commit: 64487c79b36819c80427fb19399a46ae604135b3
Author: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
AuthorDate: Sun Jan 17 20:30:36 2021 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sun Jan 17 20:30:36 2021 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=64487c79
net-wireless/crda: new package
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
net-wireless/crda/Manifest | 1 +
net-wireless/crda/crda-4.14.ebuild | 84 ++++++
.../crda/files/crda-4.14-do-not-compress-doc.patch | 36 +++
.../crda-4.14-openssl-1.1.0-compatibility.patch | 314 +++++++++++++++++++++
net-wireless/crda/files/crda-4.14-python-3.patch | 95 +++++++
net-wireless/crda/files/crda-cflags.patch | 33 +++
net-wireless/crda/files/crda-ldflags.patch | 11 +
net-wireless/crda/files/crda-libreg-link.patch | 30 ++
net-wireless/crda/files/crda-libressl.patch | 11 +
net-wireless/crda/files/crda-no-ldconfig.patch | 28 ++
net-wireless/crda/files/crda-no-werror.patch | 32 +++
net-wireless/crda/metadata.xml | 11 +
12 files changed, 686 insertions(+)
diff --git a/net-wireless/crda/Manifest b/net-wireless/crda/Manifest
new file mode 100644
index 0000000..ea58350
--- /dev/null
+++ b/net-wireless/crda/Manifest
@@ -0,0 +1 @@
+DIST crda-4.14.tar.gz 72753 BLAKE2B
79e96bc41103eb221d841c74081c2abf507c46ae7790d5d8201dbc49260bc833630b95f74da5500817e07f1b4108713867071bd82ecc4c46d202d1e0ea865675
SHA512
0d52cf62589ec2debfd66de95b82b03a1c15048d8425cf5ef43c3e1f51ce1311a6d898fd5f69badcceb3181d35c836db197c6f070654dab351b01e96a1dd1053
diff --git a/net-wireless/crda/crda-4.14.ebuild
b/net-wireless/crda/crda-4.14.ebuild
new file mode 100644
index 0000000..b154161
--- /dev/null
+++ b/net-wireless/crda/crda-4.14.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6..9} )
+inherit toolchain-funcs python-any-r1 udev
+
+DESCRIPTION="Central Regulatory Domain Agent for wireless networks"
+HOMEPAGE="https://wireless.wiki.kernel.org/en/developers/regulatory/crda";
+SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/snapshot/${P}.tar.gz";
+
+LICENSE="ISC"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~mips ppc ppc64 sparc x86"
+IUSE="gcrypt libressl"
+
+RDEPEND="!gcrypt? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ )
+ gcrypt? ( dev-libs/libgcrypt:0= )
+ dev-libs/libnl:3
+ net-wireless/wireless-regdb"
+DEPEND="${RDEPEND}"
+BDEPEND="${PYTHON_DEPS}
+ $(python_gen_any_dep 'dev-python/m2crypto[${PYTHON_USEDEP}]')
+ virtual/pkgconfig"
+
+python_check_deps() {
+ has_version -b "dev-python/m2crypto[${PYTHON_USEDEP}]"
+}
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-no-ldconfig.patch
+ "${FILESDIR}"/${PN}-no-werror.patch
+ "${FILESDIR}"/${PN}-cflags.patch
+ "${FILESDIR}"/${PN}-libreg-link.patch #542436
+ "${FILESDIR}"/${PN}-4.14-python-3.patch
+ "${FILESDIR}"/${PN}-4.14-openssl-1.1.0-compatibility.patch #652428
+ "${FILESDIR}"/${PN}-libressl.patch
+ "${FILESDIR}"/${PN}-ldflags.patch
+ "${FILESDIR}"/${PN}-4.14-do-not-compress-doc.patch
+)
+
+src_prepare() {
+ default
+ sed -i \
+ -e "s:\<pkg-config\>:$(tc-getPKG_CONFIG):" \
+ Makefile || die
+}
+
+_emake() {
+ # The source hardcodes /usr/lib/crda/ paths (ignoring all make vars
+ # that look like it should change it). We want to use /usr/lib/
+ # anyways as this file is not ABI specific and we want to share it
+ # among all ABIs rather than pointlessly duplicate it.
