diff options
| author | Laurent Pinchart <laurent.pinchart@ideasonboard.com> | 2022-08-07 01:12:07 +0300 |
|---|---|---|
| committer | Laurent Pinchart <laurent.pinchart@ideasonboard.com> | 2022-08-09 16:05:58 +0300 |
| commit | fe6703247118b04fe09e677f99b428dc40393655 (patch) | |
| tree | 754a87583e55a6b9d17f6020d1ea0d1cad9eb331 | |
| parent | 12f48aa65e45a50bba6df07db56b77ccfbdb3f77 (diff) | |
libcamera: Make IPA module signing recommended instead of mandatory
Commit b382f67c833d ("libcamera: Make IPA module signing mandatory for
the meantime") made openssl and gnutls dependencies mandatory to work
around the lack of proper IPA module isolation support, which broke
operation without module signatures. This has now been fixed, so IPA
module isolation isn't strictly required anymore.
There are few use cases for disabling module signing completely, given
that the openssl or gnutls dependencies are available on the vast
majority of systems and the overheard introduced by isolating all IPA
modules when signatures are not available is better avoided.
Nonetheless, libcamera should operate properly with forced IPA module
isolation, so we can support those use cases.
Adopt a middle-ground approach to avoid unintentional isolation by
documenting the dependencies as recommended, and warn at meson setup
time if they are not found.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Tested-by: Eric Curtin <ecurtin@redhat.com>
Reviewed-by: Eric Curtin <ecurtin@redhat.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
| -rw-r--r-- | README.rst | 5 | ||||
| -rw-r--r-- | src/libcamera/meson.build | 10 | ||||
| -rw-r--r-- | src/meson.build | 3 |
3 files changed, 14 insertions, 4 deletions
@@ -60,9 +60,12 @@ Meson Build system: [required] for the libcamera core: [required] libyaml-dev python3-yaml python3-ply python3-jinja2 -for IPA module signing: [required] +for IPA module signing: [recommended] Either libgnutls28-dev or libssl-dev, openssl + Without IPA module signing, all IPA modules will be isolated in a + separate process. This adds an unnecessary extra overhead at runtime. + for improved debugging: [optional] libdw-dev libunwind-dev diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build index 1f02494a..ce1f0f2f 100644 --- a/src/libcamera/meson.build +++ b/src/libcamera/meson.build @@ -73,8 +73,14 @@ libcrypto = dependency('gnutls', required : false) if libcrypto.found() config_h.set('HAVE_GNUTLS', 1) else - libcrypto = dependency('libcrypto', required : true) - config_h.set('HAVE_CRYPTO', 1) + libcrypto = dependency('libcrypto', required : false) + if libcrypto.found() + config_h.set('HAVE_CRYPTO', 1) + endif +endif + +if not libcrypto.found() + warning('Neither gnutls nor libcrypto found, all IPA modules will be isolated') endif if liblttng.found() diff --git a/src/meson.build b/src/meson.build index 34663a6f..f37c44ca 100644 --- a/src/meson.build +++ b/src/meson.build @@ -14,7 +14,7 @@ summary({ }, section : 'Paths') # Module Signing -openssl = find_program('openssl', required : true) +openssl = find_program('openssl', required : false) if openssl.found() ipa_priv_key = custom_target('ipa-priv-key', output : ['ipa-priv-key.pem'], @@ -22,6 +22,7 @@ if openssl.found() config_h.set('HAVE_IPA_PUBKEY', 1) ipa_sign_module = true else + warning('openssl not found, all IPA modules will be isolated') ipa_sign_module = false endif |