[pkg-wpa-devel] r1498 - in /crda/trunk/debian: control patches/ patches/openssl_runtime_verification_tuneup.patch patches/series rules

kelmo-guest at users.alioth.debian.org kelmo-guest at users.alioth.debian.org
Mon Mar 1 14:19:08 UTC 2010 

Author: kelmo-guest
Date: Mon Mar  1 14:19:06 2010
New Revision: 1498

URL: http://svn.debian.org/wsvn/pkg-wpa/?sc=1&rev=1498
Log:
Add patch to make USE_OPENSSL more sane. export require build system variables.

Added:
    crda/trunk/debian/patches/
    crda/trunk/debian/patches/openssl_runtime_verification_tuneup.patch
    crda/trunk/debian/patches/series
Modified:
    crda/trunk/debian/control
    crda/trunk/debian/rules

Modified: crda/trunk/debian/control
URL: http://svn.debian.org/wsvn/pkg-wpa/crda/trunk/debian/control?rev=1498&op=diff
==============================================================================
--- crda/trunk/debian/control (original)
+++ crda/trunk/debian/control Mon Mar  1 14:19:06 2010
@@ -7,8 +7,6 @@
  libnl-dev,
  libssl-dev,
  pkg-config,
- python,
- python-m2crypto,
  wireless-regdb
 Standards-Version: 3.8.4
 Vcs-Svn: svn://svn.debian.org/pkg-wpa/crda/trunk

