In M2Crypto version 0.45.1, the default hash algorithm for
M2Crypto.RSA.sign() changed from SHA-1 to SHA-256.  Since the
signature on regulatory.bin uses a SHA-1 hash, db2bin.py generates
invalid signatures for regulatory.bin if a recent version of M2Crypto
is installed.

I reported this incompatible change as
<https://todo.sr.ht/~mcepl/m2crypto/389>.

There is an obvious workaround, which is to add an explicit
algo='sha1' parameter.  This works with old and new versions of
M2Crypto.

Signed-off-by: Ben Hutchings <benh@debian.org>
---
Re-sending this with the [PATCH] prefix.

Ben.

--- a/db2bin.py
+++ b/db2bin.py
@@ -131,13 +131,13 @@ if len(sys.argv) > 3:
     key = RSA.load_key(sys.argv[3])
     hash = hashlib.sha1()
     hash.update(output.getvalue())
-    sig = key.sign(hash.digest())
+    sig = key.sign(hash.digest(), algo='sha1')
     # write it to file
     siglen.set(len(sig))
     # sign again
     hash = hashlib.sha1()
     hash.update(output.getvalue())
-    sig = key.sign(hash.digest())
+    sig = key.sign(hash.digest(), algo='sha1')
 
     output.write(sig)
 else: