net-wireless/wpa_supplicant: Add 2.10-r4 - parlay - yet another gentoo overlay
HTML git clone https://git.parazyd.org/parlay
DIR Log
DIR Files
DIR Refs
DIR README
---
DIR commit 77d2d699e5015e0e5a62c249876a738c80a7dc1d
DIR parent f7c2196f7d2cf4aa0e8210b864ba3f8fd89300a4
HTML Author: parazyd <parazyd@dyne.org>
Date: Wed, 4 Oct 2023 15:33:20 +0200
net-wireless/wpa_supplicant: Add 2.10-r4
Diffstat:
A net-wireless/wpa_supplicant/Manife… | 1 +
A net-wireless/wpa_supplicant/files/… | 46 +++++++++++++++++++++++++++++++
A net-wireless/wpa_supplicant/files/… | 57 +++++++++++++++++++++++++++++++
A net-wireless/wpa_supplicant/files/… | 30 ++++++++++++++++++++++++++++++
A net-wireless/wpa_supplicant/files/… | 13 +++++++++++++
A net-wireless/wpa_supplicant/files/… | 10 ++++++++++
A net-wireless/wpa_supplicant/files/… | 70 +++++++++++++++++++++++++++++++
A net-wireless/wpa_supplicant/files/… | 7 +++++++
A net-wireless/wpa_supplicant/wpa_su… | 488 +++++++++++++++++++++++++++++++
9 files changed, 722 insertions(+), 0 deletions(-)
---
DIR diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest
@@ -0,0 +1 @@
+DIST wpa_supplicant-2.10.tar.gz 3511622 BLAKE2B 7f6045e5dcf24f7ccf1ea75c99541f9d68fadaea858a6ca11a95c997de14e33b3aa89138e748664579b5a4ea493d247cf6613da3c5fae49a4dbb5cd58dace752 SHA512 021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1
DIR diff --git a/net-wireless/wpa_supplicant/files/wpa_cli.sh b/net-wireless/wpa_supplicant/files/wpa_cli.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+# Copyright 1999-2011 Gentoo Foundation
+# Written by Roy Marples <uberlord@gentoo.org>
+# Distributed under the terms of the GNU General Public License v2
+# Alternatively, this file may be distributed under the terms of the BSD License
+
+if [ -z "$1" -o -z "$2" ]; then
+ logger -t wpa_cli "Insufficient parameters"
+ exit 1
+fi
+
+INTERFACE="$1"
+ACTION="$2"
+
+# Note, the below action must NOT mark the interface down via ifconfig, ip or
+# similar. Addresses can be removed, changed and daemons can be stopped, but
+# the interface must remain up for wpa_supplicant to work.
+
+if [ -f /etc/gentoo-release ]; then
+ EXEC="/etc/init.d/net.${INTERFACE} --quiet"
+else
+ logger -t wpa_cli "I don't know what to do with this distro!"
+ exit 1
+fi
+
+case ${ACTION} in
+ CONNECTED)
+ EXEC="${EXEC} start"
+ ;;
+ DISCONNECTED)
+ # Deactivated, since stopping /etc/init.d/net.wlanX
+ # stops the network completly.
+ EXEC="false ${EXEC} stop"
+ ;;
+ *)
+ logger -t wpa_cli "Unknown action ${ACTION}"
+ exit 1
+ ;;
+esac
+
+# ${EXEC} can use ${IN_BACKGROUND} so that it knows that the user isn't
+# stopping the interface and a background process - like wpa_cli - is.
