[arch-commits] Commit in hostapd/repos/community-x86_64 (6 files)
David Runge
dvzrv at gemini.archlinux.org
Sun Jan 16 23:07:01 UTC 2022
Date: Sunday, January 16, 2022 @ 23:07:01
Author: dvzrv
Revision: 1106664
archrelease: copy trunk to community-x86_64
Added:
hostapd/repos/community-x86_64/PKGBUILD
(from rev 1106663, hostapd/trunk/PKGBUILD)
hostapd/repos/community-x86_64/config
(from rev 1106663, hostapd/trunk/config)
hostapd/repos/community-x86_64/hostapd.service
(from rev 1106663, hostapd/trunk/hostapd.service)
Deleted:
hostapd/repos/community-x86_64/PKGBUILD
hostapd/repos/community-x86_64/config
hostapd/repos/community-x86_64/hostapd.service
-----------------+
PKGBUILD | 158 ++++------
config | 823 ++++++++++++++++++++++++++++--------------------------
hostapd.service | 20 -
3 files changed, 506 insertions(+), 495 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2022-01-16 23:06:52 UTC (rev 1106663)
+++ PKGBUILD 2022-01-16 23:07:01 UTC (rev 1106664)
@@ -1,89 +0,0 @@
-# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
-# Contributor: David Runge <dvzrv at archlinux.org>
-
-pkgname=hostapd
-pkgver=2.9
-pkgrel=5
-pkgdesc="IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator"
-arch=('x86_64')
-url="https://w1.fi/hostapd/"
-license=('BSD')
-depends=('glibc' 'libnl' 'openssl' 'sqlite')
-backup=("etc/${pkgname}/${pkgname}."{accept,conf,deny,eap_user,radius_clients,vlan,wpa_psk})
-source=("https://w1.fi/releases/$pkgname-$pkgver.tar.gz"{,.asc}
- "https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch"
- "https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch"
- "https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch"
- "hostapd-2.9-CVE-2021-30004.patch::https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15"
- config
- hostapd.service)
-sha512sums=('66c729380152db18b64520bda55dfa00af3b0264f97b5de100b81a46e2593571626c4bdcf900f0988ea2131e30bc8788f75d8489dd1f57e37fd56e8098e48a9c'
- 'SKIP'
- 'b76bbca282a74ef16c0303e5dbd2ccd33a62461595964d52c1481b0bfa4f41deacde56830b85409b288803b87ceb6f33cf0ccc69c5b17ec632c2d4784b872f3c'
- '00cc739e78c42353a555c0de2f29defecff372927040e14407a231d1ead7ff32a37c9fd46bea7cdf1c24e3ac891bc3d483800d44fc6d2c8a12d2ae886523b12c'
- '69243af20cdcfa837c51917a3723779f4825e11436fb83311355b4ffe8f7a4b7a5747a976f7bf923038c410c9e9055b13b866d9a396913ad08bdec3a70e9f6e0'
- '88608529763a6fd9e8cb1e9c9a35630dc2e311a260e023e2a69002d0db700d5f58fc7723a00433b4ea895b92c371cf1db221f38742490b4ed9b4b049892b65e1'
- '6e4da7ab208174ad22700d2ccdfcff39bc6fa65750246905790582aaf414a888ea1577d58f759bb12044190d2a4b144d60d23419e9d16561eaa5403a091504ee'
- '34e16c5d46383477bcb9e0dba5073b7f01354a6adca8e591050aeff6319255f8939926b70d76d109735496bbaf9ff2d04be9cf6e0d057c4d2f4a4140067957a3')
-b2sums=('07308376dd1576313513fba815b220e4ab2f30ed1a402e24b5c8e62ded79c6d718ff47aad1a2222c9e46ffb7334580b556f19a8aef013eab34a8d61d708d2f01'
- 'SKIP'
- '2a5e3650e9872aaed73085131f3a6f80a12bf7d353b4df927346a9f2c13e828b9c4196386ded935f0ff960eee380be49325a98541bbc23a99cfe3f00e91581fe'
- '0c454ca976d2ee538a874f1a4f583434bdf3abe6c5d20517f3350d9852c0f50849ae1ad4611acecf5a754339678e4952b8c9ae1abb783e06cffa615b36464d06'
