[libcamera-devel] [PATCH] meson: enable IPA signing only if both libcrypto and openssl are present
Subhaditya Nath
sn03.general at gmail.com
Mon Dec 25 18:18:24 CET 2023
Before this commit, if the build host had openssl installed, but had
neither openssl-dev nor gnutls-dev installed, then the IPA modules would
be signed and ipa_pub_key.cpp would contain the pubkey, but the function
PubKey::PubKey() would've been left empty, thereby valid_ being set to
false, rendering the pubkey unusable for verification purposes.
This commit checks for the availability of both the openssl executable
and either of the gnutls and libcrypto libraries before enabling signing
of the IPA modules. Either both HAVE_IPA_PUBKEY and HAVE_(CRYPTO|GNUTLS)
are defined, or neither is defined. This mitigates situations like the
one mentioned above.
This commit leverages the multi-name dependency feature introduced in
meson 0.60.0 to select between gnutls and libcrypto. The behaviour is
unchanged – gnutls is used if found, else libcrypto is used (if found).
Signed-off-by: Subhaditya Nath <sn03.general at gmail.com>
---
src/libcamera/meson.build | 19 -------------------
src/meson.build | 26 ++++++++++++++++++++------
2 files changed, 20 insertions(+), 25 deletions(-)
diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build
index 45f63e93..9d17c9f1 100644
--- a/src/libcamera/meson.build
+++ b/src/libcamera/meson.build
@@ -80,25 +80,6 @@ endif
libudev = dependency('libudev', required : get_option('udev'))
libyaml = dependency('yaml-0.1', required : false)
-# Use one of gnutls or libcrypto (provided by OpenSSL), trying gnutls first.
-libcrypto = dependency('gnutls', required : false)
-if libcrypto.found()
- config_h.set('HAVE_GNUTLS', 1)
-else
- libcrypto = dependency('libcrypto', required : false)
- if libcrypto.found()
- config_h.set('HAVE_CRYPTO', 1)
- endif
-endif
-
-if not libcrypto.found()
- warning('Neither gnutls nor libcrypto found, all IPA modules will be isolated')
- summary({'IPA modules signed with': 'None (modules will run isolated)'},
- section : 'Configuration')
-else
- summary({'IPA modules signed with' : libcrypto.name()}, section : 'Configuration')
-endif
-
if liblttng.found()
tracing_enabled = true
config_h.set('HAVE_TRACING', 1)
diff --git a/src/meson.build b/src/meson.build
index 165a77bb..208cd760 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -15,16 +15,30 @@ summary({
}, section : 'Paths')
# Module Signing
+# Use one of gnutls or libcrypto (provided by OpenSSL), trying gnutls first.
+libcrypto = dependency('gnutls', 'libcrypto', required : false)
openssl = find_program('openssl', required : false)
-if openssl.found()
+if not libcrypto.found()
+ ipa_sign_module = false
+ warning('Neither gnutls nor libcrypto found, all IPA modules will be isolated')
+ summary({'IPA modules signed with': 'None (modules will run isolated)'},
+ section : 'Configuration')
+elif not openssl.found()
+ ipa_sign_module = false
+ warning('openssl not found, all IPA modules will be isolated')
+ ipa_sign_module = false
+else
+ ipa_sign_module = true
+ config_h.set('HAVE_IPA_PUBKEY', 1)
+ if libcrypto.name() == 'gnutls'
+ config_h.set('HAVE_GNUTLS', 1)
+ else
+ config_h.set('HAVE_CRYPTO', 1)
+ endif
+ summary({'IPA modules signed with' : libcrypto.name()}, section : 'Configuration')
ipa_priv_key = custom_target('ipa-priv-key',
output : ['ipa-priv-key.pem'],
command : [gen_ipa_priv_key, '@OUTPUT@'])
- config_h.set('HAVE_IPA_PUBKEY', 1)
- ipa_sign_module = true
-else
- warning('openssl not found, all IPA modules will be isolated')
- ipa_sign_module = false
endif
# libcamera must be built first as a dependency to the other components.
--
2.43.0
More information about the libcamera-devel
mailing list