1 |
commit: 38457d7ed121534eadb492deb0e9048f41d13a94 |
2 |
Author: Rick Farina <zerochaos <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Nov 4 16:31:53 2019 +0000 |
4 |
Commit: Rick Farina <zerochaos <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Nov 4 16:31:53 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38457d7e |
7 |
|
8 |
net-wireless/wpa_supplicant: fix bug #696030 |
9 |
|
10 |
Package-Manager: Portage-2.3.78, Repoman-2.3.17 |
11 |
Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org> |
12 |
|
13 |
...y-ignore-management-frame-from-unexpected.patch | 73 ++++ |
14 |
.../wpa_supplicant/wpa_supplicant-2.9-r1.ebuild | 461 +++++++++++++++++++++ |
15 |
2 files changed, 534 insertions(+) |
16 |
|
17 |
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch |
18 |
new file mode 100644 |
19 |
index 00000000000..d764a9db016 |
20 |
--- /dev/null |
21 |
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch |
22 |
@@ -0,0 +1,73 @@ |
23 |
+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001 |
24 |
+From: Jouni Malinen <j@××.fi> |
25 |
+Date: Thu, 29 Aug 2019 11:52:04 +0300 |
26 |
+Subject: [PATCH] AP: Silently ignore management frame from unexpected source |
27 |
+ address |
28 |
+ |
29 |
+Do not process any received Management frames with unexpected/invalid SA |
30 |
+so that we do not add any state for unexpected STA addresses or end up |
31 |
+sending out frames to unexpected destination. This prevents unexpected |
32 |
+sequences where an unprotected frame might end up causing the AP to send |
33 |
+out a response to another device and that other device processing the |
34 |
+unexpected response. |
35 |
+ |
36 |
+In particular, this prevents some potential denial of service cases |
37 |
+where the unexpected response frame from the AP might result in a |
38 |
+connected station dropping its association. |
39 |
+ |
40 |
+Signed-off-by: Jouni Malinen <j@××.fi> |
41 |
+--- |
42 |
+ src/ap/drv_callbacks.c | 13 +++++++++++++ |
43 |
+ src/ap/ieee802_11.c | 12 ++++++++++++ |
44 |
+ 2 files changed, 25 insertions(+) |
45 |
+ |
46 |
+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c |
47 |
+index 31587685fe3b..34ca379edc3d 100644 |
48 |
+--- a/src/ap/drv_callbacks.c |
49 |
++++ b/src/ap/drv_callbacks.c |
50 |
+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, |
51 |
+ "hostapd_notif_assoc: Skip event with no address"); |
52 |
+ return -1; |
53 |
+ } |
54 |
++ |
55 |
++ if (is_multicast_ether_addr(addr) || |
56 |
++ is_zero_ether_addr(addr) || |
57 |
++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { |
58 |
++ /* Do not process any frames with unexpected/invalid SA so that |
59 |
++ * we do not add any state for unexpected STA addresses or end |
60 |
++ * up sending out frames to unexpected destination. */ |
61 |
++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR |
62 |
++ " in received indication - ignore this indication silently", |
63 |
++ __func__, MAC2STR(addr)); |
64 |
++ return 0; |
65 |
++ } |
66 |
++ |
67 |
+ random_add_randomness(addr, ETH_ALEN); |
68 |
+ |
69 |
+ hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, |
70 |
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c |
71 |
+index c85a28db44b7..e7065372e158 100644 |
72 |
+--- a/src/ap/ieee802_11.c |
73 |
++++ b/src/ap/ieee802_11.c |
74 |
+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, |
