[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/ - gentoo-commits

From:	Rick Farina <zerochaos@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/
Date:	Fri, 16 Aug 2019 15:57:00
Message-Id:	`1565970814.39a43a7c4c0256848f5b5934eab38bb73699506b.zerochaos@gentoo`

1

commit:     39a43a7c4c0256848f5b5934eab38bb73699506b

2

Author:     Conrad Kostecki <conrad <AT> kostecki <DOT> com>

3

AuthorDate: Thu Aug 15 12:22:29 2019 +0000

4

Commit:     Rick Farina <zerochaos <AT> gentoo <DOT> org>

5

CommitDate: Fri Aug 16 15:53:34 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39a43a7c

7

8

net-wireless/wpa_supplicant: bump to version 2.9

9

10

Also allowing privsep only without macsec.

11

According to upstream, it's not a valid combination, when you do enable

12

macsec and privsep together.

13

14

Upstream says:

15

CONFIG_PRIVSEP=y does not have sufficient support for the new driver

16

interface functions used for MACsec, so this combination cannot be used

17

at least for now.

18

19

Instead of creating a new desktop file, the shipped one is used.

20

21

Closes: https://bugs.gentoo.org/615872

22

Closes: https://bugs.gentoo.org/684442

23

Closes: https://bugs.gentoo.org/692062

24

Package-Manager: Portage-2.3.71, Repoman-2.3.17

25

Signed-off-by: Conrad Kostecki <conrad <AT> kostecki.com>

26

Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org>

27

28

 net-wireless/wpa_supplicant/Manifest               |   1 +

29

 .../wpa_supplicant/wpa_supplicant-2.9.ebuild       | 458 +++++++++++++++++++++

30

 2 files changed, 459 insertions(+)

31

32

diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest

33

index 5bfd97437ba..54e1a007a51 100644

34

--- a/net-wireless/wpa_supplicant/Manifest

35

+++ b/net-wireless/wpa_supplicant/Manifest

36

@@ -1,3 +1,4 @@

37

 DIST wpa_supplicant-2.6.tar.gz 2753524 BLAKE2B 99c61326c402f60b384fa6c9a7381e43d4d021d7e44537a6e05552909270f30997da91b690d8a30aa690f0d1ce0aed7798bd8bb8972fcf6830c282ccc91193ac SHA512 46442cddb6ca043b8b08d143908f149954c238e0f3a57a0df73ca4fab9c1acd91b078f3f26375a1d99cd1d65625986328018c735d8705882c8f91e389cad28a6

38

 DIST wpa_supplicant-2.7.tar.gz 3093713 BLAKE2B bbf961b6e13757e9d7bb8b9de1808382a551265cd2d54de14e24bde3567aa5298b48fdcd0df75db79189a051532c54b28eab5519c32fc8fc00459365b57039aa SHA512 8b6eb5b5f30d351c73db63d73c09f24028a18166246539b4a4f89f0d226fb42751afa2ff72296df33317f615150325d285e8e7bda30e0d88abcdc9637ab731d3

39

 DIST wpa_supplicant-2.8.tar.gz 3155904 BLAKE2B 260b4830949a3e051ef4f33f279b3b225ab9fd95100e4b270d29af457cf07601421fac636d9f1d8927271d7c76aecb0b7c93ddab35203e31a0fd84c3e327d951 SHA512 b37d254d32a4b7a1f95fcb18ec1be0ffb9d025e0b21c42c53acc4cd839be355df1b125b32cc073f9fe09b746807321e23dbe25dc2fc8a7cafa1e71add69f245b

40

+DIST wpa_supplicant-2.9.tar.gz 3231785 BLAKE2B f1e2a5cb37b02d5c74116b5bc7f67c47d85f916c972cbd6b881d63a317161294a37c8517aabe6c74f9617c762aaa76d869f318af311473160e87bac8ac2a1807 SHA512 37a33f22cab9d27084fbef29856eaea0f692ff339c5b38bd32402dccf293cb849afd4a870cd3b5ca78179f0102f4011ce2f3444a53dc41dc75a5863b0a2226c8

41

42

diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.9.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.9.ebuild

43

new file mode 100644

44

index 00000000000..2d3f2e93d50

45

--- /dev/null

46

+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9.ebuild

47

@@ -0,0 +1,458 @@

48

+# Copyright 1999-2019 Gentoo Authors

49

+# Distributed under the terms of the GNU General Public License v2

50

+

51

+EAPI=6

52

+

53

+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1

54

+

55

+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"

56

+HOMEPAGE="https://w1.fi/wpa_supplicant/"

57

+LICENSE="|| ( GPL-2 BSD )"

58

+

59

+if [ "${PV}" = "9999" ]; then

60

+	inherit git-r3

61

+	EGIT_REPO_URI="https://w1.fi/hostap.git"

62

+else

63

+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"

64

+	SRC_URI="https://w1.fi/releases/${P}.tar.gz"

65

+fi

66

+

67

+SLOT="0"

68

+IUSE="ap bindist dbus eap-sim eapol_test fasteap +fils +hs2-0 libressl macsec p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"

69

+

70

+# CONFIG_PRIVSEP=y does not have sufficient support for the new driver

71

+# interface functions used for MACsec, so this combination cannot be used

72

+# at least for now.

