From patchwork Sun Aug  7 02:14:51 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
X-Patchwork-Id: 16998
Return-Path: <libcamera-devel-bounces@lists.libcamera.org>
X-Original-To: parsemail@patchwork.libcamera.org
Delivered-To: parsemail@patchwork.libcamera.org
Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com
	[92.243.16.209])
	by patchwork.libcamera.org (Postfix) with ESMTPS id 9AD72BE173
	for <parsemail@patchwork.libcamera.org>;
	Sun,  7 Aug 2022 02:15:08 +0000 (UTC)
Received: from lancelot.ideasonboard.com (localhost [IPv6:::1])
	by lancelot.ideasonboard.com (Postfix) with ESMTP id CE76C6332A;
	Sun,  7 Aug 2022 04:15:07 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org;
	s=mail; t=1659838507;
	bh=b52ge3Ih1RITSajwoc/tSskuclTpwmoeFU1LzDoYJ0U=;
	h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	List-Help:List-Subscribe:From:Reply-To:From;
	b=oIBgc+I6pax6TovWRfSasQx0CYe9w0PcVon/iJzOtZueS96vya+YD4iGL0faFth1m
	OgoJvcae8nukQ12xnynwb36Ajp70sCTBpMctJWYM2rNIZEKRD9SGwKyEiSWqp9Q7os
	t/WNi3H7x6Y6WQGNlVwG8eTvg2r3EYpHo9ia+hwRMq6vupDBVSWTmosFBunIhTY7mF
	o6ro+u9Ufrq5//d0ZD4gQBljvoF77AmdUHHFLrMqV0xkrU4AKT4T9B4REb3x69DZx3
	qEPIMT/bUXnefMY9BIeSeiE/xUpBuZ4uwO3KuuLmmrKQxaCMpwrVs48mp08vJiasku
	jkdV9qHW8nXqQ==
Received: from perceval.ideasonboard.com (perceval.ideasonboard.com
	[213.167.242.64])
	by lancelot.ideasonboard.com (Postfix) with ESMTPS id 576DB61FAA
	for <libcamera-devel@lists.libcamera.org>;
	Sun,  7 Aug 2022 04:15:06 +0200 (CEST)
Authentication-Results: lancelot.ideasonboard.com; dkim=pass (1024-bit key;
	unprotected) header.d=ideasonboard.com
	header.i=@ideasonboard.com
	header.b="YiLRXCEd"; dkim-atps=neutral
Received: from pendragon.ideasonboard.com (62-78-145-57.bb.dnainternet.fi
	[62.78.145.57])
	by perceval.ideasonboard.com (Postfix) with ESMTPSA id A943756D
	for <libcamera-devel@lists.libcamera.org>;
	Sun,  7 Aug 2022 04:15:05 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;
	s=mail; t=1659838505;
	bh=b52ge3Ih1RITSajwoc/tSskuclTpwmoeFU1LzDoYJ0U=;
	h=From:To:Subject:Date:From;
	b=YiLRXCEd/5Wh4Yl2B+zuVeDaZX61xese3CqWJnknunAx+OExY6g8cHZ5if2IpM02o
	jhOdE2lqB9rxmMLKa53XjaMJ9poP/txDJqqBSdqPgSUUfWRxDdz43wC36VMIqWfXlg
	IVxTTqX+ilPeUaHsSQXRKMQCNA4PGWloffcsEECg=
To: libcamera-devel@lists.libcamera.org
Date: Sun,  7 Aug 2022 05:14:51 +0300
Message-Id: <20220807021456.9578-1-laurent.pinchart@ideasonboard.com>
X-Mailer: git-send-email 2.35.1
MIME-Version: 1.0
Subject: [libcamera-devel] [PATCH 0/5] libcamera: Support openssl as an
	alternative to gnutls
X-BeenThere: libcamera-devel@lists.libcamera.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <libcamera-devel.lists.libcamera.org>
List-Unsubscribe: <https://lists.libcamera.org/options/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>
List-Archive: <https://lists.libcamera.org/pipermail/libcamera-devel/>
List-Post: <mailto:libcamera-devel@lists.libcamera.org>
List-Help: <mailto:libcamera-devel-request@lists.libcamera.org?subject=help>
List-Subscribe: <https://lists.libcamera.org/listinfo/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>
X-Patchwork-Original-From: Laurent Pinchart via libcamera-devel
	<libcamera-devel@lists.libcamera.org>
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reply-To: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Errors-To: libcamera-devel-bounces@lists.libcamera.org
Sender: "libcamera-devel" <libcamera-devel-bounces@lists.libcamera.org>

Hello,

This small patch series adds support for openssl as an alternative to
gnutls to verify the signature of IPA modules.

Quite notably, patch 1/5 makes the dependency on crypto libraries
optional as it used to be, before we realized that missing IPA protocol
serialization made it effectively required in practice. Serialization is
now there, so module signature support can be made optional again.

This could possibly cause issues for some users who may not notice the
missing dependency and wonder why IPA modules run isolated (although
that should be a fully supported configuration). I've documented module
signing as recommended in README.md (patch 2/5), but we all know how
often documentation is overlooked. If anyone thinks this is a bad idea,
I can drop that change.

For the rest of the series, please see individual patches.

Laurent Pinchart (5):
  Revert "libcamera: Make IPA module signing mandatory for the meantime"
  libcamera: Make openssl and gnutls dependencies recommended
  libcamera: meson: Use dependency() to find gnutls
  libcamera: pub_key: Gracefully handle failures to load public key
  libcamera: pub_key: Support openssl as an alternative to gnutls

 README.rst                           |  7 +++--
 include/libcamera/internal/pub_key.h |  8 ++++--
 src/libcamera/ipa_manager.cpp        |  3 +++
 src/libcamera/meson.build            | 16 +++++++++---
 src/libcamera/pub_key.cpp            | 38 +++++++++++++++++++++++++---
 src/meson.build                      |  3 ++-
 6 files changed, 63 insertions(+), 12 deletions(-)


base-commit: 26c82ce13697e1af5950f4935ecff83c6453f351