1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
|
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit desktop linux-info qmake-utils readme.gentoo-r1 systemd toolchain-funcs
DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
HOMEPAGE="https://w1.fi/wpa_supplicant/"
LICENSE="|| ( GPL-2 BSD )"
if [ "${PV}" = "9999" ]; then
inherit git-r3
EGIT_REPO_URI="https://w1.fi/hostap.git"
else
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
SRC_URI="https://w1.fi/releases/${P}.tar.gz"
SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-2.9-r3-patches.tar.bz2"
fi
SLOT="0"
IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
# CONFIG_PRIVSEP=y does not have sufficient support for the new driver
# interface functions used for MACsec, so this combination cannot be used
# at least for now.
REQUIRED_USE="
macsec? ( !privsep )
privsep? ( !macsec )
broadcom-sta? ( !fils !mesh !mbo )
"
DEPEND="
>=dev-libs/openssl-1.0.2k:0=[bindist(-)=]
dbus? ( sys-apps/dbus )
kernel_linux? (
dev-libs/libnl:3
net-wireless/crda
eap-sim? ( sys-apps/pcsc-lite )
)
!kernel_linux? ( net-libs/libpcap )
qt5? (
dev-qt/qtcore:5
dev-qt/qtgui:5
dev-qt/qtsvg:5
dev-qt/qtwidgets:5
)
readline? (
sys-libs/ncurses:0=
sys-libs/readline:0=
)
"
RDEPEND="${DEPEND}
selinux? ( sec-policy/selinux-networkmanager )
kernel_linux? (
net-wireless/wireless-regdb
crda? ( net-wireless/crda )
)
"
BDEPEND="virtual/pkgconfig"
DOC_CONTENTS="
If this is a clean installation of wpa_supplicant, you
have to create a configuration file named
${EROOT}/etc/wpa_supplicant/wpa_supplicant.conf
An example configuration file is available for reference in
${EROOT}/usr/share/doc/${PF}/
"
S="${WORKDIR}/${P}/${PN}"
Kconfig_style_config() {
#param 1 is CONFIG_* item
#param 2 is what to set it = to, defaulting in y
CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"
setting="${2:-y}"
if [ ! $setting = n ]; then
#first remove any leading "# " if $2 is not n
sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"
#set item = $setting (defaulting to y)
sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"
if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then
echo "$CONFIG_PARAM=$setting" >>.config
fi
else
#ensure item commented out
sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM"
fi
}
pkg_pretend() {
CONFIG_CHECK=""
if use crda ; then
CONFIG_CHECK="${CONFIG_CHECK} ~CFG80211_CRDA_SUPPORT"
WARNING_CFG80211_CRDA_SUPPORT="REGULATORY DOMAIN PROBLEM: please enable CFG80211_CRDA_SUPPORT for proper regulatory domain support"
fi
check_extra_config
if ! use crda ; then
if linux_config_exists && linux_chkconfig_builtin CFG80211 &&
[[ $(linux_chkconfig_string EXTRA_FIRMWARE) != *regulatory.db* ]]
then
ewarn "REGULATORY DOMAIN PROBLEM:"
ewarn "With CONFIG_CFG80211=y (built-in), the driver won't be able to load regulatory.db from"
ewarn " /lib/firmware, resulting in broken regulatory domain support. Please set CONFIG_CFG80211=m"
ewarn " or add regulatory.db and regulatory.db.p7s to CONFIG_EXTRA_FIRMWARE."
fi
fi
}
src_prepare() {
default
# net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD
sed -i \
-e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \
../src/l2_packet/l2_packet_freebsd.c || die
# People seem to take the example configuration file too literally (bug #102361)
sed -i \
-e "s:^\(opensc_engine_path\):#\1:" \
-e "s:^\(pkcs11_engine_path\):#\1:" \
-e "s:^\(pkcs11_module_path\):#\1:" \
wpa_supplicant.conf || die
# Change configuration to match Gentoo locations (bug #143750)
sed -i \
-e "s:/usr/lib/opensc:/usr/$(get_libdir):" \
-e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \
wpa_supplicant.conf || die
# systemd entries to D-Bus service files (bug #372877)
echo 'SystemdService=wpa_supplicant.service' \
| tee -a dbus/*.service >/dev/null || die
cd "${WORKDIR}/${P}" || die
if use wimax; then
# generate-libeap-peer.patch comes before
# fix-undefined-reference-to-random_get_bytes.patch
eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"
# multilib-strict fix (bug #373685)
sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die
