Giters

theparanoids / crypki

A simple service for interacting with an HSM or other PKCS#11 device.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

modulepath in init_hsm.sh appears to point at the wrong location

dennisgove opened this issue · comments

commented

I'm attempting to follow the README instructions to build the Docker image but am running into an error wheninit_hsm.sh executes.

crypki $> docker build -f docker-softhsm/Dockerfile -t crypki-local .
[+] Building 39.3s (16/16) FINISHED
.....
 => ERROR [stage-1 7/7] RUN mkdir -p /var/log/crypki /opt/crypki /opt/crypki/slot_pubkeys && apt-get update && apt-get install -y softhsm opensc openssl && /bin/bash -x /opt/crypki/init_hsm.sh                              8.9s
------
 > [stage-1 7/7] RUN mkdir -p /var/log/crypki /opt/crypki /opt/crypki/slot_pubkeys && apt-get update && apt-get install -y softhsm opensc openssl && /bin/bash -x /opt/crypki/init_hsm.sh:
#16 0.311 Get:1 http://deb.debian.org/debian sid InRelease [161 kB]
.....
#16 8.893 + /usr/bin/pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --pin 123456 --slot 1037941344 --keypairgen --label user_ssh --key-type EC:prime384v1 --private
#16 8.895 sc_dlopen failed: /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so: cannot open shared object file: No such file or directory
#16 8.895 error: Failed to load pkcs11 module
#16 8.895 Aborting.
------
executor failed running [/bin/sh -c mkdir -p /var/log/crypki /opt/crypki /opt/crypki/slot_pubkeys && apt-get update && apt-get install -y softhsm opensc openssl && /bin/bash -x /opt/crypki/init_hsm.sh]: exit code: 1

The file /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so does not exist even after apt-get install -y softhsm opensc openssl successfully completes. Further investigation shows that package actually installs the .so to /usr/lib/softhsm/libsofthsm2.so.

Changing the modulepath in init_hsm.sh allows the script to complete successfully and the image to be created.

Total diff is

diff --git a/docker-softhsm/init_hsm.sh b/docker-softhsm/init_hsm.sh
index 3bd8741..92814bd 100755
--- a/docker-softhsm/init_hsm.sh
+++ b/docker-softhsm/init_hsm.sh
@@ -24,7 +24,7 @@ error() {
 SOPIN=1234
 USERPIN=123456

-modulepath="/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so"
+modulepath="/usr/lib/softhsm/libsofthsm2.so"
 slot_pubkeys_path="/opt/crypki/slot_pubkeys"

 user_ssh_label="user_ssh"

I'm running this on an Apple M1 Macbook Pro, which may be the root cause.

Are others running into this issue as well? I'm happy to submit a PR with this change if so.