IPA modules are not resigned after dh_strip
Bug #2012745 reported by
Dylan Aïssi
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libcamera (Debian) |
Fix Released
|
Unknown
|
|||
libcamera (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Reason ]
Open source IPA (Image Processing Algorithms) modules are signed at build time allowing them to be trusted. However, IPA binaries are modified by dh_strip invalidating the signatures. Thus IPA modules provided in the package are not trusted anymore and need to be re-signed after the dh_strip step. This fix is applied in 0.0.4-3.
[ Impact ]
Not resigning IPA modules will make them untrusted, they will be isolated inside a Sandbox environment with restricted access to the system (like any closed-source module). Provided IPA modules won't work as expected.
[ Risks ]
The risk is low since we only regenerate signatures after dh_strip, i.e. /usr/lib/
Changed in libcamera (Ubuntu): | |
status: | New → Confirmed |
milestone: | none → ubuntu-23.04 |
Changed in libcamera (Debian): | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Attached a debdiff