Yubico · Aug 15, 2024
diff --git a/‎.github/workflows/release_linux.yml
+187-87 b/‎.github/workflows/release_linux.yml
+187-87
diff --git a/‎.github/workflows/release_macos.yml
+32-24 b/‎.github/workflows/release_macos.yml
+32-24
diff --git a/‎Cargo.lock
+157-5 b/‎Cargo.lock
+157-5
diff --git a/‎resources/release/Vagrantfile
+61-19 b/‎resources/release/Vagrantfile
+61-19
diff --git a/‎resources/release/build-all.sh
+1-1 b/‎resources/release/build-all.sh
+1-1
diff --git a/‎resources/release/build-pkg.sh
+51-12 b/‎resources/release/build-pkg.sh
+51-12
diff --git a/‎resources/release/build-rpm.sh
+33-20 b/‎resources/release/build-rpm.sh
+33-20
@@ -4,134 +4,234 @@ on: [push]
 
 jobs:
 
-  Ubuntu1804-Build:
-    name: Ubuntu1804
-    runs-on: ubuntu-18.04
-    env:
-      YUBIHSMSDK_VERSION: 2021-08
+  debian_based:
+    strategy:
+      fail-fast: false
+      matrix:
+        environment: [
+          "ubuntu:24.04",
+          "ubuntu:22.04",
+          "ubuntu:20.04",
+          "debian:12",
+          "debian:11",
+        ]
+        libyubihsm_tag : [ "2.5.0" ]
+
+    name: build on ${{ matrix.environment }}
+    runs-on: ubuntu-latest
+    container: ${{ matrix.environment }}
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
 
-      # download yubihsm-sdk installer from dev.y.c and install it
-      - name: install yubihsm-shell
+      - name: clone the Yubico/yubihsm-setup repository
+        uses: actions/checkout@v3
+        with:
+          path: yubihsm-setup
+
+      - name: extract platform name
+        env:
+          DOCKER_IMAGE: ${{ matrix.environment }}
+        run: |
+          # Remove everything from DOCKER_IMAGE that is not a letter or a number
+          PLATFORM=$(echo -n "$DOCKER_IMAGE" | sed -E 's/[^a-zA-Z0-9]//g')
+          echo "PLATFORM=$PLATFORM" >> $GITHUB_ENV
+
+      - name: install dependencies
+        env:
+          CC: ${{ matrix.cc }}
+          DEBIAN_FRONTEND: noninteractive
         run: |
-          set -e -o pipefail
           set -x
+          export DEBIAN_FRONTEND=noninteractive
+
+          apt-get update && apt-get dist-upgrade -y
+          apt-get install -y build-essential      \
+                                  chrpath              \
+                                  cmake                \
+                                  pkg-config           \
+                                  gengetopt            \
+                                  help2man             \
+                                  libedit-dev          \
+                                  libcurl4-openssl-dev \
+                                  liblzma-dev          \
+                                  libssl-dev           \
+                                  libseccomp-dev       \
+                                  libusb-1.0.0-dev     \
+                                  dh-exec              \
+                                  git-buildpackage     \
+                                  curl                 \
+                                  libpcsclite-dev      \
+                                  file                 \
+                                  curl                 \
+                                  jq
+          
+          curl -o rustup.sh https://sh.rustup.rs
+          bash ./rustup.sh -y
+          export PATH=$PATH:$HOME/.cargo/bin
+          cargo install cargo-deb
+          
 
+      - name: install libyubihsm
+        working-directory: yubihsm-setup
+        env:
+          LIBYUBIHSM_TAG: ${{ matrix.libyubihsm_tag }}
+          PLATFORM: ${{ env.PLATFORM }}
+        run: |
+          set -x
+          
+          echo "platform = $PLATFORM"
+          
           cd ..
-          curl -L --max-redirs 2 -o - https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-$YUBIHSMSDK_VERSION-ubuntu1804-amd64.tar.gz |\
-              tar -xzvf -
-          cd yubihsm2-sdk
-          sudo dpkg -i ./libyubihsm*_amd64.deb
+          
+          #git clone --branch $LIBYUBIHSM_TAG https://github.com/Yubico/yubihsm-shell.git
+          git clone https://github.com/Yubico/yubihsm-shell.git
+          cd yubihsm-shell
+          
+          if [ "$PLATFORM" = "ubuntu2404" ]; then
+            # ubuntu 24.04 comes with _FORTIFY_SOURCE already set
+            sed -i 's/add_definitions (-D_FORTIFY_SOURCE=2)/add_definitions (-D_FORTIFY_SOURCE=3)/' cmake/SecurityFlags.cmake
+          fi
+          
+          if [ "$PLATFORM" = "debian11" ]; then
+            dpkg-buildpackage -b --no-sign
+          else
+            dpkg-buildpackage
+          fi
+          dpkg -i ../libyubihsm*_amd64.deb
 
