From patchwork Mon Dec 25 17:18:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Subhaditya Nath X-Patchwork-Id: 19350 Return-Path: X-Original-To: parsemail@patchwork.libcamera.org Delivered-To: parsemail@patchwork.libcamera.org Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com [92.243.16.209]) by patchwork.libcamera.org (Postfix) with ESMTPS id 8CADDC3237 for ; Mon, 25 Dec 2023 17:32:27 +0000 (UTC) Received: from lancelot.ideasonboard.com (localhost [IPv6:::1]) by lancelot.ideasonboard.com (Postfix) with ESMTP id 022F062B40; Mon, 25 Dec 2023 18:32:26 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org; s=mail; t=1703525547; bh=bsQklSrV9AGvV1UjxtW4IticB2JqrjQuv+Ts7KU/i9c=; h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=JT5KvT2GljpVtVixNimnfb3OsPymwohMP7FiNeCy4eLfq1H0+nvwRdHGK3A91TbPj YpoNAEJ5TGLL7XleuvUY6Hkh4FnPg+zklB0lDo+59sD9h1e0vWkB9MfwpMcTpjMQIO gVwfQfKYbQs7Jy2ljIB+t/AHZu2zw0KHj3vpHZUGuaD5SEsAExZ1/9HK8ucs1U7KPz 1sw2q5XXlfaoduvr1w0/HWYoGX4DpMC2tnfxfBHFVseOdfHw8/nf6jDEyfZwmTtPY/ B84NK+NO84X74qKxUNlQB7hU6H4HAmEmVyIV+VzWItuX5rZgYfq5DHCv7ljP+ItUjD j1rWrVpQvpNsg== Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id 0501562B32 for ; Mon, 25 Dec 2023 18:19:09 +0100 (CET) Authentication-Results: lancelot.ideasonboard.com; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="nKAoW6fz"; dkim-atps=neutral Received: by mail-pg1-x52d.google.com with SMTP id 41be03b00d2f7-5cdfed46372so1573390a12.3 for ; Mon, 25 Dec 2023 09:19:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703524748; x=1704129548; darn=lists.libcamera.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=8pk9V2LmgmEv0fc2aixQ1k6hAsNbOK+XnNWfi2GyOUw=; b=nKAoW6fz1iCzV4YGKOyMyqoBsSgzjv9bkoBF7C4OVhhGxhf8mUUAroLOKEk23Uo1it ZyiO4qAhVDr6+010+q+CEeSg1/GJD/hY2MSDGDlfXhSxwXVnSEzMYG/EgVkotsItazSh omXumem9dLRtet5D6C/MzB4PSqQkQE6Bq5sdumUaShdlC/QUtedFl4WsNN9SDkQuJbOK xQw3eLreVrwixpB2AJOCqINkAxha5IkfD1sDWWWsIMDXWSrA4OpMjmeLi2pAT1fiyuUY rwysWIKJ/HhjysfP/hiYQoC+bReCNkkAE99FyskkDdcQnyVBf3K+v2XqPJsfsq1obyN6 je1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703524748; x=1704129548; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8pk9V2LmgmEv0fc2aixQ1k6hAsNbOK+XnNWfi2GyOUw=; b=PlNa60Ul5ZV/KVggg1CsQOC70li+jqNc0GQyCLMMJC0a/Lnceai+iD4JNitYo/emmT DsbmHpJMph+ubO92nrP3EgGvJkMfa3GfNa1bp2w5PunaOzuk9z2dI+g9qVebGjmHumQt gZAgdRjyT4u3FROpODCfwC2q4/YFmXlTlX1/1yWLvXCy+YeER4PNvh7kTOuNDjjzTu2Y EWmla92FzTyTAagIDsYudCbnrYQhBHxWCjcQLBln4YPe4q8hpjwRPqRX2Mf7v9F10RVb FcLk6jxF4/Yh3vUBjwK8Fs9Upww1+zG52v0qE8bdLn/pguLMumJhfzgFNMrABbKVXaap EGuw== X-Gm-Message-State: AOJu0Yzy3DkWWngOdLvKJNGmiHiAcUr8StAfACOFpq7Nw/uCy8r19CM6 K0f81y0v/4ykKKtiBqrVWd4d45zCOVcP+g== X-Google-Smtp-Source: AGHT+IHAKNBgN6CXkOQbTyy3yvOUFb5ZKWgb6PBFVoFqYptQebmBGlAkMd19usq58fJIVkRaYUG85g== X-Received: by 2002:a05:6a21:a59d:b0:195:a6d4:d33c with SMTP id gd29-20020a056a21a59d00b00195a6d4d33cmr2532635pzc.8.1703524747601; Mon, 25 Dec 2023 09:19:07 -0800 (PST) Received: from localhost.localdomain ([2409:40e6:19:365:ac01:6d49:f564:d51b]) by smtp.gmail.com with ESMTPSA id o9-20020a056a00214900b006d9a13b491csm4277452pfk.212.2023.12.25.09.19.