1 |
commit: 696f3772a422e25bd62e69d497717985d1fe295d |
2 |
Author: Craig Andrews <candrews <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Dec 3 20:21:11 2018 +0000 |
4 |
Commit: Rick Farina <zerochaos <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Dec 4 01:39:10 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=696f3772 |
7 |
|
8 |
net-wireless/wpa_supplicant: Fix EAP-TLS with OpenSSL 1.1 |
9 |
|
10 |
Closes: https://bugs.gentoo.org/671006 |
11 |
Package-Manager: Portage-2.3.52, Repoman-2.3.12 |
12 |
Signed-off-by: Craig Andrews <candrews <AT> gentoo.org> |
13 |
Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org> |
14 |
|
15 |
.../files/wpa_supplicant-2.6-openssl-1.1.patch | 48 +++ |
16 |
.../wpa_supplicant/wpa_supplicant-2.6-r9.ebuild | 460 +++++++++++++++++++++ |
17 |
2 files changed, 508 insertions(+) |
18 |
|
19 |
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch |
20 |
new file mode 100644 |
21 |
index 00000000000..1e2335f34c0 |
22 |
--- /dev/null |
23 |
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch |
24 |
@@ -0,0 +1,48 @@ |
25 |
+From f665c93e1d28fbab3d9127a8c3985cc32940824f Mon Sep 17 00:00:00 2001 |
26 |
+From: Beniamino Galvani <bgalvani@××××××.com> |
27 |
+Date: Sun, 9 Jul 2017 11:14:10 +0200 |
28 |
+Subject: OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0f |
29 |
+ |
30 |
+Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the |
31 |
+callback from the SSL object instead of the one from the CTX, so let's |
32 |
+set the callback on both SSL and CTX. Note that |
33 |
+SSL_set_default_passwd_cb*() is available only in 1.1.0. |
34 |
+ |
35 |
+Signed-off-by: Beniamino Galvani <bgalvani@××××××.com> |
36 |
+--- |
37 |
+ src/crypto/tls_openssl.c | 12 ++++++++++++ |
38 |
+ 1 file changed, 12 insertions(+) |
39 |
+ |
40 |
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c |
41 |
+index fd94eaf..c790b53 100644 |
42 |
+--- a/src/crypto/tls_openssl.c |
43 |
++++ b/src/crypto/tls_openssl.c |
44 |
+@@ -2796,6 +2796,15 @@ static int tls_connection_private_key(struct tls_data *data, |
45 |
+ } else |
46 |
+ passwd = NULL; |
47 |
+ |
48 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
49 |
++ /* |
50 |
++ * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback |
51 |
++ * from the SSL object. See OpenSSL commit d61461a75253. |
52 |
++ */ |
53 |
++ SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb); |
54 |
++ SSL_set_default_passwd_cb_userdata(conn->ssl, passwd); |
55 |
++#endif /* >= 1.1.0f && !LibreSSL */ |
56 |
++ /* Keep these for OpenSSL < 1.1.0f */ |
57 |
+ SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); |
58 |
+ SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); |
59 |
+ |
60 |
+@@ -2886,6 +2895,9 @@ static int tls_connection_private_key(struct tls_data *data, |
61 |
+ return -1; |
62 |
+ } |
63 |
+ ERR_clear_error(); |
64 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
65 |
++ SSL_set_default_passwd_cb(conn->ssl, NULL); |
66 |
++#endif /* >= 1.1.0f && !LibreSSL */ |
67 |
+ SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); |
68 |
+ os_free(passwd); |
69 |
+ |
70 |
+-- |
71 |
+cgit v0.12 |
72 |
+ |
73 |
|
74 |
