From f6d4bc3d83ddfd45ad8b19b991d3589bffe58432 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Mon, 30 Dec 2019 18:23:54 +0800 Subject: [PATCH] nixbld: try new workaround for Linux wifi shittiness The Linux wifi AP support is dire: * rtl8192cu AP mode loses packets and connections * rtl8xxxu does not support AP mode * ath10k firmware crashes from time to time * iwlwifi with hostapd 2.9 causes kernel crashes every few days with NULL pointer dereference It seems iwlwifi with hostapd 2.8 could be the least bad option. Revert to that version and disable problematic (insecure) CONFIG_EAP_PWD. --- nixbld-etc-nixos/configuration.nix | 4 +- nixbld-etc-nixos/hostapd.nix | 80 ++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 nixbld-etc-nixos/hostapd.nix diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index 24d0236..ab1f1a9 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -7,7 +7,7 @@ let netifWan = "enp0s31f6"; netifLan = "enp3s0"; - netifWifi = "wlp0s20f0u1"; + netifWifi = "wlp4s0"; netifSit = "henet0"; hydraWwwOutputs = "/var/www/hydra-outputs"; in @@ -26,7 +26,6 @@ in # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.blacklistedKernelModules = ["iwlwifi"]; security.apparmor.enable = true; @@ -352,6 +351,7 @@ in }; nixpkgs.config.packageOverrides = super: let self = super.pkgs; in { + hostapd = super.callPackage ./hostapd.nix {}; hydra = super.hydra.overrideAttrs(oa: { patches = oa.patches or [] ++ [ ./hydra-conda.patch ./hydra-retry.patch ]; hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ]; diff --git a/nixbld-etc-nixos/hostapd.nix b/nixbld-etc-nixos/hostapd.nix new file mode 100644 index 0000000..79ce37a --- /dev/null +++ b/nixbld-etc-nixos/hostapd.nix @@ -0,0 +1,80 @@ +{ stdenv, fetchurl, pkgconfig, libnl, openssl, sqlite ? null }: + +stdenv.mkDerivation rec { + pname = "hostapd"; + version = "2.8"; + + src = fetchurl { + url = "https://w1.fi/releases/${pname}-${version}.tar.gz"; + sha256 = "1c74rrazkhy4lr7pwgwa2igzca7h9l4brrs7672kiv7fwqmm57wj"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libnl openssl sqlite ]; + + patches = [ + (fetchurl { + # Note: fetchurl seems to be unhappy with openwrt git + # server's URLs containing semicolons. Using the github mirror instead. + url = "https://raw.githubusercontent.com/openwrt/openwrt/master/package/network/services/hostapd/patches/300-noscan.patch"; + sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k";}) + ]; + + outputs = [ "out" "man" ]; + + extraConfig = '' + CONFIG_DRIVER_WIRED=y + CONFIG_LIBNL32=y + CONFIG_EAP_SIM=y + CONFIG_EAP_AKA=y + CONFIG_EAP_AKA_PRIME=y + CONFIG_EAP_PAX=y + CONFIG_EAP_PWD=n + CONFIG_EAP_SAKE=y + CONFIG_EAP_GPSK=y + CONFIG_EAP_GPSK_SHA256=y + CONFIG_EAP_FAST=y + CONFIG_EAP_IKEV2=y + CONFIG_EAP_TNC=y + CONFIG_EAP_EKE=y + CONFIG_RADIUS_SERVER=y + CONFIG_IEEE80211R=y + CONFIG_IEEE80211N=y + CONFIG_IEEE80211AC=y + CONFIG_FULL_DYNAMIC_VLAN=y + CONFIG_VLAN_NETLINK=y + CONFIG_TLS=openssl + CONFIG_TLSV11=y + CONFIG_TLSV12=y + CONFIG_INTERNETWORKING=y + CONFIG_HS20=y + CONFIG_ACS=y + CONFIG_GETRANDOM=y + '' + stdenv.lib.optionalString (sqlite != null) '' + CONFIG_SQLITE=y + ''; + + configurePhase = '' + cd hostapd + cp -v defconfig .config + echo "$extraConfig" >> .config + cat -n .config + substituteInPlace Makefile --replace /usr/local $out + export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE $(pkg-config --cflags libnl-3.0)" + ''; + + preInstall = "mkdir -p $out/bin"; + postInstall = '' + install -vD hostapd.8 -t $man/share/man/man8 + install -vD hostapd_cli.1 -t $man/share/man/man1 + ''; + + meta = with stdenv.lib; { + homepage = http://hostap.epitest.fi; + repositories.git = git://w1.fi/hostap.git; + description = "A user space daemon for access point and authentication servers"; + license = licenses.gpl2; + maintainers = with maintainers; [ phreedom ninjatrappeur ]; + platforms = platforms.linux; + }; +}