search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
18.32k stars 14.3k forks source link

libcamera: IPA modules do not have a valid signature #351842

Open steinuil opened 4 weeks ago

steinuil commented 4 weeks ago

Describe the bug

libcamera requires its builtin IPA modules to be signed during compilation in order not to use its isolated proxy worker mechanism. In the current version of the package they are not signed correctly so libcamera falls back to using the proxy workers (which also does not work correctly).

This bug also affects wireplumber on my system and renders pipewire completely unusable, because it crashes while trying to load the cameras.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Install libcamera on a system that has a camera with an IPU3 (I'm using a Surface Pro 5)
  2. LIBCAMERA_LOG_LEVELS=*:DEBUG cam --list
  3. The logs show that the signature for ipa_ipu3.so IPA module's signature is not valid, and the isolated proxy worker mechanism is tried instead.
[0:28:08.580810631] [9402] DEBUG IPAManager ipa_manager.cpp:316 IPA module /nix/store/kk267r0hd434yvkfwz4aslsxxfvz57g5-libcamera-0.3.1/lib/libcamera/ipa_ipu3.so signature is not valid
[0:28:08.580893252] [9402] DEBUG IPAProxy ipu3_ipa_proxy.cpp:45 initializing ipu3 proxy: loading IPA from /nix/store/kk267r0hd434yvkfwz4aslsxxfvz57g5-libcamera-0.3.1/lib/libcamera/ipa_ipu3.so
[0:28:08.581055354] [9402]  INFO IPAProxy ipa_proxy.cpp:198 libcamera is not installed. Loading proxy workers from '/nix/store/src/libcamera/proxy/worker'
[0:28:08.581082468] [9402] ERROR IPAProxy ipu3_ipa_proxy.cpp:52 Failed to get proxy worker path
[0:28:08.581100853] [9402] ERROR IPAManager ipa_manager.h:43 Failed to load proxy
Segmentation fault (core dumped)

(The segfault is not directly relevant to this bug.)

Expected behavior

The logs for IPAManager should show IPA module /nix/store/...-libcamera-0.3.1/lib/libcamera/ipa_ipu3.so signature is valid and for the proxy worker mechanism should not be used.

Additional context

I think this error was introduced in https://github.com/NixOS/nixpkgs/commit/fb0ddd9186170fe297e2274c01ee410d79874f9f where a fixed key for signing the IPA modules was introduced and the postFixup step was removed. I created an overlay for my system which inserts this step again, and in this version of libcamera the logs report ipa_ipu3.so's signature as valid.

{
  postFixup = ''
    ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so
  '';
}

If this seems reasonable I can create a PR that adds this step back in again.

I'll also note that the IPA proxy mechanism does not currently work unless you explicitly set LIBCAMERA_IPA_PROXY_PATH to ${pkgs.libcamera}/libexec/libcamera when running something that uses libcamera, because libcamera seems to think that it's not installed and decides to set its IPA proxy search path to /nix/store/src/ipa. Here is the relevant code. I haven't looked into this too much but maybe it can be solved by providing some options during the build step.

[0:28:08.540885041] [9399]  INFO IPAManager ipa_manager.cpp:143 libcamera is not installed. Adding '/nix/store/src/ipa' to the IPA search path
...
[0:28:08.581055354] [9402]  INFO IPAProxy ipa_proxy.cpp:198 libcamera is not installed. Loading proxy workers from '/nix/store/src/libcamera/proxy/worker'
[0:28:08.581082468] [9402] ERROR IPAProxy ipu3_ipa_proxy.cpp:52 Failed to get proxy worker path
[0:28:08.581100853] [9402] ERROR IPAManager ipa_manager.h:43 Failed to load proxy
Segmentation fault (core dumped)

The segfault is not responsible for these errors, but I think it's a bug upstream that triggers when the IPAProxyIPU3 destructor is run if the IPU3 proxy is not found in the path.

Notify maintainers

meta.maintainers lists citadelcore but that user does not seem to exist anymore?

Metadata

 - system: `"x86_64-linux"`
 - host os: `Linux 6.10.5, NixOS, 24.11 (Vicuna), 24.11.20241015.2d61134`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.24.9`
 - nixpkgs: `/nix/store/11xpwvfhxdz2ld4b0crips4ng2sdh091-source`

Add a :+1: reaction to issues you find important.

teutat3s commented 4 weeks ago

Pinging @Mic92 as the author of the referenced commit.

steinuil commented 4 weeks ago

I just finished rebuilding my system with the postFixup step restored in the overlay and I can confirm that it fixes the signing issue and makes the camera work in normal applications.

Also I found #230289 which has some discussion about this signing issue with regards to reproducibility. I think that since the private key is provided before building, re-signing these shared libraries should not cause this package to be unreproducible again, but maybe @Mic92 will know more about this.

Mic92 commented 3 weeks ago

Ok. Looks like we should restore that fixup but also keep the static key because of reproducible builds. Can you make a pull request?