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.6-r9.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.6-r9.ebuild |
75 |
new file mode 100644 |
76 |
index 00000000000..19e3fbfe5a0 |
77 |
--- /dev/null |
78 |
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.6-r9.ebuild |
79 |
@@ -0,0 +1,460 @@ |
80 |
+# Copyright 1999-2018 Gentoo Authors |
81 |
+# Distributed under the terms of the GNU General Public License v2 |
82 |
+ |
83 |
+EAPI=6 |
84 |
+ |
85 |
+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1 |
86 |
+ |
87 |
+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers" |
88 |
+HOMEPAGE="https://w1.fi/wpa_supplicant/" |
89 |
+SRC_URI="https://w1.fi/releases/${P}.tar.gz" |
90 |
+LICENSE="|| ( GPL-2 BSD )" |
91 |
+ |
92 |
+SLOT="0" |
93 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" |
94 |
+IUSE="ap bindist dbus eap-sim eapol_test fasteap gnutls +hs2-0 libressl p2p privsep ps3 qt5 readline selinux smartcard ssl suiteb tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD" |
95 |
+REQUIRED_USE="smartcard? ( ssl )" |
96 |
+ |
97 |
+CDEPEND="dbus? ( sys-apps/dbus ) |
98 |
+ kernel_linux? ( |
99 |
+ dev-libs/libnl:3 |
100 |
+ net-wireless/crda |
101 |
+ eap-sim? ( sys-apps/pcsc-lite ) |
102 |
+ ) |
103 |
+ !kernel_linux? ( net-libs/libpcap ) |
104 |
+ qt5? ( |
105 |
+ dev-qt/qtcore:5 |
106 |
+ dev-qt/qtgui:5 |
107 |
+ dev-qt/qtsvg:5 |
108 |
+ dev-qt/qtwidgets:5 |
109 |
+ ) |
110 |
+ readline? ( |
111 |
+ sys-libs/ncurses:0= |
112 |
+ sys-libs/readline:0= |
113 |
+ ) |
114 |
+ ssl? ( |
115 |
+ gnutls? ( |
116 |
+ dev-libs/libgcrypt:0= |
117 |
+ net-libs/gnutls:= |
118 |
+ ) |
119 |
+ !gnutls? ( |
120 |
+ !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] ) |
121 |
+ libressl? ( dev-libs/libressl:0= ) |
122 |
+ ) |
123 |
+ ) |
124 |
+ !ssl? ( dev-libs/libtommath ) |
125 |
+" |
126 |
+DEPEND="${CDEPEND} |
127 |
+ virtual/pkgconfig |
128 |
+" |
129 |
+RDEPEND="${CDEPEND} |
130 |
+ selinux? ( sec-policy/selinux-networkmanager ) |
131 |
+" |
132 |
+ |
133 |
+DOC_CONTENTS=" |
134 |
+ If this is a clean installation of wpa_supplicant, you |
135 |
+ have to create a configuration file named |
136 |
+ ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf |
137 |
+ An example configuration file is available for reference in |
138 |
+ ${EROOT%/}/usr/share/doc/${PF}/ |
139 |
+" |
140 |
+ |
141 |
+S="${WORKDIR}/${P}/${PN}" |
142 |
+ |
143 |
+Kconfig_style_config() { |
144 |
+ #param 1 is CONFIG_* item |
145 |
+ #param 2 is what to set it = to, defaulting in y |
146 |
+ CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1" |
147 |
+ setting="${2:-y}" |
148 |
+ |
149 |
+ if [ ! $setting = n ]; then |
150 |
+ #first remove any leading "# " if $2 is not n |
151 |
+ sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM" |
152 |
+ #set item = $setting (defaulting to y) |
153 |
+ sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting" |
154 |
+ if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then |
155 |
+ echo "$CONFIG_PARAM=$setting" >>.config |
156 |
+ fi |
157 |
+ else |
158 |
+ #ensure item commented out |
159 |
+ sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM" |
160 |
+ fi |
161 |
+} |
162 |
+ |
163 |
+pkg_setup() { |
164 |
+ if use ssl ; then |