fi
# bug (320097)
eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"
# bug (640492)
sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
## Security patches
# CVE-2019-16275 (bug #696030)
eapply "${FILESDIR}/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"
# 2020-2, 2021-1 security advisories (bug #768759)
eapply "${WORKDIR}"/wpa_supplicant-2.9-r3-patches/security-{2020-2,2021-1}/*.patch
# CVE-2021-30004 (bug #780138)
eapply "${WORKDIR}"/wpa_supplicant-2.9-r3-patches/misc/CVE-2021-30004.patch
}
src_configure() {
# Toolchain setup
tc-export CC PKG_CONFIG
cp defconfig .config || die
# Basic setup
Kconfig_style_config CTRL_IFACE
Kconfig_style_config MATCH_IFACE
Kconfig_style_config BACKEND file
Kconfig_style_config IBSS_RSN
Kconfig_style_config IEEE80211W
Kconfig_style_config IEEE80211R
Kconfig_style_config HT_OVERRIDES
Kconfig_style_config VHT_OVERRIDES
Kconfig_style_config OCV
Kconfig_style_config TLSV11
Kconfig_style_config TLSV12
Kconfig_style_config GETRANDOM
# Basic authentication methods
# NOTE: we don't set GPSK or SAKE as they conflict
# with the below options
Kconfig_style_config EAP_GTC
Kconfig_style_config EAP_MD5
Kconfig_style_config EAP_OTP
Kconfig_style_config EAP_PAX
Kconfig_style_config EAP_PSK
Kconfig_style_config EAP_TLV
Kconfig_style_config EAP_EXE
Kconfig_style_config IEEE8021X_EAPOL
Kconfig_style_config PKCS12
Kconfig_style_config PEERKEY
Kconfig_style_config EAP_LEAP
Kconfig_style_config EAP_MSCHAPV2
Kconfig_style_config EAP_PEAP
Kconfig_style_config EAP_TEAP
Kconfig_style_config EAP_TLS
Kconfig_style_config EAP_TTLS
# Enabling background scanning.
Kconfig_style_config BGSCAN_SIMPLE
Kconfig_style_config BGSCAN_LEARN
if use dbus ; then
Kconfig_style_config CTRL_IFACE_DBUS
Kconfig_style_config CTRL_IFACE_DBUS_NEW
Kconfig_style_config CTRL_IFACE_DBUS_INTRO
else
Kconfig_style_config CTRL_IFACE_DBUS n
Kconfig_style_config CTRL_IFACE_DBUS_NEW n
Kconfig_style_config CTRL_IFACE_DBUS_INTRO n
fi
if use eapol-test ; then
Kconfig_style_config EAPOL_TEST
fi
# Enable support for writing debug info to a log file and syslog.
Kconfig_style_config DEBUG_FILE
Kconfig_style_config DEBUG_SYSLOG
if use hs2-0 ; then
Kconfig_style_config INTERWORKING
Kconfig_style_config HS20
fi
if use mbo ; then
Kconfig_style_config MBO
else
Kconfig_style_config MBO n
fi
if use uncommon-eap-types; then
Kconfig_style_config EAP_GPSK
Kconfig_style_config EAP_SAKE
Kconfig_style_config EAP_GPSK_SHA256
Kconfig_style_config EAP_IKEV2
Kconfig_style_config EAP_EKE
fi
if use eap-sim ; then
# Smart card authentication
Kconfig_style_config EAP_SIM
Kconfig_style_config EAP_AKA
Kconfig_style_config EAP_AKA_PRIME
Kconfig_style_config PCSC
fi
if use fasteap ; then
Kconfig_style_config EAP_FAST
fi
if use readline ; then
# readline/history support for wpa_cli
Kconfig_style_config READLINE
else
#internal line edit mode for wpa_cli
Kconfig_style_config WPA_CLI_EDIT
fi
Kconfig_style_config TLS openssl
Kconfig_style_config FST
if ! use bindist ; then
Kconfig_style_config EAP_PWD
if use fils; then
Kconfig_style_config FILS
Kconfig_style_config FILS_SK_PFS
fi
if use mesh; then
Kconfig_style_config MESH
else
Kconfig_style_config MESH n
fi
#WPA3
Kconfig_style_config OWE
Kconfig_style_config SAE
Kconfig_style_config DPP
Kconfig_style_config SUITEB192
Kconfig_style_config SUITEB
fi
if use smartcard ; then
Kconfig_style_config SMARTCARD
else
Kconfig_style_config SMARTCARD n
fi
if use tdls ; then
Kconfig_style_config TDLS
fi
if use kernel_linux ; then
# Linux specific drivers
Kconfig_style_config DRIVER_ATMEL
Kconfig_style_config DRIVER_HOSTAP
Kconfig_style_config DRIVER_IPW
Kconfig_style_config DRIVER_NL80211
Kconfig_style_config DRIVER_RALINK
Kconfig_style_config DRIVER_WEXT
Kconfig_style_config DRIVER_WIRED
if use macsec ; then
#requires something, no idea what
#Kconfig_style_config DRIVER_MACSEC_QCA
Kconfig_style_config DRIVER_MACSEC_LINUX
Kconfig_style_config MACSEC
fi
if use ps3 ; then
Kconfig_style_config DRIVER_PS3
fi
elif use kernel_FreeBSD ; then
# FreeBSD specific driver
Kconfig_style_config DRIVER_BSD
fi
