Age | Commit message (Collapse) | Author |
|
When the IPA modules are installed, meson strips the DT_RPATH and
DT_RUNPATH from the binaries. This invalidates the signatures. Disable
installation of the .sign files and add an installation script to
regenerate them directly in the target directory. The .sign files still
need to be created at build time to support running IPA modules from the
build tree.
Two alternative approaches have been considered:
- meson could be taught a new target argument to preserve binary
compatibility by skipping any operation that modifies files. This has
been proposed in the #mesonbuild IRC channel. While this could be
interesting in the longer term, we need to fix the issue now.
- The module signatures could be computed on selected sections only.
While skipping the .dynamic section when signing may not cause
security issues, it would make signature generation and verification
more complex, and wasn't deemed worth it.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
|
|
The file will be used to test the corresponding APIs.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Jacopo Mondi <jacopo@jmondi.org>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
|
|
The IPA module signing mechanism relies on openssl to generate keys and
sign the module. If openssl is not found on the system, the build will
fail. Make the dependency optional by detecting openssl, and skip
generation of signatures if openssl isn't found.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
|
|
The IPAModuleInfo license field isn't needed anymore now that modules
are cryptographically signed. Remove it.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
|
|
Add infrastructure to generate an RSA private key and sign IPA modules.
The signatures are stored in separate files with a .sign suffix.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
|
|
The isolated VIMC module isn't used in any test. Remove it to prepare
for the rework of IPA module isolation. The feature can be added back
later alongside corresponding tests if needed.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
|
|
Give a subdirectory to all IPA modules to make the structure of the
source tree more consistent. This will also simplify the implementation
of IPA module selection at build time.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
|