nixbld: try new workaround for Linux wifi shittiness

The Linux wifi AP support is dire:
* rtl8192cu AP mode loses packets and connections
* rtl8xxxu does not support AP mode
* ath10k firmware crashes from time to time
* iwlwifi with hostapd 2.9 causes kernel crashes every few days with NULL pointer dereference

It seems iwlwifi with hostapd 2.8 could be the least bad option.
Revert to that version and disable problematic (insecure) CONFIG_EAP_PWD.
This commit is contained in:
Sebastien Bourdeauducq 2019-12-30 18:23:54 +08:00
parent 49f014fb67
commit f6d4bc3d83
2 changed files with 82 additions and 2 deletions

View File

@ -7,7 +7,7 @@
let let
netifWan = "enp0s31f6"; netifWan = "enp0s31f6";
netifLan = "enp3s0"; netifLan = "enp3s0";
netifWifi = "wlp0s20f0u1"; netifWifi = "wlp4s0";
netifSit = "henet0"; netifSit = "henet0";
hydraWwwOutputs = "/var/www/hydra-outputs"; hydraWwwOutputs = "/var/www/hydra-outputs";
in in
@ -26,7 +26,6 @@ in
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.blacklistedKernelModules = ["iwlwifi"];
security.apparmor.enable = true; security.apparmor.enable = true;
@ -352,6 +351,7 @@ in
}; };
nixpkgs.config.packageOverrides = super: let self = super.pkgs; in { nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
hostapd = super.callPackage ./hostapd.nix {};
hydra = super.hydra.overrideAttrs(oa: { hydra = super.hydra.overrideAttrs(oa: {
patches = oa.patches or [] ++ [ ./hydra-conda.patch ./hydra-retry.patch ]; patches = oa.patches or [] ++ [ ./hydra-conda.patch ./hydra-retry.patch ];
hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ]; hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ];

View File

@ -0,0 +1,80 @@
{ stdenv, fetchurl, pkgconfig, libnl, openssl, sqlite ? null }:
stdenv.mkDerivation rec {
pname = "hostapd";
version = "2.8";
src = fetchurl {
url = "https://w1.fi/releases/${pname}-${version}.tar.gz";
sha256 = "1c74rrazkhy4lr7pwgwa2igzca7h9l4brrs7672kiv7fwqmm57wj";
};
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ libnl openssl sqlite ];
patches = [
(fetchurl {
# Note: fetchurl seems to be unhappy with openwrt git
# server's URLs containing semicolons. Using the github mirror instead.
url = "https://raw.githubusercontent.com/openwrt/openwrt/master/package/network/services/hostapd/patches/300-noscan.patch";
sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k";})
];
outputs = [ "out" "man" ];
extraConfig = ''
CONFIG_DRIVER_WIRED=y
CONFIG_LIBNL32=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PWD=n
CONFIG_EAP_SAKE=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_FAST=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_TNC=y
CONFIG_EAP_EKE=y
CONFIG_RADIUS_SERVER=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211N=y
CONFIG_IEEE80211AC=y
CONFIG_FULL_DYNAMIC_VLAN=y
CONFIG_VLAN_NETLINK=y
CONFIG_TLS=openssl
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_INTERNETWORKING=y
CONFIG_HS20=y
CONFIG_ACS=y
CONFIG_GETRANDOM=y
'' + stdenv.lib.optionalString (sqlite != null) ''
CONFIG_SQLITE=y
'';
configurePhase = ''
cd hostapd
cp -v defconfig .config
echo "$extraConfig" >> .config
cat -n .config
substituteInPlace Makefile --replace /usr/local $out
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE $(pkg-config --cflags libnl-3.0)"
'';
preInstall = "mkdir -p $out/bin";
postInstall = ''
install -vD hostapd.8 -t $man/share/man/man8
install -vD hostapd_cli.1 -t $man/share/man/man1
'';
meta = with stdenv.lib; {
homepage = http://hostap.epitest.fi;
repositories.git = git://w1.fi/hostap.git;
description = "A user space daemon for access point and authentication servers";
license = licenses.gpl2;
maintainers = with maintainers; [ phreedom ninjatrappeur ];
platforms = platforms.linux;
};
}