Bug 1880858

Summary: pesign RPM macro does not correctly check for socket
Product: [Fedora] Fedora Reporter: Will Springer <skirmisher>
Component: pesignAssignee: Peter Jones <pjones>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 35CC: belegdol, fmartine, mjg59, pjones, rharwood
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pesign-115-2.fc37 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-24 21:25:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Will Springer 2020-09-20 17:17:02 UTC 
As of pesign 113-12, most of macros.pesign was refactored into a helper script[1]. However, the new script only checks for a pesign daemon socket if the environment matches that of koji, breaking previous functionality and erroneously falling back to calling pesign directly even if the daemon is running. (This breaks my current local build setup where I run the pesign daemon pointed to a custom NSS directory prior to building the kernel.)

Fixing the issue is as simple as moving L330-333 of the patch out of the parent `if` block such that it looks like the following:

    local socket="" || :
    if [[ -S /run/pesign/socket ]] ; then
            socket=/run/pesign/socket
    elif [[ -S /var/run/pesign/socket ]]; then
            socket=/var/run/pesign/socket
    elif grep -q ID=fedora /etc/os-release \
       && [[ "${rhelver}" -lt 7 ]] \
       && [[ "${USERNAME}" = "mockbuild" ]] \
       && [[ "${vendor}" = "Fedora Project" ]] \
       && [[ "${HOSTNAME}" =~ bkernel.* ]]
    then
        [...]

As an aside, it's difficult to triangulate how such a change was introduced when the upstream project, owned by an RH org, reflects no such change, and it's instead stuffed into a patch in the package repo alongside many other patches.

[1]: https://src.fedoraproject.org/rpms/pesign/blob/master/f/0008-Move-most-of-macros.pesign-to-pesign-rpmbuild-helper.patch
Comment 1 Will Springer 2020-11-21 22:20:49 UTC 
Still broken as of Fedora 33.
Comment 2 Julian Sikorski 2021-03-03 18:13:23 UTC 
I had to work this around in order to build a self-signed kernel, please fix. Thanks.
Comment 3 Will Springer 2021-05-15 02:39:02 UTC 
No change on F34.
Comment 4 Will Springer 2021-12-17 01:21:53 UTC 
No change on F35.
Comment 5 Julian Sikorski 2022-03-18 11:47:28 UTC 
Looks like there has been some activity at upstream. I have submitted a PR:
https://github.com/rhboot/pesign/pull/84
Comment 6 Julian Sikorski 2022-03-23 19:53:29 UTC 
@will, do you mind if I added you as suggested-by to the patch?
Comment 7 Will Springer 2022-03-23 20:00:36 UTC 
(In reply to Julian Sikorski from comment #6)
> @will, do you mind if I added you as suggested-by to the patch?

Fine by me.