mirror of
https://github.com/pentoo/pentoo-overlay
synced 2025-12-06 08:25:01 +01:00
libressl: gone
This commit is contained in:
Anton Bolshakov
parent
78a98ba01b
commit
3b46850f9d
12 changed files with 105 additions and 874 deletions
|
|
@ -12,12 +12,11 @@ SRC_URI="https://github.com/royhills/ike-scan/archive/${HASH_COMMIT}.zip -> ${P}
|
|||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
KEYWORDS="~amd64 ~ppc x86"
|
||||
IUSE="libressl ssl"
|
||||
IUSE="ssl"
|
||||
|
||||
DEPEND="
|
||||
ssl? (
|
||||
!libressl? ( dev-libs/openssl:0= )
|
||||
libressl? ( dev-libs/libressl:0= )
|
||||
dev-libs/openssl:0=
|
||||
)
|
||||
"
|
||||
RDEPEND="
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 1999-2020 Gentoo Authors
|
||||
# Copyright 1999-2021 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=7
|
||||
|
|
@ -16,16 +16,14 @@ SRC_URI="https://github.com/jmk-foofus/medusa/archive/${COMMIT_HASH}.tar.gz -> $
|
|||
KEYWORDS="~amd64 ~x86"
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
IUSE="${MODULES[@]} debug libressl"
|
||||
IUSE="${MODULES[@]} debug"
|
||||
DOCS=( AUTHORS NEWS README.md TODO ChangeLog sample )
|
||||
|
||||
RDEPEND="
|
||||
RDEPEND="dev-libs/openssl:=
|
||||
ssh? ( net-libs/libssh2 )
|
||||
postgres? ( dev-db/postgresql:= )
|
||||
rdp? ( net-misc/freerdp )
|
||||
subversion? ( dev-vcs/subversion )
|
||||
!libressl? ( dev-libs/openssl:= )
|
||||
libressl? ( dev-libs/libressl:= )
|
||||
"
|
||||
#afp was removed as unmaintained and unbuildable
|
||||
#afp? ( net-fs/afpfs-ng )"
|
||||
|
|
|
|||
|
|
@ -1,63 +0,0 @@
|
|||
From 39e4ac0cf8d415b41dc2ff1fc329de0522b135ca Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Strogin <stefan.strogin@gmail.com>
|
||||
Date: Wed, 24 Apr 2019 09:16:12 +0300
|
||||
Subject: [PATCH] Fix build to LibreSSL
|
||||
|
||||
Upstream-Status: Inappropriate
|
||||
[https://github.com/FreeRADIUS/freeradius-server/commit/9652affe38f41ba2484e013cf9d2c0bcb8c80d67]
|
||||
Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com>
|
||||
---
|
||||
src/main/tls.c | 9 ++++++---
|
||||
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c | 3 ++-
|
||||
2 files changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/main/tls.c b/src/main/tls.c
|
||||
index 9726953234..840724bf61 100644
|
||||
--- a/src/main/tls.c
|
||||
+++ b/src/main/tls.c
|
||||
@@ -1579,7 +1579,8 @@ done:
|
||||
return 0;
|
||||
}
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090100fL)
|
||||
static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, int *copy)
|
||||
#else
|
||||
static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int len, int *copy)
|
||||
@@ -3379,14 +3380,16 @@ post_ca:
|
||||
*/
|
||||
SSL_CTX_sess_set_cache_size(ctx, conf->session_cache_size);
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||
+/* Not implemented in LibreSSL 2.9.1 */
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
SSL_CTX_set_num_tickets(ctx, 1);
|
||||
#endif
|
||||
|
||||
} else {
|
||||
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||
+/* Not implemented in LibreSSL 2.9.1 */
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
/*
|
||||
* This controls the number of stateful or stateless tickets
|
||||
* generated with TLS 1.3. In OpenSSL 1.1.1 it's also
|
||||
diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
|
||||
index fa9c58f3c3..a53341fc20 100644
|
||||
--- a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
|
||||
+++ b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
|
||||
@@ -44,7 +44,8 @@ static int openssl_get_keyblock_size(REQUEST *request, SSL *ssl)
|
||||
{
|
||||
const EVP_CIPHER *c;
|
||||
const EVP_MD *h;
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090100fL)
|
||||
int md_size;
|
||||
|
||||
if (ssl->enc_read_ctx == NULL || ssl->enc_read_ctx->cipher == NULL ||
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
|
@ -1,9 +1,9 @@
|
|||
# Copyright 1999-2020 Gentoo Authors
|
||||
# Copyright 1999-2021 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=7
|
||||
|
||||
PYTHON_COMPAT=( python3_{6,7,8} )
|
||||
PYTHON_COMPAT=( python3_{7,8} )
|
||||
inherit autotools pam python-single-r1 systemd
|
||||
|
||||
MY_P="${PN}-server-${PV}"
|
||||
|
|
@ -20,7 +20,7 @@ LICENSE="GPL-2"
|
|||
SLOT="0"
|
||||
|
||||
IUSE="
|
||||
debug firebird iodbc kerberos ldap libressl memcached mysql mongodb odbc oracle pam
|
||||
debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam
|
||||
pcap postgres python readline redis rest samba sqlite ssl systemd +wpe
|
||||
"
|
||||
RESTRICT="test firebird? ( bindist )"
|
||||
|
|
@ -56,8 +56,7 @@ RDEPEND="acct-group/radius
|
|||
samba? ( net-fs/samba )
|
||||
sqlite? ( dev-db/sqlite:3 )
|
||||
ssl? (
|
||||
!libressl? ( dev-libs/openssl:0=[-bindist] )
|
||||
libressl? ( dev-libs/libressl:0= )
|
||||
dev-libs/openssl:0=[-bindist]
