From patchwork Thu Aug 13 20:36:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Konovalov X-Patchwork-Id: 9315 Return-Path: X-Original-To: parsemail@patchwork.libcamera.org Delivered-To: parsemail@patchwork.libcamera.org Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com [92.243.16.209]) by patchwork.libcamera.org (Postfix) with ESMTPS id 18867BD87C for ; Thu, 13 Aug 2020 20:36:32 +0000 (UTC) Received: from lancelot.ideasonboard.com (localhost [IPv6:::1]) by lancelot.ideasonboard.com (Postfix) with ESMTP id 8FC4C615F4; Thu, 13 Aug 2020 22:36:31 +0200 (CEST) Authentication-Results: lancelot.ideasonboard.com; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="vNgCbRdW"; dkim-atps=neutral Received: from mail-lj1-x243.google.com (mail-lj1-x243.google.com [IPv6:2a00:1450:4864:20::243]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id E6A236055A for ; Thu, 13 Aug 2020 22:36:30 +0200 (CEST) Received: by mail-lj1-x243.google.com with SMTP id v4so7685909ljd.0 for ; Thu, 13 Aug 2020 13:36:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=dvn/IwqLA+3PH4BKODk/zOnnDdgbBvpTRDgFYMP1JH8=; b=vNgCbRdW484fNR3yZuknZHE44eln9gutzaHVYYaPdwM9cgGpSiy9/rIle3omvay/rp v+Ky/h0x3V35kQSQcuwIa9XAiAANotxAYa1Z1dA8TOtta4HQpc9b02sERfiUDazFXAHm suP+WnsYMI+lYeVqNKM63qqgsOjXRiMeRvuNAp3CkQy2cRcZQCyKjOQY5JyIorbxKRks E0X0zDcf9nnHOLfZHZY0yL/N2KoUYc9p1rMwkFVqkrfxCFmPM5d/Dz5+SyE/4vpvsgO/ WedBHcBiFGFhXHcESX3vxkeZPg46dy0wX+CuLechrvyERWeHwQln+aP6k3mrRQRHGdNg AW8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=dvn/IwqLA+3PH4BKODk/zOnnDdgbBvpTRDgFYMP1JH8=; b=JjXaWVrbv2WTWeEjhnI/hxDaH5pMEU6+tSFyDGsTJLceCIsj7JBcrrLWctiOet3eLb SxphHZA4yqGE8bPK4GUestNtyU+Iy7Bwz15N5NkmGds9hR3yfWnbrfZf1hUDzO5LfZRl hvEBIOVXFBIibonAMA7gDUvUW4A3JyPf5g7t5DtnWsROgPwcIMN5mBgB5sIQx1HEf5Sz dJUYr9PUw3P4F1a2+QioAtKHbW7wafvKdn5QwwAUyxCbD3zTRf83h/SnSwvwrFyyyS9I HoOEMERcdV4lSrgFjwh4Mqe5SW8cQWxs/e8+u4hp269tOJ6BxYllkEgL/aQvCqYRCswO uHRA== X-Gm-Message-State: AOAM532xRIz4OZ9jnpbBy7rsdrcSE9MKWKk9BtyJ6Cpqwlt0ryWTxLob bnTiizDb4v7EhHxUjjXS+RJt0w== X-Google-Smtp-Source: ABdhPJzGxBA0PhthWUt1flPrVng4nIor1DREaCyLQQmfR8qCInIkzs4s2oKK7nq5KxlBblFVd3iWvg== X-Received: by 2002:a2e:81d9:: with SMTP id s25mr2768909ljg.104.1597350990286; Thu, 13 Aug 2020 13:36:30 -0700 (PDT) Received: from localhost.localdomain (37-144-159-139.broadband.corbina.ru. [37.144.159.139]) by smtp.googlemail.com with ESMTPSA id n29sm1442090lfi.9.2020.08.13.13.36.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Aug 2020 13:36:29 -0700 (PDT) From: Andrey Konovalov To: openembedded-devel@lists.openembedded.org Date: Thu, 13 Aug 2020 23:36:08 +0300 Message-Id: <20200813203608.26814-1-andrey.konovalov@linaro.org> X-Mailer: git-send-email 2.17.1 Subject: [libcamera-devel] [meta-multimedia][PATCH v4] libcamera: fix packaging and installation X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: libcamera-devel@lists.libcamera.org, raj.khem@gmail.com, madhavan.krishnan@linaro.org MIME-Version: 1.0 Errors-To: libcamera-devel-bounces@lists.libcamera.org Sender: "libcamera-devel" libcamera checks if RPATH or RUNPATH dynamic tag is present in libcamera.so. If it does, it assumes that libcamera binaries are run directly from the build directory without installing them, and tries to use resorces like IPA modules from the build directory. Mainline meson strips RPATH/RUNPATH out from libcamera.so file at install time. But openembedded-core patches meson to disable RPATH/RUNPATH removal. That's why we need to remove this tag manually in do_install_append(). IPA module is signed (with openssl dgst) after it is built. But during packaging the OE build system 1) splits out debugging info, and 2) strips the binaries. So the IPA module so file installed isn't the one which the signature was calculated against. Then the signature check fails, and libcamera tries to run the IPA module isolated (in a sandbox), which doesn't work if the IPA module wasn't designed to run isolated. The solution is to recalculate the IPA modules signatures in ${PKGD} after do_package(). Signed-off-by: Andrey Konovalov --- Changes in v4: - Some of the quotation marks removed to let bitbake to expand the variables properly. Changes in v3: - As suggested by Laurent Pinchart, use ipa-sign-install.sh script to recalculate the signatures instead of ipa-sign.sh. Changes in v2: - Recalculate the IPA modules signatures after do_package() instead of disabling stripping and splitting libcamera package .../recipes-multimedia/libcamera/libcamera.bb | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb b/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb index af2d3b4e1..c66c93ec5 100644 --- a/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb +++ b/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb @@ -18,13 +18,30 @@ PV = "202006+git${SRCPV}" S = "${WORKDIR}/git" -DEPENDS = "python3-pyyaml-native udev gnutls boost" +DEPENDS = "python3-pyyaml-native udev gnutls boost chrpath-native" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'qt', 'qtbase qtbase-native', '', d)}" RDEPENDS_${PN} = "${@bb.utils.contains('DISTRO_FEATURES', 'wayland qt', 'qtwayland', '', d)}" inherit meson pkgconfig python3native +do_install_append() { + chrpath -d ${D}${libdir}/libcamera.so +} + +addtask do_recalculate_ipa_signatures_package after do_package before do_packagedata +do_recalculate_ipa_signatures_package() { + local modules + for module in $(find ${PKGD}/usr/lib/libcamera -name "*.so.sign"); do + module="${module%.sign}" + if [ -f "${module}" ] ; then + modules="${modules} ${module}" + fi + done + + ${S}/src/ipa/ipa-sign-install.sh ${B}/src/ipa-priv-key.pem "${modules}" +} + FILES_${PN}-dev = "${includedir} ${libdir}/pkgconfig" FILES_${PN} += " ${libdir}/libcamera.so"