+ #
+ # The trailing slash on SBINDIR is required by the source.
+ emake \
+ PREFIX="${EPREFIX}/usr" \
+ SBINDIR='$(PREFIX)/sbin/' \
+ LIBDIR='$(PREFIX)/'"$(get_libdir)" \
+ UDEV_RULE_DIR="$(get_udevdir)/rules.d" \
+ REG_BIN="${SYSROOT}"/usr/lib/crda/regulatory.bin \
+ USE_OPENSSL=$(usex gcrypt 0 1) \
+ CC="$(tc-getCC)" \
+ V=1 \
+ WERROR= \
+ "$@"
+}
+
+src_compile() {
+ _emake all_noverify
+}
+
+src_test() {
+ _emake verify
+}
+
+src_install() {
+ _emake DESTDIR="${D}" install
+ keepdir /etc/wireless-regdb/pubkeys
+}
diff --git a/net-wireless/crda/files/crda-4.14-do-not-compress-doc.patch
b/net-wireless/crda/files/crda-4.14-do-not-compress-doc.patch
new file mode 100644
index 0000000..428bafb
--- /dev/null
+++ b/net-wireless/crda/files/crda-4.14-do-not-compress-doc.patch
@@ -0,0 +1,36 @@
+diff --git a/Makefile b/Makefile
+index 335d17d..683a379 100644
+--- a/Makefile
++++ b/Makefile
+@@ -157,11 +157,7 @@ verify: $(REG_BIN) regdbdump
+ LD_LIBRARY_PATH=.:$(LD_LIBRARY_PATH) \
+ ./regdbdump $(REG_BIN) >/dev/null
+
+-%.gz: %
+- @$(NQ) ' GZIP' $<
+- $(Q)gzip < $< > $@
+-
+-install: install-libreg install-libreg-headers crda crda.8.gz regdbdump.8.gz
++install: install-libreg install-libreg-headers crda crda.8 regdbdump.8
+ $(NQ) ' INSTALL crda'
+ $(Q)$(MKDIR) $(DESTDIR)/$(SBINDIR)
+ $(Q)$(INSTALL) -m 755 -t $(DESTDIR)/$(SBINDIR) crda
+@@ -177,13 +173,13 @@ install: install-libreg install-libreg-headers crda
crda.8.gz regdbdump.8.gz
+ $(Q)$(INSTALL) -m 644 -t \
+ $(DESTDIR)/$(UDEV_RULE_DIR)/ \
+ udev/$(UDEV_LEVEL)regulatory.rules
+- $(NQ) ' INSTALL crda.8.gz'
++ $(NQ) ' INSTALL crda.8'
+ $(Q)$(MKDIR) $(DESTDIR)$(MANDIR)/man8/
+- $(Q)$(INSTALL) -m 644 -t $(DESTDIR)/$(MANDIR)/man8/ crda.8.gz
+- $(NQ) ' INSTALL regdbdump.8.gz'
+- $(Q)$(INSTALL) -m 644 -t $(DESTDIR)/$(MANDIR)/man8/ regdbdump.8.gz
++ $(Q)$(INSTALL) -m 644 -t $(DESTDIR)/$(MANDIR)/man8/ crda.8
++ $(NQ) ' INSTALL regdbdump.8'
++ $(Q)$(INSTALL) -m 644 -t $(DESTDIR)/$(MANDIR)/man8/ regdbdump.8
+
+ clean:
+ $(Q)rm -f $(LIBREG) crda regdbdump intersect db2rd optimize \
+- *.o *~ *.pyc keys.c *.gz \
++ *.o *~ *.pyc keys.c \
+ udev/$(UDEV_LEVEL)regulatory.rules udev/regulatory.rules.parsed
diff --git
a/net-wireless/crda/files/crda-4.14-openssl-1.1.0-compatibility.patch
b/net-wireless/crda/files/crda-4.14-openssl-1.1.0-compatibility.patch
new file mode 100644
index 0000000..a9999da
--- /dev/null
+++ b/net-wireless/crda/files/crda-4.14-openssl-1.1.0-compatibility.patch
@@ -0,0 +1,314 @@
+From 338637ac08c19708eb35523894b44bbe3c726cfa Mon Sep 17 00:00:00 2001
+From: quentin <quen...@minster.io>
+Date: Mon, 2 Apr 2018 18:07:50 +0200
+Subject: [PATCH] crda: Fix for OpenSSL 1.1.0: BIGNUM now opaque
+
+OpenSSL 1.1.0 makes most of OpenSSL's structures opaque, and provides
+functions to manipulate them. This means it's no longer possible to
+construct an OpenSSL BIGNUM directly from scratch, as was done in
+keys-ssl.c.
+
+Use BN_bin2bn() (available since OpenSSL 0.9.8) to build the bignum from
+its big-endian representation as a byte array.
+
+This also allows factoring the code in utils/key2pub.py as it's now the
+same mechanism as with libgcrypt.
+
+This was tested with OpenSSL 1.1.0g.
+
+Signed-off-by: Quentin Minster <quen...@minster.io>
+---
+ Makefile | 12 +++----
+ reglib.c | 44 +++++++++++++++++------
+ utils/key2pub.py | 107 ++++++-------------------------------------------------
+ 3 files changed, 49 insertions(+), 114 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index a3ead30..a4e7373 100644
+--- a/Makefile
++++ b/Makefile
+@@ -38,18 +38,16 @@ all: all_noverify verify
+
+ all_noverify: $(LIBREG) crda intersect regdbdump db2rd optimize
+
++$(LIBREG): keys.c
++
+ ifeq ($(USE_OPENSSL),1)
+ CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config
--cflags openssl`
+ LDLIBS += `pkg-config --libs openssl`
+
+-$(LIBREG): keys-ssl.c
+-
+ else
+ CFLAGS += -DUSE_GCRYPT
+ LDLIBS += -lgcrypt
+
+-$(LIBREG): keys-gcrypt.c
+-
+ endif
+ MKDIR ?= mkdir -p
+ INSTALL ?= install
+@@ -109,10 +107,10 @@ $(REG_BIN):
+ $(NQ)
+ $(Q) exit 1
+
+-keys-%.c: utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem)
++keys.c: utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem)
+ $(NQ) ' GEN ' $@
+ $(NQ) ' Trusted pubkeys:' $(wildcard $(PUBKEY_DIR)/*.pem)
+- $(Q)./utils/key2pub.py --$* $(wildcard $(PUBKEY_DIR)/*.pem) $@
++ $(Q)./utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem) $@
+
+ $(LIBREG): regdb.h reglib.h reglib.c
+ $(NQ) ' CC ' $@
+@@ -187,5 +185,5 @@ install: install-libreg install-libreg-headers crda
crda.8.gz regdbdump.8.gz
+
+ clean:
+ $(Q)rm -f $(LIBREG) crda regdbdump intersect db2rd optimize \
+- *.o *~ *.pyc keys-*.c *.gz \
++ *.o *~ *.pyc keys.c *.gz \
+ udev/$(UDEV_LEVEL)regulatory.rules udev/regulatory.rules.parsed
+diff --git a/reglib.c b/reglib.c
+index e00e9b8..00f7f56 100644
+--- a/reglib.c
++++ b/reglib.c
+@@ -22,6 +22,7 @@
+ #include <openssl/rsa.h>
+ #include <openssl/sha.h>
+ #include <openssl/pem.h>
++#include <openssl/bn.h>
+ #endif
+
+ #ifdef USE_GCRYPT
+@@ -30,12 +31,8 @@
+
+ #include "reglib.h"
+
+-#ifdef USE_OPENSSL
+-#include "keys-ssl.c"
+-#endif
+-
+-#ifdef USE_GCRYPT
+-#include "keys-gcrypt.c"
++#if defined(USE_OPENSSL) || defined(USE_GCRYPT)
++#include "keys.c"
+ #endif
+
+ int debug = 0;
+@@ -81,7 +78,8 @@ reglib_array_len(size_t baselen, unsigned int elemcount,
size_t elemlen)
+ #ifdef USE_OPENSSL
+ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
+ {
+- RSA *rsa;
++ RSA *rsa = NULL;
++ BIGNUM *rsa_e = NULL, *rsa_n = NULL;
+ uint8_t hash[SHA_DIGEST_LENGTH];
+ unsigned int i;
+ int ok = 0;
+@@ -102,15 +100,35 @@ int reglib_verify_db_signature(uint8_t *db, size_t
dblen, size_t siglen)
+ goto out;
+ }
+
+- rsa->e = &keys[i].e;
+- rsa->n = &keys[i].n;
++ rsa_e = BN_bin2bn(keys[i].e, keys[i].len_e, NULL);
++ if (!rsa_e) {
++ fprintf(stderr, "Failed to convert value for RSA e.\n");
++ goto out;
++ }
++ rsa_n = BN_bin2bn(keys[i].n, keys[i].len_n, NULL);
++ if (!rsa_n) {
++ fprintf(stderr, "Failed to convert value for RSA n.\n");
++ goto out;
++ }
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ rsa->e = rsa_e;
++ rsa->n = rsa_n;
++#else
++ if (RSA_set0_key(rsa, rsa_n, rsa_e, NULL) != 1) {
++ fprintf(stderr, "Failed to set RSA key.\n");
++ goto out;
++ }
++#endif
++ /* BIGNUMs now owned by the RSA object */
++ rsa_e = NULL;
++ rsa_n = NULL;
+
+ ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
+ db + dblen, siglen, rsa) == 1;
+
+- rsa->e = NULL;
+- rsa->n = NULL;
+ RSA_free(rsa);
++ rsa = NULL;
+ }
+ if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) {
+ while (!ok && (nextfile = readdir(pubkey_dir))) {
+@@ -123,6 +141,7 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen,
size_t siglen)
+ ok = RSA_verify(NID_sha1, hash,
SHA_DIGEST_LENGTH,
+ db + dblen, siglen, rsa) == 1;
+ RSA_free(rsa);
++ rsa = NULL;
+ fclose(keyfile);
+ }
+ }
+@@ -133,6 +152,9 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen,
size_t siglen)
+ fprintf(stderr, "Database signature verification failed.\n");
+
+ out:
++ RSA_free(rsa);
++ BN_free(rsa_e);
++ BN_free(rsa_n);
+ return ok;
+ }
+ #endif /* USE_OPENSSL */
+diff --git a/utils/key2pub.py b/utils/key2pub.py
+index 9bb04cd..1919270 100755
+--- a/utils/key2pub.py
++++ b/utils/key2pub.py
+@@ -9,84 +9,7 @@ except ImportError as e:
+ sys.stderr.write('On Debian GNU/Linux the package is called
"python-m2crypto".\n')
+ sys.exit(1)
+
+-def print_ssl_64(output, name, val):
+- while val[0:1] == b'\0':
+- val = val[1:]
+- while len(val) % 8:
+- val = b'\0' + val
+- vnew = []
+- while len(val):
+- vnew.append((val[0:1], val[1:2], val[2:3], val[3:4], val[4:5],
val[5:6], val[6:7], val[7:8]))
+- val = val[8:]
+- vnew.reverse()
+- output.write('static BN_ULONG %s[%d] = {\n' % (name, len(vnew)))
+- idx = 0
+- for v1, v2, v3, v4, v5, v6, v7, v8 in vnew:
+- if not idx:
+- output.write('\t')
+- output.write('0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x, ' % (ord(v1),
ord(v2), ord(v3), ord(v4), ord(v5), ord(v6), ord(v7), ord(v8)))
+- idx += 1
+- if idx == 2:
+- idx = 0
+- output.write('\n')
+- if idx:
+- output.write('\n')
+- output.write('};\n\n')
+-
+-def print_ssl_32(output, name, val):
+- while val[0:1] == b'\0':
+- val = val[1:]
+- while len(val) % 4:
+- val = b'\0' + val
+- vnew = []
+- while len(val):
+- vnew.append((val[0:1], val[1:2], val[2:3], val[3:4]))
+- val = val[4:]
+- vnew.reverse()
+- output.write('static BN_ULONG %s[%d] = {\n' % (name, len(vnew)))
+- idx = 0
+- for v1, v2, v3, v4 in vnew:
+- if not idx:
+- output.write('\t')
+- output.write('0x%.2x%.2x%.2x%.2x, ' % (ord(v1), ord(v2), ord(v3),
ord(v4)))
+- idx += 1
+- if idx == 4:
+- idx = 0
+- output.write('\n')
+- if idx:
+- output.write('\n')
+- output.write('};\n\n')
+-
+-def print_ssl(output, name, val):
+- import struct
+- output.write('#include <stdint.h>\n')
