add pkcs11-config-path command line parameter (#192)

Signed-off-by: Vasilyev, Viacheslav <viacheslav.vasilyev@accenture.com> Co-authored-by: Vasilyev, Viacheslav <viacheslav.vasilyev@accenture.com>
sigstore · Oct 1, 2021 · e3bb9cb · e3bb9cb
1 parent 9f97249
commit e3bb9cb
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/cmd/app/createca.go b/cmd/app/createca.go
@@ -46,7 +46,7 @@ such as organization, country etc. This can then be used as the root
 certificate authority for an instance of sigstore fulcio`,
 	Run: func(cmd *cobra.Command, args []string) {
 		log.Logger.Info("binding to PKCS11 HSM")
-		p11Ctx, err := crypto11.ConfigureFromFile("config/crypto11.conf")
+		p11Ctx, err := crypto11.ConfigureFromFile(viper.GetString("pkcs11-config-path"))
 		if err != nil {
 			log.Logger.Fatal(err)
 		}

diff --git a/cmd/app/root.go b/cmd/app/root.go
@@ -51,6 +51,7 @@ func init() {
 	rootCmd.PersistentFlags().String("hsm-caroot-id", "", "HSM ID for Root CA (only used with --ca fulcio)")
 	rootCmd.PersistentFlags().String("ct-log-url", "http://localhost:6962/test", "host and path (with log prefix at the end) to the ct log")
 	rootCmd.PersistentFlags().String("config-path", "/etc/fulcio-config/config.json", "path to fulcio config json")
+	rootCmd.PersistentFlags().String("pkcs11-config-path", "config/crypto11.conf", "path to fulcio pkcs11 config file")
 
 	if err := viper.BindPFlags(rootCmd.PersistentFlags()); err != nil {
 		log.Logger.Fatal(err)

diff --git a/pkg/pkcs11/pkcs11.go b/pkg/pkcs11/pkcs11.go
@@ -17,10 +17,11 @@ package pkcs11
 
 import (
 	"github.com/ThalesIgnite/crypto11"
+	"github.com/spf13/viper"
 )
 
 func InitHSMCtx() (*crypto11.Context, error) {
-	p11Ctx, err := crypto11.ConfigureFromFile("config/crypto11.conf")
+	p11Ctx, err := crypto11.ConfigureFromFile(viper.GetString("pkcs11-config-path"))
 	if err != nil {
 		return nil, err
 	}