evan.jarrett.net / hsm-secrets-operator
A Kubernetes operator that bridges Hardware Security Module (HSM) data storage with Kubernetes Secrets, providing true secret portability th
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix socket check on pcscd

Evan Jarrett 3b59c451 bf8f0621

+28 -13
+1 -1
Makefile
··· 3 3 # To re-generate a bundle for another specific version without changing the standard setup, you can: 4 4 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) 5 5 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) 6 - VERSION ?= 0.6.34 6 + VERSION ?= 0.6.35 7 7 8 8 # CHANNELS define the bundle channels used in the bundle. 9 9 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
+2 -2
helm/hsm-secrets-operator/Chart.yaml
··· 2 2 name: hsm-secrets-operator 3 3 description: A Kubernetes operator that bridges Pico HSM binary data storage with Kubernetes Secrets 4 4 type: application 5 - version: 0.6.34 6 - appVersion: v0.6.34 5 + version: 0.6.35 6 + appVersion: v0.6.35 7 7 icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubernetes/icon/color/kubernetes-icon-color.svg 8 8 home: https://github.com/evanjarrett/hsm-secrets-operator 9 9 sources:
+25 -10
internal/agent/pcscd_manager.go
··· 66 66 p.logger.V(1).Info("Runtime directory ready", "dir", dir) 67 67 } 68 68 69 + // Clean up stale socket file from previous runs 70 + // pcscd will fail to start if the socket already exists 71 + socketPath := "/run/pcscd/pcscd.comm" 72 + if err := os.Remove(socketPath); err != nil && !os.IsNotExist(err) { 73 + p.logger.Error(err, "Failed to remove stale socket", "path", socketPath) 74 + return fmt.Errorf("failed to remove stale socket %s: %w", socketPath, err) 75 + } 76 + p.logger.V(1).Info("Cleaned up stale socket", "path", socketPath) 77 + 69 78 // Start pcscd with: 70 79 // -f: foreground mode (don't daemonize) 71 80 // -d: debug output (helps troubleshooting) ··· 147 156 } 148 157 149 158 // waitForReady polls for pcscd readiness by checking if the socket exists. 150 - // PC/SC Lite creates a socket at /var/run/pcscd/pcscd.comm when ready. 159 + // PC/SC Lite creates a socket at /run/pcscd/pcscd.comm when ready. 151 160 // Waits up to 5 seconds with 100ms polling interval. 152 161 func (p *PCSCDManager) waitForReady() error { 153 162 const ( 154 163 maxAttempts = 50 // 50 attempts 155 164 pollInterval = 100 * time.Millisecond // 100ms interval 156 - socketPath = "/var/run/pcscd/pcscd.comm" 157 165 ) 158 166 159 - p.logger.V(1).Info("Waiting for pcscd to be ready", "socket", socketPath) 167 + // Check both possible socket locations (pcscd may use either) 168 + // /run/pcscd is where our volume is mounted 169 + // /var/run/pcscd is the legacy path (symlink on normal systems, but not in FROM scratch) 170 + socketPaths := []string{"/run/pcscd/pcscd.comm", "/var/run/pcscd/pcscd.comm"} 160 171 161 - for i := 0; i < maxAttempts; i++ { 162 - // Check if the socket exists 163 - if _, err := os.Stat(socketPath); err == nil { 164 - p.logger.V(1).Info("pcscd socket detected", "attempts", i+1) 165 - // Give it a tiny bit more time to fully initialize 166 - time.Sleep(100 * time.Millisecond) 167 - return nil 172 + p.logger.V(1).Info("Waiting for pcscd to be ready", "paths", socketPaths) 173 + 174 + for i := range maxAttempts { 175 + // Check if the socket exists at either location 176 + for _, socketPath := range socketPaths { 177 + if _, err := os.Stat(socketPath); err == nil { 178 + p.logger.Info("pcscd socket detected", "path", socketPath, "attempts", i+1) 179 + // Give it a tiny bit more time to fully initialize 180 + time.Sleep(100 * time.Millisecond) 181 + return nil 182 + } 168 183 } 169 184 170 185 // Check if process is still running