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Dec 2023 09:19:07 -0800 (PST) To: libcamera-devel@lists.libcamera.org Date: Mon, 25 Dec 2023 22:48:24 +0530 Message-ID: <20231225171824.3776-1-sn03.general@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-Mailman-Approved-At: Mon, 25 Dec 2023 18:32:26 +0100 Subject: [libcamera-devel] [PATCH] meson: enable IPA signing only if both libcrypto and openssl are present X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Subhaditya Nath via libcamera-devel From: Subhaditya Nath Reply-To: Subhaditya Nath Cc: Subhaditya Nath Errors-To: libcamera-devel-bounces@lists.libcamera.org Sender: "libcamera-devel" Before this commit, if the build host had openssl installed, but had neither openssl-dev nor gnutls-dev installed, then the IPA modules would be signed and ipa_pub_key.cpp would contain the pubkey, but the function PubKey::PubKey() would've been left empty, thereby valid_ being set to false, rendering the pubkey unusable for verification purposes. This commit checks for the availability of both the openssl executable and either of the gnutls and libcrypto libraries before enabling signing of the IPA modules. Either both HAVE_IPA_PUBKEY and HAVE_(CRYPTO|GNUTLS) are defined, or neither is defined. This mitigates situations like the one mentioned above. This commit leverages the multi-name dependency feature introduced in meson 0.60.0 to select between gnutls and libcrypto. The behaviour is unchanged – gnutls is used if found, else libcrypto is used (if found). Signed-off-by: Subhaditya Nath --- src/libcamera/meson.build | 19 ------------------- src/meson.build | 26 ++++++++++++++++++++------ 2 files changed, 20 insertions(+), 25 deletions(-) diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build index 45f63e93..9d17c9f1 100644 --- a/src/libcamera/meson.build +++ b/src/libcamera/meson.build @@ -80,25 +80,6 @@ endif libudev = dependency('libudev', required : get_option('udev')) libyaml = dependency('yaml-0.1', required : false) -# Use one of gnutls or libcrypto (provided by OpenSSL), trying gnutls first. -libcrypto = dependency('gnutls', required : false) -if libcrypto.found() - config_h.set('HAVE_GNUTLS', 1) -else - libcrypto = dependency('libcrypto', required : false) - if libcrypto.found() - config_h.set('HAVE_CRYPTO', 1) - endif -endif - -if not libcrypto.found() - warning('Neither gnutls nor libcrypto found, all IPA modules will be isolated') - summary({'IPA modules signed with': 'None (modules will run isolated)'}, - section : 'Configuration') -else - summary({'IPA modules signed with' : libcrypto.name()}, section : 'Configuration') -endif - if liblttng.found() tracing_enabled = true config_h.set('HAVE_TRACING', 1) diff --git a/src/meson.build b/src/meson.build index 165a77bb..208cd760 100644 --- a/src/meson.build +++ b/src/meson.build @@ -15,16 +15,30 @@ summary({ }, section : 'Paths') # Module Signing +# Use one of gnutls or libcrypto (provided by OpenSSL), trying gnutls first. +libcrypto = dependency('gnutls', 'libcrypto', required : false) openssl = find_program('openssl', required : false) -if openssl.found() +if not libcrypto.found() + ipa_sign_module = false + warning('Neither gnutls nor libcrypto found, all IPA modules will be isolated') + summary({'IPA modules signed with': 'None (modules will run isolated)'}, + section : 'Configuration') +elif not openssl.found() + ipa_sign_module = false + warning('openssl not found, all IPA modules will be isolated') + ipa_sign_module = false +else + ipa_sign_module = true + config_h.set('HAVE_IPA_PUBKEY', 1) + if libcrypto.name() == 'gnutls' + config_h.set('HAVE_GNUTLS', 1) + else + config_h.set('HAVE_CRYPTO', 1) + endif + summary({'IPA modules signed with' : libcrypto.name()}, section : 'Configuration') ipa_priv_key = custom_target('ipa-priv-key', output : ['ipa-priv-key.pem'], command : [gen_ipa_priv_key, '@OUTPUT@']) - config_h.set('HAVE_IPA_PUBKEY', 1) - ipa_sign_module = true -else - warning('openssl not found, all IPA modules will be isolated') - ipa_sign_module = false endif # libcamera must be built first as a dependency to the other components.