165 |
+ if use gnutls && use libressl ; then |
166 |
+ elog "You have both 'gnutls' and 'libressl' USE flags enabled: defaulting to USE=\"gnutls\"" |
167 |
+ fi |
168 |
+ else |
169 |
+ elog "You have 'ssl' USE flag disabled: defaulting to internal TLS implementation" |
170 |
+ fi |
171 |
+} |
172 |
+ |
173 |
+src_prepare() { |
174 |
+ default |
175 |
+ |
176 |
+ # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD |
177 |
+ sed -i \ |
178 |
+ -e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \ |
179 |
+ ../src/l2_packet/l2_packet_freebsd.c || die |
180 |
+ |
181 |
+ # People seem to take the example configuration file too literally (bug #102361) |
182 |
+ sed -i \ |
183 |
+ -e "s:^\(opensc_engine_path\):#\1:" \ |
184 |
+ -e "s:^\(pkcs11_engine_path\):#\1:" \ |
185 |
+ -e "s:^\(pkcs11_module_path\):#\1:" \ |
186 |
+ wpa_supplicant.conf || die |
187 |
+ |
188 |
+ # Change configuration to match Gentoo locations (bug #143750) |
189 |
+ sed -i \ |
190 |
+ -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \ |
191 |
+ -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \ |
192 |
+ wpa_supplicant.conf || die |
193 |
+ |
194 |
+ # systemd entries to D-Bus service files (bug #372877) |
195 |
+ echo 'SystemdService=wpa_supplicant.service' \ |
196 |
+ | tee -a dbus/*.service >/dev/null || die |
197 |
+ |
198 |
+ cd "${WORKDIR}/${P}" || die |
199 |
+ |
200 |
+ if use wimax; then |
201 |
+ # generate-libeap-peer.patch comes before |
202 |
+ # fix-undefined-reference-to-random_get_bytes.patch |
203 |
+ eapply "${FILESDIR}/${P}-generate-libeap-peer.patch" |
204 |
+ |
205 |
+ # multilib-strict fix (bug #373685) |
206 |
+ sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die |
207 |
+ fi |
208 |
+ |
209 |
+ # bug (320097) |
210 |
+ eapply "${FILESDIR}/${P}-do-not-call-dbus-functions-with-NULL-path.patch" |
211 |
+ |
212 |
+ # bug (596332 & 651314) |
213 |
+ eapply "${FILESDIR}/${P}-libressl-compatibility.patch" |
214 |
+ |
215 |
+ # bug (671006) |
216 |
+ eapply "${FILESDIR}/${P}-openssl-1.1.patch" |
217 |
+ |
218 |
+ # https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt |
219 |
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch" |
220 |
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch" |
221 |
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch" |
222 |
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch" |
223 |
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch" |
224 |
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch" |
225 |
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch" |
226 |
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch" |
227 |
+ |
228 |
+ # bug (640492) |
229 |
+ sed -i 's#-Werror ##' wpa_supplicant/Makefile || die |
230 |
+} |
231 |
+ |
232 |
+src_configure() { |
233 |
+ # Toolchain setup |
234 |
+ tc-export CC |
235 |
+ |
236 |
+ cp defconfig .config || die |
237 |
+ |
238 |
+ # Basic setup |
239 |
+ Kconfig_style_config CTRL_IFACE |
240 |
+ Kconfig_style_config MATCH_IFACE |
241 |
+ Kconfig_style_config BACKEND file |
242 |
+ Kconfig_style_config IBSS_RSN |
243 |
+ Kconfig_style_config IEEE80211W |
244 |
+ Kconfig_style_config IEEE80211R |
245 |
+ |
246 |
