{"id":19350,"url":"https://patchwork.libcamera.org/api/1.1/patches/19350/?format=json","web_url":"https://patchwork.libcamera.org/patch/19350/","project":{"id":1,"url":"https://patchwork.libcamera.org/api/1.1/projects/1/?format=json","name":"libcamera","link_name":"libcamera","list_id":"libcamera_core","list_email":"libcamera-devel@lists.libcamera.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20231225171824.3776-1-sn03.general@gmail.com>","date":"2023-12-25T17:18:24","name":"[libcamera-devel] meson: enable IPA signing only if both libcrypto and openssl are present","commit_ref":null,"pull_url":null,"state":"rejected","archived":false,"hash":"0f124ae113ee99db329b7ef332f6932babfe7cf9","submitter":{"id":178,"url":"https://patchwork.libcamera.org/api/1.1/people/178/?format=json","name":"Subhaditya Nath","email":"sn03.general@gmail.com"},"delegate":null,"mbox":"https://patchwork.libcamera.org/patch/19350/mbox/","series":[{"id":4128,"url":"https://patchwork.libcamera.org/api/1.1/series/4128/?format=json","web_url":"https://patchwork.libcamera.org/project/libcamera/list/?series=4128","date":"2023-12-25T17:18:24","name":"[libcamera-devel] meson: enable IPA signing only if both libcrypto and openssl are present","version":1,"mbox":"https://patchwork.libcamera.org/series/4128/mbox/"}],"comments":"https://patchwork.libcamera.org/api/patches/19350/comments/","check":"pending","checks":"https://patchwork.libcamera.org/api/patches/19350/checks/","tags":{},"headers":{"Return-Path":"","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id 8CADDC3237\n\tfor ;\n\tMon, 25 Dec 2023 17:32:27 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id 022F062B40;\n\tMon, 25 Dec 2023 18:32:26 +0100 (CET)","from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com\n\t[IPv6:2607:f8b0:4864:20::52d])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 0501562B32\n\tfor ;\n\tMon, 25 Dec 2023 18:19:09 +0100 (CET)","by mail-pg1-x52d.google.com with SMTP id\n\t41be03b00d2f7-5cdfed46372so1573390a12.3\n\tfor ;\n\tMon, 25 Dec 2023 09:19:09 -0800 (PST)","from localhost.localdomain ([2409:40e6:19:365:ac01:6d49:f564:d51b])\n\tby smtp.gmail.com with ESMTPSA id\n\to9-20020a056a00214900b006d9a13b491csm4277452pfk.212.2023.12.25.09.19.05\n\t(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n\tMon, 25 Dec 2023 09:19:07 -0800 (PST)"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org;\n\ts=mail; t=1703525547;\n\tbh=bsQklSrV9AGvV1UjxtW4IticB2JqrjQuv+Ts7KU/i9c=;\n\th=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:\n\tList-Help:List-Subscribe:From:Reply-To:Cc:From;\n\tb=JT5KvT2GljpVtVixNimnfb3OsPymwohMP7FiNeCy4eLfq1H0+nvwRdHGK3A91TbPj\n\tYpoNAEJ5TGLL7XleuvUY6Hkh4FnPg+zklB0lDo+59sD9h1e0vWkB9MfwpMcTpjMQIO\n\tgVwfQfKYbQs7Jy2ljIB+t/AHZu2zw0KHj3vpHZUGuaD5SEsAExZ1/9HK8ucs1U7KPz\n\t1sw2q5XXlfaoduvr1w0/HWYoGX4DpMC2tnfxfBHFVseOdfHw8/nf6jDEyfZwmTtPY/\n\tB84NK+NO84X74qKxUNlQB7hU6H4HAmEmVyIV+VzWItuX5rZgYfq5DHCv7ljP+ItUjD\n\tj1rWrVpQvpNsg==","v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=gmail.com; s=20230601; t=1703524748; x=1704129