From patchwork Wed Nov 21 22:36:04 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Morten Svendsen X-Patchwork-Id: 200879 X-Patchwork-Delegate: esben@haabendal.dk Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from hugin.dotsrc.org (hugin.dotsrc.org [130.225.254.102]) by ozlabs.org (Postfix) with ESMTP id C780F2C0098 for ; Thu, 22 Nov 2012 09:36:13 +1100 (EST) Received: from hugin.dotsrc.org (localhost [127.0.0.1]) by hugin.dotsrc.org (Postfix) with ESMTP id 5EB273FCCC for ; Wed, 21 Nov 2012 23:36:12 +0100 (CET) X-Original-To: dev@oe-lite.org Delivered-To: dev@oe-lite.org Received: from mail02.prevas.se (mail02.prevas.se [62.95.78.10]) by hugin.dotsrc.org (Postfix) with ESMTPS id BA4713FBFE for ; Wed, 21 Nov 2012 23:36:10 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=prevas.dk; i=@prevas.dk; l=10055; q=dns/txt; s=ironport2; t=1353537370; x=1385073370; h=from:to:subject:date:message-id; bh=iJMMMbP3Vu9LVi8e6YCfnzZfe9uL9cVD2Ga50fM+9JY=; b=RaihWTD+yYDiZzih0p59uG3OIezrf347TciwhaAYyEZ69ao7I7bi3u8j b5ACqmIVtpWNEtUyLpijA737pg0OO+3bnmFnR/u3fJNaC+kzBHKcQj8M7 5b3P91u0lPBICQC; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhcGAJJWrVBfpsIb/2dsb2JhbABEtVGMXHOCHwEFgQk7CwtXiCoHsHeOQ4xJgSmDJQOVfoEciCyGeYJwgVo X-IronPort-AV: E=Sophos;i="4.83,295,1352070000"; d="scan'208";a="1830200" Received: from 0128800289.0.fullrate.dk (HELO localhost.localdomain) ([95.166.194.27]) by mail02.prevas.se with ESMTP/TLS/DHE-RSA-AES256-SHA; 21 Nov 2012 23:36:09 +0100 From: Morten Thunberg Svendsen To: dev@oe-lite.org Subject: [PATCH 11/12] wpa_supplicant: Remove not needed DBUS exports, Add wpa_supplicant to autopackage utils, and let PN contain configuration files and dependencies on the utils. Update the defconfig file to match the 1.0 release. Date: Wed, 21 Nov 2012 23:36:04 +0100 Message-Id: <3a2ba2a70068bc9fa1c9b05eb04274873c3ad2b6.1353493728.git.Morten.ThunbergSvendsen@prevas.dk> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: References: In-Reply-To: References: X-BeenThere: dev@oe-lite.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: OE-lite development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: dev-bounces@oe-lite.org Errors-To: dev-bounces@oe-lite.org --- recipes/wpa-supplicant/wpa-supplicant-1.0.inc | 15 +-- .../wpa-supplicant-1.0/defconfig-gnutls | 103 +++++++++++++++----- 2 files changed, 83 insertions(+), 35 deletions(-) diff --git a/recipes/wpa-supplicant/wpa-supplicant-1.0.inc b/recipes/wpa-supplicant/wpa-supplicant-1.0.inc index 0a243c1..0fd4cc4 100644 --- a/recipes/wpa-supplicant/wpa-supplicant-1.0.inc +++ b/recipes/wpa-supplicant/wpa-supplicant-1.0.inc @@ -15,17 +15,14 @@ SRC_URI = "http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://wpa-supplicant.sh \ file://wpa_supplicant.conf \ file://wpa_supplicant.conf-sane \ - file://99_wpa_supplicant \ " -export DBUS_LIBS="-ldbus-1" -export DBUS_INCLUDE="" - S = "${SRCDIR}/wpa_supplicant-${PV}/wpa_supplicant" RDEPENDS_${PN}-wpa-passphrase += "libgcrypt" -RDEPENDS_${PN} += "libgnutls libgnutls-extra libgcrypt libgpg-error libdbus" - +RDEPENDS_${PN}-wpa-supplicant += "libgnutls libgnutls-extra libgcrypt libgpg-error libdbus libnl-3 libnl-genl-3" +RDEPENDS_${PN} = "util/wpa-passphrase util/wpa-cli util/wpa-supplicant" + do_configure () { install -m 0755 ${SRCDIR}/defconfig-gnutls .config } @@ -62,13 +59,9 @@ do_install () { install -d ${D}/${datadir}/dbus-1/system-services install -m 644 ${S}/dbus/*.service ${D}/${datadir}/dbus-1/system-services sed -i -e s:${base_sbindir}:${sbindir}:g ${D}/${datadir}/dbus-1/system-services/*.service - - install -d ${D}/etc/default/volatiles - install -m 0644 ${SRCDIR}/99_wpa_supplicant ${D}/etc/default/volatiles } FILES_${PN} += "${datadir}/dbus-1/system-services/*" -PROVIDES_${PN} = "util/wpa-supplicant" inherit auto-package-utils -AUTO_PACKAGE_UTILS = "wpa_passphrase wpa_cli" +AUTO_PACKAGE_UTILS = "wpa_passphrase wpa_cli wpa_supplicant" diff --git a/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls b/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls index 26e4279..c9e8453 100644 --- a/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls +++ b/recipes/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls @@ -75,14 +75,19 @@ #CONFIG_DRIVER_IPW=y # Driver interface for Ralink driver -CONFIG_DRIVER_RALINK=y +#CONFIG_DRIVER_RALINK=y # Driver interface for generic Linux wireless extensions +# Note: WEXT is deprecated in the current Linux kernel version and no new +# functionality is added to it. nl80211-based interface is the new +# replacement for WEXT and its use allows wpa_supplicant to properly control +# the driver to improve existing functionality like roaming and to support new +# functionality. CONFIG_DRIVER_WEXT=y # Driver interface for Linux drivers using the nl80211 kernel interface -#CONFIG_LIBNL20=y -#CONFIG_DRIVER_NL80211=y +CONFIG_LIBNL32=y +CONFIG_DRIVER_NL80211=y # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) #CONFIG_DRIVER_BSD=y @@ -110,10 +115,6 @@ CONFIG_DRIVER_WEXT=y # Driver interface for development testing #CONFIG_DRIVER_TEST=y -# Include client MLME (management frame processing) for test driver -# This can be used to test MLME operations in hostapd with the test interface. -# space. -#CONFIG_CLIENT_MLME=y # Driver interface for wired Ethernet drivers #CONFIG_DRIVER_WIRED=y @@ -124,6 +125,9 @@ CONFIG_DRIVER_WEXT=y # Driver interface for no driver (e.g., WPS ER only) #CONFIG_DRIVER_NONE=y +# Solaris libraries +#LIBS += -lsocket -ldlpi -lnsl +#LIBS_c += -lsocket # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is # included) CONFIG_IEEE8021X_EAPOL=y @@ -161,6 +165,8 @@ CONFIG_EAP_OTP=y # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y +# EAP-pwd (secure authentication using only a password) +#CONFIG_EAP_PWD=y # EAP-PAX #CONFIG_EAP_PAX=y @@ -191,6 +197,13 @@ CONFIG_EAP_LEAP=y # Wi-Fi Protected Setup (WPS) #CONFIG_WPS=y +# Enable WSC 2.0 support +#CONFIG_WPS2=y +# Enable WPS external registrar functionality +#CONFIG_WPS_ER=y +# Disable credentials for an open network by default when acting as a WPS +# registrar. +#CONFIG_WPS_REG_DISABLE_OPEN=y # EAP-IKEv2 #CONFIG_EAP_IKEV2=y @@ -225,6 +238,9 @@ CONFIG_CTRL_IFACE=y # the resulting binary. #CONFIG_READLINE=y +# Include internal line edit mode in wpa_cli. This can be used as a replacement +# for GNU Readline to provide limited command line editing and history support. +#CONFIG_WPA_CLI_EDIT=y # Remove debugging code that is printing out debug message to stdout. # This can be used to reduce the size of the wpa_supplicant considerably # if debugging code is not needed. The size reduction can be around 35% @@ -306,18 +322,17 @@ CONFIG_PEERKEY=y # Select TLS implementation # openssl = OpenSSL (default) -# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) +# gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # none = Empty template -#CONFIG_TLS=openssl +CONFIG_TLS = gnutls -# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. -# You need CONFIG_TLS=gnutls for this to have any effect. Please note that -# even though the core GnuTLS library is released under LGPL, this extra -# library uses GPL and as such, the terms of GPL apply to the combination -# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not -# apply for distribution of the resulting binary. -#CONFIG_GNUTLS_EXTRA=y +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. It should be noted that some existing TLS v1.0 -based +# implementation may not be compatible with TLS v1.1 message (ClientHello is +# sent prior to negotiating which version will be used) +#CONFIG_TLSV11=y # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of @@ -343,11 +358,11 @@ CONFIG_PEERKEY=y # Add support for old DBus control interface # (fi.epitest.hostap.WPASupplicant) -#CONFIG_CTRL_IFACE_DBUS=y +CONFIG_CTRL_IFACE_DBUS=y # Add support for new DBus control interface # (fi.w1.hostap.wpa_supplicant1) -#CONFIG_CTRL_IFACE_DBUS_NEW=y +CONFIG_CTRL_IFACE_DBUS_NEW=y # Add introspection support for new DBus control interface #CONFIG_CTRL_IFACE_DBUS_INTRO=y @@ -378,6 +393,10 @@ CONFIG_PEERKEY=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) #CONFIG_DEBUG_FILE=y +# Send debug messages to syslog instead of stdout +#CONFIG_DEBUG_SYSLOG=y +# Set syslog facility for debug messages +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y @@ -390,7 +409,7 @@ CONFIG_PEERKEY=y # This tracks use of memory allocations and other registrations and reports # incorrect use with a backtrace of call (or allocation) location. #CONFIG_WPA_TRACE=y -# For BSD, comment out these. +# For BSD, uncomment these. #LIBS += -lexecinfo #LIBS_p += -lexecinfo #LIBS_c += -lexecinfo @@ -399,11 +418,47 @@ CONFIG_PEERKEY=y # This enables use of libbfd to get more detailed symbols for the backtraces # generated by CONFIG_WPA_TRACE=y. #CONFIG_WPA_TRACE_BFD=y -# For BSD, comment out these. +# For BSD, uncomment these. #LIBS += -lbfd -liberty -lz #LIBS_p += -lbfd -liberty -lz #LIBS_c += -lbfd -liberty -lz -CONFIG_TLS = gnutls -CONFIG_GNUTLS_EXTRA=y -CONFIG_CTRL_IFACE_DBUS=y -CONFIG_CTRL_IFACE_DBUS_NEW=y + +# wpa_supplicant depends on strong random number generation being available +# from the operating system. os_get_random() function is used to fetch random +# data when needed, e.g., for key generation. On Linux and BSD systems, this +# works by reading /dev/urandom. It should be noted that the OS entropy pool +# needs to be properly initialized before wpa_supplicant is started. This is +# important especially on embedded devices that do not have a hardware random +# number generator and may by default start up with minimal entropy available +# for random number generation. +# +# As a safety net, wpa_supplicant is by default trying to internally collect +# additional entropy for generating random data to mix in with the data fetched +# from the OS. This by itself is not considered to be very strong, but it may +# help in cases where the system pool is not initialized properly. However, it +# is very strongly recommended that the system pool is initialized with enough +# entropy either by using hardware assisted random number generator or by +# storing state over device reboots. +# +# wpa_supplicant can be configured to maintain its own entropy store over +# restarts to enhance random number generation. This is not perfect, but it is +# much more secure than using the same sequence of random numbers after every +# reboot. This can be enabled with -e command line option. The +# specified file needs to be readable and writable by wpa_supplicant. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal wpa_supplicant random pool can be +# disabled. This will save some in binary size and CPU use. However, this +# should only be considered for builds that are known to be used on devices +# that meet the requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# IEEE 802.11n (High Throughput) support (mainly for AP mode) +#CONFIG_IEEE80211N=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +#CONFIG_INTERWORKING=y