73

+REQUIRED_USE="

74

+	macsec? ( !privsep )

75

+	privsep? ( !macsec )

76

+"

77

+

78

+CDEPEND="dbus? ( sys-apps/dbus )

79

+	kernel_linux? (

80

+		dev-libs/libnl:3

81

+		net-wireless/crda

82

+		eap-sim? ( sys-apps/pcsc-lite )

83

+	)

84

+	!kernel_linux? ( net-libs/libpcap )

85

+	qt5? (

86

+		dev-qt/qtcore:5

87

+		dev-qt/qtgui:5

88

+		dev-qt/qtsvg:5

89

+		dev-qt/qtwidgets:5

90

+	)

91

+	readline? (

92

+		sys-libs/ncurses:0=

93

+		sys-libs/readline:0=

94

+	)

95

+	!libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] )

96

+	libressl? ( dev-libs/libressl:0= )

97

+"

98

+DEPEND="${CDEPEND}

99

+	virtual/pkgconfig

100

+"

101

+RDEPEND="${CDEPEND}

102

+	selinux? ( sec-policy/selinux-networkmanager )

103

+"

104

+

105

+DOC_CONTENTS="

106

+	If this is a clean installation of wpa_supplicant, you

107

+	have to create a configuration file named

108

+	${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf

109

+	An example configuration file is available for reference in

110

+	${EROOT%/}/usr/share/doc/${PF}/

111

+"

112

+

113

+S="${WORKDIR}/${P}/${PN}"

114

+

115

+Kconfig_style_config() {

116

+		#param 1 is CONFIG_* item

117

+		#param 2 is what to set it = to, defaulting in y

118

+		CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"

119

+		setting="${2:-y}"

120

+

121

+		if [ ! $setting = n ]; then

122

+			#first remove any leading "# " if $2 is not n

123

+			sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"

124

+			#set item = $setting (defaulting to y)

125

+			sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"

126

+			if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then

127

+				echo "$CONFIG_PARAM=$setting" >>.config

128

+			fi

129

+		else

130

+			#ensure item commented out

131

+			sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM"

132

+		fi

133

+}

134

+

135

+src_prepare() {

136

+	default

137

+

138

+	# net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD

139

+	sed -i \

140

+		-e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \

141

+		../src/l2_packet/l2_packet_freebsd.c || die

142

+

143

+	# People seem to take the example configuration file too literally (bug #102361)

144

+	sed -i \

145

+		-e "s:^\(opensc_engine_path\):#\1:" \

146

+		-e "s:^\(pkcs11_engine_path\):#\1:" \

147

+		-e "s:^\(pkcs11_module_path\):#\1:" \

148

+		wpa_supplicant.conf || die

149

+

150

+	# Change configuration to match Gentoo locations (bug #143750)

151

+	sed -i \

152

+		-e "s:/usr/lib/opensc:/usr/$(get_libdir):" \

153

+		-e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \

154

+		wpa_supplicant.conf || die

155

+

156

+	# systemd entries to D-Bus service files (bug #372877)

157

+	echo 'SystemdService=wpa_supplicant.service' \

158

+		| tee -a dbus/*.service >/dev/null || die

159

+

160

+	cd "${WORKDIR}/${P}" || die

161

+

162

+	if use wimax; then

163

+		# generate-libeap-peer.patch comes before

164

+		# fix-undefined-reference-to-random_get_bytes.patch

165

+		eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"

166

+

167

+		# multilib-strict fix (bug #373685)

168

+		sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die

169

+	fi

170

+

171

+	# bug (320097)

172

+	eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"

173

+

174

+	# bug (640492)

175

+	sed -i 's#-Werror ##' wpa_supplicant/Makefile || die

176

+}

177

+

178

+src_configure() {

179

+	# Toolchain setup

180

+	tc-export CC

181

+

182

+	cp defconfig .config || die

183

+

184

+	# Basic setup

185

+	Kconfig_style_config CTRL_IFACE

186

+	Kconfig_style_config MATCH_IFACE

187

+	Kconfig_style_config BACKEND file

188

+	Kconfig_style_config IBSS_RSN

189

+	Kconfig_style_config IEEE80211W

190

+	Kconfig_style_config IEEE80211R

191

+	Kconfig_style_config HT_OVERRIDES

192

+	Kconfig_style_config VHT_OVERRIDES

193

+	Kconfig_style_config OCV

194

+	Kconfig_style_config TLSV11

195

+	Kconfig_style_config TLSV12

196

+	Kconfig_style_config GETRANDOM

197

+	Kconfig_style_config MBO

198

+

199

+	# Basic authentication methods

200

+	# NOTE: we don't set GPSK or SAKE as they conflict

201

+	# with the below options

202

+	Kconfig_style_config EAP_GTC

203

+	Kconfig_style_config EAP_MD5

204

+	Kconfig_style_config EAP_OTP

205

+	Kconfig_style_config EAP_PAX

206

+	Kconfig_style_config EAP_PSK

207

+	Kconfig_style_config IEEE8021X_EAPOL

208

+	Kconfig_style_config PKCS12

209

+	Kconfig_style_config PEERKEY

210

+	Kconfig_style_config EAP_LEAP

211

+	Kconfig_style_config EAP_MSCHAPV2

212

+	Kconfig_style_config EAP_PEAP

213

+	Kconfig_style_config EAP_TEAP

214

+	Kconfig_style_config EAP_TLS

215

+	Kconfig_style_config EAP_TTLS

216

+

217

+	# Enabling background scanning.

218

+	Kconfig_style_config BGSCAN_SIMPLE

219

+	Kconfig_style_config BGSCAN_LEARN

220

+

221

+	if use dbus ; then

222

+		Kconfig_style_config CTRL_IFACE_DBUS

223

+		Kconfig_style_config CTRL_IFACE_DBUS_NEW

224

+		Kconfig_style_config CTRL_IFACE_DBUS_INTRO

225

+	else

226

+		Kconfig_style_config CTRL_IFACE_DBUS n

227

+		Kconfig_style_config CTRL_IFACE_DBUS_NEW n

228

+		Kconfig_style_config CTRL_IFACE_DBUS_INTRO n

229

+	fi

230

+

231

+	if use eapol_test ; then

232

+		Kconfig_style_config EAPOL_TEST

233

+	fi

234

+

235

+	# Enable support for writing debug info to a log file and syslog.

236

+	Kconfig_style_config DEBUG_FILE

237

+	Kconfig_style_config DEBUG_SYSLOG

238

+

239

+	if use hs2-0 ; then

240

+		Kconfig_style_config INTERWORKING

241

+		Kconfig_style_config HS20

242

+	fi

243

+

244

+	if use uncommon-eap-types; then

245

+		Kconfig_style_config EAP_GPSK

246

+		Kconfig_style_config EAP_SAKE

247

+		Kconfig_style_config EAP_GPSK_SHA256

248

+		Kconfig_style_config EAP_IKEV2

249

+		Kconfig_style_config EAP_EKE

250

+	fi

251

+

252

+	if use eap-sim ; then

253

+		# Smart card authentication

254

+		Kconfig_style_config EAP_SIM

255

+		Kconfig_style_config EAP_AKA

256

+		Kconfig_style_config EAP_AKA_PRIME

257

+		Kconfig_style_config PCSC

258

+	fi

259

+

260

+	if use fasteap ; then

261

+		Kconfig_style_config EAP_FAST

262

+	fi

263

+

264

+	if use readline ; then

265

+		# readline/history support for wpa_cli

266

+		Kconfig_style_config READLINE

267

+	else

268

+		#internal line edit mode for wpa_cli

269

+		Kconfig_style_config WPA_CLI_EDIT

270

+	fi

271

+

272

+	Kconfig_style_config TLS openssl

273

+	Kconfig_style_config FST

274

+	if ! use bindist || use libressl; then

275

+		Kconfig_style_config EAP_PWD

276

+		if use fils; then

277

+			Kconfig_style_config FILS

278

+			Kconfig_style_config FILS_SK_PFS

279

+		fi

280

+		# Enabling mesh networks.

281

+		Kconfig_style_config MESH

282

+		#WPA3

283

+		Kconfig_style_config OWE

284

+		Kconfig_style_config SAE

285

+		Kconfig_style_config DPP

286

+		Kconfig_style_config SUITEB192

287

+	fi

288

+	if ! use bindist && ! use libressl; then

289

+		Kconfig_style_config SUITEB

290

+	fi

291

+

292

+	if use smartcard ; then

293

+		Kconfig_style_config SMARTCARD

294

+	else

295

+		Kconfig_style_config SMARTCARD n

296

+	fi

297

+

298

+	if use tdls ; then

299

+		Kconfig_style_config TDLS

300

+	fi

301

+

302

+	if use kernel_linux ; then

303

+		# Linux specific drivers

304

+		Kconfig_style_config DRIVER_ATMEL

305

+		Kconfig_style_config DRIVER_HOSTAP

306

+		Kconfig_style_config DRIVER_IPW

307

+		Kconfig_style_config DRIVER_NL80211

308

+		Kconfig_style_config DRIVER_RALINK

309

+		Kconfig_style_config DRIVER_WEXT

310

+		Kconfig_style_config DRIVER_WIRED

311

+

312

+		if use macsec ; then

313

+			#requires something, no idea what

314

+			#Kconfig_style_config DRIVER_MACSEC_QCA

315

+			Kconfig_style_config DRIVER_MACSEC_LINUX

316

+			Kconfig_style_config MACSEC

317

+		fi

318

+

319

+		if use ps3 ; then

320

+			Kconfig_style_config DRIVER_PS3

321

+		fi

322

+

323

+	elif use kernel_FreeBSD ; then

324

+		# FreeBSD specific driver

325

+		Kconfig_style_config DRIVER_BSD

326

+	fi

327

+

328

+	# Wi-Fi Protected Setup (WPS)

329

+	if use wps ; then

330

+		Kconfig_style_config WPS

331

+		Kconfig_style_config WPS2

332

+		# USB Flash Drive

333

+		Kconfig_style_config WPS_UFD

334

+		# External Registrar

335

+		Kconfig_style_config WPS_ER

336

+		# Universal Plug'n'Play

337

+		Kconfig_style_config WPS_UPNP

338

+		# Near Field Communication

339

+		Kconfig_style_config WPS_NFC

340

+	else

341

+		Kconfig_style_config WPS n

342

+	fi

343

+

344

+	# Wi-Fi Direct (WiDi)

