Patch Detail
Show a patch.
GET /api/1.1/patches/17685/?format=api
{ "id": 17685, "url": "https://patchwork.libcamera.org/api/1.1/patches/17685/?format=api", "web_url": "https://patchwork.libcamera.org/patch/17685/", "project": { "id": 1, "url": "https://patchwork.libcamera.org/api/1.1/projects/1/?format=api", "name": "libcamera", "link_name": "libcamera", "list_id": "libcamera_core", "list_email": "libcamera-devel@lists.libcamera.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20221024055543.116040-11-nicholas@rothemail.net>", "date": "2022-10-24T05:55:42", "name": "[libcamera-devel,10/11] Adds a flag to disable IPA isolation, necessary for Android.", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": false, "hash": "6686772b4253773ad3410d14e10a296df615a5ff", "submitter": { "id": 97, "url": "https://patchwork.libcamera.org/api/1.1/people/97/?format=api", "name": "Nicolas Dufresne via libcamera-devel", "email": "libcamera-devel@lists.libcamera.org" }, "delegate": null, "mbox": "https://patchwork.libcamera.org/patch/17685/mbox/", "series": [ { "id": 3575, "url": "https://patchwork.libcamera.org/api/1.1/series/3575/?format=api", "web_url": "https://patchwork.libcamera.org/project/libcamera/list/?series=3575", "date": "2022-10-24T05:55:33", "name": "[libcamera-devel,01/11] Fixes Bug 156, which breaks libcamera on Android < 12.", "version": 1, "mbox": "https://patchwork.libcamera.org/series/3575/mbox/" } ], "comments": "https://patchwork.libcamera.org/api/patches/17685/comments/", "check": "pending", "checks": "https://patchwork.libcamera.org/api/patches/17685/checks/", "tags": {}, "headers": { "Return-Path": "<libcamera-devel-bounces@lists.libcamera.org>", "X-Original-To": "parsemail@patchwork.libcamera.org", "Delivered-To": "parsemail@patchwork.libcamera.org", "Received": [ "from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id 5B9A1C3286\n\tfor <parsemail@patchwork.libcamera.org>;\n\tMon, 24 Oct 2022 05:56:08 +0000 (UTC)", "from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id BE3BA62F18;\n\tMon, 24 Oct 2022 07:56:07 +0200 (CEST)", "from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com\n\t[IPv6:2607:f8b0:4864:20::32c])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 5646762F0A\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tMon, 24 Oct 2022 07:56:02 +0200 (CEST)", "by mail-ot1-x32c.google.com with SMTP id\n\tz11-20020a05683020cb00b00661a95cf920so5365302otq.5\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tSun, 23 Oct 2022 22:56:02 -0700 (PDT)", "from nroth-pc.attlocal.net\n\t([2600:1700:20:20c0:7bc3:aed3:676f:10a0])\n\tby smtp.gmail.com with ESMTPSA id\n\tx15-20020a9d628f000000b0066193df8edasm3980278otk.34.2022.10.23.22.56.00\n\t(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n\tSun, 23 Oct 2022 22:56:00 -0700 (PDT)" ], "DKIM-Signature": [ "v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org;\n\ts=mail; t=1666590967;\n\tbh=SuhQ6dhEWp88i57VP77y/jAbxTL15UkDhiV9cnvQkik=;\n\th=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:\n\tList-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:\n\tFrom;\n\tb=km0hrn38Ib9hVLkuKSFXmQIPlpbgUmUTw3z5zoLdeyPHmWxy1CaKKwSzuO1FgGdNi\n\tbIy3dHdlrHlB+/JERkpl6CXAjrUOV9JLjBI9Ua2+SumEsWM/135jUSKS/vOUCz61TF\n\tG96N32qGLb01NWQGG9Do8osRR12jJxI0hBE+CpfKZruU08uLP0EyPOXHDbN4XDkrtU\n\tCuRA0CEVNVmTqja6Ir/vheiMbUtyAd8zLwi2iys67MSKo2c+nKAxRbFUd1r+lyotTo\n\ttVHuugizFjWcnUk8SIPFepO3cZLuuhh1sm2TywWJlBsAinAbV4wDbMUDHhjFXFWjCJ\n\tjzhaRuGLFZzQQ==", "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=rothemail-net.20210112.gappssmtp.com; s=20210112;\n\th=content-transfer-encoding:mime-version:reply-to:references\n\t:in-reply-to:message-id:date:subject:cc:to:from:from:to:cc:subject\n\t:date:message-id:reply-to;\n\tbh=huXpY0kdXALbfYSJ3F6nqYO414tLR2zn4iq7mxfc+Zk=;\n\tb=WAPOILri6uBXcMjQ4qBqAXoTnEl5GwzHyfjtheK5C+met4hKIACwiJFxWFujnyRoaO\n\tlQZg6oq7KiJiKC9OIGAmyD5BEfOTIpzOIMJ2qaRhN3AThw+A5ani10SsqaPTONBjeqFy\n\tygCxeWqRmgL/iiW0dxzOJO6yRH26pLEq7oJ4M/MvmgHPsslDyrxTve4ZstNquqJBFOV3\n\tkdX5BLQm3z4OiDBtl7+L4k1PDVc779zeagw1DVVWwP87NC5iBupPExAQTA9xKdEjnqxA\n\tDQr5ujCP4kzkGlTN7ky5dFXpGD7tOWLJ06LHZ6H9Cq5r16A20zMJcSncV1Ubh2d5DNn7\n\t9lZQ==" ], "Authentication-Results": "lancelot.ideasonboard.com; dkim=pass (2048-bit key; \n\tunprotected)\n\theader.d=rothemail-net.20210112.gappssmtp.com\n\theader.i=@rothemail-net.20210112.gappssmtp.com header.b=\"WAPOILri\"; \n\tdkim-atps=neutral", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20210112;\n\th=content-transfer-encoding:mime-version:reply-to:references\n\t:in-reply-to:message-id:date:subject:cc:to:from:x-gm-message-state\n\t:from:to:cc:subject:date:message-id:reply-to;\n\tbh=huXpY0kdXALbfYSJ3F6nqYO414tLR2zn4iq7mxfc+Zk=;\n\tb=RumoWvdONlK1XqIects/T2fZtcXF59hYH0yDAYxwr/WHIyfGRVXV7YX7VZd5kh2yTh\n\t8X2YfYG/2W4zfSX1SLKbt32qun038XFPs544Iaui51a+Mr0uTArbJpCyE5gvn+amtOik\n\tvu8k28TpW0F9YqxTzqQ6HWtRg6WHZYWNqFvI46f081wrgIN/F/IADqxkC2fK2X+YvXKY\n\t8UqGbuTrZQHwqpueK8DvnYcU1Up2v3M2JAvhic2zmihIQV6lmRD9jWXT7TtNwHRW9Yky\n\t7hs+uLaosmTh/z5edxyItK90bO4i+sGZTHhTDJJjcS/n2GeQpjDSKGYQgKMBtwqbTDqe\n\tGFOw==", "X-Gm-Message-State": "ACrzQf3tAi9kPnDsM4/2dWjMnqozT+ws05ca9F+RyV0h6XEPrTlbWB4Y\n\to7whjWnzmnxiA1mEddehwzSJlLl6VbFw2WDL", "X-Google-Smtp-Source": "AMsMyM4tT8LCjRSBpbBgBB1BcoOHk1blD2NrmLMAKPfWRVqSnesNv6zwjwaVHC/cy6GyTTU/guI2Nw==", "X-Received": "by 2002:a05:6830:618c:b0:65b:d2db:5f77 with SMTP id\n\tcb12-20020a056830618c00b0065bd2db5f77mr15423770otb.348.1666590960709; \n\tSun, 23 Oct 2022 22:56:00 -0700 (PDT)", "To": "libcamera-devel@lists.libcamera.org", "Date": "Mon, 24 Oct 2022 00:55:42 -0500", "Message-Id": "<20221024055543.116040-11-nicholas@rothemail.net>", "X-Mailer": "git-send-email 2.34.1", "In-Reply-To": "<20221024055543.116040-1-nicholas@rothemail.net>", "References": "<20221024055543.116040-1-nicholas@rothemail.net>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[libcamera-devel] [PATCH 10/11] Adds a flag to disable IPA\n\tisolation, necessary for Android.", "X-BeenThere": "libcamera-devel@lists.libcamera.