[PATCH] gnu: Add regulatory.db in %base-firmware.

  • Open
  • quality assurance status badge
Details
4 participants
  • Brice Waegeneire
  • Leo Famulari
  • Ludovic Courtès
  • Tobias Geerinckx-Rice
Owner
unassigned
Submitted by
Brice Waegeneire
Severity
normal
B
B
Brice Waegeneire wrote on 19 Jul 2021 23:15
(address . guix-patches@gnu.org)
20210719211528.22649-1-brice@waegenei.re
* gnu/system.scm (%base-firmware): Add 'wireless-regdb'.
---
gnu/system.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Following discussion at https://issues.guix.gnu.org/49611, tho there is
still an error about missing signature but now the kernel load the
regulatory.db without the help of userspace:

Toggle snippet (7 lines)
# dmesg | grep -E '(cfg80211|regulatory)'
[ 6.282015] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 6.283766] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 6.285927] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -2
[ 6.285931] cfg80211: loaded regulatory.db is malformed or signature is missing/invalid

I'm wondering if it's worth removing 'crda' from the default udev rules.

Toggle diff (16 lines)
diff --git a/gnu/system.scm b/gnu/system.scm
index a7c2b1bca4..8dc51b6ec8 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -751,7 +751,8 @@ of PROVENANCE-SERVICE-TYPE to its services."
(define %base-firmware
;; Firmware usable by default.
(list ath9k-htc-firmware
- openfwwf-firmware))
+ openfwwf-firmware
+ wireless-regdb))
(define %base-packages-utils
;; Default set of utilities packages.
--
2.32.0
L
L
Ludovic Courtès wrote on 20 Jul 2021 15:26
(name . Brice Waegeneire)(address . brice@waegenei.re)(address . 49649@debbugs.gnu.org)
87bl6xktf5.fsf@gnu.org
Hi,

Brice Waegeneire <brice@waegenei.re> skribis:

Toggle quote (16 lines)
> * gnu/system.scm (%base-firmware): Add 'wireless-regdb'.
> ---
> gnu/system.scm | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> Following discussion at <https://issues.guix.gnu.org/49611>, tho there is
> still an error about missing signature but now the kernel load the
> regulatory.db without the help of userspace:
>
> # dmesg | grep -E '(cfg80211|regulatory)'
> [ 6.282015] cfg80211: Loading compiled-in X.509 certificates for regulatory database
> [ 6.283766] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
> [ 6.285927] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -2
> [ 6.285931] cfg80211: loaded regulatory.db is malformed or signature is missing/invalid
>

Does that means that the loaded ‘regulatory.db’ is discarded right away?
Or does it proceed anyway?

In the former case, looks like we’ll have to do some more work.

Could our ‘wireless-regdb’ build things from source, hopefully getting
the exact same binary as the one provided upstream, in which case it
could install the original signature as-is. IOW, we’d be building from
source for the explicit purpose of making sure the upstream-provided
‘regulatory.bin’ file can be built reproducibly from this source.

Toggle quote (2 lines)
> I'm wondering if it's worth removing 'crda' from the default udev rules.

It was added in 68ac258b5291aee33dd11a6fd0f545f81935b633 long ago, and I
think it made sense back then. :-)

Do you think it’s now unnecessary because the kernel can load it all by
itself? Or does that depend on kernel build options?

Thanks,
Ludo’.
B
B
Brice Waegeneire wrote on 20 Jul 2021 23:02
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 49649@debbugs.gnu.org)
87r1fshf6r.fsf_-_@waegenei.re
Hello Ludo’,

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (10 lines)
>> # dmesg | grep -E '(cfg80211|regulatory)'
>> [ 6.282015] cfg80211: Loading compiled-in X.509 certificates for regulatory database
>> [ 6.283766] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
>> [ 6.285927] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -2
>> [ 6.285931] cfg80211: loaded regulatory.db is malformed or signature is missing/invalid
>>
>
> Does that means that the loaded ‘regulatory.db’ is discarded right away?
> Or does it proceed anyway?

I did more testing and you are right, in that case 'regulatory.db' isn't
loaded because it isn't signed correctly.

Toggle quote (2 lines)
> In the former case, looks like we’ll have to do some more work.

We can either, bake the DB into the kernel at build time by replacing
the kernel's limited DB with the one from 'wireless-regdb' via the
option CONFIG_CFG80211_INTERNAL_REGDB¹. Or manage our own key, sign the
build database and add make the kernel load them as firmware file at
boot time, which is the usual way but would require a certain level off
work on or side.

Toggle quote (6 lines)
> Could our ‘wireless-regdb’ build things from source, hopefully getting
> the exact same binary as the one provided upstream, in which case it
> could install the original signature as-is. IOW, we’d be building from
> source for the explicit purpose of making sure the upstream-provided
> ‘regulatory.bin’ file can be built reproducibly from this source.

I didn't thought of that, I could give it a try as it should be lowest
hanging fruit.

Toggle quote (8 lines)
>> I'm wondering if it's worth removing 'crda' from the default udev rules.
>
> It was added in 68ac258b5291aee33dd11a6fd0f545f81935b633 long ago, and I
> think it made sense back then. :-)
>
> Do you think it’s now unnecessary because the kernel can load it all by
> itself? Or does that depend on kernel build options?

After more testing, no. We should keep it as default, it is needed if
you want to change you region from userland, with 'iw reg set' for
example.

I don't know how zelously we want to comply to radio frenquency
regulation by being sure our wireless devices don't emit on restricted
frenquecy between the kernel being loaded and userland (crda) setting
the correct region. If we want to be sure such spourious emssions can't
happen we need to fix the loading of 'regulatory.db' by the kernel
otherwise the current setup should be good enought for most usage.


Cheers,
- Brice
T
T
Tobias Geerinckx-Rice wrote on 20 Jul 2021 23:56
Re: [bug#49649] [PATCH] gnu: Add regulatory.db in %base-firmware.
(name . Brice Waegeneire)(address . brice@waegenei.re)
bc6967e5952ce53555817dc17c7f64f8@tobias.gr
[Terse reply whilst travelling, but this stuff is extremely important to
get right.]

Brice, Ludo',

Ludo's suggestion to leverage reproducibility sounds promising!

On 2021-07-20 23:02, Brice Waegeneire wrote:
Toggle quote (2 lines)
> We can either, bake the DB into the kernel at build time

This hasn't been supported since 2015 (Linux ~4.14).

Toggle quote (3 lines)
> I don't know how zelously we want to comply to radio frenquency
> regulation

Utterly. Like our future software freedom depends on it.

Luckily, the kernel falls back to a copy of the world regulatory domain,
the "00" that every Guix System user has been using forever.

Toggle quote (4 lines)
> by being sure our wireless devices don't emit on restricted
> frenquecy between the kernel being loaded and userland (crda) setting
> the correct region.

CRDA is obsolete and only for use with the same legacy kernels.

Toggle quote (3 lines)
> If we want to be sure such spourious emssions can't
> happen we need to fix the loading of 'regulatory.db' by the kernel

That's not true. The whole point of the world regulatory domain is to
be the subset of all other regdb entries.

Kind regards,

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.
L
L
Ludovic Courtès wrote on 23 Jul 2021 11:11
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
87y29xbdj2.fsf@gnu.org
Hi!

Tobias Geerinckx-Rice <me@tobias.gr> skribis:

Toggle quote (6 lines)
>> If we want to be sure such spourious emssions can't
>> happen we need to fix the loading of 'regulatory.db' by the kernel
>
> That's not true. The whole point of the world regulatory domain is to
> be the subset of all other regdb entries.

In that case we have a practical interest in making db loading work, as
this would allow (some) users to use a wider part of the frequency
spectrum.

Thanks for looking into this, comrades!

