ipa: Only sign IPA modules that are being installed
The ipa-sign-install.sh script, run when installing libcamera, signs all IPA modules present in the module directory. This would result in third-party modules being signed if any are present in the directory. Fix it by explicitly passing the list of IPA modules to the ipa-sign-install.sh script. Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Tested-by: Tomasz Figa <tfiga@chromium.org> Reviewed-by: Tomasz Figa <tfiga@chromium.org>
This commit is contained in:
Laurent Pinchart
@@ -6,13 +6,17 @@
|
||||
#
|
||||
# ipa-sign-install.sh - Regenerate IPA module signatures when installing
|
||||
|
||||
libdir=$1
|
||||
key=$2
|
||||
key=$1
|
||||
shift
|
||||
modules=$*
|
||||
|
||||
ipa_sign=$(dirname "$0")/ipa-sign.sh
|
||||
|
||||
echo "Regenerating IPA modules signatures"
|
||||
|
||||
for module in "${MESON_INSTALL_DESTDIR_PREFIX}/${libdir}"/*.so ; do
|
||||
"${ipa_sign}" "${key}" "${module}" "${module}.sign"
|
||||
for module in ${modules} ; do
|
||||
module="${MESON_INSTALL_DESTDIR_PREFIX}/${module}"
|
||||
if [ -f "${module}" ] ; then
|
||||
"${ipa_sign}" "${key}" "${module}" "${module}.sign"
|
||||
fi
|
||||
done
|
||||
|
||||
+4
-2
@@ -21,10 +21,12 @@ subdir('libipa')
|
||||
ipa_sign = files('ipa-sign.sh')
|
||||
|
||||
ipas = ['raspberrypi', 'rkisp1', 'vimc']
|
||||
ipa_names = []
|
||||
|
||||
foreach pipeline : get_option('pipelines')
|
||||
if ipas.contains(pipeline)
|
||||
subdir(pipeline)
|
||||
ipa_names += join_paths(ipa_install_dir, ipa_name + '.so')
|
||||
endif
|
||||
endforeach
|
||||
|
||||
@@ -33,6 +35,6 @@ if ipa_sign_module
|
||||
# .sign files, as meson strips the DT_RPATH and DT_RUNPATH from binaries at
|
||||
# install time, which invalidates the signatures.
|
||||
meson.add_install_script('ipa-sign-install.sh',
|
||||
ipa_install_dir,
|
||||
ipa_priv_key.full_path())
|
||||
ipa_priv_key.full_path(),
|
||||
ipa_names)
|
||||
endif
|
||||
|
||||
Reference in New Issue
Block a user