[libcamera-devel] [PATCH v2 0/4] libcamera: Support openssl as an alternative to gnutls

Eric Curtin ecurtin at redhat.com
Tue Aug 9 12:40:50 CEST 2022


On Tue, 9 Aug 2022 at 00:08, Laurent Pinchart
<laurent.pinchart at ideasonboard.com> wrote:
>
> Hello,
>
> This small patch series adds support for openssl as an alternative to
> gnutls to verify the signature of IPA modules.
>
> Compared to v1, I have reorganized the series to move the most
> controversial part - making the dependency on crypto libraries optional
> - on top, in patch 4/4 (previously 1/5 and 2/5, squashed together) to
> allow discussions to continue without blocking the other patches. Patch
> 4/4, which add libcrypto support, has been modified to not use APIs that
> are deprecated in OpenSSL 3.0, to support Fedora 36.
>
> The dependency on crypto libraries was optional, before we realized that
> missing IPA protocol serialization made it effectively required in
> practice. Serialization is now there, so module signature support can be
> made optional again. This could possibly cause issues for some users who
> may not notice the missing dependency and wonder why IPA modules run
> isolated (although that should be a fully supported configuration).
>
> To address this, I've documented module signing as recommended in
> README.md (patch 4/4), and emit a warning at meson setup time when the
> dependencies are not found. We however all know how often both
> documentation and warnings are overlooked. If anyone thinks this is a
> bad idea, I can drop (or modify) patch 4/4.
>
> For the rest of the series, please see individual patches.
>
> Eric, would you be able to test this on Fedora 36 to check if it fixes
> the compilation issues you've reported ?

Yes, although I notice it found libcrypto, although I don't see
-DHAVE_CRYPTO in the compile line or anything like that, although that
could be my misunderstanding of the build scripts.



>
> Laurent Pinchart (4):
>   libcamera: meson: Use dependency() to find gnutls
>   libcamera: pub_key: Gracefully handle failures to load public key
>   libcamera: pub_key: Support openssl as an alternative to gnutls
>   libcamera: Make IPA module signing recommended instead of mandatory
>
>  README.rst                           |  7 ++--
>  include/libcamera/internal/pub_key.h |  8 +++--
>  src/libcamera/ipa_manager.cpp        |  3 ++
>  src/libcamera/meson.build            | 16 +++++++--
>  src/libcamera/pub_key.cpp            | 50 +++++++++++++++++++++++++---
>  src/meson.build                      |  3 +-
>  6 files changed, 75 insertions(+), 12 deletions(-)
>
>
> base-commit: fe8941d7d61bd22ed66e5b5615e931c68fdf9bfa
> --
> Regards,
>
> Laurent Pinchart
>



More information about the libcamera-devel mailing list