Ludo’.
T
T
Tobias Geerinckx-Rice wrote on 23 Jul 2021 11:55
(name . Ludovic Courtès)(address . ludo@gnu.org)
fa9b9abba4bcd5a28d722d863a689d3c@tobias.gr
On 2021-07-23 11:11, Ludovic Courtès wrote:
Toggle quote (4 lines)
> In that case we have a practical interest in making db loading work, as
> this would allow (some) users to use a wider part of the frequency
> spectrum.

Absolutely. It's still important, just not someone-could-get-arrested
urgent. So I hope the bit-identical build works out.

Kind regards,

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.
B
B
Brice Waegeneire wrote on 25 Dec 2021 19:44
[PATCH v2 0/4] Load wireless regulatory database in kernel
(address . 49649@debbugs.gnu.org)
20211225184418.9341-1-brice@waegenei.re
Hello Tobias, Ludo’,

Following Tobias corrections, I've extended the previous patch to correctly
enable loading of the wireless regulatory database ('regulatory.db') used by
the kernel subsystem cfg80211, for linux >4.14. As suggested by Ludo, we now
build 'regulatory.db' ourselve to make sure it's reproducible and reuse
upstream signature. That way the linux kernel correctly load the wireless
regulatory database at boot which allows us to use a regulatory domain
different than the "00" default by using a kernel argument such as
“cfg80211.ieee80211_regdom=FR“.

This patch doesn't change anything for kernels older than 4.15 for which the
use of CRDA is needed to load the regulatory database through the
'regulatory.bin' file. IOW the database used by CRDA, is still unsigned and
CRDA doesn't check signatures for it.


Cheers,
- Brice

Brice Waegeneire (4):
gnu: Add regulatory.db in %base-firmware.
gnu: wireless-regdb: Reuse 'regulatory.db' signature.
gnu: wireless-regdb: Update to 2021.08.28.
gnu: crda: Describe it as obsolete.

gnu/packages/linux.scm | 81 ++++++++++++++++++++++--------------------
gnu/system.scm | 3 +-
2 files changed, 44 insertions(+), 40 deletions(-)


base-commit: 1dfe8c372163d481ebebb97dd3b4cafa49906b28
prerequisite-patch-id: b07befb3646df543510b7fecf567286f53d4eaec
--
2.34.0
B
B
Brice Waegeneire wrote on 25 Dec 2021 19:44
[PATCH v2 2/4] gnu: wireless-regdb: Reuse 'regulatory.db' signature.
(address . 49649@debbugs.gnu.org)
20211225184437.9457-1-brice@waegenei.re
Unlike 'regulatory.bin' (used by CRDA), we can't have a valid unsigned
'regulatory.db' (used by subsystem cfg80211). So, we reuse upstream's
signature for that file and rebuild it ourself to be sure it's
reproducible

* gnu/packages/linux.scm (wireless-regdb)[source]: Delete file
'regulatory.db'.
[arguments]: Remove 'omit-signature' phase, replace 'build' phase with
make target 'regulatory.db', add phase 'build-regulatory.bin-unsigned'
and add 'check' phase. Enable tests and parallel builds. Remove
make-flags specific to 'build-regulatory.bin-unsigned'.
[native-inputs]: Use new format and add 'openssl'.
[description]: Add reference to the cfg80211 linux subsystem.
---
gnu/packages/linux.scm | 72 +++++++++++++++++++++---------------------
1 file changed, 36 insertions(+), 36 deletions(-)

