Add support for non-koji signing in macros

Resolves: #1880858
Signed-off-by: Robbie Harwood <rharwood@redhat.com>

0002-Fix-building-signed-kernels-on-setups-other-than-koj.patch

@@ -0,0 +1,55 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Julian Sikorski <belegdol+github@gmail.com>
+Date: Wed, 23 Mar 2022 20:54:03 +0100
+Subject: [PATCH] Fix building signed kernels on setups other than koji
+
+Thanks to Will Springer for the idea. Details at
+https://bugzilla.redhat.com/show_bug.cgi?id=1880858
+
+Signed-off-by: Julian Sikorski <belegdol+github@gmail.com>
+Suggested-by: Will Springer <skirmisher@protonmail.com>
+(cherry picked from commit 9969b1757a1941c9f57081b308026d687f6c0943)
+---
+ src/pesign-rpmbuild-helper.in | 24 +++++++++++-------------
+ 1 file changed, 11 insertions(+), 13 deletions(-)
+
+diff --git a/src/pesign-rpmbuild-helper.in b/src/pesign-rpmbuild-helper.in
+index 0a845d2..c9d5570 100644
+--- a/src/pesign-rpmbuild-helper.in
++++ b/src/pesign-rpmbuild-helper.in
+@@ -172,24 +172,22 @@ main() {
+     USERNAME="${USERNAME:-$(id -un)}"
+ 
+     local socket="" || :
+-    if grep -q ID=fedora /etc/os-release \
++    if [[ -S /run/pesign/socket ]] ; then
++        socket=/run/pesign/socket
++    elif [[ -S /var/run/pesign/socket ]]; then
++        socket=/var/run/pesign/socket
++    elif grep -q ID=fedora /etc/os-release \
+        && [[ "${rhelver}" -lt 7 ]] \
+        && [[ "${USERNAME}" = "mockbuild" ]] \
+        && [[ "${vendor}" = "Fedora Project" ]] \
+        && [[ "${HOSTNAME}" =~ bkernel.* ]]
+     then
+-	if [[ -S /run/pesign/socket ]] ; then
+-	    socket=/run/pesign/socket
+-	elif [[ -S /var/run/pesign/socket ]]; then
+-	    socket=/var/run/pesign/socket
+-	else
+-	    echo "Warning: no pesign socket even though user is ${USERNAME}" 1>&2
+-	    echo "Warning: if this is a non-scratch koji build, this is wrong" 1>&2
+-	    ls -ld /run/pesign /var/run/pesign 1>&2 ||:
+-	    ls -l /run/pesign/socket /var/run/pesign/socket 1>&2 ||:
+-	    getfacl /run/pesign /run/pesign/socket /var/run/pesign /var/run/pesign/socket 1>&2 ||:
+-	    getfacl -n /run/pesign /run/pesign/socket /var/run/pesign /var/run/pesign/socket 1>&2 ||:
+-	fi
++        echo "Warning: no pesign socket even though user is ${USERNAME}" 1>&2
++        echo "Warning: if this is a non-scratch koji build, this is wrong" 1>&2
++        ls -ld /run/pesign /var/run/pesign 1>&2 ||:
++        ls -l /run/pesign/socket /var/run/pesign/socket 1>&2 ||:
++        getfacl /run/pesign /run/pesign/socket /var/run/pesign /var/run/pesign/socket 1>&2 ||:
++        getfacl -n /run/pesign /run/pesign/socket /var/run/pesign /var/run/pesign/socket 1>&2 ||:
+     fi
+ 
+     if [[ "${rhelver}" -ge 7 ]] ; then

pesign.patches

@@ -0,0 +1,2 @@
+Patch0001: 0001-daemon-remove-always-true-comparison.patch
+Patch0002: 0002-Fix-building-signed-kernels-on-setups-other-than-koj.patch

pesign.spec

@@ -6,7 +6,7 @@
 Name:    pesign
 Summary: Signing utility for UEFI binaries
 Version: 115
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPL-2.0-only
 URL:     https://github.com/rhboot/pesign
 
@@ -46,8 +46,10 @@ BuildRequires: rh-signing-tools >= 1.20-2
 Source0: https://github.com/rhboot/pesign/releases/download/%{version}/pesign-%{version}.tar.bz2
 Source1: certs.tar.xz
 Source2: pesign.py
+Source3: pesign.patches
 
-Patch0001: 0001-daemon-remove-always-true-comparison.patch
+# generate with tool
+%include %{SOURCE3}
 
 %description
 This package contains the pesign utility for signing UEFI binaries as
@@ -159,6 +161,10 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null
 %{python3_sitelib}/mockbuild/plugins/pesign.*
 
 %changelog
+* Thu Mar 24 2022 Robbie Harwood <rharwood@redhat.com> - 115-2
+- Add support for non-koji signing in macros
+- Resolves: #1880858
+
 * Tue Mar 08 2022 Robbie Harwood <rharwood@redhat.com> - 115-1
 - New upstream version (115)