Patch Detail
Show a patch.
GET /api/1.1/patches/3436/?format=api
{ "id": 3436, "url": "https://patchwork.libcamera.org/api/1.1/patches/3436/?format=api", "web_url": "https://patchwork.libcamera.org/patch/3436/", "project": { "id": 1, "url": "https://patchwork.libcamera.org/api/1.1/projects/1/?format=api", "name": "libcamera", "link_name": "libcamera", "list_id": "libcamera_core", "list_email": "libcamera-devel@lists.libcamera.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20200413133047.11913-3-laurent.pinchart@ideasonboard.com>", "date": "2020-04-13T13:30:38", "name": "[libcamera-devel,v2,02/11] libcamera: Add IPA module signing infrastructure", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "87ae0b991d022ea784ed44468cd3187649efd082", "submitter": { "id": 2, "url": "https://patchwork.libcamera.org/api/1.1/people/2/?format=api", "name": "Laurent Pinchart", "email": "laurent.pinchart@ideasonboard.com" }, "delegate": null, "mbox": "https://patchwork.libcamera.org/patch/3436/mbox/", "series": [ { "id": 804, "url": "https://patchwork.libcamera.org/api/1.1/series/804/?format=api", "web_url": "https://patchwork.libcamera.org/project/libcamera/list/?series=804", "date": "2020-04-13T13:30:37", "name": "Sign IPA modules instead of checking their advertised license", "version": 2, "mbox": "https://patchwork.libcamera.org/series/804/mbox/" } ], "comments": "https://patchwork.libcamera.org/api/patches/3436/comments/", "check": "pending", "checks": "https://patchwork.libcamera.org/api/patches/3436/checks/", "tags": {}, "headers": { "Return-Path": "<laurent.pinchart@ideasonboard.com>", "Received": [ "from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 6215F6279B\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tMon, 13 Apr 2020 15:31:05 +0200 (CEST)", "from pendragon.bb.dnainternet.fi (81-175-216-236.bb.dnainternet.fi\n\t[81.175.216.236])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id D20DF1227\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tMon, 13 Apr 2020 15:31:04 +0200 (CEST)" ], "Authentication-Results": "lancelot.ideasonboard.com; dkim=pass (1024-bit key; \n\tunprotected) header.d=ideasonboard.com\n\theader.i=@ideasonboard.com\n\theader.b=\"MJTytnih\"; dkim-atps=neutral", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1586784665;\n\tbh=S59zomYLDzVk6EOXCg9yZaC0oaITFCIPd+Whg3BWzVE=;\n\th=From:To:Subject:Date:In-Reply-To:References:From;\n\tb=MJTytnihhNQynjW127fCb/19VTwnjrM7v+twypxQnSV8jAB6JvxMGv09/cTRbmOb8\n\tVwovTftPkdzfIDcvoSBQ50KgjxWnv6neWba0mQzqmFtf4P1hKc/ENSfDDUmQuuHYqM\n\tL3Z6W0Z4wJvYDRyEHTvteyVMa510u5uwrWHUG2yw=", "From": "Laurent Pinchart <laurent.pinchart@ideasonboard.com>", "To": "libcamera-devel@lists.libcamera.org", "Date": "Mon, 13 Apr 2020 16:30:38 +0300", "Message-Id": "<20200413133047.11913-3-laurent.pinchart@ideasonboard.com>", "X-Mailer": "git-send-email 2.24.1", "In-Reply-To": "<20200413133047.11913-1-laurent.pinchart@ideasonboard.com>", "References": "<20200413133047.11913-1-laurent.pinchart@ideasonboard.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[libcamera-devel] [PATCH v2 02/11] libcamera: Add IPA module\n\tsigning infrastructure", "X-BeenThere": "libcamera-devel@lists.libcamera.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "<libcamera-devel.lists.libcamera.org>", "List-Unsubscribe": "<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>", "List-Archive": "<https://lists.libcamera.org/pipermail/libcamera-devel/>", "List-Post": "<mailto:libcamera-devel@lists.libcamera.org>", "List-Help": "<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>", "List-Subscribe": "<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>", "X-List-Received-Date": "Mon, 13 Apr 2020 13:31:05 -0000" }, "content": "Add infrastructure to generate an RSA private key and sign IPA modules.\nThe signatures are stored in separate files with a .sign suffix.