Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: unblock
Severity: normal
Dear Release Team,
Could you please unblock the key package libcamera/0.0.3-6?
[ Reason ]
Open source IPA (Image Processing Algorithms) modules are signed at build time
allowing them to be trusted. However, IPA binaries are modified by dh_strip
invalidating the signatures. Thus IPA modules provided in the package are not
trusted anymore and need to be re-signed after the dh_strip step. This fix is
applied in 0.0.3-5 and improved in 0.0.3-6.
[ Impact ]
Not resigning IPA modules will make them untrusted, they will be isolated
inside a Sandbox environment with restricted access to the system (like any
closed-source module). Provided IPA modules won't work as expected.
[ Tests ]
The test requires supported hardware but it was tested in a Apertis (a Debian
derivative distrib). Some superficial tests have been added at the same time in
0.0.3-5 to detect early crashes as seen in a previous version.
[ Risks ]
The risk is low since we only regenerate signatures after dh_strip, i.e.
/usr/lib/*/libcamera/ipa_.so.sign files.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
unblock libcamera/0.0.3-6
Best,
Dylan
diff -Nru libcamera-0.0.3/debian/changelog libcamera-0.0.3/debian/changelog
--- libcamera-0.0.3/debian/changelog 2023-01-24 21:36:29.000000000 +0100
+++ libcamera-0.0.3/debian/changelog 2023-03-06 10:40:47.000000000 +0100
@@ -1,3 +1,20 @@
+libcamera (0.0.3-6) unstable; urgency=medium
+
+ * Use the DEB_HOST_GNU_TYPE for the build directory.
+
+ -- Andrej Shadura <andrewsh@debian.org> Mon, 06 Mar 2023 10:40:47 +0100
+
+libcamera (0.0.3-5) unstable; urgency=medium
+
+ [ Dylan Aïssi ]
+ * Add superficial tests.
+ * Add allow-stderr for tests.
+
+ [ George Kiagiadakis ]
+ * Add rule to re-sign the IPA modules after dh_strip.
+
+ -- Andrej Shadura <andrewsh@debian.org> Mon, 06 Mar 2023 09:45:00 +0100
+
libcamera (0.0.3-4) unstable; urgency=medium
* Add doxygen-latex in Build-Deps
diff -Nru libcamera-0.0.3/debian/.gitignore libcamera-0.0.3/debian/.gitignore
--- libcamera-0.0.3/debian/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ libcamera-0.0.3/debian/.gitignore 2023-03-06 10:40:47.000000000 +0100
@@ -0,0 +1,2 @@
+!patches/
+!*.patch
diff -Nru libcamera-0.0.3/debian/rules libcamera-0.0.3/debian/rules
--- libcamera-0.0.3/debian/rules 2023-01-24 21:36:29.000000000 +0100
+++ libcamera-0.0.3/debian/rules 2023-03-06 10:40:47.000000000 +0100
@@ -25,6 +25,12 @@
# For now, testsuite failures are ignored
-dh_auto_test
+override_dh_strip:
+ dh_strip -a
+ MESON_INSTALL_DESTDIR_PREFIX=. ./src/ipa/ipa-sign-install.sh \
+ ./obj-${DEB_HOST_GNU_TYPE}/src/ipa-priv-key.pem \
+ debian/libcamera-ipa/usr/lib/${DEB_HOST_MULTIARCH}/libcamera/ipa_*.so
+
.PHONY: licensecheck
licensecheck:
licensecheck --deb-machine -r * \
diff -Nru libcamera-0.0.3/debian/tests/control libcamera-0.0.3/debian/tests/control
--- libcamera-0.0.3/debian/tests/control 1970-01-01 01:00:00.000000000 +0100
+++ libcamera-0.0.3/debian/tests/control 2023-03-06 10:40:47.000000000 +0100
@@ -0,0 +1,3 @@
+Tests: run-tools
+Depends: @
+Restrictions: superficial, allow-stderr
diff -Nru libcamera-0.0.3/debian/tests/run-tools libcamera-0.0.3/debian/tests/run-tools
--- libcamera-0.0.3/debian/tests/run-tools 1970-01-01 01:00:00.000000000 +0100
+++ libcamera-0.0.3/debian/tests/run-tools 2023-03-06 10:40:47.000000000 +0100
@@ -0,0 +1,7 @@
+#!/bin/sh -e
+# autopkgtest check: Run cam and lc-compliance both with the --list option.
+
+cam --list
+
+lc-compliance --list
+
