libcamera: Make IPA module signing recommended instead of mandatory
Commit b382f67c83 ("libcamera: Make IPA module signing mandatory for
the meantime") made openssl and gnutls dependencies mandatory to work
around the lack of proper IPA module isolation support, which broke
operation without module signatures. This has now been fixed, so IPA
module isolation isn't strictly required anymore.
There are few use cases for disabling module signing completely, given
that the openssl or gnutls dependencies are available on the vast
majority of systems and the overheard introduced by isolating all IPA
modules when signatures are not available is better avoided.
Nonetheless, libcamera should operate properly with forced IPA module
isolation, so we can support those use cases.
Adopt a middle-ground approach to avoid unintentional isolation by
documenting the dependencies as recommended, and warn at meson setup
time if they are not found.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Tested-by: Eric Curtin <ecurtin@redhat.com>
Reviewed-by: Eric Curtin <ecurtin@redhat.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
This commit is contained in:
Laurent Pinchart
parent
12f48aa65e
commit
fe67032471
3 changed files with 14 additions and 4 deletions
|
|
@ -60,9 +60,12 @@ Meson Build system: [required]
|
|||
for the libcamera core: [required]
|
||||
libyaml-dev python3-yaml python3-ply python3-jinja2
|
||||
|
||||
for IPA module signing: [required]
|
||||
for IPA module signing: [recommended]
|
||||
Either libgnutls28-dev or libssl-dev, openssl
|
||||
|
||||
Without IPA module signing, all IPA modules will be isolated in a
|
||||
separate process. This adds an unnecessary extra overhead at runtime.
|
||||
|
||||
for improved debugging: [optional]
|
||||
libdw-dev libunwind-dev
|
||||
|
||||
|
|
|
|||
|
|
@ -73,8 +73,14 @@ libcrypto = dependency('gnutls', required : false)
|
|||
if libcrypto.found()
|
||||
config_h.set('HAVE_GNUTLS', 1)
|
||||
else
|
||||
libcrypto = dependency('libcrypto', required : true)
|
||||
libcrypto = dependency('libcrypto', required : false)
|
||||
if libcrypto.found()
|
||||
config_h.set('HAVE_CRYPTO', 1)
|
||||
endif
|
||||
endif
|
||||
|
||||
if not libcrypto.found()
|
||||
warning('Neither gnutls nor libcrypto found, all IPA modules will be isolated')
|
||||
endif
|
||||
|
||||
if liblttng.found()
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ summary({
|
|||
}, section : 'Paths')
|
||||
|
||||
# Module Signing
|
||||
openssl = find_program('openssl', required : true)
|
||||
openssl = find_program('openssl', required : false)
|
||||
if openssl.found()
|
||||
ipa_priv_key = custom_target('ipa-priv-key',
|
||||
output : ['ipa-priv-key.pem'],
|
||||
|
|
@ -22,6 +22,7 @@ if openssl.found()
|
|||
config_h.set('HAVE_IPA_PUBKEY', 1)
|
||||
ipa_sign_module = true
|
||||
else
|
||||
warning('openssl not found, all IPA modules will be isolated')
|
||||
ipa_sign_module = false
|
||||
endif
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue