-
-
Notifications
You must be signed in to change notification settings - Fork 12.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
yubico-piv-tool directory structure is incompatible with ssh-add -s
under OSX 10.12
#16385
Comments
Not without significant hacking.
This sounds like your best bet. |
@ilovezfs, near as I can tell This is reported in other threads (such as OpenSC/OpenSC#1008). As of now, the only solution I can find involves copying the library into one of the two pre-defined paths. Is executing a post-install bash script not something brew can easily do? |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
This is still an issue. I replied with further info and am hoping for a response. |
What? I clearly added activity? Does your stalebot only consider owner activity as activity? @ilovezfs |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
:( Any progress? |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
My last attempt at reviving this. @ilovezfs? |
I am also experiencing this as an issue. Is there a plan to resolve it? |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
If you are using they system install of OpenSSH this might be pertinent: Technical Note TN2449 |
@paul-pearce also you may want to try it with brew's openssh and see if you get a different outcome. |
Steps followed, but the issue is not a formula error. The formula installs correctly.
Use the PKCS11 library provided by yubico-piv-tool to perform:
ssh-add -s /usr/local/lib/libykcs11.dylib
(Perform PKCS#11 operations with an yubikey device.)
Could not add card "/usr/local/lib/libykcs11.dylib": agent refused operation
Card added: /usr/local/lib/libykcs11.dylib
Please see the issue filed here with yubico-piv-tool: Yubico/yubico-piv-tool#118
The core issue is the directory structure of this forumla under 10.12 symlinks:
/usr/local/lib/libykcs11.dylib -> ../Cellar/yubico-piv-tool/1.4.0/lib/libykcs11.dylib
Which is a violation of the OSX 10.12
ssh-agent PKCS_WHITELIST
(seeman ssh-agent
). This whitelist only allows PKCS libraries from within/usr/local/lib
and/usr/lib/
, and does not allow symlinks.The fix would be for the formula to copy the library into
/usr/local/lib
instead of symlinking it. Is that possible? (My brew knowledge is low.)The text was updated successfully, but these errors were encountered: