As of pesign 113-12, most of macros.pesign was refactored into a helper script[1]. However, the new script only checks for a pesign daemon socket if the environment matches that of koji, breaking previous functionality and erroneously falling back to calling pesign directly even if the daemon is running. (This breaks my current local build setup where I run the pesign daemon pointed to a custom NSS directory prior to building the kernel.)

Fixing the issue is as simple as moving L330-333 of the patch out of the parent `if` block such that it looks like the following:

    local socket="" || :
    if [[ -S /run/pesign/socket ]] ; then
            socket=/run/pesign/socket
    elif [[ -S /var/run/pesign/socket ]]; then
            socket=/var/run/pesign/socket
    fi
    if grep -q ID=fedora /etc/os-release \
       && [[ "${rhelver}" -lt 7 ]] \
       && [[ "${USERNAME}" = "mockbuild" ]] \
       && [[ "${vendor}" = "Fedora Project" ]] \
       && [[ "${HOSTNAME}" =~ bkernel.* ]] \
       && [[ -z "${socket}" ]]
    then
        [...]

As an aside, it's difficult to triangulate how such a change was introduced when the upstream project, owned by an RH org, reflects no such change, and it's instead stuffed into a patch in the package repo alongside many other patches.

[1]: https://src.fedoraproject.org/rpms/pesign/blob/master/f/0008-Move-most-of-macros.pesign-to-pesign-rpmbuild-helper.patch