From b0e224566f2ca6b8d375c89f8d023e1b836f31e4 Mon Sep 17 00:00:00 2001
From: Andrew Tropin <andrew@trop.in>
Date: Thu, 5 Sep 2024 10:24:08 +0400
Subject: gnu: libcamera: Disable signature verification.

Signature verification breaks, when libcamera is grafted.  Running built-in
libcamera modules via proxy is not recommended by upstream and not always
work.  We control the build process of all libcamera modules, so to workaround
the issue we disable signature verification.  For more information see:
<https://issues.guix.gnu.org/72828>

* gnu/packages/patches/libcamera-ipa_manager-disable-signature-verification.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/networking.scm (libcamera): Disable signature verification.
[inputs]: Remove gnutls and openssl.
[arguments]: Remove re-sign-binaries phase.
[source]: Add disable-signature patch.

Change-Id: Icf422553c0f49b28d7997a1e818a4b8d9a6b5732
---
 gnu/packages/networking.scm | 20 +++-----------------
 1 file changed, 3 insertions(+), 17 deletions(-)

(limited to 'gnu/packages/networking.scm')

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 9facbae82d..11e92b919f 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -382,6 +382,8 @@ them in order to efficiently transfer a minimal amount of data.")
         (git-reference
          (url "https://git.libcamera.org/libcamera/libcamera.git")
          (commit (string-append "v" version))))
+       (patches (search-patches
+                 "libcamera-ipa_manager-disable-signature-verification.patch"))
        (file-name
         (git-file-name name version))
        (sha256
@@ -431,21 +433,7 @@ them in order to efficiently transfer a minimal amount of data.")
                      (mkdir-p (string-append gst "/lib"))
                      (rename-file
                       (string-append out "/lib/gstreamer-1.0")
-                      (string-append gst "/lib/gstreamer-1.0")))))
-               (add-after 'shrink-runpath 're-sign-binaries
-                 (lambda* (#:key outputs #:allow-other-keys)
-                   "Update signatures of all ipa libraries.
-
-After stipping phases signatures are not valid anymore, so it's necessary to
-re-sign."
-                   (let* ((out (assoc-ref outputs "out")))
-                     (for-each
-                      (lambda (file)
-                        (invoke
-                         "source/src/ipa/ipa-sign.sh" "src/ipa-priv-key.pem"
-                         file (string-append file ".sign")))
-                      (find-files
-                       (string-append out "/lib/libcamera") "\\.so$"))))))))
+                      (string-append gst "/lib/gstreamer-1.0"))))))))
     (native-inputs
      (list googletest
            graphviz                     ;for 'dot'
@@ -458,11 +446,9 @@ re-sign."
      (list eudev
            glib
            gst-plugins-base
-           gnutls
            libevent
            libtiff
            libyaml
-           openssl
            python-jinja2
            python-ply
            qtbase))
-- 
cgit v1.2.3