I went and read the commit you reference:
wpa-supplicant: Use upstream defconfig
The copy of defconfig we were carrying was from 2014 and very out of
date; drop it and use the upstream version with appropriate edits for
our PACKAGECONFIG.
So this was done for exactly the reasons I mentioned. Let's not go back there.
Alex
On Fri, 28 Nov 2025 at 14:52, Alexander Kanavin via
lists.openembedded.org <[email protected]>
wrote:
>
> I am sorry, but copying such long configurations into oe-core
> introduces a significant maintenance burden, and needs a far better
> justification. What is the origin of this file? Was it modified? How
> is it going to be maintained and kept in sync?
>
> From what I can see, it's basically a copy of
> https://git.w1.fi/cgit/hostap/tree/wpa_supplicant/defconfig
>
> So why can't we use that directly? If the file isn't enabling options
> you need, then please send fixes upstream, and meanwhile patch the
> file from the recipe.
>
> Alex
>
> On Fri, 28 Nov 2025 at 02:37, Miaoqing Pan via lists.openembedded.org
> <[email protected]> wrote:
> >
> > Commit d97bedd8bdcc ("wpa-supplicant: Use upstream defconfig")
> > switched to the upstream defconfig, but the upstream file is only
> > an example and is not intended for builds. It may change or fail
> > to reflect a stable baseline configuration.
> >
> > Restore the packaged defconfig from version 2.11 to ensure a
> > consistent baseline and simplify enabling additional options.
> >
> > Fixes: d97bedd8bdcc ("wpa-supplicant: Use upstream defconfig")
> > Signed-off-by: Miaoqing Pan <[email protected]>
> > ---
> > .../wpa-supplicant/wpa-supplicant/defconfig | 688 ++++++++++++++++++
> > .../wpa-supplicant/wpa-supplicant_2.11.bb | 5 +-
> > 2 files changed, 692 insertions(+), 1 deletion(-)
> > create mode 100644
> > meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
> >
> > diff --git
> > a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
> > b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
> > new file mode 100644
> > index 0000000000..52befd8f15
> > --- /dev/null
> > +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
> > @@ -0,0 +1,688 @@
> > +# Example wpa_supplicant build time configuration
> > +#
> > +# This file lists the configuration options that are used when building the
> > +# wpa_supplicant binary. All lines starting with # are ignored.
> > Configuration
> > +# option lines must be commented out complete, if they are not to be
> > included,
> > +# i.e., just setting VARIABLE=n is not disabling that variable.
> > +#
> > +# This file is included in Makefile, so variables like CFLAGS and LIBS can
> > also
> > +# be modified from here. In most cases, these lines should use += in order
> > not
> > +# to override previous values of the variables.
> > +
> > +
> > +# Uncomment following two lines and fix the paths if you have installed
> > OpenSSL
> > +# or GnuTLS in non-default location
> > +#CFLAGS += -I/usr/local/openssl/include
> > +#LIBS += -L/usr/local/openssl/lib
> > +
> > +# Some Red Hat versions seem to include kerberos header files from
> > OpenSSL, but
> > +# the kerberos files are not in the default include path. Following line
> > can be
> > +# used to fix build issues on such systems (krb5.h not found).
> > +#CFLAGS += -I/usr/include/kerberos
> > +
> > +# Driver interface for generic Linux wireless extensions
> > +# Note: WEXT is deprecated in the current Linux kernel version and no new
> > +# functionality is added to it. nl80211-based interface is the new
> > +# replacement for WEXT and its use allows wpa_supplicant to properly
> > control
> > +# the driver to improve existing functionality like roaming and to support
> > new
> > +# functionality.
> > +CONFIG_DRIVER_WEXT=y
> > +
> > +# Driver interface for Linux drivers using the nl80211 kernel interface
> > +CONFIG_DRIVER_NL80211=y
> > +
> > +# QCA vendor extensions to nl80211
> > +#CONFIG_DRIVER_NL80211_QCA=y
> > +
> > +# driver_nl80211.c requires libnl. If you are compiling it yourself
> > +# you may need to point hostapd to your version of libnl.
> > +#
> > +#CFLAGS += -I$<path to libnl include files>
> > +#LIBS += -L$<path to libnl library files>
> > +
> > +# Use libnl v2.0 (or 3.0) libraries.
