apps: Add ipa-verify application
When packaging libcamera, distributions may break IPA module signatures if the packaging process strips binaries. This can be fixed by resigning the modules, but the process is error-prone. Add a command line ipa-verify utility that tests the signature on an IPA module to help packagers. The tool takes a single argument, the path to an IPA module shared object, and expects the signature file (.sign) to be in the same directory. In order to access the public key needed for signature verification, add a static function to the IPAManager class. As the class is internal to libcamera, this doesn't affect the public API. Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Reviewed-by: Umang Jain <umang.jain@ideasonboard.com> Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com> Tested-by: Javier Martinez Canillas <javierm@redhat.com>
This commit is contained in:
@@ -279,6 +279,19 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,
|
||||
* found or if the IPA proxy fails to initialize
|
||||
*/
|
||||
|
||||
#if HAVE_IPA_PUBKEY
|
||||
/**
|
||||
* \fn IPAManager::pubKey()
|
||||
* \brief Retrieve the IPA module signing public key
|
||||
*
|
||||
* IPA module signature verification is normally handled internally by the
|
||||
* IPAManager class. This function is meant to be used by utilities that need to
|
||||
* verify signatures externally.
|
||||
*
|
||||
* \return The IPA module signing public key
|
||||
*/
|
||||
#endif
|
||||
|
||||
bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const
|
||||
{
|
||||
#if HAVE_IPA_PUBKEY
|
||||
|
||||
Reference in New Issue
Block a user