75 |
+ fc = le_to_host16(mgmt->frame_control); |
76 |
+ stype = WLAN_FC_GET_STYPE(fc); |
77 |
+ |
78 |
++ if (is_multicast_ether_addr(mgmt->sa) || |
79 |
++ is_zero_ether_addr(mgmt->sa) || |
80 |
++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { |
81 |
++ /* Do not process any frames with unexpected/invalid SA so that |
82 |
++ * we do not add any state for unexpected STA addresses or end |
83 |
++ * up sending out frames to unexpected destination. */ |
84 |
++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR |
85 |
++ " in received frame - ignore this frame silently", |
86 |
++ MAC2STR(mgmt->sa)); |
87 |
++ return 0; |
88 |
++ } |
89 |
++ |
90 |
+ if (stype == WLAN_FC_STYPE_BEACON) { |
91 |
+ handle_beacon(hapd, mgmt, len, fi); |
92 |
+ return 1; |
93 |
+-- |
94 |
+2.20.1 |
95 |
+ |
96 |
|
97 |
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild |
98 |
new file mode 100644 |
99 |
index 00000000000..6b9f21781fc |
100 |
--- /dev/null |
101 |
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild |
102 |
@@ -0,0 +1,461 @@ |
103 |
+# Copyright 1999-2019 Gentoo Authors |
104 |
+# Distributed under the terms of the GNU General Public License v2 |
105 |
+ |
106 |
+EAPI=6 |
107 |
+ |
108 |
+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1 |
109 |
+ |
110 |
+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers" |
111 |
+HOMEPAGE="https://w1.fi/wpa_supplicant/" |
112 |
+LICENSE="|| ( GPL-2 BSD )" |
113 |
+ |
114 |
+if [ "${PV}" = "9999" ]; then |
115 |
+ inherit git-r3 |
116 |
+ EGIT_REPO_URI="https://w1.fi/hostap.git" |
117 |
+else |
118 |
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" |
119 |
+ SRC_URI="https://w1.fi/releases/${P}.tar.gz" |
120 |
+fi |
121 |
+ |
122 |
+SLOT="0" |
123 |
+IUSE="ap bindist dbus eap-sim eapol_test fasteap +fils +hs2-0 libressl macsec p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD" |
124 |
+ |
125 |
+# CONFIG_PRIVSEP=y does not have sufficient support for the new driver |
126 |
+# interface functions used for MACsec, so this combination cannot be used |
127 |
+# at least for now. |
128 |
+REQUIRED_USE=" |
129 |
+ macsec? ( !privsep ) |
130 |
+ privsep? ( !macsec ) |
131 |
+" |
132 |
+ |
133 |
+CDEPEND="dbus? ( sys-apps/dbus ) |
134 |
+ kernel_linux? ( |
135 |
+ dev-libs/libnl:3 |
136 |
+ net-wireless/crda |
137 |
+ eap-sim? ( sys-apps/pcsc-lite ) |
138 |
+ ) |
139 |
+ !kernel_linux? ( net-libs/libpcap ) |
140 |
+ qt5? ( |
141 |
+ dev-qt/qtcore:5 |
142 |
+ dev-qt/qtgui:5 |
143 |
+ dev-qt/qtsvg:5 |
144 |
+ dev-qt/qtwidgets:5 |
145 |
+ ) |
146 |
+ readline? ( |
147 |
+ sys-libs/ncurses:0= |
148 |
+ sys-libs/readline:0= |
149 |
+ ) |
150 |
+ !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] ) |
151 |
+ libressl? ( dev-libs/libressl:0= ) |
152 |
+" |
153 |
+DEPEND="${CDEPEND} |
154 |
+ virtual/pkgconfig |
155 |
+" |
156 |
+RDEPEND="${CDEPEND} |
157 |
+ selinux? ( sec-policy/selinux-networkmanager ) |
158 |
+" |
159 |
+ |
160 |
+DOC_CONTENTS=" |
161 |
+ If this is a clean installation of wpa_supplicant, you |
162 |
+ have to create a configuration file named |
163 |
+ ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf |
164 |
+ An example configuration file is available for reference in |
165 |
+ ${EROOT%/}/usr/share/doc/${PF}/ |
166 |
+" |
167 |
+ |
168 |
+S="${WORKDIR}/${P}/${PN}" |