       - name: clone yubihsmrs
+        working-directory: yubihsm-setup
         run: |
-          set -e -o pipefail
           set -x
-
           cd ..
           git clone https://github.com/Yubico/yubihsmrs.git
 
-      - name: Build yubihsm-setup
+      - name: Build binary
+        working-directory: yubihsm-setup
+        env:
+          PLATFORM: ${{ env.PLATFORM }}
         run: |
-          set -e -o pipefail
           set -x
-          mkdir -p artifact/yubihsm-setup
-
-          cd ..
-          export PATH=$PATH:~/.cargo/bin
-          if [[ ! -x $(command -v rustc) ]]; then
-            curl -o rustup.sh https://sh.rustup.rs
-            bash ./rustup.sh -y
-          fi
-          cargo install cargo-deb
+          OUTPUT=$GITHUB_WORKSPACE/$PLATFORM/yubihsm-setup
+          mkdir -p $OUTPUT
 
-          cd yubihsm-setup
-          YUBIHSM_LIB_DIR=$(dpkg -L libyubihsm1 | grep -e "libyubihsm.so.2$" | xargs dirname) cargo build --release
+          export PATH=$PATH:$HOME/.cargo/bin
+          
+          #YUBIHSM_LIB_DIR=$(dpkg -L libyubihsm1 | grep -e "libyubihsm.so.2$" | xargs dirname) cargo build --release
+          YUBIHSM_LIB_DIR=/usr/lib/x86_64-linux-gnu  cargo build --release
           strip --strip-all target/release/yubihsm-setup
           cargo deb --no-build
-          cp target/debian/*.deb artifact/yubihsm-setup/
+          cp target/debian/*.deb $OUTPUT/
 
           ./target/release/yubihsm-setup --version
           ./target/release/yubihsm-setup --help
 
-          LICENSE_DIR="artifact/yubihsm-setup/share/yubihsm-setup"
-          mkdir -p $LICENSE_DIR
-          cp -r resources/release/licenses $LICENSE_DIR/
-          for lf in $LICENSE_DIR/licenses/*; do
+          LICESE_DIR="$OUTPUT/share/yubihsm-setup"
+          mkdir -p $LICESE_DIR
+          cp -r $GITHUB_WORKSPACE/yubihsm-setup/resources/release/licenses $LICESE_DIR/
+          for lf in $LICESE_DIR/licenses/*; do
             chmod 644 $lf
           done
 
-      - name: Upload artifact
-        uses: actions/upload-artifact@v1
-        with:
-          name: yubihsm-setup-ubuntu1804-amd64
-          path: artifact
+          cd $OUTPUT
+          rm -f yubihsm-setup-$PLATFORM-amd64.tar.gz
+          tar -C .. -zcvf ../yubihsm-setup-$PLATFORM-amd64.tar.gz yubihsm-setup
+          rm -f *.deb
+          rm -rf licenses
+          rm -rf ../yubihsm-setup
+
 
-  Ubuntu2004-Build:
-    name: Ubuntu2004
-    runs-on: ubuntu-20.04
-    env:
-      YUBIHSMSDK_VERSION: 2021-08
+      - name: upload artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: "yubihsm-setup-${{ env.PLATFORM }}-amd64"
+          path: ${{ env.PLATFORM }}
+
+  redhat_based:
+    strategy:
+      fail-fast: false
+      matrix:
+        environment: [
+          "fedora:39",
+          "fedora:40",
+        ]
+
+    name: build on ${{ matrix.environment }}
+    runs-on: ubuntu-latest
+    container: ${{ matrix.environment }}
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
 