- '736e51142cf4402cc8aa6858022fda23ea5f37ba256bc922349365ff4824322db31ea04add04d1b55d0d41f4cb0272de8dcf44ae4671309e808cc4f4a57fe6ac'
- '943ccc90d23c60eef15a336108d14e74909ecb782f772145ee48d049806c289c42867999e489fdfc0795846bf41a756303e6da81f4624d26043c618b8485cf43'
- '67068de741382f1fe812723ea47caa03e7d484ee89eafe115bfb876fe000260aa23ff4215484a44976ac9ddb3fc96b51742e222477a808788f122c3213234d11'
- 'dbb4d1ad4359931bd70d6ad428b509e0c40dab3a55ba7b87cf1c00a458d737c2a4ed6f06dd23286d9e4a38a481e4af9ab4ffa8e6fb27d852aa4eb7d16d046bf8')
-validpgpkeys=('EC4AA0A991A5F2464582D52D2B6EF432EFC895FA') # Jouni Malinen
-
-prepare() {
- cd "$pkgname-$pkgver"
- for _patch_file in ../*.patch; do
- echo "Apply patch: ${_patch_file}"
- patch -Np1 -i "${_patch_file}"
- done
-
- # fix include locations in main configuration file
- sed -e 's|/etc/hostapd|/etc/hostapd/hostapd|g' \
- -e 's|/var/run|/run|g' \
- -e 's|radius_attr.sqlite|/var/lib/hostapd/radius_attr.sqlite|g' \
- -e 's|hostapd.cred|/var/lib/hostapd/hostapd.cred|g' \
- -e 's|hostapd.ap_settings|/var/lib/hostapd/hostapd.ap_settings|g' \
- -e 's|hostapd_wps_pin_requests|hostapd/wps_pin_requests|g' \
- -i "${pkgname}/${pkgname}.conf"
- # extract license
- cat "${pkgname}/README" |head -n47 |tail -n5 > LICENSE
- # link build configuration into place:
- # an up-to-date version of the build configuration can be found in
- # hostapd/defconfig and should be diffed with the packaged one before every
- # build
- ln -sv "${srcdir}/config" "${pkgname}/.config"
-}
-
-build() {
- cd $pkgname-$pkgver/hostapd
- make
-}
-
-package() {
- cd "$pkgname-$pkgver"
- make -C "${pkgname}" install DESTDIR="${pkgdir}" BINDIR="/usr/bin"
- # systemd service
- install -vDm 644 "../${pkgname}.service" \
- -t "$pkgdir/usr/lib/systemd/system/"
- # license
- install -vDm 644 LICENSE -t "$pkgdir/usr/share/licenses/$pkgname/"
- # config
- install -d "$pkgdir/etc/hostapd"
- install -vDm 640 "${pkgname}/${pkgname}."{accept,conf,deny,eap_user,radius_clients,vlan,wpa_psk} \
- -t "${pkgdir}/etc/${pkgname}"
- # docs
- install -vDm 644 "${pkgname}/"{hostapd.sim_db,wired.conf,hlr_auc_gw.{txt,milenage_db}} \
- "${pkgname}/"{README*,ChangeLog} \
- -t "${pkgdir}/usr/share/doc/${pkgname}"
- # man pages
- install -vDm 644 "${pkgname}/${pkgname}.8" -t "$pkgdir/usr/share/man/man8/"
- install -vDm 644 "${pkgname}/${pkgname}_cli.1" \
- -t "$pkgdir/usr/share/man/man1/"
- # state dir
- install -vdm 750 "${pkgdir}/var/lib/${pkgname}"
-}
Copied: hostapd/repos/community-x86_64/PKGBUILD (from rev 1106663, hostapd/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2022-01-16 23:07:01 UTC (rev 1106664)
@@ -0,0 +1,69 @@
+# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
+# Contributor: David Runge <dvzrv at archlinux.org>
+
+pkgname=hostapd
+pkgver=2.10
+pkgrel=1
+pkgdesc="IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator"
+arch=(x86_64)
+url="https://w1.fi/hostapd/"
+license=(BSD)
+depends=(glibc libnl openssl sqlite)
+backup=("etc/${pkgname}/${pkgname}."{accept,conf,deny,eap_user,radius_clients,vlan,wpa_psk})
+source=(
+ "https://w1.fi/releases/$pkgname-$pkgver.tar.gz"{,.asc}
+ config
+ hostapd.service
+)
