|
When the IPA modules are installed, meson strips the DT_RPATH and
DT_RUNPATH from the binaries. This invalidates the signatures. Disable
installation of the .sign files and add an installation script to
regenerate them directly in the target directory. The .sign files still
need to be created at build time to support running IPA modules from the
build tree.
Two alternative approaches have been considered:
- meson could be taught a new target argument to preserve binary
compatibility by skipping any operation that modifies files. This has
been proposed in the #mesonbuild IRC channel. While this could be
interesting in the longer term, we need to fix the issue now.
- The module signatures could be computed on selected sections only.
While skipping the .dynamic section when signing may not cause
security issues, it would make signature generation and verification
more complex, and wasn't deemed worth it.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
|
