From dd8c063770a378e0dde3adddf005d4521f233a6c Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Tue, 13 Feb 2024 15:43:43 +0100 Subject: [PATCH] core_sign_update: Work with a mapped pcscd socket The sdk user in the container might rejected by the pcscd on the host. Work around that by running the openssl command as root. --- core_sign_update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core_sign_update b/core_sign_update index cce8aad503..fca2ca8191 100755 --- a/core_sign_update +++ b/core_sign_update @@ -136,7 +136,7 @@ i=1 signature_sizes="" for key in "${private_keys[@]}"; do if [[ "${key}" == pkcs11* ]]; then - OPENSSL_CONF=/etc/ssl/pkcs11.cnf openssl pkeyutl -engine pkcs11 -sign -keyform engine -inkey "${key}" -in update.pkcs11-padhash -out "update.sig.${i}" + sudo OPENSSL_CONF=/etc/ssl/pkcs11.cnf openssl pkeyutl -engine pkcs11 -sign -keyform engine -inkey "${key}" -in update.pkcs11-padhash -out "update.sig.${i}" elif [[ "${key}" == fero* ]]; then fero-client \ --address $FLAGS_signing_server_address \