-      # download yubihsm-sdk installer from dev.y.c and install it
-      - name: install yubihsm-shell
-        run: |
-          set -e -o pipefail
-          set -x
+      - name: clone the Yubico/yubihsm-setup repository
+        uses: actions/checkout@v3
+        with:
+          path: yubihsm-setup
 
-          cd ..
-          curl -L --max-redirs 2 -o - https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-$YUBIHSMSDK_VERSION-ubuntu2004-amd64.tar.gz |\
-              tar -xzvf -
-          cd yubihsm2-sdk
-          sudo dpkg -i ./libyubihsm*_amd64.deb
+      - name: extract platform name
+        env:
+          DOCKER_IMAGE: ${{ matrix.environment }}
+        run: |
+          # Remove everything from DOCKER_IMAGE that is not a letter or a number
+          PLATFORM=$(echo -n "$DOCKER_IMAGE" | sed -E 's/[^a-zA-Z0-9]//g')
+          echo "PLATFORM=$PLATFORM" >> $GITHUB_ENV
 
-      - name: clone yubihsmrs
+      - name: install dependencies
+        env:
+          PLATFORM: ${{ env.PLATFORM }}
         run: |
-          set -e -o pipefail
-          set -x
+          dnf -y update
+          dnf -y install  binutils         \
+                          gcc              \
+                          gcc-c++          \
+                          git              \
+                          chrpath          \
+                          cmake            \
+                          openssl-devel    \
+                          libedit-devel    \
+                          libcurl-devel    \
+                          rpmdevtools      \
+                          pcsc-lite-devel  \
+                          libusb1-devel    \
+          
+          curl -o rustup.sh https://sh.rustup.rs
+          bash ./rustup.sh -y
 
-          cd ..
-          git clone https://github.com/Yubico/yubihsmrs.git
+      - name: install libyubihsm
+        run: |
+          git clone https://github.com/Yubico/yubihsm-shell.git
+          cd yubihsm-shell
+            mkdir build
+            cd build
+            cmake .. -DBUILD_ONLY_LIB=ON
+            make
 
-      - name: Build yubihsm-setup
+      - name: clone yubihsmrs
         run: |
-          set -e -o pipefail
-          set -x
-          mkdir -p artifact/yubihsm-setup
+          git clone https://github.com/Yubico/yubihsmrs.git          
 
-          cd ..
+      - name: build release binary
+        working-directory: yubihsm-setup
+        env:
+          PLATFORM: ${{ env.PLATFORM }}
+        run: |
+          
           export PATH=$PATH:~/.cargo/bin
           if [[ ! -x $(command -v rustc) ]]; then
             curl -o rustup.sh https://sh.rustup.rs
             bash ./rustup.sh -y
           fi
-          cargo install cargo-deb
-
-          cd yubihsm-setup
-          YUBIHSM_LIB_DIR=$(dpkg -L libyubihsm1 | grep -e "libyubihsm.so.2$" | xargs dirname) cargo build --release
-          strip --strip-all target/release/yubihsm-setup
-          cargo deb --no-build
-          cp target/debian/*.deb artifact/yubihsm-setup/
-
-          ./target/release/yubihsm-setup --version
-          ./target/release/yubihsm-setup --help
           
-          LICENSE_DIR="artifact/yubihsm-setup/share/yubihsm-setup"
-          mkdir -p $LICENSE_DIR
-          cp -r resources/release/licenses $LICENSE_DIR/
-          for lf in $LICENSE_DIR/licenses/*; do
-            chmod 644 $lf
-          done
-
-      - name: Upload artifact
-        uses: actions/upload-artifact@v1
+          OUTPUT=$GITHUB_WORKSPACE/$PLATFORM/yubihsm-setup
+          mkdir -p $OUTPUT
+          
+          cargo install cargo-rpm
+          cargo rpm init
+          YUBIHSM_LIB_DIR=$GITHUB_WORKSPACE/yubihsm-shell/build/lib cargo build --release
+          YUBIHSM_LIB_DIR=$GITHUB_WORKSPACE/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo rpm build
+          cp target/release/rpmbuild/RPMS/x86_64/*.rpm $OUTPUT/
+
+      - name: upload artifacts
+        uses: actions/upload-artifact@v3
         with:
-          name: yubihsm-setup-ubuntu2004-amd64
-          path: artifact
+          name: "yubihsm-setup-${{ env.PLATFORM }}-amd64"
+          path: ${{ env.PLATFORM }}
@@ -5,58 +5,66 @@ on: [push]
 jobs:
   MacOS-Build:
 