|
||||
)
|
||||
systemd? ( sys-apps/systemd )"
|
||||
DEPEND="${RDEPEND}"
|
||||
|
|
@ -67,7 +66,6 @@ REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
|
|||
S="${WORKDIR}/${MY_P}"
|
||||
|
||||
PATCHES=(
|
||||
"${FILESDIR}"/${PN}-3.0.18-libressl.patch
|
||||
"${FILESDIR}"/${P}-systemd-service.patch
|
||||
# Fix rlm_python3 build
|
||||
# Backport from rlm_python changes to rlm_python3
|
||||
|
|
@ -234,7 +232,9 @@ src_install() {
|
|||
R="${D}" \
|
||||
install
|
||||
|
||||
pamd_mimic_system radiusd auth account password session
|
||||
if use pam; then
|
||||
pamd_mimic_system radiusd auth account password session
|
||||
fi
|
||||
|
||||
# fix #711756
|
||||
fowners -R radius:radius /etc/raddb
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ LICENSE="GPL-2"
|
|||
SLOT="0"
|
||||
|
||||
IUSE="
|
||||
debug firebird iodbc kerberos ldap libressl memcached mysql mongodb odbc oracle pam
|
||||
debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam
|
||||
pcap postgres python readline redis rest samba sqlite ssl systemd +wpe
|
||||
"
|
||||
RESTRICT="test firebird? ( bindist )"
|
||||
|
|
@ -56,8 +56,7 @@ RDEPEND="acct-group/radius
|
|||
samba? ( net-fs/samba )
|
||||
sqlite? ( dev-db/sqlite:3 )
|
||||
ssl? (
|
||||
!libressl? ( dev-libs/openssl:0=[-bindist] )
|
||||
libressl? ( dev-libs/libressl:0= )
|
||||
dev-libs/openssl:0=[-bindist]
|
||||
)
|
||||
systemd? ( sys-apps/systemd )"
|
||||
DEPEND="${RDEPEND}"
|
||||
|
|
|
|||
|
|
@ -1,106 +0,0 @@
|
|||
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
|
||||
index 19e0e2be8..6585c0245 100644
|
||||
--- a/src/crypto/crypto_openssl.c
|
||||
+++ b/src/crypto/crypto_openssl.c
|
||||
@@ -33,7 +33,9 @@
|
||||
#include "aes_wrap.h"
|
||||
#include "crypto.h"
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
/* Compatibility wrappers for older versions. */
|
||||
|
||||
static HMAC_CTX * HMAC_CTX_new(void)
|
||||
@@ -79,7 +81,9 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
|
||||
|
||||
static BIGNUM * get_group5_prime(void)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
||||
+ !(defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
return BN_get_rfc3526_prime_1536(NULL);
|
||||
#elif !defined(OPENSSL_IS_BORINGSSL)
|
||||
return get_rfc3526_prime_1536(NULL);
|
||||
@@ -611,7 +615,9 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
|
||||
|
||||
void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
DH *dh;
|
||||
struct wpabuf *pubkey = NULL, *privkey = NULL;
|
||||
size_t publen, privlen;
|
||||
@@ -712,7 +718,9 @@ err:
|
||||
|
||||
void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
DH *dh;
|
||||
|
||||
dh = DH_new();
|
||||
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
||||
index 23ac64b48..91acc579d 100644
|
||||
--- a/src/crypto/tls_openssl.c
|
||||
+++ b/src/crypto/tls_openssl.c
|
||||
@@ -59,7 +59,8 @@ typedef int stack_index_t;
|
||||
#endif /* SSL_set_tlsext_status_type */
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
- defined(LIBRESSL_VERSION_NUMBER)) && \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)) && \
|
||||
!defined(BORINGSSL_API_VERSION)
|
||||
/*
|
||||
* SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
|
||||
@@ -919,7 +920,9 @@ void * tls_init(const struct tls_config *conf)
|
||||
}
|
||||
#endif /* OPENSSL_FIPS */
|
||||
#endif /* CONFIG_FIPS */
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
SSL_load_error_strings();
|
||||
SSL_library_init();
|
||||
#ifndef OPENSSL_NO_SHA256
|
||||
@@ -1043,7 +1046,9 @@ void tls_deinit(void *ssl_ctx)
|
||||
|
||||
tls_openssl_ref_count--;
|
||||
if (tls_openssl_ref_count == 0) {
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE_cleanup();
|
||||
#endif /* OPENSSL_NO_ENGINE */
|
||||
@@ -3105,7 +3110,9 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
|
||||
#ifdef OPENSSL_NEED_EAP_FAST_PRF
|
||||
static int openssl_get_keyblock_size(SSL *ssl)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
const EVP_CIPHER *c;
|
||||
const EVP_MD *h;
|
||||
int md_size;
|
||||
@@ -4159,7 +4166,9 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
|
||||
struct tls_connection *conn = arg;
|
||||
int ret;
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
if (conn == NULL || conn->session_ticket_cb == NULL)
|
||||
return 0;
|
||||
|
||||
|
|
@ -15,16 +15,13 @@ SRC_URI="http://w1.fi/releases/${P}.tar.gz
|
|||
LICENSE="BSD"
|
||||
SLOT="0"
|
||||
KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86"
|
||||
IUSE="internal-tls ipv6 karma_cli libressl logwatch netlink sqlite +wpe +wps +crda"
|
||||
IUSE="internal-tls ipv6 karma_cli logwatch netlink sqlite +wpe +wps +crda"
|
||||
|
||||
REQUIRED_USE="^^ ( wpe karma_cli )"
|
||||
|
||||
DEPEND="
|
||||
libressl? ( dev-libs/libressl:0= )
|
||||
!libressl? (
|
||||
internal-tls? ( dev-libs/libtommath )
|