345

+	if use p2p ; then

346

+		Kconfig_style_config P2P

347

+		Kconfig_style_config WIFI_DISPLAY

348

+	fi

349

+

350

+	# Access Point Mode

351

+	if use ap ; then

352

+		Kconfig_style_config AP

353

+	else

354

+		Kconfig_style_config AP n

355

+	fi

356

+

357

+	# Enable essentials for AP/P2P

358

+	if use ap || use p2p ; then

359

+		# Enabling HT support (802.11n)

360

+		Kconfig_style_config IEEE80211N

361

+

362

+		# Enabling VHT support (802.11ac)

363

+		Kconfig_style_config IEEE80211AC

364

+	fi

365

+

366

+	# Enable mitigation against certain attacks against TKIP

367

+	Kconfig_style_config DELAYED_MIC_ERROR_REPORT

368

+

369

+	if use privsep ; then

370

+		Kconfig_style_config PRIVSEP

371

+	fi

372

+

373

+	# If we are using libnl 2.0 and above, enable support for it

374

+	# Bug 382159

375

+	# Removed for now, since the 3.2 version is broken, and we don't

376

+	# support it.

377

+	if has_version ">=dev-libs/libnl-3.2"; then

378

+		Kconfig_style_config LIBNL32

379

+	fi

380

+

381

+	if use qt5 ; then

382

+		pushd "${S}"/wpa_gui-qt4 > /dev/null || die

383

+		eqmake5 wpa_gui.pro

384

+		popd > /dev/null || die

385

+	fi

386

+}

387

+

388

+src_compile() {

389

+	einfo "Building wpa_supplicant"

390

+	emake V=1 BINDIR=/usr/sbin

391

+

392

+	if use wimax; then

393

+		emake -C ../src/eap_peer clean

394

+		emake -C ../src/eap_peer

395

+	fi

396

+

397

+	if use qt5; then

398

+		einfo "Building wpa_gui"

399

+		emake -C "${S}"/wpa_gui-qt4

400

+	fi

401

+

402

+	if use eapol_test ; then

403

+		emake eapol_test

404

+	fi

405

+}

406

+

407

+src_install() {

408

+	dosbin wpa_supplicant

409

+	use privsep && dosbin wpa_priv

410

+	dobin wpa_cli wpa_passphrase

411

+

412

+	# baselayout-1 compat

413

+	if has_version "<sys-apps/baselayout-2.0.0"; then

414

+		dodir /sbin

415

+		dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant

416

+		dodir /bin

417

+		dosym ../usr/bin/wpa_cli /bin/wpa_cli

418

+	fi

419

+

420

+	if has_version ">=sys-apps/openrc-0.5.0"; then

421

+		newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant

422

+		newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant

423

+	fi

424

+

425

+	exeinto /etc/wpa_supplicant/

426

+	newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh

427

+

428

+	readme.gentoo_create_doc

429

+	dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \

430

+		wpa_supplicant.conf

431

+

432

+	newdoc .config build-config

433

+

434

+	if [ "${PV}" != "9999" ]; then

435

+		doman doc/docbook/*.{5,8}

436

+	fi

437

+

438

+	if use qt5 ; then

439

+		into /usr

440

+		dobin wpa_gui-qt4/wpa_gui

441

+		doicon wpa_gui-qt4/icons/wpa_gui.svg

442

+		domenu wpa_gui-qt4/wpa_gui.desktop

443

+	else

444

+		rm "${ED}"/usr/share/man/man8/wpa_gui.8

445

+	fi

446

+

447

+	use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install

448

+

449

+	if use dbus ; then

450

+		pushd "${S}"/dbus > /dev/null || die

451

+		insinto /etc/dbus-1/system.d

452

+		newins dbus-wpa_supplicant.conf wpa_supplicant.conf

453

+		insinto /usr/share/dbus-1/system-services

454

+		doins fi.w1.wpa_supplicant1.service

455

+		popd > /dev/null || die

456

+

457

+		# This unit relies on dbus support, bug 538600.

458

+		systemd_dounit systemd/wpa_supplicant.service

459

+	fi

460

+

461

+	if use eapol_test ; then

462

+		dobin eapol_test

463

+	fi

464

+

465

+	systemd_dounit "systemd/wpa_supplicant@.service"

466

+	systemd_dounit "systemd/wpa_supplicant-nl80211@.service"

467

+	systemd_dounit "systemd/wpa_supplicant-wired@.service"

468

+}

469

+

470

+pkg_postinst() {

471

+	readme.gentoo_print_elog

472

+

473

+	if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then

474

+		echo

475

+		ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf"

476

+		ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf"

477

+	fi

478

+

479

+	if use bindist; then

480

+		if ! use libressl; then

481

+			ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)."

482

+			ewarn "This is incredibly undesirable"

483

+		fi

484

+	fi

485

+	if use libressl; then

486

+		ewarn "Libressl doesn't support SUITEB (part of WPA3)"

487

+		ewarn "but it does support SUITEB192 (the upgraded strength version of the same)"

488

+		ewarn "You probably don't care.  Patches welcome"

489

+	fi

490

+

491

+	# Mea culpa, feel free to remove that after some time --mgorny.

