From 50f413c3eb874d87e0139fff7afe566e2c252d8c Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 1 Feb 2023 09:39:18 -0800
Subject: [PATCH] bkernel: set pesign perms locally now.

This used to get set in pesignd when it started, but upstream has
dropped that because it's more of a local config issue.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/bkernel/tasks/main.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/roles/bkernel/tasks/main.yml b/roles/bkernel/tasks/main.yml
index f2efd74f12..f2c72bc7e3 100644
--- a/roles/bkernel/tasks/main.yml
+++ b/roles/bkernel/tasks/main.yml
@@ -34,8 +34,13 @@
   tags:
   - bkernel
 
-- name: /var/run/pesign perms
-  file: state=directory path=/var/run/pesign owner=pesign group=pesign mode=0770
+- name: /var/run/pesign directory perms
+  file: state=directory path=/var/run/pesign owner=pesign group=kojibuilder mode=0770
+  tags:
+  - bkernel
+
+- name: /var/run/pesign socket perms
+  file: path=/var/run/pesign/socket owner=pesign group=kojibuilder mode=0660
   tags:
   - bkernel