2015-05-08 17:02:01 +02:00
|
|
|
{ stdenv, fetchpatch, fetchurl, lib, openssl, pkgconfig, libnl
|
2015-04-24 22:27:40 +02:00
|
|
|
, dbus_libs ? null, readline ? null, pcsclite ? null
|
2013-01-29 17:37:06 +01:00
|
|
|
}:
|
2013-01-30 15:16:08 +01:00
|
|
|
|
2015-04-24 22:27:40 +02:00
|
|
|
with stdenv.lib;
|
2012-02-20 15:26:01 +01:00
|
|
|
stdenv.mkDerivation rec {
|
2016-10-27 13:57:56 +02:00
|
|
|
version = "2.6";
|
2012-09-07 13:54:20 +02:00
|
|
|
|
2012-02-20 15:26:01 +01:00
|
|
|
name = "wpa_supplicant-${version}";
|
|
|
|
|
2007-04-08 22:20:21 +02:00
|
|
|
src = fetchurl {
|
2017-09-16 13:15:26 +02:00
|
|
|
url = "https://w1.fi/releases/${name}.tar.gz";
|
2016-10-27 13:57:56 +02:00
|
|
|
sha256 = "0l0l5gz3d5j9bqjsbjlfcv4w4jwndllp9fmyai4x9kg6qhs6v4xl";
|
2007-04-08 22:20:21 +02:00
|
|
|
};
|
2012-09-07 13:54:20 +02:00
|
|
|
|
2015-04-24 22:27:40 +02:00
|
|
|
# TODO: Patch epoll so that the dbus actually responds
|
|
|
|
# TODO: Figure out how to get privsep working, currently getting SIGBUS
|
|
|
|
extraConfig = ''
|
2015-08-26 23:35:49 +02:00
|
|
|
CONFIG_AP=y
|
2015-04-24 22:27:40 +02:00
|
|
|
CONFIG_LIBNL32=y
|
|
|
|
CONFIG_EAP_FAST=y
|
|
|
|
CONFIG_EAP_PWD=y
|
|
|
|
CONFIG_EAP_PAX=y
|
|
|
|
CONFIG_EAP_SAKE=y
|
|
|
|
CONFIG_EAP_GPSK=y
|
|
|
|
CONFIG_EAP_GPSK_SHA256=y
|
|
|
|
CONFIG_WPS=y
|
|
|
|
CONFIG_WPS_ER=y
|
|
|
|
CONFIG_WPS_NFS=y
|
|
|
|
CONFIG_EAP_IKEV2=y
|
|
|
|
CONFIG_EAP_EKE=y
|
|
|
|
CONFIG_HT_OVERRIDES=y
|
|
|
|
CONFIG_VHT_OVERRIDES=y
|
|
|
|
CONFIG_ELOOP=eloop
|
|
|
|
#CONFIG_ELOOP_EPOLL=y
|
|
|
|
CONFIG_L2_PACKET=linux
|
|
|
|
CONFIG_IEEE80211W=y
|
|
|
|
CONFIG_TLS=openssl
|
|
|
|
CONFIG_TLSV11=y
|
2015-06-22 17:33:06 +02:00
|
|
|
#CONFIG_TLSV12=y see #8332
|
2015-04-24 22:27:40 +02:00
|
|
|
CONFIG_IEEE80211R=y
|
|
|
|
CONFIG_DEBUG_SYSLOG=y
|
|
|
|
#CONFIG_PRIVSEP=y
|
|
|
|
CONFIG_IEEE80211N=y
|
|
|
|
CONFIG_IEEE80211AC=y
|
|
|
|
CONFIG_INTERNETWORKING=y
|
|
|
|
CONFIG_HS20=y
|
|
|
|
CONFIG_P2P=y
|
|
|
|
CONFIG_TDLS=y
|
2016-12-13 20:39:14 +01:00
|
|
|
CONFIG_BGSCAN_SIMPLE=y
|
2015-04-24 22:27:40 +02:00
|
|
|
'' + optionalString (pcsclite != null) ''
|
|
|
|
CONFIG_EAP_SIM=y
|
|
|
|
CONFIG_EAP_AKA=y
|
|
|
|
CONFIG_EAP_AKA_PRIME=y
|
|
|
|
CONFIG_PCSC=y
|
|
|
|
'' + optionalString (dbus_libs != null) ''
|
|
|
|
CONFIG_CTRL_IFACE_DBUS=y
|
|
|
|
CONFIG_CTRL_IFACE_DBUS_NEW=y
|
|
|
|
CONFIG_CTRL_IFACE_DBUS_INTRO=y
|
|
|
|
'' + (if readline != null then ''
|
|
|
|
CONFIG_READLINE=y
|
|
|
|
'' else ''
|
|
|
|
CONFIG_WPA_CLI_EDIT=y
|
|
|
|
'');
|
2012-09-07 13:54:20 +02:00
|
|
|
|
2009-04-04 02:21:21 +02:00
|
|
|
preBuild = ''
|
2008-04-21 10:32:30 +02:00
|
|
|
cd wpa_supplicant
|
2011-06-07 23:48:41 +02:00
|
|
|
cp -v defconfig .config
|
2013-01-30 15:16:08 +01:00
|
|
|
echo "$extraConfig" >> .config
|
2015-04-24 22:27:40 +02:00
|
|
|
cat -n .config
|
2007-04-08 22:20:21 +02:00
|
|
|
substituteInPlace Makefile --replace /usr/local $out
|
2015-04-24 22:27:40 +02:00
|
|
|
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE \
|
2016-04-16 19:37:26 +02:00
|
|
|
-I$(echo "${libnl.dev}"/include/libnl*/) \
|
2015-04-24 22:27:40 +02:00
|
|
|
-I${pcsclite}/include/PCSC/"
|
2009-04-04 02:21:21 +02:00
|
|
|
'';
|
2007-04-08 22:20:21 +02:00
|
|
|
|
2015-04-24 22:27:40 +02:00
|
|
|
buildInputs = [ openssl libnl dbus_libs readline pcsclite ];
|
2011-09-11 09:27:01 +02:00
