From patchwork Sat Dec 25 18:44:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brice Waegeneire X-Patchwork-Id: 35654 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id E54AA27BBEA; Sat, 25 Dec 2021 18:46:02 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 2653B27BBE9 for ; Sat, 25 Dec 2021 18:46:02 +0000 (GMT) Received: from localhost ([::1]:49392 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n1C3N-0003dq-Ap for patchwork@mira.cbaines.net; Sat, 25 Dec 2021 13:46:01 -0500 Received: from eggs.gnu.org ([209.51.188.92]:58406) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n1C2R-0003dD-3s for guix-patches@gnu.org; Sat, 25 Dec 2021 13:45:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:56535) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1n1C2Q-0004no-OR for guix-patches@gnu.org; Sat, 25 Dec 2021 13:45:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1n1C2Q-0001ns-Ky for guix-patches@gnu.org; Sat, 25 Dec 2021 13:45:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#49649] [PATCH v2 2/4] gnu: wireless-regdb: Reuse 'regulatory.db' signature. References: <20210719211528.22649-1-brice@waegenei.re> In-Reply-To: <20210719211528.22649-1-brice@waegenei.re> Resent-From: Brice Waegeneire Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 25 Dec 2021 18:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 49649 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 49649@debbugs.gnu.org Cc: ludo@gnu.org, me@tobias.gr Received: via spool by 49649-submit@debbugs.gnu.org id=B49649.16404578896864 (code B ref 49649); Sat, 25 Dec 2021 18:45:02 +0000 Received: (at 49649) by debbugs.gnu.org; 25 Dec 2021 18:44:49 +0000 Received: from localhost ([127.0.0.1]:39841 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n1C2C-0001mc-SV for submit@debbugs.gnu.org; Sat, 25 Dec 2021 13:44:49 -0500 Received: from relay9-d.mail.gandi.net ([217.70.183.199]:39487) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n1C27-0001ll-DF for 49649@debbugs.gnu.org; Sat, 25 Dec 2021 13:44:43 -0500 Received: (Authenticated sender: brice@waegenei.re) by relay9-d.mail.gandi.net (Postfix) with ESMTPSA id 5A941FF808; Sat, 25 Dec 2021 18:44:37 +0000 (UTC) From: Brice Waegeneire Date: Sat, 25 Dec 2021 19:44:37 +0100 Message-Id: <20211225184437.9457-1-brice@waegenei.re> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches Unlike 'regulatory.bin' (used by CRDA), we can't have a valid unsigned 'regulatory.db' (used by subsystem cfg80211). So, we reuse upstream's signature for that file and rebuild it ourself to be sure it's reproducible * gnu/packages/linux.scm (wireless-regdb)[source]: Delete file 'regulatory.db'. [arguments]: Remove 'omit-signature' phase, replace 'build' phase with make target 'regulatory.db', add phase 'build-regulatory.bin-unsigned' and add 'check' phase. Enable tests and parallel builds. Remove make-flags specific to 'build-regulatory.bin-unsigned'. [native-inputs]: Use new format and add 'openssl'. [description]: Add reference to the cfg80211 linux subsystem. --- gnu/packages/linux.scm | 72 +++++++++++++++++++++--------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index e2be00679f..54f2682965 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -4296,10 +4296,11 @@ (define-public wireless-regdb (sha256 (base32 "0liagyi6ppf5w474qk9j4jz5gbvvn8mc8al1dq4b1xrgv28485ml")) - - ;; We're building 'regulatory.bin' by ourselves. + ;; We're building 'regulatory.bin' and 'regulatory.db' by + ;; ourselves. (snippet '(begin - (delete-file "regulatory.bin") + (map delete-file '("regulatory.bin" + "regulatory.db")) #t)))) (build-system gnu-build-system) (arguments @@ -4310,48 +4311,47 @@ (define-public wireless-regdb (substitute* "Makefile" (("gzip") "gzip --no-name")) #t)) - (add-after 'unpack 'omit-signature + (replace 'build + (lambda* (#:key (make-flags '()) #:allow-other-keys) + (apply invoke "make" "regulatory.db" make-flags))) + (add-after 'build 'build-regulatory.bin-unsigned + (lambda* (#:key (make-flags '()) #:allow-other-keys) + (apply invoke "make" "regulatory.bin" + (cons* + ;; Leave this empty so that db2bin.py doesn't try to sign + ;; ‘regulatory.bin’. This allows us to avoid managing a key + ;; pair for the whole distribution. + "REGDB_PRIVKEY=" + ;; Don't generate a public key for the same reason. These are + ;; used as Makefile targets and can't be the empty string. + "REGDB_PUBCERT=/dev/null" + "REGDB_PUBKEY=/dev/null" + make-flags)))) + ;; We check if the 'regulatory.db' we just built is the same as the + ;; one that got signed by upstream. + (replace 'check (lambda _ - (substitute* "Makefile" - ;; Signing requires a REGDB_PUBCERT and REGDB_PRIVKEY which we - ;; don't provide (see below). Disable it. - ((" regulatory\\.db\\.p7s") "") - ;; regulatory.db is built as a dependency of regulatory.db.p7s, - ;; but ‘make install’ depends only on the latter while installing - ;; both (and failing). Depend on it explicitly. - (("^install: " all) (string-append all "regulatory.db "))) - #t)) + (invoke "openssl" "smime" + "-verify" "-inform" "DER" + "-signer" "sforshee.x509.pem" + "-in" "regulatory.db.p7s" "-content" "regulatory.db" + "-out" "/dev/null" + "-CAfile" "sforshee.x509.pem"))) (delete 'configure)) ; no configure script - - ;; The 'all' target of the makefile depends on $(REGDB_CHANGED), which - ;; is computed and can be equal to 'maintainer-clean'; when that - ;; happens, we can end up deleting the 'regulatory.bin' file that we - ;; just built. Thus, build things sequentially. - #:parallel-build? #f - - #:tests? #f ; no tests #:make-flags (let ((out (assoc-ref %outputs "out"))) (list (string-append "PREFIX=" out) - (string-append "FIRMWARE_PATH=$(PREFIX)/lib/firmware") - - ;; Leave this empty so that db2bin.py doesn't try to sign - ;; ‘regulatory.bin’. This allows us to avoid managing a key - ;; pair for the whole distribution. - (string-append "REGDB_PRIVKEY=") - ;; Don't generate a public key for the same reason. These are - ;; used as Makefile targets and can't be the empty string. - (string-append "REGDB_PUBCERT=/dev/null") - (string-append "REGDB_PUBKEY=/dev/null"))))) - (native-inputs - `(("python" ,python-wrapper))) + (string-append "FIRMWARE_PATH=$(PREFIX)/lib/firmware"))))) + (native-inputs (list openssl ; to verify signature + python-wrapper)) (home-page "https://wireless.wiki.kernel.org/en/developers/regulatory/wireless-regdb") (synopsis "Wireless regulatory database") (description - "This package contains the wireless regulatory database for the Central -Regulatory Database Agent (CRDA). The database contains information on -country-specific regulations for the wireless spectrum.") + "This package contains the wireless regulatory database used by the Linux +cfg80211 subsystem and the legacy Central Regulatory Database Agent (CRDA). +The database contains information on country-specific regulations for the +wireless spectrum.") (license license:isc))) (define-public lm-sensors