169 |
+ |
170 |
+Kconfig_style_config() { |
171 |
+ #param 1 is CONFIG_* item |
172 |
+ #param 2 is what to set it = to, defaulting in y |
173 |
+ CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1" |
174 |
+ setting="${2:-y}" |
175 |
+ |
176 |
+ if [ ! $setting = n ]; then |
177 |
+ #first remove any leading "# " if $2 is not n |
178 |
+ sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM" |
179 |
+ #set item = $setting (defaulting to y) |
180 |
+ sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting" |
181 |
+ if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then |
182 |
+ echo "$CONFIG_PARAM=$setting" >>.config |
183 |
+ fi |
184 |
+ else |
185 |
+ #ensure item commented out |
186 |
+ sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM" |
187 |
+ fi |
188 |
+} |
189 |
+ |
190 |
+src_prepare() { |
191 |
+ default |
192 |
+ |
193 |
+ # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD |
194 |
+ sed -i \ |
195 |
+ -e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \ |
196 |
+ ../src/l2_packet/l2_packet_freebsd.c || die |
197 |
+ |
198 |
+ # People seem to take the example configuration file too literally (bug #102361) |
199 |
+ sed -i \ |
200 |
+ -e "s:^\(opensc_engine_path\):#\1:" \ |
201 |
+ -e "s:^\(pkcs11_engine_path\):#\1:" \ |
202 |
+ -e "s:^\(pkcs11_module_path\):#\1:" \ |
203 |
+ wpa_supplicant.conf || die |
204 |
+ |
205 |
+ # Change configuration to match Gentoo locations (bug #143750) |
206 |
+ sed -i \ |
207 |
+ -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \ |
208 |
+ -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \ |
209 |
+ wpa_supplicant.conf || die |
210 |
+ |
211 |
+ # systemd entries to D-Bus service files (bug #372877) |
212 |
+ echo 'SystemdService=wpa_supplicant.service' \ |
213 |
+ | tee -a dbus/*.service >/dev/null || die |
214 |
+ |
215 |
+ cd "${WORKDIR}/${P}" || die |
216 |
+ |
217 |
+ if use wimax; then |
218 |
+ # generate-libeap-peer.patch comes before |
219 |
+ # fix-undefined-reference-to-random_get_bytes.patch |
220 |
+ eapply "${FILESDIR}/${P}-generate-libeap-peer.patch" |
221 |
+ |
222 |
+ # multilib-strict fix (bug #373685) |
223 |
+ sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die |
224 |
+ fi |
225 |
+ |
226 |
+ # bug (320097) |
227 |
+ eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch" |
228 |
+ |
229 |
+ # bug (640492) |
230 |
+ sed -i 's#-Werror ##' wpa_supplicant/Makefile || die |
231 |
+ |
232 |
+ #CVE-2019-16275 bug #696030 |
233 |
+ eapply "${FILESDIR}/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch" |
234 |
+} |
235 |
+ |
236 |
+src_configure() { |
237 |
+ # Toolchain setup |
238 |
+ tc-export CC |
239 |
+ |
240 |
+ cp defconfig .config || die |
241 |
+ |
242 |
+ # Basic setup |
243 |
+ Kconfig_style_config CTRL_IFACE |
244 |
+ Kconfig_style_config MATCH_IFACE |
245 |
+ Kconfig_style_config BACKEND file |
246 |
+ Kconfig_style_config IBSS_RSN |
247 |
+ Kconfig_style_config IEEE80211W |
248 |
+ Kconfig_style_config IEEE80211R |
249 |
+ Kconfig_style_config HT_OVERRIDES |
250 |
+ Kconfig_style_config VHT_OVERRIDES |
251 |
+ Kconfig_style_config OCV |
252 |
+ Kconfig_style_config TLSV11 |
253 |
+ Kconfig_style_config TLSV12 |
254 |
+ Kconfig_style_config GETRANDOM |
255 |
+ Kconfig_style_config MBO |
256 |
+ |
257 |
+ # Basic authentication methods |
258 |