+- if len(struct.pack('@L', 0)) == 8:
+- return print_ssl_64(output, name, val)
+- else:
+- return print_ssl_32(output, name, val)
+-
+-def print_ssl_keys(output, n):
+- output.write(r'''
+-struct pubkey {
+- struct bignum_st e, n;
+-};
+-
+-#define KEY(data) { \
+- .d = data, \
+- .top = sizeof(data)/sizeof(data[0]), \
+-}
+-
+-#define KEYS(e,n) { KEY(e), KEY(n), }
+-
+-static struct pubkey keys[] = {
+-''')
+- for n in range(n + 1):
+- output.write(' KEYS(e_%d, n_%d),\n' % (n, n))
+- output.write('};\n')
+- pass
+-
+-def print_gcrypt(output, name, val):
+- output.write('#include <stdint.h>\n')
++def print_bignum(output, name, val):
+ while val[0:1] == b'\0':
+ val = val[1:]
+ output.write('static const uint8_t %s[%d] = {\n' % (name, len(val)))
+@@ -103,11 +26,11 @@ def print_gcrypt(output, name, val):
+ output.write('\n')
+ output.write('};\n\n')
+
+-def print_gcrypt_keys(output, n):
++def print_keys(output, n):
+ output.write(r'''
+ struct key_params {
+ const uint8_t *e, *n;
+- uint32_t len_e, len_n;
++ const uint32_t len_e, len_n;
+ };
+
+ #define KEYS(_e, _n) { \
+@@ -120,25 +43,17 @@ static const struct key_params __attribute__ ((unused))
keys[] = {
+ for n in range(n + 1):
+ output.write(' KEYS(e_%d, n_%d),\n' % (n, n))
+ output.write('};\n')
+-
+
+-modes = {
+- '--ssl': (print_ssl, print_ssl_keys),
+- '--gcrypt': (print_gcrypt, print_gcrypt_keys),
+-}
+
+-try:
+- mode = sys.argv[1]
+- files = sys.argv[2:-1]
+- outfile = sys.argv[-1]
+-except IndexError:
+- mode = None
++files = sys.argv[1:-1]
++outfile = sys.argv[-1]
+
+-if not mode in modes:
+- print('Usage: %s [%s] input-file... output-file' % (sys.argv[0],
'|'.join(modes.keys())))
++if len(files) == 0:
++ print('Usage: %s input-file... output-file' % sys.argv[0])
+ sys.exit(2)
+
+ output = open(outfile, 'w')
++output.write('#include <stdint.h>\n\n\n')
+
+ # load key
+ idx = 0
+@@ -148,10 +63,10 @@ for f in files:
+ except RSA.RSAError:
+ key = RSA.load_key(f)
+
+- modes[mode][0](output, 'e_%d' % idx, key.e[4:])
+- modes[mode][0](output, 'n_%d' % idx, key.n[4:])
++ print_bignum(output, 'e_%d' % idx, key.e[4:])
++ print_bignum(output, 'n_%d' % idx, key.n[4:])
+ idx += 1
+
+-modes[mode][1](output, idx - 1)
++print_keys(output, idx - 1)
+
+ output.close()
diff --git a/net-wireless/crda/files/crda-4.14-python-3.patch
b/net-wireless/crda/files/crda-4.14-python-3.patch
new file mode 100644
index 0000000..df22a6a
--- /dev/null
+++ b/net-wireless/crda/files/crda-4.14-python-3.patch
@@ -0,0 +1,95 @@
+diff --git a/utils/key2pub.py b/utils/key2pub.py
+index 9bb04cd..632e6a6 100755
+--- a/utils/key2pub.py
++++ b/utils/key2pub.py
+@@ -3,20 +3,20 @@
+ import sys
+ try:
+ from M2Crypto import RSA
+-except ImportError, e:
++except ImportError as e:
+ sys.stderr.write('ERROR: Failed to import the "M2Crypto" module: %s\n'
% e.message)
+ sys.stderr.write('Please install the "M2Crypto" Python module.\n')
+ sys.stderr.write('On Debian GNU/Linux the package is called