||||
!internal-tls? ( dev-libs/openssl:0=[-bindist] )
|
||||
)
|
||||
kernel_linux? (
|
||||
dev-libs/libnl:3
|
||||
crda? ( net-wireless/crda )
|
||||
|
|
@ -39,11 +36,7 @@ S="${S}/${PN}"
|
|||
|
||||
pkg_pretend() {
|
||||
if use internal-tls; then
|
||||
if use libressl; then
|
||||
elog "libressl flag takes precedence over internal-tls"
|
||||
else
|
||||
ewarn "internal-tls implementation is experimental and provides fewer features"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -52,9 +45,6 @@ src_prepare() {
|
|||
# i.e. anything outside ${S}/${PN}
|
||||
pushd ../ >/dev/null || die
|
||||
|
||||
# Add LibreSSL compatibility patch bug (#567262)
|
||||
eapply "${WORKDIR}/${EXTRAS_NAME}/${P}-libressl-compatibility.patch"
|
||||
|
||||
# https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
|
||||
eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch"
|
||||
eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch"
|
||||
|
|
@ -101,7 +91,7 @@ src_configure() {
|
|||
echo "CONFIG_TAXONOMY=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
if use internal-tls && ! use libressl; then
|
||||
if use internal-tls; then
|
||||
echo "CONFIG_TLS=internal" >> ${CONFIG}
|
||||
else
|
||||
# SSL authentication methods
|
||||
|
|
@ -202,7 +192,7 @@ src_configure() {
|
|||
src_compile() {
|
||||
emake V=1
|
||||
|
||||
if use libressl || ! use internal-tls; then
|
||||
if ! use internal-tls; then
|
||||
emake V=1 nt_password_hash
|
||||
emake V=1 hlr_auc_gw
|
||||
fi
|
||||
|
|
@ -225,7 +215,7 @@ src_install() {
|
|||
dobin ${PN}_cli
|
||||
fi
|
||||
|
||||
if use libressl || ! use internal-tls; then
|
||||
if ! use internal-tls; then
|
||||
dobin nt_password_hash hlr_auc_gw
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -26,14 +26,11 @@ fi
|
|||
|
||||
LICENSE="BSD"
|
||||
SLOT="0"
|
||||
IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wpe +wps +crda"
|
||||
IUSE="internal-tls ipv6 logwatch netlink sqlite +wpe +wps +crda"
|
||||
|
||||
DEPEND="
|
||||
libressl? ( dev-libs/libressl:0= )
|
||||
!libressl? (
|
||||
internal-tls? ( dev-libs/libtommath )
|
||||
!internal-tls? ( dev-libs/openssl:0=[-bindist] )
|
||||
)
|
||||
kernel_linux? (
|
||||
dev-libs/libnl:3
|
||||
crda? ( net-wireless/crda )
|
||||
|
|
@ -43,19 +40,11 @@ DEPEND="
|
|||
|
||||
RDEPEND="${DEPEND}"
|
||||
|
||||
PATCHES=(
|
||||
"${WORKDIR}/${EXTRAS_NAME}/0001-bug672834-libressl-v2.patch"
|
||||
)
|
||||
|
||||
S="${S}/${PN}"
|
||||
|
||||
pkg_pretend() {
|
||||
if use internal-tls; then
|
||||
if use libressl; then
|
||||
elog "libressl flag takes precedence over internal-tls"
|
||||
else
|
||||
ewarn "internal-tls implementation is experimental and provides fewer features"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -102,7 +91,7 @@ src_configure() {
|
|||
echo "CONFIG_TAXONOMY=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
if use internal-tls && ! use libressl; then
|
||||
if use internal-tls; then
|
||||
echo "CONFIG_TLS=internal" >> ${CONFIG}
|
||||
else
|
||||
# SSL authentication methods
|
||||
|
|
@ -203,7 +192,7 @@ src_configure() {
|
|||
src_compile() {
|
||||
emake V=1
|
||||
|
||||
if use libressl || ! use internal-tls; then
|
||||
if ! use internal-tls; then
|
||||
emake V=1 nt_password_hash
|
||||
emake V=1 hlr_auc_gw
|
||||
fi
|
||||
|
|
@ -228,7 +217,7 @@ src_install() {
|
|||
dobin ${PN}_cli
|
||||
fi
|
||||
|
||||
if use libressl || ! use internal-tls; then
|
||||
if ! use internal-tls; then
|
||||
dobin nt_password_hash hlr_auc_gw
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -26,14 +26,11 @@ fi
|
|||
|
||||
LICENSE="BSD"
|
||||
SLOT="0"
|
||||
IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wpe +wps +crda"
|
||||
IUSE="internal-tls ipv6 logwatch netlink sqlite +wpe +wps +crda"
|
||||
|
||||
DEPEND="
|
||||
libressl? ( dev-libs/libressl:0= )
|
||||
!libressl? (
|
||||
internal-tls? ( dev-libs/libtommath )
|
||||
!internal-tls? ( dev-libs/openssl:0=[-bindist] )
|
||||
)
|
||||
kernel_linux? (
|
||||
dev-libs/libnl:3
|
||||
crda? ( net-wireless/crda )
|
||||
|
|
@ -47,11 +44,7 @@ S="${S}/${PN}"
|
|||
|
||||
pkg_pretend() {
|
||||
if use internal-tls; then
|
||||
if use libressl; then
|
||||
elog "libressl flag takes precedence over internal-tls"
|
||||
else
|
||||
ewarn "internal-tls implementation is experimental and provides fewer features"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -98,7 +91,7 @@ src_configure() {
|
|||
echo "CONFIG_TAXONOMY=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
if use internal-tls && ! use libressl; then
|
||||
if use internal-tls; then
|
||||
echo "CONFIG_TLS=internal" >> ${CONFIG}
|
||||
else
|
||||
# SSL authentication methods
|
||||
|
|
@ -199,7 +192,7 @@ src_configure() {
|
|||
src_compile() {
|
||||
emake V=1
|
||||
|
||||
if use libressl || ! use internal-tls; then
