nux.org --vendor Circle --rhelver 9 --rhelver 9 --rhelcert circlebootsigningcert --rhelcafile /usr/share/pki/sb-certs/secureboot-ca-x86_64.cer --rhelcertfile /usr/share/pki/sb-certs/secureboot-kernel-x86_64.cer --in arch/x86/boot/bzImage --out vmlinuz.signed --sign
+ main x86_64 /usr/bin/pesign /usr/bin/pesign-client --client-token 'Circle Linux Secure Boot Signing Cert' --client-cert 'Circle Linux Secure Boot Signing Cert' --cert 'Circle Linux Secure Boot Signing Cert' --hostname repo001.cclinux.org --vendor Circle --rhelver 9 --rhelver 9 --rhelcert circlebootsigningcert --rhelcafile /usr/share/pki/sb-certs/secureboot-ca-x86_64.cer --rhelcertfile /usr/share/pki/sb-certs/secureboot-kernel-x86_64.cer --in arch/x86/boot/bzImage --out vmlinuz.signed --sign
+ [[ 28 -lt 3 ]]
+ local target_cpu=x86_64
+ shift
+ local bin=/usr/bin/pesign
+ shift
+ local client=/usr/bin/pesign-client
+ shift
+ local rhelcafile=
+ local rhelcertfile=
+ certout=()
+ local certout
+ sattrout=()
+ local sattrout
+ input=()
+ local input
+ output=()
+ local output
+ client_token=()
+ local client_token
+ client_cert=()
+ local client_cert
+ token=()
+ local token
+ cert=()
+ local cert
+ rhelcert=()
+ local rhelcert
+ local rhelver=0
+ local sign=
+ local arch=
+ local vendor=
+ local HOSTNAME=
+ [[ 25 -ge 2 ]]
+ case " ${1} " in
+ client_token[0]=-t
+ client_token[1]='Circle Linux Secure Boot Signing Cert'
+ shift
+ shift
+ [[ 23 -ge 2 ]]
+ case " ${1} " in
+ client_cert[0]=-c
+ client_cert[1]='Circle Linux Secure Boot Signing Cert'
+ shift
+ shift
+ [[ 21 -ge 2 ]]
+ case " ${1} " in
+ cert[0]=-c
+ cert[1]='Circle Linux Secure Boot Signing Cert'
+ shift
+ shift
+ [[ 19 -ge 2 ]]
+ case " ${1} " in
+ HOSTNAME=repo001.cclinux.org
+ shift
+ shift
+ [[ 17 -ge 2 ]]
+ case " ${1} " in
+ vendor=Circle
+ shift
+ shift
+ [[ 15 -ge 2 ]]
+ case " ${1} " in
+ rhelver=9
+ shift
+ shift
+ [[ 13 -ge 2 ]]
+ case " ${1} " in
+ rhelver=9
+ shift
+ shift
+ [[ 11 -ge 2 ]]
+ case " ${1} " in
+ rhelcert[0]=-c
+ rhelcert[1]=circlebootsigningcert
+ shift
+ shift
+ [[ 9 -ge 2 ]]
+ case " ${1} " in
+ rhelcafile=/usr/share/pki/sb-certs/secureboot-ca-x86_64.cer
+ shift
+ shift
+ [[ 7 -ge 2 ]]
+ case " ${1} " in
+ rhelcertfile=/usr/share/pki/sb-certs/secureboot-kernel-x86_64.cer
+ shift
+ shift
+ [[ 5 -ge 2 ]]
+ case " ${1} " in
+ input[0]=-i
+ input[1]=arch/x86/boot/bzImage
+ shift
+ shift
+ [[ 3 -ge 2 ]]
+ case " ${1} " in
+ output[0]=-o
+ output[1]=vmlinuz.signed
+ shift
+ shift
+ [[ 1 -ge 2 ]]
+ [[ 1 -ge 1 ]]
+ [[ --sign = --sign ]]
+ sign=-s
+ shift
+ [[ -z x86_64 ]]
+ target_cpu=x86_64
+ target_cpu=x64
+ target_cpu=x64
+ target_cpu=x64
+ local nssdir=/etc/pki/pesign
+ [[ 2 -eq 2 ]]
+ [[ Circle Linux Secure Boot Signing Cert == \C\i\r\c\l\e\ \L\i\n\u\x\ \S\e\c\u\r\e\ \B\o\o\t\ \S\i\g\n\i\n\g\ \L\o\c\a\l\ \T\e\s\t\ \C\e\r\t ]]
+ [[ -x /usr/bin/pesign ]]
+ is_efi_arch x64
+ local arch=x64
+ arches=('aa64' 'ia32' 'x64')
+ local arches
+ local x
+ for x in "${arches[@]}"
+ [[ x64 = \a\a\6\4 ]]
+ for x in "${arches[@]}"
+ [[ x64 = \i\a\3\2 ]]
+ for x in "${arches[@]}"
+ [[ x64 = \x\6\4 ]]
+ return 0
+ /usr/bin/pesign --certdir /etc/pki/pesign -c 'Circle Linux Secure Boot Signing Cert' -s -i arch/x86/boot/bzImage -o vmlinuz.signed
pesign: Could not open NSS database ("security library: bad database."): Permission denied
error: Bad exit status from /var/tmp/rpm-tmp.SkrNSZ (%build)
    Bad exit status from /var/tmp/rpm-tmp.SkrNSZ (%build)
RPM build errors:
Child return code was: 1
EXCEPTION: [Error()]
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/mockbuild/trace_decorator.py", line 93, in trace
    result = func(*args, **kw)
  File "/usr/lib/python3.6/site-packages/mockbuild/util.py", line 598, in do_with_status
    raise exception.Error("Command failed: \n # %s\n%s" % (command, output), child.returncode)
mockbuild.exception.Error: Command failed: 
 # bash --login -c /usr/bin/rpmbuild -bb --target x86_64 --nodeps --nocheck /builddir/build/SPECS/kernel.spec