"python-m2crypto".\n')
+ sys.exit(1)
+
+ def print_ssl_64(output, name, val):
+- while val[0] == '\0':
++ while val[0:1] == b'\0':
+ val = val[1:]
+ while len(val) % 8:
+- val = '\0' + val
++ val = b'\0' + val
+ vnew = []
+ while len(val):
+- vnew.append((val[0], val[1], val[2], val[3], val[4], val[5], val[6],
val[7]))
++ vnew.append((val[0:1], val[1:2], val[2:3], val[3:4], val[4:5],
val[5:6], val[6:7], val[7:8]))
+ val = val[8:]
+ vnew.reverse()
+ output.write('static BN_ULONG %s[%d] = {\n' % (name, len(vnew)))
+@@ -34,13 +34,13 @@ def print_ssl_64(output, name, val):
+ output.write('};\n\n')
+
+ def print_ssl_32(output, name, val):
+- while val[0] == '\0':
++ while val[0:1] == b'\0':
+ val = val[1:]
+ while len(val) % 4:
+- val = '\0' + val
++ val = b'\0' + val
+ vnew = []
+ while len(val):
+- vnew.append((val[0], val[1], val[2], val[3], ))
++ vnew.append((val[0:1], val[1:2], val[2:3], val[3:4]))
+ val = val[4:]
+ vnew.reverse()
+ output.write('static BN_ULONG %s[%d] = {\n' % (name, len(vnew)))
+@@ -80,21 +80,21 @@ struct pubkey {
+
+ static struct pubkey keys[] = {
+ ''')
+- for n in xrange(n + 1):
++ for n in range(n + 1):
+ output.write(' KEYS(e_%d, n_%d),\n' % (n, n))
+ output.write('};\n')
+ pass
+
+ def print_gcrypt(output, name, val):
+ output.write('#include <stdint.h>\n')
+- while val[0] == '\0':
++ while val[0:1] == b'\0':
+ val = val[1:]
+ output.write('static const uint8_t %s[%d] = {\n' % (name, len(val)))
+ idx = 0
+ for v in val:
+ if not idx:
+ output.write('\t')
+- output.write('0x%.2x, ' % ord(v))
++ output.write('0x%.2x, ' % (v if sys.version_info[0] >=3 else ord(v)))
+ idx += 1
+ if idx == 8:
+ idx = 0
+@@ -117,7 +117,7 @@ struct key_params {
+
+ static const struct key_params __attribute__ ((unused)) keys[] = {
+ ''')
+- for n in xrange(n + 1):
++ for n in range(n + 1):
+ output.write(' KEYS(e_%d, n_%d),\n' % (n, n))
+ output.write('};\n')
+
+@@ -135,7 +135,7 @@ except IndexError:
+ mode = None
+
+ if not mode in modes:
+- print 'Usage: %s [%s] input-file... output-file' % (sys.argv[0],
'|'.join(modes.keys()))
++ print('Usage: %s [%s] input-file... output-file' % (sys.argv[0],
'|'.join(modes.keys())))
+ sys.exit(2)
+
+ output = open(outfile, 'w')
+@@ -153,3 +153,5 @@ for f in files:
+ idx += 1
+
+ modes[mode][1](output, idx - 1)
++
++output.close()
diff --git a/net-wireless/crda/files/crda-cflags.patch
b/net-wireless/crda/files/crda-cflags.patch
new file mode 100644
index 0000000..6edbded
--- /dev/null
+++ b/net-wireless/crda/files/crda-cflags.patch
@@ -0,0 +1,33 @@
+From c5b0741ea7fc12e9f6a2a309296ed412a999d0f7 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vap...@chromium.org>
+Date: Wed, 4 Mar 2015 14:09:50 -0500
+Subject: [PATCH] clean up CFLAGS handling
+
+Rather than append -O2 -g all the time to the user's CFLAGS (and thus
+clobbering whatever they have set up), initialize the default value to
+that and let the user override it entirely.
