This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 991808 - pesign returning 0 length files on SC error
pesign returning 0 length files on SC error
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: pesign (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Peter Jones
Fedora Extras Quality Assurance
:
: 994333 994386 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-04 11:14 EDT by Richard W.M. Jones
Modified: 2013-08-09 13:12 EDT (History)
11 users (show)

See Also:
Fixed In Version: kernel-3.10.5-201.fc19
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-09 13:12:40 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
screenshot of failed boot (14.26 KB, image/png)
2013-08-04 11:14 EDT, Richard W.M. Jones
no flags Details

  None (edit)
Description Richard W.M. Jones 2013-08-04 11:14:17 EDT
Created attachment 782502 [details]
screenshot of failed boot

Description of problem:

(See attached screenshot)

The rawhide kernel is truncated (zero bytes long).  I first
noticed this because it breaks libguestfs tests in Rawhide.

Version-Release number of selected component (if applicable):

kernel-3.11.0-0.rc3.git4.1.fc20 (x86-64)
build: http://koji.fedoraproject.org/koji/buildinfo?buildID=448178

How reproducible:

100%

Additional info:

See size of vmlinuz file here:
http://koji.fedoraproject.org/koji/rpminfo?rpmID=4275086
Comment 1 Kevin Fenzi 2013-08-04 12:58:18 EDT
This may be a builder failure. 

I noticed some errors related to pesign about that time. Will investigate more.
Comment 2 Kevin Fenzi 2013-08-04 17:20:00 EDT
Yeah, so it looks like pesign failed: 

Aug  4 01:28:15 bkernel01.phx2.fedoraproject.org pesignd[16677]: attempting to sign with key "OpenSC Card (Fedora Signer):/CN=Fedora Secure Boot Signer"
Aug  4 01:28:15 bkernel01.phx2.fedoraproject.org pcscd: openct/proto-t1.c:177:t1_transceive() T=1 state machine is DEAD. Reset the card first.
Aug  4 01:28:15 bkernel01.phx2.fedoraproject.org pcscd: ifdwrapper.c:527:IFDTransmit() Card not transacted: 612
Aug  4 01:28:15 bkernel01.phx2.fedoraproject.org pcscd: winscard.c:1606:SCardTransmit() Card not transacted: 0x80100016
Aug  4 01:28:15 bkernel01.phx2.fedoraproject.org pesignd[16677]: error signing data: A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.

I updated and rebooted the builder and it seems ok now. 

We should likely add some checks to the pesign call in the kernel spec to fail the build if signing fails or produces a 0 length vmlinuz.sign.
Comment 3 Josh Boyer 2013-08-04 20:27:54 EDT
(In reply to Kevin Fenzi from comment #2)
> Yeah, so it looks like pesign failed: 
> 
> Aug  4 01:28:15 bkernel01.phx2.fedoraproject.org pesignd[16677]: attempting
> to sign with key "OpenSC Card (Fedora Signer):/CN=Fedora Secure Boot Signer"
> Aug  4 01:28:15 bkernel01.phx2.fedoraproject.org pcscd:
> openct/proto-t1.c:177:t1_transceive() T=1 state machine is DEAD. Reset the
> card first.
> Aug  4 01:28:15 bkernel01.phx2.fedoraproject.org pcscd:
> ifdwrapper.c:527:IFDTransmit() Card not transacted: 612
> Aug  4 01:28:15 bkernel01.phx2.fedoraproject.org pcscd:
> winscard.c:1606:SCardTransmit() Card not transacted: 0x80100016
> Aug  4 01:28:15 bkernel01.phx2.fedoraproject.org pesignd[16677]: error
> signing data: A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that
> an unrecoverable error has occurred.
> 
> I updated and rebooted the builder and it seems ok now. 
> 
> We should likely add some checks to the pesign call in the kernel spec to
> fail the build if signing fails or produces a 0 length vmlinuz.sign.

Adding Peter to CC.

If the pesign client fails and returns a correct return code, the %pesign macro should probably catch it.

Otherwise (or in addition to), we can test for a zero file length, but the kernel isn't the only thing using pesign so it's likely best to fix it in the macro if we can.
Comment 4 Josh Boyer 2013-08-04 20:35:02 EDT
And... now actually adding Peter on CC.  Because I just wanted to fake everyone out the first time I said that.
Comment 5 Adam Williamson 2013-08-07 01:23:57 EDT
Sounds like this is affecting the latest f19 build too:

https://lists.fedoraproject.org/pipermail/test/2013-August/117289.html
Comment 6 Josh Boyer 2013-08-07 08:56:20 EDT
Moving this to pesign.  The check for zero length files should probably be done in the %pesign macro.
Comment 7 Josh Boyer 2013-08-07 08:56:42 EDT
*** Bug 994333 has been marked as a duplicate of this bug. ***
Comment 8 Josh Boyer 2013-08-07 08:57:00 EDT
*** Bug 994386 has been marked as a duplicate of this bug. ***
Comment 9 Fedora Update System 2013-08-07 16:48:07 EDT
kernel-3.10.5-201.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/kernel-3.10.5-201.fc19
Comment 10 Fedora Update System 2013-08-09 13:12:40 EDT
kernel-3.10.5-201.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.