From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1A85E1382C5 for ; Wed, 2 May 2018 10:11:06 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 317E4E09A4; Wed, 2 May 2018 10:11:03 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 00B7FE09A4 for ; Wed, 2 May 2018 10:11:02 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id C2D7F335C7A for ; Wed, 2 May 2018 10:11:01 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 8FD0329B for ; Wed, 2 May 2018 10:10:58 +0000 (UTC) From: "Andrey Utkin" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Andrey Utkin" Message-ID: <1525255750.3695b0a4d4b752e3401f679ecebfc6490aa2109b.andrey_utkin@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-wireless/hostapd/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-wireless/hostapd/hostapd-2.6-r4.ebuild net-wireless/hostapd/metadata.xml X-VCS-Directories: net-wireless/hostapd/ X-VCS-Committer: andrey_utkin X-VCS-Committer-Name: Andrey Utkin X-VCS-Revision: 3695b0a4d4b752e3401f679ecebfc6490aa2109b X-VCS-Branch: master Date: Wed, 2 May 2018 10:10:58 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 0b771d03-5cd9-4d98-ad2c-0bf4be9d810b X-Archives-Hash: 8c2f56621f6328cda6c006265f619045 commit: 3695b0a4d4b752e3401f679ecebfc6490aa2109b Author: Andrey Utkin gentoo org> AuthorDate: Sat Apr 28 13:45:34 2018 +0000 Commit: Andrey Utkin gentoo org> CommitDate: Wed May 2 10:09:10 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3695b0a4 net-wireless/hostapd: drop defunct "ssl" USE flag, add "internal-tls" Since hostapd-2.5, USE=-ssl fails to build. Appears USE=-ssl was used to avoid openssl. Since libressl support was added in 2.6-r3 ebuild, there is an alternative way to avoid openssl now. This commit adds another alternative, to use internal TLSv1 implementation instead of openssl/libressl. It doesn't allow to build hostapd with all the features which are enabled with openssl, though. I don't anticipate user need for USE=-ssl to have a build which does not support any encryption at all. Of course I am open to such users' requests, but at last they have "savedconfig" option to help themselves. Acked-by: zerochaos gentoo.org Bug: https://bugs.gentoo.org/578798 Package-Manager: Portage-2.3.31, Repoman-2.3.9 net-wireless/hostapd/hostapd-2.6-r4.ebuild | 31 ++++++++++++++++++++++-------- net-wireless/hostapd/metadata.xml | 1 + 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/net-wireless/hostapd/hostapd-2.6-r4.ebuild b/net-wireless/hostapd/hostapd-2.6-r4.ebuild index feebb2eda45..ffc16c5ae29 100644 --- a/net-wireless/hostapd/hostapd-2.6-r4.ebuild +++ b/net-wireless/hostapd/hostapd-2.6-r4.ebuild @@ -12,12 +12,13 @@ SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz" LICENSE="BSD" SLOT="0" KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" -IUSE="ipv6 libressl logwatch netlink sqlite +ssl +wps +crda" +IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" DEPEND=" - ssl? ( - !libressl? ( dev-libs/openssl:0=[-bindist] ) - libressl? ( dev-libs/libressl:0= ) + libressl? ( dev-libs/libressl:0= ) + !libressl? ( + internal-tls? ( dev-libs/libtommath ) + !internal-tls? ( dev-libs/openssl:0=[-bindist] ) ) kernel_linux? ( dev-libs/libnl:3 @@ -30,6 +31,16 @@ RDEPEND="${DEPEND}" S="${S}/${PN}" +pkg_pretend() { + if use internal-tls; then + if use libressl; then + elog "libressl flag takes precedence over internal-tls" + else + ewarn "internal-tls implementation is experimental and provides fewer features" + fi + fi +} + src_prepare() { # Allow users to apply patches to src/drivers for example, # i.e. anything outside ${S}/${PN} @@ -71,7 +82,9 @@ src_configure() { echo "CONFIG_ERP=y" >> ${CONFIG} echo "CONFIG_EAP_MD5=y" >> ${CONFIG} - if use ssl; then + if use internal-tls && !use libressl; then + echo "CONFIG_TLS=internal" >> ${CONFIG} + else # SSL authentication methods echo "CONFIG_EAP_FAST=y" >> ${CONFIG} echo "CONFIG_EAP_TLS=y" >> ${CONFIG} @@ -80,6 +93,7 @@ src_configure() { echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} echo "CONFIG_TLSV11=y" >> ${CONFIG} echo "CONFIG_TLSV12=y" >> ${CONFIG} + echo "CONFIG_EAP_PWD=y" >> ${CONFIG} fi if use wps; then @@ -103,7 +117,6 @@ src_configure() { echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} - echo "CONFIG_EAP_PWD=y" >> ${CONFIG} einfo "Enabling drivers: " @@ -170,7 +183,7 @@ src_configure() { src_compile() { emake V=1 - if use ssl; then + if use libressl || !use internal-tls; then emake V=1 nt_password_hash emake V=1 hlr_auc_gw fi @@ -185,7 +198,9 @@ src_install() { dosbin ${PN} dobin ${PN}_cli - use ssl && dobin nt_password_hash hlr_auc_gw + if use libressl || !use internal-tls; then + dobin nt_password_hash hlr_auc_gw + fi newinitd "${FILESDIR}"/${PN}-init.d ${PN} newconfd "${FILESDIR}"/${PN}-conf.d ${PN} diff --git a/net-wireless/hostapd/metadata.xml b/net-wireless/hostapd/metadata.xml index 59217d50546..458eddb0459 100644 --- a/net-wireless/hostapd/metadata.xml +++ b/net-wireless/hostapd/metadata.xml @@ -8,6 +8,7 @@ Add CRDA support + Use internal TLSv1 implementation instead of depending on OpenSSL, LibreSSL or GnuTLS Install support files for sys-apps/logwatch Adding support for using netlink to create VLANs