From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id 6Fm0LOaO2GaDMwAAqHPOHw:P1 (envelope-from ) for ; Wed, 04 Sep 2024 16:46:30 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id 6Fm0LOaO2GaDMwAAqHPOHw (envelope-from ) for ; Wed, 04 Sep 2024 18:46:30 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=WmZYNlFq; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=ULTi7tmw; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1725468390; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=x+eAt+DbxLMQJvFPxAA6TTCM/KiSfXlF0r5gq1087cY=; b=iUUNgtTByyJboSzlWOXcPGVnCZd183bdsgBMzP4J00kPUsOwoiSjKVVFfmQpkewA2ywJig 0regXjCZbH6Cu9jmGAz1GSdxGOo1gO5aHa9ecoPgsQEFce6JDIEeCgW2Jiz5cHxwFXzNVD f/qP2GN/AlVJX/mOQZMIpkK74sJzlcahQSUzQ68Im9iwFdc6jhhSlvD3V24132aHIUduN2 lTnnHdCKo57I3322g0cEZjx6Stf9pGWMBd24iIcSEs+dj6EejHHuAlYH8Fazj/bEBt+SPM MabsoQ43Hqq2gX4rcKNsCXw+Le49q78rL+IxiRSVZP4BVNWgafnvqCw3Khm/aQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1725468390; a=rsa-sha256; cv=none; b=qyxDCHvkdhr0hZWYS2fhpbi7nuAjkpmlKnefQ6Ccb6GOgQAuXfVfgqaOSCIq7Kq6O9BIED gsq5NbjMuZPSJnPpbEAane6avml27VQFL/YmDBl6arQm10xwOxmGh1VSI/ZTNS1Ab0Dm7k z0Iis+JY8+xCP7d8mB+7nrWfLxdL03LRO9ruC4xoNCVolzjfz12alPn3VcZYrz693DDPFB dF8XTB1EeP0gNB+kQcWhNXyQol916k8Cc9VJIoMtkrNqaHFiWiqYla7OCfE0egviLSUuuQ xiK3APL6YRlwHaXfAoVCWTreBrXSKvHZ5EjSjNftYyvM7v035/HxbOytONt06Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=WmZYNlFq; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=ULTi7tmw; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4C3C71D589 for ; Wed, 4 Sep 2024 18:46:30 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1slt94-0005Gq-GS; Wed, 04 Sep 2024 12:46:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1slt8y-0005Ek-CJ for bug-guix@gnu.org; Wed, 04 Sep 2024 12:46:08 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1slt8o-0004l5-KP for bug-guix@gnu.org; Wed, 04 Sep 2024 12:46:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=x+eAt+DbxLMQJvFPxAA6TTCM/KiSfXlF0r5gq1087cY=; b=WmZYNlFqwSf7NB2G1RA+fe4yicJFOm66aA6ZiGKDSCFssCDGsA+FdVwrW3D8RJkktD3gunRSBZfSAESsiqirkdAiZikolCwoCCMdcKx+mg3yXJvAnDb+qilV5QKQIHnAdFShY5y1xCbVGzhqr6UbanNfZKZpF0FuM6DdAinjKFwhyYuLfjNPGNn07ubGDr9+O9JlqRED1voBx07895x0FpcOnl3Ers+ShtEQY9gTPm0Nd7p4VllXrZYnW7Uzt6Kb6gmKa5MaNS3+EH4RFtXN+1whgcdA2wzP0/1Zb5M8rwTzTaVkZirM4Tu4WfljMzDCnuo+azNyRRkH31+uSEedeQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1slt9q-0007IL-C3 for bug-guix@gnu.org; Wed, 04 Sep 2024 12:47:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#72828: Grafting breaks libcamera signatures Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 04 Sep 2024 16:47:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72828 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Jacopo Mondi Cc: 72828@debbugs.gnu.org Received: via spool by 72828-submit@debbugs.gnu.org id=B72828.172546836227867 (code B ref 72828); Wed, 04 Sep 2024 16:47:02 +0000 Received: (at 72828) by debbugs.gnu.org; 4 Sep 2024 16:46:02 +0000 Received: from localhost ([127.0.0.1]:35226 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1slt8s-0007FO-3k for submit@debbugs.gnu.org; Wed, 04 Sep 2024 12:46:02 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39402) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1slt8q-0007Eq-2B for 72828@debbugs.gnu.org; Wed, 04 Sep 2024 12:46:00 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1slt5c-00043B-U7; Wed, 04 Sep 2024 12:42:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=x+eAt+DbxLMQJvFPxAA6TTCM/KiSfXlF0r5gq1087cY=; b=ULTi7tmwvdSU2L9qdVxS 