+sha512sums=('243baa82d621f859d2507d8d5beb0ebda15a75548a62451dc9bca42717dcc8607adac49b354919a41d8257d16d07ac7268203a79750db0cfb34b51f80ff1ce8f'
+ 'SKIP'
+ 'a959eda72d1c7e77943cc44cd0a00f1853223777b4f45ed18d6077ed5866e65a8a17bac0398375d1178d529a19e6df51b2572c026a262a919c7abcd5b72ca6ff'
+ '34e16c5d46383477bcb9e0dba5073b7f01354a6adca8e591050aeff6319255f8939926b70d76d109735496bbaf9ff2d04be9cf6e0d057c4d2f4a4140067957a3')
+b2sums=('dbeeae2f62a8ab52df3e2d05ff0467b643cd68349ef3b28814a11dfb67d4b23d14cf2461a3040694706ec614fcd7c2e0fe58f3597e877cf47296cd75e11c792f'
+ 'SKIP'
+ '944d3808054876e32e47d72883b0d32632ed916ff8f15d7bb98edef9460e36d6db90d409ce75d8d4afe819264a0274377d523911064bd546245ac868c3723608'
+ 'dbb4d1ad4359931bd70d6ad428b509e0c40dab3a55ba7b87cf1c00a458d737c2a4ed6f06dd23286d9e4a38a481e4af9ab4ffa8e6fb27d852aa4eb7d16d046bf8')
+validpgpkeys=('EC4AA0A991A5F2464582D52D2B6EF432EFC895FA') # Jouni Malinen
+
+prepare() {
+ cd "$pkgname-$pkgver"
+ # fix include locations in main configuration file
+ sed -e 's|/etc/hostapd|/etc/hostapd/hostapd|g' \
+ -e 's|/var/run|/run|g' \
+ -e 's|radius_attr.sqlite|/var/lib/hostapd/radius_attr.sqlite|g' \
+ -e 's|hostapd.cred|/var/lib/hostapd/hostapd.cred|g' \
+ -e 's|hostapd.ap_settings|/var/lib/hostapd/hostapd.ap_settings|g' \
+ -e 's|hostapd_wps_pin_requests|hostapd/wps_pin_requests|g' \
+ -i "${pkgname}/${pkgname}.conf"
+
+ # extract license
+ cat "${pkgname}/README" |head -n47 |tail -n5 > LICENSE
+
+ # link build configuration into place:
+ # an up-to-date version of the build configuration can be found in
+ # hostapd/defconfig and should be diffed with the packaged one before every
+ # build
+ ln -sv "${srcdir}/config" "${pkgname}/.config"
+}
+
+build() {
+ make -C $pkgname-$pkgver/$pkgname
+}
+
+package() {
+ cd "$pkgname-$pkgver"
+ make -C "${pkgname}" install DESTDIR="${pkgdir}" BINDIR="/usr/bin"
+ # systemd service
+ install -vDm 644 "../${pkgname}.service" -t "$pkgdir/usr/lib/systemd/system/"
+ # license
+ install -vDm 644 LICENSE -t "$pkgdir/usr/share/licenses/$pkgname/"
+ # config
+ install -vDm 640 "${pkgname}/${pkgname}."{accept,conf,deny,eap_user,radius_clients,vlan,wpa_psk} -t "${pkgdir}/etc/${pkgname}"
+ # docs
+ install -vDm 644 "${pkgname}/"{hostapd.sim_db,wired.conf,hlr_auc_gw.{txt,milenage_db}} "${pkgname}/"{README*,ChangeLog} -t "${pkgdir}/usr/share/doc/${pkgname}"
+ # man pages
+ install -vDm 644 "${pkgname}/${pkgname}.8" -t "$pkgdir/usr/share/man/man8/"
+ install -vDm 644 "${pkgname}/${pkgname}_cli.1" -t "$pkgdir/usr/share/man/man1/"
+ # state dir
+ install -vdm 750 "${pkgdir}/var/lib/${pkgname}"
+}
Deleted: config
===================================================================
--- config 2022-01-16 23:06:52 UTC (rev 1106663)
+++ config 2022-01-16 23:07:01 UTC (rev 1106664)
@@ -1,396 +0,0 @@
-# Example hostapd build time configuration
-#
-# This file lists the configuration options that are used when building the
-# hostapd binary. All lines starting with # are ignored. Configuration option
-# lines must be commented out complete, if they are not to be included, i.e.,
-# just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cass, these lines should use += in order not
-# to override previous values of the variables.