-    runs-on: macos-10.15
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: macos-latest
+            arch: amd
+          - os: macos-latest-xlarge
+            arch: arm
     env:
+      VERSION: 2.6.0
+      SO_VERSION: 2
       YUBIHSMSDK_VERSION: 2021-08
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
+      - name: Checkout the Yubico/yubihsm-setup repository
+        uses: actions/checkout@v3
 
-      # download yubihsm-sdk installer from dev.y.c and install it
-      - name: install yubihsm-shell
+      - name: Install dependecies
         run: |
           set -e -o pipefail
           set -x
 
+          brew update
+          brew install cmake pkg-config gengetopt help2man libusb
+          brew reinstall openssl@3
+
+      - name: install libyubihsm
+        run: |
           cd ..
-          curl -L --max-redirs 2 -o yubihsm-sdk-installer.pkg https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-$YUBIHSMSDK_VERSION-darwin-amd64.pkg
-          sudo installer -verbose -store -pkg yubihsm-sdk-installer.pkg -target /
+          git clone https://github.com/Yubico/yubihsm-shell.git
+          cd yubihsm-shell
+          mkdir build
+          cd build
+          cmake .. -DBUILD_ONLY_LIB=ON
+          make
 
       - name: clone yubihsmrs
         run: |
-          set -e -o pipefail
-          set -x
-
           cd ..
           git clone https://github.com/Yubico/yubihsmrs.git
 
       - name: Build yubihsm-setup
         run: |
           set -e -o pipefail
           set -x
-          mkdir artifact
-
-          cd ..
-          brew install libusb
+          mkdir $GITHUB_WORKSPACE/artifact
+          
           export PATH=$PATH:~/.cargo/bin
           if [[ ! -x $(command -v rustc) ]]; then
             curl -o rustup.sh https://sh.rustup.rs
             bash ./rustup.sh -y
           fi
 
-          cd yubihsm-setup
-          RUSTFLAGS="-C link-args=-Wl,-rpath,\$ORIGIN/../lib"  YUBIHSM_LIB_DIR=/usr/local/lib cargo build --release
+          RUSTFLAGS="-C link-args=-Wl,-rpath,\$ORIGIN/../lib"  YUBIHSM_LIB_DIR=$GITHUB_WORKSPACE/../yubihsm-shell/build/lib cargo build --release
           strip -u -r target/release/yubihsm-setup
-          install target/release/yubihsm-setup artifact
-
-          otool -L target/release/yubihsm-setup
-
-          ./target/release/yubihsm-setup --version
-          ./target/release/yubihsm-setup --help
+          install target/release/yubihsm-setup ../artifact
 
       - name: Upload artifact
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
-          name: yubihsm-setup
+          name: yubihsm-setup-darwin-${{ matrix.arch }}64
           path: artifact
@@ -8,18 +8,32 @@ Vagrant.configure("2") do |config|
     v.cpus = 2
   end
 
-  config.vm.define "fedora33" do |fedora33|
-    fedora33.vm.box = "generic/fedora33"
-    fedora33.vm.synced_folder "../..", "/shared", type: "rsync",
+  config.vm.define "fedora35" do |fedora35|
+    fedora35.vm.box = "generic/fedora35"
+    fedora35.vm.synced_folder "../..", "/shared", type: "rsync",
       rsync__args: ["--verbose", "--archive", "-z", "--delete"]
-    fedora33.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora33", :privileged => false
+    fedora35.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora35", :privileged => false
   end
 
-  config.vm.define "fedora34" do |fedora34|
-    fedora34.vm.box = "messyzone/fedora34"
-    fedora34.vm.synced_folder "../..", "/shared", type: "rsync",
+  config.vm.define "fedora36" do |fedora36|
+    fedora36.vm.box = "generic/fedora36"
+    fedora36.vm.synced_folder "../..", "/shared", type: "rsync",
       rsync__args: ["--verbose", "--archive", "-z", "--delete"]
-    fedora34.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora34", :privileged => false
+    fedora36.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora36", :privileged => false
+  end
+
+  config.vm.define "fedora37" do |fedora37|
+    fedora37.vm.box = "generic/fedora37"
+    fedora37.vm.synced_folder "../..", "/shared", type: "rsync",
+      rsync__args: ["--verbose", "--archive", "-z", "--delete"]
+    fedora37.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora37", :privileged => false
+  end
+
+  config.vm.define "fedora38" do |fedora38|
+    fedora38.vm.box = "fedora/38-cloud-base"
+    fedora38.vm.synced_folder "../..", "/shared", type: "rsync",
+      rsync__args: ["--verbose", "--archive", "-z", "--delete"]
+    fedora38.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora38", :privileged => false
   end
 