+ # Basic authentication methods |
247 |
+ # NOTE: we don't set GPSK or SAKE as they conflict |
248 |
+ # with the below options |
249 |
+ Kconfig_style_config EAP_GTC |
250 |
+ Kconfig_style_config EAP_MD5 |
251 |
+ Kconfig_style_config EAP_OTP |
252 |
+ Kconfig_style_config EAP_PAX |
253 |
+ Kconfig_style_config EAP_PSK |
254 |
+ Kconfig_style_config EAP_TLV |
255 |
+ Kconfig_style_config EAP_EXE |
256 |
+ Kconfig_style_config IEEE8021X_EAPOL |
257 |
+ Kconfig_style_config PKCS12 |
258 |
+ Kconfig_style_config PEERKEY |
259 |
+ Kconfig_style_config EAP_LEAP |
260 |
+ Kconfig_style_config EAP_MSCHAPV2 |
261 |
+ Kconfig_style_config EAP_PEAP |
262 |
+ Kconfig_style_config EAP_TLS |
263 |
+ Kconfig_style_config EAP_TTLS |
264 |
+ |
265 |
+ # Enabling background scanning. |
266 |
+ Kconfig_style_config BGSCAN_SIMPLE |
267 |
+ Kconfig_style_config BGSCAN_LEARN |
268 |
+ |
269 |
+ if use dbus ; then |
270 |
+ Kconfig_style_config CTRL_IFACE_DBUS |
271 |
+ Kconfig_style_config CTRL_IFACE_DBUS_NEW |
272 |
+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO |
273 |
+ fi |
274 |
+ |
275 |
+ if use eapol_test ; then |
276 |
+ Kconfig_style_config EAPOL_TEST |
277 |
+ fi |
278 |
+ |
279 |
+ # Enable support for writing debug info to a log file and syslog. |
280 |
+ Kconfig_style_config DEBUG_FILE |
281 |
+ Kconfig_style_config DEBUG_SYSLOG |
282 |
+ |
283 |
+ if use hs2-0 ; then |
284 |
+ Kconfig_style_config INTERWORKING |
285 |
+ Kconfig_style_config HS20 |
286 |
+ fi |
287 |
+ |
288 |
+ if use uncommon-eap-types; then |
289 |
+ Kconfig_style_config EAP_GPSK |
290 |
+ Kconfig_style_config EAP_SAKE |
291 |
+ Kconfig_style_config EAP_GPSK_SHA256 |
292 |
+ Kconfig_style_config EAP_IKEV2 |
293 |
+ Kconfig_style_config EAP_EKE |
294 |
+ fi |
295 |
+ |
296 |
+ if use eap-sim ; then |
297 |
+ # Smart card authentication |
298 |
+ Kconfig_style_config EAP_SIM |
299 |
+ Kconfig_style_config EAP_AKA |
300 |
+ Kconfig_style_config EAP_AKA_PRIME |
301 |
+ Kconfig_style_config PCSC |
302 |
+ fi |
303 |
+ |
304 |
+ if use fasteap ; then |
305 |
+ Kconfig_style_config EAP_FAST |
306 |
+ fi |
307 |
+ |
308 |
+ if use readline ; then |
309 |
+ # readline/history support for wpa_cli |
310 |
+ Kconfig_style_config READLINE |
311 |
+ else |
312 |
+ #internal line edit mode for wpa_cli |
313 |
+ Kconfig_style_config WPA_CLI_EDIT |
314 |
+ fi |
315 |
+ |
316 |
+ if use suiteb; then |
317 |
+ Kconfig_style_config SUITEB |
318 |
+ fi |
319 |
+ |
320 |
+ # SSL authentication methods |
321 |
+ if use ssl ; then |
322 |
+ if use gnutls ; then |
323 |
+ Kconfig_style_config TLS gnutls |
324 |
+ Kconfig_style_config GNUTLS_EXTRA |
325 |
+ else |
326 |
+ #this fails for gnutls |
327 |
+ Kconfig_style_config SUITEB192 |
328 |
+ Kconfig_style_config TLS openssl |
329 |
+ if ! use bindist; then |
330 |
+ #this fails for gnutls |
331 |
+ Kconfig_style_config EAP_PWD |
332 |
+ # SAE fails on gnutls and everything below here needs SAE |
333 |
+ # Enabling mesh networks. |
334 |
+ Kconfig_style_config MESH |
335 |
+ #WPA3 |
336 |
+ Kconfig_style_config OWE |
337 |
+ Kconfig_style_config SAE |
338 |
+ #we also need to disable FILS, except that isn't enabled yet |
339 |
+ fi |
340 |
+ |
341 |
+ fi |
342 |
