Bug 1880858 - pesign RPM macro does not correctly check for socket
Summary: pesign RPM macro does not correctly check for socket
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: pesign
Version: 34
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Peter Jones
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2020-09-20 17:17 UTC by Will Springer
Modified: 2021-05-15 02:39 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Type: Bug

Attachments (Terms of Use)

Description Will Springer 2020-09-20 17:17:02 UTC
As of pesign 113-12, most of macros.pesign was refactored into a helper script[1]. However, the new script only checks for a pesign daemon socket if the environment matches that of koji, breaking previous functionality and erroneously falling back to calling pesign directly even if the daemon is running. (This breaks my current local build setup where I run the pesign daemon pointed to a custom NSS directory prior to building the kernel.)

Fixing the issue is as simple as moving L330-333 of the patch out of the parent `if` block such that it looks like the following:

    local socket="" || :
    if [[ -S /run/pesign/socket ]] ; then
    elif [[ -S /var/run/pesign/socket ]]; then
    if grep -q ID=fedora /etc/os-release \
       && [[ "${rhelver}" -lt 7 ]] \
       && [[ "${USERNAME}" = "mockbuild" ]] \
       && [[ "${vendor}" = "Fedora Project" ]] \
       && [[ "${HOSTNAME}" =~ bkernel.* ]] \
       && [[ -z "${socket}" ]]

As an aside, it's difficult to triangulate how such a change was introduced when the upstream project, owned by an RH org, reflects no such change, and it's instead stuffed into a patch in the package repo alongside many other patches.

[1]: https://src.fedoraproject.org/rpms/pesign/blob/master/f/0008-Move-most-of-macros.pesign-to-pesign-rpmbuild-helper.patch

Comment 1 Will Springer 2020-11-21 22:20:49 UTC
Still broken as of Fedora 33.

Comment 2 Julian Sikorski 2021-03-03 18:13:23 UTC
I had to work this around in order to build a self-signed kernel, please fix. Thanks.

Comment 3 Will Springer 2021-05-15 02:39:02 UTC
No change on F34.

Note You need to log in before you can comment on or make changes to this bug.