> > +#CONFIG_LIBNL20=y
> > +
> > +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
> > +CONFIG_LIBNL32=y
> > +
> > +
> > +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
> > +#CONFIG_DRIVER_BSD=y
> > +#CFLAGS += -I/usr/local/include
> > +#LIBS += -L/usr/local/lib
> > +#LIBS_p += -L/usr/local/lib
> > +#LIBS_c += -L/usr/local/lib
> > +
> > +# Driver interface for Windows NDIS
> > +#CONFIG_DRIVER_NDIS=y
> > +#CFLAGS += -I/usr/include/w32api/ddk
> > +#LIBS += -L/usr/local/lib
> > +# For native build using mingw
> > +#CONFIG_NATIVE_WINDOWS=y
> > +# Additional directories for cross-compilation on Linux host for mingw
> > target
> > +#CFLAGS += -I/opt/mingw/mingw32/include/ddk
> > +#LIBS += -L/opt/mingw/mingw32/lib
> > +#CC=mingw32-gcc
> > +# By default, driver_ndis uses WinPcap for low-level operations. This can
> > be
> > +# replaced with the following option which replaces WinPcap calls with
> > NDISUIO.
> > +# However, this requires that WZC is disabled (net stop wzcsvc) before
> > starting
> > +# wpa_supplicant.
> > +# CONFIG_USE_NDISUIO=y
> > +
> > +# Driver interface for wired Ethernet drivers
> > +CONFIG_DRIVER_WIRED=y
> > +
> > +# Driver interface for MACsec capable Qualcomm Atheros drivers
> > +#CONFIG_DRIVER_MACSEC_QCA=y
> > +
> > +# Driver interface for Linux MACsec drivers
> > +CONFIG_DRIVER_MACSEC_LINUX=y
> > +
> > +# Driver interface for the Broadcom RoboSwitch family
> > +#CONFIG_DRIVER_ROBOSWITCH=y
> > +
> > +# Driver interface for no driver (e.g., WPS ER only)
> > +#CONFIG_DRIVER_NONE=y
> > +
> > +# Solaris libraries
> > +#LIBS += -lsocket -ldlpi -lnsl
> > +#LIBS_c += -lsocket
> > +
> > +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method
> > or
> > +# MACsec is included)
> > +CONFIG_IEEE8021X_EAPOL=y
> > +
> > +# EAP-MD5
> > +CONFIG_EAP_MD5=y
> > +
> > +# EAP-MSCHAPv2
> > +CONFIG_EAP_MSCHAPV2=y
> > +
> > +# EAP-TLS
> > +CONFIG_EAP_TLS=y
> > +# Enable EAP-TLSv1.3 support by default (currently disabled unless
> > explicitly
> > +# enabled in network configuration)
> > +#CONFIG_EAP_TLSV1_3=y
> > +
> > +# EAL-PEAP
> > +CONFIG_EAP_PEAP=y
> > +
> > +# EAP-TTLS
> > +CONFIG_EAP_TTLS=y
> > +
> > +# EAP-FAST
> > +CONFIG_EAP_FAST=y
> > +
> > +# EAP-TEAP
> > +# Note: The current EAP-TEAP implementation is experimental and should not
> > be
> > +# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has
> > number
> > +# of conflicting statements and missing details and the implementation has
> > +# vendor specific workarounds for those and as such, may not interoperate
> > with
> > +# any other implementation. This should not be used for anything else than
> > +# experimentation and interoperability testing until those issues has been
> > +# resolved.
> > +#CONFIG_EAP_TEAP=y
> > +
> > +# EAP-GTC
> > +CONFIG_EAP_GTC=y
> > +
> > +# EAP-OTP
> > +CONFIG_EAP_OTP=y
> > +
> > +# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
> > +#CONFIG_EAP_SIM=y
> > +
> > +# Enable SIM simulator (Milenage) for EAP-SIM
> > +#CONFIG_SIM_SIMULATOR=y
> > +
> > +# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
> > +#CONFIG_EAP_PSK=y
> > +
> > +# EAP-pwd (secure authentication using only a password)
> > +CONFIG_EAP_PWD=y
> > +
> > +# EAP-PAX
> > +CONFIG_EAP_PAX=y
> > +
> > +# LEAP
> > +CONFIG_EAP_LEAP=y
> > +
> > +# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
> > +#CONFIG_EAP_AKA=y
> > +
> > +# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
> > +# This requires CONFIG_EAP_AKA to be enabled, too.
> > +#CONFIG_EAP_AKA_PRIME=y
> > +
> > +# Enable USIM simulator (Milenage) for EAP-AKA
> > +#CONFIG_USIM_SIMULATOR=y
> > +
> > +# EAP-SAKE
> > +CONFIG_EAP_SAKE=y
> > +
> > +# EAP-GPSK
> > +CONFIG_EAP_GPSK=y
> > +# Include support for optional SHA256 cipher suite in EAP-GPSK
> > +CONFIG_EAP_GPSK_SHA256=y
> > +
> > +# EAP-TNC and related Trusted Network Connect support (experimental)
> > +CONFIG_EAP_TNC=y
> > +
> > +# Wi-Fi Protected Setup (WPS)
> > +CONFIG_WPS=y
> > +# Enable WPS external registrar functionality
> > +#CONFIG_WPS_ER=y
> > +# Disable credentials for an open network by default when acting as a WPS
> > +# registrar.
