dockeryubiconotary

Docker Notary doesn't find Yubikey


I'm running Ubuntu 16 LTS with docker, Notary 0.4.3 and yubico-piv-tool 1.5.0 The piv tool works with the yubokey, can create certificates and also import them to the yubikey. Notary works okay as well, but it doesn't seem to notice the yubikey.

When downgrading to yubikey-piv-tools 1.4.0 I get the following panic report: when installing yubico-piv-tool 1.4.0 I think NOtary fnds the key but panics out with the following report

fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x0]

runtime stack:
runtime.throw(0x99e364, 0x2a)
    /usr/local/go/src/runtime/panic.go:566 +0x95
runtime.sigpanic()
    /usr/local/go/src/runtime/sigpanic_unix.go:12 +0x2cc

goroutine 1 [syscall, locked to thread]:
runtime.cgocall(0x8012b0, 0xc420049e88, 0xc400000000)
    /usr/local/go/src/runtime/cgocall.go:131 +0x110 fp=0xc420049e58 sp=0xc420049e18
github.com/docker/notary/vendor/github.com/miekg/pkcs11._Cfunc_New(0x1cccfa0, 0x0)
    ??:0 +0x4a fp=0xc420049e88 sp=0xc420049e58
github.com/docker/notary/vendor/github.com/miekg/pkcs11.New(0x994909, 0x1b, 0x0)
    /go/src/github.com/docker/notary/vendor/github.com/miekg/pkcs11/pkcs11.go:755 +0xa1 fp=0xc420049ec8 sp=0xc420049e88
github.com/docker/notary/trustmanager/yubikey.init.1()
    /go/src/github.com/docker/notary/trustmanager/yubikey/yubikeystore.go:98 +0xb6 fp=0xc420049f30 sp=0xc420049ec8
github.com/docker/notary/trustmanager/yubikey.init()
    /go/src/github.com/docker/notary/trustmanager/yubikey/yubikeystore.go:915 +0x91 fp=0xc420049f38 sp=0xc420049f30
github.com/docker/notary/client.init()
    /go/src/github.com/docker/notary/client/witness.go:70 +0x9b fp=0xc420049f40 sp=0xc420049f38
main.init()
    /go/src/github.com/docker/notary/cmd/notary/util.go:55 +0x4b fp=0xc420049f48 sp=0xc420049f40
runtime.main()
    /usr/local/go/src/runtime/proc.go:172 +0x1bf fp=0xc420049fa0 sp=0xc420049f48
runtime.goexit()
    /usr/local/go/src/runtime/asm_amd64.s:2086 +0x1 fp=0xc420049fa8 sp=0xc420049fa0

goroutine 17 [syscall, locked to thread]:
runtime.goexit()
    /usr/local/go/src/runtime/asm_amd64.s:2086 +0x1

Solution

  • Build notary from Source fixes the issue. go build -tags pkcs11