Bug 1880858 - pesign RPM macro does not correctly check for socket
Summary: pesign RPM macro does not correctly check for socket
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: pesign
Version: 35
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Peter Jones
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-20 17:17 UTC by Will Springer
Modified: 2022-03-24 21:25 UTC (History)
5 users (show)

Fixed In Version: pesign-115-2.fc37
Clone Of:
Environment:
Last Closed: 2022-03-24 21:25:12 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github rhboot pesign pull 84 0 None open Fix building signed kernels on setups other than koji 2022-03-18 11:47:28 UTC

Description Will Springer 2020-09-20 17:17:02 UTC 
As of pesign 113-12, most of macros.pesign was refactored into a helper script[1]. However, the new script only checks for a pesign daemon socket if the environment matches that of koji, breaking previous functionality and erroneously falling back to calling pesign directly even if the daemon is running. (This breaks my current local build setup where I run the pesign daemon pointed to a custom NSS directory prior to building the kernel.)

Fixing the issue is as simple as moving L330-333 of the patch out of the parent `if` block such that it looks like the following:

    local socket="" || :
    if [[ -S /run/pesign/socket ]] ; then
            socket=/run/pesign/socket
    elif [[ -S /var/run/pesign/socket ]]; then
            socket=/var/run/pesign/socket
    elif grep -q ID=fedora /etc/os-release \
       && [[ "${rhelver}" -lt 7 ]] \
       && [[ "${USERNAME}" = "mockbuild" ]] \
       && [[ "${vendor}" = "Fedora Project" ]] \
       && [[ "${HOSTNAME}" =~ bkernel.* ]]
    then
        [...]

As an aside, it's difficult to triangulate how such a change was introduced when the upstream project, owned by an RH org, reflects no such change, and it's instead stuffed into a patch in the package repo alongside many other patches.

[1]: https://src.fedoraproject.org/rpms/pesign/blob/master/f/0008-Move-most-of-macros.pesign-to-pesign-rpmbuild-helper.patch
Comment 1 Will Springer 2020-11-21 22:20:49 UTC 
Still broken as of Fedora 33.
Comment 2 Julian Sikorski 2021-03-03 18:13:23 UTC 
I had to work this around in order to build a self-signed kernel, please fix. Thanks.
Comment 3 Will Springer 2021-05-15 02:39:02 UTC 
No change on F34.
Comment 4 Will Springer 2021-12-17 01:21:53 UTC 
No change on F35.
Comment 5 Julian Sikorski 2022-03-18 11:47:28 UTC 
Looks like there has been some activity at upstream. I have submitted a PR:
https://github.com/rhboot/pesign/pull/84
Comment 6 Julian Sikorski 2022-03-23 19:53:29 UTC 
@will, do you mind if I added you as suggested-by to the patch?
Comment 7 Will Springer 2022-03-23 20:00:36 UTC 
(In reply to Julian Sikorski from comment #6)
> @will, do you mind if I added you as suggested-by to the patch?

Fine by me.
Note You need to log in before you can comment on or make changes to this bug.