[libcamera-devel] [PATCH v2 0/4] libcamera: Support openssl as an alternative to gnutls

Laurent Pinchart laurent.pinchart at ideasonboard.com
Tue Aug 9 01:08:29 CEST 2022 

Hello,

This small patch series adds support for openssl as an alternative to
gnutls to verify the signature of IPA modules.

Compared to v1, I have reorganized the series to move the most
controversial part - making the dependency on crypto libraries optional
- on top, in patch 4/4 (previously 1/5 and 2/5, squashed together) to
allow discussions to continue without blocking the other patches. Patch
4/4, which add libcrypto support, has been modified to not use APIs that
are deprecated in OpenSSL 3.0, to support Fedora 36.

The dependency on crypto libraries was optional, before we realized that
missing IPA protocol serialization made it effectively required in
practice. Serialization is now there, so module signature support can be
made optional again. This could possibly cause issues for some users who
may not notice the missing dependency and wonder why IPA modules run
isolated (although that should be a fully supported configuration).

To address this, I've documented module signing as recommended in
README.md (patch 4/4), and emit a warning at meson setup time when the
dependencies are not found. We however all know how often both
documentation and warnings are overlooked. If anyone thinks this is a
bad idea, I can drop (or modify) patch 4/4.

For the rest of the series, please see individual patches.

Eric, would you be able to test this on Fedora 36 to check if it fixes
the compilation issues you've reported ?

Laurent Pinchart (4):
  libcamera: meson: Use dependency() to find gnutls
  libcamera: pub_key: Gracefully handle failures to load public key
  libcamera: pub_key: Support openssl as an alternative to gnutls
  libcamera: Make IPA module signing recommended instead of mandatory

 README.rst                           |  7 ++--
 include/libcamera/internal/pub_key.h |  8 +++--
 src/libcamera/ipa_manager.cpp        |  3 ++
 src/libcamera/meson.build            | 16 +++++++--
 src/libcamera/pub_key.cpp            | 50 +++++++++++++++++++++++++---
 src/meson.build                      |  3 +-
 6 files changed, 75 insertions(+), 12 deletions(-)


base-commit: fe8941d7d61bd22ed66e5b5615e931c68fdf9bfa
-- 
Regards,

Laurent Pinchart

More information about the libcamera-devel mailing list