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "<libcamera-devel.lists.libcamera.org>", "List-Unsubscribe": "<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>", "List-Archive": "<https://lists.libcamera.org/pipermail/libcamera-devel/>", "List-Post": "<mailto:libcamera-devel@lists.libcamera.org>", "List-Help": "<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>", "List-Subscribe": "<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>", "From": "Nicholas Roth via libcamera-devel <libcamera-devel@lists.libcamera.org>", "Reply-To": "libcamera-devel@lists.libcamera.org", "Cc": "nicholas@rothemail.net", "Errors-To": "libcamera-devel-bounces@lists.libcamera.org", "Sender": "\"libcamera-devel\" <libcamera-devel-bounces@lists.libcamera.org>" }, "content": "From: Nicholas Roth <nicholas@rothemail.net>\n\n---\n meson.build | 4 ++++\n meson_options.txt | 5 +++++\n src/libcamera/ipa_manager.cpp | 11 +++++++++++\n 3 files changed, 20 insertions(+)", "diff": "diff --git a/meson.build b/meson.build\nindex 7d0588d2..2303f752 100644\n--- a/meson.build\n+++ b/meson.build\n@@ -74,6 +74,10 @@ if cc.has_header_symbol('stdlib.h', 'secure_getenv', prefix : '#define _GNU_SOUR\n config_h.set('HAVE_SECURE_GETENV', 1)\n endif\n \n+if get_option('allow_unsigned_ipas_in_process')\n+ config_h.set('ALLOW_UNSIGNED_IPAS_IN_PROCESS', 1)\n+endif\n+\n common_arguments = [\n '-Wshadow',\n '-include', meson.current_build_dir() / 'config.h',\ndiff --git a/meson_options.txt b/meson_options.txt\nindex f1d67808..77b21b9a 100644\n--- a/meson_options.txt\n+++ b/meson_options.txt\n@@ -64,3 +64,8 @@ option('pycamera',\n type : 'feature',\n value : 'disabled',\n description : 'Enable libcamera Python bindings (experimental)')\n+\n+option('allow_unsigned_ipas_in_process',\n+ type : 'boolean',\n+ value : false,\n+ description : 'Allow unsigned IPAs to run in libcamera\\'s address space')\ndiff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp\nindex 030ef43f..403cc42a 100644\n--- a/src/libcamera/ipa_manager.cpp\n+++ b/src/libcamera/ipa_manager.cpp\n@@ -114,6 +114,14 @@ IPAManager::IPAManager()\n \t\tLOG(IPAManager, Warning) << \"Public key not valid\";\n #endif\n \n+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS\n+\tLOG(IPAManager, Warning)\n+\t\t<< \"All IPAs running in-process without signature verification.\"\n+\t\t<< \" This is recommended only for tightly-managed installs\"\n+\t\t<< \" in contexts where both signature verification and out-of-process\"\n+\t\t<< \" execution are infeasible, such as Android HALs.\";\n+#endif\n+\n \tunsigned int ipaCount = 0;\n \n \t/* User-specified paths take precedence. */\n@@ -281,6 +289,9 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,\n \n bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const\n {\n+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS\n+\treturn true;\n+#endif\n #if HAVE_IPA_PUBKEY\n \tchar *force = utils::secure_getenv(\"LIBCAMERA_IPA_FORCE_ISOLATION\");\n \tif (force && force[0] != '\\0') {\n", "prefixes": [ "libcamera-devel", "10/11" ] }