492

+	local fn

493

+	for fn in wpa_supplicant{,@wlan0}.service; do

494

+		if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]]

495

+		then

496

+			ebegin "Moving ${fn} to multi-user.target"

497

+			mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \

498

+				"${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die

499

+			eend ${?} \

500

+				"Please try to re-enable ${fn}"

501

+		fi

502

+	done

503

+

504

+	systemd_reenable wpa_supplicant.service

505

+}

1	commit: 39a43a7c4c0256848f5b5934eab38bb73699506b
2	Author: Conrad Kostecki <conrad <AT> kostecki <DOT> com>
3	AuthorDate: Thu Aug 15 12:22:29 2019 +0000
4	Commit: Rick Farina <zerochaos <AT> gentoo <DOT> org>
5	CommitDate: Fri Aug 16 15:53:34 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39a43a7c
7
8	net-wireless/wpa_supplicant: bump to version 2.9
9
10	Also allowing privsep only without macsec.
11	According to upstream, it's not a valid combination, when you do enable
12	macsec and privsep together.
13
14	Upstream says:
15	CONFIG_PRIVSEP=y does not have sufficient support for the new driver
16	interface functions used for MACsec, so this combination cannot be used
17	at least for now.
18
19	Instead of creating a new desktop file, the shipped one is used.
20
21	Closes: https://bugs.gentoo.org/615872
22	Closes: https://bugs.gentoo.org/684442
23	Closes: https://bugs.gentoo.org/692062
24	Package-Manager: Portage-2.3.71, Repoman-2.3.17
25	Signed-off-by: Conrad Kostecki <conrad <AT> kostecki.com>
26	Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org>
27
28	net-wireless/wpa_supplicant/Manifest \| 1 +
29	.../wpa_supplicant/wpa_supplicant-2.9.ebuild \| 458 +++++++++++++++++++++
30	2 files changed, 459 insertions(+)
31
32	diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest
33	index 5bfd97437ba..54e1a007a51 100644
34	--- a/net-wireless/wpa_supplicant/Manifest
35	+++ b/net-wireless/wpa_supplicant/Manifest
36	@@ -1,3 +1,4 @@
37	DIST wpa_supplicant-2.6.tar.gz 2753524 BLAKE2B 99c61326c402f60b384fa6c9a7381e43d4d021d7e44537a6e05552909270f30997da91b690d8a30aa690f0d1ce0aed7798bd8bb8972fcf6830c282ccc91193ac SHA512 46442cddb6ca043b8b08d143908f149954c238e0f3a57a0df73ca4fab9c1acd91b078f3f26375a1d99cd1d65625986328018c735d8705882c8f91e389cad28a6
38	DIST wpa_supplicant-2.7.tar.gz 3093713 BLAKE2B bbf961b6e13757e9d7bb8b9de1808382a551265cd2d54de14e24bde3567aa5298b48fdcd0df75db79189a051532c54b28eab5519c32fc8fc00459365b57039aa SHA512 8b6eb5b5f30d351c73db63d73c09f24028a18166246539b4a4f89f0d226fb42751afa2ff72296df33317f615150325d285e8e7bda30e0d88abcdc9637ab731d3
39	DIST wpa_supplicant-2.8.tar.gz 3155904 BLAKE2B 260b4830949a3e051ef4f33f279b3b225ab9fd95100e4b270d29af457cf07601421fac636d9f1d8927271d7c76aecb0b7c93ddab35203e31a0fd84c3e327d951 SHA512 b37d254d32a4b7a1f95fcb18ec1be0ffb9d025e0b21c42c53acc4cd839be355df1b125b32cc073f9fe09b746807321e23dbe25dc2fc8a7cafa1e71add69f245b
40	+DIST wpa_supplicant-2.9.tar.gz 3231785 BLAKE2B f1e2a5cb37b02d5c74116b5bc7f67c47d85f916c972cbd6b881d63a317161294a37c8517aabe6c74f9617c762aaa76d869f318af311473160e87bac8ac2a1807 SHA512 37a33f22cab9d27084fbef29856eaea0f692ff339c5b38bd32402dccf293cb849afd4a870cd3b5ca78179f0102f4011ce2f3444a53dc41dc75a5863b0a2226c8
41
42	diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.9.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.9.ebuild
43	new file mode 100644
44	index 00000000000..2d3f2e93d50
45	--- /dev/null
46	+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9.ebuild
47	@@ -0,0 +1,458 @@
48	+# Copyright 1999-2019 Gentoo Authors
49	+# Distributed under the terms of the GNU General Public License v2
50	+
51	+EAPI=6
52	+
53	+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1
54	+
55	+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
56	+HOMEPAGE="https://w1.fi/wpa_supplicant/"
57	+LICENSE="\|\| ( GPL-2 BSD )"
58	+
59	+if [ "${PV}" = "9999" ]; then
60	+ inherit git-r3
61	+ EGIT_REPO_URI="https://w1.fi/hostap.git"
62	+else
63	+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
64	+ SRC_URI="https://w1.fi/releases/${P}.tar.gz"
65	+fi
66	+
67	+SLOT="0"
68	+IUSE="ap bindist dbus eap-sim eapol_test fasteap +fils +hs2-0 libressl macsec p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
69	+
70	+# CONFIG_PRIVSEP=y does not have sufficient support for the new driver