+
+Signed-off-by: Mike Frysinger <vap...@gentoo.org>
+---
+ Makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 5f988f4..8e345a1 100644
+--- a/Makefile
++++ b/Makefile
+@@ -26,9 +26,9 @@ PUBKEY_DIR?=pubkeys
+ RUNTIME_PUBKEY_DIR?=/etc/wireless-regdb/pubkeys
+
+ WERROR = -Werror
+-CFLAGS += -O2 -fpic
++CFLAGS ?= -O2 -g
++CFLAGS += -fpic
+ CFLAGS += -std=gnu99 -Wall $(WERROR) -pedantic
+-CFLAGS += -Wall -g
+ LDLIBREG += -lreg
+ LDLIBS += $(LDLIBREG)
+ LDLIBS += -lm
+--
+2.3.1
+
diff --git a/net-wireless/crda/files/crda-ldflags.patch
b/net-wireless/crda/files/crda-ldflags.patch
new file mode 100644
index 0000000..5ba9165
--- /dev/null
+++ b/net-wireless/crda/files/crda-ldflags.patch
@@ -0,0 +1,11 @@
+--- /Makefile
++++ /Makefile
+@@ -115,7 +115,7 @@
+
+ $(LIBREG): regdb.h reglib.h reglib.c
+ $(NQ) ' CC ' $@
+- $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ -shared -Wl,-soname,$(LIBREG) $^
$(filter-out -lreg,$(LDLIBS))
++ $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ -shared
-Wl,-soname,$(LIBREG) $^ $(filter-out -lreg,$(LDLIBS))
+
+ install-libreg-headers:
+ $(NQ) ' INSTALL libreg-headers'
diff --git a/net-wireless/crda/files/crda-libreg-link.patch
b/net-wireless/crda/files/crda-libreg-link.patch
new file mode 100644
index 0000000..0aa1b6e
--- /dev/null
+++ b/net-wireless/crda/files/crda-libreg-link.patch
@@ -0,0 +1,30 @@
+https://bugs.gentoo.org/542436
+
+From f56ab87b25f2228a67ac592a1c18793c72dd03eb Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vap...@gentoo.org>
+Date: Sat, 7 Mar 2015 22:29:33 -0500
+Subject: [PATCH crda] libreg: link against crypto libs
+
+Since libreg uses funcs from the crypto lib, make sure we link them.
