Message ID | 3a2ba2a70068bc9fa1c9b05eb04274873c3ad2b6.1353493728.git.Morten.ThunbergSvendsen@prevas.dk |
---|---|
State | Accepted |
Delegated to: | Esben Haabendal |
Headers | show |
Morten Thunberg Svendsen <Morten.ThunbergSvendsen@prevas.dk> writes: > --- > recipes/wpa-supplicant/wpa-supplicant-1.0.inc | 15 +-- > .../wpa-supplicant-1.0/defconfig-gnutls | 103 +++++++++++++++----- > 2 files changed, 83 insertions(+), 35 deletions(-) > > diff --git a/recipes/wpa-supplicant/wpa-supplicant-1.0.inc b/recipes/wpa-supplicant/wpa-supplicant-1.0.inc > index 0a243c1..0fd4cc4 100644 > --- a/recipes/wpa-supplicant/wpa-supplicant-1.0.inc > +++ b/recipes/wpa-supplicant/wpa-supplicant-1.0.inc > @@ -15,17 +15,14 @@ SRC_URI = "http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz \ > file://wpa-supplicant.sh \ > file://wpa_supplicant.conf \ > file://wpa_supplicant.conf-sane \ > - file://99_wpa_supplicant \ > " > > -export DBUS_LIBS="-ldbus-1" > -export DBUS_INCLUDE="" > - > S = "${SRCDIR}/wpa_supplicant-${PV}/wpa_supplicant" > > RDEPENDS_${PN}-wpa-passphrase += "libgcrypt" > -RDEPENDS_${PN} += "libgnutls libgnutls-extra libgcrypt libgpg-error libdbus" > - > +RDEPENDS_${PN}-wpa-supplicant += "libgnutls libgnutls-extra libgcrypt libgpg-error libdbus libnl-3 libnl-genl-3" > +RDEPENDS_${PN} = "util/wpa-passphrase util/wpa-cli util/wpa-supplicant" > + > do_configure () { > install -m 0755 ${SRCDIR}/defconfig-gnutls .config > } > @@ -62,13 +59,9 @@ do_install () { > install -d ${D}/${datadir}/dbus-1/system-services > install -m 644 ${S}/dbus/*.service ${D}/${datadir}/dbus-1/system-services > sed -i -e s:${base_sbindir}:${sbindir}:g ${D}/${datadir}/dbus-1/system-services/*.service > - > - install -d ${D}/etc/default/volatiles > - install -m 0644 ${SRCDIR}/99_wpa_supplicant ${D}/etc/default/volatiles > } > > FILES_${PN} += "${datadir}/dbus-1/system-services/*" > -PROVIDES_${PN} = "util/wpa-supplicant" > > inherit auto-package-utils > -AUTO_PACKAGE_UTILS = "wpa_passphrase wpa_cli" > +AUTO_PACKAGE_UTILS = "wpa_passphrase wpa_cli wpa_supplicant" > diff --git a/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls b/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls > index 26e4279..c9e8453 100644 > --- a/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls > +++ b/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls > @@ -75,14 +75,19 @@ > #CONFIG_DRIVER_IPW=y > > # Driver interface for Ralink driver > -CONFIG_DRIVER_RALINK=y > +#CONFIG_DRIVER_RALINK=y > > # Driver interface for generic Linux wireless extensions > +# Note: WEXT is deprecated in the current Linux kernel version and no new > +# functionality is added to it. nl80211-based interface is the new > +# replacement for WEXT and its use allows wpa_supplicant to properly control > +# the driver to improve existing functionality like roaming and to support new > +# functionality. > CONFIG_DRIVER_WEXT=y > > # Driver interface for Linux drivers using the nl80211 kernel interface > -#CONFIG_LIBNL20=y > -#CONFIG_DRIVER_NL80211=y > +CONFIG_LIBNL32=y > +CONFIG_DRIVER_NL80211=y > > # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) > #CONFIG_DRIVER_BSD=y > @@ -110,10 +115,6 @@ CONFIG_DRIVER_WEXT=y > # Driver interface for development testing > #CONFIG_DRIVER_TEST=y > > -# Include client MLME (management frame processing) for test driver > -# This can be used to test MLME operations in hostapd with the test interface. > -# space. > -#CONFIG_CLIENT_MLME=y > > # Driver interface for wired Ethernet drivers > #CONFIG_DRIVER_WIRED=y > @@ -124,6 +125,9 @@ CONFIG_DRIVER_WEXT=y > # Driver interface for no driver (e.g., WPS ER only) > #CONFIG_DRIVER_NONE=y > > +# Solaris libraries > +#LIBS += -lsocket -ldlpi -lnsl > +#LIBS_c += -lsocket > # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is > # included) > CONFIG_IEEE8021X_EAPOL=y > @@ -161,6 +165,8 @@ CONFIG_EAP_OTP=y > > # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) > #CONFIG_EAP_PSK=y > +# EAP-pwd (secure authentication using only a password) > +#CONFIG_EAP_PWD=y > > # EAP-PAX > #CONFIG_EAP_PAX=y > @@ -191,6 +197,13 @@ CONFIG_EAP_LEAP=y > > # Wi-Fi Protected Setup (WPS) > #CONFIG_WPS=y > +# Enable WSC 2.0 support > +#CONFIG_WPS2=y > +# Enable WPS external registrar functionality > +#CONFIG_WPS_ER=y > +# Disable credentials for an open network by default when acting as a WPS > +# registrar. > +#CONFIG_WPS_REG_DISABLE_OPEN=y > > # EAP-IKEv2 > #CONFIG_EAP_IKEV2=y > @@ -225,6 +238,9 @@ CONFIG_CTRL_IFACE=y > # the resulting binary. > #CONFIG_READLINE=y > > +# Include internal line edit mode in wpa_cli. This can be used as a replacement > +# for GNU Readline to provide limited command line editing and history support. > +#CONFIG_WPA_CLI_EDIT=y > # Remove debugging code that is printing out debug message to stdout. > # This can be used to reduce the size of the wpa_supplicant considerably > # if debugging code is not needed. The size reduction can be around 35% > @@ -306,18 +322,17 @@ CONFIG_PEERKEY=y > > # Select TLS implementation > # openssl = OpenSSL (default) > -# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) > +# gnutls = GnuTLS > # internal = Internal TLSv1 implementation (experimental) > # none = Empty template > -#CONFIG_TLS=openssl > +CONFIG_TLS = gnutls > > -# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. > -# You need CONFIG_TLS=gnutls for this to have any effect. Please note that > -# even though the core GnuTLS library is released under LGPL, this extra > -# library uses GPL and as such, the terms of GPL apply to the combination > -# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not > -# apply for distribution of the resulting binary. > -#CONFIG_GNUTLS_EXTRA=y > +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) > +# can be enabled to get a stronger construction of messages when block ciphers > +# are used. It should be noted that some existing TLS v1.0 -based > +# implementation may not be compatible with TLS v1.1 message (ClientHello is > +# sent prior to negotiating which version will be used) > +#CONFIG_TLSV11=y > > # If CONFIG_TLS=internal is used, additional library and include paths are > # needed for LibTomMath. Alternatively, an integrated, minimal version of > @@ -343,11 +358,11 @@ CONFIG_PEERKEY=y > > # Add support for old DBus control interface > # (fi.epitest.hostap.WPASupplicant) > -#CONFIG_CTRL_IFACE_DBUS=y > +CONFIG_CTRL_IFACE_DBUS=y > > # Add support for new DBus control interface > # (fi.w1.hostap.wpa_supplicant1) > -#CONFIG_CTRL_IFACE_DBUS_NEW=y > +CONFIG_CTRL_IFACE_DBUS_NEW=y > > # Add introspection support for new DBus control interface > #CONFIG_CTRL_IFACE_DBUS_INTRO=y > @@ -378,6 +393,10 @@ CONFIG_PEERKEY=y > > # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) > #CONFIG_DEBUG_FILE=y > +# Send debug messages to syslog instead of stdout > +#CONFIG_DEBUG_SYSLOG=y > +# Set syslog facility for debug messages > +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON > > # Enable privilege separation (see README 'Privilege separation' for details) > #CONFIG_PRIVSEP=y > @@ -390,7 +409,7 @@ CONFIG_PEERKEY=y > # This tracks use of memory allocations and other registrations and reports > # incorrect use with a backtrace of call (or allocation) location. > #CONFIG_WPA_TRACE=y > -# For BSD, comment out these. > +# For BSD, uncomment these. > #LIBS += -lexecinfo > #LIBS_p += -lexecinfo > #LIBS_c += -lexecinfo > @@ -399,11 +418,47 @@ CONFIG_PEERKEY=y > # This enables use of libbfd to get more detailed symbols for the backtraces > # generated by CONFIG_WPA_TRACE=y. > #CONFIG_WPA_TRACE_BFD=y > -# For BSD, comment out these. > +# For BSD, uncomment these. > #LIBS += -lbfd -liberty -lz > #LIBS_p += -lbfd -liberty -lz > #LIBS_c += -lbfd -liberty -lz > -CONFIG_TLS = gnutls > -CONFIG_GNUTLS_EXTRA=y > -CONFIG_CTRL_IFACE_DBUS=y > -CONFIG_CTRL_IFACE_DBUS_NEW=y > + > +# wpa_supplicant depends on strong random number generation being available > +# from the operating system. os_get_random() function is used to fetch random > +# data when needed, e.g., for key generation. On Linux and BSD systems, this > +# works by reading /dev/urandom. It should be noted that the OS entropy pool > +# needs to be properly initialized before wpa_supplicant is started. This is > +# important especially on embedded devices that do not have a hardware random > +# number generator and may by default start up with minimal entropy available > +# for random number generation. > +# > +# As a safety net, wpa_supplicant is by default trying to internally collect > +# additional entropy for generating random data to mix in with the data fetched > +# from the OS. This by itself is not considered to be very strong, but it may > +# help in cases where the system pool is not initialized properly. However, it > +# is very strongly recommended that the system pool is initialized with enough > +# entropy either by using hardware assisted random number generator or by > +# storing state over device reboots. > +# > +# wpa_supplicant can be configured to maintain its own entropy store over > +# restarts to enhance random number generation. This is not perfect, but it is > +# much more secure than using the same sequence of random numbers after every > +# reboot. This can be enabled with -e<entropy file> command line option. The > +# specified file needs to be readable and writable by wpa_supplicant. > +# > +# If the os_get_random() is known to provide strong random data (e.g., on > +# Linux/BSD, the board in question is known to have reliable source of random > +# data from /dev/urandom), the internal wpa_supplicant random pool can be > +# disabled. This will save some in binary size and CPU use. However, this > +# should only be considered for builds that are known to be used on devices > +# that meet the requirements described above. > +#CONFIG_NO_RANDOM_POOL=y > + > +# IEEE 802.11n (High Throughput) support (mainly for AP mode) > +#CONFIG_IEEE80211N=y > + > +# Interworking (IEEE 802.11u) > +# This can be used to enable functionality to improve interworking with > +# external networks (GAS/ANQP to learn more about the networks and network > +# selection based on available credentials). > +#CONFIG_INTERWORKING=y Merged to master, thanks. Commit message reformatted... /Esben
diff --git a/recipes/wpa-supplicant/wpa-supplicant-1.0.inc b/recipes/wpa-supplicant/wpa-supplicant-1.0.inc index 0a243c1..0fd4cc4 100644 --- a/recipes/wpa-supplicant/wpa-supplicant-1.0.inc +++ b/recipes/wpa-supplicant/wpa-supplicant-1.0.inc @@ -15,17 +15,14 @@ SRC_URI = "http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://wpa-supplicant.sh \ file://wpa_supplicant.conf \ file://wpa_supplicant.conf-sane \ - file://99_wpa_supplicant \ " -export DBUS_LIBS="-ldbus-1" -export DBUS_INCLUDE="" - S = "${SRCDIR}/wpa_supplicant-${PV}/wpa_supplicant" RDEPENDS_${PN}-wpa-passphrase += "libgcrypt" -RDEPENDS_${PN} += "libgnutls libgnutls-extra libgcrypt libgpg-error libdbus" - +RDEPENDS_${PN}-wpa-supplicant += "libgnutls libgnutls-extra libgcrypt libgpg-error libdbus libnl-3 libnl-genl-3" +RDEPENDS_${PN} = "util/wpa-passphrase util/wpa-cli util/wpa-supplicant" + do_configure () { install -m 0755 ${SRCDIR}/defconfig-gnutls .config } @@ -62,13 +59,9 @@ do_install () { install -d ${D}/${datadir}/dbus-1/system-services install -m 644 ${S}/dbus/*.service ${D}/${datadir}/dbus-1/system-services