Unverified Commit 4bec3f20 authored by oddlama's avatar oddlama
Browse files

hostapd: enable new stable features such as WiFi6 and structure .config 

These changes are important to support modern APs configurations.
Short overview:

- CONFIG_IEEE80211AX support (WiFi6)
- CONFIG_SAE_PK (pubkey authenticated WPA3)
- CONFIG_DRIVER_NONE (standalone RADIUS server)
- CONFIG_OCV (Operating Channel Validation)
- Enable epoll on linux systems
- Remove deprecated TKIP support
- Fix misspelling (CONFIG_INTERNETWORKING != CONFIG_INTERWORKING)
- The .config was restructured into sections to reflect the
  upstream defconfig order and for easier updating in the future
parent 0a85190a

nixos/doc/manual/release-notes/rl-2311.section.md

+2 −0
Original line number Diff line number Diff line
@@ -22,6 +22,8 @@ 


- [Apache Guacamole](https://guacamole.apache.org/), a cross-platform, clientless remote desktop gateway. Available as [services.guacamole-server](#opt-services.guacamole-server.enable) and [services.guacamole-client](#opt-services.guacamole-client.enable) services.



- Support for WiFi6 (IEEE 802.11ax) and WPA3-SAE-PK was enabled in the `hostapd` package.



## Backward Incompatibilities {#sec-release-23.11-incompatibilities}



- `python3.pkgs.sequoia` was removed in favor of `python3.pkgs.pysequoia`. The latter package is based on upstream's dedicated repository for sequoia's Python bindings, where the Python bindings from [gitlab:sequoia-pgp/sequoia](https://gitlab.com/sequoia-pgp/sequoia) were removed long ago.

pkgs/os-specific/linux/hostapd/default.nix

+44 −12
Original line number Diff line number Diff line
@@ -23,13 +23,21 @@ stdenv.mkDerivation rec { 


  outputs = [ "out" "man" ];



  # Based on hostapd's defconfig. Only differences are tracked.

  extraConfig = ''

    # Use epoll(7) instead of select(2) on linux

    CONFIG_ELOOP_EPOLL=y



    # Drivers

    CONFIG_DRIVER_WIRED=y

    CONFIG_LIBNL32=y

    CONFIG_DRIVER_NONE=y



    # Integrated EAP server

    CONFIG_EAP_SIM=y

    CONFIG_EAP_AKA=y

    CONFIG_EAP_AKA_PRIME=y

    CONFIG_EAP_PAX=y

    CONFIG_EAP_PSK=y

    CONFIG_EAP_PWD=y

    CONFIG_EAP_SAKE=y

    CONFIG_EAP_GPSK=y
@@ -38,29 +46,53 @@ stdenv.mkDerivation rec { 
    CONFIG_EAP_IKEV2=y

    CONFIG_EAP_TNC=y

    CONFIG_EAP_EKE=y

    CONFIG_RADIUS_SERVER=y

    CONFIG_IEEE80211R=y

    CONFIG_IEEE80211N=y

    CONFIG_IEEE80211AC=y

    CONFIG_IEEE80211AX=y

    CONFIG_FULL_DYNAMIC_VLAN=y

    CONFIG_VLAN_NETLINK=y



    CONFIG_TLS=openssl

    CONFIG_TLSV11=y

    CONFIG_TLSV12=y

    CONFIG_INTERNETWORKING=y



    CONFIG_SAE=y

    CONFIG_SAE_PK=y



    CONFIG_OWE=y

    CONFIG_OCV=y



    # TKIP is considered insecure and upstream support will be removed in the future

    CONFIG_NO_TKIP=y



    # Enable Wi-Fi Protected Setup

    CONFIG_WPS=y

    CONFIG_WPS_UPNP=y

    CONFIG_WPS_NFC=y



    # Misc

    CONFIG_RADIUS_SERVER=y

    CONFIG_FULL_DYNAMIC_VLAN=y

    CONFIG_VLAN_NETLINK=y

    CONFIG_GETRANDOM=y

    CONFIG_INTERWORKING=y

    CONFIG_HS20=y

    CONFIG_FST=y

    CONFIG_FST_TEST=y

    CONFIG_ACS=y

    CONFIG_GETRANDOM=y

    CONFIG_SAE=y

    CONFIG_WNM=y

    CONFIG_MBO=y



    CONFIG_IEEE80211R=y

    CONFIG_IEEE80211W=y

    CONFIG_IEEE80211N=y

    CONFIG_IEEE80211AC=y

    CONFIG_IEEE80211AX=y

  '' + lib.optionalString (sqlite != null) ''

    CONFIG_SQLITE=y

  '';



  passAsFile = [ "extraConfig" ];



  configurePhase = ''

    cd hostapd

    cp -v defconfig .config

    echo "$extraConfig" >> .config

    cat $extraConfigPath >> .config

    cat -n .config

    substituteInPlace Makefile --replace /usr/local $out

    export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE $(pkg-config --cflags libnl-3.0)"