nixbld: try new workaround for Linux wifi shittiness
The Linux wifi AP support is dire: * rtl8192cu AP mode loses packets and connections * rtl8xxxu does not support AP mode * ath10k firmware crashes from time to time * iwlwifi with hostapd 2.9 causes kernel crashes every few days with NULL pointer dereference It seems iwlwifi with hostapd 2.8 could be the least bad option. Revert to that version and disable problematic (insecure) CONFIG_EAP_PWD.
This commit is contained in:
parent
49f014fb67
commit
f6d4bc3d83
|
@ -7,7 +7,7 @@
|
||||||
let
|
let
|
||||||
netifWan = "enp0s31f6";
|
netifWan = "enp0s31f6";
|
||||||
netifLan = "enp3s0";
|
netifLan = "enp3s0";
|
||||||
netifWifi = "wlp0s20f0u1";
|
netifWifi = "wlp4s0";
|
||||||
netifSit = "henet0";
|
netifSit = "henet0";
|
||||||
hydraWwwOutputs = "/var/www/hydra-outputs";
|
hydraWwwOutputs = "/var/www/hydra-outputs";
|
||||||
in
|
in
|
||||||
|
@ -26,7 +26,6 @@ in
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
boot.blacklistedKernelModules = ["iwlwifi"];
|
|
||||||
|
|
||||||
security.apparmor.enable = true;
|
security.apparmor.enable = true;
|
||||||
|
|
||||||
|
@ -352,6 +351,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
|
nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
|
||||||
|
hostapd = super.callPackage ./hostapd.nix {};
|
||||||
hydra = super.hydra.overrideAttrs(oa: {
|
hydra = super.hydra.overrideAttrs(oa: {
|
||||||
patches = oa.patches or [] ++ [ ./hydra-conda.patch ./hydra-retry.patch ];
|
patches = oa.patches or [] ++ [ ./hydra-conda.patch ./hydra-retry.patch ];
|
||||||
hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ];
|
hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ];
|
||||||
|
|
|
@ -0,0 +1,80 @@
|
||||||
|
{ stdenv, fetchurl, pkgconfig, libnl, openssl, sqlite ? null }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
pname = "hostapd";
|
||||||
|
version = "2.8";
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "https://w1.fi/releases/${pname}-${version}.tar.gz";
|
||||||
|
sha256 = "1c74rrazkhy4lr7pwgwa2igzca7h9l4brrs7672kiv7fwqmm57wj";
|
||||||
|
};
|
||||||
|
|
||||||
|
nativeBuildInputs = [ pkgconfig ];
|
||||||
|
buildInputs = [ libnl openssl sqlite ];
|
||||||
|
|
||||||
|
patches = [
|
||||||
|
(fetchurl {
|
||||||
|
# Note: fetchurl seems to be unhappy with openwrt git
|
||||||
|
# server's URLs containing semicolons. Using the github mirror instead.
|
||||||
|
url = "https://raw.githubusercontent.com/openwrt/openwrt/master/package/network/services/hostapd/patches/300-noscan.patch";
|
||||||
|
sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k";})
|
||||||
|
];
|
||||||
|
|
||||||
|
outputs = [ "out" "man" ];
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
CONFIG_DRIVER_WIRED=y
|
||||||
|
CONFIG_LIBNL32=y
|
||||||
|
CONFIG_EAP_SIM=y
|
||||||
|
CONFIG_EAP_AKA=y
|
||||||
|
CONFIG_EAP_AKA_PRIME=y
|
||||||
|
CONFIG_EAP_PAX=y
|
||||||
|
CONFIG_EAP_PWD=n
|
||||||
|
CONFIG_EAP_SAKE=y
|
||||||
|
CONFIG_EAP_GPSK=y
|
||||||
|
CONFIG_EAP_GPSK_SHA256=y
|
||||||
|
CONFIG_EAP_FAST=y
|
||||||
|
CONFIG_EAP_IKEV2=y
|
||||||
|
CONFIG_EAP_TNC=y
|
||||||
|
CONFIG_EAP_EKE=y
|
||||||
|
CONFIG_RADIUS_SERVER=y
|
||||||
|
CONFIG_IEEE80211R=y
|
||||||
|
CONFIG_IEEE80211N=y
|
||||||
|
CONFIG_IEEE80211AC=y
|
||||||
|
CONFIG_FULL_DYNAMIC_VLAN=y
|
||||||
|
CONFIG_VLAN_NETLINK=y
|
||||||
|
CONFIG_TLS=openssl
|
||||||
|
CONFIG_TLSV11=y
|
||||||
|
CONFIG_TLSV12=y
|
||||||
|
CONFIG_INTERNETWORKING=y
|
||||||
|
CONFIG_HS20=y
|
||||||
|
CONFIG_ACS=y
|
||||||
|
CONFIG_GETRANDOM=y
|
||||||
|
'' + stdenv.lib.optionalString (sqlite != null) ''
|
||||||
|
CONFIG_SQLITE=y
|
||||||
|
'';
|
||||||
|
|
||||||
|
configurePhase = ''
|
||||||
|
cd hostapd
|
||||||
|
cp -v defconfig .config
|
||||||
|
echo "$extraConfig" >> .config
|
||||||
|
cat -n .config
|
||||||
|
substituteInPlace Makefile --replace /usr/local $out
|
||||||
|
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE $(pkg-config --cflags libnl-3.0)"
|
||||||
|
'';
|
||||||
|
|
||||||
|
preInstall = "mkdir -p $out/bin";
|
||||||
|
postInstall = ''
|
||||||
|
install -vD hostapd.8 -t $man/share/man/man8
|
||||||
|
install -vD hostapd_cli.1 -t $man/share/man/man1
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = with stdenv.lib; {
|
||||||
|
homepage = http://hostap.epitest.fi;
|
||||||
|
repositories.git = git://w1.fi/hostap.git;
|
||||||
|
description = "A user space daemon for access point and authentication servers";
|
||||||
|
license = licenses.gpl2;
|
||||||
|
maintainers = with maintainers; [ phreedom ninjatrappeur ];
|
||||||
|
platforms = platforms.linux;
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue