# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=wpa_supplicant
pkgver=2.4
pkgrel=1
pkgdesc="A utility providing key negotiation for WPA wireless networks"
url="http://hostap.epitest.fi/wpa_supplicant"
arch="all"
license="BSD"
subpackages="$pkgname-doc $pkgname-gui"
depends="dbus"
makedepends="openssl-dev dbus-dev libnl3-dev qt-dev"
source="http://hostap.epitest.fi/releases/$pkgname-$pkgver.tar.gz
	CVE-2015-1863.patch
	CVE-2015-4141.patch
	CVE-2015-4142.patch
	0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
	0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
	0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
	0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
	0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch

	wpa_supplicant.initd
	wpa_supplicant.confd
	"

_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
	cd "$_builddir"
	for i in $source; do
		case $i in
		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
		esac
	done

	cd "$_builddir"/wpa_supplicant
	# Toolchain setup
	echo "CC = ${CC:-gcc}" > .config

	# Basic setup
	echo "CONFIG_CTRL_IFACE=y" >> .config
	# dbus support
	echo "CONFIG_CTRL_IFACE_DBUS=y" >> .config
	echo "CONFIG_CTRL_IFACE_DBUS_NEW=y" >> .config
	echo "CONFIG_CTRL_IFACE_DBUS_INTRO=y" >> .config

	echo "CONFIG_BACKEND=file" >> .config

	# Basic authentication methods
	# NOTE: we don't set GPSK or SAKE as they conflict
	# with the below options
	echo "CONFIG_EAP_GTC=y"         >> .config
	echo "CONFIG_EAP_MD5=y"         >> .config
	echo "CONFIG_EAP_OTP=y"         >> .config
	echo "CONFIG_EAP_PAX=y"         >> .config
	echo "CONFIG_EAP_PSK=y"         >> .config
	echo "CONFIG_EAP_TLV=y"         >> .config
	echo "CONFIG_IEEE8021X_EAPOL=y" >> .config
	echo "CONFIG_PKCS12=y"          >> .config
	echo "CONFIG_PEERKEY=y"         >> .config
	echo "CONFIG_EAP_LEAP=y"        >> .config
	echo "CONFIG_EAP_MSCHAPV2=y"    >> .config
	echo "CONFIG_EAP_PEAP=y"        >> .config
	echo "CONFIG_EAP_TLS=y"         >> .config
	echo "CONFIG_EAP_TTLS=y"        >> .config

	# debug
	# echo "CONFIG_DEBUG_FILE=y" >> .config

	# Smart card authentication
	#echo "CONFIG_EAP_SIM=y"       >> .config
	#echo "CONFIG_EAP_AKA=y"       >> .config
	#echo "CONFIG_EAP_AKA_PRIME=y" >> .config
	#echo "CONFIG_PCSC=y"          >> .config

	# readline/history support for wpa_cli
	#echo "CONFIG_READLINE=y" >> .config

	# SSL authentication methods
	echo "CONFIG_TLS=openssl"    >> .config
	echo "CONFIG_SMARTCARD=y"    >> .config
	# use gnutls
	# echo "CONFIG_TLS=gnutls"     >> .config
	# echo "CONFIG_GNUTLS_EXTRA=y" >> .config
	#echo "CONFIG_TLS=internal"   >> .config

	# Linux specific drivers
	echo "CONFIG_DRIVER_ATMEL=y"       >> .config
	#echo "CONFIG_DRIVER_BROADCOM=y"   >> .config
	#echo "CONFIG_DRIVER_HERMES=y"	   >> .config
	echo "CONFIG_DRIVER_HOSTAP=y"      >> .config
	echo "CONFIG_DRIVER_IPW=y"         >> .config
	echo "CONFIG_DRIVER_NDISWRAPPER=y" >> .config
	echo "CONFIG_DRIVER_NL80211=y"     >> .config
	#echo "CONFIG_DRIVER_PRISM54=y"    >> .config
	echo "CONFIG_DRIVER_RALINK=y"      >> .config
	echo "CONFIG_DRIVER_WEXT=y"        >> .config
	echo "CONFIG_DRIVER_WIRED=y"       >> .config