> > +#CONFIG_WPS_REG_DISABLE_OPEN=y
> > +# Enable WPS support with NFC config method
> > +#CONFIG_WPS_NFC=y
> > +
> > +# EAP-IKEv2
> > +CONFIG_EAP_IKEV2=y
> > +
> > +# EAP-EKE
> > +#CONFIG_EAP_EKE=y
> > +
> > +# MACsec
> > +CONFIG_MACSEC=y
> > +
> > +# PKCS#12 (PFX) support (used to read private key and certificate file from
> > +# a file that usually has extension .p12 or .pfx)
> > +CONFIG_PKCS12=y
> > +
> > +# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
> > +# engine.
> > +CONFIG_SMARTCARD=y
> > +
> > +# PC/SC interface for smartcards (USIM, GSM SIM)
> > +# Enable this if EAP-SIM or EAP-AKA is included
> > +#CONFIG_PCSC=y
> > +
> > +# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
> > +#CONFIG_HT_OVERRIDES=y
> > +
> > +# Support VHT overrides (disable VHT, mask MCS rates, etc.)
> > +#CONFIG_VHT_OVERRIDES=y
> > +
> > +# Support HE overrides
> > +#CONFIG_HE_OVERRIDES=y
> > +
> > +# Development testing
> > +#CONFIG_EAPOL_TEST=y
> > +
> > +# Support IPv6
> > +CONFIG_IPV6=y
> > +
> > +# Select control interface backend for external programs, e.g, wpa_cli:
> > +# unix = UNIX domain sockets (default for Linux/*BSD)
> > +# udp = UDP sockets using localhost (127.0.0.1)
> > +# udp6 = UDP IPv6 sockets using localhost (::1)
> > +# named_pipe = Windows Named Pipe (default for Windows)
> > +# udp-remote = UDP sockets with remote access (only for tests
> > systems/purpose)
> > +# udp6-remote = UDP IPv6 sockets with remote access (only for tests
> > purpose)
> > +# y = use default (backwards compatibility)
> > +# If this option is commented out, control interface is not included in the
> > +# build.
> > +CONFIG_CTRL_IFACE=y
> > +
> > +# Include support for GNU Readline and History Libraries in wpa_cli.
> > +# When building a wpa_cli binary for distribution, please note that these
> > +# libraries are licensed under GPL and as such, BSD license may not apply
> > for
> > +# the resulting binary.
> > +#CONFIG_READLINE=y
> > +
> > +# Include internal line edit mode in wpa_cli. This can be used as a
> > replacement
> > +# for GNU Readline to provide limited command line editing and history
> > support.
> > +#CONFIG_WPA_CLI_EDIT=y
> > +
> > +# Remove debugging code that is printing out debug message to stdout.
> > +# This can be used to reduce the size of the wpa_supplicant considerably
> > +# if debugging code is not needed. The size reduction can be around 35%
> > +# (e.g., 90 kB).
> > +#CONFIG_NO_STDOUT_DEBUG=y
> > +
> > +# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
> > +# 35-50 kB in code size.
> > +#CONFIG_NO_WPA=y
> > +
> > +# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
> > +# This option can be used to reduce code size by removing support for
> > +# converting ASCII passphrases into PSK. If this functionality is removed,
> > the
> > +# PSK can only be configured as the 64-octet hexstring (e.g., from
> > +# wpa_passphrase). This saves about 0.5 kB in code size.
> > +#CONFIG_NO_WPA_PASSPHRASE=y
> > +
> > +# Simultaneous Authentication of Equals (SAE), WPA3-Personal
> > +CONFIG_SAE=y
> > +
> > +# SAE Public Key, WPA3-Personal
> > +#CONFIG_SAE_PK=y
> > +
> > +# Disable scan result processing (ap_scan=1) to save code size by about 1
> > kB.
> > +# This can be used if ap_scan=1 mode is never enabled.
> > +#CONFIG_NO_SCAN_PROCESSING=y
> > +
> > +# Select configuration backend:
> > +# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
> > +# path is given on command line, not here; this option is just used to
> > +# select the backend that allows configuration files to be used)
> > +# winreg = Windows registry (see win_example.reg for an example)
> > +CONFIG_BACKEND=file
> > +
> > +# Remove configuration write functionality (i.e., to allow the
> > configuration
> > +# file to be updated based on runtime configuration changes). The runtime
> > +# configuration can still be changed, the changes are just not going to be
> > +# persistent over restarts. This option can be used to reduce code size by
> > +# about 3.5 kB.