-
-# Driver interface for Host AP driver
-CONFIG_DRIVER_HOSTAP=y
-
-# Driver interface for wired authenticator
-CONFIG_DRIVER_WIRED=y
-
-# Driver interface for drivers using the nl80211 kernel interface
-CONFIG_DRIVER_NL80211=y
-
-# QCA vendor extensions to nl80211
-#CONFIG_DRIVER_NL80211_QCA=y
-
-# driver_nl80211.c requires libnl. If you are compiling it yourself
-# you may need to point hostapd to your version of libnl.
-#
-#CFLAGS += -I$<path to libnl include files>
-#LIBS += -L$<path to libnl library files>
-
-# Use libnl v2.0 (or 3.0) libraries.
-#CONFIG_LIBNL20=y
-
-# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
-CONFIG_LIBNL32=y
-
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for no driver (e.g., RADIUS server only)
-#CONFIG_DRIVER_NONE=y
-
-# IEEE 802.11F/IAPP
-CONFIG_IAPP=y
-
-# WPA2/IEEE 802.11i RSN pre-authentication
-CONFIG_RSN_PREAUTH=y
-
-# IEEE 802.11w (management frame protection)
-CONFIG_IEEE80211W=y
-
-# Support Operating Channel Validation
-#CONFIG_OCV=y
-
-# Integrated EAP server
-CONFIG_EAP=y
-
-# EAP Re-authentication Protocol (ERP) in integrated EAP server
-CONFIG_ERP=y
-
-# EAP-MD5 for the integrated EAP server
-CONFIG_EAP_MD5=y
-
-# EAP-TLS for the integrated EAP server
-CONFIG_EAP_TLS=y
-
-# EAP-MSCHAPv2 for the integrated EAP server
-CONFIG_EAP_MSCHAPV2=y
-
-# EAP-PEAP for the integrated EAP server
-CONFIG_EAP_PEAP=y
-
-# EAP-GTC for the integrated EAP server
-CONFIG_EAP_GTC=y
-
-# EAP-TTLS for the integrated EAP server
-CONFIG_EAP_TTLS=y
-
-# EAP-SIM for the integrated EAP server
-CONFIG_EAP_SIM=y
-
-# EAP-AKA for the integrated EAP server
-CONFIG_EAP_AKA=y
-
-# EAP-AKA' for the integrated EAP server
-# This requires CONFIG_EAP_AKA to be enabled, too.
-#CONFIG_EAP_AKA_PRIME=y
-
-# EAP-PAX for the integrated EAP server
-CONFIG_EAP_PAX=y
-
-# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
-CONFIG_EAP_PSK=y
-
-# EAP-pwd for the integrated EAP server (secure authentication with a password)
-#CONFIG_EAP_PWD=y
-
-# EAP-SAKE for the integrated EAP server
-CONFIG_EAP_SAKE=y
-
-# EAP-GPSK for the integrated EAP server
-CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-FAST for the integrated EAP server
-#CONFIG_EAP_FAST=y
-
-# EAP-TEAP for the integrated EAP server
-# Note: The current EAP-TEAP implementation is experimental and should not be
-# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
-# of conflicting statements and missing details and the implementation has
-# vendor specific workarounds for those and as such, may not interoperate with
-# any other implementation. This should not be used for anything else than
-# experimentation and interoperability testing until those issues has been
-# resolved.
-#CONFIG_EAP_TEAP=y
-
-# Wi-Fi Protected Setup (WPS)
-CONFIG_WPS=y
-# Enable UPnP support for external WPS Registrars
-CONFIG_WPS_UPNP=y
-# Enable WPS support with NFC config method
-CONFIG_WPS_NFC=y
-
-# EAP-IKEv2
-#CONFIG_EAP_IKEV2=y
-
-# Trusted Network Connect (EAP-TNC)
-#CONFIG_EAP_TNC=y
-
-# EAP-EKE for the integrated EAP server
-#CONFIG_EAP_EKE=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
-CONFIG_PKCS12=y
-
-# RADIUS authentication server. This provides access to the integrated EAP
-# server from external hosts using RADIUS.
-CONFIG_RADIUS_SERVER=y
-
-# Build IPv6 support for RADIUS operations
-CONFIG_IPV6=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition)
-CONFIG_IEEE80211R=y
-
-# Use the hostapd's IEEE 802.11 authentication (ACL), but without
-# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
-#CONFIG_DRIVER_RADIUS_ACL=y
-
-# IEEE 802.11n (High Throughput) support
-CONFIG_IEEE80211N=y
-
-# Wireless Network Management (IEEE Std 802.11v-2011)
-# Note: This is experimental and not complete implementation.
-#CONFIG_WNM=y
-
-# IEEE 802.11ac (Very High Throughput) support
-CONFIG_IEEE80211AC=y
-
-# IEEE 802.11ax HE support
-# Note: This is experimental and work in progress. The definitions are still
-# subject to change and this should not be expected to interoperate with the
-# final IEEE 802.11ax version.
-#CONFIG_IEEE80211AX=y
-
-# Remove debugging code that is printing out debug messages to stdout.
-# This can be used to reduce the size of the hostapd considerably if debugging
-# code is not needed.
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Add support for writing debug log to a file: -f /tmp/hostapd.log
-# Disabled by default.
-#CONFIG_DEBUG_FILE=y
-
-# Send debug messages to syslog instead of stdout
-#CONFIG_DEBUG_SYSLOG=y
-
-# Add support for sending all debug messages (regardless of debug verbosity)
-# to the Linux kernel tracing facility. This helps debug the entire stack by
-# making it easy to record everything happening from the driver up into the
-# same file, e.g., using trace-cmd.
-#CONFIG_DEBUG_LINUX_TRACING=y
-
-# Remove support for RADIUS accounting
-#CONFIG_NO_ACCOUNTING=y
-
-# Remove support for RADIUS
-#CONFIG_NO_RADIUS=y
-
-# Remove support for VLANs
-#CONFIG_NO_VLAN=y
-
-# Enable support for fully dynamic VLANs. This enables hostapd to
-# automatically create bridge and VLAN interfaces if necessary.
-#CONFIG_FULL_DYNAMIC_VLAN=y
-
-# Use netlink-based kernel API for VLAN operations instead of ioctl()
-# Note: This requires libnl 3.1 or newer.
-#CONFIG_VLAN_NETLINK=y
-
-# Remove support for dumping internal state through control interface commands
-# This can be used to reduce binary size at the cost of disabling a debugging
-# option.
-#CONFIG_NO_DUMP_STATE=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, comment out these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, comment out these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-# hostapd depends on strong random number generation being available from the
-# operating system. os_get_random() function is used to fetch random data when
-# needed, e.g., for key generation. On Linux and BSD systems, this works by
-# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
-# properly initialized before hostapd is started. This is important especially
-# on embedded devices that do not have a hardware random number generator and
-# may by default start up with minimal entropy available for random number
-# generation.
-#
-# As a safety net, hostapd is by default trying to internally collect
-# additional entropy for generating random data to mix in with the data
-# fetched from the OS. This by itself is not considered to be very strong, but
-# it may help in cases where the system pool is not initialized properly.
-# However, it is very strongly recommended that the system pool is initialized
-# with enough entropy either by using hardware assisted random number
-# generator or by storing state over device reboots.
-#
-# hostapd can be configured to maintain its own entropy store over restarts to
-# enhance random number generation. This is not perfect, but it is much more
-# secure than using the same sequence of random numbers after every reboot.
-# This can be enabled with -e<entropy file> command line option. The specified
-# file needs to be readable and writable by hostapd.
-#
-# If the os_get_random() is known to provide strong random data (e.g., on
-# Linux/BSD, the board in question is known to have reliable source of random
-# data from /dev/urandom), the internal hostapd random pool can be disabled.
-# This will save some in binary size and CPU use. However, this should only be
-# considered for builds that are known to be used on devices that meet the
-# requirements described above.
-#CONFIG_NO_RANDOM_POOL=y
-
-# Should we attempt to use the getrandom(2) call that provides more reliable
-# yet secure randomness source than /dev/random on Linux 3.17 and newer.
-# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
-#CONFIG_GETRANDOM=y
-
-# Should we use poll instead of select? Select is used by default.
-#CONFIG_ELOOP_POLL=y
-
-# Should we use epoll instead of select? Select is used by default.
-#CONFIG_ELOOP_EPOLL=y
-
-# Should we use kqueue instead of select? Select is used by default.
-#CONFIG_ELOOP_KQUEUE=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS
-# internal = Internal TLSv1 implementation (experimental)
-# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
-# none = Empty template
-#CONFIG_TLS=openssl
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# can be enabled to get a stronger construction of messages when block ciphers
-# are used.
-#CONFIG_TLSV11=y
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
-# can be enabled to enable use of stronger crypto algorithms.
-#CONFIG_TLSV12=y
-
-# Select which ciphers to use by default with OpenSSL if the user does not
-# specify them.
-#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-#CONFIG_INTERNAL_LIBTOMMATH=y
-#ifndef CONFIG_INTERNAL_LIBTOMMATH
-#LTM_PATH=/usr/src/libtommath-0.39
-#CFLAGS += -I$(LTM_PATH)
-#LIBS += -L$(LTM_PATH)
-#LIBS_p += -L$(LTM_PATH)
-#endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Interworking (IEEE 802.11u)
-# This can be used to enable functionality to improve interworking with
-# external networks.
-#CONFIG_INTERWORKING=y
-
-# Hotspot 2.0
-#CONFIG_HS20=y
-
-# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
-CONFIG_SQLITE=y
-
-# Enable Fast Session Transfer (FST)
-#CONFIG_FST=y
-
-# Enable CLI commands for FST testing
-#CONFIG_FST_TEST=y
-
-# Testing options
-# This can be used to enable some testing options (see also the example
-# configuration file) that are really useful only for testing clients that
-# connect to this hostapd. These options allow, for example, to drop a
-# certain percentage of probe requests or auth/(re)assoc frames.
-#
-#CONFIG_TESTING_OPTIONS=y
-
-# Automatic Channel Selection
-# This will allow hostapd to pick the channel automatically when channel is set
-# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
-# similar way.
-#
-# Automatic selection is currently only done through initialization, later on
-# we hope to do background checks to keep us moving to more ideal channels as
-# time goes by. ACS is currently only supported through the nl80211 driver and
-# your driver must have survey dump capability that is filled by the driver
-# during scanning.
-#
-# You can customize the ACS survey algorithm with the hostapd.conf variable
-# acs_num_scans.
-#
-# Supported ACS drivers:
-# * ath9k
-# * ath5k
-# * ath10k
-#
-# For more details refer to:
-# http://wireless.kernel.org/en/users/Documentation/acs
-#
-CONFIG_ACS=y
-
-# Multiband Operation support
-# These extentions facilitate efficient use of multiple frequency bands
-# available to the AP and the devices that may associate with it.
-#CONFIG_MBO=y
-
-# Client Taxonomy
-# Has the AP retain the Probe Request and (Re)Association Request frames from
-# a client, from which a signature can be produced which can identify the model
-# of client device like "Nexus 6P" or "iPhone 5s".
-#CONFIG_TAXONOMY=y
-
-# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-#CONFIG_FILS=y
-# FILS shared key authentication with PFS
-#CONFIG_FILS_SK_PFS=y
-
-# Include internal line edit mode in hostapd_cli. This can be used to provide
-# limited command line editing and history support.
-#CONFIG_WPA_CLI_EDIT=y
-
-# Opportunistic Wireless Encryption (OWE)
-# Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
-
-# Airtime policy support
-#CONFIG_AIRTIME_POLICY=y
-
-# Override default value for the wpa_disable_eapol_key_retries configuration
-# parameter. See that parameter in hostapd.conf for more details.
-#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
-
-# custom configuration options
-CONFIG_MESH=y
-CONFIG_SAE=y
-CONFIG_WPS2=y
Copied: hostapd/repos/community-x86_64/config (from rev 1106663, hostapd/trunk/config)
===================================================================
--- config (rev 0)
+++ config 2022-01-16 23:07:01 UTC (rev 1106664)
@@ -0,0 +1,427 @@
+# Example hostapd build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cass, these lines should use += in order not
+# to override previous values of the variables.
