Bug 991808
Summary: | pesign returning 0 length files on SC error | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Richard W.M. Jones <rjones> | ||||
Component: | pesign | Assignee: | Peter Jones <pjones> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | awilliam, dgboles, gansalmon, itamar, joachim.backes, jonathan, kernel-maint, kevin, madhu.chinakonda, marbolangos, pjones | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | kernel-3.10.5-201.fc19 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-08-09 17:12:40 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Richard W.M. Jones
2013-08-04 15:14:17 UTC
This may be a builder failure. I noticed some errors related to pesign about that time. Will investigate more. Yeah, so it looks like pesign failed: Aug 4 01:28:15 bkernel01.phx2.fedoraproject.org pesignd[16677]: attempting to sign with key "OpenSC Card (Fedora Signer):/CN=Fedora Secure Boot Signer" Aug 4 01:28:15 bkernel01.phx2.fedoraproject.org pcscd: openct/proto-t1.c:177:t1_transceive() T=1 state machine is DEAD. Reset the card first. Aug 4 01:28:15 bkernel01.phx2.fedoraproject.org pcscd: ifdwrapper.c:527:IFDTransmit() Card not transacted: 612 Aug 4 01:28:15 bkernel01.phx2.fedoraproject.org pcscd: winscard.c:1606:SCardTransmit() Card not transacted: 0x80100016 Aug 4 01:28:15 bkernel01.phx2.fedoraproject.org pesignd[16677]: error signing data: A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred. I updated and rebooted the builder and it seems ok now. We should likely add some checks to the pesign call in the kernel spec to fail the build if signing fails or produces a 0 length vmlinuz.sign. (In reply to Kevin Fenzi from comment #2) > Yeah, so it looks like pesign failed: > > Aug 4 01:28:15 bkernel01.phx2.fedoraproject.org pesignd[16677]: attempting > to sign with key "OpenSC Card (Fedora Signer):/CN=Fedora Secure Boot Signer" > Aug 4 01:28:15 bkernel01.phx2.fedoraproject.org pcscd: > openct/proto-t1.c:177:t1_transceive() T=1 state machine is DEAD. Reset the > card first. > Aug 4 01:28:15 bkernel01.phx2.fedoraproject.org pcscd: > ifdwrapper.c:527:IFDTransmit() Card not transacted: 612 > Aug 4 01:28:15 bkernel01.phx2.fedoraproject.org pcscd: > winscard.c:1606:SCardTransmit() Card not transacted: 0x80100016 > Aug 4 01:28:15 bkernel01.phx2.fedoraproject.org pesignd[16677]: error > signing data: A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that > an unrecoverable error has occurred. > > I updated and rebooted the builder and it seems ok now. > > We should likely add some checks to the pesign call in the kernel spec to > fail the build if signing fails or produces a 0 length vmlinuz.sign. Adding Peter to CC. If the pesign client fails and returns a correct return code, the %pesign macro should probably catch it. Otherwise (or in addition to), we can test for a zero file length, but the kernel isn't the only thing using pesign so it's likely best to fix it in the macro if we can. And... now actually adding Peter on CC. Because I just wanted to fake everyone out the first time I said that. Sounds like this is affecting the latest f19 build too: https://lists.fedoraproject.org/pipermail/test/2013-August/117289.html Moving this to pesign. The check for zero length files should probably be done in the %pesign macro. *** Bug 994333 has been marked as a duplicate of this bug. *** *** Bug 994386 has been marked as a duplicate of this bug. *** kernel-3.10.5-201.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/kernel-3.10.5-201.fc19 kernel-3.10.5-201.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. |