[PATCH] wireless-regdb: Replace M2Crypto with cryptography package
Chen-Yu Tsai
wens at kernel.org
Tue Feb 24 23:38:02 PST 2026
On Tue, Feb 17, 2026 at 4:03 AM Ben Hutchings <benh at debian.org> wrote:
>
> M2Crypto is deprecated by its maintainers in favour of the
> cryptography package. Update db2bin.py to use that for signing
> regulatory.bin.
Cool. This actually forced me to remove Python 2 from my system
to switch over to python3-cryptography. I was using some ancient
version of M2Crypto otherwise.
> Signed-off-by: Ben Hutchings <benh at debian.org>
> ---
> This applies on top of the preceding fix for M2Crypto usage, but I can
> squash them together if it's preferable to switch directly to
> cryptography.
It's fine. Having some history is good.
Thanks
ChenYu
> Ben.
>
> --- a/db2bin.py
> +++ b/db2bin.py
> @@ -2,7 +2,6 @@
>
> from io import BytesIO, open
> import struct
> -import hashlib
> from dbparse import DBParser
> import sys
>
> @@ -125,19 +124,18 @@ if len(sys.argv) > 3:
> # Load RSA only now so people can use this script
> # without having those libraries installed to verify
> # their SQL changes
> - from M2Crypto import RSA
> + from cryptography.hazmat.primitives import hashes, serialization
> + from cryptography.hazmat.primitives.asymmetric import padding
>
> # determine signature length
> - key = RSA.load_key(sys.argv[3])
> - hash = hashlib.sha1()
> - hash.update(output.getvalue())
> - sig = key.sign(hash.digest(), algo='sha1')
> + with open(sys.argv[3], 'rb') as key_file:
> + key = serialization.load_pem_private_key(key_file.read(),
> + password=None)
> + sig = key.sign(output.getvalue(), padding.PKCS1v15(), hashes.SHA1())
> # write it to file
> siglen.set(len(sig))
> # sign again
> - hash = hashlib.sha1()
> - hash.update(output.getvalue())
> - sig = key.sign(hash.digest(), algo='sha1')
> + sig = key.sign(output.getvalue(), padding.PKCS1v15(), hashes.SHA1())
>
> output.write(sig)
> else:
More information about the wireless-regdb
mailing list