diff options
Diffstat (limited to 'testing')
-rw-r--r-- | testing/cryptsetup/PKGBUILD | 35 | ||||
-rw-r--r-- | testing/cryptsetup/encrypt_hook | 138 | ||||
-rw-r--r-- | testing/cryptsetup/encrypt_install | 44 | ||||
-rw-r--r-- | testing/libnl/PKGBUILD | 30 | ||||
-rw-r--r-- | testing/libpcap/PKGBUILD | 41 | ||||
-rw-r--r-- | testing/libpcap/libnl32.patch | 19 | ||||
-rw-r--r-- | testing/openldap/slapd.tmpfiles | 1 | ||||
-rw-r--r-- | testing/wpa_supplicant/PKGBUILD | 56 | ||||
-rw-r--r-- | testing/wpa_supplicant/config | 468 | ||||
-rw-r--r-- | testing/wpa_supplicant/hostap_allow-linking-with-libnl-3.2.patch | 12 | ||||
-rw-r--r-- | testing/wpa_supplicant_gui/PKGBUILD | 32 | ||||
-rw-r--r-- | testing/wpa_supplicant_gui/compile-fix.patch | 14 |
12 files changed, 890 insertions, 0 deletions
diff --git a/testing/cryptsetup/PKGBUILD b/testing/cryptsetup/PKGBUILD new file mode 100644 index 000000000..e089b8055 --- /dev/null +++ b/testing/cryptsetup/PKGBUILD @@ -0,0 +1,35 @@ +# $Id: PKGBUILD 162353 2012-06-25 18:43:44Z thomas $ +# Maintainer: Thomas Bächler <thomas@archlinux.org> +pkgname=cryptsetup +pkgver=1.4.3 +pkgrel=1 +pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt" +arch=(i686 x86_64) +license=('GPL') +url="http://code.google.com/p/cryptsetup/" +groups=('base') +depends=('device-mapper>=2.02.85-2' 'libgcrypt' 'popt' 'util-linux') +conflicts=('mkinitcpio<0.7') +options=('!libtool' '!emptydirs') +source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2 + http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc + encrypt_hook + encrypt_install) +sha256sums=('d5ff2c00f6f791d77fa5636a02ae43ddbb46c6c793bdeafdec5e38fd15f99d0a' + 'ad610fe77d78bf7e91b7473f9d9c84de46ed1cc21f006fe3ae4791b0b6f42f3a' + 'e0cbcabb81233b4d465833dca0faf1e762dc3cb6611597a25fe24e5d7209f316' + 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae') + +build() { + cd "${srcdir}"/$pkgname-${pkgver} + ./configure --prefix=/usr --disable-static + make +} + +package() { + cd "${srcdir}"/$pkgname-${pkgver} + make DESTDIR="${pkgdir}" install + # install hook + install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt + install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt +} diff --git a/testing/cryptsetup/encrypt_hook b/testing/cryptsetup/encrypt_hook new file mode 100644 index 000000000..372b7ba57 --- /dev/null +++ b/testing/cryptsetup/encrypt_hook @@ -0,0 +1,138 @@ +#!/usr/bin/ash + +run_hook() { + modprobe -a -q dm-crypt >/dev/null 2>&1 + [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" + + # Get keyfile if specified + ckeyfile="/crypto_keyfile.bin" + if [ -n "$cryptkey" ]; then + IFS=: read ckdev ckarg1 ckarg2 <<EOF +$cryptkey +EOF + + if resolved=$(resolve_device "${ckdev}" ${rootdelay}); then + case ${ckarg1} in + *[!0-9]*) + # Use a file on the device + # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path + mkdir /ckey + mount -r -t "$ckarg1" "$resolved" /ckey + dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1 + umount /ckey + ;; + *) + # Read raw data from the block device + # ckarg1 is numeric: ckarg1=offset, ckarg2=length + dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1 + ;; + esac + fi + [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase." + fi + + if [ -n "${cryptdevice}" ]; then + DEPRECATED_CRYPT=0 + IFS=: read cryptdev cryptname cryptoptions <<EOF +$cryptdevice +EOF + else + DEPRECATED_CRYPT=1 + cryptdev="${root}" + cryptname="root" + fi + + warn_deprecated() { + echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated" + echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead." + } + + for cryptopt in ${cryptoptions//,/ }; do + case ${cryptopt} in + allow-discards) + echo "Enabling TRIM/discard support." + cryptargs="${cryptargs} --allow-discards" + ;; + *) + echo "Encryption option '${cryptopt}' not known, ignoring." >&2 + ;; + esac + done + + if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then + if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then + [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated + dopassphrase=1 + # If keyfile exists, try to use that + if [ -f ${ckeyfile} ]; then + if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then + dopassphrase=0 + else + echo "Invalid keyfile. Reverting to passphrase." + fi + fi + # Ask for a passphrase + if [ ${dopassphrase} -gt 0 ]; then + echo "" + echo "A password is required to access the ${cryptname} volume:" + + #loop until we get a real password + while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do + sleep 2; + done + fi + if [ -e "/dev/mapper/${cryptname}" ]; then + if [ ${DEPRECATED_CRYPT} -eq 1 ]; then + export root="/dev/mapper/root" + fi + else + err "Password succeeded, but ${cryptname} creation failed, aborting..." + exit 1 + fi + elif [ -n "${crypto}" ]; then + [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated + msg "Non-LUKS encrypted device found..." + if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then + err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip" + err "Non-LUKS decryption not attempted..." + return 1 + fi + exe="cryptsetup create $cryptname $resolved $cryptargs" + IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF +$crypto +EOF + [ -n "$c_hash" ] && exe="$exe --hash '$c_hash'" + [ -n "$c_cipher" ] && exe="$exe --cipher '$c_cipher'" + [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'" + [ -n "$c_offset" ] && exe="$exe --offset '$c_offset'" + [ -n "$c_skip" ] && exe="$exe --skip '$c_skip'" + if [ -f "$ckeyfile" ]; then + exe="$exe --key-file $ckeyfile" + else + exe="$exe --verify-passphrase" + echo "" + echo "A password is required to access the ${cryptname} volume:" + fi + eval "$exe $CSQUIET" + + if [ $? -ne 0 ]; then + err "Non-LUKS device decryption failed. verify format: " + err " crypto=hash:cipher:keysize:offset:skip" + exit 1 + fi + if [ -e "/dev/mapper/${cryptname}" ]; then + if [ ${DEPRECATED_CRYPT} -eq 1 ]; then + export root="/dev/mapper/root" + fi + else + err "Password succeeded, but ${cryptname} creation failed, aborting..." + exit 1 + fi + else + err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified." + fi + fi + rm -f ${ckeyfile} +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/testing/cryptsetup/encrypt_install b/testing/cryptsetup/encrypt_install new file mode 100644 index 000000000..38e5ddc57 --- /dev/null +++ b/testing/cryptsetup/encrypt_install @@ -0,0 +1,44 @@ +#!/bin/bash + +build() { + local mod + + add_module dm-crypt + if [[ $CRYPTO_MODULES ]]; then + for mod in $CRYPTO_MODULES; do + add_module "$mod" + done + else + add_all_modules '/crypto/' + fi + + add_binary "cryptsetup" + add_binary "dmsetup" + add_file "/usr/lib/udev/rules.d/10-dm.rules" + add_file "/usr/lib/udev/rules.d/13-dm-disk.rules" + add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" + add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" + + add_runscript +} + +help() { + cat <<HELPEOF +This hook allows for an encrypted root device. Users should specify the device +to be unlocked using 'cryptdevice=device:dmname' on the kernel command line, +where 'device' is the path to the raw device, and 'dmname' is the name given to +the device after unlocking, and will be available as /dev/mapper/dmname. + +For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on +the kernel cmdline, where 'device' represents the raw block device where the key +exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is +the absolute path of the keyfile within the device. + +Without specifying a keyfile, you will be prompted for the password at runtime. +This means you must have a keyboard available to input it, and you may need +the keymap hook as well to ensure that the keyboard is using the layout you +expect. +HELPEOF +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/testing/libnl/PKGBUILD b/testing/libnl/PKGBUILD