+export IN_BACKGROUND=true
+
+logger -t wpa_cli "interface ${INTERFACE} ${ACTION}"
+${EXEC} || logger -t wpa_cli "executing '${EXEC}' failed"
DIR diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.10-Drop-security-level-to-0-with-OpenSSL-3.0-wh.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.10-Drop-security-level-to-0-with-OpenSSL-3.0-wh.patch
@@ -0,0 +1,57 @@
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 22 May 2022 17:01:35 +0300
+Subject: OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1
+
+Commit 9afb68b03976 ("OpenSSL: Allow systemwide secpolicy overrides for
+TLS version") with commit 58bbcfa31b18 ("OpenSSL: Update security level
+drop for TLS 1.0/1.1 with OpenSSL 3.0") allow this workaround to be
+enabled with an explicit network configuration parameter. However, the
+default settings are still allowing TLS 1.0 and 1.1 to be negotiated
+just to see them fail immediately when using OpenSSL 3.0. This is not
+exactly helpful especially when the OpenSSL error message for this
+particular case is "internal error" which does not really say anything
+about the reason for the error.
+
+It is is a bit inconvenient to update the security policy for this
+particular issue based on the negotiated TLS version since that happens
+in the middle of processing for the first message from the server.
+However, this can be done by using the debug callback for printing out
+the received TLS messages during processing.
+
+Drop the OpenSSL security level to 0 if that is the only option to
+continue the TLS negotiation, i.e., when TLS 1.0/1.1 are still allowed
+in wpa_supplicant default configuration and OpenSSL 3.0 with the
+constraint on MD5-SHA1 use.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+Bug-Debian: https://bugs.debian.org/1011121
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1958267
+Origin: upstream, commit:bc99366f9b960150aa2e369048bbc2218c1d414e
+---
+ src/crypto/tls_openssl.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 6602ac64f591..78621d926dab 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -1557,6 +1557,15 @@ static void tls_msg_cb(int write_p, int version, int content_type,
+ struct tls_connection *conn = arg;
+ const u8 *pos = buf;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ if ((SSL_version(ssl) == TLS1_VERSION ||
++ SSL_version(ssl) == TLS1_1_VERSION) &&
++ SSL_get_security_level(ssl) > 0) {
++ wpa_printf(MSG_DEBUG,
++ "OpenSSL: Drop security level to 0 to allow TLS 1.0/1.1 use of MD5-SHA1 signature algorithm");
++ SSL_set_security_level(ssl, 0);
++ }
++#endif /* OpenSSL version >= 3.0 */
+ if (write_p == 2) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: session ver=0x%x content_type=%d",
+--
+2.39.0
+
DIR diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.10-allow-legacy-renegotiation.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.10-allow-legacy-renegotiation.patch
@@ -0,0 +1,30 @@
+From: James Ralston <ralston@pobox.com>
+Date: Sun, 1 May 2022 16:15:23 -0700
+Subject: Allow legacy renegotiation to fix PEAP issues with some servers
+
+Upstream: http://lists.infradead.org/pipermail/hostap/2022-May/040511.html
+---
+ src/crypto/tls_openssl.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 273e5cb..ad3aa1a 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -1056,6 +1056,16 @@ void * tls_init(const struct tls_config *conf)
+ SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
+ SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
+
++ /* Many enterprise PEAP server implementations (e.g. used in large
++ corporations and universities) do not support RFC5746 secure
++ renegotiation, and starting with OpenSSL 3.0,
++ SSL_OP_LEGACY_SERVER_CONNECT is no longer set as part of SSL_OP_ALL.
++ So until we implement a way to request SSL_OP_LEGACY_SERVER_CONNECT
++ only in EAP peer mode, just set SSL_OP_LEGACY_SERVER_CONNECT
++ globally. */
++
++ SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
++
+ SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+ #ifdef SSL_MODE_NO_AUTO_CHAIN
DIR diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-do-not-call-dbus-functions-with-NULL-path.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-do-not-call-dbus-functions-with-NULL-path.patch
@@ -0,0 +1,13 @@
+diff --git a/wpa_supplicant/dbus/dbus_new_helpers.c b/wpa_supplicant/dbus/dbus_new_helpers.c
+index 45623f3..0fc3d08 100644
+--- a/wpa_supplicant/dbus/dbus_new_helpers.c
++++ b/wpa_supplicant/dbus/dbus_new_helpers.c
+@@ -847,7 +847,7 @@ void wpa_dbus_mark_property_changed(struct wpas_dbus_priv *iface,
+ const struct wpa_dbus_property_desc *dsc;
+ int i = 0;
+
+- if (iface == NULL)
++ if (iface == NULL || path == NULL)
+ return;
+
+ dbus_connection_get_object_path_data(iface->con, path,
DIR diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-conf.d b/net-wireless/wpa_supplicant/files/wpa_supplicant-conf.d
@@ -0,0 +1,10 @@
+# conf.d file for wpa_supplicant
+
+# uncomment this if wpa_supplicant starts up before your network interface
+# is ready and it causes issues
+# rc_want="dev-settle"
+
+# Please check man 8 wpa_supplicant for more information about the options
+# wpa_supplicant accepts.
+#
+wpa_supplicant_args=""
DIR diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-init.d b/net-wireless/wpa_supplicant/files/wpa_supplicant-init.d
@@ -0,0 +1,70 @@
+#!/sbin/openrc-run
+# Copyright (c) 2009 Roy Marples <roy@marples.name>
+# All rights reserved. Released under the 2-clause BSD license.
+
+command=/usr/sbin/wpa_supplicant
+: ${wpa_supplicant_conf:=/etc/wpa_supplicant/wpa_supplicant.conf}
+wpa_supplicant_if=${wpa_supplicant_if:+-i}$wpa_supplicant_if
+command_args="$wpa_supplicant_args -B -c$wpa_supplicant_conf $wpa_supplicant_if"
+name="WPA Supplicant Daemon"
+
+depend()
+{
+ need localmount
+ use logger
+ after bootmisc modules
+ before dns dhcpcd net
+ keyword -shutdown
+}
+
+find_wireless()
+{
+ local iface=
+
+ case "$RC_UNAME" in
+ Linux)
+ for iface in /sys/class/net/*; do
+ if [ -e "$iface"/wireless -o \
+ -e "$iface"/phy80211 ]
+ then
+ echo "${iface##*/}"
+ return 0
+ fi
+ done
+ ;;
+ *)
+ for iface in /dev/net/* $(ifconfig -l 2>/dev/null); do
+ if ifconfig "${iface##*/}" 2>/dev/null | \
+ grep -q "[ ]*ssid "
+ then
+ echo "${iface##*/}"
+ return 0
+ fi
+ done
+ ;;
+ esac
+
+ return 1
+}
+
+append_wireless()
+{
+ local iface= i=
+
+ iface=$(find_wireless)
+ if [ -n "$iface" ]; then
+ for i in $iface; do
+ command_args="$command_args -i$i"
+ done
+ else
+ eerror "Could not find a wireless interface"
+ fi
+}
+
+start_pre()
+{
+ case " $command_args" in
+ *" -i"*) ;;
+ *) append_wireless;;
+ esac
+}
DIR diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant.conf b/net-wireless/wpa_supplicant/files/wpa_supplicant.conf
@@ -0,0 +1,7 @@
+# This is a network block that connects to any unsecured access point.
+# We give it a low priority so any defined blocks are preferred.
+network={
+ key_mgmt=NONE
+ priority=-9999999
+}
+
DIR diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.10-r4.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.10-r4.ebuild
@@ -0,0 +1,488 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit desktop linux-info qmake-utils readme.gentoo-r1 systemd toolchain-funcs
+
+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
+HOMEPAGE="https://w1.fi/wpa_supplicant/"
+LICENSE="|| ( GPL-2 BSD )"
+
+if [ "${PV}" = "9999" ]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://w1.fi/hostap.git"
+else
+ KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ~mips ~ppc ppc64 ~riscv ~sparc x86"
+ SRC_URI="https://w1.fi/releases/${P}.tar.gz"
+fi
+
+SLOT="0"
+IUSE="ap broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls tkip uncommon-eap-types wep wimax wps"
+
+# CONFIG_PRIVSEP=y does not have sufficient support for the new driver
+# interface functions used for MACsec, so this combination cannot be used
+# at least for now. bug #684442
+REQUIRED_USE="
+ macsec? ( !privsep )
+ privsep? ( !macsec )
+ broadcom-sta? ( !fils !mesh !mbo )
+"
+
+DEPEND="
+ >=dev-libs/openssl-1.0.2k:=
+ dbus? ( sys-apps/dbus )
+ kernel_linux? (
+ >=dev-libs/libnl-3.2:3
+ eap-sim? ( sys-apps/pcsc-lite )
+ )
+ !kernel_linux? ( net-libs/libpcap )
+ privsep? ( acct-group/wpapriv )
+ qt5? (
+ dev-qt/qtcore:5
+ dev-qt/qtgui:5
+ dev-qt/qtsvg:5
+ dev-qt/qtwidgets:5
+ )
+ readline? (
+ sys-libs/ncurses:0=
+ sys-libs/readline:0=
+ )
+"
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-networkmanager )
+ kernel_linux? (
+ net-wireless/wireless-regdb
+ )
+"
+BDEPEND="virtual/pkgconfig"
+
+DOC_CONTENTS="
+ If this is a clean installation of wpa_supplicant, you
+ have to create a configuration file named
+ ${EROOT}/etc/wpa_supplicant/wpa_supplicant.conf
+ An example configuration file is available for reference in
+ ${EROOT}/usr/share/doc/${PF}/
+"
+
+S="${WORKDIR}/${P}/${PN}"
+
+Kconfig_style_config() {
+ #param 1 is CONFIG_* item
+ #param 2 is what to set it = to, defaulting in y
+ CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"
+ setting="${2:-y}"
+
+ if [ ! $setting = n ]; then
+ #first remove any leading "# " if $2 is not n
+ sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"
+ #set item = $setting (defaulting to y)
+ if ! sed -i "/^$CONFIG_PARAM\>/s/=.*/=$setting/" .config; then
+ echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"
+ fi
+ if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then
+ echo "$CONFIG_PARAM=$setting" >>.config
+ fi
+ else
+ #ensure item commented out
+ if ! sed -i "/^$CONFIG_PARAM\>/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config; then
+ echo "Kconfig_style_config error commenting $CONFIG_PARAM"
+ fi
+ fi
+}
+
+src_prepare() {
+ default
+
+ # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD
+ sed -i \
+ -e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \
+ ../src/l2_packet/l2_packet_freebsd.c || die
+
+ # Change configuration to match Gentoo locations (bug #143750)
+ sed -i \
+ -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \
+ -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \
+ wpa_supplicant.conf || die
+
+ # systemd entries to D-Bus service files (bug #372877)
+ echo 'SystemdService=wpa_supplicant.service' \
+ | tee -a dbus/*.service >/dev/null || die
+
+ cd "${WORKDIR}/${P}" || die
+
+ if use wimax; then
+ # generate-libeap-peer.patch comes before
+ # fix-undefined-reference-to-random_get_bytes.patch
+ eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"
+
+ # multilib-strict fix (bug #373685)
+ sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die
+ fi
+
+ # bug (320097)
+ eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"
+
+ # bug (912315)
+ eapply "${FILESDIR}/${PN}-2.10-allow-legacy-renegotiation.patch"
+ eapply "${FILESDIR}/${P}-Drop-security-level-to-0-with-OpenSSL-3.0-wh.patch"
+
+ # bug (640492)
+ sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
+}
+
+src_configure() {
+ # Toolchain setup
+ tc-export CC PKG_CONFIG
+
+ cp defconfig .config || die
+
+ # Basic setup
+ Kconfig_style_config CTRL_IFACE
+ Kconfig_style_config MATCH_IFACE
+ Kconfig_style_config BACKEND file
+ Kconfig_style_config IBSS_RSN
+ Kconfig_style_config IEEE80211W
+ Kconfig_style_config IEEE80211R
+ Kconfig_style_config HT_OVERRIDES
+ Kconfig_style_config VHT_OVERRIDES
+ Kconfig_style_config OCV
+ Kconfig_style_config TLSV11
+ Kconfig_style_config TLSV12
+ Kconfig_style_config GETRANDOM
+
+ # Basic authentication methods
+ # NOTE: we don't set GPSK or SAKE as they conflict
+ # with the below options
+ Kconfig_style_config EAP_GTC
+ Kconfig_style_config EAP_MD5
+ Kconfig_style_config EAP_OTP
+ Kconfig_style_config EAP_PAX
+ Kconfig_style_config EAP_PSK
+ Kconfig_style_config EAP_TLV
+ Kconfig_style_config EAP_EXE
+ Kconfig_style_config IEEE8021X_EAPOL
+ Kconfig_style_config PKCS12
+ Kconfig_style_config PEERKEY
+ Kconfig_style_config EAP_LEAP
+ Kconfig_style_config EAP_MSCHAPV2
+ Kconfig_style_config EAP_PEAP
+ Kconfig_style_config EAP_TEAP
+ Kconfig_style_config EAP_TLS
+ Kconfig_style_config EAP_TTLS
+
+ # Enabling background scanning.
+ Kconfig_style_config BGSCAN_SIMPLE
+ Kconfig_style_config BGSCAN_LEARN
+
+ if use dbus ; then
+ Kconfig_style_config CTRL_IFACE_DBUS
+ Kconfig_style_config CTRL_IFACE_DBUS_NEW
+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO
+ else
+ Kconfig_style_config CTRL_IFACE_DBUS n
+ Kconfig_style_config CTRL_IFACE_DBUS_NEW n
+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO n
+ fi
+
+ if use eapol-test ; then
+ Kconfig_style_config EAPOL_TEST
+ fi
+
+ # Enable support for writing debug info to a log file and syslog.
+ Kconfig_style_config DEBUG_FILE
+ Kconfig_style_config DEBUG_SYSLOG
+
+ if use hs2-0 ; then
+ Kconfig_style_config INTERWORKING
+ Kconfig_style_config HS20
+ fi
+
+ if use mbo ; then
+ Kconfig_style_config MBO
+ else
+ Kconfig_style_config MBO n
+ fi
+
+ if use uncommon-eap-types; then
+ Kconfig_style_config EAP_GPSK
+ Kconfig_style_config EAP_SAKE
+ Kconfig_style_config EAP_GPSK_SHA256
+ Kconfig_style_config EAP_IKEV2
+ Kconfig_style_config EAP_EKE
+ fi
+
+ if use eap-sim ; then
+ # Smart card authentication
+ Kconfig_style_config EAP_SIM
+ Kconfig_style_config EAP_AKA
+ Kconfig_style_config EAP_AKA_PRIME
+ Kconfig_style_config PCSC
+ fi
+
+ if use fasteap ; then
+ Kconfig_style_config EAP_FAST
+ fi
+
+ if use readline ; then
+ # readline/history support for wpa_cli
+ Kconfig_style_config READLINE
+ else
+ #internal line edit mode for wpa_cli
+ Kconfig_style_config WPA_CLI_EDIT
+ fi
+
+ Kconfig_style_config TLS openssl
+ Kconfig_style_config FST
+
+ Kconfig_style_config EAP_PWD
+ if use fils; then
+ Kconfig_style_config FILS
+ Kconfig_style_config FILS_SK_PFS
+ fi
+ if use mesh; then
+ Kconfig_style_config MESH
+ else
+ Kconfig_style_config MESH n
+ fi
+ # WPA3
+ Kconfig_style_config OWE
+ Kconfig_style_config SAE
+ Kconfig_style_config DPP
+ Kconfig_style_config DPP2
+ Kconfig_style_config SUITEB192
+ Kconfig_style_config SUITEB
+
+ if use wep ; then
+ Kconfig_style_config WEP
+ else
+ Kconfig_style_config WEP n
+ fi
+
+ # Watch out, reversed logic
+ if use tkip ; then
+ Kconfig_style_config NO_TKIP n
+ else
+ Kconfig_style_config NO_TKIP
+ fi
+
+ if use smartcard ; then
+ Kconfig_style_config SMARTCARD
+ else
+ Kconfig_style_config SMARTCARD n
+ fi
+
+ if use tdls ; then
+ Kconfig_style_config TDLS
+ fi
+
+ if use kernel_linux ; then
+ # Linux specific drivers
+ Kconfig_style_config DRIVER_ATMEL
+ Kconfig_style_config DRIVER_HOSTAP
+ Kconfig_style_config DRIVER_IPW
+ Kconfig_style_config DRIVER_NL80211
+ Kconfig_style_config DRIVER_RALINK
+ Kconfig_style_config DRIVER_WEXT
+ Kconfig_style_config DRIVER_WIRED
+
+ if use macsec ; then
+ #requires something, no idea what
