[pkg-wpa-devel] Debian 2.6.32 CONFIG_WIRELESS_OLD_REGULATORY, wireless-regdb and crda

Paul Wise pabs at debian.org
Fri Jan 29 02:57:25 UTC 2010 

[Please keep me in CC for this thread]

There is a technical change coming in Debian that may mean one key for
the pkg-wpa folks will be more problematic; it is planned that
maintainer-built .debs are to be thrown away on upload (but still
required) and all packages rebuilt on the buildds. There will probably
be the possibility to have exceptions though, so this may turn out to be
a non-issue or less of an issue.

Also, IIRC I wasn't fully happy with the way the signature stuff worked.
My main issue was that the trusted RSA public keys are/were embedded
into the crda binary at build time. I would have much preferred that
they be split out into a set of directories. Something
like /etc/crda/keys/ could be the default. This allows packages to drop
new keys in and for sysadmins to also do that as needed, as well as for
sysadmins to disable keys that have been compromised or similar. With
the dir list and the upcoming buildd change, Debian could use something
like Fedora's option;

      * wireless-regdb could check at build time if the source database
        has been modified and a new binary database been rebuilt
              * If so
                      * generate a new temporary key at build time
                      * sign the new binary database with the temporary
                        key
                      * install the temporary public key
                        to /etc/crda/keys/
                      * throw away the temporary private key
              * If not
                      * install the (unmodified) pre-built binary
                        database

I imagine the OpenSSL stuff in crda 1.1.1 would enable this kind of
option. In addition, crda should have a directory for the sysadmin to
drop in a replacement binary database if for example they wanted to
replace their distro's binary database with a newer version from John
Linville. Since the distros should install John's RSA key, new versions
of the pre-built binary database would be trusted. If the sysadmin
wanted to build their own binary database they would install the
temporary key generated above as well as their new database.

What is the point of having the CFG80211_INTERNAL_REGDB option? That
sounds like a silly thing to do since there is crda and wireless-regdb.
Since 2.6.33 isn't yet released, I assume there is time to change the
behaviour of CFG80211_INTERNAL_REGDB (or remove it). Does
CFG80211_INTERNAL_REGDB mean that crda will be consulted first and if it
cannot be contacted, then the internal copy will be used? You mentioned
the embedded world, I suppose that is the target for it?

Any idea what proportion of wireless card firmware will respect what
Linux and crda tell it? I guess users of old wireless cards with
abandoned or hard-coded firmware will not benefit from crda &
wireless-regdb. I speak here as a user of the ar6000 on the OpenMoko
FreeRunner and a friend of people with ipw2x00-based cards on laptops.
I'm using an iwl3945-based card, do you know if Intel plan to implement
support for this stuff in their firmware?

I thank you very much for working on this stuff.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20100129/28f79976/attachment-0001.pgp>

More information about the Pkg-wpa-devel mailing list