FS#57563 - [wireless-regdb] package regulatory.db

Attached to Project: Arch Linux
Opened by loqs (loqs) - Sunday, 18 February 2018, 17:29 GMT
Last edited by Tobias Powalowski (tpowa) - Saturday, 07 July 2018, 06:41 GMT
Task Type Feature Request
Category Packages: Core
Status Closed
Assigned To Tobias Powalowski (tpowa)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 8
Private No

Details

Description:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=007f6c5e6eb45c81ee89368a5f226572ae638831
Added cfg80211: support loading regulatory database as firmware file with 4.15
The kernel will attempt to load regdb in a new extensible format from /lib/firmware/regulatory.db and
verify it with a detached signature lib/firmware/regulatory.db /lib/firmware/regulatory.db.p7s
This can replace the use of crda from linux 4.15 onwards provided the new files are packaged.
wireless-regdb.patch minimal patch to add new files to package.

Not impemented from the Makefile
# Distributions packagers should do only once:
# make install-distro-key
# This will create a private key for you and install it into
# ~/.wireless-regdb-$(LSB_ID).key.priv.pem
# To make new releaes just do:
# make maintainer-clean
# make
# sudo make install
The public key from that key pair would then need to be built into shipped kernels.
This task depends upon

Closed by  Tobias Powalowski (tpowa)
Saturday, 07 July 2018, 06:41 GMT
Reason for closing:  Fixed
Additional comments about closing:  2018.05.31-2
Comment by Tommy Schmitt (spinka) - Friday, 29 June 2018, 19:39 GMT
Is creating keys really needed? I applied your patch without creating keys and it worked.
Comment by loqs (loqs) - Friday, 29 June 2018, 20:35 GMT
No as long as the database and signature used are from upstream which the kernel has the X.509 cert 'sforshee: 00b28ddf47aef9cea7' built in.
The upstream Makefile contained the suggestions I quoted that distro maintainers should use their own keys.
Comment by Tommy Schmitt (spinka) - Friday, 29 June 2018, 22:21 GMT
Well, then you successfully scared away Arch maintainers from including your proposed changes :)

Applying your patches is trivial while maintaining secret keys is a whole different league. Especially for Arch where minimizing maintainer effort is often priority.

I don't see Arch using anything other than upstream so it's pretty straightforward to apply your patch and forget about the keys.

Loading...