ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

182
pkgs/os-specific/linux/wpa_supplicant/default.nix Normal file
View File

@@ -0,0 +1,182 @@
{
lib,
stdenv,
fetchurl,
fetchpatch,
openssl,
pkg-config,
libnl,
nixosTests,
wpa_supplicant_gui,
dbusSupport ? !stdenv.hostPlatform.isStatic,
dbus,
withReadline ? true,
readline,
withPcsclite ? !stdenv.hostPlatform.isStatic,
pcsclite,
}:
stdenv.mkDerivation rec {
version = "2.11";
pname = "wpa_supplicant";
src = fetchurl {
url = "https://w1.fi/releases/${pname}-${version}.tar.gz";
sha256 = "sha256-kS6gb3TjCo42+7aAZNbN/yGNjVkdsPxddd7myBrH/Ao=";
};
patches = [
(fetchpatch {
name = "revert-change-breaking-auth-broadcom.patch";
url = "https://w1.fi/cgit/hostap/patch/?id=41638606054a09867fe3f9a2b5523aa4678cbfa5";
hash = "sha256-X6mBbj7BkW66aYeSCiI3JKBJv10etLQxaTRfRgwsFmM=";
revert = true;
})
./unsurprising-ext-password.patch
./multiple-configs.patch
(fetchpatch {
name = "suppress-ctrl-event-signal-change.patch";
url = "https://w1.fi/cgit/hostap/patch/?id=c330b5820eefa8e703dbce7278c2a62d9c69166a";
hash = "sha256-5ti5OzgnZUFznjU8YH8Cfktrj4YBzsbbrEbNvec+ppQ=";
})
(fetchpatch {
name = "ensure-full-key-match";
url = "https://git.w1.fi/cgit/hostap/patch/?id=1ce37105da371c8b9cf3f349f78f5aac77d40836";
hash = "sha256-leCk0oexNBZyVK5Q5gR4ZcgWxa0/xt/aU+DssTa0UwE=";
})
];
# TODO: Patch epoll so that the dbus actually responds
# TODO: Figure out how to get privsep working, currently getting SIGBUS
extraConfig = ''
#CONFIG_ELOOP_EPOLL=y
#CONFIG_PRIVSEP=y
#CONFIG_TLSV12=y see #8332
CONFIG_AP=y
CONFIG_BGSCAN_LEARN=y
CONFIG_BGSCAN_SIMPLE=y
CONFIG_DEBUG_SYSLOG=y
CONFIG_EAP_EKE=y
CONFIG_EAP_FAST=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PWD=y
CONFIG_EAP_SAKE=y
CONFIG_ELOOP=eloop
CONFIG_EXT_PASSWORD_FILE=y
CONFIG_HS20=y
CONFIG_HT_OVERRIDES=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_IEEE80211BE=y
CONFIG_IEEE80211N=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211W=y
CONFIG_INTERNETWORKING=y
CONFIG_L2_PACKET=linux
CONFIG_LIBNL32=y
CONFIG_MESH=y
CONFIG_OWE=y
CONFIG_P2P=y
CONFIG_SAE_PK=y
CONFIG_TDLS=y
CONFIG_TLS=openssl
CONFIG_TLSV11=y
CONFIG_VHT_OVERRIDES=y
CONFIG_WNM=y
CONFIG_WPS=y
CONFIG_WPS_ER=y
CONFIG_WPS_NFS=y
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
''
+ lib.optionalString withPcsclite ''
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_PCSC=y
''
+ lib.optionalString dbusSupport ''
CONFIG_CTRL_IFACE_DBUS=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
''
# Upstream uses conditionals based on ifdef, so opposite of =y is
# not =n, as one may expect, but undefine.
#
# This config is sourced into makefile.
+ lib.optionalString (!dbusSupport) ''
undefine CONFIG_CTRL_IFACE_DBUS
undefine CONFIG_CTRL_IFACE_DBUS_NEW
undefine CONFIG_CTRL_IFACE_DBUS_INTRO
''
+ (
if withReadline then
''
CONFIG_READLINE=y
''
else
''
CONFIG_WPA_CLI_EDIT=y
''
);
preBuild = ''
for manpage in wpa_supplicant/doc/docbook/wpa_supplicant.conf* ; do
substituteInPlace "$manpage" --replace /usr/share/doc $out/share/doc
done
cd wpa_supplicant
cp -v defconfig .config
echo "$extraConfig" >> .config
cat -n .config
substituteInPlace Makefile --replace /usr/local $out
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE \
-I$(echo "${lib.getDev libnl}"/include/libnl*/) \
${lib.optionalString withPcsclite "-I${lib.getDev pcsclite}/include/PCSC/"}"
'';
buildInputs = [
openssl
libnl
]
++ lib.optional dbusSupport dbus
++ lib.optional withReadline readline
++ lib.optional withPcsclite pcsclite;
nativeBuildInputs = [ pkg-config ];
postInstall = ''
mkdir -p $out/share/man/man5 $out/share/man/man8
cp -v "doc/docbook/"*.5 $out/share/man/man5/
cp -v "doc/docbook/"*.8 $out/share/man/man8/
''
+ lib.optionalString dbusSupport ''
mkdir -p $out/share/dbus-1/system.d $out/share/dbus-1/system-services $out/etc/systemd/system
cp -v "dbus/"*service $out/share/dbus-1/system-services
cp -v dbus/dbus-wpa_supplicant.conf $out/share/dbus-1/system.d
cp -v "systemd/"*.service $out/etc/systemd/system
''
+ ''
rm $out/share/man/man8/wpa_priv.8
install -Dm444 wpa_supplicant.conf $out/share/doc/wpa_supplicant/wpa_supplicant.conf.example
'';
passthru.tests = {
inherit (nixosTests) wpa_supplicant;
inherit wpa_supplicant_gui; # inherits the src+version updates
};
meta = with lib; {
homepage = "https://w1.fi/wpa_supplicant/";
description = "Tool for connecting to WPA and WPA2-protected wireless networks";
license = licenses.bsd3;
maintainers = with maintainers; [
marcweber
ma27
];
platforms = platforms.linux;
};
}