Toggle diff (102 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index e2be00679f..54f2682965 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -4296,10 +4296,11 @@ (define-public wireless-regdb
(sha256
(base32
"0liagyi6ppf5w474qk9j4jz5gbvvn8mc8al1dq4b1xrgv28485ml"))
-
- ;; We're building 'regulatory.bin' by ourselves.
+ ;; We're building 'regulatory.bin' and 'regulatory.db' by
+ ;; ourselves.
(snippet '(begin
- (delete-file "regulatory.bin")
+ (map delete-file '("regulatory.bin"
+ "regulatory.db"))
#t))))
(build-system gnu-build-system)
(arguments
@@ -4310,48 +4311,47 @@ (define-public wireless-regdb
(substitute* "Makefile"
(("gzip") "gzip --no-name"))
#t))
- (add-after 'unpack 'omit-signature
+ (replace 'build
+ (lambda* (#:key (make-flags '()) #:allow-other-keys)
+ (apply invoke "make" "regulatory.db" make-flags)))
+ (add-after 'build 'build-regulatory.bin-unsigned
+ (lambda* (#:key (make-flags '()) #:allow-other-keys)
+ (apply invoke "make" "regulatory.bin"
+ (cons*
+ ;; Leave this empty so that db2bin.py doesn't try to sign
+ ;; ‘regulatory.bin’. This allows us to avoid managing a key
+ ;; pair for the whole distribution.
+ "REGDB_PRIVKEY="
+ ;; Don't generate a public key for the same reason. These are
+ ;; used as Makefile targets and can't be the empty string.
+ "REGDB_PUBCERT=/dev/null"
+ "REGDB_PUBKEY=/dev/null"
+ make-flags))))
+ ;; We check if the 'regulatory.db' we just built is the same as the
+ ;; one that got signed by upstream.
+ (replace 'check
(lambda _
- (substitute* "Makefile"
- ;; Signing requires a REGDB_PUBCERT and REGDB_PRIVKEY which we
- ;; don't provide (see below). Disable it.
- ((" regulatory\\.db\\.p7s") "")
- ;; regulatory.db is built as a dependency of regulatory.db.p7s,
- ;; but ‘make install’ depends only on the latter while installing
- ;; both (and failing). Depend on it explicitly.
- (("^install: " all) (string-append all "regulatory.db ")))
- #t))
+ (invoke "openssl" "smime"
+ "-verify" "-inform" "DER"
+ "-signer" "sforshee.x509.pem"
+ "-in" "regulatory.db.p7s" "-content" "regulatory.db"
+ "-out" "/dev/null"
+ "-CAfile" "sforshee.x509.pem")))
(delete 'configure)) ; no configure script
-
- ;; The 'all' target of the makefile depends on $(REGDB_CHANGED), which
- ;; is computed and can be equal to 'maintainer-clean'; when that
- ;; happens, we can end up deleting the 'regulatory.bin' file that we
- ;; just built. Thus, build things sequentially.
- #:parallel-build? #f
-
- #:tests? #f ; no tests
#:make-flags
(let ((out (assoc-ref %outputs "out")))
(list (string-append "PREFIX=" out)
- (string-append "FIRMWARE_PATH=$(PREFIX)/lib/firmware")
-
- ;; Leave this empty so that db2bin.py doesn't try to sign
- ;; ‘regulatory.bin’. This allows us to avoid managing a key
- ;; pair for the whole distribution.
- (string-append "REGDB_PRIVKEY=")
- ;; Don't generate a public key for the same reason. These are
- ;; used as Makefile targets and can't be the empty string.
- (string-append "REGDB_PUBCERT=/dev/null")
- (string-append "REGDB_PUBKEY=/dev/null")))))
- (native-inputs
- `(("python" ,python-wrapper)))
+ (string-append "FIRMWARE_PATH=$(PREFIX)/lib/firmware")))))
+ (native-inputs (list openssl ; to verify signature
+ python-wrapper))
(home-page
"https://wireless.wiki.kernel.org/en/developers/regulatory/wireless-regdb")
(synopsis "Wireless regulatory database")
(description
- "This package contains the wireless regulatory database for the Central
-Regulatory Database Agent (CRDA). The database contains information on
-country-specific regulations for the wireless spectrum.")
+ "This package contains the wireless regulatory database used by the Linux
+cfg80211 subsystem and the legacy Central Regulatory Database Agent (CRDA).
+The database contains information on country-specific regulations for the
+wireless spectrum.")
(license license:isc)))
(define-public lm-sensors
--
2.34.0
B
B
Brice Waegeneire wrote on 25 Dec 2021 19:44
[PATCH v2 1/4] gnu: Add regulatory.db in %base-firmware.
(address . 49649@debbugs.gnu.org)
20211225184435.9436-1-brice@waegenei.re
* gnu/system.scm (%base-firmware): Add 'wireless-regdb'.
---
gnu/system.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (16 lines)
diff --git a/gnu/system.scm b/gnu/system.scm
index 088c62ddde..49377e5486 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -789,7 +789,8 @@ (define* (operating-system-with-provenance os
(define %base-firmware
;; Firmware usable by default.
(list ath9k-htc-firmware
- openfwwf-firmware))
+ openfwwf-firmware
+ wireless-regdb))
(define %base-packages-artwork
;; Default set of artwork packages.
--
2.34.0
B
B
Brice Waegeneire wrote on 25 Dec 2021 19:44
[PATCH v2 3/4] gnu: wireless-regdb: Update to 2021.08.28.
(address . 49649@debbugs.gnu.org)
20211225184437.9473-1-brice@waegenei.re
* gnu/packages/linux.scm (wireless-regdb): Update to 2021.08.28.
---
gnu/packages/linux.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 54f2682965..a67eb607e4 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -4287,7 +4287,7 @@ (define-public crda
(define-public wireless-regdb
(package
(name "wireless-regdb")
- (version "2020.11.20")
+ (version "2021.08.28")
(source (origin
(method url-fetch)
(uri (string-append
@@ -4295,7 +4295,7 @@ (define-public wireless-regdb
"wireless-regdb-" version ".tar.xz"))
(sha256
(base32
- "0liagyi6ppf5w474qk9j4jz5gbvvn8mc8al1dq4b1xrgv28485ml"))
+ "0ij4lnpjmzbwr956cgaxrbpz3zbqcanahzqamqbd7rni23271wyg"))
;; We're building 'regulatory.bin' and 'regulatory.db' by
;; ourselves.
(snippet '(begin
--
2.34.0
B
B
Brice Waegeneire wrote on 25 Dec 2021 19:44
[PATCH v2 4/4] gnu: crda: Describe it as obsolete.
(address . 49649@debbugs.gnu.org)
20211225184438.9488-1-brice@waegenei.re
* gnu/packages/linux.scm (crda)[description]: Describe the package as
obsolete.
---
gnu/packages/linux.scm | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

Toggle diff (25 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index a67eb607e4..40006a7465 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -4198,6 +4198,8 @@ (define-public wireless-tools
;; other files are distributed under gpl2.
(license (list license:gpl2 license:lgpl2.1+))))
+;; NOTE Remove 'crda' package when 'linux-libre' 4.14 won't be packaged
+;; anymore.
(define-public crda
(package
(name "crda")
@@ -4281,7 +4283,8 @@ (define-public crda
(description
"The Central Regulatory Domain Agent (CRDA) acts as the udev helper for
communication between the kernel Linux and user space for regulatory
-compliance.")
+compliance. It is obsolete since Linux 4.15, as the wireless regulatory
+database is now managed by the kernel susbsystem cfg80211.")
(license license:copyleft-next)))
(define-public wireless-regdb
--
2.34.0
L
L
Leo Famulari wrote on 25 Dec 2021 22:13
(name . Brice Waegeneire)(address . brice@waegenei.re)
YceJayh6NUESoRWX@jasmine.lan
On Sat, Dec 25, 2021 at 07:44:38PM +0100, Brice Waegeneire wrote:
Toggle quote (3 lines)
> * gnu/packages/linux.scm (crda)[description]: Describe the package as
> obsolete.

[...}

Toggle quote (3 lines)
> +;; NOTE Remove 'crda' package when 'linux-libre' 4.14 won't be packaged
> +;; anymore.

To clarify, this refers to 4.14 and older, not just 4.14, right?

