bug-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#72828: libcamera module signatures


From: Ludovic Courtès
Subject: bug#72828: libcamera module signatures
Date: Sat, 31 Aug 2024 21:36:49 +0200
User-agent: Gnus/5.13 (Gnus v5.13)

Hi Andrew,

Andrew Tropin <andrew@trop.in> skribis:

> For the last a few days I was updating and fixing libcamera package.
>
> The last problem I faced with it is invalid signatures:
>
> [0:44:16.200646504] [17247] DEBUG IPAManager ipa_manager.cpp:316 IPA module 
> /gnu/store/pfh7adzzy8akkqsjj4wlnmvmbzmrfbvk-libcamera-0.3.1/lib/libcamera/ipa_soft_simple.so
>  signature is not valid

I was curious about those signatures so I browsed ‘ipa_module.cpp’ and
‘ipa_manager.cpp’.  I wondered: what is that supposed to protect against
in the first place?  Bogus LD_LIBRARY_PATH that leads users to load
third-party code instead of the intended module?

Apparently those loadable modules can be isolated in separate processes
when they lack a valid signature, or when LIBCAMERA_IPA_FORCE_ISOLATION
is set.  ‘ipa_manager.cpp’ sheds some light on the rationale for so much
sophistication:

 * Module isolation is based on the module licence. Open-source modules are
 * loaded without isolation, while closed-source module are forcefully isolated.
 * The isolation mechanism ensures that no code from a closed-source module is
 * ever run in the libcamera process.

This probably makes sense in the context that the copyright owner,
Google, envisioned: presumably Android programs loading random
proprietary modules coming from the app store.  But I wonder what the
point is in the context of a free GNU/Linux distro.

In Meson there’s an ‘ipa_sign_module’ boolean variable and
‘src/meson.build’ says this:

--8<---------------cut here---------------start------------->8---
if openssl.found()
    ipa_priv_key = custom_target('ipa-priv-key',
                                 output : ['ipa-priv-key.pem'],
                                 command : [gen_ipa_priv_key, '@OUTPUT@'])
    config_h.set('HAVE_IPA_PUBKEY', 1)
    ipa_sign_module = true
else
    warning('openssl not found, all IPA modules will be isolated')
    ipa_sign_module = false
endif
--8<---------------cut here---------------end--------------->8---

Perhaps we should try removing ‘openssl’ from the inputs and thus have
all the modules isolated?

Ludo’.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]