From patchwork Fri Jul 31 14:39:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Konovalov X-Patchwork-Id: 9096 Return-Path: X-Original-To: parsemail@patchwork.libcamera.org Delivered-To: parsemail@patchwork.libcamera.org Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com [92.243.16.209]) by patchwork.libcamera.org (Postfix) with ESMTPS id 50A07BD878 for ; Fri, 31 Jul 2020 14:39:40 +0000 (UTC) Received: from lancelot.ideasonboard.com (localhost [IPv6:::1]) by lancelot.ideasonboard.com (Postfix) with ESMTP id D999B61A14; Fri, 31 Jul 2020 16:39:39 +0200 (CEST) Authentication-Results: lancelot.ideasonboard.com; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="CgkMkrLz"; dkim-atps=neutral Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id 75A4E60398 for ; Fri, 31 Jul 2020 16:39:38 +0200 (CEST) Received: by mail-lj1-x242.google.com with SMTP id q4so32686349lji.2 for ; Fri, 31 Jul 2020 07:39:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=tuKsKgQeAsC+TMas+rdCYzvgJmYJK+nAIwmmPeHmja8=; b=CgkMkrLzYNPy/aA+tcxJow8FwdM8py6yoxMbpzl+vQDKfAVo4P5j9Sk6d2UtoqfHb2 PvC957ELX3DpQ5dyL+C2AsWPZ0RtzVaS24VB/+mT+VSnRhpltrJETi5ZNOetKvJXwuko vdxEN9C0ovoZ8e5Ae1QLPuYlc5CuKjgSDpEhHNYLRXw2sboQG3AKvGIEisH4XK7JcMPB QzakQlANCjkMDXMn3W/ZTbvbZYb/y/TNgt/0Us28C+eyljpFv+oWCjNBjrTqnDe+IqlY ddSdcAh8Hvn/EjVAuazV2IsHrNXs/IBkNS60V3c3gbvg5/b1ZbchdNM7jMzQZ1CUX8am VylA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=tuKsKgQeAsC+TMas+rdCYzvgJmYJK+nAIwmmPeHmja8=; b=nGZothZR6Opc7yu8e9TPJRHPfenOIFGHCgkld198HTCr2GzGqEPt0Yqp4DCtRiOtnG 8K8gj7NiJUdthl1e/jn9pbFHmDanb444ti1Et9AuXYX6JdiK5H10bz75HbpPPSRAWdWW CDO17wuR8H6UCzRYurcPdBQKWeruWP343oU0B/sU5wbvvdZoim0Cklog3IzDG2i9Vr7K N488S4ZlYNFudxZ2zWqpowZ4jAQr5STfBgzhqYLTtV38JHafaMtJ+DEu55cq7QLkxADx mPuJKYfFNu6s8SEfOE4x7DLTExc0rU3bmBAddp8NndBXFCF56mV2K2eRE2hz1kcy6I0Q gS4A== X-Gm-Message-State: AOAM533KWilFzpMiRarqrl0urq0AlzHswAE0JIe92r9pY8xVhi8UZCfU har8DGlHqYfF13j91kPRddNHcA== X-Google-Smtp-Source: ABdhPJwaE6JeJ7EsuOAPysR9+89djLexgEqr6az3uadGq07zGk5Q37mlJmXLN2ygozdHFiTrPpm9QQ== X-Received: by 2002:a2e:8e70:: with SMTP id t16mr2228260ljk.81.1596206377645; Fri, 31 Jul 2020 07:39:37 -0700 (PDT) Received: from localhost.localdomain (37-144-159-139.broadband.corbina.ru. [37.144.159.139]) by smtp.googlemail.com with ESMTPSA id i20sm561303ljb.90.2020.07.31.07.39.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 07:39:36 -0700 (PDT) From: Andrey Konovalov To: openembedded-devel@lists.openembedded.org Date: Fri, 31 Jul 2020 17:39:19 +0300 Message-Id: <20200731143919.25825-1-andrey.konovalov@linaro.org> X-Mailer: git-send-email 2.17.1 Subject: [libcamera-devel] [meta-multimedia][PATCH v2] libcamera: fix packaging and installation X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: libcamera-devel@lists.libcamera.org, raj.khem@gmail.com, madhavan.krishnan@linaro.org MIME-Version: 1.0 Errors-To: libcamera-devel-bounces@lists.libcamera.org Sender: "libcamera-devel" libcamera checks if RPATH or RUNPATH dynamic tag is present in libcamera.so. If it does, it assumes that libcamera binaries are run directly from the build directory without installing them, and tries to use resorces like IPA modules from the build directory. Mainline meson strips RPATH/RUNPATH out from libcamera.so file at install time. But openembedded-core patches meson to disable RPATH/RUNPATH removal. That's why we need to remove this tag manually in do_install_append(). IPA module is signed (with openssl dgst) after it is built. But during packaging the OE build system 1) splits out debugging info, and 2) strips the binaries. So the IPA module so file installed isn't the one which the signature was calculated against. Then the signature check fails, and libcamera tries to run the IPA module isolated (in a sandbox), which doesn't work if the IPA module wasn't designed to run isolated. The solution is to recalculate the IPA modules signatures in ${PKGD} after do_package(). Signed-off-by: Andrey Konovalov Reviewed-by: Laurent Pinchart --- Changes in v2: - Recalculate the IPA modules signatures after do_package() instead of disabling stripping and splitting libcamera package .../recipes-multimedia/libcamera/libcamera.bb | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb b/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb index 00a5c480d..30c6600e5 100644 --- a/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb +++ b/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb @@ -18,13 +18,26 @@ PV = "202006+git${SRCPV}" S = "${WORKDIR}/git" -DEPENDS = "python3-pyyaml-native udev gnutls boost" +DEPENDS = "python3-pyyaml-native udev gnutls boost chrpath-native" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'qt', 'qtbase qtbase-native', '', d)}" RDEPENDS_${PN} = "${@bb.utils.contains('DISTRO_FEATURES', 'wayland qt', 'qtwayland', '', d)}" inherit meson pkgconfig python3native +do_install_append() { + chrpath -d ${D}${libdir}/libcamera.so +} + +addtask do_recalculate_ipa_signatures_package after do_package before do_packagedata +do_recalculate_ipa_signatures_package() { + for module in $(find "${PKGD}/usr/lib/libcamera" -name "*.so.sign"); do + if [ -f "${module%.sign}" ] ; then + "${S}/src/ipa/ipa-sign.sh" "${B}/src/ipa-priv-key.pem" "${module%.sign}" "${module}" + fi + done +} + FILES_${PN}-dev = "${includedir} ${libdir}/pkgconfig" FILES_${PN} += " ${libdir}/libcamera.so"