minor code fixes · evan.jarrett.net/hsm-secrets-operator@d9d9fab

+3 -3

CLAUDE.md

··· 324 324 HSM_PIN=$(kubectl get secret hsm-pin -o jsonpath='{.data.pin}' | base64 -d) 325 325 326 326 # List all secrets (requires PIN authentication) 327 - kubectl exec $AGENT_POD -- pkcs11-tool --module="/usr/lib/pkcs11/opensc-pkcs11.so" --login --pin="$HSM_PIN" --list-objects --type=data 327 + kubectl exec $AGENT_POD -- pkcs11-tool --module="/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" --login --pin="$HSM_PIN" --list-objects --type=data 328 328 329 329 # Read specific secret component 330 - kubectl exec $AGENT_POD -- pkcs11-tool --module="/usr/lib/pkcs11/opensc-pkcs11.so" --login --pin="$HSM_PIN" --read-object --type=data --label="my-secret/api_key" 330 + kubectl exec $AGENT_POD -- pkcs11-tool --module="/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" --login --pin="$HSM_PIN" --read-object --type=data --label="my-secret/api_key" 331 331 332 332 # HSM device info 333 - kubectl exec $AGENT_POD -- pkcs11-tool --module="/usr/lib/pkcs11/opensc-pkcs11.so" -I 333 + kubectl exec $AGENT_POD -- pkcs11-tool --module="/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" -I 334 334 ``` 335 335 336 336 **Secret Storage Structure:**

+1 -1

Makefile

··· 3 3 # To re-generate a bundle for another specific version without changing the standard setup, you can: 4 4 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) 5 5 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) 6 - VERSION ?= 0.6.42 6 + VERSION ?= 0.6.43 7 7 8 8 # CHANNELS define the bundle channels used in the bundle. 9 9 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")

+16 -8

cmd/test/main.go

··· 53 53 // Get library path from environment or use default 54 54 libraryPath := os.Getenv("PKCS11_LIBRARY") 55 55 if libraryPath == "" { 56 - // Try common locations 57 - if _, err := os.Stat("/usr/lib/pkcs11/opensc-pkcs11.so"); err == nil { 58 - libraryPath = "/usr/lib/pkcs11/opensc-pkcs11.so" // Production container 59 - } else if _, err := os.Stat("/usr/lib64/pkcs11/opensc-pkcs11.so"); err == nil { 60 - libraryPath = "/usr/lib64/pkcs11/opensc-pkcs11.so" // Fedora/RHEL 61 - } else if _, err := os.Stat("/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so"); err == nil { 62 - libraryPath = "/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so" // Debian/Ubuntu 63 - } else { 56 + // Try common locations (Debian/Ubuntu path first for trixie-slim) 57 + libraryPaths := []string{ 58 + "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so", // Debian/Ubuntu (trixie-slim) 59 + "/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so", // Debian/Ubuntu (older) 60 + "/usr/lib64/pkcs11/opensc-pkcs11.so", // Fedora/RHEL 61 + "/usr/lib/pkcs11/opensc-pkcs11.so", // Generic fallback 62 + } 63 + found := false 64 + for _, path := range libraryPaths { 65 + if _, err := os.Stat(path); err == nil { 66 + libraryPath = path 67 + found = true 68 + break 69 + } 70 + } 71 + if !found { 64 72 log.Fatal("Could not find PKCS#11 library. Set PKCS11_LIBRARY environment variable.") 65 73 } 66 74 }

+2 -2

config/samples/hsm_v1alpha1_hsmdevice.yaml

··· 28 28 29 29 # PKCS#11 configuration per device 30 30 pkcs11: 31 - libraryPath: "/usr/local/lib/libsc-hsm-pkcs11.so" 31 + libraryPath: "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" # OpenSC library for Pico HSM 32 32 slotId: 0 33 33 pinSecret: 34 34 name: "pico-hsm-pin" ··· 59 59 60 60 # PKCS#11 configuration 61 61 pkcs11: 62 - libraryPath: "/usr/lib/opensc-pkcs11.so" 62 + libraryPath: "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" 63 63 slotId: 0 64 64 pinSecret: 65 65 name: "smartcard-hsm-pin"

Configure Feed

Configure Feed