# Wi-Fi Protected Setup (WPS)
if use wps ; then
Kconfig_style_config WPS
Kconfig_style_config WPS2
# USB Flash Drive
Kconfig_style_config WPS_UFD
# External Registrar
Kconfig_style_config WPS_ER
# Universal Plug'n'Play
Kconfig_style_config WPS_UPNP
# Near Field Communication
Kconfig_style_config WPS_NFC
else
Kconfig_style_config WPS n
Kconfig_style_config WPS2 n
Kconfig_style_config WPS_UFD n
Kconfig_style_config WPS_ER n
Kconfig_style_config WPS_UPNP n
Kconfig_style_config WPS_NFC n
fi
# Wi-Fi Direct (WiDi)
if use p2p ; then
Kconfig_style_config P2P
Kconfig_style_config WIFI_DISPLAY
else
Kconfig_style_config P2P n
Kconfig_style_config WIFI_DISPLAY n
fi
# Access Point Mode
if use ap ; then
Kconfig_style_config AP
else
Kconfig_style_config AP n
fi
# Enable essentials for AP/P2P
if use ap || use p2p ; then
# Enabling HT support (802.11n)
Kconfig_style_config IEEE80211N
# Enabling VHT support (802.11ac)
Kconfig_style_config IEEE80211AC
fi
# Enable mitigation against certain attacks against TKIP
Kconfig_style_config DELAYED_MIC_ERROR_REPORT
if use privsep ; then
Kconfig_style_config PRIVSEP
fi
# If we are using libnl 2.0 and above, enable support for it
# Bug 382159
# Removed for now, since the 3.2 version is broken, and we don't
# support it.
if has_version ">=dev-libs/libnl-3.2"; then
Kconfig_style_config LIBNL32
fi
if use qt5 ; then
pushd "${S}"/wpa_gui-qt4 > /dev/null || die
eqmake5 wpa_gui.pro
popd > /dev/null || die
fi
}
src_compile() {
einfo "Building wpa_supplicant"
emake V=1 BINDIR=/usr/sbin
if use wimax; then
emake -C ../src/eap_peer clean
emake -C ../src/eap_peer
fi
if use qt5; then
einfo "Building wpa_gui"
emake -C "${S}"/wpa_gui-qt4
fi
if use eapol-test ; then
emake eapol_test
fi
}
src_install() {
dosbin wpa_supplicant
use privsep && dosbin wpa_priv
dobin wpa_cli wpa_passphrase
# baselayout-1 compat
if has_version "<sys-apps/baselayout-2.0.0"; then
dodir /sbin
dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant
dodir /bin
dosym ../usr/bin/wpa_cli /bin/wpa_cli
fi
if has_version ">=sys-apps/openrc-0.5.0"; then
newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant
newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
fi
exeinto /etc/wpa_supplicant/
newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
readme.gentoo_create_doc
dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
wpa_supplicant.conf
newdoc .config build-config
if [ "${PV}" != "9999" ]; then
doman doc/docbook/*.{5,8}
fi
if use qt5 ; then
into /usr
dobin wpa_gui-qt4/wpa_gui
doicon wpa_gui-qt4/icons/wpa_gui.svg
domenu wpa_gui-qt4/wpa_gui.desktop
else
rm "${ED}"/usr/share/man/man8/wpa_gui.8
fi
use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install
if use dbus ; then
pushd "${S}"/dbus > /dev/null || die
insinto /etc/dbus-1/system.d
newins dbus-wpa_supplicant.conf wpa_supplicant.conf
insinto /usr/share/dbus-1/system-services
doins fi.w1.wpa_supplicant1.service
popd > /dev/null || die
# This unit relies on dbus support, bug 538600.
systemd_dounit systemd/wpa_supplicant.service
fi
if use eapol-test ; then
dobin eapol_test
fi
systemd_dounit "systemd/wpa_supplicant@.service"
systemd_dounit "systemd/wpa_supplicant-nl80211@.service"
systemd_dounit "systemd/wpa_supplicant-wired@.service"
}
pkg_postinst() {
readme.gentoo_print_elog
if [[ -e "${EROOT}"/etc/wpa_supplicant.conf ]] ; then
echo
ewarn "WARNING: your old configuration file ${EROOT}/etc/wpa_supplicant.conf"
ewarn "needs to be moved to ${EROOT}/etc/wpa_supplicant/wpa_supplicant.conf"
fi
if use bindist; then
ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)."
ewarn "This is incredibly undesirable"
fi
# Mea culpa, feel free to remove that after some time --mgorny.
local fn
for fn in wpa_supplicant{,@wlan0}.service; do
if [[ -e "${EROOT}"/etc/systemd/system/network.target.wants/${fn} ]]
then
ebegin "Moving ${fn} to multi-user.target"
mv "${EROOT}"/etc/systemd/system/network.target.wants/${fn} \
"${EROOT}"/etc/systemd/system/multi-user.target.wants/ || die
eend ${?} \
"Please try to re-enable ${fn}"
fi
done
systemd_reenable wpa_supplicant.service
}
|