bug#49611: Despite wireless-regdb being installed in my operating-system, dmesg indicates it can't find `regulatory.db`

[Brice Waegeneire <brice@waegenei.re>]

Hello Katherine,

TL;DR: “iw reg set US” correctly set the regulatory region from userland
but Guix can't set it just from the kernel.

Katherine Cox-Buday <cox.katherine.e@gmail.com> writes:

> #+BEGIN_EXAMPLE
> [    8.280462] cfg80211: Loading compiled-in X.509 certificates for
> regulatory database
> [    8.282686] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
> [    8.284394] platform regulatory.0: Direct firmware load for
> regulatory.db failed with error -2
> [    8.284415] cfg80211: failed to load regulatory.db
> #+END_EXAMPLE

There is three way to make the module cfg80211 load a regulatory
database:
1. Baking the DB into the kernel at build time by replacing the kernel's
  limited DB with the one from 'wireless-regdb' via the option
  CONFIG_CFG80211_INTERNAL_REGDB¹.
2. Loading the DB at boot time as a signed firmware file
  (lib/firmware/regulatory.db from 'wirerless-regdb') via the module
  'cfg80211'.
3. Doing it in userland with the helper 'crda' trough the utility
  'iwd' or its predecesor 'wpa_supplicant'.²

From what I understand and what I tested, only the third method works in
Guix System ATM.  It could be usefull to also support the first or
second method to not depend on the userland setting the wireless
regulatory settings.

The error you are experiencing come from the second method failing to
load the signed firmware file. The issue is that Guix's 'wireless-regdb'
is build from source and not just copied as other distribution do, where
the provided binary also has a signature which the kernel accept through
a built in public key. Our build version isn't signed at all, the
commentaries in the definition for the package say Guix don't want to
maintain its own key for signing this package, which is understable and
state that Guix architecture already provide a similar level of
authenticity (I'm not so sure of that part).

So this error message should be harmless expected in some less common
context, such as having the rootfs on an NFS and using a wireless
connection to connect to the NFS server.  We could fix that without
maintaining keys by baking the DB into the kernel (first method).

> #+BEGIN_EXAMPLE
> $ find -L /run/current-system -name regulatory.db
> /run/current-system/profile/lib/firmware/regulatory.db
> #+END_EXAMPLE

We don't need the regulatory.db from 'wirelress-regdb' to be in the
system profile, instead it should be added to the operating-system's
firmware field. And the kernel will find it the directory contained in
“/sys/module/firmware_class/parameters/path”.

¹ https://cateee.net/lkddb/web-lkddb/CFG80211_INTERNAL_REGDB.html
² https://wireless.wiki.kernel.org/en/developers/regulatory/crda#changing_regulatory_domains

Cheers,
- Brice