new file mode 100644 index 000000000..67f071a46 --- /dev/null +++ b/testing/libnl/PKGBUILD @@ -0,0 +1,30 @@ +# $Id: PKGBUILD 162351 2012-06-25 18:39:40Z thomas $ +# Maintainer: Thomas Bächler <thomas@archlinux.org> + +pkgname=libnl +pkgver=3.2.11 +pkgrel=1 +pkgdesc="Library for applications dealing with netlink sockets" +arch=(i686 x86_64) +url="http://www.infradead.org/~tgr/libnl/" +license=(GPL) +depends=(glibc) +backup=(etc/libnl/classid etc/libnl/pktloc) +options=(!libtool) +source=("$url/files/$pkgname-$pkgver.tar.gz") +sha256sums=('9750409c0fec8b27966a65d94c040647ee01753e0947b0d59577b815ee0e710d') + +build() { + cd "$srcdir/$pkgname-$pkgver" + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/usr/bin \ + --disable-static + make +} + +package() { + cd "$srcdir/$pkgname-$pkgver" + make DESTDIR="$pkgdir" install +} diff --git a/testing/libpcap/PKGBUILD b/testing/libpcap/PKGBUILD new file mode 100644 index 000000000..44b921483 --- /dev/null +++ b/testing/libpcap/PKGBUILD @@ -0,0 +1,41 @@ +# $Id: PKGBUILD 162349 2012-06-25 18:35:21Z thomas $ +# Maintainer: Thomas Bächler <thomas@archlinux.org> + +pkgname=libpcap +pkgver=1.3.0 +pkgrel=1 +pkgdesc="A system-independent interface for user-level packet capture" +arch=('i686' 'x86_64') +url="http://www.tcpdump.org/" +license=('BSD') +depends=('glibc' 'libnl' 'sh' 'libusbx') +makedepends=('flex') +source=(http://www.tcpdump.org/release/libpcap-${pkgver}.tar.gz{,.sig} + libnl32.patch) +sha256sums=('41cbd9ed68383afd9f1fda279cb78427d36879d9e34ee707e31a16a1afd872b9' + '8004a6655fb98acd89f3dea7ce95f182f4874298ce692f5b8f4a7dae65d7993f' + '7d0cbd49e55405cb2b55852223cd4965526e518cfb4f547ab9cc9b95b8f9c9e6') + +build() { + cd ${srcdir}/${pkgname}-${pkgver} + patch -Np1 -i "${srcdir}/libnl32.patch" + autoreconf -f -i + ./configure --prefix=/usr --enable-ipv6 --with-libnl + make +} + +package() { + cd ${srcdir}/${pkgname}-${pkgver} + install -d -m755 ${pkgdir}/usr/bin + make DESTDIR=${pkgdir} install + # remove static library + rm -rf ${pkgdir}/usr/lib/libpcap.a + + # backwards compatibility, programs often look for net/bpf.h + mkdir -p ${pkgdir}/usr/include/net + cd ${pkgdir}/usr/include/net + ln -s ../pcap-bpf.h bpf.h + + #install the license + install -D -m644 ${srcdir}/$pkgname-$pkgver/LICENSE ${pkgdir}/usr/share/licenses/$pkgname/LICENSE +} diff --git a/testing/libpcap/libnl32.patch b/testing/libpcap/libnl32.patch new file mode 100644 index 000000000..633fd003e --- /dev/null +++ b/testing/libpcap/libnl32.patch @@ -0,0 +1,19 @@ +diff -u -r libpcap-1.2.1/configure.in libpcap-1.2.1-libnl32/configure.in +--- libpcap-1.2.1/configure.in 2012-01-02 01:47:37.000000000 +0100 ++++ libpcap-1.2.1-libnl32/configure.in 2012-02-09 19:29:29.405603749 +0100 +@@ -433,12 +433,13 @@ + # + # Try libnl 2.x first. + # +- AC_CHECK_LIB(nl, nl_socket_alloc, ++ AC_CHECK_LIB(nl-3, nl_socket_alloc, + [ + # + # Yes, we have libnl 2.x. + # +- LIBS="-lnl-genl -lnl $LIBS" ++ LIBS="$(pkg-config --libs libnl-genl-3.0 libnl-3.0) $LIBS" ++ V_INCLS="$V_INCLS $(pkg-config --cflags libnl-genl-3.0 libnl-3.0)" + AC_DEFINE(HAVE_LIBNL,1,[if libnl exists]) + AC_DEFINE(HAVE_LIBNL_2_x,1,[if libnl exists and is version 2.x]) + ], diff --git a/testing/openldap/slapd.tmpfiles b/testing/openldap/slapd.tmpfiles new file mode 100644 index 000000000..5f63bd636 --- /dev/null +++ b/testing/openldap/slapd.tmpfiles @@ -0,0 +1 @@ +D /run/openldap 0750 ldap ldap - diff --git a/testing/wpa_supplicant/PKGBUILD b/testing/wpa_supplicant/PKGBUILD new file mode 100644 index 000000000..10540bd95 --- /dev/null +++ b/testing/wpa_supplicant/PKGBUILD @@ -0,0 +1,56 @@ +# $Id: PKGBUILD 162331 2012-06-25 10:10:22Z heftig $ +# Maintainer: Thomas Bächler <thomas@archlinux.org> + +pkgname=wpa_supplicant +pkgver=1.0 +pkgrel=1 +pkgdesc="A utility providing key negotiation for WPA wireless networks" +url="http://hostap.epitest.fi/wpa_supplicant" +arch=('i686' 'x86_64') +depends=('openssl' 