { 279 279 + // Method 1: Extract bus/device numbers and construct /dev/bus/usb path 280 280 + if usbDevPath := u.findUSBDevicePath(sysfsPath); usbDevPath != "" { 281 281 + u.logger.V(2).Info("Found USB device path", "path", usbDevPath, "vendorId", vendorID, "productId", productID) 282 282 + return usbDevPath 283 283 + } 284 284 + 285 285 + // Method 2: Check for serial device nodes (ttyUSB, ttyACM) 286 286 + if serialPath := u.findSerialDevicePath(sysfsPath); serialPath != "" { 287 287 + u.logger.V(2).Info("Found serial device path", "path", serialPath, "vendorId", vendorID, "productId", productID) 288 288 + return serialPath 289 289 + } 290 290 + 291 291 + // Method 3: Check for HID device nodes (hidraw) 292 292 + if hidPath := u.findHIDDevicePath(sysfsPath); hidPath != "" { 293 293 + u.logger.V(2).Info("Found HID device path", "path", hidPath, "vendorId", vendorID, "productId", productID) 294 294 + return hidPath 295 295 + } 296 296 + 297 297 + // Method 4: Fallback to common paths (legacy compatibility) 298 298 + if commonPath := u.findCommonDevicePath(vendorID, productID); commonPath != "" { 299 299 + u.logger.V(2).Info("Found common device path", "path", commonPath, "vendorId", vendorID, "productId", productID) 300 300 + return commonPath 301 301 + } 302 302 + 303 303 + return "" 304 304 + } 305 305 + 306 306 + // findUSBDevicePath constructs /dev/bus/usb path from sysfs path 307 307 + func (u *USBDiscoverer) findUSBDevicePath(sysfsPath string) string { 308 308 + // Extract bus and device numbers from sysfs path 309 309 + // sysfsPath looks like: /sys/bus/usb/devices/1-6 310 310 + // We need to read busnum and devnum files 311 311 + 312 312 + busNumPath := filepath.Join(sysfsPath, "busnum") 313 313 + devNumPath := filepath.Join(sysfsPath, "devnum") 314 314 + 315 315 + busNum, err1 := u.readSysfsFile(busNumPath) 316 316 + devNum, err2 := u.readSysfsFile(devNumPath) 317 317 + 318 318 + if err1 != nil || err2 != nil { 319 319 + u.logger.V(2).Info("Could not read bus/dev numbers", "sysfsPath", sysfsPath, "busErr", err1, "devErr", err2) 320 320 + return "" 321 321 + } 322 322 + 323 323 + busNum = strings.TrimSpace(busNum) 324 324 + devNum = strings.TrimSpace(devNum) 325 325 + 326 326 + // Format as 3-digit numbers for /dev/bus/usb path 327 327 + if len(busNum) == 1 { 328 328 + busNum = "00" + busNum 329 329 + } else if len(busNum) == 2 { 330 330 + busNum = "0" + busNum 331 331 + } 332 332 + 333 333 + if len(devNum) == 1 { 334 334 + devNum = "00" + devNum 335 335 + } else if len(devNum) == 2 { 336 336 + devNum = "0" + devNum 337 337 + } 338 338 + 339 339 + // Construct device path 340 340 + usbDevPath := fmt.Sprintf("/dev/bus/usb/%s/%s", busNum, devNum) 341 341 + 342 342 + // Check both container and host-mounted paths 343 343 + if u.deviceExists(usbDevPath) { 344 344 + return usbDevPath 345 345 + } 346 346 + 347 347 + return "" 348 348 + } 349 349 + 350 350 + // findSerialDevicePath looks for ttyUSB/ttyACM device nodes 351 351 + func (u *USBDiscoverer) findSerialDevicePath(sysfsPath string) string { 352 352 + // Look for tty subdirectories in sysfs 353 353 + ttyPattern := filepath.Join(sysfsPath, "*", "tty", "tty*") 354 354 + matches, err := filepath.Glob(ttyPattern) 355 355 + if err != nil { 356 356 + return "" 357 357 + } 358 358 + 359 359 + for _, match := range matches { 360 360 + devName := filepath.Base(match) 361 361 + devPath := "/dev/" + devName 362 362 + if u.deviceExists(devPath) { 363 363 + return devPath 364 364 + } 365 365 + } 366 366 + 367 367 + return "" 368 368 + } 369 369 + 370 370 + // findHIDDevicePath looks for hidraw device nodes 371 371 + func (u *USBDiscoverer) findHIDDevicePath(sysfsPath string) string { 372 372 + // Look for hidraw subdirectories in sysfs 373 373 + hidPattern := filepath.Join(sysfsPath, "*", "hidraw", "hidraw*") 374 374 + matches, err := filepath.Glob(hidPattern) 375 375 + if err != nil { 376 376 + return "" 377 377 + } 378 378 + 379 379 + for _, match := range matches { 380 380 + devName := filepath.Base(match) 381 381 + devPath := "/dev/" + devName 382 382 + if u.deviceExists(devPath) { 383 383 + return devPath 384 384 + } 385 385 + } 386 386 + 387 387 + return "" 388 388 + } 389 389 + 390 390 + // findCommonDevicePath checks common device paths (legacy fallback) 391 391 + func (u *USBDiscoverer) findCommonDevicePath(vendorID, _ string) string { 279 392 // Common HSM device paths that might be accessible without root 280 393 commonPaths := []string{ 281 394 "/dev/ttyUSB0", "/dev/ttyUSB1", "/dev/ttyUSB2", "/dev/ttyUSB3", ··· 294 407 } 295 408 296 409 for _, path := range commonPaths { 297 297 - if _, err := os.Stat(path); err == nil { 298 298 - u.logger.V(2).Info("Found HSM device path", "path", path, "vendorId", vendorID, "productId", productID) 410 410 + if u.deviceExists(path) { 299 411 return path 300 412 } 301 413 } ··· 303 415 return "" 304 416 } 305 417 418 418 + // deviceExists checks if a device path exists, trying both container and host-mounted paths 419 419 + func (u *USBDiscoverer) deviceExists(devicePath string) bool { 420 420 + // Try both container and host-mounted paths 421 421 + paths := []string{ 422 422 + devicePath, // /dev/ttyUSB0 or /dev/bus/usb/001/002 423 423 + "/host" + devicePath, // /host/dev/ttyUSB0 or /host/dev/bus/usb/001/002 424 424 + } 425 425 + 426 426 + for _, path := range paths { 427 427 + if _, err := os.Stat(path); err == nil { 428 428 + return true 429 429 + } 430 430 + } 431 431 + return false 432 432 + } 433 433 + 306 434 // parseUSBDeviceFromSysfs parses USB device information directly from sysfs (native lsusb equivalent) 307 435 func (u *USBDiscoverer) parseUSBDeviceFromSysfs(devicePath string) *USBDevice { 308 436 device := &USBDevice{ ··· 340 468 } 341 469 342 470 // Try to find associated device paths 343 343 - device.DevicePath = u.findHSMDevicePath(device.VendorID, device.ProductID) 471 471 + device.DevicePath = u.findHSMDevicePath(devicePath, device.VendorID, device.ProductID) 344 472 345 473 // Add additional device info 346 474 device.DeviceInfo["sysfs-path"] = devicePath