	# Add include path for madwifi-driver headers
	#echo "CFLAGS += -I/usr/include/madwifi" >> .config
	#echo "CONFIG_DRIVER_MADWIFI=y"          >> .config

	# Wi-Fi Protected Setup (WPS)
	echo "CONFIG_WPS=y" >> .config

	# Enable mitigation against certain attacks against TKIP
	echo "CONFIG_DELAYED_MIC_ERROR_REPORT=y" >> .config

	echo "CONFIG_WPS2=y" >> .config
	echo "CONFIG_AP=y" >> .config
	echo "CONFIG_P2P=y" >> .config
	echo "CONFIG_LIBNL32=y" >> .config
}

build() {
	cd "$_builddir"/wpa_supplicant
	make LIBDIR=/lib BINDIR=/sbin || return 1
	# comment out the network={ } stansas in config
	sed -i -e '/^network=/,/}/s/^/#/' wpa_supplicant.conf
	make wpa_gui-qt4 || return 1
	make eapol_test || return 1
}

package() {
	cd "$_builddir"/wpa_supplicant
	make DESTDIR="$pkgdir" LIBDIR=/lib BINDIR=/sbin install || return 1
	install -Dm644 wpa_supplicant.conf \
		"$pkgdir"/etc/wpa_supplicant/wpa_supplicant.conf
	install -Dm644 doc/docbook/wpa_supplicant.conf.5 \
		"$pkgdir"/usr/share/man/man5/wpa_supplicant.conf.5 || return 1
	for i in wpa_background wpa_cli wpa_passphrase wpa_supplicant; do
		install -Dm644 doc/docbook/$i.8 \
			"$pkgdir"/usr/share/man/man8/$i.8 || return 1
	done
	install -Dm755 eapol_test "$pkgdir"/sbin/eapol_test || return 1

	# gui
	install -d "$pkgdir"/usr/bin
	install -m 0755 wpa_gui-qt4/wpa_gui "$pkgdir"/usr/bin/wpa_gui \
		|| return 1

	# dbus
	cd dbus || return 1
	install -d "$pkgdir"/etc/dbus-1/system.d
	install dbus-wpa_supplicant.conf \
		"$pkgdir"/etc/dbus-1/system.d/wpa_supplicant.conf || return 1
	install -d "$pkgdir"/usr/share/dbus-1/system-services
	install fi.epitest.hostap.WPASupplicant.service \
		"$pkgdir"/usr/share/dbus-1/system-services || return 1
	install -d "$pkgdir"/var/run/wpa_supplicant
	install -Dm755 "$srcdir"/wpa_supplicant.initd \
		"$pkgdir"/etc/init.d/wpa_supplicant || return 1
	install -Dm755 "$srcdir"/wpa_supplicant.confd \
		"$pkgdir"/etc/conf.d/wpa_supplicant || return 1
}

gui() {
	pkgdesc="Grafical User Interface for $pkgname"
	mkdir -p "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/wpa_gui "$subpkgdir"/usr/bin/
}

