summaryrefslogtreecommitdiff
path: root/README
blob: f2465004e377328a75187b6b6f20b80c6e243085 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 Central Regulatory Domain Agent (CRDA)
========================================

This is the Central Regulatory Domain Agent for Linux. It serves two
purposes: keep a database of world-wide regulatory information and
tell the Linux kernel what to enforce.

 REQUIREMENTS
==============

The package requirements currently are:
 * python and the m2crypto package (python-m2crypto)
 * libgcrypt or libssl (openssl) header files
 * MoinMoin (http://moinmo.in) for the web viewer

 OVERVIEW
==========

The regulatory information is collected in a text file, `db.txt'. This
text file is then compiled into a binary database `regulatory.bin' and
digitally signed with the key in `key.priv.pem'. The binary database
is then used by the regulatory agent to update the in-kernel enforcement
table.

 TECHNICAL INFORMATION
=======================

The regulatory information in `db.txt' is stored in a human-readable
format which can be read using the `dbparse.py' python module. This
python module is used by the web viewer (web/Regulatory.py) which is
implemented as a MoinMoin macro (and used on http://linuxwireless.org)
to allow viewing the database for verification.

The dbparse module is also used by db2bin.py, the `compiler', which
compiles and signs the binary database.

The binary database file format is described in `regdb.h' (which has
to be kept in sync with the compiler.

The key file, key.priv.pem, has to be an RSA key, for example created
with openssl using `openssl genrsa -out key.priv.pem 1024'. Building
without such a key file causes the test-key to be used to allow the
build to succeed without generating a key first. This key is not meant
to be used for deployments, however.

Under certain circumstances it may be desirable to have the regulatory
agent accept multiple keys, this can be achieved by compiling it when
more than one key is present in the source directory (named *.pem). In
this case, the agent will accept a signature of any of those keys.