evan.jarrett.net / hsm-secrets-operator
A Kubernetes operator that bridges Hardware Security Module (HSM) data storage with Kubernetes Secrets, providing true secret portability th
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

chore: bump version to 0.6.24

Evan Jarrett 7480bfda 23dc1f6c

+23 -29
+23 -29
entrypoint.sh
··· 25 25 # Apply CCID interface fix for Pico HSM 26 26 echo "Applying CCID interface fix for Pico HSM..." 27 27 28 - # Backup original CCID configuration 29 - if [ -f /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist ]; then 30 - cp /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist /tmp/Info.plist.backup 31 - 32 - # Fix 1: Enable CCID Exchange option to allow interface flexibility 33 - # This makes CCID try interface 0 first instead of expecting interface 1 34 - sed -i 's/<string>0x0000<\/string>/<string>0x0001<\/string>/' \ 35 - /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist 36 - 37 - # Fix 2: Add flexible interface detection for Pico HSM 38 - # Create a temporary script to patch CCID behavior at runtime 39 - cat > /tmp/ccid-interface-patch.sh << 'EOF' 40 - #!/busybox/sh 41 - # Runtime patch for CCID interface detection 42 - # This allows CCID to try both interface 0 and 1 for Pico HSM 28 + # Check if we can modify the CCID configuration 29 + CCID_CONFIG="/usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist" 30 + if [ -f "$CCID_CONFIG" ]; then 31 + # Create backup 32 + cp "$CCID_CONFIG" /tmp/Info.plist.backup 43 33 44 - # Method 1: Set environment variables that CCID respects 45 - export LIBCCID_ifdLogLevel=0x000F # Maximum debug 46 - export PCSCLITE_DEBUG=3 # PCSCD debug 34 + echo "Original CCID driver options:" 35 + grep -A 1 "ifdDriverOptions" "$CCID_CONFIG" || echo "Not found" 47 36 48 - # Method 2: If CCID fails on interface 1, restart and try interface 0 49 - # This is handled by our Info.plist modification above 37 + # Fix: Enable CCID Exchange option (0x01) for interface flexibility 38 + # This makes CCID more permissive about interface selection 39 + if grep -q "<string>0x0000</string>" "$CCID_CONFIG"; then 40 + sed -i 's/<string>0x0000<\/string>/<string>0x0001<\/string>/' "$CCID_CONFIG" 41 + echo "✅ Enabled DRIVER_OPTION_CCID_EXCHANGE_AUTHORIZED (0x01)" 42 + else 43 + echo "⚠️ CCID driver options already modified or not found" 44 + fi 50 45 51 - echo "CCID interface patch applied - will try interface 0 first, then 1" 52 - EOF 53 - chmod +x /tmp/ccid-interface-patch.sh 54 - /tmp/ccid-interface-patch.sh 46 + echo "Modified CCID driver options:" 47 + grep -A 1 "ifdDriverOptions" "$CCID_CONFIG" || echo "Not found" 55 48 56 - echo "CCID configuration modified:" 57 - echo "- Enabled DRIVER_OPTION_CCID_EXCHANGE_AUTHORIZED (0x01)" 58 - echo "- Set maximum debug logging for interface detection" 59 - echo "- CCID will now try interface 0 first (Pico HSM), then interface 1 (real Nitrokey)" 49 + echo "CCID interface fix applied:" 50 + echo "- Pico HSM interface 0 should now be tried first" 51 + echo "- CCID will be more flexible about interface detection" 52 + echo "- Debug environment variables: LIBCCID_ifdLogLevel=$LIBCCID_ifdLogLevel" 60 53 else 61 - echo "WARNING: CCID Info.plist not found, skipping interface fix" 54 + echo "❌ CCID Info.plist not found at $CCID_CONFIG" 55 + echo "Falling back to environment variables only" 62 56 fi 63 57 64 58 # Start pcscd with debug output