md5sums="f0037dbe03897dcaf2ad2722e659095d  wpa_supplicant-2.4.tar.gz
8e8c34267fefcc4142ee142e5515b5df  CVE-2015-1863.patch
222ec96a8dc73c41608cc463beac3966  CVE-2015-4141.patch
d3688697f81ca1e684a79dfa3682a111  CVE-2015-4142.patch
87d611a9b704402f66fa59ba1458928d  0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
bafcec421e4f5c6a8383893d029a79e5  0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
fa2aed3cf49f7e6c7b17bf9db9a001f5  0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
de0fca4d74a1883d15ef5754f13a5226  0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
9d854969af23b207f9f3dff38ef78770  0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
5ee64e2494a9e83740d2344dd5b9bb19  wpa_supplicant.initd
bc117427f2c538439f3f1481a028ee06  wpa_supplicant.confd"
sha256sums="058dc832c096139a059e6df814080f50251a8d313c21b13364c54a1e70109122  wpa_supplicant-2.4.tar.gz
a3abf75801f02199ff48c316a7b6598860e6ca20ce2fe79b0bec873905e5c8a4  CVE-2015-1863.patch
eb63d845fdc38b6310c527ad1705b6fe3b74f90e263188da2aca97468cc55142  CVE-2015-4141.patch
cc6c488afab4ccfdaedd9e224989b5fe713d6b0415ea94579190bd8ba60c9be5  CVE-2015-4142.patch
a204bc37f52e5346780a306c01706689eb46263dedcdcb1eb2f4c0b291a0db93  0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
298fc3b89f987922fb2600d0c95e8c868d6da30d24643748afd47bcd30da7b44  0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
2fd42fb53be793c54343aa18a84afebe4603aa6ce8b6969ad6b3a8d327c6b142  0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
c28ca6303a562809dfd1812f9b918808b3b0f0c52cc43070fd1777e1cfc88f18  0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
04ef66fbd5b2167274cd7123d7f7252963b9a9c1ec2f5edf6558a6ad92d47689  0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
131828768c8f334b39bb5294398105ed4cd6d031908e6e9b00bb4a0938f5f7f2  wpa_supplicant.initd
61ec59007f66ac5bacc0aa095d1f2ccbc977a687038e161a463d1727223d5a90  wpa_supplicant.confd"
sha512sums="03d8199325b3910f77013ddb7edd803ab4444542230484e1cb465dc3df9372b39ee3307d823ce88730e8f5a5231ef3183954c54cf07297b70432f526e45aac2b  wpa_supplicant-2.4.tar.gz
61f90d06bd42fb7ea17ba147db861303f5b1fdce2cda35492cec578214da5ea5d654a1df99dee4d4a0c07ef3e8b3bfb65ab4b98eff21c2013adf536766136ce1  CVE-2015-1863.patch
4633a96a91e151407e4c62b74b4e78d37e4fba586278c6ae4340ce149bee0c644a4d62675256839c3130374a4dc7531beaeed8282946e7dcd3faf1ed74bf99be  CVE-2015-4141.patch
dc561d90f3f329ebb201abbb53eea161603fb2abba6b2fc5c79298d97c84f2d65d401608cd7bb2fb82abf909661c56699bf4bcbf902f6f8c7d5b1853b0277353  CVE-2015-4142.patch
9440f8d9d18d20b95d236c1a4467d86dfbbc17d8f26b0caa48d6737c6231d1ff14793c6fc8a1e4508f3ad38c9a5d710fd49b85c7de16634dbe6685af05f44f7c  0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
0887017bfdb4632baa49bb849b732eed7eec9a498247fdd5ef8448e4a6df10380c06d68fa706e0b2624c04eb6f5a327cdb71c5c71c3476dc383f889ee7372702  0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
341901aa94c44ae725b6d4dddac2a52b6457234189554fc282c9cf5fa0254125d7323553a7b8118f9a3e2020f039267ed4c912f84ac6f2cb12670b40c28ac652  0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
b752f91c3d6dcf0784d9cb20a0c7f8de6c837c38ff62cf77b136d9b818890b13f55eeed1d6097f244181b480be953e1bdfb5651116dc5d62a2d02c018e19042a  0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
07a21f0cc7d00e17bed8ef5ced36159020a410a4606aa0ca24e47223835ab0cc5fbeed3075c4f17d2ce1aee437eedf9fea8f4b95252b2fa255d54a195637cb6f  0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
4a62879f6eb37226a2009a4bceb123c6e610c366c2369ee2fc84b66b79e8dddee5185a64cebe0331bafe13d61cf44c0bbbe3dce2620c0f4525c96afcb58dd362  wpa_supplicant.initd
29103161ec2b9631fca9e8d9a97fafd60ffac3fe78cf613b834395ddcaf8be1e253c22e060d7d9f9b974b2d7ce794caa932a2125e29f6494b75bce475f7b30e1  wpa_supplicant.confd"