+ #Kconfig_style_config DRIVER_MACSEC_QCA
+ Kconfig_style_config DRIVER_MACSEC_LINUX
+ Kconfig_style_config MACSEC
+ else
+ # bug #831369 and bug #684442
+ Kconfig_style_config DRIVER_MACSEC_LINUX n
+ Kconfig_style_config MACSEC n
+ fi
+
+ if use ps3 ; then
+ Kconfig_style_config DRIVER_PS3
+ fi
+ fi
+
+ # Wi-Fi Protected Setup (WPS)
+ if use wps ; then
+ Kconfig_style_config WPS
+ Kconfig_style_config WPS2
+ # USB Flash Drive
+ Kconfig_style_config WPS_UFD
+ # External Registrar
+ Kconfig_style_config WPS_ER
+ # Universal Plug'n'Play
+ Kconfig_style_config WPS_UPNP
+ # Near Field Communication
+ Kconfig_style_config WPS_NFC
+ else
+ Kconfig_style_config WPS n
+ Kconfig_style_config WPS2 n
+ Kconfig_style_config WPS_UFD n
+ Kconfig_style_config WPS_ER n
+ Kconfig_style_config WPS_UPNP n
+ Kconfig_style_config WPS_NFC n
+ fi
+
+ # Wi-Fi Direct (WiDi)
+ if use p2p ; then
+ Kconfig_style_config P2P
+ Kconfig_style_config WIFI_DISPLAY
+ else
+ Kconfig_style_config P2P n
+ Kconfig_style_config WIFI_DISPLAY n
+ fi
+
+ # Access Point Mode
+ if use ap ; then
+ Kconfig_style_config AP
+ else
+ Kconfig_style_config AP n
+ fi
+
+ # Enable essentials for AP/P2P
+ if use ap || use p2p ; then
+ # Enabling HT support (802.11n)
+ Kconfig_style_config IEEE80211N
+
+ # Enabling VHT support (802.11ac)
+ Kconfig_style_config IEEE80211AC
+ fi
+
+ # Enable mitigation against certain attacks against TKIP
+ Kconfig_style_config DELAYED_MIC_ERROR_REPORT
+
+ if use privsep ; then
+ Kconfig_style_config PRIVSEP
+ fi
+
+ if use kernel_linux ; then
+ Kconfig_style_config LIBNL32
+ fi
+
+ if use qt5 ; then
+ pushd "${S}"/wpa_gui-qt4 > /dev/null || die
+ eqmake5 wpa_gui.pro
+ popd > /dev/null || die
+ fi
+}
+
+src_compile() {
+ einfo "Building wpa_supplicant"
+ emake V=1 BINDIR=/usr/sbin
+
+ if use wimax; then
+ emake -C ../src/eap_peer clean
+ emake -C ../src/eap_peer
+ fi
+
+ if use qt5; then
+ einfo "Building wpa_gui"
+ emake -C "${S}"/wpa_gui-qt4
+ fi
+
+ if use eapol-test ; then
+ emake eapol_test
+ fi
+}
+
+src_install() {
+ dosbin wpa_supplicant
+ use privsep && dosbin wpa_priv
+ dobin wpa_cli wpa_passphrase
+
+ # baselayout-1 compat
+ if has_version "<sys-apps/baselayout-2.0.0"; then
+ dodir /sbin
+ dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant
+ dodir /bin
+ dosym ../usr/bin/wpa_cli /bin/wpa_cli
+ fi
+
+ if has_version ">=sys-apps/openrc-0.5.0"; then
+ newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant
+ newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
+ fi
+
+ exeinto /etc/wpa_supplicant/
+ newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
+
+ readme.gentoo_create_doc
+ dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
+ wpa_supplicant.conf
+
+ newdoc .config build-config
+
+ if [ "${PV}" != "9999" ]; then
+ doman doc/docbook/*.{5,8}
+ fi
+
+ if use qt5 ; then
+ into /usr
+ dobin wpa_gui-qt4/wpa_gui
+ doicon wpa_gui-qt4/icons/wpa_gui.svg
+ domenu wpa_gui-qt4/wpa_gui.desktop
+ else
+ rm "${ED}"/usr/share/man/man8/wpa_gui.8
+ fi
+
+ use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install
+
+ if use dbus ; then
+ pushd "${S}"/dbus > /dev/null || die
+ insinto /etc/dbus-1/system.d
+ newins dbus-wpa_supplicant.conf wpa_supplicant.conf
+ insinto /usr/share/dbus-1/system-services
+ doins fi.w1.wpa_supplicant1.service
+ popd > /dev/null || die
+
+ # This unit relies on dbus support, bug 538600.
+ systemd_dounit systemd/wpa_supplicant.service
+ fi
+
+ if use eapol-test ; then
+ dobin eapol_test
+ fi
+
+ systemd_dounit "systemd/wpa_supplicant@.service"
+ systemd_dounit "systemd/wpa_supplicant-nl80211@.service"
+ systemd_dounit "systemd/wpa_supplicant-wired@.service"
+}
+
+pkg_postinst() {
+ readme.gentoo_print_elog
+
+ if [[ -e "${EROOT}"/etc/wpa_supplicant.conf ]] ; then
+ echo
+ ewarn "WARNING: your old configuration file ${EROOT}/etc/wpa_supplicant.conf"
+ ewarn "needs to be moved to ${EROOT}/etc/wpa_supplicant/wpa_supplicant.conf"
+ fi
+ if ! use wep; then
+ einfo "WARNING: You are building with WEP support disabled, which is recommended since"
+ einfo "this protocol is deprecated and insecure. If you still need to connect to"
+ einfo "WEP-enabled networks, you may turn this flag back on. With this flag off,"
+ einfo "WEP-enabled networks will not even show up as available."
+ einfo "If your network is missing you may wish to USE=wep"
+ fi
+ if ! use tkip; then
+ ewarn "WARNING: You are building with TKIP support disabled, which is recommended since"
+ ewarn "this protocol is deprecated and insecure. If you still need to connect to"
+ ewarn "TKIP-enabled networks, you may turn this flag back on. With this flag off,"
+ ewarn "TKIP-enabled networks, including mixed mode TKIP/AES-CCMP will not even show up"
+ ewarn "as available. If your network is missing you may wish to USE=tkip"
+ fi
+
+ # Mea culpa, feel free to remove that after some time --mgorny.
+ local fn
+ for fn in wpa_supplicant{,@wlan0}.service; do
+ if [[ -e "${EROOT}"/etc/systemd/system/network.target.wants/${fn} ]]
+ then
+ ebegin "Moving ${fn} to multi-user.target"
+ mv "${EROOT}"/etc/systemd/system/network.target.wants/${fn} \
+ "${EROOT}"/etc/systemd/system/multi-user.target.wants/ || die
+ eend ${?} \
+ "Please try to re-enable ${fn}"
+ fi
+ done
+
+ systemd_reenable wpa_supplicant.service
+}