Closed hongkongkiwi closed 3 years ago
Hmm, the above looks right to me. Can you run ldd /usr/lib/x86_64-linux-gnu/pkcs11/aws_kms_pkcs11.so
to check that all of the expected dependencies are available? Assuming that doesn't yield anything obvious I'll throw in some extra debug lines and hopefully that will give us some clues.
I just added a few debug lines and did a release if you want to try testing with it. FWIW here's what it looks like in my environment:
$ AWS_KMS_PKCS11_DEBUG=1 osslsigncode sign -h sha256 -pkcs11engine /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so -pkcs11module /usr/lib/x86_64-linux-gnu/pkcs11/aws_kms_pkcs11.so -certs mycert.pem -key 'pkcs11:' -in foo.exe -out foo-signed.exe
AWS_KMS: Debug enabled.
AWS_KMS: Attempting to load config from path: /etc/aws-kms-pkcs11/config.json
AWS_KMS: Attempting to load config from path: /home/ihaken/.config/aws-kms-pkcs11/config.json
AWS_KMS: Skipping config because we couldn't open the file.
AWS_KMS: Configured to use AWS key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
AWS_KMS: Configured to use AWS region: us-east-1
AWS_KMS: Successfully fetched public key data.
AWS_KMS: Successfully called KMS to do a signing operation.
Succeeded
Install:
$ cat /etc/aws-kms-pkcs11/config.json
{
"kms_key_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"aws_region": "us-east-1"
}
$ ls -lh /usr/lib/x86_64-linux-gnu/pkcs11/aws_kms_pkcs11.so
-rwxr-xr-x 1 root root 3.8M May 29 13:56 /usr/lib/x86_64-linux-gnu/pkcs11/aws_kms_pkcs11.so
Resolved.
Resolved.
How did you resolve this @hongkongkiwi ?
Following instructions and using the pre-compiled module gives these errors:
ssh-add produces the following error:
The module is available and I have chmod +x:
The config is available here:
Any ideas what could cause this error? I couldn't find a way to get better debug information about what hte problem is.