diff options
| author | Andrew Tropin <andrew@trop.in> | 2024-09-05 10:24:08 +0400 |
|---|---|---|
| committer | Andrew Tropin <andrew@trop.in> | 2024-09-05 10:28:45 +0400 |
| commit | b0e224566f2ca6b8d375c89f8d023e1b836f31e4 (patch) | |
| tree | 20ebf8bab344b9a17dc0f81ade015edf5f0cc9c2 /gnu/packages/patches | |
| parent | 0b95de9b3bad19da20cb034ca2bc245c2b48cf00 (diff) | |
gnu: libcamera: Disable signature verification.
Signature verification breaks, when libcamera is grafted. Running built-in
libcamera modules via proxy is not recommended by upstream and not always
work. We control the build process of all libcamera modules, so to workaround
the issue we disable signature verification. For more information see:
<https://issues.guix.gnu.org/72828>
* gnu/packages/patches/libcamera-ipa_manager-disable-signature-verification.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/networking.scm (libcamera): Disable signature verification.
[inputs]: Remove gnutls and openssl.
[arguments]: Remove re-sign-binaries phase.
[source]: Add disable-signature patch.
Change-Id: Icf422553c0f49b28d7997a1e818a4b8d9a6b5732
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/libcamera-ipa_manager-disable-signature-verification.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/gnu/packages/patches/libcamera-ipa_manager-disable-signature-verification.patch b/gnu/packages/patches/libcamera-ipa_manager-disable-signature-verification.patch new file mode 100644 index 0000000000..aa4dff3fe3 --- /dev/null +++ b/gnu/packages/patches/libcamera-ipa_manager-disable-signature-verification.patch @@ -0,0 +1,55 @@ +From c99706475cde3d963a17f4f8871149711ce6c467 Mon Sep 17 00:00:00 2001 +From: Andrew Tropin <andrew@trop.in> +Date: Wed, 4 Sep 2024 21:36:16 +0400 +Subject: [PATCH] libcamera: ipa_manager: Disable signature verification + +--- + src/libcamera/ipa_manager.cpp | 28 +++++----------------------- + 1 file changed, 5 insertions(+), 23 deletions(-) + +diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp +index cfc24d38..4fd3cf3e 100644 +--- a/src/libcamera/ipa_manager.cpp ++++ b/src/libcamera/ipa_manager.cpp +@@ -284,33 +284,15 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion, + + bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const + { +-#if HAVE_IPA_PUBKEY +- char *force = utils::secure_getenv("LIBCAMERA_IPA_FORCE_ISOLATION"); +- if (force && force[0] != '\0') { +- LOG(IPAManager, Debug) +- << "Isolation of IPA module " << ipa->path() +- << " forced through environment variable"; +- return false; +- } +- +- File file{ ipa->path() }; +- if (!file.open(File::OpenModeFlag::ReadOnly)) +- return false; +- +- Span<uint8_t> data = file.map(); +- if (data.empty()) +- return false; +- +- bool valid = pubKey_.verify(data, ipa->signature()); ++ LOG(IPAManager, Debug) ++ << "Signature verification is disabled by Guix. " ++ << "See https://issues.guix.gnu.org/72828 for more details."; + + LOG(IPAManager, Debug) + << "IPA module " << ipa->path() << " signature is " +- << (valid ? "valid" : "not valid"); ++ << "not verified (verification skipped)."; + +- return valid; +-#else +- return false; +-#endif ++ return true; + } + + } /* namespace libcamera */ +-- +2.45.2 + |