+ # NOTE: we don't set GPSK or SAKE as they conflict |
259 |
+ # with the below options |
260 |
+ Kconfig_style_config EAP_GTC |
261 |
+ Kconfig_style_config EAP_MD5 |
262 |
+ Kconfig_style_config EAP_OTP |
263 |
+ Kconfig_style_config EAP_PAX |
264 |
+ Kconfig_style_config EAP_PSK |
265 |
+ Kconfig_style_config IEEE8021X_EAPOL |
266 |
+ Kconfig_style_config PKCS12 |
267 |
+ Kconfig_style_config PEERKEY |
268 |
+ Kconfig_style_config EAP_LEAP |
269 |
+ Kconfig_style_config EAP_MSCHAPV2 |
270 |
+ Kconfig_style_config EAP_PEAP |
271 |
+ Kconfig_style_config EAP_TEAP |
272 |
+ Kconfig_style_config EAP_TLS |
273 |
+ Kconfig_style_config EAP_TTLS |
274 |
+ |
275 |
+ # Enabling background scanning. |
276 |
+ Kconfig_style_config BGSCAN_SIMPLE |
277 |
+ Kconfig_style_config BGSCAN_LEARN |
278 |
+ |
279 |
+ if use dbus ; then |
280 |
+ Kconfig_style_config CTRL_IFACE_DBUS |
281 |
+ Kconfig_style_config CTRL_IFACE_DBUS_NEW |
282 |
+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO |
283 |
+ else |
284 |
+ Kconfig_style_config CTRL_IFACE_DBUS n |
285 |
+ Kconfig_style_config CTRL_IFACE_DBUS_NEW n |
286 |
+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO n |
287 |
+ fi |
288 |
+ |
289 |
+ if use eapol_test ; then |
290 |
+ Kconfig_style_config EAPOL_TEST |
291 |
+ fi |
292 |
+ |
293 |
+ # Enable support for writing debug info to a log file and syslog. |
294 |
+ Kconfig_style_config DEBUG_FILE |
295 |
+ Kconfig_style_config DEBUG_SYSLOG |
296 |
+ |
297 |
+ if use hs2-0 ; then |
298 |
+ Kconfig_style_config INTERWORKING |
299 |
+ Kconfig_style_config HS20 |
300 |
+ fi |
301 |
+ |
302 |
+ if use uncommon-eap-types; then |
303 |
+ Kconfig_style_config EAP_GPSK |
304 |
+ Kconfig_style_config EAP_SAKE |
305 |
+ Kconfig_style_config EAP_GPSK_SHA256 |
306 |
+ Kconfig_style_config EAP_IKEV2 |
307 |
+ Kconfig_style_config EAP_EKE |
308 |
+ fi |
309 |
+ |
310 |
+ if use eap-sim ; then |
311 |
+ # Smart card authentication |
312 |
+ Kconfig_style_config EAP_SIM |
313 |
+ Kconfig_style_config EAP_AKA |
314 |
+ Kconfig_style_config EAP_AKA_PRIME |
315 |
+ Kconfig_style_config PCSC |
316 |
+ fi |
317 |
+ |
318 |
+ if use fasteap ; then |
319 |
+ Kconfig_style_config EAP_FAST |
320 |
+ fi |
321 |
+ |
322 |
+ if use readline ; then |
323 |
+ # readline/history support for wpa_cli |
324 |
+ Kconfig_style_config READLINE |
325 |
+ else |
326 |
+ #internal line edit mode for wpa_cli |
327 |
+ Kconfig_style_config WPA_CLI_EDIT |
328 |
+ fi |
329 |
+ |
330 |
+ Kconfig_style_config TLS openssl |
331 |
+ Kconfig_style_config FST |
332 |
+ if ! use bindist || use libressl; then |
333 |
+ Kconfig_style_config EAP_PWD |
334 |
+ if use fils; then |
335 |
+ Kconfig_style_config FILS |
336 |
+ Kconfig_style_config FILS_SK_PFS |
337 |
+ fi |
338 |
+ # Enabling mesh networks. |
339 |
+ Kconfig_style_config MESH |
340 |
+ #WPA3 |
341 |
+ Kconfig_style_config OWE |
342 |
+ Kconfig_style_config SAE |
343 |
+ Kconfig_style_config DPP |
344 |
+ Kconfig_style_config SUITEB192 |
345 |
+ fi |
346 |
+ if ! use bindist && ! use libressl; then |
347 |
+ Kconfig_style_config SUITEB |
348 |
+ fi |
349 |
+ |
350 |
+ if use smartcard ; then |
351 |
+ Kconfig_style_config SMARTCARD |
352 |
+ else |
353 |
+ Kconfig_style_config SMARTCARD n |
354 |
+ fi |
355 |
+ |
356 |
+ if use tdls ; then |
357 |
+ Kconfig_style_config TDLS |
358 |
