Package: release.debian.org User: release.debian....@packages.debian.org Usertags: unblock Severity: normal
Dear Release Team, Could you please unblock the key package libcamera/0.0.3-6? [ Reason ] Open source IPA (Image Processing Algorithms) modules are signed at build time allowing them to be trusted. However, IPA binaries are modified by dh_strip invalidating the signatures. Thus IPA modules provided in the package are not trusted anymore and need to be re-signed after the dh_strip step. This fix is applied in 0.0.3-5 and improved in 0.0.3-6. [ Impact ] Not resigning IPA modules will make them untrusted, they will be isolated inside a Sandbox environment with restricted access to the system (like any closed-source module). Provided IPA modules won't work as expected. [ Tests ] The test requires supported hardware but it was tested in a Apertis (a Debian derivative distrib). Some superficial tests have been added at the same time in 0.0.3-5 to detect early crashes as seen in a previous version. [ Risks ] The risk is low since we only regenerate signatures after dh_strip, i.e. /usr/lib/*/libcamera/ipa_.so.sign files. [ Checklist ] [X] all changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in testing unblock libcamera/0.0.3-6 Best, Dylan
diff -Nru libcamera-0.0.3/debian/changelog libcamera-0.0.3/debian/changelog --- libcamera-0.0.3/debian/changelog 2023-01-24 21:36:29.000000000 +0100 +++ libcamera-0.0.3/debian/changelog 2023-03-06 10:40:47.000000000 +0100 @@ -1,3 +1,20 @@ +libcamera (0.0.3-6) unstable; urgency=medium + + * Use the DEB_HOST_GNU_TYPE for the build directory. + + -- Andrej Shadura <andrewsh@debian.org> Mon, 06 Mar 2023 10:40:47 +0100 + +libcamera (0.0.3-5) unstable; urgency=medium + + [ Dylan Aïssi ] + * Add superficial tests. + * Add allow-stderr for tests. + + [ George Kiagiadakis ] + * Add rule to re-sign the IPA modules after dh_strip. + + -- Andrej Shadura <andrewsh@debian.org> Mon, 06 Mar 2023 09:45:00 +0100 + libcamera (0.0.3-4) unstable; urgency=medium * Add doxygen-latex in Build-Deps diff -Nru libcamera-0.0.3/debian/.gitignore libcamera-0.0.3/debian/.gitignore --- libcamera-0.0.3/debian/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ libcamera-0.0.3/debian/.gitignore 2023-03-06 10:40:47.000000000 +0100 @@ -0,0 +1,2 @@ +!patches/ +!*.patch diff -Nru libcamera-0.0.3/debian/rules libcamera-0.0.3/debian/rules --- libcamera-0.0.3/debian/rules 2023-01-24 21:36:29.000000000 +0100 +++ libcamera-0.0.3/debian/rules 2023-03-06 10:40:47.000000000 +0100 @@ -25,6 +25,12 @@ # For now, testsuite failures are ignored -dh_auto_test +override_dh_strip: + dh_strip -a + MESON_INSTALL_DESTDIR_PREFIX=. ./src/ipa/ipa-sign-install.sh \ + ./obj-${DEB_HOST_GNU_TYPE}/src/ipa-priv-key.pem \ + debian/libcamera-ipa/usr/lib/${DEB_HOST_MULTIARCH}/libcamera/ipa_*.so + .PHONY: licensecheck licensecheck: licensecheck --deb-machine -r * \ diff -Nru libcamera-0.0.3/debian/tests/control libcamera-0.0.3/debian/tests/control --- libcamera-0.0.3/debian/tests/control 1970-01-01 01:00:00.000000000 +0100 +++ libcamera-0.0.3/debian/tests/control 2023-03-06 10:40:47.000000000 +0100 @@ -0,0 +1,3 @@ +Tests: run-tools +Depends: @ +Restrictions: superficial, allow-stderr diff -Nru libcamera-0.0.3/debian/tests/run-tools libcamera-0.0.3/debian/tests/run-tools --- libcamera-0.0.3/debian/tests/run-tools 1970-01-01 01:00:00.000000000 +0100 +++ libcamera-0.0.3/debian/tests/run-tools 2023-03-06 10:40:47.000000000 +0100 @@ -0,0 +1,7 @@ +#!/bin/sh -e +# autopkgtest check: Run cam and lc-compliance both with the --list option. + +cam --list + +lc-compliance --list +