|
||||
if ! use internal-tls; then
|
||||
emake V=1 nt_password_hash
|
||||
emake V=1 hlr_auc_gw
|
||||
fi
|
||||
|
|
@ -223,7 +216,7 @@ src_install() {
|
|||
dobin ${PN}_cli
|
||||
fi
|
||||
|
||||
if use libressl || ! use internal-tls; then
|
||||
if ! use internal-tls; then
|
||||
dobin nt_password_hash hlr_auc_gw
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -1,280 +0,0 @@
|
|||
# Copyright 1999-2019 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI="6"
|
||||
|
||||
inherit toolchain-funcs eutils systemd savedconfig
|
||||
|
||||
DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
|
||||
HOMEPAGE="https://github.com/aircrack-ng/aircrack-ng/tree/master/patches/wpe/hostapd-wpe"
|
||||
EXTRAS_VER="2.7-r2"
|
||||
EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras"
|
||||
SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz"
|
||||
|
||||
if [[ $PV == 9999 ]]; then
|
||||
inherit git-r3
|
||||
EGIT_REPO_URI="https://w1.fi/hostap.git"
|
||||
else
|
||||
if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then
|
||||
SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz"
|
||||
else
|
||||
SRC_URI+=" https://w1.fi/releases/${P}.tar.gz"
|
||||
fi
|
||||
# Never stabilize snapshot ebuilds please
|
||||
KEYWORDS="amd64 ~arm ~arm64 ~mips ~ppc x86"
|
||||
fi
|
||||
|
||||
LICENSE="BSD"
|
||||
SLOT="0"
|
||||
IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wpe +wps +crda"
|
||||
|
||||
DEPEND="
|
||||
libressl? ( dev-libs/libressl:0= )
|
||||
!libressl? (
|
||||
internal-tls? ( dev-libs/libtommath )
|
||||
!internal-tls? ( dev-libs/openssl:0=[-bindist] )
|
||||
)
|
||||
kernel_linux? (
|
||||
dev-libs/libnl:3
|
||||
crda? ( net-wireless/crda )
|
||||
)
|
||||
netlink? ( net-libs/libnfnetlink )
|
||||
sqlite? ( >=dev-db/sqlite-3 )"
|
||||
|
||||
RDEPEND="${DEPEND}"
|
||||
|
||||
S="${S}/${PN}"
|
||||
|
||||
pkg_pretend() {
|
||||
if use internal-tls; then
|
||||
if use libressl; then
|
||||
elog "libressl flag takes precedence over internal-tls"
|
||||
else
|
||||
ewarn "internal-tls implementation is experimental and provides fewer features"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
src_unpack() {
|
||||
# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
|
||||
default
|
||||
if [[ ${PV} == 9999 ]] ; then
|
||||
git-r3_src_unpack
|
||||
fi
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
# Allow users to apply patches to src/drivers for example,
|
||||
# i.e. anything outside ${S}/${PN}
|
||||
pushd ../ >/dev/null || die
|
||||
default
|
||||
#CVE-2019-16275 bug #696032
|
||||
eapply "${FILESDIR}/hostapd-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"
|
||||
popd >/dev/null || die
|
||||
|
||||
#https://github.com/aircrack-ng/aircrack-ng/tree/master/patches/wpe/hostapd-wpe
|
||||
use wpe && cd .. && epatch "${FILESDIR}/${P}-wpe.patch"
|
||||
|
||||
sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
|
||||
"${S}/hostapd.conf" || die
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
local CONFIG="${S}/.config"
|
||||
|
||||
restore_config "${CONFIG}"
|
||||
if [[ -f "${CONFIG}" ]]; then
|
||||
default_src_configure
|
||||
return 0
|
||||
fi
|
||||
|
||||
# toolchain setup
|
||||
echo "CC = $(tc-getCC)" > ${CONFIG}
|
||||
|
||||
# EAP authentication methods
|
||||
echo "CONFIG_EAP=y" >> ${CONFIG}
|
||||
echo "CONFIG_ERP=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
|
||||
|
||||
if use wpe; then
|
||||
echo "CONFIG_TAXONOMY=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
if use internal-tls && ! use libressl; then
|
||||
echo "CONFIG_TLS=internal" >> ${CONFIG}
|
||||
else
|
||||
# SSL authentication methods
|
||||
echo "CONFIG_EAP_FAST=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
|
||||
echo "CONFIG_TLSV11=y" >> ${CONFIG}
|
||||
echo "CONFIG_TLSV12=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_PWD=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
if use wps; then
|
||||
# Enable Wi-Fi Protected Setup
|
||||
echo "CONFIG_WPS=y" >> ${CONFIG}
|
||||
echo "CONFIG_WPS2=y" >> ${CONFIG}
|
||||
echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
|
||||
echo "CONFIG_WPS_NFC=y" >> ${CONFIG}
|
||||
einfo "Enabling Wi-Fi Protected Setup support"
|
||||
fi
|
||||
|
||||
echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_TNC=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_EKE=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
|
||||
|
||||
einfo "Enabling drivers: "
|
||||
|
||||
# drivers
|
||||
echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
|
||||
einfo " HostAP driver enabled"
|
||||
echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
|
||||
einfo " Wired driver enabled"
|
||||
echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
|
||||
einfo " None driver enabled"
|
||||
|
||||
einfo " nl80211 driver enabled"
|
||||
echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
|
||||
|
||||
# epoll
|
||||
echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG}
|
||||
|
||||
# misc
|
||||
echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG}
|
||||
echo "CONFIG_PKCS12=y" >> ${CONFIG}
|
||||
echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
|
||||
echo "CONFIG_IAPP=y" >> ${CONFIG}
|
||||
echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
|
||||
echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
|
||||
echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
|
||||
echo "CONFIG_IEEE80211AC=y" >> ${CONFIG}
|
||||
echo "CONFIG_PEERKEY=y" >> ${CONFIG}
|
||||
echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
|
||||
echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
|
||||
echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG}
|
||||
echo "CONFIG_HS20=y" >> ${CONFIG}
|
||||
echo "CONFIG_WNM=y" >> ${CONFIG}
|
||||
echo "CONFIG_FST=y" >> ${CONFIG}
|
||||
echo "CONFIG_FST_TEST=y" >> ${CONFIG}
|
||||
echo "CONFIG_ACS=y" >> ${CONFIG}
|
||||
|
||||
if use netlink; then
|
||||
# Netlink support
|
||||
echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
if use ipv6; then
|
||||
# IPv6 support
|
||||
echo "CONFIG_IPV6=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
if use sqlite; then
|
||||
# Sqlite support
|
||||
echo "CONFIG_SQLITE=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
# If we are using libnl 2.0 and above, enable support for it
|
||||
# Removed for now, since the 3.2 version is broken, and we don't
|
||||
# support it.
|
||||
if has_version ">=dev-libs/libnl-3.2"; then
|
||||
echo "CONFIG_LIBNL32=y" >> .config
|
||||
fi
|
||||
|
||||
# TODO: Add support for BSD drivers
|
||||
|
||||
default_src_configure
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
emake V=1
|
||||
|
||||
if use libressl || ! use internal-tls; then
|
||||
emake V=1 nt_password_hash
|
||||
emake V=1 hlr_auc_gw
|
||||
fi
|
||||
}
|
||||
|
||||
src_install() {
|
||||
insinto /etc/${PN}
|
||||
# mv hostapd-wpe.eap_user hostapd.eap_user
|
||||
doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
|
||||
doins "${FILESDIR}"/hostapd-int.conf "${FILESDIR}"/hostapd-ext.conf "${FILESDIR}/${P}"-wpe.conf
|
||||
|
||||
fperms -R 600 /etc/${PN}
|
||||
|
||||
if use wpe; then
|
||||
dosbin ${PN}-wpe
|
||||
dobin ${PN}-wpe_cli
|
||||
dosym ./${PN}-wpe /usr/sbin/${PN}
|
||||
DESTDIR="${ED}" emake wpe
|
||||
else
|
||||
dosbin ${PN}
|
||||
dobin ${PN}_cli
|
||||
fi
|
||||
|
||||
if use libressl || ! use internal-tls; then
|
||||
dobin nt_password_hash hlr_auc_gw
|
||||
fi
|
||||
|
||||
newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN}
|
||||
newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN}
|
||||
systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service
|
||||
|
||||
doman ${PN}{.8,_cli.1}
|
||||
|
||||
dodoc ChangeLog README
|
||||
use wps && dodoc README-WPS
|
||||
|
||||
docinto examples
|
||||
dodoc wired.conf
|
||||
|
||||
if use logwatch; then
|
||||
insinto /etc/log.d/conf/services/
|
||||
doins logwatch/${PN}.conf
|
||||
|
||||
exeinto /etc/log.d/scripts/services/
|
||||
doexe logwatch/${PN}
|
||||
fi
|
||||
|
||||
save_config .config
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
einfo
|
||||
einfo "If you are running openRC you need to follow this instructions:"
|
||||
einfo "In order to use ${PN} you need to set up your wireless card"
|
||||
einfo "for master mode in /etc/conf.d/net and then start"
|
||||
einfo "/etc/init.d/${PN}."
|
||||
einfo
|
||||
einfo "Example configuration:"
|
||||
einfo
|
||||
einfo "config_wlan0=( \"192.168.1.1/24\" )"
|
||||
einfo "channel_wlan0=\"6\""
|
||||
einfo "essid_wlan0=\"test\""
|
||||
einfo "mode_wlan0=\"master\""
|
||||
einfo
|
||||
#if [ -e "${KV_DIR}"/net/mac80211 ]; then
|
||||
# einfo "This package now compiles against the headers installed by"
|
||||
# einfo "the kernel source for the mac80211 driver. You should "
|
||||
# einfo "re-emerge ${PN} after upgrading your kernel source."
|
||||
#fi
|
||||
|
||||
if use wps; then
|
||||
einfo "You have enabled Wi-Fi Protected Setup support, please"
|
||||
einfo "read the README-WPS file in /usr/share/doc/${P}"
|
||||
einfo "for info on how to use WPS"
|
||||
fi
|
||||
}
|
||||
|
|
@ -1,42 +1,39 @@
|
|||
# Copyright 1999-2020 Gentoo Authors
|
||||
# Copyright 1999-2021 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI="6"
|
||||
EAPI=7
|
||||
|
||||
inherit toolchain-funcs eutils systemd savedconfig
|
||||
inherit toolchain-funcs systemd savedconfig
|
||||
|
||||
DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
|
||||
HOMEPAGE="https://github.com/aircrack-ng/aircrack-ng/tree/master/patches/wpe/hostapd-wpe"
|
||||
EXTRAS_VER="2.7-r2"
|
||||
EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras"
|
||||
SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz"
|
||||
S="${S}/${PN}"
|
||||
|
||||
if [[ $PV == 9999 ]]; then
|
||||
if [[ ${PV} == 9999 ]]; then
|
||||
inherit git-r3
|
||||
EGIT_REPO_URI="https://w1.fi/hostap.git"
|
||||
else
|
||||
if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then
|
||||
if [[ ${PV} =~ ^.*_p[0-9]{8}$ ]]; then
|
||||
SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz"
|
||||
else
|
||||
SRC_URI+=" https://w1.fi/releases/${P}.tar.gz"
|
||||
fi
|
||||
|
||||
# Never stabilize snapshot ebuilds please
|
||||
KEYWORDS="amd64 arm arm64 ~mips ppc x86"
|
||||
fi
|
||||
|
||||
LICENSE="BSD"
|
||||
SLOT="0"
|
||||
IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +suiteb +wpe +wps +crda"
|
||||
|
||||
# suiteb impl uses openssl feature not available in libressl, see bug 710992
|
||||
REQUIRED_USE="?? ( libressl suiteb )"
|
||||
IUSE="internal-tls ipv6 logwatch netlink sqlite +suiteb +wpe +wps +crda"
|
||||
|
||||
DEPEND="
|
||||
libressl? ( dev-libs/libressl:0= )
|
||||
!libressl? (
|
||||
internal-tls? ( dev-libs/libtommath )
|
||||
!internal-tls? ( dev-libs/openssl:0=[-bindist] )
|
||||
)
|
||||
|
||||
kernel_linux? (
|
||||
dev-libs/libnl:3
|
||||
crda? ( net-wireless/crda )
|
||||
|
|
@ -46,15 +43,9 @@ DEPEND="
|
|||
|
||||
RDEPEND="${DEPEND}"
|
||||
|
||||
S="${S}/${PN}"
|
||||
|
||||
pkg_pretend() {
|
||||
if use internal-tls; then
|
||||
if use libressl; then
|
||||
elog "libressl flag takes precedence over internal-tls"
|
||||
else
|
||||
ewarn "internal-tls implementation is experimental and provides fewer features"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -71,12 +62,14 @@ src_prepare() {
|
|||
# i.e. anything outside ${S}/${PN}
|
||||
pushd ../ >/dev/null || die
|
||||
default
|
||||
#CVE-2019-16275 bug #696032
|
||||
|
||||
# CVE-2019-16275 bug #696032
|
||||
eapply "${FILESDIR}/hostapd-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"
|
||||
# CVE-2020-12695 bug #727542
|
||||
eapply "${FILESDIR}/${P}-0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch"
|
||||
eapply "${FILESDIR}/${P}-0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch"
|
||||
eapply "${FILESDIR}/${P}-0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch"
|
||||
|
||||
popd >/dev/null || die
|
||||
|
||||
#https://github.com/aircrack-ng/aircrack-ng/tree/master/patches/wpe/hostapd-wpe
|
||||
|
|
@ -91,132 +84,128 @@ src_configure() {
|
|||
|
||||
restore_config "${CONFIG}"
|
||||
if [[ -f "${CONFIG}" ]]; then
|
||||
default_src_configure
|
||||
default
|
||||
return 0
|
||||
fi
|
||||
|
||||
# toolchain setup
|
||||
echo "CC = $(tc-getCC)" > ${CONFIG}
|
||||
echo "CC = $(tc-getCC)" > ${CONFIG} || die
|
||||
|
||||
# EAP authentication methods
|
||||
echo "CONFIG_EAP=y" >> ${CONFIG}
|
||||
echo "CONFIG_ERP=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
|
||||
echo "CONFIG_SAE=y" >> ${CONFIG}
|
||||
echo "CONFIG_OWE=y" >> ${CONFIG}
|
||||
echo "CONFIG_DPP=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_ERP=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_MD5=y" >> ${CONFIG} || die
|
||||
|
||||
if use suiteb; then
|
||||
echo "CONFIG_SUITEB=y" >> ${CONFIG}
|
||||
echo "CONFIG_SUITEB192=y" >> ${CONFIG}
|
||||
echo "CONFIG_SUITEB=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_SUITEB192=y" >> ${CONFIG} || die
|
||||
fi
|
||||
|
||||
if use wpe; then
|
||||
echo "CONFIG_TAXONOMY=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
if use internal-tls && ! use libressl; then
|
||||
echo "CONFIG_TLS=internal" >> ${CONFIG}
|
||||
if use internal-tls ; then
|
||||
echo "CONFIG_TLS=internal" >> ${CONFIG} || die
|
||||
else
|
||||
# SSL authentication methods
|
||||
echo "CONFIG_EAP_FAST=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
|
||||
echo "CONFIG_TLSV11=y" >> ${CONFIG}
|
||||
echo "CONFIG_TLSV12=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_PWD=y" >> ${CONFIG}
|
||||
echo "CONFIG_DPP=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_FAST=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_PWD=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_TLS=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_OWE=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_SAE=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_TLSV11=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_TLSV12=y" >> ${CONFIG} || die
|
||||
fi
|
||||
|
||||
if use wps; then
|
||||
# Enable Wi-Fi Protected Setup
|
||||
echo "CONFIG_WPS=y" >> ${CONFIG}
|
||||
echo "CONFIG_WPS2=y" >> ${CONFIG}
|
||||
echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
|
||||
echo "CONFIG_WPS_NFC=y" >> ${CONFIG}
|
||||
echo "CONFIG_WPS=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_WPS2=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_WPS_NFC=y" >> ${CONFIG} || die
|
||||
einfo "Enabling Wi-Fi Protected Setup support"
|
||||
fi
|
||||
|
||||
echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_TNC=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_EKE=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_TNC=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_GTC=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_SIM=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_AKA=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_EKE=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_PAX=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_PSK=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} || die
|
||||
|
||||
einfo "Enabling drivers: "
|
||||
|
||||
# drivers
|
||||
echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
|
||||
echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} || die
|
||||
einfo " HostAP driver enabled"
|
||||
echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
|
||||
echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} || die
|
||||
einfo " Wired driver enabled"
|
||||
echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
|
||||
echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} || die
|
||||
einfo " None driver enabled"
|
||||
|
||||
einfo " nl80211 driver enabled"
|
||||
echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
|
||||
echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} || die
|
||||
|
||||
# epoll
|
||||
echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG}
|
||||
echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} || die
|
||||
|
||||
# misc
|
||||
echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG}
|
||||
echo "CONFIG_PKCS12=y" >> ${CONFIG}
|
||||
echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
|
||||
echo "CONFIG_IAPP=y" >> ${CONFIG}
|
||||
echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
|
||||
echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
|
||||
echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
|
||||
echo "CONFIG_IEEE80211AC=y" >> ${CONFIG}
|
||||
echo "CONFIG_PEERKEY=y" >> ${CONFIG}
|
||||
echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
|
||||
echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
|
||||
echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG}
|
||||
echo "CONFIG_HS20=y" >> ${CONFIG}
|
||||
echo "CONFIG_WNM=y" >> ${CONFIG}
|
||||
echo "CONFIG_FST=y" >> ${CONFIG}
|
||||
echo "CONFIG_FST_TEST=y" >> ${CONFIG}
|
||||
echo "CONFIG_ACS=y" >> ${CONFIG}
|
||||
echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_PKCS12=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_IAPP=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_IEEE80211R=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_IEEE80211W=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_IEEE80211N=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_PEERKEY=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_INTERWORKING=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_HS20=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_WNM=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_FST=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_FST_TEST=y" >> ${CONFIG} || die
