1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-02 10:31:36 +00:00
nixpkgs/pkgs/os-specific/linux/hostapd/default.nix
Jonathan Ringer 9bb3fccb5b treewide: pkgs.pkgconfig -> pkgs.pkg-config, move pkgconfig to alias.nix
continuation of #109595

pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.

python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
2021-01-19 01:16:25 -08:00

106 lines
3.6 KiB
Nix

{ lib, stdenv, fetchurl, pkg-config, libnl, openssl, sqlite ? null }:
stdenv.mkDerivation rec {
pname = "hostapd";
version = "2.9";
src = fetchurl {
url = "https://w1.fi/releases/${pname}-${version}.tar.gz";
sha256 = "1mrbvg4v7vm7mknf0n29mf88k3s4a4qj6r4d51wq8hmjj1m7s7c8";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libnl openssl sqlite ];
patches = [
(fetchurl {
# Note: fetchurl seems to be unhappy with openwrt git
# server's URLs containing semicolons. Using the github mirror instead.
url = "https://raw.githubusercontent.com/openwrt/openwrt/master/package/network/services/hostapd/patches/300-noscan.patch";
sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k";
})
# AP mode PMF disconnection protection bypass (CVE.2019-16275), can be removed >= 2.10
# https://w1.fi/security/2019-7/
(fetchurl {
name = "CVE-2019-16275.patch";
url = "https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch";
sha256 = "15xjyy7crb557wxpx898b5lnyblxghlij0xby5lmj9hpwwss34dz";
})
# Fixes for UPnP SUBSCRIBE misbehavior in hostapd WPS AP (CVE-2020-12695), can be removed >= 2.10
# https://w1.fi/security/2020-1/
(fetchurl {
name = "CVE-2020-12695_0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch";
url = "https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch";
sha256 = "1mrbhicqb34jlw1nid5hk2vnjbvfhvp7r5iblaj4l6vgc6fmp6id";
})
(fetchurl {
name = "CVE-2020-12695_0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch";
url = "https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch";
sha256 = "1pk08b06b24is50bis3rr56xjd3b5kxdcdk8bx39n9vna9db7zj9";
})
(fetchurl {
name = "CVE-2020-12695_0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch";
url = "https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch";
sha256 = "12npqp2skgrj934wwkqicgqksma0fxz09di29n1b5fm5i4njl8d8";
})
];
outputs = [ "out" "man" ];
extraConfig = ''
CONFIG_DRIVER_WIRED=y
CONFIG_LIBNL32=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PWD=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_FAST=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_TNC=y
CONFIG_EAP_EKE=y
CONFIG_RADIUS_SERVER=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211N=y
CONFIG_IEEE80211AC=y
CONFIG_FULL_DYNAMIC_VLAN=y
CONFIG_VLAN_NETLINK=y
CONFIG_TLS=openssl
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_INTERNETWORKING=y
CONFIG_HS20=y
CONFIG_ACS=y
CONFIG_GETRANDOM=y
'' + lib.optionalString (sqlite != null) ''
CONFIG_SQLITE=y
'';
configurePhase = ''
cd hostapd
cp -v defconfig .config
echo "$extraConfig" >> .config
cat -n .config
substituteInPlace Makefile --replace /usr/local $out
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE $(pkg-config --cflags libnl-3.0)"
'';
preInstall = "mkdir -p $out/bin";
postInstall = ''
install -vD hostapd.8 -t $man/share/man/man8
install -vD hostapd_cli.1 -t $man/share/man/man1
'';
meta = with lib; {
homepage = "https://hostap.epitest.fi";
repositories.git = "git://w1.fi/hostap.git";
description = "A user space daemon for access point and authentication servers";
license = licenses.gpl2;
maintainers = with maintainers; [ phreedom ninjatrappeur hexa ];
platforms = platforms.linux;
};
}