+ else |
343 |
+ Kconfig_style_config TLS internal |
344 |
+ fi |
345 |
+ |
346 |
+ if use smartcard ; then |
347 |
+ Kconfig_style_config SMARTCARD |
348 |
+ fi |
349 |
+ |
350 |
+ if use tdls ; then |
351 |
+ Kconfig_style_config TDLS |
352 |
+ fi |
353 |
+ |
354 |
+ if use kernel_linux ; then |
355 |
+ # Linux specific drivers |
356 |
+ Kconfig_style_config DRIVER_ATMEL |
357 |
+ Kconfig_style_config DRIVER_HOSTAP |
358 |
+ Kconfig_style_config DRIVER_IPW |
359 |
+ Kconfig_style_config DRIVER_NL80211 |
360 |
+ Kconfig_style_config DRIVER_RALINK |
361 |
+ Kconfig_style_config DRIVER_WEXT |
362 |
+ Kconfig_style_config DRIVER_WIRED |
363 |
+ |
364 |
+ if use ps3 ; then |
365 |
+ Kconfig_style_config DRIVER_PS3 |
366 |
+ fi |
367 |
+ |
368 |
+ elif use kernel_FreeBSD ; then |
369 |
+ # FreeBSD specific driver |
370 |
+ Kconfig_style_config DRIVER_BSD |
371 |
+ fi |
372 |
+ |
373 |
+ # Wi-Fi Protected Setup (WPS) |
374 |
+ if use wps ; then |
375 |
+ Kconfig_style_config WPS |
376 |
+ Kconfig_style_config WPS2 |
377 |
+ # USB Flash Drive |
378 |
+ Kconfig_style_config WPS_UFD |
379 |
+ # External Registrar |
380 |
+ Kconfig_style_config WPS_ER |
381 |
+ # Universal Plug'n'Play |
382 |
+ Kconfig_style_config WPS_UPNP |
383 |
+ # Near Field Communication |
384 |
+ Kconfig_style_config WPS_NFC |
385 |
+ fi |
386 |
+ |
387 |
+ # Wi-Fi Direct (WiDi) |
388 |
+ if use p2p ; then |
389 |
+ Kconfig_style_config P2P |
390 |
+ Kconfig_style_config WIFI_DISPLAY |
391 |
+ fi |
392 |
+ |
393 |
+ # Access Point Mode |
394 |
+ if use ap ; then |
395 |
+ Kconfig_style_config AP |
396 |
+ fi |
397 |
+ |
398 |
+ # Enable essentials for AP/P2P |
399 |
+ if use ap || use p2p ; then |
400 |
+ # Enabling HT support (802.11n) |
401 |
+ Kconfig_style_config IEEE80211N |
402 |
+ |
403 |
+ # Enabling VHT support (802.11ac) |
404 |
+ Kconfig_style_config IEEE80211AC |
405 |
+ fi |
406 |
+ |
407 |
+ # Enable mitigation against certain attacks against TKIP |
408 |
+ Kconfig_style_config DELAYED_MIC_ERROR_REPORT |
409 |
+ |
410 |
+ if use privsep ; then |
411 |
+ Kconfig_style_config PRIVSEP |
412 |
+ fi |
413 |
+ |
414 |
+ # If we are using libnl 2.0 and above, enable support for it |
415 |
+ # Bug 382159 |
416 |
+ # Removed for now, since the 3.2 version is broken, and we don't |
417 |
+ # support it. |
418 |
+ if has_version ">=dev-libs/libnl-3.2"; then |
419 |
+ Kconfig_style_config LIBNL32 |
420 |
+ fi |
421 |
+ |
422 |
+ if use qt5 ; then |
423 |
+ pushd "${S}"/wpa_gui-qt4 > /dev/null || die |
424 |
+ eqmake5 wpa_gui.pro |
425 |
+ popd > /dev/null || die |
426 |
+ fi |
427 |
+} |
428 |
+ |
429 |
+src_compile() { |
430 |
+ einfo "Building wpa_supplicant" |
431 |
+ emake V=1 BINDIR=/usr/sbin |
432 |
+ |
433 |
+ if use wimax; then |
434 |
+ emake -C ../src/eap_peer clean |
435 |
+ emake -C ../src/eap_peer |
436 |
+ fi |
437 |
+ |
438 |
+ if use qt5; then |
439 |
+ einfo "Building wpa_gui" |
440 |
+ emake -C "${S}"/wpa_gui-qt4 |
441 |
+ fi |
442 |
+ |
443 |
+ if use eapol_test ; then |
444 |
+ emake eapol_test |
445 |
+ fi |
446 |
+} |
447 |
+ |
448 |
+src_install() { |
449 |
+ dosbin wpa_supplicant |
450 |
+ use privsep && dosbin wpa_priv |
451 |
+ dobin wpa_cli wpa_passphrase |