+
+# Driver interface for Host AP driver
+CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for wired authenticator
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for no driver (e.g., RADIUS server only)
+#CONFIG_DRIVER_NONE=y
+
+# WPA2/IEEE 802.11i RSN pre-authentication
+CONFIG_RSN_PREAUTH=y
+
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
+# Integrated EAP server
+CONFIG_EAP=y
+
+# EAP Re-authentication Protocol (ERP) in integrated EAP server
+CONFIG_ERP=y
+
+# EAP-MD5 for the integrated EAP server
+CONFIG_EAP_MD5=y
+
+# EAP-TLS for the integrated EAP server
+CONFIG_EAP_TLS=y
+
+# EAP-MSCHAPv2 for the integrated EAP server
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-PEAP for the integrated EAP server
+CONFIG_EAP_PEAP=y
+
+# EAP-GTC for the integrated EAP server
+CONFIG_EAP_GTC=y
+
+# EAP-TTLS for the integrated EAP server
+CONFIG_EAP_TTLS=y
+
+# EAP-SIM for the integrated EAP server
+CONFIG_EAP_SIM=y
+
+# EAP-AKA for the integrated EAP server
+CONFIG_EAP_AKA=y
+
+# EAP-AKA' for the integrated EAP server
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# EAP-PAX for the integrated EAP server
+CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+CONFIG_EAP_PSK=y
+
+# EAP-pwd for the integrated EAP server (secure authentication with a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-SAKE for the integrated EAP server
+CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+#CONFIG_EAP_FAST=y
+
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable UPnP support for external WPS Registrars
+CONFIG_WPS_UPNP=y
+# Enable WPS support with NFC config method
+CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# Trusted Network Connect (EAP-TNC)
+#CONFIG_EAP_TNC=y
+
+# EAP-EKE for the integrated EAP server
+#CONFIG_EAP_EKE=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# RADIUS authentication server. This provides access to the integrated EAP
+# server from external hosts using RADIUS.
+CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+CONFIG_IPV6=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+CONFIG_IEEE80211R=y
+
+# Use the hostapd's IEEE 802.11 authentication (ACL), but without
+# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
+#CONFIG_DRIVER_RADIUS_ACL=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# IEEE 802.11ac (Very High Throughput) support
+CONFIG_IEEE80211AC=y
+
+# IEEE 802.11ax HE support
+# Note: This is experimental and work in progress. The definitions are still
+# subject to change and this should not be expected to interoperate with the
+# final IEEE 802.11ax version.
+#CONFIG_IEEE80211AX=y
+
+# Remove debugging code that is printing out debug messages to stdout.
+# This can be used to reduce the size of the hostapd considerably if debugging
+# code is not needed.
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Add support for writing debug log to a file: -f /tmp/hostapd.log
+# Disabled by default.
+#CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+#CONFIG_DEBUG_SYSLOG=y
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Remove support for RADIUS accounting
+#CONFIG_NO_ACCOUNTING=y
+
+# Remove support for RADIUS
+#CONFIG_NO_RADIUS=y
+
+# Remove support for VLANs
+#CONFIG_NO_VLAN=y
+
+# Enable support for fully dynamic VLANs. This enables hostapd to
+# automatically create bridge and VLAN interfaces if necessary.
+#CONFIG_FULL_DYNAMIC_VLAN=y
+
+# Use netlink-based kernel API for VLAN operations instead of ioctl()
+# Note: This requires libnl 3.1 or newer.
+#CONFIG_VLAN_NETLINK=y
+
+# Remove support for dumping internal state through control interface commands
+# This can be used to reduce binary size at the cost of disabling a debugging
+# option.
+#CONFIG_NO_DUMP_STATE=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, comment out these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, comment out these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# hostapd depends on strong random number generation being available from the
+# operating system. os_get_random() function is used to fetch random data when
+# needed, e.g., for key generation. On Linux and BSD systems, this works by
+# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
+# properly initialized before hostapd is started. This is important especially
+# on embedded devices that do not have a hardware random number generator and
+# may by default start up with minimal entropy available for random number
+# generation.
+#
+# As a safety net, hostapd is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data
+# fetched from the OS. This by itself is not considered to be very strong, but
+# it may help in cases where the system pool is not initialized properly.
+# However, it is very strongly recommended that the system pool is initialized
+# with enough entropy either by using hardware assisted random number
+# generator or by storing state over device reboots.
