[libcamera-devel] [PATCH v2 4/4] libcamera: Make IPA module signing recommended instead of mandatory
Eric Curtin
ecurtin at redhat.com
Tue Aug 9 12:46:26 CEST 2022
On Tue, 9 Aug 2022 at 00:08, Laurent Pinchart
<laurent.pinchart at ideasonboard.com> wrote:
>
> Commit b382f67c833d ("libcamera: Make IPA module signing mandatory for
> the meantime") made openssl and gnutls dependencies mandatory to work
> around the lack of proper IPA module isolation support, which broke
> operation without module signatures. This has now been fixed, so IPA
> module isolation isn't strictly required anymore.
>
> There are few use cases for disabling module signing completely, given
> that the openssl or gnutls dependencies are available on the vast
> majority of systems and the overheard introduced by isolating all IPA
> modules when signatures are not available is better avoided.
> Nonetheless, libcamera should operate properly with forced IPA module
> isolation, so we can support those use cases.
>
> Adopt a middle-ground approach to avoid unintentional isolation by
> documenting the dependencies as recommended, and warn at meson setup
> time if they are not found.
>
> Signed-off-by: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
LGTM.
Reviewed-by: Eric Curtin <ecurtin at redhat.com>
> ---
> README.rst | 5 ++++-
> src/libcamera/meson.build | 10 ++++++++--
> src/meson.build | 3 ++-
> 3 files changed, 14 insertions(+), 4 deletions(-)
>
> diff --git a/README.rst b/README.rst
> index 3bf4685b0e15..e9dd4207ae55 100644
> --- a/README.rst
> +++ b/README.rst
> @@ -60,9 +60,12 @@ Meson Build system: [required]
> for the libcamera core: [required]
> libyaml-dev python3-yaml python3-ply python3-jinja2
>
> -for IPA module signing: [required]
> +for IPA module signing: [recommended]
> Either libgnutls28-dev or libssl-dev, openssl
>
> + Without IPA module signing, all IPA modules will be isolated in a
> + separate process. This adds an unnecessary extra overhead at runtime.
> +
> for improved debugging: [optional]
> libdw-dev libunwind-dev
>
> diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build
> index 401fc498cfbc..0efa8fd5df7f 100644
> --- a/src/libcamera/meson.build
> +++ b/src/libcamera/meson.build
> @@ -73,8 +73,14 @@ libcrypto = dependency('gnutls2', required : false)
> if libcrypto.found()
> config_h.set('HAVE_GNUTLS', 1)
> else
> - libcrypto = dependency('libcrypto', required : true)
> - config_h.set('HAVE_CRYPTO', 1)
> + libcrypto = dependency('libcrypto', required : false)
> + if libcrypto.found()
> + config_h.set('HAVE_CRYPTO', 1)
> + endif
> +endif
> +
> +if not libcrypto.found()
> + warning('Neither gnutls nor libcrypto found, all IPA modules will be isolated')
> endif
>
> if liblttng.found()
> diff --git a/src/meson.build b/src/meson.build
> index 34663a6f134d..f37c44ca9f60 100644
> --- a/src/meson.build
> +++ b/src/meson.build
> @@ -14,7 +14,7 @@ summary({
> }, section : 'Paths')
>
> # Module Signing
> -openssl = find_program('openssl', required : true)
> +openssl = find_program('openssl', required : false)
> if openssl.found()
> ipa_priv_key = custom_target('ipa-priv-key',
> output : ['ipa-priv-key.pem'],
> @@ -22,6 +22,7 @@ if openssl.found()
> config_h.set('HAVE_IPA_PUBKEY', 1)
> ipa_sign_module = true
> else
> + warning('openssl not found, all IPA modules will be isolated')
> ipa_sign_module = false
> endif
>
> --
> Regards,
>
> Laurent Pinchart
>
More information about the libcamera-devel
mailing list