+ fi |
359 |
+ |
360 |
+ if use kernel_linux ; then |
361 |
+ # Linux specific drivers |
362 |
+ Kconfig_style_config DRIVER_ATMEL |
363 |
+ Kconfig_style_config DRIVER_HOSTAP |
364 |
+ Kconfig_style_config DRIVER_IPW |
365 |
+ Kconfig_style_config DRIVER_NL80211 |
366 |
+ Kconfig_style_config DRIVER_RALINK |
367 |
+ Kconfig_style_config DRIVER_WEXT |
368 |
+ Kconfig_style_config DRIVER_WIRED |
369 |
+ |
370 |
+ if use macsec ; then |
371 |
+ #requires something, no idea what |
372 |
+ #Kconfig_style_config DRIVER_MACSEC_QCA |
373 |
+ Kconfig_style_config DRIVER_MACSEC_LINUX |
374 |
+ Kconfig_style_config MACSEC |
375 |
+ fi |
376 |
+ |
377 |
+ if use ps3 ; then |
378 |
+ Kconfig_style_config DRIVER_PS3 |
379 |
+ fi |
380 |
+ |
381 |
+ elif use kernel_FreeBSD ; then |
382 |
+ # FreeBSD specific driver |
383 |
+ Kconfig_style_config DRIVER_BSD |
384 |
+ fi |
385 |
+ |
386 |
+ # Wi-Fi Protected Setup (WPS) |
387 |
+ if use wps ; then |
388 |
+ Kconfig_style_config WPS |
389 |
+ Kconfig_style_config WPS2 |
390 |
+ # USB Flash Drive |
391 |
+ Kconfig_style_config WPS_UFD |
392 |
+ # External Registrar |
393 |
+ Kconfig_style_config WPS_ER |
394 |
+ # Universal Plug'n'Play |
395 |
+ Kconfig_style_config WPS_UPNP |
396 |
+ # Near Field Communication |
397 |
+ Kconfig_style_config WPS_NFC |
398 |
+ else |
399 |
+ Kconfig_style_config WPS n |
400 |
+ fi |
401 |
+ |
402 |
+ # Wi-Fi Direct (WiDi) |
403 |
+ if use p2p ; then |
404 |
+ Kconfig_style_config P2P |
405 |
+ Kconfig_style_config WIFI_DISPLAY |
406 |
+ fi |
407 |
+ |
408 |
+ # Access Point Mode |
409 |
+ if use ap ; then |
410 |
+ Kconfig_style_config AP |
411 |
+ else |
412 |
+ Kconfig_style_config AP n |
413 |
+ fi |
414 |
+ |
415 |
+ # Enable essentials for AP/P2P |
416 |
+ if use ap || use p2p ; then |
417 |
+ # Enabling HT support (802.11n) |
418 |
+ Kconfig_style_config IEEE80211N |
419 |
+ |
420 |
+ # Enabling VHT support (802.11ac) |
421 |
+ Kconfig_style_config IEEE80211AC |
422 |
+ fi |
423 |
+ |
424 |
+ # Enable mitigation against certain attacks against TKIP |
425 |
+ Kconfig_style_config DELAYED_MIC_ERROR_REPORT |
426 |
+ |
427 |
+ if use privsep ; then |
428 |
+ Kconfig_style_config PRIVSEP |
429 |
+ fi |
430 |
+ |
431 |
+ # If we are using libnl 2.0 and above, enable support for it |
432 |
+ # Bug 382159 |
433 |
+ # Removed for now, since the 3.2 version is broken, and we don't |
434 |
+ # support it. |
435 |
+ if has_version ">=dev-libs/libnl-3.2"; then |
436 |
+ Kconfig_style_config LIBNL32 |
437 |
+ fi |
438 |
+ |
439 |
+ if use qt5 ; then |
440 |
+ pushd "${S}"/wpa_gui-qt4 > /dev/null || die |
441 |
+ eqmake5 wpa_gui.pro |
442 |
+ popd > /dev/null || die |
443 |
+ fi |
444 |
+} |
445 |
+ |
446 |
+src_compile() { |
447 |
+ einfo "Building wpa_supplicant" |
448 |
+ emake V=1 BINDIR=/usr/sbin |
449 |
+ |
450 |
+ if use wimax; then |
451 |
+ emake -C ../src/eap_peer clean |
452 |
+ emake -C ../src/eap_peer |
453 |
+ fi |
454 |
+ |
455 |
+ if use qt5; then |
456 |
+ einfo "Building wpa_gui" |
457 |
+ emake -C "${S}"/wpa_gui-qt4 |
458 |
+ fi |
459 |
+ |
460 |
+ if use eapol_test ; then |
461 |
+ emake eapol_test |
462 |
+ fi |
463 |
+} |
464 |
+ |
465 |
+src_install() { |
466 |
+ dosbin wpa_supplicant |
467 |
+ use privsep && dosbin wpa_priv |
468 |
+ dobin wpa_cli wpa_passphrase |
469 |
+ |
470 |
+ # baselayout-1 compat |
