[Bug 555850] New: crda -- Database signature verification failed.
http://bugzilla.novell.com/show_bug.cgi?id=555850 Summary: crda -- Database signature verification failed. Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: mt@novell.com QAContact: qa@suse.de Found By: --- Blocker: --- --- Comment #0 from Marius Tomaschewski <mt@novell.com> 2009-11-16 15:50:10 UTC --- crda reports database signature verification failure: # export COUNTRY=DE # /sbin/crda Database signature verification failed. A strace complains about fips_enabled: open("/usr/local/lib/crda/regulatory.bin", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/crda/regulatory.bin", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=3108, ...}) = 0 mmap(NULL, 3108, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f603dfa4000 access("/etc/gcrypt/fips_enabled", F_OK) = -1 ENOENT (No such file or directory) open("/proc/sys/crypto/fips_enabled", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f603dfa3000 read(4, "0\n", 1024) = 2 close(4) = 0 munmap(0x7f603dfa3000, 4096) = 0 write(2, "Database signature verification "..., 40Database signature verification failed. ) = 40 exit_group(-22) = ? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=555850 Marius Tomaschewski <mt@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |vbotka@novell.com |ovo.novell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=555850 --- Comment #1 from Marius Tomaschewski <mt@novell.com> 2009-11-16 15:58:56 UTC --- Enabling FIPS does not help, ...: # echo "1" > /proc/sys/crypto/fips_enabled -bash: /proc/sys/crypto/fips_enabled: Keine Berechtigung # echo "1" > /etc/gcrypt/fips_enabled # strace -f /sbin/crda [...] open("/usr/lib/crda/regulatory.bin", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=3108, ...}) = 0 mmap(NULL, 3108, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f6847a6c000 access("/etc/gcrypt/fips_enabled", F_OK) = 0 open("/etc/gcrypt/fips_enabled", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=2, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6847a6b000 read(4, "1\n", 4096) = 2 close(4) = 0 munmap(0x7f6847a6b000, 4096) = 0 mmap(NULL, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6847a64000 getuid() = 0 mlock(0x7f6847a64000, 32768) = 0 open("/dev/random", O_RDONLY) = 4 fcntl(4, F_GETFD) = 0 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 select(5, [4], NULL, NULL, {3, 0}) = 0 (Timeout) select(5, [4], NULL, NULL, {3, 0}) = 0 (Timeout) select(5, [4], NULL, NULL, {3, 0}) = 0 (Timeout) select(5, [4], NULL, NULL, {3, 0}) = 1 (in [4], left {1, 947924}) read(4, "\312D\22\n\6\3\363f", 16) = 8 select(5, [4], NULL, NULL, {3, 0}) = 1 (in [4], left {2, 606831}) read(4, "\220\352p\321\217\274\20\356", 8) = 8 getpid() = 6552 select(5, [4], NULL, NULL, {3, 0}) = 1 (in [4], left {2, 606648}) read(4, "\350\263\301\375tenV", 16) = 8 select(5, [4], NULL, NULL, {3, 0}) = 1 (in [4], left {2, 603033}) read(4, "\377\234\250\0327\355!D", 8) = 8 getppid() = 6551 write(2, "Database signature verification "..., 40Database signature verification failed. ) = 40 exit_group(-22) = ? looks like a invalid signature. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=555850#c2 Rafał Rzepecki <divided.mind@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |divided.mind@gmail.com Severity|Normal |Major --- Comment #2 from Rafał Rzepecki <divided.mind@gmail.com> 2009-11-17 00:25:31 UTC --- I can confirm. Getting a regulatory database from http://wireless.kernel.org/download/wireless-regdb/regulatory.bins/ fixes the problem. Quite possibly regulatory.bin is compiled and therefore signed by Novell but Novell's public key for verification is not embedded in crda. Please note that this is a _major_ bug, as it effectively restricts any and all wireless devices to world (ie. most restrictive) regulatory domain, disallowing network access for all who use, say, channel 13 on their APs, which is actually relatively popular in Europe. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=555850 http://bugzilla.novell.com/show_bug.cgi?id=555850#c3 Marius Tomaschewski <mt@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium CC| |ro@novell.com Platform|Other |All OS/Version|Other |openSUSE 11.2 --- Comment #3 from Marius Tomaschewski <mt@novell.com> 2010-03-05 11:46:17 UTC --- Vladimir, any news? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=555850 http://bugzilla.novell.com/show_bug.cgi?id=555850#c4 --- Comment #4 from Ruediger Oertel <ro@novell.com> 2010-03-05 13:20:20 UTC --- # cd hilbert:/mounts/work_users/ro # osc rq list hardware 34100 State:new By:oertel When:2010-03-05T01:53:12 submit: home:oertel:branches:hardware/crda -> hardware Descr: 'update to current release' 34099 State:new By:oertel When:2010-03-05T01:33:50 submit: home:oertel:branches:hardware/wireless-regdb -> hardware Descr: 'update to current' with these I don't get the verification failed message anymore (it's the regdb-2009.11.25 and crda-1.1.1 releases) but on calling crda I get: "Failed to set regulatory domain: -22" whatever that may mean. setting the domain via "iw reg set DE" works for me. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=555850 http://bugzilla.novell.com/show_bug.cgi?id=555850#c Marius Tomaschewski <mt@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |585802 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=555850 http://bugzilla.novell.com/show_bug.cgi?id=555850#c5 --- Comment #5 from Marius Tomaschewski <mt@novell.com> 2010-03-05 13:58:28 UTC --- It is required to set also WIRELESS_WPA_DRIVER='nl80211' in case the wpa_supplicant is in use. I opened a bug 585802 to track the switch to the new driver on 11.3 and collect the cases where the new driver does not work. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=555850 http://bugzilla.novell.com/show_bug.cgi?id=555850#c Marius Tomaschewski <mt@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|585802 | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=555850 https://bugzilla.novell.com/show_bug.cgi?id=555850#c6 Vladimir Botka <vbotka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Component|Network |Network Resolution| |FIXED AssignedTo|vbotka@novell.com |bnc-team-screening@forge.pr | |ovo.novell.com Product|openSUSE 11.2 |openSUSE 11.3 Target Milestone|--- |Final --- Comment #6 from Vladimir Botka <vbotka@novell.com> 2010-09-10 15:12:56 UTC --- All is well in 11.3, closed as FIXED Sep 10 17:10:54 vaio kernel: [74086.544686] cfg80211: Calling CRDA for country: CZ Sep 10 17:10:54 vaio kernel: [74086.547515] cfg80211: Regulatory domain changed to country: CZ Sep 10 17:10:54 vaio kernel: [74086.547518] (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp) Sep 10 17:10:54 vaio kernel: [74086.547520] (2400000 KHz - 2483500 KHz @ 40000 KHz), (N/A, 2000 mBm) Sep 10 17:10:54 vaio kernel: [74086.547522] (5150000 KHz - 5250000 KHz @ 40000 KHz), (N/A, 2301 mBm) Sep 10 17:10:54 vaio kernel: [74086.547524] (5250000 KHz - 5350000 KHz @ 40000 KHz), (N/A, 2301 mBm) Sep 10 17:10:54 vaio kernel: [74086.547525] (5470000 KHz - 5725000 KHz @ 40000 KHz), (N/A, 3000 mBm) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=555850 https://bugzilla.novell.com/show_bug.cgi?id=555850#c Vladimir Botka <vbotka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vbotka@novell.com OS/Version|openSUSE 11.2 |openSUSE 11.3 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com