[libcamera-devel] [PATCH] ipa: Only sign IPA modules that are being installed
Tomasz Figa
tfiga at google.com
Wed May 13 19:58:31 CEST 2020
On Tue, May 12, 2020 at 6:28 PM Laurent Pinchart
<laurent.pinchart at ideasonboard.com> wrote:
>
> The ipa-sign-install.sh script, run when installing libcamera, signs all
> IPA modules present in the module directory. This would result in
> third-party modules being signed if any are present in the directory.
> Fix it by explicitly passing the list of IPA modules to the
> ipa-sign-install.sh script.
>
> Signed-off-by: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
> ---
> src/ipa/ipa-sign-install.sh | 12 ++++++++----
> src/ipa/meson.build | 6 ++++--
> 2 files changed, 12 insertions(+), 6 deletions(-)
>
Thanks a lot for the fix.
Within the Chromium OS SDK, with --board=soraka:
Tested-by: Tomasz Figa <tfiga at chromium.org>
Reviewed-by: Tomasz Figa <tfiga at chromium.org>
Best regards,
Tomasz
> diff --git a/src/ipa/ipa-sign-install.sh b/src/ipa/ipa-sign-install.sh
> index 5317a8a2042b..bcedb8b5cdd1 100755
> --- a/src/ipa/ipa-sign-install.sh
> +++ b/src/ipa/ipa-sign-install.sh
> @@ -6,13 +6,17 @@
> #
> # ipa-sign-install.sh - Regenerate IPA module signatures when installing
>
> -libdir=$1
> -key=$2
> +key=$1
> +shift
> +modules=$*
>
> ipa_sign=$(dirname "$0")/ipa-sign.sh
>
> echo "Regenerating IPA modules signatures"
>
> -for module in "${MESON_INSTALL_DESTDIR_PREFIX}/${libdir}"/*.so ; do
> - "${ipa_sign}" "${key}" "${module}" "${module}.sign"
> +for module in ${modules} ; do
> + module="${MESON_INSTALL_DESTDIR_PREFIX}/${module}"
> + if [ -f "${module}" ] ; then
> + "${ipa_sign}" "${key}" "${module}" "${module}.sign"
> + fi
> done
> diff --git a/src/ipa/meson.build b/src/ipa/meson.build
> index b103479c1cd0..fd4b2c30438d 100644
> --- a/src/ipa/meson.build
> +++ b/src/ipa/meson.build
> @@ -19,10 +19,12 @@ subdir('libipa')
> ipa_sign = files('ipa-sign.sh')
>
> ipas = ['raspberrypi', 'rkisp1', 'vimc']
> +ipa_names = []
>
> foreach pipeline : get_option('pipelines')
> if ipas.contains(pipeline)
> subdir(pipeline)
> + ipa_names += join_paths(ipa_install_dir, ipa_name + '.so')
> endif
> endforeach
>
> @@ -31,6 +33,6 @@ if ipa_sign_module
> # .sign files, as meson strips the DT_RPATH and DT_RUNPATH from binaries at
> # install time, which invalidates the signatures.
> meson.add_install_script('ipa-sign-install.sh',
> - ipa_install_dir,
> - ipa_priv_key.full_path())
> + ipa_priv_key.full_path(),
> + ipa_names)
> endif
> --
> Regards,
>
> Laurent Pinchart
>
More information about the libcamera-devel
mailing list