blob: 3dce750d255ee04f146a549a1ca77033babcaf6f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
{ stdenv, fetchpatch, fetchurl, lib, openssl, pkgconfig, libnl
, dbus_libs ? null, readline ? null, pcsclite ? null
}:
with stdenv.lib;
stdenv.mkDerivation rec {
version = "2.6";
name = "wpa_supplicant-${version}";
src = fetchurl {
url = "https://w1.fi/releases/${name}.tar.gz";
sha256 = "0l0l5gz3d5j9bqjsbjlfcv4w4jwndllp9fmyai4x9kg6qhs6v4xl";
};
# TODO: Patch epoll so that the dbus actually responds
# TODO: Figure out how to get privsep working, currently getting SIGBUS
extraConfig = ''
CONFIG_AP=y
CONFIG_LIBNL32=y
CONFIG_EAP_FAST=y
CONFIG_EAP_PWD=y
CONFIG_EAP_PAX=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_WPS=y
CONFIG_WPS_ER=y
CONFIG_WPS_NFS=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_EKE=y
CONFIG_HT_OVERRIDES=y
CONFIG_VHT_OVERRIDES=y
CONFIG_ELOOP=eloop
#CONFIG_ELOOP_EPOLL=y
CONFIG_L2_PACKET=linux
CONFIG_IEEE80211W=y
CONFIG_TLS=openssl
CONFIG_TLSV11=y
#CONFIG_TLSV12=y see #8332
CONFIG_IEEE80211R=y
CONFIG_DEBUG_SYSLOG=y
#CONFIG_PRIVSEP=y
CONFIG_IEEE80211N=y
CONFIG_IEEE80211AC=y
CONFIG_INTERNETWORKING=y
CONFIG_HS20=y
CONFIG_P2P=y
CONFIG_TDLS=y
CONFIG_BGSCAN_SIMPLE=y
'' + optionalString (pcsclite != null) ''
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_PCSC=y
'' + optionalString (dbus_libs != null) ''
CONFIG_CTRL_IFACE_DBUS=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
'' + (if readline != null then ''
CONFIG_READLINE=y
'' else ''
CONFIG_WPA_CLI_EDIT=y
'');
preBuild = ''
cd wpa_supplicant
cp -v defconfig .config
echo "$extraConfig" >> .config
cat -n .config
substituteInPlace Makefile --replace /usr/local $out
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE \
-I$(echo "${stdenv.lib.getDev libnl}"/include/libnl*/) \
-I${stdenv.lib.getDev pcsclite}/include/PCSC/"
'';
buildInputs = [ openssl libnl dbus_libs readline pcsclite ];
nativeBuildInputs = [ pkgconfig ];
patches = [
./build-fix.patch
#KRACKAttack.com
(fetchurl {
url = "http://w1.fi/security/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch";
sha256 = "02zl2x4pxay666yq18g4f3byccrzipfjbky1ydw62v15h76174aj";
})
(fetchurl {
url = "http://w1.fi/security/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch";
sha256 = "1mrmqg00x1bqa43dyhxb14msk74lh3kvr4avni43c3qpfjmlfvfq";
})
(fetchurl {
url = "http://w1.fi/security/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch";
sha256 = "10byyi8wfpcc8i788ag7ndycd3xvq2iwnssyb3rwf34sfcv5wlyl";
})
(fetchurl {
url = "http://w1.fi/security/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch";
sha256 = "02z2rsbh4sw81wsc56xjbblbi76ii0clmpnr1m1szdb1h5s58fkr";
})
(fetchurl {
url = "http://w1.fi/security/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch";
sha256 = "17pbrn5h6l5v14y6gn2yr2knqya9i0n2vyq4ck8hasb00yz8lz0l";
})
(fetchurl {
url = "http://w1.fi/security/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch";
sha256 = "19mgcqbdyzm4myi182jcn1rn26xi3jib74cpxbbrx1gaccxlsvar";
})
(fetchurl { # wpa-supplicant only
url = "http://w1.fi/security/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch";
sha256 = "0di71j8762dkvr0c7h5mrbkqyfdy8mljvnp0dk2qhbgc9bw7m8f5";
})
(fetchurl {
url = "http://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch";
sha256 = "1ca312cixbld70rp12q7h66lnjjxzz0qag0ii2sg6cllgf2hv168";
})
];
postInstall = ''
mkdir -p $out/share/man/man5 $out/share/man/man8
cp -v "doc/docbook/"*.5 $out/share/man/man5/
cp -v "doc/docbook/"*.8 $out/share/man/man8/
mkdir -p $out/etc/dbus-1/system.d $out/share/dbus-1/system-services $out/etc/systemd/system
cp -v "dbus/"*service $out/share/dbus-1/system-services
sed -e "s@/sbin/wpa_supplicant@$out&@" -i "$out/share/dbus-1/system-services/"*
cp -v dbus/dbus-wpa_supplicant.conf $out/etc/dbus-1/system.d
cp -v "systemd/"*.service $out/etc/systemd/system
rm $out/share/man/man8/wpa_priv.8
'';
meta = with stdenv.lib; {
homepage = http://hostap.epitest.fi/wpa_supplicant/;
description = "A tool for connecting to WPA and WPA2-protected wireless networks";
license = licenses.bsd3;
maintainers = with maintainers; [ marcweber wkennington ];
platforms = platforms.linux;
};
}
|