mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-08 05:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

core_sign_update: Work with a mapped pcscd socket

Browse Source 
The sdk user in the container might rejected by the pcscd on the host.
Work around that by running the openssl command as root.
This commit is contained in:
Kai Lueke 2024-02-13 15:43:43 +01:00
parent c48d4d2cad
commit dd8c063770
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core_sign_update
View File

@ -136,7 +136,7 @@ i=1
signature_sizes="" signature_sizes=""
for key in "${private_keys[@]}"; do for key in "${private_keys[@]}"; do
if [[ "${key}" == pkcs11* ]]; then if [[ "${key}" == pkcs11* ]]; then
OPENSSL_CONF=/etc/ssl/pkcs11.cnf openssl pkeyutl -engine pkcs11 -sign -keyform engine -inkey "${key}" -in update.pkcs11-padhash -out "update.sig.${i}" sudo OPENSSL_CONF=/etc/ssl/pkcs11.cnf openssl pkeyutl -engine pkcs11 -sign -keyform engine -inkey "${key}" -in update.pkcs11-padhash -out "update.sig.${i}"
elif [[ "${key}" == fero* ]]; then elif [[ "${key}" == fero* ]]; then
fero-client \ fero-client \
--address $FLAGS_signing_server_address \ --address $FLAGS_signing_server_address \