Patch Detail
Show a patch.
GET /api/1.1/patches/3392/?format=api
{ "id": 3392, "url": "https://patchwork.libcamera.org/api/1.1/patches/3392/?format=api", "web_url": "https://patchwork.libcamera.org/patch/3392/", "project": { "id": 1, "url": "https://patchwork.libcamera.org/api/1.1/projects/1/?format=api", "name": "libcamera", "link_name": "libcamera", "list_id": "libcamera_core", "list_email": "libcamera-devel@lists.libcamera.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20200404015624.30440-3-laurent.pinchart@ideasonboard.com>", "date": "2020-04-04T01:56:15", "name": "[libcamera-devel,02/11] libcamera: Add IPA module signing infrastructure", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": false, "hash": "a16e0979ba7d5ceb3593b55bc7e06681f081733a", "submitter": { "id": 2, "url": "https://patchwork.libcamera.org/api/1.1/people/2/?format=api", "name": "Laurent Pinchart", "email": "laurent.pinchart@ideasonboard.com" }, "delegate": null, "mbox": "https://patchwork.libcamera.org/patch/3392/mbox/", "series": [ { "id": 797, "url": "https://patchwork.libcamera.org/api/1.1/series/797/?format=api", "web_url": "https://patchwork.libcamera.org/project/libcamera/list/?series=797", "date": "2020-04-04T01:56:13", "name": "Sign IPA modules instead of checking their advertised license", "version": 1, "mbox": "https://patchwork.libcamera.org/series/797/mbox/" } ], "comments": "https://patchwork.libcamera.org/api/patches/3392/comments/", "check": "pending", "checks": "https://patchwork.libcamera.org/api/patches/3392/checks/", "tags": {}, "headers": { "Return-Path": "<laurent.pinchart@ideasonboard.com>", "Received": [ "from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[213.167.242.64])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id DF324629C1\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tSat, 4 Apr 2020 03:56:38 +0200 (CEST)", "from pendragon.bb.dnainternet.fi (81-175-216-236.bb.dnainternet.fi\n\t[81.175.216.236])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 7DBFC321\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tSat, 4 Apr 2020 03:56:38 +0200 (CEST)" ], "Authentication-Results": "lancelot.ideasonboard.com; dkim=pass (1024-bit key; \n\tunprotected) header.d=ideasonboard.com\n\theader.i=@ideasonboard.com\n\theader.b=\"cjYp/zXZ\"; dkim-atps=neutral", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1585965398;\n\tbh=m8sogttKWk7MWLQlKy0us7W1DEPhxapZHEOWCHvjoZY=;\n\th=From:To:Subject:Date:In-Reply-To:References:From;\n\tb=cjYp/zXZtHGy/bCT9KrV25JBxc6cBbEeq3RK5Uj/TCWRPpGXDVISoMveUqT8xtl8g\n\tt19woQxrnMXPlQ29Ca825vZgjTobeHGLzDHg1ptZrhDiRXEvZNXPmqoMlY4CkKgWoX\n\tyIv0hh/A0hRE7WpxJsadqSZyM7YtJ5F1TUMpqxdQ=", "From": "Laurent Pinchart <laurent.pinchart@ideasonboard.com>", "To": "libcamera-devel@lists.libcamera.org", "Date": "Sat, 4 Apr 2020 04:56:15 +0300", "Message-Id": "<20200404015624.30440-3-laurent.pinchart@ideasonboard.com>", "X-Mailer": "git-send-email 2.24.1", "In-Reply-To": "<20200404015624.30440-1-laurent.pinchart@ideasonboard.com>", "References": "<20200404015624.30440-1-laurent.pinchart@ideasonboard.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[libcamera-devel] [PATCH 02/11] libcamera: Add IPA module signing\n\tinfrastructure", "X-BeenThere": "libcamera-devel@lists.libcamera.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "<libcamera-devel.lists.libcamera.org>", "List-Unsubscribe": "<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>", "List-Archive": "<https://lists.libcamera.org/pipermail/libcamera-devel/>", "List-Post": "<mailto:libcamera-devel@lists.libcamera.org>", "List-Help": "<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>", "List-Subscribe": "<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>", "X-List-Received-Date": "Sat, 04 Apr 2020 01:56:39 -0000" }, "content": "Add infrastructure to generate an RSA private key and sign IPA modules.\nThe signatures are stored in separate files with a .sign suffix.