Closed hongkongkiwi closed 3 years ago
JackOfMostTrades
commented
3 years ago Hmm, the above looks right to me. Can you run ldd /usr/lib/x86_64-linux-gnu/pkcs11/aws_kms_pkcs11.so to check that all of the expected dependencies are available? Assuming that doesn't yield anything obvious I'll throw in some extra debug lines and hopefully that will give us some clues.
JackOfMostTrades
commented
3 years ago I just added a few debug lines and did a release if you want to try testing with it. FWIW here's what it looks like in my environment:
$ AWS_KMS_PKCS11_DEBUG=1 osslsigncode sign -h sha256 -pkcs11engine /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so -pkcs11module /usr/lib/x86_64-linux-gnu/pkcs11/aws_kms_pkcs11.so -certs mycert.pem -key 'pkcs11:' -in foo.exe -out foo-signed.exe
AWS_KMS: Debug enabled.
AWS_KMS: Attempting to load config from path: /etc/aws-kms-pkcs11/config.json
AWS_KMS: Attempting to load config from path: /home/ihaken/.config/aws-kms-pkcs11/config.json
AWS_KMS: Skipping config because we couldn't open the file.
AWS_KMS: Configured to use AWS key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
AWS_KMS: Configured to use AWS region: us-east-1
AWS_KMS: Successfully fetched public key data.
AWS_KMS: Successfully called KMS to do a signing operation.
SucceededInstall:
$ cat /etc/aws-kms-pkcs11/config.json
{
"kms_key_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"aws_region": "us-east-1"
}
$ ls -lh /usr/lib/x86_64-linux-gnu/pkcs11/aws_kms_pkcs11.so
-rwxr-xr-x 1 root root 3.8M May 29 13:56 /usr/lib/x86_64-linux-gnu/pkcs11/aws_kms_pkcs11.so
hongkongkiwi
commented
3 years ago Resolved.
o6uoq
commented
1 month ago Resolved.
How did you resolve this @hongkongkiwi ?
Following instructions and using the pre-compiled module gives these errors:
ssh-add produces the following error:
The module is available and I have chmod +x:
The config is available here:
Any ideas what could cause this error? I couldn't find a way to get better debug information about what hte problem is.