471 |
+ if has_version "<sys-apps/baselayout-2.0.0"; then |
472 |
+ dodir /sbin |
473 |
+ dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant |
474 |
+ dodir /bin |
475 |
+ dosym ../usr/bin/wpa_cli /bin/wpa_cli |
476 |
+ fi |
477 |
+ |
478 |
+ if has_version ">=sys-apps/openrc-0.5.0"; then |
479 |
+ newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant |
480 |
+ newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant |
481 |
+ fi |
482 |
+ |
483 |
+ exeinto /etc/wpa_supplicant/ |
484 |
+ newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh |
485 |
+ |
486 |
+ readme.gentoo_create_doc |
487 |
+ dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \ |
488 |
+ wpa_supplicant.conf |
489 |
+ |
490 |
+ newdoc .config build-config |
491 |
+ |
492 |
+ if [ "${PV}" != "9999" ]; then |
493 |
+ doman doc/docbook/*.{5,8} |
494 |
+ fi |
495 |
+ |
496 |
+ if use qt5 ; then |
497 |
+ into /usr |
498 |
+ dobin wpa_gui-qt4/wpa_gui |
499 |
+ doicon wpa_gui-qt4/icons/wpa_gui.svg |
500 |
+ domenu wpa_gui-qt4/wpa_gui.desktop |
501 |
+ else |
502 |
+ rm "${ED}"/usr/share/man/man8/wpa_gui.8 |
503 |
+ fi |
504 |
+ |
505 |
+ use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install |
506 |
+ |
507 |
+ if use dbus ; then |
508 |
+ pushd "${S}"/dbus > /dev/null || die |
509 |
+ insinto /etc/dbus-1/system.d |
510 |
+ newins dbus-wpa_supplicant.conf wpa_supplicant.conf |
511 |
+ insinto /usr/share/dbus-1/system-services |
512 |
+ doins fi.w1.wpa_supplicant1.service |
513 |
+ popd > /dev/null || die |
514 |
+ |
515 |
+ # This unit relies on dbus support, bug 538600. |
516 |
+ systemd_dounit systemd/wpa_supplicant.service |
517 |
+ fi |
518 |
+ |
519 |
+ if use eapol_test ; then |
520 |
+ dobin eapol_test |
521 |
+ fi |
522 |
+ |
523 |
+ systemd_dounit "systemd/wpa_supplicant@.service" |
524 |
+ systemd_dounit "systemd/wpa_supplicant-nl80211@.service" |
525 |
+ systemd_dounit "systemd/wpa_supplicant-wired@.service" |
526 |
+} |
527 |
+ |
528 |
+pkg_postinst() { |
529 |
+ readme.gentoo_print_elog |
530 |
+ |
531 |
+ if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then |
532 |
+ echo |
533 |
+ ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf" |
534 |
+ ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf" |
535 |
+ fi |
536 |
+ |
537 |
+ if use bindist; then |
538 |
+ if ! use libressl; then |
539 |
+ ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)." |
540 |
+ ewarn "This is incredibly undesirable" |
541 |
+ fi |
542 |
+ fi |
543 |
+ if use libressl; then |
544 |
+ ewarn "Libressl doesn't support SUITEB (part of WPA3)" |
545 |
+ ewarn "but it does support SUITEB192 (the upgraded strength version of the same)" |
546 |
+ ewarn "You probably don't care. Patches welcome" |
547 |
+ fi |
548 |
+ |
549 |
+ # Mea culpa, feel free to remove that after some time --mgorny. |
550 |
+ local fn |
551 |
+ for fn in wpa_supplicant{,@wlan0}.service; do |
552 |
+ if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]] |
553 |
+ then |
554 |
+ ebegin "Moving ${fn} to multi-user.target" |
555 |
+ mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \ |
556 |
+ "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die |
557 |
+ eend ${?} \ |
558 |
+ "Please try to re-enable ${fn}" |
559 |
+ fi |
560 |
+ done |
561 |
+ |
562 |
+ systemd_reenable wpa_supplicant.service |
563 |
+} |