sed -i -e s:${base_sbindir}:${sbindir}:g ${D}/${datadir}/dbus-1/system-services/*.service - - install -d ${D}/etc/default/volatiles - install -m 0644 ${SRCDIR}/99_wpa_supplicant ${D}/etc/default/volatiles } FILES_${PN} += "${datadir}/dbus-1/system-services/*" -PROVIDES_${PN} = "util/wpa-supplicant" inherit auto-package-utils -AUTO_PACKAGE_UTILS = "wpa_passphrase wpa_cli" +AUTO_PACKAGE_UTILS = "wpa_passphrase wpa_cli wpa_supplicant" diff --git a/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls b/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls index 26e4279..c9e8453 100644 --- a/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls +++ b/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls @@ -75,14 +75,19 @@ #CONFIG_DRIVER_IPW=y # Driver interface for Ralink driver -CONFIG_DRIVER_RALINK=y +#CONFIG_DRIVER_RALINK=y # Driver interface for generic Linux wireless extensions +# Note: WEXT is deprecated in the current Linux kernel version and no new +# functionality is added to it. nl80211-based interface is the new +# replacement for WEXT and its use allows wpa_supplicant to properly control +# the driver to improve existing functionality like roaming and to support new +# functionality. CONFIG_DRIVER_WEXT=y # Driver interface for Linux drivers using the nl80211 kernel interface -#CONFIG_LIBNL20=y -#CONFIG_DRIVER_NL80211=y +CONFIG_LIBNL32=y +CONFIG_DRIVER_NL80211=y # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) #CONFIG_DRIVER_BSD=y @@ -110,10 +115,6 @@ CONFIG_DRIVER_WEXT=y # Driver interface for development testing #CONFIG_DRIVER_TEST=y -# Include client MLME (management frame processing) for test driver -# This can be used to test MLME operations in hostapd with the test interface. -# space. -#CONFIG_CLIENT_MLME=y # Driver interface for wired Ethernet drivers #CONFIG_DRIVER_WIRED=y @@ -124,6 +125,9 @@ CONFIG_DRIVER_WEXT=y # Driver interface for no driver (e.g., WPS ER only) #CONFIG_DRIVER_NONE=y +# Solaris libraries +#LIBS += -lsocket -ldlpi -lnsl +#LIBS_c += -lsocket # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is # included) CONFIG_IEEE8021X_EAPOL=y @@ -161,6 +165,8 @@ CONFIG_EAP_OTP=y # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y +# EAP-pwd (secure authentication using only a password) +#CONFIG_EAP_PWD=y # EAP-PAX #CONFIG_EAP_PAX=y @@ -191,6 +197,13 @@ CONFIG_EAP_LEAP=y # Wi-Fi Protected Setup (WPS) #CONFIG_WPS=y +# Enable WSC 2.0 support +#CONFIG_WPS2=y +# Enable WPS external registrar functionality +#CONFIG_WPS_ER=y +# Disable credentials for an open network by default when acting as a WPS +# registrar. +#CONFIG_WPS_REG_DISABLE_OPEN=y # EAP-IKEv2 #CONFIG_EAP_IKEV2=y @@ -225,6 +238,9 @@ CONFIG_CTRL_IFACE=y # the resulting binary. #CONFIG_READLINE=y +# Include internal line edit mode in wpa_cli. This can be used as a replacement +# for GNU Readline to provide limited command line editing and history support. +#CONFIG_WPA_CLI_EDIT=y # Remove debugging code that is printing out debug message to stdout. # This can be used to reduce the size of the wpa_supplicant considerably # if debugging code is not needed. The size reduction can be around 35% @@ -306,18 +322,17 @@ CONFIG_PEERKEY=y # Select TLS implementation # openssl = OpenSSL (default) -# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) +# gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # none = Empty template -#CONFIG_TLS=openssl +CONFIG_TLS = gnutls -# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. -# You need CONFIG_TLS=gnutls for this to have any effect. Please note that -# even though the core GnuTLS library is released under LGPL, this extra -# library uses GPL and as such, the terms of GPL apply to the combination -# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not -# apply for distribution of the resulting binary. -#CONFIG_GNUTLS_EXTRA=y +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. It should be noted that some existing TLS v1.0 -based +# implementation may not be compatible with TLS v1.1 message (ClientHello is +# sent prior to negotiating which version will be used) +#CONFIG_TLSV11=y # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of @@ -343,11 +358,11 @@ CONFIG_PEERKEY=y # Add support for old DBus control interface # (fi.epitest.hostap.WPASupplicant) -#CONFIG_CTRL_IFACE_DBUS=y +CONFIG_CTRL_IFACE_DBUS=y # Add support for new DBus control interface # (fi.w1.hostap.wpa_supplicant1) -#CONFIG_CTRL_IFACE_DBUS_NEW=y +CONFIG_CTRL_IFACE_DBUS_NEW=y # Add introspection support for new DBus control interface #CONFIG_CTRL_IFACE_DBUS_INTRO=y @@ -378,6 +393,10 @@ CONFIG_PEERKEY=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) #CONFIG_DEBUG_FILE=y +# Send debug messages to syslog instead of stdout +#CONFIG_DEBUG_SYSLOG=y +# Set syslog facility for debug messages +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y @@ -390,7 +409,7 @@ CONFIG_PEERKEY=y # This tracks use of memory allocations and other registrations and reports # incorrect use with a backtrace of call (or allocation) location. #CONFIG_WPA_TRACE=y -# For BSD, comment out these. +# For BSD, uncomment these. #LIBS += -lexecinfo #LIBS_p += -lexecinfo #LIBS_c += -lexecinfo @@ -399,11 +418,47 @@ CONFIG_PEERKEY=y # This enables use of libbfd to get more detailed symbols for the backtraces # generated by CONFIG_WPA_TRACE=y. #CONFIG_WPA_TRACE_BFD=y -# For BSD, comment out these. +# For BSD, uncomment these. #LIBS += -lbfd -liberty -lz #LIBS_p += -lbfd -liberty -lz #LIBS_c += -lbfd -liberty -lz -CONFIG_TLS = gnutls -CONFIG_GNUTLS_EXTRA=y -CONFIG_CTRL_IFACE_DBUS=y -CONFIG_CTRL_IFACE_DBUS_NEW=y + +# wpa_supplicant depends on strong random number generation being available +# from the operating system. os_get_random() function is used to fetch random +# data when needed, e.g., for key generation. On Linux and BSD systems, this +# works by reading /dev/urandom. It should be noted that the OS entropy pool +# needs to be properly initialized before wpa_supplicant is started. This is +# important especially on embedded devices that do not have a hardware random +# number generator and may by default start up with minimal entropy available +# for random number generation. +# +# As a safety net, wpa_supplicant is by default trying to internally collect +# additional entropy for generating random data to mix in with the data fetched +# from the OS. This by itself is not considered to be very strong, but it may +# help in cases where the system pool is not initialized properly. However, it +# is very strongly recommended that the system pool is initialized with enough +# entropy either by using hardware assisted random number generator or by +# storing state over device reboots. +# +# wpa_supplicant can be configured to maintain its own entropy store over +# restarts to enhance random number generation. This is not perfect, but it is +# much more secure than using the same sequence of random numbers after every +# reboot. This can be enabled with -e<entropy file> command line option. The +# specified file needs to be readable and writable by wpa_supplicant. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal wpa_supplicant random pool can be +# disabled. This will save some in binary size and CPU use. However, this +# should only be considered for builds that are known to be used on devices +# that meet the requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# IEEE 802.11n (High Throughput) support (mainly for AP mode) +#CONFIG_IEEE80211N=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +#CONFIG_INTERWORKING=y