'dbus-core' 'readline' 'libnl') +optdepends=('wpa_supplicant_gui: wpa_gui program') +license=('GPL') +groups=('base') +backup=('etc/wpa_supplicant/wpa_supplicant.conf') +source=("http://w1.fi/releases/${pkgname}-${pkgver}.tar.gz" + config hostap_allow-linking-with-libnl-3.2.patch) +md5sums=('8650f6aa23646ef634402552d0669640' + '380d8d1fe24bccb2a2636cb2a6038c39' + '473fb6b77909ec5a50b6f4d91370e86b') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}/" + + # from fedora + patch -Np1 -i "$srcdir/hostap_allow-linking-with-libnl-3.2.patch" + + cd "${pkgname}" + + cp "${srcdir}/config" ./.config + + sed -i 's@/usr/local@$(PREFIX)@g' Makefile + + make PREFIX=/usr +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}/${pkgname}" + make PREFIX=/usr DESTDIR="${pkgdir}" install + + install -d -m755 "${pkgdir}/etc/wpa_supplicant" + install -m644 wpa_supplicant.conf "${pkgdir}/etc/wpa_supplicant/wpa_supplicant.conf" + + install -d -m755 "${pkgdir}/usr/share/man/man"{5,8} + install -m644 doc/docbook/*.5 "${pkgdir}/usr/share/man/man5/" + install -m644 doc/docbook/*.8 "${pkgdir}/usr/share/man/man8/" + rm -f "${pkgdir}/usr/share/man/man8/wpa_"{priv,gui}.8 + + install -d -m755 "${pkgdir}/usr/share/dbus-1/system-services" + install -m644 dbus/{fi.epitest.hostap.WPASupplicant.service,fi.w1.wpa_supplicant1.service} "${pkgdir}/usr/share/dbus-1/system-services/" + + install -d -m755 "${pkgdir}/etc/dbus-1/system.d" + install -m644 dbus/dbus-wpa_supplicant.conf "${pkgdir}/etc/dbus-1/system.d/wpa_supplicant.conf" + + install -d -m755 "${pkgdir}/usr/lib/systemd/system" + install -m644 systemd/*.service "${pkgdir}/usr/lib/systemd/system/" +} diff --git a/testing/wpa_supplicant/config b/testing/wpa_supplicant/config new file mode 100644 index 000000000..59da1e27e --- /dev/null +++ b/testing/wpa_supplicant/config @@ -0,0 +1,468 @@ +# Example wpa_supplicant build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cases, these lines should use += in order not +# to override previous values of the variables. + + +# Uncomment following two lines and fix the paths if you have installed OpenSSL +# or GnuTLS in non-default location +#CFLAGS += -I/usr/local/openssl/include +#LIBS += -L/usr/local/openssl/lib + +# Some Red Hat versions seem to include kerberos header files from OpenSSL, but +# the kerberos files are not in the default include path. Following line can be +# used to fix build issues on such systems (krb5.h not found). +#CFLAGS += -I/usr/include/kerberos + +# Example configuration for various cross-compilation platforms + +#### sveasoft (e.g., for Linksys WRT54G) ###################################### +#CC=mipsel-uclibc-gcc +#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc +#CFLAGS += -Os +#CPPFLAGS += -I../src/include -I../../src/router/openssl/include +#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl +############################################################################### + +#### openwrt (e.g., for Linksys WRT54G) ####################################### +#CC=mipsel-uclibc-gcc +#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc +#CFLAGS += -Os +#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ +# -I../WRT54GS/release/src/include +#LIBS = -lssl +############################################################################### + + +# Driver interface for Host AP driver +#CONFIG_DRIVER_HOSTAP=y + +# Driver interface for Agere driver +#CONFIG_DRIVER_HERMES=y +# Change include directories to match with the local setup +#CFLAGS += -I../../hcf -I../../include -I../../include/hcf +#CFLAGS += -I../../include/wireless + +# Driver interface for madwifi driver +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_MADWIFI=y +# Set include directory to the madwifi source tree +#CFLAGS += -I../../madwifi + +# Driver interface for ndiswrapper +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_NDISWRAPPER=y + +# Driver interface for Atmel driver +#CONFIG_DRIVER_ATMEL=y + +# Driver interface for old Broadcom driver +# Please note that the newer Broadcom driver ("hybrid Linux driver") supports +# Linux wireless extensions and does not need (or even work) with the old +# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. +#CONFIG_DRIVER_BROADCOM=y +# Example path for wlioctl.h; change to match your configuration +#CFLAGS += -I/opt/WRT54GS/release/src/include + +# Driver interface for Intel ipw2100/2200 driver +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_IPW=y + +# Driver interface for Ralink driver +#CONFIG_DRIVER_RALINK=y + +# Driver interface for generic Linux wireless extensions +# Note: WEXT is deprecated in the current Linux kernel version and no new +# functionality is added to it. nl80211-based interface is the new +# replacement for WEXT and its use allows wpa_supplicant to properly control +# the driver to improve existing functionality like roaming and to support new +# functionality. +CONFIG_DRIVER_WEXT=y + +# Driver interface for Linux drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for Windows NDIS +#CONFIG_DRIVER_NDIS=y +#CFLAGS += -I/usr/include/w32api/ddk +#LIBS += -L/usr/local/lib +# For native build using mingw +#CONFIG_NATIVE_WINDOWS=y +# Additional directories for cross-compilation on Linux host for mingw target +#CFLAGS += -I/opt/mingw/mingw32/include/ddk +#LIBS += -L/opt/mingw/mingw32/lib +#CC=mingw32-gcc +# By default, driver_ndis uses WinPcap for low-level operations. This can be +# replaced with the following option which replaces WinPcap calls with NDISUIO. +# However, this requires that WZC is disabled (net stop wzcsvc) before starting +# wpa_supplicant. +# CONFIG_USE_NDISUIO=y + +# Driver interface for development testing +#CONFIG_DRIVER_TEST=y + +# Driver interface for wired Ethernet drivers +CONFIG_DRIVER_WIRED=y + +# Driver interface for the Broadcom RoboSwitch family +#CONFIG_DRIVER_ROBOSWITCH=y + +# Driver interface for no driver (e.g., WPS ER only) +#CONFIG_DRIVER_NONE=y + +# Solaris libraries +#LIBS += -lsocket -ldlpi -lnsl +#LIBS_c += -lsocket + +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is +# included) +CONFIG_IEEE8021X_EAPOL=y + +# EAP-MD5 +CONFIG_EAP_MD5=y + +# EAP-MSCHAPv2 +CONFIG_EAP_MSCHAPV2=y + +# EAP-TLS +CONFIG_EAP_TLS=y + +# EAL-PEAP +CONFIG_EAP_PEAP=y + +# EAP-TTLS +CONFIG_EAP_TTLS=y + +# EAP-FAST +# Note: Default OpenSSL package does not include support for all the +# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, +# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) +# to add the needed functions. +#CONFIG_EAP_FAST=y + +# EAP-GTC +CONFIG_EAP_GTC=y + +# EAP-OTP +CONFIG_EAP_OTP=y + +# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) +#CONFIG_EAP_SIM=y + +# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-pwd (secure authentication using only a password) +#CONFIG_EAP_PWD=y + +# EAP-PAX +#CONFIG_EAP_PAX=y + +# LEAP +CONFIG_EAP_LEAP=y + +# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) +#CONFIG_EAP_AKA=y + +# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# Enable USIM simulator (Milenage) for EAP-AKA +#CONFIG_USIM_SIMULATOR=y + +# EAP-SAKE +#CONFIG_EAP_SAKE=y + +# EAP-GPSK +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-TNC and related Trusted Network Connect support (experimental) +#CONFIG_EAP_TNC=y + +# Wi-Fi Protected Setup (WPS) +CONFIG_WPS=y +# Enable WSC 2.0 support +#CONFIG_WPS2=y +# Enable WPS external registrar functionality +#CONFIG_WPS_ER=y +# Disable credentials for an open network by default when acting as a WPS +# registrar. +#CONFIG_WPS_REG_DISABLE_OPEN=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# Smartcard support (i.e., private key on a smartcard), e.g., with openssl +# engine. +CONFIG_SMARTCARD=y + +# PC/SC interface for smartcards (USIM, GSM SIM) +# Enable this if EAP-SIM or EAP-AKA is included +#CONFIG_PCSC=y + +# Development testing +#CONFIG_EAPOL_TEST=y + +# Select control interface backend for external programs, e.g, wpa_cli: +# unix = UNIX domain sockets (default for Linux/*BSD) +# udp = UDP sockets using localhost (127.0.0.1) +# named_pipe = Windows Named Pipe (default for Windows) +# y = use default (backwards compatibility) +# If this option is commented out, control interface is not included in the +# build. +CONFIG_CTRL_IFACE=y + +# Include support for GNU Readline and History Libraries in wpa_cli. +# When building a wpa_cli binary for distribution, please note that these +# libraries are licensed under GPL and as such, BSD license may not apply for +# the resulting binary. +CONFIG_READLINE=y + +# Include internal line edit mode in wpa_cli. This can be used as a replacement +# for GNU Readline to provide limited command line editing and history support. +#CONFIG_WPA_CLI_EDIT=y + +# Remove debugging code that is printing out debug message to stdout. +# This can be used to reduce the size of the wpa_supplicant considerably +# if debugging code is not needed. The size reduction can be around 35% +# (e.g., 90 kB). +#CONFIG_NO_STDOUT_DEBUG=y + +# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save +# 35-50 kB in code size. +#CONFIG_NO_WPA=y + +# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to +# save about 1 kB in code size when building only WPA-Personal (no EAP support) +# or 6 kB if building for WPA-Enterprise. +#CONFIG_NO_WPA2=y + +# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support +# This option can be used to reduce code size by removing support for +# converting ASCII passphrases into PSK. If this functionality is removed, the +# PSK can only be configured as the 64-octet hexstring (e.g., from +# wpa_passphrase). This saves about 0.5 kB in code size. +#CONFIG_NO_WPA_PASSPHRASE=y + +# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# This can be used if ap_scan=1 mode is never enabled. +#CONFIG_NO_SCAN_PROCESSING=y + +# Select configuration backend: +# file = text file (e.g., wpa_supplicant.conf; note: the configuration file +# path is given on command line, not here; this option is just used to +# select the backend that allows configuration files to be used) +# winreg = Windows registry (see win_example.reg for an example) +CONFIG_BACKEND=file + +# Remove configuration write functionality (i.e., to allow the configuration +# file to be updated based on runtime configuration changes). The runtime +# configuration can still be changed, the changes are just not going to be +# persistent over restarts. This option can be used to reduce code size by +# about 3.5 kB. +#CONFIG_NO_CONFIG_WRITE=y + +# Remove support for configuration blobs to reduce code size by about 1.5 kB. +#CONFIG_NO_CONFIG_BLOBS=y + +# Select program entry point implementation: +# main = UNIX/POSIX like main() function (default) +# main_winsvc = Windows service (read parameters from registry) +# main_none = Very basic example (development use only) +#CONFIG_MAIN=main + +# Select wrapper for operatins system and C library specific functions +# unix = UNIX/POSIX like systems (default) +# win32 = Windows systems +# none = Empty template +#CONFIG_OS=unix + +# Select event loop implementation +# eloop = select() loop (default) +# eloop_win = Windows events and WaitForMultipleObject() loop +# eloop_none = Empty template +#CONFIG_ELOOP=eloop + +# Select layer 2 packet implementation +# linux = Linux packet socket (default) +# pcap = libpcap/libdnet/WinPcap +# freebsd = FreeBSD libpcap +# winpcap = WinPcap with receive thread +# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) +# none = Empty template +#CONFIG_L2_PACKET=linux + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +# This version is an experimental implementation based on IEEE 802.11w/D1.0 +# draft and is subject to change since the standard has not yet been finalized. +# Driver support is also needed for IEEE 