|
|
|
|
2012-12-28 19:20:09 +01:00
|
|
|
nativeBuildInputs = [ pkgconfig ];
|
2011-09-11 09:27:01 +02:00
|
|
|
|
2015-04-24 22:27:40 +02:00
|
|
|
patches = [
|
|
|
|
./build-fix.patch
|
2017-10-16 13:31:01 +02:00
|
|
|
#KRACKAttack.com
|
|
|
|
(fetchurl {
|
|
|
|
url = "http://w1.fi/security/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch";
|
|
|
|
sha256 = "02zl2x4pxay666yq18g4f3byccrzipfjbky1ydw62v15h76174aj";
|
|
|
|
})
|
|
|
|
(fetchurl {
|
|
|
|
url = "http://w1.fi/security/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch";
|
|
|
|
sha256 = "1mrmqg00x1bqa43dyhxb14msk74lh3kvr4avni43c3qpfjmlfvfq";
|
|
|
|
})
|
|
|
|
(fetchurl {
|
|
|
|
url = "http://w1.fi/security/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch";
|
|
|
|
sha256 = "10byyi8wfpcc8i788ag7ndycd3xvq2iwnssyb3rwf34sfcv5wlyl";
|
|
|
|
})
|
|
|
|
(fetchurl {
|
|
|
|
url = "http://w1.fi/security/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch";
|
|
|
|
sha256 = "02z2rsbh4sw81wsc56xjbblbi76ii0clmpnr1m1szdb1h5s58fkr";
|
|
|
|
})
|
|
|
|
(fetchurl {
|
|
|
|
url = "http://w1.fi/security/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch";
|
|
|
|
sha256 = "17pbrn5h6l5v14y6gn2yr2knqya9i0n2vyq4ck8hasb00yz8lz0l";
|
|
|
|
})
|
|
|
|
(fetchurl {
|
|
|
|
url = "http://w1.fi/security/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch";
|
|
|
|
sha256 = "19mgcqbdyzm4myi182jcn1rn26xi3jib74cpxbbrx1gaccxlsvar";
|
|
|
|
})
|
|
|
|
(fetchurl { # wpa-supplicant only
|
|
|
|
url = "http://w1.fi/security/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch";
|
|
|
|
sha256 = "0di71j8762dkvr0c7h5mrbkqyfdy8mljvnp0dk2qhbgc9bw7m8f5";
|
|
|
|
})
|
|
|
|
(fetchurl {
|
|
|
|
url = "http://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch";
|
|
|
|
sha256 = "1ca312cixbld70rp12q7h66lnjjxzz0qag0ii2sg6cllgf2hv168";
|
|
|
|
})
|
2015-04-24 22:27:40 +02:00
|
|
|
];
|
2009-04-04 02:21:21 +02:00
|
|
|
|
|
|
|
postInstall = ''
|
2012-01-18 21:16:00 +01:00
|
|
|
mkdir -p $out/share/man/man5 $out/share/man/man8
|
2014-03-11 12:34:48 +01:00
|
|
|
cp -v "doc/docbook/"*.5 $out/share/man/man5/
|
|
|
|
cp -v "doc/docbook/"*.8 $out/share/man/man8/
|
2013-01-03 12:47:00 +01:00
|
|
|
mkdir -p $out/etc/dbus-1/system.d $out/share/dbus-1/system-services $out/etc/systemd/system
|
2014-03-11 12:34:48 +01:00
|
|
|
cp -v "dbus/"*service $out/share/dbus-1/system-services
|
|
|
|
sed -e "s@/sbin/wpa_supplicant@$out&@" -i "$out/share/dbus-1/system-services/"*
|
2011-09-13 21:29:13 +02:00
|
|
|
cp -v dbus/dbus-wpa_supplicant.conf $out/etc/dbus-1/system.d
|
2014-03-11 12:34:48 +01:00
|
|
|
cp -v "systemd/"*.service $out/etc/systemd/system
|
2015-05-15 11:08:22 +02:00
|
|
|
rm $out/share/man/man8/wpa_priv.8
|
2014-03-11 12:34:48 +01:00
|
|
|
'';
|
2009-04-04 02:21:21 +02:00
|
|
|
|
2015-04-24 22:27:40 +02:00
|
|
|
meta = with stdenv.lib; {
|
2009-04-04 02:21:21 +02:00
|
|
|
homepage = http://hostap.epitest.fi/wpa_supplicant/;
|
|
|
|
description = "A tool for connecting to WPA and WPA2-protected wireless networks";
|
2015-04-24 22:27:40 +02:00
|
|
|
license = licenses.bsd3;
|
2017-03-27 19:11:17 +02:00
|
|
|
maintainers = with maintainers; [ marcweber wkennington ];
|
2015-04-24 22:27:40 +02:00
|
|
|
platforms = platforms.linux;
|
2009-04-04 02:21:21 +02:00
|
|
|
};
|
2007-04-08 22:20:21 +02:00
|
|
|
}
|