[pkg-wpa-devel] Debian 2.6.32 CONFIG_WIRELESS_OLD_REGULATORY, wireless-regdb and crda

Luis R. Rodriguez mcgrof at gmail.com
Thu Jan 28 18:10:04 UTC 2010

Hey folks,

I wanted to try to help Debian in ways in which I can with the new
regulatory infrastructure upstream on the Linux kernel. As of recent
(>= 2.6.34) the old regulatory stuff has been deprecated and replaced
completely for CFG80211_INTERNAL_REGDB, the old regulatory framework
was also disabled by default as of the 2.6.30 kernel release [1]. A
user on linux-wireless recently reported that
CONFIG_WIRELESS_OLD_REGULATORY was enabled on their debian squeeze
2.6.32 kernel [2]. I think its time for a change and wanted to help
address questions and help ensure userspace is ready as well for now
and in the future.

I asked Kel Modderman [3] about the packages and it seems he is really
busy with quite a few moves he has been doing and just lacks time to
get wireless-regdb and crda packaged into Debian. I am the upstream
CRDA maintainer and have already provided a sample debian/ directory
for simple packaging for both wireless-regdb and CRDA. When reviewing
debian packaging before though there were some technical details which
needed to be ironed out over using an RSA private key to digitally
sign the wireless-regdb database and then using the public key to read
the and trust the key with CRDA [4]. Paul Wise also had some good
feedback and I hope we have addressed it all now. Kel's last iteration
consisted of creating a private/public RSA key for the pkg-wpa-devel
team. Technical issue with this is the issues faced when doing
automatic builds, unless you can get the automatic builds to
incorporate your key somehow.

Fedora seems to solves this by generating new keys on each build but
always trusting John Linville's public key therefore allowing end
users to download new upstream wireless-regdb binaries as well as
using updates from their own repositories. Ubuntu simply packages both
wireless-regdb and CRDA into one package, wireless-crda, and simply
just trust John's key. That's all.

As of the CRDA 1.1.1 release if you use OpenSSL you can now also
dynamically read public keys at runtime, not sure if this is something
that might help with packaging. As a last resort there is also the
ability to just use the CFG80211_INTERNAL_REGDB that John Linville
added recently but that won't be around until 2.6.34 and lacks the
ability to update regulatory updates through userspace -- you'd have
to provide a new kernel every time wireless regulatory updates are
made, which is why we decided to move the regulatory database to
userspace in the first place. I prefer to just recommend this kconfig
option to embedded users. The other option is to just not use the RSA
key stuff, but as noted on the documentation I advise against it as
using it ensure we are doing best effort on our part in the FOSS
community for the best regulatory compliance we can implement. With
the RSA key stuff we get both authorship verification and file
integrity checks without having to keep CRC checks around, it covers
both with one solution. It is not designed to be bullet proof, anyone
can hack their own regulatory database and we've even documented
exactly how to do this [6] as there are real world examples for why a
third party would do this, but by using the RSA key stuff we are doing
best effort on ensuring authorship and file integrity prior to passing
information to the kernel.

We've tried to document as best as we can the new regulatory
infrastructure [5], our motivation for it [6] and upstream commitment
for it [7]. Please let me know if there are any questions, I'd be glad
to help in any way I can.

[1] http://wireless.kernel.org/en/developers/Regulatory#Old_regulatory_implementation
[2] http://marc.info/?l=linux-wireless&m=126444734215577&w=2
[3] http://marc.info/?l=linux-wireless&m=126468708719138&w=2
[4] http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/2009-May/002266.html
[5] http://wireless.kernel.org/en/developers/Regulatory
[6] http://wireless.kernel.org/en/developers/Regulatory#Custom_regulatory_information
[7] http://wireless.kernel.org/en/vendors/VendorSupport
[8] http://wireless.kernel.org/en/developers/Regulatory/statement


More information about the Pkg-wpa-devel mailing list