Message ID | 20200512162822.21324-1-laurent.pinchart@ideasonboard.com |
---|---|
State | Accepted |
Commit | 924778eb073c47a0defc7319e98029c712129ede |
Headers | show |
Series |
|
Related | show |
On Tue, May 12, 2020 at 6:28 PM Laurent Pinchart <laurent.pinchart@ideasonboard.com> wrote: > > The ipa-sign-install.sh script, run when installing libcamera, signs all > IPA modules present in the module directory. This would result in > third-party modules being signed if any are present in the directory. > Fix it by explicitly passing the list of IPA modules to the > ipa-sign-install.sh script. > > Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> > --- > src/ipa/ipa-sign-install.sh | 12 ++++++++---- > src/ipa/meson.build | 6 ++++-- > 2 files changed, 12 insertions(+), 6 deletions(-) > Thanks a lot for the fix. Within the Chromium OS SDK, with --board=soraka: Tested-by: Tomasz Figa <tfiga@chromium.org> Reviewed-by: Tomasz Figa <tfiga@chromium.org> Best regards, Tomasz > diff --git a/src/ipa/ipa-sign-install.sh b/src/ipa/ipa-sign-install.sh > index 5317a8a2042b..bcedb8b5cdd1 100755 > --- a/src/ipa/ipa-sign-install.sh > +++ b/src/ipa/ipa-sign-install.sh > @@ -6,13 +6,17 @@ > # > # ipa-sign-install.sh - Regenerate IPA module signatures when installing > > -libdir=$1 > -key=$2 > +key=$1 > +shift > +modules=$* > > ipa_sign=$(dirname "$0")/ipa-sign.sh > > echo "Regenerating IPA modules signatures" > > -for module in "${MESON_INSTALL_DESTDIR_PREFIX}/${libdir}"/*.so ; do > - "${ipa_sign}" "${key}" "${module}" "${module}.sign" > +for module in ${modules} ; do > + module="${MESON_INSTALL_DESTDIR_PREFIX}/${module}" > + if [ -f "${module}" ] ; then > + "${ipa_sign}" "${key}" "${module}" "${module}.sign" > + fi > done > diff --git a/src/ipa/meson.build b/src/ipa/meson.build > index b103479c1cd0..fd4b2c30438d 100644 > --- a/src/ipa/meson.build > +++ b/src/ipa/meson.build > @@ -19,10 +19,12 @@ subdir('libipa') > ipa_sign = files('ipa-sign.sh') > > ipas = ['raspberrypi', 'rkisp1', 'vimc'] > +ipa_names = [] > > foreach pipeline : get_option('pipelines') > if ipas.contains(pipeline) > subdir(pipeline) > + ipa_names += join_paths(ipa_install_dir, ipa_name + '.so') > endif > endforeach > > @@ -31,6 +33,6 @@ if ipa_sign_module > # .sign files, as meson strips the DT_RPATH and DT_RUNPATH from binaries at > # install time, which invalidates the signatures. > meson.add_install_script('ipa-sign-install.sh', > - ipa_install_dir, > - ipa_priv_key.full_path()) > + ipa_priv_key.full_path(), > + ipa_names) > endif > -- > Regards, > > Laurent Pinchart >
diff --git a/src/ipa/ipa-sign-install.sh b/src/ipa/ipa-sign-install.sh index 5317a8a2042b..bcedb8b5cdd1 100755 --- a/src/ipa/ipa-sign-install.sh +++ b/src/ipa/ipa-sign-install.sh @@ -6,13 +6,17 @@ # # ipa-sign-install.sh - Regenerate IPA module signatures when installing -libdir=$1 -key=$2 +key=$1 +shift +modules=$* ipa_sign=$(dirname "$0")/ipa-sign.sh echo "Regenerating IPA modules signatures" -for module in "${MESON_INSTALL_DESTDIR_PREFIX}/${libdir}"/*.so ; do - "${ipa_sign}" "${key}" "${module}" "${module}.sign" +for module in ${modules} ; do + module="${MESON_INSTALL_DESTDIR_PREFIX}/${module}" + if [ -f "${module}" ] ; then + "${ipa_sign}" "${key}" "${module}" "${module}.sign" + fi done diff --git a/src/ipa/meson.build b/src/ipa/meson.build index b103479c1cd0..fd4b2c30438d 100644 --- a/src/ipa/meson.build +++ b/src/ipa/meson.build @@ -19,10 +19,12 @@ subdir('libipa') ipa_sign = files('ipa-sign.sh') ipas = ['raspberrypi', 'rkisp1', 'vimc'] +ipa_names = [] foreach pipeline : get_option('pipelines') if ipas.contains(pipeline) subdir(pipeline) + ipa_names += join_paths(ipa_install_dir, ipa_name + '.so') endif endforeach @@ -31,6 +33,6 @@ if ipa_sign_module # .sign files, as meson strips the DT_RPATH and DT_RUNPATH from binaries at # install time, which invalidates the signatures. meson.add_install_script('ipa-sign-install.sh', - ipa_install_dir, - ipa_priv_key.full_path()) + ipa_priv_key.full_path(), + ipa_names) endif
The ipa-sign-install.sh script, run when installing libcamera, signs all IPA modules present in the module directory. This would result in third-party modules being signed if any are present in the directory. Fix it by explicitly passing the list of IPA modules to the ipa-sign-install.sh script. Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> --- src/ipa/ipa-sign-install.sh | 12 ++++++++---- src/ipa/meson.build | 6 ++++-- 2 files changed, 12 insertions(+), 6 deletions(-)