- enable reading PKCS12 certificates from files; from Gregor Best who

wants this for use with Eduroam. - add an rc script and README. - remove non-useful wpa_priv patch. README tweak from ajacoutot, ok gsoares dcoppa
2013-02-06 17:27:13 +00:00 · 2013-02-06 17:27:13 +00:00 · b013715fc5
commit b013715fc5
parent aae9949187
6 changed files with 54 additions and 41 deletions
--- a/security/wpa_supplicant/Makefile
+++ b/security/wpa_supplicant/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.9 2013/02/04 10:04:44 sthen Exp $
+# $OpenBSD: Makefile,v 1.10 2013/02/06 17:27:13 sthen Exp $

 COMMENT=	IEEE 802.1X supplicant

 DISTNAME=	wpa_supplicant-2.0
-REVISION=	1
+REVISION=	2
 CATEGORIES=	security net

 HOMEPAGE=	http://hostap.epitest.fi/wpa_supplicant/
--- a/security/wpa_supplicant/files/config
+++ b/security/wpa_supplicant/files/config
@ -1,4 +1,4 @@
-# $OpenBSD: config,v 1.2 2013/01/28 11:03:16 sthen Exp $
+# $OpenBSD: config,v 1.3 2013/02/06 17:27:13 sthen Exp $
 # see defconfig and README for notes

 CFLAGS += -I${LOCALBASE}/include/PCSC
@ -10,6 +10,7 @@ CONFIG_DRIVER_WIRED=y
 CONFIG_DRIVER_OPENBSD=y
 CONFIG_IEEE8021X_EAPOL=y
 CONFIG_PEERKEY=y
+CONFIG_PKCS12=y

 CONFIG_EAP_MD5=y
 CONFIG_EAP_MSCHAPV2=y
@ -31,6 +32,5 @@ CONFIG_EAP_SIM=y
 CONFIG_PCSC=y
 CONFIG_SMARTCARD=y

-# privilege separation, see README.
-# WIP: not yet tested.
+# privilege separation, see README.  not working yet.
 # CONFIG_PRIVSEP=y
--- a/security/wpa_supplicant/patches/patch-wpa_supplicant_wpa_priv_c
+++ b/security/wpa_supplicant/patches/patch-wpa_supplicant_wpa_priv_c
@ -1,34 +0,0 @@
-$OpenBSD: patch-wpa_supplicant_wpa_priv_c,v 1.1 2013/01/28 11:03:16 sthen Exp $
--- wpa_supplicant/wpa_priv.c.orig	Sat Jan 26 10:49:28 2013
-+++ wpa_supplicant/wpa_priv.c	Sat Jan 26 10:50:56 2013
-@@ -92,6 +92,7 @@ static void wpa_priv_cmd_unregister(struct wpa_priv_in
- }
- 
- 
-+#if 0
- static void wpa_priv_cmd_scan(struct wpa_priv_interface *iface,
- 			      char *buf, size_t len)
- {
-@@ -170,6 +171,7 @@ static void wpa_priv_cmd_get_scan_results(struct wpa_p
- 		sendto(iface->fd, "", 0, 0, (struct sockaddr *) from,
- 		       sizeof(*from));
- }
-+#endif
- 
- 
- static void wpa_priv_cmd_associate(struct wpa_priv_interface *iface,
-@@ -487,12 +489,14 @@ static void wpa_priv_receive(int sock, void *eloop_ctx
- 	case PRIVSEP_CMD_UNREGISTER:
- 		wpa_priv_cmd_unregister(iface, &from);
- 		break;
-+#if 0
- 	case PRIVSEP_CMD_SCAN:
- 		wpa_priv_cmd_scan(iface, cmd_buf, cmd_len);
- 		break;
- 	case PRIVSEP_CMD_GET_SCAN_RESULTS:
- 		wpa_priv_cmd_get_scan_results(iface, &from);
- 		break;
-+#endif
- 	case PRIVSEP_CMD_ASSOCIATE:
- 		wpa_priv_cmd_associate(iface, cmd_buf, cmd_len);
- 		break;
--- a/security/wpa_supplicant/pkg/PLIST
+++ b/security/wpa_supplicant/pkg/PLIST
@ -1,16 +1,18 @@
-@comment $OpenBSD: PLIST,v 1.3 2013/01/28 11:03:16 sthen Exp $
-@comment @man man/man8/wpa_priv.8
+@comment $OpenBSD: PLIST,v 1.4 2013/02/06 17:27:13 sthen Exp $
@comment @bin sbin/wpa_priv
@man man/man5/wpa_supplicant.conf.5
@man man/man8/wpa_background.8
@man man/man8/wpa_cli.8
@comment @man man/man8/wpa_gui.8
@man man/man8/wpa_passphrase.8
+@comment @man man/man8/wpa_priv.8
@man man/man8/wpa_supplicant.8
@bin sbin/wpa_cli
@bin sbin/wpa_passphrase
@bin sbin/wpa_supplicant
+share/doc/pkg-readmes/${FULLPKGNAME}
 share/examples/wpa_supplicant/
 share/examples/wpa_supplicant/wpa_supplicant.conf
@sample ${SYSCONFDIR}/wpa_supplicant.conf
 share/examples/wpa_supplicant/wpa_supplicant.conf.dist
+@rcscript ${RCDIR}/wpa_supplicant
--- a/security/wpa_supplicant/pkg/README
+++ b/security/wpa_supplicant/pkg/README
@ -0,0 +1,35 @@
+$OpenBSD: README,v 1.1 2013/02/06 17:27:13 sthen Exp $
+
+-----------------------------------------------------------------------
+| Running ${FULLPKGNAME} on OpenBSD
+-----------------------------------------------------------------------
+
+Configuring wireless interfaces
+===============================
+Configure your interface in the normal way using ifconfig(8) commands
+or via /etc/hostname.<iface>. You must explicitly set 802.1x mode; it is
+also recommended that the BSSID is configured explicitly, e.g.:
+
+# ifconfig rsu0 nwid humppa bssid 11:22:33:44:55:66 wpa wpaakms 802.1x up
+
+Access-point scanning is not currently supported by the OpenBSD code in
+wpa_supplicant, so ap_scan=0 should be set in ${SYSCONFDIR}/wpa_supplicant.conf.
+
+Starting wpa_supplicant at boot time
+====================================
+An rc.d(8) script is provided to start wpa_supplicant, so you can add the
+usual line to /etc/rc.conf.local:
+
+pkg_scripts="${pkg_scripts} wpa_supplicant"
+
+The interface name must be given on the command line - this is preset to
+"athn0" in the rc.d script. To use an alternative interface, do _not_
+modify the ${RCDIR}/wpa_supplicant script, but instead change this in
+/etc/rc.conf.local by adding a line using the format of one of the
+following examples:
+
+# 802.11 wireless
+wpa_supplicant_flags="-c ${SYSCONFDIR}/wpa_supplicant.conf -D openbsd -i ral0"
+
+# wired
+wpa_supplicant_flags="-c ${SYSCONFDIR}/wpa_supplicant.conf -D wired -i em0"
--- a/security/wpa_supplicant/pkg/wpa_supplicant.rc
+++ b/security/wpa_supplicant/pkg/wpa_supplicant.rc
@ -0,0 +1,10 @@
+#!/bin/sh
+#
+# $OpenBSD: wpa_supplicant.rc,v 1.1 2013/02/06 17:27:13 sthen Exp $
+
+daemon="${TRUEPREFIX}/sbin/wpa_supplicant -B"
+daemon_flags="-c ${SYSCONFDIR}/wpa_supplicant.conf -D openbsd -i athn0"
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1