Added: crda/trunk/debian/patches/openssl_runtime_verification_tuneup.patch
URL: http://svn.debian.org/wsvn/pkg-wpa/crda/trunk/debian/patches/openssl_runtime_verification_tuneup.patch?rev=1498&op=file
==============================================================================
--- crda/trunk/debian/patches/openssl_runtime_verification_tuneup.patch (added)
+++ crda/trunk/debian/patches/openssl_runtime_verification_tuneup.patch Mon Mar  1 14:19:06 2010
@@ -1,0 +1,106 @@
+If USE_OPENSSL=1 do not embed crypto data into binary and use the PUBKEY_DIR
+variable just as it is when USE_GCRYPT=1. When verification fails provide
+information about the PUBKEY_DIR variable.
+
+This change removes support for runtime pubkey dir /etc/wireless-regdb/pubkeys
+as wireless-regdb does not currently install custom pubkeys to
+/etc/wireless-regdb/pubkeys and I can't see any further value to it.
+
+Fix typo (s/make noverify/makeall_noverify).
+
+Signed-off-by: Kel Modderman <kel at otaku42.de>
+---
+--- a/Makefile
++++ b/Makefile
+@@ -16,13 +16,6 @@ UDEV_LEVEL=$(CRDA_UDEV_LEVEL)-
+ # a different location.
+ UDEV_RULE_DIR?=/lib/udev/rules.d/
+ 
+-# If your distribution requires a custom pubkeys dir
+-# you must update this variable to reflect where the
+-# keys are put when building. For example you can run
+-# with make PUBKEY_DIR=/usr/lib/crda/pubkeys
+-PUBKEY_DIR?=pubkeys
+-RUNTIME_PUBKEY_DIR?=/etc/wireless-regdb/pubkeys
+-
+ CFLAGS += -Wall -g
+ 
+ all: all_noverify verify
+@@ -30,12 +23,12 @@ all: all_noverify verify
+ all_noverify: crda intersect regdbdump
+ 
+ ifeq ($(USE_OPENSSL),1)
+-CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl`
++PUBKEY_DIR?=$(PREFIX)/lib/crda/pubkeys
++CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(PUBKEY_DIR)\" `pkg-config --cflags openssl`
+ LDLIBS += `pkg-config --libs openssl`
+ 
+-reglib.o: keys-ssl.c
+-
+ else
++PUBKEY_DIR?=pubkeys
+ CFLAGS += -DUSE_GCRYPT
+ LDLIBS += -lgcrypt
+ 
+@@ -82,7 +75,13 @@ $(REG_BIN):
+ 	$(NQ) $(REG_GIT)
+ 	$(NQ)
+ 	$(NQ) "Once cloned (no need to build) cp regulatory.bin to $(REG_BIN)"
+-	$(NQ) "Use \"make noverify\" to disable verification"
++	$(NQ)
++	$(NQ) "If your distribution requires a custom pubkeys dir you must set"
++	$(NQ) "PUBKEY_DIR to path where the keys are installed by wireless-regdb."
++	$(NQ) "For example:"
++	$(NQ) "    make PUBKEY_DIR=/usr/lib/crda/pubkeys"
++	$(NQ)
++	$(NQ) "Use \"make all_noverify\" to disable verification"
+ 	$(NQ)
+ 	$(Q) exit 1
+ 
+--- a/reglib.c
++++ b/reglib.c
+@@ -18,10 +18,6 @@
+ 
+ #include "reglib.h"
+ 
+-#ifdef USE_OPENSSL
+-#include "keys-ssl.c"
+-#endif
+-
+ #ifdef USE_GCRYPT
+ #include "keys-gcrypt.c"
+ #endif
+@@ -49,7 +45,6 @@ int crda_verify_db_signature(__u8 *db, i
+ #ifdef USE_OPENSSL
+ 	RSA *rsa;
+ 	__u8 hash[SHA_DIGEST_LENGTH];
+-	unsigned int i;
+ 	int ok = 0;
+ 	DIR *pubkey_dir;
+ 	struct dirent *nextfile;
+@@ -61,24 +56,7 @@ int crda_verify_db_signature(__u8 *db, i
+ 		goto out;
+ 	}
+ 
+-	for (i = 0; (i < sizeof(keys)/sizeof(keys[0])) && (!ok); i++) {
+-		rsa = RSA_new();
+-		if (!rsa) {
+-			fprintf(stderr, "Failed to create RSA key.\n");
+-			goto out;
+-		}
+-
+-		rsa->e = &keys[i].e;
+-		rsa->n = &keys[i].n;
+-
+-		ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
+-				db + dblen, siglen, rsa) == 1;
+-
+-		rsa->e = NULL;
+-		rsa->n = NULL;
+-		RSA_free(rsa);
+-	}
+-	if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) {
++	if ((pubkey_dir = opendir(PUBKEY_DIR))) {
+ 		while (!ok && (nextfile = readdir(pubkey_dir))) {
+ 			snprintf(filename, PATH_MAX, "%s/%s", PUBKEY_DIR,
+ 				nextfile->d_name);

Added: crda/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-wpa/crda/trunk/debian/patches/series?rev=1498&op=file
==============================================================================
--- crda/trunk/debian/patches/series (added)
+++ crda/trunk/debian/patches/series Mon Mar  1 14:19:06 2010
@@ -1,0 +1,1 @@
+openssl_runtime_verification_tuneup.patch

Modified: crda/trunk/debian/rules
URL: http://svn.debian.org/wsvn/pkg-wpa/crda/trunk/debian/rules?rev=1498&op=diff
==============================================================================
--- crda/trunk/debian/rules (original)
+++ crda/trunk/debian/rules Mon Mar  1 14:19:06 2010
@@ -1,10 +1,12 @@
 #!/usr/bin/make -f
 
 CFLAGS = -Wall -g -O$(if $(findstring noopt,$(DEB_BUILD_OPTIONS)),0,2)
+PUBKEY_DIR = /lib/crda/pubkeys
+REG_BIN = /lib/crda/regulatory.bin
 USE_OPENSSL = 1
-V = 1                    
+V = 1
 
-export CFLAGS USE_OPENSSL V
+export CFLAGS PUBKEY_DIR REG_BIN USE_OPENSSL V
 
 override_dh_fixperms:
 	dh_fixperms

More information about the Pkg-wpa-devel mailing list