   config.vm.define "centos7" do |centos7|
@@ -29,12 +43,12 @@ Vagrant.configure("2") do |config|
     centos7.vm.provision "shell", :path => "build-rpm.sh", :args => "centos7", :privileged => false
   end
 
-  config.vm.define "centos8" do |centos8|
-    centos8.vm.box = "zyz/centos8"
-    centos8.vm.synced_folder "../..", "/shared", type: "rsync",
-      rsync__args: ["--verbose", "--archive", "-z", "--copy-links"]
-    centos8.vm.provision "shell", :path => "build-rpm.sh", :args => "centos8", :privileged => false
-  end
+#  config.vm.define "centos8" do |centos8|
+#    centos8.vm.box = "zyz/centos8"
+#    centos8.vm.synced_folder "../..", "/shared", type: "rsync",
+#      rsync__args: ["--verbose", "--archive", "-z", "--copy-links"]
+#    centos8.vm.provision "shell", :path => "build-rpm.sh", :args => "centos8", :privileged => false
+#  end
 
   config.vm.define "debian9" do |debian9|
     debian9.vm.box = "roboxes/debian9"
@@ -50,7 +64,7 @@ Vagrant.configure("2") do |config|
   end
 
   config.vm.define "debian11" do |debian11|
-    debian11.vm.box = "axcxl/debian11_xfce"
+    debian11.vm.box = "debian/bullseye64"
     debian11.vm.synced_folder "../..", "/shared", type: "rsync",
       rsync__args: ["--verbose", "--archive", "-z", "--delete"]
     debian11.vm.provision "shell", :path => "build-pkg.sh", :args => "debian11", :privileged => false
@@ -82,11 +96,39 @@ Vagrant.configure("2") do |config|
     focal.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2004", :privileged => false
   end
 
-  config.vm.define "hirsute" do |hirsute|
-    hirsute.vm.box = "ubuntu/hirsute64"
-    hirsute.vm.synced_folder "../..", "/shared", type: "rsync",
+  config.vm.define "impish" do |impish|
+    impish.vm.box = "ubuntu/impish64"
+    impish.vm.synced_folder "../..", "/shared", type: "rsync",
+      rsync__args: ["--verbose", "--archive", "-z", "--copy-links"]
+    impish.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2110", :privileged => false
+  end
+
+  config.vm.define "jammy" do |jammy|
+    jammy.vm.box = "alvistack/ubuntu-22.04"
+    jammy.vm.synced_folder "../..", "/shared", type: "rsync",
+      rsync__args: ["--verbose", "--archive", "-z", "--copy-links"]
+    jammy.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2204", :privileged => false
+  end
+
+  config.vm.define "kinetic" do |kinetic|
+    kinetic.vm.box = "ubuntu/kinetic64"
+    kinetic.vm.synced_folder "../..", "/shared", type: "rsync",
+      rsync__args: ["--verbose", "--archive", "-z", "--copy-links"]
+    kinetic.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2210", :privileged => false
+  end
+  
+  config.vm.define "lunar" do |lunar|
+    lunar.vm.box = "ubuntu/lunar64"
+    lunar.vm.synced_folder "../..", "/shared", type: "rsync",
+      rsync__args: ["--verbose", "--archive", "-z", "--copy-links"]
+    lunar.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2304", :privileged => false
+  end
+
+  config.vm.define "mantic" do |mantic|
+    mantic.vm.box = "ubuntu/mantic64"
+    mantic.vm.synced_folder "../..", "/shared", type: "rsync",
       rsync__args: ["--verbose", "--archive", "-z", "--copy-links"]
-    hirsute.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2104", :privileged => false
+    mantic.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2310", :privileged => false
   end
 
 end
@@ -2,7 +2,7 @@
 
 set -e -o pipefail -x
 
-for machine in focal hirsute debian10 fedora33 fedora34 centos7 centos8; do
+for machine in focal impish jammy debian10 debian11 fedora35 fedora36 centos7; do
   vagrant box update $machine
   time vagrant up $machine
   vagrant rsync-back $machine
 