452 |
+ |
453 |
+ # baselayout-1 compat |
454 |
+ if has_version "<sys-apps/baselayout-2.0.0"; then |
455 |
+ dodir /sbin |
456 |
+ dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant |
457 |
+ dodir /bin |
458 |
+ dosym ../usr/bin/wpa_cli /bin/wpa_cli |
459 |
+ fi |
460 |
+ |
461 |
+ if has_version ">=sys-apps/openrc-0.5.0"; then |
462 |
+ newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant |
463 |
+ newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant |
464 |
+ fi |
465 |
+ |
466 |
+ exeinto /etc/wpa_supplicant/ |
467 |
+ newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh |
468 |
+ |
469 |
+ readme.gentoo_create_doc |
470 |
+ dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \ |
471 |
+ wpa_supplicant.conf |
472 |
+ |
473 |
+ newdoc .config build-config |
474 |
+ |
475 |
+ doman doc/docbook/*.{5,8} |
476 |
+ |
477 |
+ if use qt5 ; then |
478 |
+ into /usr |
479 |
+ dobin wpa_gui-qt4/wpa_gui |
480 |
+ doicon wpa_gui-qt4/icons/wpa_gui.svg |
481 |
+ make_desktop_entry wpa_gui "WPA Supplicant Administration GUI" "wpa_gui" "Qt;Network;" |
482 |
+ else |
483 |
+ rm "${ED}"/usr/share/man/man8/wpa_gui.8 |
484 |
+ fi |
485 |
+ |
486 |
+ use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install |
487 |
+ |
488 |
+ if use dbus ; then |
489 |
+ pushd "${S}"/dbus > /dev/null || die |
490 |
+ insinto /etc/dbus-1/system.d |
491 |
+ newins dbus-wpa_supplicant.conf wpa_supplicant.conf |
492 |
+ insinto /usr/share/dbus-1/system-services |
493 |
+ doins fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service |
494 |
+ popd > /dev/null || die |
495 |
+ |
496 |
+ # This unit relies on dbus support, bug 538600. |
497 |
+ systemd_dounit systemd/wpa_supplicant.service |
498 |
+ fi |
499 |
+ |
500 |
+ if use eapol_test ; then |
501 |
+ dobin eapol_test |
502 |
+ fi |
503 |
+ |
504 |
+ systemd_dounit "systemd/wpa_supplicant@.service" |
505 |
+ systemd_dounit "systemd/wpa_supplicant-nl80211@.service" |
506 |
+ systemd_dounit "systemd/wpa_supplicant-wired@.service" |
507 |
+} |
508 |
+ |
509 |
+pkg_postinst() { |
510 |
+ readme.gentoo_print_elog |
511 |
+ |
512 |
+ if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then |
513 |
+ echo |
514 |
+ ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf" |
515 |
+ ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf" |
516 |
+ fi |
517 |
+ |
518 |
+ if use bindist || use gnutls; then |
519 |
+ if ! use libressl; then |
520 |
+ ewarn "Using bindist or gnutls use flags presently breaks WPA3 (specifically SAE and OWE)." |
521 |
+ ewarn "This is incredibly undesirable" |
522 |
+ fi |
523 |
+ fi |
524 |
+ |
525 |
+ # Mea culpa, feel free to remove that after some time --mgorny. |
526 |
+ local fn |
527 |
+ for fn in wpa_supplicant{,@wlan0}.service; do |
528 |
+ if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]] |
529 |
+ then |
530 |
+ ebegin "Moving ${fn} to multi-user.target" |
531 |
+ mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \ |
532 |
+ "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die |
533 |
+ eend ${?} \ |
534 |
+ "Please try to re-enable ${fn}" |
535 |
+ fi |
536 |
+ done |
537 |
+ |
538 |
+ systemd_reenable wpa_supplicant.service |
539 |
+} |