|
||||
echo "CONFIG_ACS=y" >> ${CONFIG} || die
|
||||
|
||||
if use netlink; then
|
||||
# Netlink support
|
||||
echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG}
|
||||
echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} || die
|
||||
fi
|
||||
|
||||
if use ipv6; then
|
||||
# IPv6 support
|
||||
echo "CONFIG_IPV6=y" >> ${CONFIG}
|
||||
echo "CONFIG_IPV6=y" >> ${CONFIG} || die
|
||||
fi
|
||||
|
||||
if use sqlite; then
|
||||
# Sqlite support
|
||||
echo "CONFIG_SQLITE=y" >> ${CONFIG}
|
||||
echo "CONFIG_SQLITE=y" >> ${CONFIG} || die
|
||||
fi
|
||||
|
||||
# If we are using libnl 2.0 and above, enable support for it
|
||||
# Removed for now, since the 3.2 version is broken, and we don't
|
||||
# support it.
|
||||
if has_version ">=dev-libs/libnl-3.2"; then
|
||||
echo "CONFIG_LIBNL32=y" >> .config
|
||||
echo "CONFIG_LIBNL32=y" >> ${CONFIG} || die
|
||||
fi
|
||||
|
||||
# TODO: Add support for BSD drivers
|
||||
|
||||
default_src_configure
|
||||
default
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
emake V=1
|
||||
|
||||
if use libressl || ! use internal-tls; then
|
||||
if ! use internal-tls; then
|
||||
emake V=1 nt_password_hash
|
||||
emake V=1 hlr_auc_gw
|
||||
fi
|
||||
|
|
@ -240,7 +229,7 @@ src_install() {
|
|||
dobin ${PN}_cli
|
||||
fi
|
||||
|
||||
if use libressl || ! use internal-tls; then
|
||||
if ! use internal-tls; then
|
||||
dobin nt_password_hash hlr_auc_gw
|
||||
fi
|
||||
|
||||
|
|
@ -281,7 +270,8 @@ pkg_postinst() {
|
|||
einfo "essid_wlan0=\"test\""
|
||||
einfo "mode_wlan0=\"master\""
|
||||
einfo
|
||||
#if [ -e "${KV_DIR}"/net/mac80211 ]; then
|
||||
|
||||
#if [[ -e "${KV_DIR}"/net/mac80211 ]]; then
|
||||
# einfo "This package now compiles against the headers installed by"
|
||||
# einfo "the kernel source for the mac80211 driver. You should "
|
||||
# einfo "re-emerge ${PN} after upgrading your kernel source."
|
||||
|
|
|
|||
|
|
@ -1,278 +0,0 @@
|
|||
# Copyright 1999-2019 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI="6"
|
||||
|
||||
inherit toolchain-funcs eutils systemd savedconfig
|
||||
|
||||
DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
|
||||
HOMEPAGE="https://github.com/aircrack-ng/aircrack-ng/tree/master/patches/wpe/hostapd-wpe"
|
||||
EXTRAS_VER="2.7-r2"
|
||||
EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras"
|
||||
SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz"
|
||||
|
||||
if [[ $PV == 9999 ]]; then
|
||||
inherit git-r3
|
||||
EGIT_REPO_URI="https://w1.fi/hostap.git"
|
||||
else
|
||||
if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then
|
||||
SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz"
|
||||
else
|
||||
SRC_URI+=" https://w1.fi/releases/${P}.tar.gz"
|
||||
fi
|
||||
# Never stabilize snapshot ebuilds please
|
||||
KEYWORDS="amd64 ~arm ~arm64 ~mips ~ppc x86"
|
||||
fi
|
||||
|
||||
LICENSE="BSD"
|
||||
SLOT="0"
|
||||
IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wpe +wps +crda"
|
||||
|
||||
DEPEND="
|
||||
libressl? ( dev-libs/libressl:0= )
|
||||
!libressl? (
|
||||
internal-tls? ( dev-libs/libtommath )
|
||||
!internal-tls? ( dev-libs/openssl:0=[-bindist] )
|
||||
)
|
||||
kernel_linux? (
|
||||
dev-libs/libnl:3
|
||||
crda? ( net-wireless/crda )
|
||||
)
|
||||
netlink? ( net-libs/libnfnetlink )
|
||||
sqlite? ( >=dev-db/sqlite-3 )"
|
||||
|
||||
RDEPEND="${DEPEND}"
|
||||
|
||||
S="${S}/${PN}"
|
||||
|
||||
pkg_pretend() {
|
||||
if use internal-tls; then
|
||||
if use libressl; then
|
||||
elog "libressl flag takes precedence over internal-tls"
|
||||
else
|
||||
ewarn "internal-tls implementation is experimental and provides fewer features"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
src_unpack() {
|
||||
# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
|
||||
default
|
||||
if [[ ${PV} == 9999 ]] ; then
|
||||
git-r3_src_unpack
|
||||
fi
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
# Allow users to apply patches to src/drivers for example,
|
||||
# i.e. anything outside ${S}/${PN}
|
||||
pushd ../ >/dev/null || die
|
||||
default
|
||||
popd >/dev/null || die
|
||||
|
||||
#https://github.com/aircrack-ng/aircrack-ng/tree/master/patches/wpe/hostapd-wpe
|
||||
use wpe && cd .. && epatch "${FILESDIR}/${P}-wpe.patch"
|
||||
|
||||
sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
|
||||
"${S}/hostapd.conf" || die
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
local CONFIG="${S}/.config"
|
||||
|
||||
restore_config "${CONFIG}"
|
||||
if [[ -f "${CONFIG}" ]]; then
|
||||
default_src_configure
|
||||
return 0
|
||||
fi
|
||||
|
||||
# toolchain setup
|
||||
echo "CC = $(tc-getCC)" > ${CONFIG}
|
||||
|
||||
# EAP authentication methods
|
||||
echo "CONFIG_EAP=y" >> ${CONFIG}
|
||||
echo "CONFIG_ERP=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
|
||||
|
||||
if use wpe; then
|
||||
echo "CONFIG_TAXONOMY=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
if use internal-tls && ! use libressl; then
|
||||
echo "CONFIG_TLS=internal" >> ${CONFIG}
|
||||
else
|
||||
# SSL authentication methods
|
||||
echo "CONFIG_EAP_FAST=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
|
||||
echo "CONFIG_TLSV11=y" >> ${CONFIG}
|
||||
echo "CONFIG_TLSV12=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_PWD=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