@@ -4,11 +4,28 @@ set -x
 
 PLATFORM=$1
 
-YUBIHSMSDK_VERSION="2021-08" # To download the latest released version of yubihsm-shell
+YUBIHSMSDK_VERSION="2022-06" # To download the latest released version of yubihsm-shell
 export DEBIAN_FRONTEND=noninteractive
 
 sudo apt-get update && sudo  apt-get dist-upgrade -y
-sudo apt-get install -y build-essential git
+#sudo apt-get install -y build-essential git cmake pkg-config libedit-dev libssl-dev libcurl4-openssl-dev libpcsclite-dev libusb-1.0-0-dev
+sudo apt-get install -y build-essential      \
+                        chrpath              \
+                        git                  \
+                        cmake                \
+                        pkg-config           \
+                        gengetopt            \
+                        help2man             \
+                        libedit-dev          \
+                        libcurl4-openssl-dev \
+                        liblzma-dev          \
+                        libssl-dev           \
+                        libseccomp-dev       \
+                        libusb-1.0.0-dev     \
+                        dh-exec              \
+                        git-buildpackage     \
+                        curl                 \
+                        libpcsclite-dev
 
 export PATH=$PATH:~/.cargo/bin
 if [[ ! -x $(command -v rustc) ]]; then
@@ -28,14 +45,34 @@ mkdir -p "${OUTPUT}"
 
 pushd "/tmp" &>/dev/null
   # install yubihsm-shell
-  mkdir yubihsm2-sdk
-  pushd "yubihsm2-sdk" &>/dev/null
-    curl -L --max-redirs 2 -o - https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-$YUBIHSMSDK_VERSION-$PLATFORM-amd64.tar.gz |\
-      tar -xzvf -
-    pushd "yubihsm2-sdk" &>/dev/null
-      sudo dpkg -i ./libyubihsm*_amd64.deb
-    popd &>/dev/null
-  popd &>/dev/null
+#  mkdir yubihsm2-sdk
+#  pushd "yubihsm2-sdk" &>/dev/null
+#    curl -L --max-redirs 2 -o - https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-$YUBIHSMSDK_VERSION-$PLATFORM-amd64.tar.gz |\
+#      tar -xzvf -
+#    pushd "yubihsm2-sdk" &>/dev/null
+#      sudo dpkg -i ./libyubihsm*_amd64.deb
+#    popd &>/dev/null
+#  popd &>/dev/null
+
+  #git clone https://github.com/Yubico/yubihsm-shell.git
+  #cp -r /shared/resources/yubihsm-shell .
+  #pushd "yubihsm-shell" &>/dev/null
+  #  mkdir build
+  #  pushd "build" &>/dev/null
+  #    cmake .. -DBUILD_ONLY_LIB=ON
+  #    make
+  #  popd
+  #  if [ "${PLATFORM:0:6}" == "debian" ] || [ "$PLATFORM" == "ubuntu1804" ]; then
+  #    dpkg-buildpackage -b --no-sign
+  #  else
+  #    dpkg-buildpackage
+  #  fi
+  #popd
+  #cp libyubihsm1*.deb "${OUTPUT}"
+  #cp libyubihsm-usb1*.deb "${OUTPUT}"
+  #cp libyubihsm-http1*.deb "${OUTPUT}"
+
+  sudo dpkg -i $INPUT/resources/release/libyubihsm*_amd64.deb
 
   # install yubihsmrs
   rm -rf yubihsmrs
@@ -45,8 +82,10 @@ pushd "/tmp" &>/dev/null
   rm -rf yubihsm-setup
   git clone "$INPUT" yubihsm-setup
   pushd "yubihsm-setup" &>/dev/null
-    YUBIHSM_LIB_DIR=$(dpkg -L libyubihsm1 | grep -e "libyubihsm.so.2$" | xargs dirname) \
-      cargo build --release
+    #YUBIHSM_LIB_DIR=$(dpkg -L libyubihsm1 | grep -e "libyubihsm.so.2$" | xargs dirname) \
+    #  cargo build --release
+    #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell/build/lib cargo build --release
+    YUBIHSM_LIB_DIR=/usr/lib/x86_64-linux-gnu cargo build --release
     strip --strip-all target/release/yubihsm-setup
     cargo deb --no-build
     cp target/debian/*.deb "${OUTPUT}"
 