44
pkgs/os-specific/linux/wpa_supplicant/gui.nix Normal file
View File

@@ -0,0 +1,44 @@
{
lib,
mkDerivation,
qtbase,
qmake,
inkscape,
imagemagick,
wpa_supplicant,
}:
mkDerivation {
pname = "wpa_gui";
inherit (wpa_supplicant) version src;
buildInputs = [ qtbase ];
nativeBuildInputs = [
qmake
inkscape
imagemagick
];
postPatch = ''
cd wpa_supplicant/wpa_gui-qt4
'';
postBuild = ''
make -C icons
'';
postInstall = ''
mkdir -pv $out/{bin,share/applications,share/icons}
cp -v wpa_gui $out/bin
cp -v wpa_gui.desktop $out/share/applications
cp -av icons/hicolor $out/share/icons
'';
meta = with lib; {
description = "Qt-based GUI for wpa_supplicant";
mainProgram = "wpa_gui";
homepage = "https://hostap.epitest.fi/wpa_supplicant/";
license = licenses.bsd3;
platforms = platforms.linux;
};
}

163
pkgs/os-specific/linux/wpa_supplicant/multiple-configs.patch Normal file
View File

@@ -0,0 +1,163 @@
commit ca4bcfbd9d2233c90080b9ad400bf576db221781
Author: rnhmjoj <rnhmjoj@inventati.org>
Date: Sat Sep 13 13:54:00 2025 +0200
wpa_supplicant: allow multiple config files with -I
This change allows to load multiple addition configuration files in
wpa_supplicant by repeating the -I option.
Signed-off-by: Michele Guerini Rocco <rnhmjoj@inventati.org>
diff --git a/wpa_supplicant/doc/docbook/wpa_supplicant.sgml b/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
index df538e332..71195d0d3 100644
--- a/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
@@ -358,7 +358,8 @@
<varlistentry>
<term>-I filename</term>
<listitem>
- <para>Path to additional configuration file.</para>
+ <para>Path to additional configuration file
+ (can be repeat to add multiple files).</para>
</listitem>
</varlistentry>
diff --git a/wpa_supplicant/main.c b/wpa_supplicant/main.c
index 9229eb51f..ff877f3b9 100644
--- a/wpa_supplicant/main.c
+++ b/wpa_supplicant/main.c
@@ -76,7 +76,7 @@ static void usage(void)
" -G = global ctrl_interface group\n"
" -h = show this help text\n"
" -i = interface name\n"
- " -I = additional configuration file\n"
+ " -I = additional configuration file (can be repeated)\n"
" -K = include keys (passwords, etc.) in debug output\n"
" -L = show license (BSD)\n"
#ifdef CONFIG_P2P
@@ -183,7 +183,8 @@ int main(int argc, char *argv[])
{
int c, i;
struct wpa_interface *ifaces, *iface;
- int iface_count, exitcode = -1;
+ int iface_count, conf_count = 0, exitcode = -1;
+ size_t path_size;
struct wpa_params params;
struct wpa_global *global;
@@ -253,7 +254,15 @@ int main(int argc, char *argv[])
iface->ifname = optarg;
break;
case 'I':
- iface->confanother = optarg;
+ if (conf_count >= 15) {
+ wpa_printf(MSG_ERROR,
+ "too many additional configuration files");
+ goto out;
+ }
+ path_size = 1 + os_strlen(optarg);
+ iface->confanother[conf_count] = os_malloc(path_size);
+ os_memcpy(iface->confanother[conf_count], optarg, path_size);
+ conf_count++;
break;
case 'K':
params.wpa_debug_show_keys++;
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index d45002fd9..af5836ef5 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -675,8 +675,10 @@ static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
os_free(wpa_s->confname);
wpa_s->confname = NULL;
- os_free(wpa_s->confanother);
- wpa_s->confanother = NULL;
+ for (i = 0; wpa_s->confanother[i] != NULL; i++) {
+ os_free(wpa_s->confanother[i]);
+ wpa_s->confanother[i] = NULL;
+ }
os_free(wpa_s->last_con_fail_realm);
wpa_s->last_con_fail_realm = NULL;
@@ -1404,6 +1406,7 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
struct wpa_config *conf;
int reconf_ctrl;
int old_ap_scan;
+ int i;
if (wpa_s->confname == NULL)
return -1;
@@ -1413,12 +1416,14 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
"file '%s' - exiting", wpa_s->confname);
return -1;
}
- if (wpa_s->confanother &&
- !wpa_config_read(wpa_s->confanother, conf, true)) {
- wpa_msg(wpa_s, MSG_ERROR,
- "Failed to parse the configuration file '%s' - exiting",
- wpa_s->confanother);
- return -1;
+
+ for (i = 0; wpa_s->confanother[i] != NULL; i++) {
+ if (!wpa_config_read(wpa_s->confanother[i], conf, true)) {
+ wpa_msg(wpa_s, MSG_ERROR,
+ "Failed to parse the configuration file '%s' - exiting",
+ wpa_s->confanother[i]);
+ return -1;
+ }
}
conf->changed_parameters = (unsigned int) -1;
@@ -7658,13 +7663,16 @@ static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
"configuration '%s'.", wpa_s->confname);
return -1;
}
- wpa_s->confanother = os_rel2abs_path(iface->confanother);
- if (wpa_s->confanother &&
- !wpa_config_read(wpa_s->confanother, wpa_s->conf, true)) {
- wpa_printf(MSG_ERROR,
- "Failed to read or parse configuration '%s'.",
- wpa_s->confanother);
- return -1;
+
+ for (int i = 0; iface->confanother[i] != NULL; i++) {
+ wpa_s->confanother[i] = os_rel2abs_path(iface->confanother[i]);
+ if (wpa_s->confanother[i] &&
+ !wpa_config_read(wpa_s->confanother[i], wpa_s->conf, true)) {
+ wpa_printf(MSG_ERROR,
+ "Failed to read or parse configuration '%s'.",
+ wpa_s->confanother[i]);
+ return -1;
+ }
}
/*
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 2f77413d5..84c009e78 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -66,12 +66,12 @@ struct wpa_interface {
const char *confname;
/**
- * confanother - Additional configuration name (file or profile) name
+ * confanother - Additional configuration names (file or profile) name
*
* This can also be %NULL when the additional configuration file is not
* used.
*/
- const char *confanother;
+ char *confanother[16];
/**
* ctrl_interface - Control interface parameter
@@ -713,7 +713,7 @@ struct wpa_supplicant {
char bridge_ifname[16];
char *confname;
- char *confanother;
+ char *confanother[16];
struct wpa_config *conf;
int countermeasures;

