From patchwork Sun Aug 2 19:07:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Konovalov X-Patchwork-Id: 9133 Return-Path: X-Original-To: parsemail@patchwork.libcamera.org Delivered-To: parsemail@patchwork.libcamera.org Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com [92.243.16.209]) by patchwork.libcamera.org (Postfix) with ESMTPS id 60B4FBD87A for ; Sun, 2 Aug 2020 19:07:41 +0000 (UTC) Received: from lancelot.ideasonboard.com (localhost [IPv6:::1]) by lancelot.ideasonboard.com (Postfix) with ESMTP id F388160999; Sun, 2 Aug 2020 21:07:40 +0200 (CEST) Authentication-Results: lancelot.ideasonboard.com; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="wVRMe7+Q"; dkim-atps=neutral Received: from mail-lj1-x241.google.com (mail-lj1-x241.google.com [IPv6:2a00:1450:4864:20::241]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id B43A960393 for ; Sun, 2 Aug 2020 21:07:39 +0200 (CEST) Received: by mail-lj1-x241.google.com with SMTP id v12so7088303ljc.10 for ; Sun, 02 Aug 2020 12:07:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=gffvLB+WlAnYBdMss2eSA+WIA4DrPKNvIyVac0+f32Y=; b=wVRMe7+QYyf+VYuYRbo5a7YRL633rfhrWcBkKbMh6HRq1mBZmQ8S48POOfXjB3y2dQ WouYwYSAYuIOdZpLC2ZTqmn3q+rVRQ22apYzKhtf2CEiXqDWcUEiobqfsPVSNrgebHvJ EAQjSiyGQZnYZM/yp2EnWashLJf7kjcauppBV7wY8eHy8Y+xQdPcsic5JdX9P+yVH/yt HGpUxTe3MDuwYwAzO86wNfEAwjv0+IpCdOz0bX1Fhh7N9qhk/zbyRN02pWCizWSS4vGK VoSZcTfrlCVp33WVxm6P6MNNHZJZOOtY4XK2ytSF4D8+PGpK3l9XMwMRi5TsfGV9aOQd K+Mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=gffvLB+WlAnYBdMss2eSA+WIA4DrPKNvIyVac0+f32Y=; b=LLYVRwb4sI0nh09OlrUW8TDvZs6guuiCXgEwZKnYLbTUHk3D2kO8nFsPXz7WpMK4SO h6iUr4r9HhWG4kBYdk6oQc1eWdTN6RBP1VGFiNxIIKO3guUOYi6eM10yiaHoC0j4TINu OeNlC3DjKb0zKHzcLBT4nsTCznGl4cp1WZEcy0QanjxM9Xm4ilZ2JUo39cOLSzQtU4sd V4jJ4TgEILzG9z/J580K9O5u5xz8MEAWTBfI+k02VNpp9EuNtLV9aUNhiXyhiOMxGutN 4JRjYAhqGn76UboRY/qJPkX3tfT5DJFa6wjjVAKhrdBlVRt+GRqR0UXACymF8HnoFGOY f+RQ== X-Gm-Message-State: AOAM532lzrzGFTPFDoL5n5J2tmW6Upi8ZQ4NWUtMRrd2jUOEIs9u8lUs 9UldkADuontUGg92nDKAhakfvA== X-Google-Smtp-Source: ABdhPJyk49ySFUfJeoNHN2+qiTSBMrVcej/XAoFNOlmQBp2+2SaxZO4ar8C0kDr4clQ1vErVkRQObA== X-Received: by 2002:a05:651c:1069:: with SMTP id y9mr6100342ljm.438.1596395259001; Sun, 02 Aug 2020 12:07:39 -0700 (PDT) Received: from localhost.localdomain (37-144-159-139.broadband.corbina.ru. [37.144.159.139]) by smtp.googlemail.com with ESMTPSA id e29sm1289126ljp.136.2020.08.02.12.07.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 02 Aug 2020 12:07:38 -0700 (PDT) From: Andrey Konovalov To: openembedded-devel@lists.openembedded.org Date: Sun, 2 Aug 2020 22:07:19 +0300 Message-Id: <20200802190719.9358-1-andrey.konovalov@linaro.org> X-Mailer: git-send-email 2.17.1 Subject: [libcamera-devel] [meta-multimedia][PATCH v3] libcamera: fix packaging and installation X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: libcamera-devel@lists.libcamera.org, raj.khem@gmail.com, madhavan.krishnan@linaro.org MIME-Version: 1.0 Errors-To: libcamera-devel-bounces@lists.libcamera.org Sender: "libcamera-devel" libcamera checks if RPATH or RUNPATH dynamic tag is present in libcamera.so. If it does, it assumes that libcamera binaries are run directly from the build directory without installing them, and tries to use resorces like IPA modules from the build directory. Mainline meson strips RPATH/RUNPATH out from libcamera.so file at install time. But openembedded-core patches meson to disable RPATH/RUNPATH removal. That's why we need to remove this tag manually in do_install_append(). IPA module is signed (with openssl dgst) after it is built. But during packaging the OE build system 1) splits out debugging info, and 2) strips the binaries. So the IPA module so file installed isn't the one which the signature was calculated against. Then the signature check fails, and libcamera tries to run the IPA module isolated (in a sandbox), which doesn't work if the IPA module wasn't designed to run isolated. The solution is to recalculate the IPA modules signatures in ${PKGD} after do_package(). Signed-off-by: Andrey Konovalov Reviewed-by: Laurent Pinchart --- Changes in v3: - As suggested by Laurent Pinchart, use ipa-sign-install.sh script to recalculate the signatures instead of ipa-sign.sh. Changes in v2: - Recalculate the IPA modules signatures after do_package() instead of disabling stripping and splitting libcamera package .../recipes-multimedia/libcamera/libcamera.bb | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb b/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb index 00a5c480d..b34d673bd 100644 --- a/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb +++ b/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb @@ -18,13 +18,30 @@ PV = "202006+git${SRCPV}" S = "${WORKDIR}/git" -DEPENDS = "python3-pyyaml-native udev gnutls boost" +DEPENDS = "python3-pyyaml-native udev gnutls boost chrpath-native" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'qt', 'qtbase qtbase-native', '', d)}" RDEPENDS_${PN} = "${@bb.utils.contains('DISTRO_FEATURES', 'wayland qt', 'qtwayland', '', d)}" inherit meson pkgconfig python3native +do_install_append() { + chrpath -d ${D}${libdir}/libcamera.so +} + +addtask do_recalculate_ipa_signatures_package after do_package before do_packagedata +do_recalculate_ipa_signatures_package() { + local modules + for module in $(find "${PKGD}/usr/lib/libcamera" -name "*.so.sign"); do + module="${module%.sign}" + if [ -f "${module}" ] ; then + modules="${modules} ${module}" + fi + done + + "${S}/src/ipa/ipa-sign-install.sh" "${B}/src/ipa-priv-key.pem" "${modules}" +} + FILES_${PN}-dev = "${includedir} ${libdir}/pkgconfig" FILES_${PN} += " ${libdir}/libcamera.so"