@@ -3,7 +3,7 @@ set -e -o pipefail
 set -x
 
 PLATFORM=$1
-LIBYUBIHSM_VERSION="2.2.0" # To download the latest released version of yubihsm-shell
+LIBYUBIHSM_VERSION="2.4.0" # To download the latest released version of yubihsm-shell
 
 if [ "$PLATFORM" == "centos7" ]; then
   sudo yum -y install centos-release-scl
@@ -37,12 +37,13 @@ elif [ "$PLATFORM" == "centos8" ]; then
 elif [ "${PLATFORM:0:6}" == "fedora" ]; then
   sudo dnf -y update
   sudo dnf -y install binutils         \
-                    git              \
-                    cmake            \
-                    openssl-devel    \
-                    libusb-devel     \
-                    libcurl-devel    \
-                    rpmdevtools
+                      git              \
+                      cmake            \
+                      openssl-devel    \
+                      libusb1-devel     \
+                      libcurl-devel    \
+                      rpmdevtools      \
+                      pcsc-lite-devel
 
   export CMAKE="cmake"
 fi
@@ -61,16 +62,24 @@ mkdir -p $OUTPUT
 
 pushd "/tmp" &>/dev/null
   # build yubihsm-shell from source
-  rm -rf yubihsm-shell-$LIBYUBIHSM_VERSION
-  curl -L --max-redirs 2 -o - https://developers.yubico.com/yubihsm-shell/Releases/yubihsm-shell-$LIBYUBIHSM_VERSION.tar.gz |\
-      tar -xzvf -
-  pushd "yubihsm-shell-$LIBYUBIHSM_VERSION" &>/dev/null
-    mkdir build
-    pushd "build" &>/dev/null
-    $CMAKE .. -DBUILD_ONLY_LIB=ON
-    make
-    popd &>/dev/null
-  popd &>/dev/null
+  #rm -rf yubihsm-shell-$LIBYUBIHSM_VERSION
+  #curl -L --max-redirs 2 -o - https://developers.yubico.com/yubihsm-shell/Releases/yubihsm-shell-$LIBYUBIHSM_VERSION.tar.gz |\
+  #    tar -xzvf -
+
+  #git clone https://github.com/Yubico/yubihsm-shell.git
+  #cp -r /shared/resources/yubihsm-shell .
+  #pushd "yubihsm-shell-$LIBYUBIHSM_VERSION" &>/dev/null
+  #pushd "yubihsm-shell" &>/dev/null
+  #  mkdir build
+  #  pushd "build" &>/dev/null
+  #    $CMAKE .. -DBUILD_ONLY_LIB=ON
+  #    make
+  #  popd &>/dev/null
+  #popd &>/dev/null
+
+  sudo dnf -y install yubihsm-shell-2.4.1-1.fc38.x86_64.rpm
+  sudo dnf -y install yubihsm-devel-2.4.1-1.fc38.x86_64.rpm
+
 
   # install yubihsmrs
   rm -rf yubihsmrs
@@ -82,8 +91,12 @@ pushd "/tmp" &>/dev/null
   pushd "yubihsm-setup" &>/dev/null
     cargo install cargo-rpm
     cargo rpm init
-    YUBIHSM_LIB_DIR=/tmp/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo build --release
-    YUBIHSM_LIB_DIR=/tmp/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo rpm build
+    #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo build --release
+    #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo rpm build
+    #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell/build/lib cargo build --release
+    #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell/build/lib cargo rpm build
+    cargo build --release
+    cargo rpm build
     cp target/release/rpmbuild/RPMS/x86_64/*.rpm $OUTPUT
   popd &>/dev/null
 popd &>/dev/null
@@ -103,4 +116,4 @@ pushd "/shared" &>/dev/null
     rm -rf licenses
     rm -rf ../yubihsm-setup
   popd &>/dev/null
-popd &>/dev/null
+popd &>/dev/null