71	+# interface functions used for MACsec, so this combination cannot be used
72	+# at least for now.
73	+REQUIRED_USE="
74	+ macsec? ( !privsep )
75	+ privsep? ( !macsec )
76	+"
77	+
78	+CDEPEND="dbus? ( sys-apps/dbus )
79	+ kernel_linux? (
80	+ dev-libs/libnl:3
81	+ net-wireless/crda
82	+ eap-sim? ( sys-apps/pcsc-lite )
83	+ )
84	+ !kernel_linux? ( net-libs/libpcap )
85	+ qt5? (
86	+ dev-qt/qtcore:5
87	+ dev-qt/qtgui:5
88	+ dev-qt/qtsvg:5
89	+ dev-qt/qtwidgets:5
90	+ )
91	+ readline? (
92	+ sys-libs/ncurses:0=
93	+ sys-libs/readline:0=
94	+ )
95	+ !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] )
96	+ libressl? ( dev-libs/libressl:0= )
97	+"
98	+DEPEND="${CDEPEND}
99	+ virtual/pkgconfig
100	+"
101	+RDEPEND="${CDEPEND}
102	+ selinux? ( sec-policy/selinux-networkmanager )
103	+"
104	+
105	+DOC_CONTENTS="
106	+ If this is a clean installation of wpa_supplicant, you
107	+ have to create a configuration file named
108	+ ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf
109	+ An example configuration file is available for reference in
110	+ ${EROOT%/}/usr/share/doc/${PF}/
111	+"
112	+
113	+S="${WORKDIR}/${P}/${PN}"
114	+
115	+Kconfig_style_config() {
116	+ #param 1 is CONFIG_* item
117	+ #param 2 is what to set it = to, defaulting in y
118	+ CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"
119	+ setting="${2:-y}"
120	+
121	+ if [ ! $setting = n ]; then
122	+ #first remove any leading "# " if $2 is not n
123	+ sed -i "/^# $CONFIG_PARAM=/s/^# //" .config \|\| echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"
124	+ #set item = $setting (defaulting to y)
125	+ sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config \|\| echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"
126	+ if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then
127	+ echo "$CONFIG_PARAM=$setting" >>.config
128	+ fi
129	+ else
130	+ #ensure item commented out
131	+ sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config \|\| echo "Kconfig_style_config error commenting $CONFIG_PARAM"
132	+ fi
133	+}
134	+
135	+src_prepare() {
136	+ default
137	+
138	+ # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD
139	+ sed -i \
140	+ -e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \
141	+ ../src/l2_packet/l2_packet_freebsd.c \|\| die
142	+
143	+ # People seem to take the example configuration file too literally (bug #102361)
144	+ sed -i \
145	+ -e "s:^\(opensc_engine_path\):#\1:" \
146	+ -e "s:^\(pkcs11_engine_path\):#\1:" \
147	+ -e "s:^\(pkcs11_module_path\):#\1:" \
148	+ wpa_supplicant.conf \|\| die
149	+
150	+ # Change configuration to match Gentoo locations (bug #143750)
151	+ sed -i \
152	+ -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \
153	+ -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \
154	+ wpa_supplicant.conf \|\| die
155	+
156	+ # systemd entries to D-Bus service files (bug #372877)
157	+ echo 'SystemdService=wpa_supplicant.service' \
158	+ \| tee -a dbus/*.service >/dev/null \|\| die
159	+
160	+ cd "${WORKDIR}/${P}" \|\| die
161	+
162	+ if use wimax; then
163	+ # generate-libeap-peer.patch comes before
164	+ # fix-undefined-reference-to-random_get_bytes.patch
165	+ eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"
166	+
167	+ # multilib-strict fix (bug #373685)
168	+ sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile \|\| die
169	+ fi
170	+
171	+ # bug (320097)
172	+ eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"
173	+
174	+ # bug (640492)
175	+ sed -i 's#-Werror ##' wpa_supplicant/Makefile \|\| die
176	+}
177	+
178	+src_configure() {
179	+ # Toolchain setup
180	+ tc-export CC
181	+
182	+ cp defconfig .config \|\| die
183	+
184	+ # Basic setup
185	+ Kconfig_style_config CTRL_IFACE
186	+ Kconfig_style_config MATCH_IFACE
187	+ Kconfig_style_config BACKEND file
188	+ Kconfig_style_config IBSS_RSN
189	+ Kconfig_style_config IEEE80211W
190	+ Kconfig_style_config IEEE80211R
191	+ Kconfig_style_config HT_OVERRIDES
192	+ Kconfig_style_config VHT_OVERRIDES
193	+ Kconfig_style_config OCV
194	+ Kconfig_style_config TLSV11
195	+ Kconfig_style_config TLSV12
196	+ Kconfig_style_config GETRANDOM
197	+ Kconfig_style_config MBO
198	+
199	+ # Basic authentication methods
200	+ # NOTE: we don't set GPSK or SAKE as they conflict
201	+ # with the below options
202	+ Kconfig_style_config EAP_GTC
203	+ Kconfig_style_config EAP_MD5
204	+ Kconfig_style_config EAP_OTP
205	+ Kconfig_style_config EAP_PAX
206	+ Kconfig_style_config EAP_PSK
207	+ Kconfig_style_config IEEE8021X_EAPOL
208	+ Kconfig_style_config PKCS12
209	+ Kconfig_style_config PEERKEY
210	+ Kconfig_style_config EAP_LEAP
211	+ Kconfig_style_config EAP_MSCHAPV2
212	+ Kconfig_style_config EAP_PEAP
213	+ Kconfig_style_config EAP_TEAP
214	+ Kconfig_style_config EAP_TLS
215	+ Kconfig_style_config EAP_TTLS
216	+
217	+ # Enabling background scanning.
218	+ Kconfig_style_config BGSCAN_SIMPLE
219	+ Kconfig_style_config BGSCAN_LEARN
220	+
221	+ if use dbus ; then
222	+ Kconfig_style_config CTRL_IFACE_DBUS
223	+ Kconfig_style_config CTRL_IFACE_DBUS_NEW
224	+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO
225	+ else
226	+ Kconfig_style_config CTRL_IFACE_DBUS n
227	+ Kconfig_style_config CTRL_IFACE_DBUS_NEW n
228	+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO n
229	+ fi
230	+
231	+ if use eapol_test ; then
232	+ Kconfig_style_config EAPOL_TEST
233	+ fi
234	+
235	+ # Enable support for writing debug info to a log file and syslog.
236	+ Kconfig_style_config DEBUG_FILE
237	+ Kconfig_style_config DEBUG_SYSLOG
238	+
239	+ if use hs2-0 ; then
240	+ Kconfig_style_config INTERWORKING
241	+ Kconfig_style_config HS20
242	+ fi
243	+
244	+ if use uncommon-eap-types; then
245	+ Kconfig_style_config EAP_GPSK
246	+ Kconfig_style_config EAP_SAKE
247	+ Kconfig_style_config EAP_GPSK_SHA256
248	+ Kconfig_style_config EAP_IKEV2
249	+ Kconfig_style_config EAP_EKE
250	+ fi
251	+
252	+ if use eap-sim ; then
253	+ # Smart card authentication
254	+ Kconfig_style_config EAP_SIM
255	+ Kconfig_style_config EAP_AKA
256	+ Kconfig_style_config EAP_AKA_PRIME
257	+ Kconfig_style_config PCSC
258	+ fi
259	+
260	+ if use fasteap ; then
261	+ Kconfig_style_config EAP_FAST
262	+ fi
263	+
264	+ if use readline ; then
265	+ # readline/history support for wpa_cli
266	+ Kconfig_style_config READLINE
267	+ else
268	+ #internal line edit mode for wpa_cli
269	+ Kconfig_style_config WPA_CLI_EDIT
270	+ fi
271	+
272	+ Kconfig_style_config TLS openssl
273	+ Kconfig_style_config FST
274	+ if ! use bindist \|\| use libressl; then
275	+ Kconfig_style_config EAP_PWD
276	+ if use fils; then
277	+ Kconfig_style_config FILS
278	+ Kconfig_style_config FILS_SK_PFS
279	+ fi
280	+ # Enabling mesh networks.
281	+ Kconfig_style_config MESH
282	+ #WPA3
283	+ Kconfig_style_config OWE
284	+ Kconfig_style_config SAE
285	+ Kconfig_style_config DPP
286	+ Kconfig_style_config SUITEB192
287	+ fi
288	+ if ! use bindist && ! use libressl; then
289	+ Kconfig_style_config SUITEB
290	+ fi
291	+
292	+ if use smartcard ; then
293	+ Kconfig_style_config SMARTCARD
294	+ else
295	+ Kconfig_style_config SMARTCARD n
296	+ fi
297	+
298	+ if use tdls ; then
299	+ Kconfig_style_config TDLS
300	+ fi
301	+
302	+ if use kernel_linux ; then
303	+ # Linux specific drivers
304	+ Kconfig_style_config DRIVER_ATMEL
305	+ Kconfig_style_config DRIVER_HOSTAP
306	+ Kconfig_style_config DRIVER_IPW
307	+ Kconfig_style_config DRIVER_NL80211
308	+ Kconfig_style_config DRIVER_RALINK
309	+ Kconfig_style_config DRIVER_WEXT
310	+ Kconfig_style_config DRIVER_WIRED
311	+
312	+ if use macsec ; then
313	+ #requires something, no idea what
314	+ #Kconfig_style_config DRIVER_MACSEC_QCA
315	+ Kconfig_style_config DRIVER_MACSEC_LINUX
316	+ Kconfig_style_config MACSEC
317	+ fi
318	+
319	+ if use ps3 ; then
320	+ Kconfig_style_config DRIVER_PS3
321	+ fi
322	+
323	+ elif use kernel_FreeBSD ; then
324	+ # FreeBSD specific driver
325	+ Kconfig_style_config DRIVER_BSD
326	+ fi
327	+
328	+ # Wi-Fi Protected Setup (WPS)
329	+ if use wps ; then
330	+ Kconfig_style_config WPS
331	+ Kconfig_style_config WPS2
332	+ # USB Flash Drive
333	+ Kconfig_style_config WPS_UFD
334	+ # External Registrar
335	+ Kconfig_style_config WPS_ER
336	+ # Universal Plug'n'Play
337	+ Kconfig_style_config WPS_UPNP
338	+ # Near Field Communication
339	+ Kconfig_style_config WPS_NFC
340	+ else
341	+ Kconfig_style_config WPS n
342	+ fi
343	+
344	+ # Wi-Fi Direct (WiDi)
345	+ if use p2p ; then
346	+ Kconfig_style_config P2P
347	+ Kconfig_style_config WIFI_DISPLAY
348	+ fi
349	+
350	+ # Access Point Mode
351	+ if use ap ; then
352	+ Kconfig_style_config AP
353	+ else
354	+ Kconfig_style_config AP n
355	+ fi
356	+
357	+ # Enable essentials for AP/P2P
358	+ if use ap \|\| use p2p ; then
