hostapd: enable new stable features such as WiFi6 and structure .config
These changes are important to support modern APs configurations. Short overview: - CONFIG_IEEE80211AX support (WiFi6) - CONFIG_SAE_PK (pubkey authenticated WPA3) - CONFIG_DRIVER_NONE (standalone RADIUS server) - CONFIG_OCV (Operating Channel Validation) - Enable epoll on linux systems - Remove deprecated TKIP support - Fix misspelling (CONFIG_INTERNETWORKING != CONFIG_INTERWORKING) - The .config was restructured into sections to reflect the upstream defconfig order and for easier updating in the future
This commit is contained in:
oddlama
parent
0a85190a97
commit
4bec3f2043
2 changed files with 47 additions and 13 deletions
|
|
@ -22,6 +22,8 @@
|
|||
|
||||
- [Apache Guacamole](https://guacamole.apache.org/), a cross-platform, clientless remote desktop gateway. Available as [services.guacamole-server](#opt-services.guacamole-server.enable) and [services.guacamole-client](#opt-services.guacamole-client.enable) services.
|
||||
|
||||
- Support for WiFi6 (IEEE 802.11ax) and WPA3-SAE-PK was enabled in the `hostapd` package.
|
||||
|
||||
## Backward Incompatibilities {#sec-release-23.11-incompatibilities}
|
||||
|
||||
- `python3.pkgs.sequoia` was removed in favor of `python3.pkgs.pysequoia`. The latter package is based on upstream's dedicated repository for sequoia's Python bindings, where the Python bindings from [gitlab:sequoia-pgp/sequoia](https://gitlab.com/sequoia-pgp/sequoia) were removed long ago.
|
||||
|
|
|
|||
|
|
@ -23,13 +23,21 @@ stdenv.mkDerivation rec {
|
|||
|
||||
outputs = [ "out" "man" ];
|
||||
|
||||
# Based on hostapd's defconfig. Only differences are tracked.
|
||||
extraConfig = ''
|
||||
# Use epoll(7) instead of select(2) on linux
|
||||
CONFIG_ELOOP_EPOLL=y
|
||||
|
||||
# Drivers
|
||||
CONFIG_DRIVER_WIRED=y
|
||||
CONFIG_LIBNL32=y
|
||||
CONFIG_DRIVER_NONE=y
|
||||
|
||||
# Integrated EAP server
|
||||
CONFIG_EAP_SIM=y
|
||||
CONFIG_EAP_AKA=y
|
||||
CONFIG_EAP_AKA_PRIME=y
|
||||
CONFIG_EAP_PAX=y
|
||||
CONFIG_EAP_PSK=y
|
||||
CONFIG_EAP_PWD=y
|
||||
CONFIG_EAP_SAKE=y
|
||||
CONFIG_EAP_GPSK=y
|
||||
|
|
@ -38,29 +46,53 @@ stdenv.mkDerivation rec {
|
|||
CONFIG_EAP_IKEV2=y
|
||||
CONFIG_EAP_TNC=y
|
||||
CONFIG_EAP_EKE=y
|
||||
CONFIG_RADIUS_SERVER=y
|
||||
CONFIG_IEEE80211R=y
|
||||
CONFIG_IEEE80211N=y
|
||||
CONFIG_IEEE80211AC=y
|
||||
CONFIG_IEEE80211AX=y
|
||||
CONFIG_FULL_DYNAMIC_VLAN=y
|
||||
CONFIG_VLAN_NETLINK=y
|
||||
|
||||
CONFIG_TLS=openssl
|
||||
CONFIG_TLSV11=y
|
||||
CONFIG_TLSV12=y
|
||||
CONFIG_INTERNETWORKING=y
|
||||
CONFIG_HS20=y
|
||||
CONFIG_ACS=y
|
||||
CONFIG_GETRANDOM=y
|
||||
|
||||
CONFIG_SAE=y
|
||||
CONFIG_SAE_PK=y
|
||||
|
||||
CONFIG_OWE=y
|
||||
CONFIG_OCV=y
|
||||
|
||||
# TKIP is considered insecure and upstream support will be removed in the future
|
||||
CONFIG_NO_TKIP=y
|
||||
|
||||
# Enable Wi-Fi Protected Setup
|
||||
CONFIG_WPS=y
|
||||
CONFIG_WPS_UPNP=y
|
||||
CONFIG_WPS_NFC=y
|
||||
|
||||
# Misc
|
||||
CONFIG_RADIUS_SERVER=y
|
||||
CONFIG_FULL_DYNAMIC_VLAN=y
|
||||
CONFIG_VLAN_NETLINK=y
|
||||
CONFIG_GETRANDOM=y
|
||||
CONFIG_INTERWORKING=y
|
||||
CONFIG_HS20=y
|
||||
CONFIG_FST=y
|
||||
CONFIG_FST_TEST=y
|
||||
CONFIG_ACS=y
|
||||
CONFIG_WNM=y
|
||||
CONFIG_MBO=y
|
||||
|
||||
CONFIG_IEEE80211R=y
|
||||
CONFIG_IEEE80211W=y
|
||||
CONFIG_IEEE80211N=y
|
||||
CONFIG_IEEE80211AC=y
|
||||
CONFIG_IEEE80211AX=y
|
||||
'' + lib.optionalString (sqlite != null) ''
|
||||
CONFIG_SQLITE=y
|
||||
'';
|
||||
|
||||
passAsFile = [ "extraConfig" ];
|
||||
|
||||
configurePhase = ''
|
||||
cd hostapd
|
||||
cp -v defconfig .config
|
||||
echo "$extraConfig" >> .config
|
||||
cat $extraConfigPath >> .config
|
||||
cat -n .config
|
||||
substituteInPlace Makefile --replace /usr/local $out
|
||||
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE $(pkg-config --cflags libnl-3.0)"
|
||||
|
|
|
|||
Loading…
Reference in a new issue