if use wps; then
|
||||
# Enable Wi-Fi Protected Setup
|
||||
echo "CONFIG_WPS=y" >> ${CONFIG}
|
||||
echo "CONFIG_WPS2=y" >> ${CONFIG}
|
||||
echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
|
||||
echo "CONFIG_WPS_NFC=y" >> ${CONFIG}
|
||||
einfo "Enabling Wi-Fi Protected Setup support"
|
||||
fi
|
||||
|
||||
echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_TNC=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_EKE=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
|
||||
echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
|
||||
|
||||
einfo "Enabling drivers: "
|
||||
|
||||
# drivers
|
||||
echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
|
||||
einfo " HostAP driver enabled"
|
||||
echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
|
||||
einfo " Wired driver enabled"
|
||||
echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
|
||||
einfo " None driver enabled"
|
||||
|
||||
einfo " nl80211 driver enabled"
|
||||
echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
|
||||
|
||||
# epoll
|
||||
echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG}
|
||||
|
||||
# misc
|
||||
echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG}
|
||||
echo "CONFIG_PKCS12=y" >> ${CONFIG}
|
||||
echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
|
||||
echo "CONFIG_IAPP=y" >> ${CONFIG}
|
||||
echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
|
||||
echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
|
||||
echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
|
||||
echo "CONFIG_IEEE80211AC=y" >> ${CONFIG}
|
||||
echo "CONFIG_PEERKEY=y" >> ${CONFIG}
|
||||
echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
|
||||
echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
|
||||
echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG}
|
||||
echo "CONFIG_HS20=y" >> ${CONFIG}
|
||||
echo "CONFIG_WNM=y" >> ${CONFIG}
|
||||
echo "CONFIG_FST=y" >> ${CONFIG}
|
||||
echo "CONFIG_FST_TEST=y" >> ${CONFIG}
|
||||
echo "CONFIG_ACS=y" >> ${CONFIG}
|
||||
|
||||
if use netlink; then
|
||||
# Netlink support
|
||||
echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
if use ipv6; then
|
||||
# IPv6 support
|
||||
echo "CONFIG_IPV6=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
if use sqlite; then
|
||||
# Sqlite support
|
||||
echo "CONFIG_SQLITE=y" >> ${CONFIG}
|
||||
fi
|
||||
|
||||
# If we are using libnl 2.0 and above, enable support for it
|
||||
# Removed for now, since the 3.2 version is broken, and we don't
|
||||
# support it.
|
||||
if has_version ">=dev-libs/libnl-3.2"; then
|
||||
echo "CONFIG_LIBNL32=y" >> .config
|
||||
fi
|
||||
|
||||
# TODO: Add support for BSD drivers
|
||||
|
||||
default_src_configure
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
emake V=1
|
||||
|
||||
if use libressl || ! use internal-tls; then
|
||||
emake V=1 nt_password_hash
|
||||
emake V=1 hlr_auc_gw
|
||||
fi
|
||||
}
|
||||
|
||||
src_install() {
|
||||
insinto /etc/${PN}
|
||||
# mv hostapd-wpe.eap_user hostapd.eap_user
|
||||
doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
|
||||
doins "${FILESDIR}"/hostapd-int.conf "${FILESDIR}"/hostapd-ext.conf "${FILESDIR}/${P}"-wpe.conf
|
||||
|
||||
fperms -R 600 /etc/${PN}
|
||||
|
||||
if use wpe; then
|
||||
dosbin ${PN}-wpe
|
||||
dobin ${PN}-wpe_cli
|
||||
dosym ./${PN}-wpe /usr/sbin/${PN}
|
||||
DESTDIR="${ED}" emake wpe
|
||||
else
|
||||
dosbin ${PN}
|
||||
dobin ${PN}_cli
|
||||
fi
|
||||
|
||||
if use libressl || ! use internal-tls; then
|
||||
dobin nt_password_hash hlr_auc_gw
|
||||
fi
|
||||
|
||||
newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN}
|
||||
newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN}
|
||||
systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service
|
||||
|
||||
doman ${PN}{.8,_cli.1}
|
||||
|
||||
dodoc ChangeLog README
|
||||
use wps && dodoc README-WPS
|
||||
|
||||
docinto examples
|
||||
dodoc wired.conf
|
||||
|
||||
if use logwatch; then
|
||||
insinto /etc/log.d/conf/services/
|
||||
doins logwatch/${PN}.conf
|
||||
|
||||
exeinto /etc/log.d/scripts/services/
|
||||
doexe logwatch/${PN}
|
||||
fi
|
||||
|
||||
save_config .config
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
einfo
|
||||
einfo "If you are running openRC you need to follow this instructions:"
|
||||
einfo "In order to use ${PN} you need to set up your wireless card"
|
||||
einfo "for master mode in /etc/conf.d/net and then start"
|
||||
einfo "/etc/init.d/${PN}."
|
||||
einfo
|
||||
einfo "Example configuration:"
|
||||
einfo
|
||||
einfo "config_wlan0=( \"192.168.1.1/24\" )"
|
||||
einfo "channel_wlan0=\"6\""
|
||||
einfo "essid_wlan0=\"test\""
|
||||
einfo "mode_wlan0=\"master\""
|
||||
einfo
|
||||
#if [ -e "${KV_DIR}"/net/mac80211 ]; then
|
||||
# einfo "This package now compiles against the headers installed by"
|
||||
# einfo "the kernel source for the mac80211 driver. You should "
|
||||
# einfo "re-emerge ${PN} after upgrading your kernel source."
|
||||
#fi
|
||||
|
||||
if use wps; then
|
||||
einfo "You have enabled Wi-Fi Protected Setup support, please"
|
||||
einfo "read the README-WPS file in /usr/share/doc/${P}"
|
||||
einfo "for info on how to use WPS"
|
||||
fi
|
||||
}
|
||||
Loading…
Reference in a new issue