548;\n\tdarn=lists.libcamera.org; \n\th=content-transfer-encoding:mime-version:message-id:date:subject:cc\n\t:to:from:from:to:cc:subject:date:message-id:reply-to;\n\tbh=8pk9V2LmgmEv0fc2aixQ1k6hAsNbOK+XnNWfi2GyOUw=;\n\tb=nKAoW6fz1iCzV4YGKOyMyqoBsSgzjv9bkoBF7C4OVhhGxhf8mUUAroLOKEk23Uo1it\n\tZyiO4qAhVDr6+010+q+CEeSg1/GJD/hY2MSDGDlfXhSxwXVnSEzMYG/EgVkotsItazSh\n\tomXumem9dLRtet5D6C/MzB4PSqQkQE6Bq5sdumUaShdlC/QUtedFl4WsNN9SDkQuJbOK\n\txQw3eLreVrwixpB2AJOCqINkAxha5IkfD1sDWWWsIMDXWSrA4OpMjmeLi2pAT1fiyuUY\n\trwysWIKJ/HhjysfP/hiYQoC+bReCNkkAE99FyskkDdcQnyVBf3K+v2XqPJsfsq1obyN6\n\tje1w=="],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (2048-bit key; \n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"nKAoW6fz\"; dkim-atps=neutral","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20230601; t=1703524748; x=1704129548;\n\th=content-transfer-encoding:mime-version:message-id:date:subject:cc\n\t:to:from:x-gm-message-state:from:to:cc:subject:date:message-id\n\t:reply-to;\n\tbh=8pk9V2LmgmEv0fc2aixQ1k6hAsNbOK+XnNWfi2GyOUw=;\n\tb=PlNa60Ul5ZV/KVggg1CsQOC70li+jqNc0GQyCLMMJC0a/Lnceai+iD4JNitYo/emmT\n\tDsbmHpJMph+ubO92nrP3EgGvJkMfa3GfNa1bp2w5PunaOzuk9z2dI+g9qVebGjmHumQt\n\tgZAgdRjyT4u3FROpODCfwC2q4/YFmXlTlX1/1yWLvXCy+YeER4PNvh7kTOuNDjjzTu2Y\n\tEWmla92FzTyTAagIDsYudCbnrYQhBHxWCjcQLBln4YPe4q8hpjwRPqRX2Mf7v9F10RVb\n\tFcLk6jxF4/Yh3vUBjwK8Fs9Upww1+zG52v0qE8bdLn/pguLMumJhfzgFNMrABbKVXaap\n\tEGuw==","X-Gm-Message-State":"AOJu0Yzy3DkWWngOdLvKJNGmiHiAcUr8StAfACOFpq7Nw/uCy8r19CM6\n\tK0f81y0v/4ykKKtiBqrVWd4d45zCOVcP+g==","X-Google-Smtp-Source":"AGHT+IHAKNBgN6CXkOQbTyy3yvOUFb5ZKWgb6PBFVoFqYptQebmBGlAkMd19usq58fJIVkRaYUG85g==","X-Received":"by 2002:a05:6a21:a59d:b0:195:a6d4:d33c with SMTP id\n\tgd29-20020a056a21a59d00b00195a6d4d33cmr2532635pzc.8.1703524747601; \n\tMon, 25 Dec 2023 09:19:07 -0800 (PST)","To":"libcamera-devel@lists.libcamera.org","Date":"Mon, 25 Dec 2023 22:48:24 +0530","Message-ID":"<20231225171824.3776-1-sn03.general@gmail.com>","X-Mailer":"git-send-email 2.43.0","MIME-Version":"1.0","Content-Type":"text/plain; charset=UTF-8","Content-Transfer-Encoding":"8bit","X-Mailman-Approved-At":"Mon, 25 Dec 2023 18:32:26 +0100","Subject":"[libcamera-devel] [PATCH] meson: enable IPA signing only if both\n\tlibcrypto and openssl are present","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","From":"Subhaditya Nath via libcamera-devel\n\t","Reply-To":"Subhaditya Nath ","Cc":"Subhaditya Nath ","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" "},"content":"Before this commit, if the build host had openssl installed, but had\nneither openssl-dev nor gnutls-dev installed, then the IPA modules would\nbe signed and ipa_pub_key.cpp would contain the pubkey, but the function\nPubKey::PubKey() would've been left empty, thereby valid_ being set to\nfalse, rendering the pubkey unusable for verification purposes.\n\nThis commit checks for the availability of both the openssl executable\nand either of the gnutls and libcrypto libraries before enabling signing\nof the IPA modules. Either both HAVE_IPA_PUBKEY and HAVE_(CRYPTO|GNUTLS)\nare defined, or neither is defined. This mitigates situations like the\none mentioned above.