802.11w. +#CONFIG_IEEE80211W=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +#CONFIG_TLS=openssl + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. It should be noted that some existing TLS v1.0 -based +# implementation may not be compatible with TLS v1.1 message (ClientHello is +# sent prior to negotiating which version will be used) +#CONFIG_TLSV11=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. +# This is only for Windows builds and requires WMI-related header files and +# WbemUuid.Lib from Platform SDK even when building with MinGW. +#CONFIG_NDIS_EVENTS_INTEGRATED=y +#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" + +# Add support for old DBus control interface +# (fi.epitest.hostap.WPASupplicant) +CONFIG_CTRL_IFACE_DBUS=y + +# Add support for new DBus control interface +# (fi.w1.hostap.wpa_supplicant1) +CONFIG_CTRL_IFACE_DBUS_NEW=y + +# Add introspection support for new DBus control interface +CONFIG_CTRL_IFACE_DBUS_INTRO=y + +# Add support for loading EAP methods dynamically as shared libraries. +# When this option is enabled, each EAP method can be either included +# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). +# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to +# be loaded in the beginning of the wpa_supplicant configuration file +# (see load_dynamic_eap parameter in the example file) before being used in +# the network blocks. +# +# Note that some shared parts of EAP methods are included in the main program +# and in order to be able to use dynamic EAP methods using these parts, the +# main program must have been build with the EAP method enabled (=y or =dyn). +# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries +# unless at least one of them was included in the main build to force inclusion +# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included +# in the main build to be able to load these methods dynamically. +# +# Please also note that using dynamic libraries will increase the total binary +# size. Thus, it may not be the best option for targets that have limited +# amount of memory/flash. +#CONFIG_DYNAMIC_EAP_METHODS=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +#CONFIG_IEEE80211R=y + +# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) +CONFIG_DEBUG_FILE=y + +# Send debug messages to syslog instead of stdout +#CONFIG_DEBUG_SYSLOG=y +# Set syslog facility for debug messages +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON + +# Enable privilege separation (see README 'Privilege separation' for details) +#CONFIG_PRIVSEP=y + +# Enable mitigation against certain attacks against TKIP by delaying Michael +# MIC error reports by a random amount of time between 0 and 60 seconds +#CONFIG_DELAYED_MIC_ERROR_REPORT=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, uncomment these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, uncomment these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# wpa_supplicant depends on strong random number generation being available +# from the operating system. os_get_random() function is used to fetch random +# data when needed, e.g., for key generation. On Linux and BSD systems, this +# works by reading /dev/urandom. It should be noted that the OS entropy pool +# needs to be properly initialized before wpa_supplicant is started. This is +# important especially on embedded devices that do not have a hardware random +# number generator and may by default start up with minimal entropy available +# for random number generation. +# +# As a safety net, wpa_supplicant is by default trying to internally collect +# additional entropy for generating random data to mix in with the data fetched +# from the OS. This by itself is not considered to be very strong, but it may +# help in cases where the system pool is not initialized properly. However, it +# is very strongly recommended that the system pool is initialized with enough +# entropy either by using hardware assisted random number generator or by +# storing state over device reboots. +# +# wpa_supplicant can be configured to maintain its own entropy store over +# restarts to enhance random number generation. This is not perfect, but it is +# much more secure than using the same sequence of random numbers after every +# reboot. This can be enabled with -e<entropy file> command line option. The +# specified file needs to be readable and writable by wpa_supplicant. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal wpa_supplicant random pool can be +# disabled. This will save some in binary size and CPU use. However, this +# should only be considered for builds that are known to be used on devices +# that meet the requirements described above. +CONFIG_NO_RANDOM_POOL=y + +# IEEE 802.11n (High Throughput) support (mainly for AP mode) +#CONFIG_IEEE80211N=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +#CONFIG_INTERWORKING=y + +CONFIG_LIBNL32=y diff --git a/testing/wpa_supplicant/hostap_allow-linking-with-libnl-3.2.patch b/testing/wpa_supplicant/hostap_allow-linking-with-libnl-3.2.patch new file mode 100644 index 000000000..5d8903906 --- /dev/null +++ b/testing/wpa_supplicant/hostap_allow-linking-with-libnl-3.2.patch @@ -0,0 +1,12 @@ +diff -up wpa_supplicant-1.0-rc2/src/drivers/drivers.mak.foo wpa_supplicant-1.0-rc2/src/drivers/drivers.mak +--- wpa_supplicant-1.0-rc2/src/drivers/drivers.mak.foo 2012-03-02 16:11:43.176448714 -0600 ++++ wpa_supplicant-1.0-rc2/src/drivers/drivers.mak 2012-03-02 16:12:29.759866341 -0600 +@@ -48,7 +48,7 @@ NEED_RFKILL=y + ifdef CONFIG_LIBNL32 + DRV_LIBS += -lnl-3 + DRV_LIBS += -lnl-genl-3 +- DRV_CFLAGS += -DCONFIG_LIBNL20 ++ DRV_CFLAGS += -DCONFIG_LIBNL20 `pkg-config --cflags libnl-3.0` + else + ifdef CONFIG_LIBNL_TINY + DRV_LIBS += -lnl-tiny diff --git a/testing/wpa_supplicant_gui/PKGBUILD b/testing/wpa_supplicant_gui/PKGBUILD new file mode 100644 index 000000000..e8ad8125a --- /dev/null +++ b/testing/wpa_supplicant_gui/PKGBUILD @@ -0,0 +1,32 @@ +# $Id: PKGBUILD 162332 2012-06-25 10:11:07Z heftig $ +# Maintainer: Thomas Bächler <thomas@archlinux.org> + +pkgname=wpa_supplicant_gui +pkgver=1.0 +pkgrel=1 +pkgdesc="A Qt frontend to wpa_supplicant" +url="http://hostap.epitest.fi/wpa_supplicant" +arch=('i686' 'x86_64') +depends=('qt' "wpa_supplicant=$pkgver") +license=('GPL') +source=("http://hostap.epitest.fi/releases/wpa_supplicant-$pkgver.tar.gz" + compile-fix.patch) +sha256sums=('91d41d473a5aafa2e25dd6577ebda975c4d4a3188850a53e31feaf7c04482b9c' + '044be1032faf93c5f0abf22d7ae77dc0d1d1fef0c2c30646d54950b86601709f') + +build() { + cd wpa_supplicant-${pkgver} + patch -p1 <../compile-fix.patch + cd wpa_supplicant/wpa_gui-qt4 + qmake + make +} + +package() { + cd "${srcdir}/wpa_supplicant-${pkgver}/wpa_supplicant/wpa_gui-qt4" + install -Dm755 wpa_gui "${pkgdir}/usr/sbin/wpa_gui" + install -Dm644 icons/wpa_gui.svg "${pkgdir}/usr/share/pixmaps/wpa_gui.svg" + install -Dm644 wpa_gui.desktop "${pkgdir}/usr/share/applications/wpa_gui.desktop" + install -Dm644 "${srcdir}/wpa_supplicant-${pkgver}/wpa_supplicant/doc/docbook/wpa_gui.8" \ + "${pkgdir}/usr/share/man/man8/wpa_gui.8" +} diff --git a/testing/wpa_supplicant_gui/compile-fix.patch b/testing/wpa_supplicant_gui/compile-fix.patch new file mode 100644 index 000000000..3303b3699 --- /dev/null +++ b/testing/wpa_supplicant_gui/compile-fix.patch @@ -0,0 +1,14 @@ +diff -u -r wpa_supplicant-1.0/wpa_supplicant/wpa_gui-qt4/wpagui.cpp wpa_supplicant-1.0-fix/wpa_supplicant/wpa_gui-qt4/wpagui.cpp +--- wpa_supplicant-1.0/wpa_supplicant/wpa_gui-qt4/wpagui.cpp 2012-05-09 23:56:09.000000000 +0200 ++++ wpa_supplicant-1.0-fix/wpa_supplicant/wpa_gui-qt4/wpagui.cpp 2012-06-25 12:06:46.045261398 +0200 +@@ -12,10 +12,8 @@ + * See README and COPYING for more details. + */ + +-#ifdef __MINGW32__ + /* Need to get getopt() */ + #include <unistd.h> +-#endif + + #ifdef CONFIG_NATIVE_WINDOWS + #include <windows.h> |