359	+ # Enabling HT support (802.11n)
360	+ Kconfig_style_config IEEE80211N
361	+
362	+ # Enabling VHT support (802.11ac)
363	+ Kconfig_style_config IEEE80211AC
364	+ fi
365	+
366	+ # Enable mitigation against certain attacks against TKIP
367	+ Kconfig_style_config DELAYED_MIC_ERROR_REPORT
368	+
369	+ if use privsep ; then
370	+ Kconfig_style_config PRIVSEP
371	+ fi
372	+
373	+ # If we are using libnl 2.0 and above, enable support for it
374	+ # Bug 382159
375	+ # Removed for now, since the 3.2 version is broken, and we don't
376	+ # support it.
377	+ if has_version ">=dev-libs/libnl-3.2"; then
378	+ Kconfig_style_config LIBNL32
379	+ fi
380	+
381	+ if use qt5 ; then
382	+ pushd "${S}"/wpa_gui-qt4 > /dev/null \|\| die
383	+ eqmake5 wpa_gui.pro
384	+ popd > /dev/null \|\| die
385	+ fi
386	+}
387	+
388	+src_compile() {
389	+ einfo "Building wpa_supplicant"
390	+ emake V=1 BINDIR=/usr/sbin
391	+
392	+ if use wimax; then
393	+ emake -C ../src/eap_peer clean
394	+ emake -C ../src/eap_peer
395	+ fi
396	+
397	+ if use qt5; then
398	+ einfo "Building wpa_gui"
399	+ emake -C "${S}"/wpa_gui-qt4
400	+ fi
401	+
402	+ if use eapol_test ; then
403	+ emake eapol_test
404	+ fi
405	+}
406	+
407	+src_install() {
408	+ dosbin wpa_supplicant
409	+ use privsep && dosbin wpa_priv
410	+ dobin wpa_cli wpa_passphrase
411	+
412	+ # baselayout-1 compat
413	+ if has_version "<sys-apps/baselayout-2.0.0"; then
414	+ dodir /sbin
415	+ dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant
416	+ dodir /bin
417	+ dosym ../usr/bin/wpa_cli /bin/wpa_cli
418	+ fi
419	+
420	+ if has_version ">=sys-apps/openrc-0.5.0"; then
421	+ newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant
422	+ newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
423	+ fi
424	+
425	+ exeinto /etc/wpa_supplicant/
426	+ newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
427	+
428	+ readme.gentoo_create_doc
429	+ dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
430	+ wpa_supplicant.conf
431	+
432	+ newdoc .config build-config
433	+
434	+ if [ "${PV}" != "9999" ]; then
435	+ doman doc/docbook/*.{5,8}
436	+ fi
437	+
438	+ if use qt5 ; then
439	+ into /usr
440	+ dobin wpa_gui-qt4/wpa_gui
441	+ doicon wpa_gui-qt4/icons/wpa_gui.svg
442	+ domenu wpa_gui-qt4/wpa_gui.desktop
443	+ else
444	+ rm "${ED}"/usr/share/man/man8/wpa_gui.8
445	+ fi
446	+
447	+ use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install
448	+
449	+ if use dbus ; then
450	+ pushd "${S}"/dbus > /dev/null \|\| die
451	+ insinto /etc/dbus-1/system.d
452	+ newins dbus-wpa_supplicant.conf wpa_supplicant.conf
453	+ insinto /usr/share/dbus-1/system-services
454	+ doins fi.w1.wpa_supplicant1.service
455	+ popd > /dev/null \|\| die
456	+
457	+ # This unit relies on dbus support, bug 538600.
458	+ systemd_dounit systemd/wpa_supplicant.service
459	+ fi
460	+
461	+ if use eapol_test ; then
462	+ dobin eapol_test
463	+ fi
464	+
465	+ systemd_dounit "systemd/wpa_supplicant@.service"
466	+ systemd_dounit "systemd/wpa_supplicant-nl80211@.service"
467	+ systemd_dounit "systemd/wpa_supplicant-wired@.service"
468	+}
469	+
470	+pkg_postinst() {
471	+ readme.gentoo_print_elog
472	+
473	+ if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then
474	+ echo
475	+ ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf"
476	+ ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf"
477	+ fi
478	+
479	+ if use bindist; then
480	+ if ! use libressl; then
481	+ ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)."
482	+ ewarn "This is incredibly undesirable"
483	+ fi
484	+ fi
485	+ if use libressl; then
486	+ ewarn "Libressl doesn't support SUITEB (part of WPA3)"
487	+ ewarn "but it does support SUITEB192 (the upgraded strength version of the same)"
488	+ ewarn "You probably don't care. Patches welcome"
489	+ fi
490	+
491	+ # Mea culpa, feel free to remove that after some time --mgorny.
492	+ local fn
493	+ for fn in wpa_supplicant{,@wlan0}.service; do
494	+ if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]]
495	+ then
496	+ ebegin "Moving ${fn} to multi-user.target"
497	+ mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \
498	+ "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ \|\| die
499	+ eend ${?} \
500	+ "Please try to re-enable ${fn}"
501	+ fi
502	+ done
503	+
504	+ systemd_reenable wpa_supplicant.service
505	+}

Gentoo Archives: gentoo-commits