On Friday 05 March 2010 11:56:11 Kel Modderman wrote: > On Friday 05 March 2010 11:37:22 John W. Linville wrote: > > On Fri, Mar 05, 2010 at 10:27:03AM +1000, Kel Modderman wrote: > > > On Friday 05 March 2010 01:31:28 John W. Linville wrote: > > > > On Fri, Mar 05, 2010 at 12:08:50AM +1000, Kel Modderman wrote: > > > > > When USE_OPENSSL=1 do not embed crypto data into binary, use the PUBKEY_DIR > > > > > variable just as it is when USE_GCRYPT=1 and just load certs from PUBKEY_DIR > > > > > for signature verification at runtime. Remove ssl support from > > > > > utils/key2pub.py. > > > > > > > > > > This allows wireless-regdb to be built from source and upgraded independently > > > > > of crda and is _crucial_ for distributions who want to build their own > > > > > regulatory.bin. > > > > > > > > I don't understand -- isn't this possible already? > > > > > > No. > > > > Perhaps you could use a few more words? It seems to me that what > > limits you is the policies of some distributions. Certainly crda > > and wireless-regdb can be maintained separately so long as the key > > doesn't change between builds or with alternate keys installed in > > the proper locations. Am I missing something? > > Yes you are missing something. Its not the policy of my distribution which > is limiting its the design of the crda/wireless-regdb build systems. > > Now that openssl support allows reading pubkeys at runtime, the embedding > of crypto data into binaries can be totally removed when built with openssl. > > wireless-regdb can be built from source, when it does so it generates a new > custom key which is installed to /lib/crda/pubkeys/<key>. Your key is also > installed here, oh but hang on, its also embedded into the binary so why bother > installing it at all? Alright, so we can manually move our custom generated > key from /lib/crda/pubkeys/<key> to /etc/wireless-regdb/pubkeys/<key> and things > will probably be okay next time we build wireless-regdb and upgrade it > independently of crda, except for: > 1. we now have /lib/crda/pubkeys/linville.pub.pem for no reason at all > 2. the distribution is installing to /etc/wireless-regdb/pubkeys/ which should > be reserved for the admin > 3. you're maintaining a bunch of useless code which embeds openssl data into > binaries when you do not have to 4. if your key changes, and we have built and upgraded wireless-regdb and not crda then the embedded crypto data and /lib/crda/pubkeys/linville.pub.pem won't help > > These 3 points is what my patch attempts to address. 4 points Thanks, Kel. -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html