diff --git a/recipes/wpa-supplicant/wpa-supplicant-1.0.inc b/recipes/wpa-supplicant/wpa-supplicant-1.0.inc index 0a243c1..0fd4cc4 100644 --- a/recipes/wpa-supplicant/wpa-supplicant-1.0.inc +++ b/recipes/wpa-supplicant/wpa-supplicant-1.0.inc @@ -15,17 +15,14 @@ SRC_URI = "http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://wpa-supplicant.sh \ file://wpa_supplicant.conf \ file://wpa_supplicant.conf-sane \ - file://99_wpa_supplicant \ " -export DBUS_LIBS="-ldbus-1" -export DBUS_INCLUDE="" - S = "${SRCDIR}/wpa_supplicant-${PV}/wpa_supplicant" RDEPENDS_${PN}-wpa-passphrase += "libgcrypt" -RDEPENDS_${PN} += "libgnutls libgnutls-extra libgcrypt libgpg-error libdbus" - +RDEPENDS_${PN}-wpa-supplicant += "libgnutls libgnutls-extra libgcrypt libgpg-error libdbus libnl-3 libnl-genl-3" +RDEPENDS_${PN} = "util/wpa-passphrase util/wpa-cli util/wpa-supplicant" + do_configure () { install -m 0755 ${SRCDIR}/defconfig-gnutls .config } @@ -62,13 +59,9 @@ do_install () { install -d ${D}/${datadir}/dbus-1/system-services install -m 644 ${S}/dbus/*.service ${D}/${datadir}/dbus-1/system-services sed -i -e s:${base_sbindir}:${sbindir}:g ${D}/${datadir}/dbus-1/system-services/*.service - - install -d ${D}/etc/default/volatiles - install -m 0644 ${SRCDIR}/99_wpa_supplicant ${D}/etc/default/volatiles } FILES_${PN} += "${datadir}/dbus-1/system-services/*" -PROVIDES_${PN} = "util/wpa-supplicant" inherit auto-package-utils -AUTO_PACKAGE_UTILS = "wpa_passphrase wpa_cli" +AUTO_PACKAGE_UTILS = "wpa_passphrase wpa_cli wpa_supplicant" diff --git a/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls b/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls index 26e4279..c9e8453 100644 --- a/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls +++ b/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls @@ -75,14 +75,19 @@ #CONFIG_DRIVER_IPW=y # Driver interface for Ralink driver -CONFIG_DRIVER_RALINK=y +#CONFIG_DRIVER_RALINK=y # Driver interface for generic Linux wireless extensions +# Note: WEXT is deprecated in the current Linux kernel version and no new +# functionality is added to it. nl80211-based interface is the new +# replacement for WEXT and its use allows wpa_supplicant to properly control +# the driver to improve existing functionality like roaming and to support new +# functionality. CONFIG_DRIVER_WEXT=y # Driver interface for Linux drivers using the nl80211 kernel interface -#CONFIG_LIBNL20=y -#CONFIG_DRIVER_NL80211=y +CONFIG_LIBNL32=y +CONFIG_DRIVER_NL80211=y # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) #CONFIG_DRIVER_BSD=y @@ -110,10 +115,6 @@ CONFIG_DRIVER_WEXT=y # Driver interface for development testing #CONFIG_DRIVER_TEST=y -# Include client MLME (management frame processing) for test driver -# This can be used to test MLME operations in hostapd with the test interface. -# space. -#CONFIG_CLIENT_MLME=y # Driver interface for wired Ethernet drivers #CONFIG_DRIVER_WIRED=y @@ -124,6 +125,9 @@ CONFIG_DRIVER_WEXT=y # Driver interface for no driver (e.g., WPS ER only) #CONFIG_DRIVER_NONE=y +# Solaris libraries +#LIBS += -lsocket -ldlpi -lnsl +#LIBS_c += -lsocket # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is # included) CONFIG_IEEE8021X_EAPOL=y @@ -161,6 +165,8 @@ CONFIG_EAP_OTP=y # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y +# EAP-pwd (secure authentication using only a password) +#CONFIG_EAP_PWD=y # EAP-PAX #CONFIG_EAP_PAX=y @@ -191,6 +197,13 @@ CONFIG_EAP_LEAP=y # Wi-Fi Protected Setup (WPS) #CONFIG_WPS=y +# Enable WSC 2.0 support +#CONFIG_WPS2=y +# Enable WPS external registrar functionality +#CONFIG_WPS_ER=y +# Disable credentials for an open network by default when acting as a WPS +# registrar. +#CONFIG_WPS_REG_DISABLE_OPEN=y # EAP-IKEv2 #CONFIG_EAP_IKEV2=y @@ -225,6 +238,9 @@ CONFIG_CTRL_IFACE=y # the resulting binary. #CONFIG_READLINE=y +# Include internal line edit mode in wpa_cli. This can be used as a replacement +# for GNU Readline to provide limited command line editing and history support. +#CONFIG_WPA_CLI_EDIT=y # Remove debugging code that is printing out debug message to stdout. # This can be used to reduce the size of the wpa_supplicant considerably # if debugging code is not needed. The size reduction can be around 35% @@ -306,18 +322,17 @@ CONFIG_PEERKEY=y # Select TLS implementation # openssl = OpenSSL (default) -# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) +# gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # none = Empty template -#CONFIG_TLS=openssl +CONFIG_TLS = gnutls -# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. -# You need CONFIG_TLS=gnutls for this to have any effect. Please note that -# even though the core GnuTLS library is released under LGPL, this extra -# library uses GPL and as such, the terms of GPL apply to the combination -# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not -# apply for distribution of the resulting binary. -#CONFIG_GNUTLS_EXTRA=y +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. It should be noted that some existing TLS v1.0 -based +# implementation may not be compatible with TLS v1.1 message (ClientHello is +# sent prior to negotiating which version will be used) +#CONFIG_TLSV11=y # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of @@ -343,11 +358,11 @@ CONFIG_PEERKEY=y # Add support for old DBus control interface # (fi.epitest.hostap.WPASupplicant) -#CONFIG_CTRL_IFACE_DBUS=y +CONFIG_CTRL_IFACE_DBUS=y # Add support for new DBus control interface # (fi.w1.hostap.wpa_supplicant1) -#CONFIG_CTRL_IFACE_DBUS_NEW=y +CONFIG_CTRL_IFACE_DBUS_NEW=y # Add introspection support for new DBus control interface #CONFIG_CTRL_IFACE_DBUS_INTRO=y @@ -378,6 +393,10 @@ CONFIG_PEERKEY=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) #CONFIG_DEBUG_FILE=y +# Send debug messages to syslog instead of stdout +#CONFIG_DEBUG_SYSLOG=y +# Set syslog facility for debug messages +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y @@ -390,7 +409,7 @@ CONFIG_PEERKEY=y # This tracks use of memory allocations and other registrations and reports # incorrect use with a backtrace of call (or allocation) location. #CONFIG_WPA_TRACE=y -# For BSD, comment out these. +# For BSD, uncomment these. #LIBS += -lexecinfo #LIBS_p += -lexecinfo #LIBS_c += -lexecinfo @@ -399,11 +418,47 @@ CONFIG_PEERKEY=y # This enables use of libbfd to get more detailed symbols for the backtraces # generated by CONFIG_WPA_TRACE=y. #CONFIG_WPA_TRACE_BFD=y -# For BSD, comment out these. +# For BSD, uncomment these. #LIBS += -lbfd -liberty -lz #LIBS_p += -lbfd -liberty -lz #LIBS_c += -lbfd -liberty -lz -CONFIG_TLS = gnutls -CONFIG_GNUTLS_EXTRA=y -CONFIG_CTRL_IFACE_DBUS=y -CONFIG_CTRL_IFACE_DBUS_NEW=y + +# wpa_supplicant depends on strong random number generation being available +# from the operating system. os_get_random() function is used to fetch random +# data when needed, e.g., for key generation. On Linux and BSD systems, this +# works by reading /dev/urandom. It should be noted that the OS entropy pool +# needs to be properly initialized before wpa_supplicant is started. This is +# important especially on embedded devices that do not have a hardware random +# number generator and may by default start up with minimal entropy available +# for random number generation. +# +# As a safety net, wpa_supplicant is by default trying to internally collect +# additional entropy for generating random data to mix in with the data fetched +# from the OS. This by itself is not considered to be very strong, but it may +# help in cases where the system pool is not initialized properly. However, it +# is very strongly recommended that the system pool is initialized with enough +# entropy either by using hardware assisted random number generator or by +# storing state over device reboots. +# +# wpa_supplicant can be configured to maintain its own entropy store over +# restarts to enhance random number generation. This is not perfect, but it is +# much more secure than using the same sequence of random numbers after every +# reboot. This can be enabled with -e command line option. The +# specified file needs to be readable and writable by wpa_supplicant. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal wpa_supplicant random pool can be +# disabled. This will save some in binary size and CPU use. However, this +# should only be considered for builds that are known to be used on devices +# that meet the requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# IEEE 802.11n (High Throughput) support (mainly for AP mode) +#CONFIG_IEEE80211N=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +#CONFIG_INTERWORKING=y