+#
+# hostapd can be configured to maintain its own entropy store over restarts to
+# enhance random number generation. This is not perfect, but it is much more
+# secure than using the same sequence of random numbers after every reboot.
+# This can be enabled with -e<entropy file> command line option. The specified
+# file needs to be readable and writable by hostapd.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal hostapd random pool can be disabled.
+# This will save some in binary size and CPU use. However, this should only be
+# considered for builds that are known to be used on devices that meet the
+# requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+#CONFIG_GETRANDOM=y
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+#CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
+# none = Empty template
+#CONFIG_TLS=openssl
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used.
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms.
+#CONFIG_TLSV12=y
+
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks.
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
+CONFIG_SQLITE=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# Testing options
+# This can be used to enable some testing options (see also the example
+# configuration file) that are really useful only for testing clients that
+# connect to this hostapd. These options allow, for example, to drop a
+# certain percentage of probe requests or auth/(re)assoc frames.
+#
+#CONFIG_TESTING_OPTIONS=y
+
+# Automatic Channel Selection
+# This will allow hostapd to pick the channel automatically when channel is set
+# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# You can customize the ACS survey algorithm with the hostapd.conf variable
+# acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# https://wireless.wiki.kernel.org/en/users/documentation/acs
+#
+CONFIG_ACS=y
+
+# Multiband Operation support
+# These extensions facilitate efficient use of multiple frequency bands
+# available to the AP and the devices that may associate with it.
+#CONFIG_MBO=y
+
+# Client Taxonomy
+# Has the AP retain the Probe Request and (Re)Association Request frames from
+# a client, from which a signature can be produced which can identify the model
+# of client device like "Nexus 6P" or "iPhone 5s".
+#CONFIG_TAXONOMY=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+#CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Include internal line edit mode in hostapd_cli. This can be used to provide
+# limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
+
+# Airtime policy support
+#CONFIG_AIRTIME_POLICY=y
+
+# Override default value for the wpa_disable_eapol_key_retries configuration
+# parameter. See that parameter in hostapd.conf for more details.
+#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
+
+# Wired equivalent privacy (WEP)
+# WEP is an obsolete cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used for anything anymore. The
+# functionality needed to use WEP is available in the current hostapd
+# release under this optional build parameter. This functionality is subject to
+# be completely removed in a future release.
+#CONFIG_WEP=y
+
+# Remove all TKIP functionality
+# TKIP is an old cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used anymore. For now, the default hostapd
+# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but
+# that functionality is subject to be removed in the future.
+#CONFIG_NO_TKIP=y
+
+# Pre-Association Security Negotiation (PASN)
+# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol
+# design is still subject to change. As such, this should not yet be enabled in
+# production use.
+# This requires CONFIG_IEEE80211W=y to be enabled, too.
+#CONFIG_PASN=y
+
+# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect)
+CONFIG_DPP=y
+# DPP version 2 support
+CONFIG_DPP2=y
+# DPP version 3 support (experimental and still changing; do not enable for
+# production use)
+#CONFIG_DPP3=y
+
+# custom configuration options
+
+# IEEE 802.11F/IAPP
+CONFIG_IAPP=y
+
+# IEEE 802.11w (management frame protection)
+CONFIG_IEEE80211W=y
+
+# IEEE 802.11n (High Throughput) support
+CONFIG_IEEE80211N=y
+
+CONFIG_MESH=y
+CONFIG_SAE=y
+CONFIG_WPS2=y
Deleted: hostapd.service
===================================================================
--- hostapd.service 2022-01-16 23:06:52 UTC (rev 1106663)
+++ hostapd.service 2022-01-16 23:07:01 UTC (rev 1106664)
@@ -1,10 +0,0 @@
-[Unit]
-Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/hostapd /etc/hostapd/hostapd.conf
-ExecReload=/bin/kill -HUP $MAINPID
-
-[Install]
-WantedBy=multi-user.target
Copied: hostapd/repos/community-x86_64/hostapd.service (from rev 1106663, hostapd/trunk/hostapd.service)
===================================================================
--- hostapd.service (rev 0)
+++ hostapd.service 2022-01-16 23:07:01 UTC (rev 1106664)
@@ -0,0 +1,10 @@
+[Unit]
+Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/hostapd /etc/hostapd/hostapd.conf
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
More information about the arch-commits
mailing list