66
pkgs/os-specific/linux/wpa_supplicant/unsurprising-ext-password.patch Normal file
View File

@@ -0,0 +1,66 @@
From e5ac0dd1af48e085bb824082ef3b64afba673ded Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Wed, 18 Sep 2024 13:43:44 +0200
Subject: [PATCH] ext_password_file: do not use wpa_config_get_line
To: hostap@lists.infradead.org
The file-based backed of the ext_password framework uses
`wpa_config_get_line` to read the passwords line-by-line from a file.
This function is meant to parse a single line from the
wpa_supplicant.conf file, so it handles whitespace, quotes and other
characters specially.
Its behavior, however, it's not compatible with the rest of the
ext_password framework implementation. For example, if a passphrase
contains a `#` character it must be quoted to prevent parsing the
remaining characters as an inline comment, but the code handling the
external password in `wpa_supplicant_get_psk` does not handle quotes.
The result is that either it will hash the enclosing quotes, producing a
wrong PSK, or if the passphrase is long enough, fail the length check.
As a consequence, some passphrases are impossible to input correctly.
To solve this and other issues, this patch changes the behaviour of the
`ext_password_file_get` function (which was not documented in details,
at least w.r.t. special characters) to simply treat all characters
literally: including trailing whitespaces (except CR and LF), `#` for
inline comments, etc. Empty lines and full-line comments are still
supported.
Signed-off-by: Michele Guerini Rocco <rnhmjoj@inventati.org>
---
src/utils/ext_password_file.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/utils/ext_password_file.c b/src/utils/ext_password_file.c
index 4bb0095f3..f631ff15c 100644
--- a/src/utils/ext_password_file.c
+++ b/src/utils/ext_password_file.c
@@ -9,7 +9,6 @@
#include "includes.h"
#include "utils/common.h"
-#include "utils/config.h"
#include "ext_password_i.h"
@@ -97,7 +96,16 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name)
wpa_printf(MSG_DEBUG, "EXT PW FILE: get(%s)", name);
- while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) {
+ while ((pos = fgets(buf, sizeof(buf), f))) {
+ line++;
+
+ /* Strip newline characters */
+ pos[strcspn(pos, "\r\n")] = 0;
+
+ /* Skip comments and empty lines */
+ if (*pos == '#' || *pos == '\0')
+ continue;
+
char *sep = os_strchr(pos, '=');
if (!sep) {
--
2.44.1