We have about 2 more years, unless we choose to package the super
long-term support (SLTS) 4.4 series that is sponsored by the Civil
Infrastructure Platform:

L
L
Leo Famulari wrote on 28 Dec 2021 08:15
Re: [bug#49649] [PATCH v2 0/4] Load wireless regulatory database in kernel
(name . Brice Waegeneire)(address . brice@waegenei.re)
Ycq5dEDmFIvfB+jk@jasmine.lan
On Sat, Dec 25, 2021 at 07:44:18PM +0100, Brice Waegeneire wrote:
Toggle quote (6 lines)
> Brice Waegeneire (4):
> gnu: Add regulatory.db in %base-firmware.
> gnu: wireless-regdb: Reuse 'regulatory.db' signature.
> gnu: wireless-regdb: Update to 2021.08.28.
> gnu: crda: Describe it as obsolete.

Works for me on 5.15.11, thanks!
L
L
Ludovic Courtès wrote on 31 Dec 2021 15:29
Re: [PATCH v2 0/4] Load wireless regulatory database in kernel
(name . Brice Waegeneire)(address . brice@waegenei.re)
871r1srgnu.fsf@gnu.org
Hi Brice,

Brice Waegeneire <brice@waegenei.re> skribis:

Toggle quote (9 lines)
> Following Tobias corrections, I've extended the previous patch to correctly
> enable loading of the wireless regulatory database ('regulatory.db') used by
> the kernel subsystem cfg80211, for linux >4.14. As suggested by Ludo, we now
> build 'regulatory.db' ourselve to make sure it's reproducible and reuse
> upstream signature. That way the linux kernel correctly load the wireless
> regulatory database at boot which allows us to use a regulatory domain
> different than the "00" default by using a kernel argument such as
> “cfg80211.ieee80211_regdom=FR“.

Does that mean it’s up to users to add such an argument to
‘kernel-arguments’? If so, we should probably document it (though
that’s not a blocker for this series.)

Toggle quote (5 lines)
> This patch doesn't change anything for kernels older than 4.15 for which the
> use of CRDA is needed to load the regulatory database through the
> 'regulatory.bin' file. IOW the database used by CRDA, is still unsigned and
> CRDA doesn't check signatures for it.

Sounds good.

I haven’t actually tested it but the patch series LGTM! It’s a much
welcome improvement.

Toggle quote (2 lines)
Make sure to add this line in the commit log of patch #2.

Thank you!

Ludo'.
L
L
Ludovic Courtès wrote on 1 Jun 2022 22:29
Re: bug#49649: [PATCH] gnu: Add regulatory.db in %base-firmware.
(name . Brice Waegeneire)(address . brice@waegenei.re)
87k0a0t9f2.fsf_-_@gnu.org
Hi Brice,

Looks like this patch series was ready to go.


Could you push it? If not, please let us know so one of us can do it on
your behalf; let us know if there are additional tests that should be
made beforehand, too.

TIA!

Ludo’.

Ludovic Courtès <ludo@gnu.org> skribis:

Toggle quote (34 lines)
> Hi Brice,
>
> Brice Waegeneire <brice@waegenei.re> skribis:
>
>> Following Tobias corrections, I've extended the previous patch to correctly
>> enable loading of the wireless regulatory database ('regulatory.db') used by
>> the kernel subsystem cfg80211, for linux >4.14. As suggested by Ludo, we now
>> build 'regulatory.db' ourselve to make sure it's reproducible and reuse
>> upstream signature. That way the linux kernel correctly load the wireless
>> regulatory database at boot which allows us to use a regulatory domain
>> different than the "00" default by using a kernel argument such as
>> “cfg80211.ieee80211_regdom=FR“.
>
> Does that mean it’s up to users to add such an argument to
> ‘kernel-arguments’? If so, we should probably document it (though
> that’s not a blocker for this series.)
>
>> This patch doesn't change anything for kernels older than 4.15 for which the
>> use of CRDA is needed to load the regulatory database through the
>> 'regulatory.bin' file. IOW the database used by CRDA, is still unsigned and
>> CRDA doesn't check signatures for it.
>
> Sounds good.
>
> I haven’t actually tested it but the patch series LGTM! It’s a much
> welcome improvement.
>
>> Fixes <https://issues.guix.gnu.org/49611.
>
> Make sure to add this line in the commit log of patch #2.
>
> Thank you!
>
> Ludo'.
?