+
+Signed-off-by: Mike Frysinger <vap...@gentoo.org>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 8e345a1..77708e6 100644
+--- a/Makefile
++++ b/Makefile
+@@ -117,7 +117,7 @@ keys-%.c: utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem)
+
+ $(LIBREG): regdb.h reglib.h reglib.c
+ $(NQ) ' CC ' $@
+- $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ -shared -Wl,-soname,$(LIBREG) $^
++ $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ -shared -Wl,-soname,$(LIBREG) $^
$(filter-out -lreg,$(LDLIBS))
+
+ install-libreg-headers:
+ $(NQ) ' INSTALL libreg-headers'
+--
+2.3.1
+
diff --git a/net-wireless/crda/files/crda-libressl.patch
b/net-wireless/crda/files/crda-libressl.patch
new file mode 100644
index 0000000..817f2e0
--- /dev/null
+++ b/net-wireless/crda/files/crda-libressl.patch
@@ -0,0 +1,11 @@
+--- crda-3.18/reglib.c 2018-10-26 12:39:19.128083735 +1100
++++ crda-3.18.a/reglib.c 2018-10-26 12:42:39.737916626 +1100
+@@ -111,7 +111,7 @@ int reglib_verify_db_signature(uint8_t *
+ goto out;
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER)
&& LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ rsa->e = rsa_e;
+ rsa->n = rsa_n;
+ #else
diff --git a/net-wireless/crda/files/crda-no-ldconfig.patch
b/net-wireless/crda/files/crda-no-ldconfig.patch
new file mode 100644
index 0000000..a5cc420
--- /dev/null
+++ b/net-wireless/crda/files/crda-no-ldconfig.patch
@@ -0,0 +1,28 @@
+From b11d83df189670defe4a29c624f2930351c13df2 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vap...@gentoo.org>
+Date: Wed, 4 Mar 2015 13:56:36 -0500
+Subject: [PATCH] do not run ldconfig
+
+Let the distro/user deal with ldconfig updating. Running it blindly like
+this breaks DESTDIR installs as `ldconfig` only operates on system paths.
+
+Signed-off-by: Mike Frysinger <vap...@gentoo.org>
+---
+ Makefile | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index a3ead30..46c683d 100644
+--- a/Makefile
++++ b/Makefile
+@@ -127,7 +127,6 @@ install-libreg:
+ $(NQ) ' INSTALL libreg'
+ $(Q)mkdir -p $(DESTDIR)/$(LIBDIR)
+ $(Q)cp $(LIBREG) $(DESTDIR)/$(LIBDIR)/
+- $(Q)ldconfig
+
+ %.o: %.c regdb.h $(LIBREG)
+ $(NQ) ' CC ' $@
+--
+2.3.1
+
diff --git a/net-wireless/crda/files/crda-no-werror.patch
b/net-wireless/crda/files/crda-no-werror.patch
new file mode 100644
index 0000000..6abb78c
--- /dev/null
+++ b/net-wireless/crda/files/crda-no-werror.patch
@@ -0,0 +1,32 @@
+From 37384d22ba0ab622a5848a9a794084e6064fc905 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vap...@chromium.org>
+Date: Wed, 4 Mar 2015 14:03:44 -0500
+Subject: [PATCH] allow people to turn off -Werror
+
+Forcing -Werror at build time easily breaks across compiler settings,
+compiler versions, architectures, C libraries, etc... Add a knob so
+distro peeps can turn it off.
+
+Signed-off-by: Mike Frysinger <vap...@gentoo.org>
+---
+ Makefile | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 46c683d..5f988f4 100644
+--- a/Makefile
++++ b/Makefile
+@@ -25,8 +25,9 @@ UDEV_RULE_DIR?=/lib/udev/rules.d/
+ PUBKEY_DIR?=pubkeys
+ RUNTIME_PUBKEY_DIR?=/etc/wireless-regdb/pubkeys
+
++WERROR = -Werror
+ CFLAGS += -O2 -fpic
+-CFLAGS += -std=gnu99 -Wall -Werror -pedantic
++CFLAGS += -std=gnu99 -Wall $(WERROR) -pedantic
+ CFLAGS += -Wall -g
+ LDLIBREG += -lreg
+ LDLIBS += $(LDLIBREG)
+--
+2.3.1
+
diff --git a/net-wireless/crda/metadata.xml b/net-wireless/crda/metadata.xml
new file mode 100644
index 0000000..f89b1f5
--- /dev/null
+++ b/net-wireless/crda/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+ <maintainer type="person">
+ <email>zeroch...@gentoo.org</email>
+ <name>Rick Farina</name>
+ </maintainer>
+ <use>
+ <flag name="gcrypt">Use libgcrypt instead of openssl for key
checking</flag>
+ </use>
+</pkgmetadata>