\n\nSigned-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>\n---\n src/ipa/gen-ipa-priv-key.sh | 9 +++++++++\n src/ipa/ipa-sign.sh | 10 ++++++++++\n src/ipa/meson.build | 2 ++\n src/ipa/rkisp1/meson.build | 25 +++++++++++++++++--------\n src/ipa/vimc/meson.build | 12 +++++++++++-\n src/meson.build | 5 +++++\n 6 files changed, 54 insertions(+), 9 deletions(-)\n create mode 100755 src/ipa/gen-ipa-priv-key.sh\n create mode 100755 src/ipa/ipa-sign.sh", "diff": "diff --git a/src/ipa/gen-ipa-priv-key.sh b/src/ipa/gen-ipa-priv-key.sh\nnew file mode 100755\nindex 000000000000..2b19c001d6c5\n--- /dev/null\n+++ b/src/ipa/gen-ipa-priv-key.sh\n@@ -0,0 +1,9 @@\n+#!/bin/sh\n+# SPDX-License-Identifier: GPL-2.0-or-later\n+# Copyright (C) 2020, Google Inc.\n+#\n+# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com>\n+#\n+# gen-ipa-priv-key.sh - Generate an RSA private key to sign IPA modules\n+\n+openssl genpkey -algorithm RSA -out \"$1\" -pkeyopt rsa_keygen_bits:2048\ndiff --git a/src/ipa/ipa-sign.sh b/src/ipa/ipa-sign.sh\nnew file mode 100755\nindex 000000000000..d41e67e00ad0\n--- /dev/null\n+++ b/src/ipa/ipa-sign.sh\n@@ -0,0 +1,10 @@\n+#!/bin/sh\n+\n+# SPDX-License-Identifier: GPL-2.0-or-later\n+# Generate a signature for an IPA module\n+\n+key=\"$1\"\n+input=\"$2\"\n+output=\"$3\"\n+\n+openssl dgst -sha256 -sign \"${key}\" -out \"${output}\" \"${input}\"\ndiff --git a/src/ipa/meson.build b/src/ipa/meson.build\nindex 73278a60a99f..cb4e3ab3388f 100644\n--- a/src/ipa/meson.build\n+++ b/src/ipa/meson.build\n@@ -10,6 +10,8 @@ config_h.set('IPA_MODULE_DIR',\n \n subdir('libipa')\n \n+ipa_sign = find_program('ipa-sign.sh')\n+\n ipas = ['rkisp1', 'vimc']\n \n foreach pipeline : get_option('pipelines')\ndiff --git a/src/ipa/rkisp1/meson.build b/src/ipa/rkisp1/meson.build\nindex 521518bd1237..6ccadcfbbe64 100644\n--- a/src/ipa/rkisp1/meson.build\n+++ b/src/ipa/rkisp1/meson.build\n@@ -1,8 +1,17 @@\n-rkisp1_ipa = shared_module('ipa_rkisp1',\n- 'rkisp1.cpp',\n- name_prefix : '',\n- include_directories : [ipa_includes, libipa_includes],\n- dependencies : libcamera_dep,\n- link_with : libipa,\n- install : true,\n- install_dir : ipa_install_dir)\n+ipa_name = 'ipa_rkisp1'\n+\n+mod = shared_module(ipa_name,\n+ 'rkisp1.cpp',\n+ name_prefix : '',\n+ include_directories : [ipa_includes, libipa_includes],\n+ dependencies : libcamera_dep,\n+ link_with : libipa,\n+ install : true,\n+ install_dir : ipa_install_dir)\n+\n+custom_target(ipa_name + '.so.sign',\n+ input : mod,\n+ output : ipa_name + '.so.sign',\n+ command : [ ipa_sign, ipa_priv_key, '@INPUT@', '@OUTPUT@' ],\n+ install : true,\n+ install_dir : ipa_install_dir)\ndiff --git a/src/ipa/vimc/meson.build b/src/ipa/vimc/meson.build\nindex e827e75f9f91..3097a12f964a 100644\n--- a/src/ipa/vimc/meson.build\n+++ b/src/ipa/vimc/meson.build\n@@ -1,4 +1,7 @@\n-ipa = shared_module('ipa_vimc', 'vimc.cpp',\n+ipa_name = 'ipa_vimc'\n+\n+mod = shared_module(ipa_name,\n+ 'vimc.cpp',\n name_prefix : '',\n include_directories : [ipa_includes, libipa_includes],\n dependencies : libcamera_dep,\n@@ -6,3 +9,10 @@ ipa = shared_module('ipa_vimc', 'vimc.cpp',\n install : true,\n install_dir : ipa_install_dir,\n cpp_args : '-DLICENSE=\"LGPL-2.1-or-later\"')\n+\n+custom_target(ipa_name + '.so.sign',\n+ input : mod,\n+ output : ipa_name + '.so.sign',\n+ command : [ ipa_sign, ipa_priv_key, '@INPUT@', '@OUTPUT@' ],\n+ install : true,\n+ install_dir : ipa_install_dir)\ndiff --git a/src/meson.build b/src/meson.build\nindex d818d8b86d93..dc0e0c82b900 100644\n--- a/src/meson.build\n+++ b/src/meson.build\n@@ -2,6 +2,11 @@ if get_option('android')\n subdir('android')\n endif\n \n+ipa_gen_priv_key = find_program('ipa/gen-ipa-priv-key.sh')\n+ipa_priv_key = custom_target('ipa-priv-key',\n+ output : [ 'ipa-priv-key.pem' ],\n+ command : [ ipa_gen_priv_key, '@OUTPUT@' ])\n+\n subdir('libcamera')\n subdir('ipa')\n subdir('cam')\n", "prefixes": [ "libcamera-devel", "02/11" ] }