{ lib, stdenv, fetchurl, fetchpatch, openssl, pkg-config, libnl , nixosTests, wpa_supplicant_gui , dbusSupport ? !stdenv.hostPlatform.isStatic, dbus , withReadline ? true, readline , withPcsclite ? !stdenv.hostPlatform.isStatic, pcsclite }: stdenv.mkDerivation rec { version = "2.11"; pname = "wpa_supplicant"; src = fetchurl { url = "https://w1.fi/releases/${pname}-${version}.tar.gz"; sha256 = "sha256-kS6gb3TjCo42+7aAZNbN/yGNjVkdsPxddd7myBrH/Ao="; }; patches = [ (fetchpatch { name = "revert-change-breaking-auth-broadcom.patch"; url = "https://w1.fi/cgit/hostap/patch/?id=41638606054a09867fe3f9a2b5523aa4678cbfa5"; hash = "sha256-X6mBbj7BkW66aYeSCiI3JKBJv10etLQxaTRfRgwsFmM="; revert = true; }) ./unsurprising-ext-password.patch ]; # TODO: Patch epoll so that the dbus actually responds # TODO: Figure out how to get privsep working, currently getting SIGBUS extraConfig = '' #CONFIG_ELOOP_EPOLL=y #CONFIG_PRIVSEP=y #CONFIG_TLSV12=y see #8332 CONFIG_AP=y CONFIG_BGSCAN_LEARN=y CONFIG_BGSCAN_SIMPLE=y CONFIG_DEBUG_SYSLOG=y CONFIG_EAP_EKE=y CONFIG_EAP_FAST=y CONFIG_EAP_GPSK=y CONFIG_EAP_GPSK_SHA256=y CONFIG_EAP_IKEV2=y CONFIG_EAP_PAX=y CONFIG_EAP_PWD=y CONFIG_EAP_SAKE=y CONFIG_ELOOP=eloop CONFIG_EXT_PASSWORD_FILE=y CONFIG_HS20=y CONFIG_HT_OVERRIDES=y CONFIG_IEEE80211AC=y CONFIG_IEEE80211AX=y CONFIG_IEEE80211BE=y CONFIG_IEEE80211N=y CONFIG_IEEE80211R=y CONFIG_IEEE80211W=y CONFIG_INTERNETWORKING=y CONFIG_L2_PACKET=linux CONFIG_LIBNL32=y CONFIG_MESH=y CONFIG_OWE=y CONFIG_P2P=y CONFIG_SAE_PK=y CONFIG_TDLS=y CONFIG_TLS=openssl CONFIG_TLSV11=y CONFIG_VHT_OVERRIDES=y CONFIG_WNM=y CONFIG_WPS=y CONFIG_WPS_ER=y CONFIG_WPS_NFS=y CONFIG_SUITEB=y CONFIG_SUITEB192=y '' + lib.optionalString withPcsclite '' CONFIG_EAP_SIM=y CONFIG_EAP_AKA=y CONFIG_EAP_AKA_PRIME=y CONFIG_PCSC=y '' + lib.optionalString dbusSupport '' CONFIG_CTRL_IFACE_DBUS=y CONFIG_CTRL_IFACE_DBUS_NEW=y CONFIG_CTRL_IFACE_DBUS_INTRO=y '' # Upstream uses conditionals based on ifdef, so opposite of =y is # not =n, as one may expect, but undefine. # # This config is sourced into makefile. + lib.optionalString (!dbusSupport) '' undefine CONFIG_CTRL_IFACE_DBUS undefine CONFIG_CTRL_IFACE_DBUS_NEW undefine CONFIG_CTRL_IFACE_DBUS_INTRO '' + (if withReadline then '' CONFIG_READLINE=y '' else '' CONFIG_WPA_CLI_EDIT=y ''); preBuild = '' for manpage in wpa_supplicant/doc/docbook/wpa_supplicant.conf* ; do substituteInPlace "$manpage" --replace /usr/share/doc $out/share/doc done cd wpa_supplicant cp -v defconfig .config echo "$extraConfig" >> .config cat -n .config substituteInPlace Makefile --replace /usr/local $out export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE \ -I$(echo "${lib.getDev libnl}"/include/libnl*/) \ ${lib.optionalString withPcsclite "-I${lib.getDev pcsclite}/include/PCSC/"}" ''; buildInputs = [ openssl libnl ] ++ lib.optional dbusSupport dbus ++ lib.optional withReadline readline ++ lib.optional withPcsclite pcsclite; nativeBuildInputs = [ pkg-config ]; postInstall = '' mkdir -p $out/share/man/man5 $out/share/man/man8 cp -v "doc/docbook/"*.5 $out/share/man/man5/ cp -v "doc/docbook/"*.8 $out/share/man/man8/ '' + lib.optionalString dbusSupport '' mkdir -p $out/share/dbus-1/system.d $out/share/dbus-1/system-services $out/etc/systemd/system cp -v "dbus/"*service $out/share/dbus-1/system-services cp -v dbus/dbus-wpa_supplicant.conf $out/share/dbus-1/system.d cp -v "systemd/"*.service $out/etc/systemd/system '' + '' rm $out/share/man/man8/wpa_priv.8 install -Dm444 wpa_supplicant.conf $out/share/doc/wpa_supplicant/wpa_supplicant.conf.example ''; passthru.tests = { inherit (nixosTests) wpa_supplicant; inherit wpa_supplicant_gui; # inherits the src+version updates }; meta = with lib; { homepage = "https://w1.fi/wpa_supplicant/"; description = "Tool for connecting to WPA and WPA2-protected wireless networks"; license = licenses.bsd3; maintainers = with maintainers; [ marcweber ma27 ]; platforms = platforms.linux; }; }