8ZI/nkQHqKdWm4xLU7fDl8JS52WLj9HHxtBD/8xLhkyMrzpqffJGNHWXTb2jZXkXTq1AkPJmC+KH1 sinAQYDExXuJY4vfSsL6JhflVz0A5nRxlmtsMw/av5kgDrJ57/cg372I1wfzuwMQRNPdua+rf2d54 xlHGuDmKQTWuZ872mtR9eTt8Sb/4gzAH/PE5te6pAjg+V93cvdHSTTGi80TVEu7fgqwg3uCWhy5/7 pyQR1F/xWi14DAAPKpzVKBJZzorEIgcosYHvEhjzPjoheOi3mKPY50a11FFqdAXwXPOdoFUGqe5AC 2i5cy6NiQcLFTg==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= In-Reply-To: <2zsqyfesu5qldhngmls7owv4aweuc5gjr5ugyurxco5bmtw3nc@vli7jiwfqf5g> (Jacopo Mondi's message of "Mon, 2 Sep 2024 10:37:58 +0200") References: <87h6b6b5v3.fsf@trop.in> <2zsqyfesu5qldhngmls7owv4aweuc5gjr5ugyurxco5bmtw3nc@vli7jiwfqf5g> Date: Wed, 04 Sep 2024 18:42:37 +0200 Message-ID: <877cbrcqv6.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Queue-Id: 4C3C71D589 X-Migadu-Scanner: mx12.migadu.com X-Migadu-Spam-Score: -7.58 X-Spam-Score: -7.58 X-TUID: daGpkvbNRqpu Hi Jacopo, Jacopo Mondi skribis: > Not exactly. In libcamera, apart from creating a library to ease all > the camera stack plumbing, we're creating an ecosystem of open-source > 3A algorithms (what we call the IPA modules). > > Camera vendors and ODMs which invested in products with specific > camera features, consider 3A algorithms and their tuning their secret > sauce and are usually not willing to consider releasing them as open > source with, fortunately, notable exceptions such as RaspberryPi > > Please note that all the platforms libcamera supports have an > open-source 3A algorithm module available part of the main code base, > and we consider open source 3A modules our 'first class citizens' and > we're willing to develop and maintain them in libcamera mainline > branch as free software, but at this point we have to provide a way for > third-parties to load binary modules if they want to. > > The alternative is to have them continue developing camera stacks > fully behind closed doors as it has been done so far. OK, I see, thanks for explaining the context. > As said, modules not built against the libcamera sources will not be > signed, as they are distributed by other means by a vendor in binary > form. To establish if a module has been built with the libcamera > sources or not, we sign it during the build with a volatile key and > validate the signature at run-time, when the IPA module is loaded. > > IPA modules for which the signature is not valid (either because they > are distributed as binaries or, as in this case, because the build > system strips symbols before installing the objects) are loaded in an > isolated process and instead of being operated with direct function > calls, we have implemented an IPC mechanism to communicate with them. > This path is way less tested by our regular users and in our daily > work on libcamera. Vendors that are running their binaries as isolated > might have fixed issues here and there but maybe they have not > reported the issue and the associated fix upstream (we have no control > over this). > > For this reason I don't suggest running modules as isolated, even more > if you have no reasons to do so. If all it takes is re-signing IPA modules > after stripping them as Andrew did I would really consider doing that. Yeah, got it. The other option, with the understanding that IPA modules are all going to be free software here, would be to dismiss both the authentication and the isolation mechanism, possibly with a custom patch. It seems like the change wouldn=E2=80=99t be too intrusive and it w= ould solve the problem for =E2=80=9Cgrafts=E2=80=9D as well (grafts modify files= in a non-functional way). Thanks for chiming in! Ludo=E2=80=99.