| 1 |
commit: 3695b0a4d4b752e3401f679ecebfc6490aa2109b |
| 2 |
Author: Andrey Utkin <andrey_utkin <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sat Apr 28 13:45:34 2018 +0000 |
| 4 |
Commit: Andrey Utkin <andrey_utkin <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed May 2 10:09:10 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3695b0a4 |
| 7 |
|
| 8 |
net-wireless/hostapd: drop defunct "ssl" USE flag, add "internal-tls" |
| 9 |
|
| 10 |
Since hostapd-2.5, USE=-ssl fails to build. |
| 11 |
|
| 12 |
Appears USE=-ssl was used to avoid openssl. Since libressl support was |
| 13 |
added in 2.6-r3 ebuild, there is an alternative way to avoid openssl |
| 14 |
now. |
| 15 |
|
| 16 |
This commit adds another alternative, to use internal TLSv1 |
| 17 |
implementation instead of openssl/libressl. It doesn't allow to build |
| 18 |
hostapd with all the features which are enabled with openssl, though. |
| 19 |
|
| 20 |
I don't anticipate user need for USE=-ssl to have a build which does not |
| 21 |
support any encryption at all. Of course I am open to such users' |
| 22 |
requests, but at last they have "savedconfig" option to help themselves. |
| 23 |
|
| 24 |
Acked-by: zerochaos <AT> gentoo.org |
| 25 |
Bug: https://bugs.gentoo.org/578798 |
| 26 |
Package-Manager: Portage-2.3.31, Repoman-2.3.9 |
| 27 |
|
| 28 |
net-wireless/hostapd/hostapd-2.6-r4.ebuild | 31 ++++++++++++++++++++++-------- |
| 29 |
net-wireless/hostapd/metadata.xml | 1 + |
| 30 |
2 files changed, 24 insertions(+), 8 deletions(-) |
| 31 |
|
| 32 |
diff --git a/net-wireless/hostapd/hostapd-2.6-r4.ebuild b/net-wireless/hostapd/hostapd-2.6-r4.ebuild |
| 33 |
index feebb2eda45..ffc16c5ae29 100644 |
| 34 |
--- a/net-wireless/hostapd/hostapd-2.6-r4.ebuild |
| 35 |
+++ b/net-wireless/hostapd/hostapd-2.6-r4.ebuild |
| 36 |
@@ -12,12 +12,13 @@ SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz" |
| 37 |
LICENSE="BSD" |
| 38 |
SLOT="0" |
| 39 |
KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" |
| 40 |
-IUSE="ipv6 libressl logwatch netlink sqlite +ssl +wps +crda" |
| 41 |
+IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" |
| 42 |
|
| 43 |
DEPEND=" |
| 44 |
- ssl? ( |
| 45 |
- !libressl? ( dev-libs/openssl:0=[-bindist] ) |
| 46 |
- libressl? ( dev-libs/libressl:0= ) |
| 47 |
+ libressl? ( dev-libs/libressl:0= ) |
| 48 |
+ !libressl? ( |
| 49 |
+ internal-tls? ( dev-libs/libtommath ) |
| 50 |
+ !internal-tls? ( dev-libs/openssl:0=[-bindist] ) |
| 51 |
) |
| 52 |
kernel_linux? ( |
| 53 |
dev-libs/libnl:3 |
| 54 |
@@ -30,6 +31,16 @@ RDEPEND="${DEPEND}" |
| 55 |
|
| 56 |
S="${S}/${PN}" |
| 57 |
|
| 58 |
+pkg_pretend() { |
| 59 |
+ if use internal-tls; then |
| 60 |
+ if use libressl; then |
| 61 |
+ elog "libressl flag takes precedence over internal-tls" |
| 62 |
+ else |
| 63 |
+ ewarn "internal-tls implementation is experimental and provides fewer features" |
| 64 |
+ fi |
| 65 |
+ fi |
| 66 |
+} |
| 67 |
+ |
| 68 |
src_prepare() { |
| 69 |
# Allow users to apply patches to src/drivers for example, |
| 70 |
# i.e. anything outside ${S}/${PN} |
| 71 |
@@ -71,7 +82,9 @@ src_configure() { |
| 72 |
echo "CONFIG_ERP=y" >> ${CONFIG} |
| 73 |
echo "CONFIG_EAP_MD5=y" >> ${CONFIG} |
| 74 |
|
| 75 |
- if use ssl; then |
| 76 |
+ if use internal-tls && !use libressl; then |
| 77 |
+ echo "CONFIG_TLS=internal" >> ${CONFIG} |
| 78 |
+ else |
| 79 |
# SSL authentication methods |
| 80 |
echo "CONFIG_EAP_FAST=y" >> ${CONFIG} |
| 81 |
echo "CONFIG_EAP_TLS=y" >> ${CONFIG} |
| 82 |
@@ -80,6 +93,7 @@ src_configure() { |
| 83 |
echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} |
| 84 |
echo "CONFIG_TLSV11=y" >> ${CONFIG} |
| 85 |
echo "CONFIG_TLSV12=y" >> ${CONFIG} |
| 86 |
+ echo "CONFIG_EAP_PWD=y" >> ${CONFIG} |
| 87 |
fi |
| 88 |
|
| 89 |
if use wps; then |
| 90 |
@@ -103,7 +117,6 @@ src_configure() { |
| 91 |
echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} |
| 92 |
echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} |
| 93 |
echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} |
| 94 |
- echo "CONFIG_EAP_PWD=y" >> ${CONFIG} |
| 95 |
|
| 96 |
einfo "Enabling drivers: " |
| 97 |
|
| 98 |
@@ -170,7 +183,7 @@ src_configure() { |
| 99 |
src_compile() { |
| 100 |
emake V=1 |
| 101 |
|
| 102 |
- if use ssl; then |
| 103 |
+ if use libressl || !use internal-tls; then |
| 104 |
emake V=1 nt_password_hash |
| 105 |
emake V=1 hlr_auc_gw |
| 106 |
fi |
| 107 |
@@ -185,7 +198,9 @@ src_install() { |
| 108 |
dosbin ${PN} |
| 109 |
dobin ${PN}_cli |
| 110 |
|
| 111 |
- use ssl && dobin nt_password_hash hlr_auc_gw |
| 112 |
+ if use libressl || !use internal-tls; then |
| 113 |
+ dobin nt_password_hash hlr_auc_gw |
| 114 |
+ fi |
| 115 |
|
| 116 |
newinitd "${FILESDIR}"/${PN}-init.d ${PN} |
| 117 |
newconfd "${FILESDIR}"/${PN}-conf.d ${PN} |
| 118 |
|
| 119 |
diff --git a/net-wireless/hostapd/metadata.xml b/net-wireless/hostapd/metadata.xml |
| 120 |
index 59217d50546..458eddb0459 100644 |
| 121 |
--- a/net-wireless/hostapd/metadata.xml |
| 122 |
+++ b/net-wireless/hostapd/metadata.xml |
| 123 |
@@ -8,6 +8,7 @@ |
| 124 |
</longdescription> |
| 125 |
<use> |
| 126 |
<flag name="crda">Add CRDA support</flag> |
| 127 |
+ <flag name="internal-tls">Use internal TLSv1 implementation instead of depending on OpenSSL, LibreSSL or GnuTLS</flag> |
| 128 |
<flag name="logwatch">Install support files for |
| 129 |
<pkg>sys-apps/logwatch</pkg></flag> |
| 130 |
<flag name="netlink">Adding support for using netlink to create VLANs</flag> |
Archives