\n\nThis commit leverages the multi-name dependency feature introduced in\nmeson 0.60.0 to select between gnutls and libcrypto. The behaviour is\nunchanged – gnutls is used if found, else libcrypto is used (if found).\n\nSigned-off-by: Subhaditya Nath \n---\n src/libcamera/meson.build | 19 -------------------\n src/meson.build | 26 ++++++++++++++++++++------\n 2 files changed, 20 insertions(+), 25 deletions(-)","diff":"diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build\nindex 45f63e93..9d17c9f1 100644\n--- a/src/libcamera/meson.build\n+++ b/src/libcamera/meson.build\n@@ -80,25 +80,6 @@ endif\n libudev = dependency('libudev', required : get_option('udev'))\n libyaml = dependency('yaml-0.1', required : false)\n \n-# Use one of gnutls or libcrypto (provided by OpenSSL), trying gnutls first.\n-libcrypto = dependency('gnutls', required : false)\n-if libcrypto.found()\n- config_h.set('HAVE_GNUTLS', 1)\n-else\n- libcrypto = dependency('libcrypto', required : false)\n- if libcrypto.found()\n- config_h.set('HAVE_CRYPTO', 1)\n- endif\n-endif\n-\n-if not libcrypto.found()\n- warning('Neither gnutls nor libcrypto found, all IPA modules will be isolated')\n- summary({'IPA modules signed with': 'None (modules will run isolated)'},\n- section : 'Configuration')\n-else\n- summary({'IPA modules signed with' : libcrypto.name()}, section : 'Configuration')\n-endif\n-\n if liblttng.found()\n tracing_enabled = true\n config_h.set('HAVE_TRACING', 1)\ndiff --git a/src/meson.build b/src/meson.build\nindex 165a77bb..208cd760 100644\n--- a/src/meson.build\n+++ b/src/meson.build\n@@ -15,16 +15,30 @@ summary({\n }, section : 'Paths')\n \n # Module Signing\n+# Use one of gnutls or libcrypto (provided by OpenSSL), trying gnutls first.\n+libcrypto = dependency('gnutls', 'libcrypto', required : false)\n openssl = find_program('openssl', required : false)\n-if openssl.found()\n+if not libcrypto.found()\n+ ipa_sign_module = false\n+ warning('Neither gnutls nor libcrypto found, all IPA modules will be isolated')\n+ summary({'IPA modules signed with': 'None (modules will run isolated)'},\n+ section : 'Configuration')\n+elif not openssl.found()\n+ ipa_sign_module = false\n+ warning('openssl not found, all IPA modules will be isolated')\n+ ipa_sign_module = false\n+else\n+ ipa_sign_module = true\n+ config_h.set('HAVE_IPA_PUBKEY', 1)\n+ if libcrypto.name() == 'gnutls'\n+ config_h.set('HAVE_GNUTLS', 1)\n+ else\n+ config_h.set('HAVE_CRYPTO', 1)\n+ endif\n+ summary({'IPA modules signed with' : libcrypto.name()}, section : 'Configuration')\n ipa_priv_key = custom_target('ipa-priv-key',\n output : ['ipa-priv-key.pem'],\n command : [gen_ipa_priv_key, '@OUTPUT@'])\n- config_h.set('HAVE_IPA_PUBKEY', 1)\n- ipa_sign_module = true\n-else\n- warning('openssl not found, all IPA modules will be isolated')\n- ipa_sign_module = false\n endif\n \n # libcamera must be built first as a dependency to the other components.\n","prefixes":["libcamera-devel"]}