\n\nSigned-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>\n---\nChanges since v1:\n\n- Use named variable to store $1 in gen-ipa-priv-key.sh\n- Add copyright notice to ipa-sign.h\n---\n src/ipa/gen-ipa-priv-key.sh | 11 +++++++++++\n src/ipa/ipa-sign.sh | 13 +++++++++++++\n src/ipa/meson.build | 2 ++\n src/ipa/rkisp1/meson.build | 25 +++++++++++++++++--------\n src/ipa/vimc/meson.build | 12 +++++++++++-\n src/meson.build | 5 +++++\n 6 files changed, 59 insertions(+), 9 deletions(-)\n create mode 100755 src/ipa/gen-ipa-priv-key.sh\n create mode 100755 src/ipa/ipa-sign.sh", "diff": "diff --git a/src/ipa/gen-ipa-priv-key.sh b/src/ipa/gen-ipa-priv-key.sh\nnew file mode 100755\nindex 000000000000..919751f25b71\n--- /dev/null\n+++ b/src/ipa/gen-ipa-priv-key.sh\n@@ -0,0 +1,11 @@\n+#!/bin/sh\n+# SPDX-License-Identifier: GPL-2.0-or-later\n+# Copyright (C) 2020, Google Inc.\n+#\n+# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com>\n+#\n+# gen-ipa-priv-key.sh - Generate an RSA private key to sign IPA modules\n+\n+key=\"$1\"\n+\n+openssl genpkey -algorithm RSA -out \"${key}\" -pkeyopt rsa_keygen_bits:2048\ndiff --git a/src/ipa/ipa-sign.sh b/src/ipa/ipa-sign.sh\nnew file mode 100755\nindex 000000000000..8673dad18751\n--- /dev/null\n+++ b/src/ipa/ipa-sign.sh\n@@ -0,0 +1,13 @@\n+#!/bin/sh\n+# SPDX-License-Identifier: GPL-2.0-or-later\n+# Copyright (C) 2020, Google Inc.\n+#\n+# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com>\n+#\n+# ipa-sign.sh - Generate a signature for an IPA module\n+\n+key=\"$1\"\n+input=\"$2\"\n+output=\"$3\"\n+\n+openssl dgst -sha256 -sign \"${key}\" -out \"${output}\" \"${input}\"\ndiff --git a/src/ipa/meson.build b/src/ipa/meson.build\nindex 73278a60a99f..cb4e3ab3388f 100644\n--- a/src/ipa/meson.build\n+++ b/src/ipa/meson.build\n@@ -10,6 +10,8 @@ config_h.set('IPA_MODULE_DIR',\n \n subdir('libipa')\n \n+ipa_sign = find_program('ipa-sign.sh')\n+\n ipas = ['rkisp1', 'vimc']\n \n foreach pipeline : get_option('pipelines')\ndiff --git a/src/ipa/rkisp1/meson.build b/src/ipa/rkisp1/meson.build\nindex 521518bd1237..6ccadcfbbe64 100644\n--- a/src/ipa/rkisp1/meson.build\n+++ b/src/ipa/rkisp1/meson.build\n@@ -1,8 +1,17 @@\n-rkisp1_ipa = shared_module('ipa_rkisp1',\n- 'rkisp1.cpp',\n- name_prefix : '',\n- include_directories : [ipa_includes, libipa_includes],\n- dependencies : libcamera_dep,\n- link_with : libipa,\n- install : true,\n- install_dir : ipa_install_dir)\n+ipa_name = 'ipa_rkisp1'\n+\n+mod = shared_module(ipa_name,\n+ 'rkisp1.cpp',\n+ name_prefix : '',\n+ include_directories : [ipa_includes, libipa_includes],\n+ dependencies : libcamera_dep,\n+ link_with : libipa,\n+ install : true,\n+ install_dir : ipa_install_dir)\n+\n+custom_target(ipa_name + '.so.sign',\n+ input : mod,\n+ output : ipa_name + '.so.sign',\n+ command : [ ipa_sign, ipa_priv_key, '@INPUT@', '@OUTPUT@' ],\n+ install : true,\n+ install_dir : ipa_install_dir)\ndiff --git a/src/ipa/vimc/meson.build b/src/ipa/vimc/meson.build\nindex e827e75f9f91..3097a12f964a 100644\n--- a/src/ipa/vimc/meson.build\n+++ b/src/ipa/vimc/meson.build\n@@ -1,4 +1,7 @@\n-ipa = shared_module('ipa_vimc', 'vimc.cpp',\n+ipa_name = 'ipa_vimc'\n+\n+mod = shared_module(ipa_name,\n+ 'vimc.cpp',\n name_prefix : '',\n include_directories : [ipa_includes, libipa_includes],\n dependencies : libcamera_dep,\n@@ -6,3 +9,10 @@ ipa = shared_module('ipa_vimc', 'vimc.cpp',\n install : true,\n install_dir : ipa_install_dir,\n cpp_args : '-DLICENSE=\"LGPL-2.1-or-later\"')\n+\n+custom_target(ipa_name + '.so.sign',\n+ input : mod,\n+ output : ipa_name + '.so.sign',\n+ command : [ ipa_sign, ipa_priv_key, '@INPUT@', '@OUTPUT@' ],\n+ install : true,\n+ install_dir : ipa_install_dir)\ndiff --git a/src/meson.build b/src/meson.build\nindex d818d8b86d93..dc0e0c82b900 100644\n--- a/src/meson.build\n+++ b/src/meson.build\n@@ -2,6 +2,11 @@ if get_option('android')\n subdir('android')\n endif\n \n+ipa_gen_priv_key = find_program('ipa/gen-ipa-priv-key.sh')\n+ipa_priv_key = custom_target('ipa-priv-key',\n+ output : [ 'ipa-priv-key.pem' ],\n+ command : [ ipa_gen_priv_key, '@OUTPUT@' ])\n+\n subdir('libcamera')\n subdir('ipa')\n subdir('cam')\n", "prefixes": [ "libcamera-devel", "v2", "02/11" ] }