[libcamera-devel] [PATCH 2/2] media-libs/libcamera: Do not strip IPA binaries

[Niklas Söderlund]

Libcamera signs its IPA modules (.so files) after they are built. The
signature is later verified when loading the IPA modules and if they do
not match the IPA is treated as a untrusted module. The CrOS build
system by default strips all binaries after the build step and modify
the IPA .so files in so they fail the signature check.

The build system inject hooks after the post_src_install hook that
strips binaries and creates the packet that is installed on target. It
is therefor not possible to to generate the IPA module signature for the
stripped modules without also packeting the private key and doing so in
pre_pkg_preinst. Stripping and generating signatures for the IPA .so
files in src_install is not possible as the exact method for stripping
them may differ between the ebuild and the build system hook.

Safest route is to never stripp the IPA modules. Instead of restricting
stripping of all libcamera binaries use dostrip to only disable
stripping of the IPA modules. The EAPI needs to be increased to version
7 to support dostrip.

Signed-off-by: Niklas Söderlund <niklas.soderlund at ragnatech.se>
---
 media-libs/libcamera/libcamera-9999.ebuild | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/media-libs/libcamera/libcamera-9999.ebuild b/media-libs/libcamera/libcamera-9999.ebuild
index 57ff00337309f30c..ce4183a89ef095de 100644
--- a/media-libs/libcamera/libcamera-9999.ebuild
+++ b/media-libs/libcamera/libcamera-9999.ebuild
@@ -1,7 +1,7 @@
 # Copyright 2019 The Chromium OS Authors. All rights reserved.
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 
 CROS_WORKON_PROJECT="chromiumos/third_party/libcamera"
 CROS_WORKON_INCREMENTAL_BUILD="1"
@@ -49,4 +49,6 @@ src_install() {
 	meson_src_install
 
 	dosym ../libcamera.so "/usr/$(get_libdir)/camera_hal/libcamera.so"
+
+	dostrip -x /usr/$(get_libdir)/libcamera/
 }
-- 
2.25.1