Hey folks, I wanted to try to help Debian in ways in which I can with the new regulatory infrastructure upstream on the Linux kernel. As of recent (>= 2.6.34) the old regulatory stuff has been deprecated and replaced completely for CFG80211_INTERNAL_REGDB, the old regulatory framework was also disabled by default as of the 2.6.30 kernel release [1]. A user on linux-wireless recently reported that CONFIG_WIRELESS_OLD_REGULATORY was enabled on their debian squeeze 2.6.32 kernel [2]. I think its time for a change and wanted to help address questions and help ensure userspace is ready as well for now and in the future.
I asked Kel Modderman [3] about the packages and it seems he is really busy with quite a few moves he has been doing and just lacks time to get wireless-regdb and crda packaged into Debian. I am the upstream CRDA maintainer and have already provided a sample debian/ directory for simple packaging for both wireless-regdb and CRDA. When reviewing debian packaging before though there were some technical details which needed to be ironed out over using an RSA private key to digitally sign the wireless-regdb database and then using the public key to read the and trust the key with CRDA [4]. Paul Wise also had some good feedback and I hope we have addressed it all now. Kel's last iteration consisted of creating a private/public RSA key for the pkg-wpa-devel team. Technical issue with this is the issues faced when doing automatic builds, unless you can get the automatic builds to incorporate your key somehow. Fedora seems to solves this by generating new keys on each build but always trusting John Linville's public key therefore allowing end users to download new upstream wireless-regdb binaries as well as using updates from their own repositories. Ubuntu simply packages both wireless-regdb and CRDA into one package, wireless-crda, and simply just trust John's key. That's all. As of the CRDA 1.1.1 release if you use OpenSSL you can now also dynamically read public keys at runtime, not sure if this is something that might help with packaging. As a last resort there is also the ability to just use the CFG80211_INTERNAL_REGDB that John Linville added recently but that won't be around until 2.6.34 and lacks the ability to update regulatory updates through userspace -- you'd have to provide a new kernel every time wireless regulatory updates are made, which is why we decided to move the regulatory database to userspace in the first place. I prefer to just recommend this kconfig option to embedded users. The other option is to just not use the RSA key stuff, but as noted on the documentation I advise against it as using it ensure we are doing best effort on our part in the FOSS community for the best regulatory compliance we can implement. With the RSA key stuff we get both authorship verification and file integrity checks without having to keep CRC checks around, it covers both with one solution. It is not designed to be bullet proof, anyone can hack their own regulatory database and we've even documented exactly how to do this [6] as there are real world examples for why a third party would do this, but by using the RSA key stuff we are doing best effort on ensuring authorship and file integrity prior to passing information to the kernel. We've tried to document as best as we can the new regulatory infrastructure [5], our motivation for it [6] and upstream commitment for it [7]. Please let me know if there are any questions, I'd be glad to help in any way I can. [1] http://wireless.kernel.org/en/developers/Regulatory#Old_regulatory_implementation [2] http://marc.info/?l=linux-wireless&m=126444734215577&w=2 [3] http://marc.info/?l=linux-wireless&m=126468708719138&w=2 [4] http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/2009-May/002266.html [5] http://wireless.kernel.org/en/developers/Regulatory [6] http://wireless.kernel.org/en/developers/Regulatory#Custom_regulatory_information [7] http://wireless.kernel.org/en/vendors/VendorSupport [8] http://wireless.kernel.org/en/developers/Regulatory/statement Luis -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