> > +#CONFIG_NO_CONFIG_WRITE=y
> > +
> > +# Remove support for configuration blobs to reduce code size by about 1.5
> > kB.
> > +#CONFIG_NO_CONFIG_BLOBS=y
> > +
> > +# Select program entry point implementation:
> > +# main = UNIX/POSIX like main() function (default)
> > +# main_winsvc = Windows service (read parameters from registry)
> > +# main_none = Very basic example (development use only)
> > +#CONFIG_MAIN=main
> > +
> > +# Select wrapper for operating system and C library specific functions
> > +# unix = UNIX/POSIX like systems (default)
> > +# win32 = Windows systems
> > +# none = Empty template
> > +#CONFIG_OS=unix
> > +
> > +# Select event loop implementation
> > +# eloop = select() loop (default)
> > +# eloop_win = Windows events and WaitForMultipleObject() loop
> > +#CONFIG_ELOOP=eloop
> > +
> > +# Should we use poll instead of select? Select is used by default.
> > +#CONFIG_ELOOP_POLL=y
> > +
> > +# Should we use epoll instead of select? Select is used by default.
> > +#CONFIG_ELOOP_EPOLL=y
> > +
> > +# Should we use kqueue instead of select? Select is used by default.
> > +#CONFIG_ELOOP_KQUEUE=y
> > +
> > +# Select layer 2 packet implementation
> > +# linux = Linux packet socket (default)
> > +# pcap = libpcap/libdnet/WinPcap
> > +# freebsd = FreeBSD libpcap
> > +# winpcap = WinPcap with receive thread
> > +# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
> > +# none = Empty template
> > +#CONFIG_L2_PACKET=linux
> > +
> > +# Disable Linux packet socket workaround applicable for station interface
> > +# in a bridge for EAPOL frames. This should be uncommented only if the
> > kernel
> > +# is known to not have the regression issue in packet socket behavior with
> > +# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
> > +#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
> > +
> > +# Support Operating Channel Validation
> > +#CONFIG_OCV=y
> > +
> > +# Select TLS implementation
> > +# openssl = OpenSSL (default)
> > +# gnutls = GnuTLS
> > +# internal = Internal TLSv1 implementation (experimental)
> > +# linux = Linux kernel AF_ALG and internal TLSv1 implementation
> > (experimental)
> > +# none = Empty template
> > +#CONFIG_TLS=openssl
> > +
> > +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS
> > (v1.1)
> > +# can be enabled to get a stronger construction of messages when block
> > ciphers
> > +# are used. It should be noted that some existing TLS v1.0 -based
> > +# implementation may not be compatible with TLS v1.1 message (ClientHello
> > is
> > +# sent prior to negotiating which version will be used)
> > +#CONFIG_TLSV11=y
> > +
> > +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS
> > (v1.2)
> > +# can be enabled to enable use of stronger crypto algorithms. It should be
> > +# noted that some existing TLS v1.0 -based implementation may not be
> > compatible
> > +# with TLS v1.2 message (ClientHello is sent prior to negotiating which
> > version
> > +# will be used)
> > +#CONFIG_TLSV12=y
> > +
> > +# Select which ciphers to use by default with OpenSSL if the user does not
> > +# specify them.
> > +#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
> > +
> > +# If CONFIG_TLS=internal is used, additional library and include paths are
> > +# needed for LibTomMath. Alternatively, an integrated, minimal version of
> > +# LibTomMath can be used. See beginning of libtommath.c for details on
> > benefits
> > +# and drawbacks of this option.
> > +#CONFIG_INTERNAL_LIBTOMMATH=y
> > +#ifndef CONFIG_INTERNAL_LIBTOMMATH
> > +#LTM_PATH=/usr/src/libtommath-0.39
> > +#CFLAGS += -I$(LTM_PATH)
> > +#LIBS += -L$(LTM_PATH)
> > +#LIBS_p += -L$(LTM_PATH)
> > +#endif
> > +# At the cost of about 4 kB of additional binary size, the internal
> > LibTomMath
> > +# can be configured to include faster routines for exptmod, sqr, and div to
> > +# speed up DH and RSA calculation considerably
> > +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
> > +
> > +# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
> > +# This is only for Windows builds and requires WMI-related header files and
> > +# WbemUuid.Lib from Platform SDK even when building with MinGW.
> > +#CONFIG_NDIS_EVENTS_INTEGRATED=y
> > +#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
> > +
> > +# Add support for new DBus control interface
> > +# (fi.w1.wpa_supplicant1)
> > +CONFIG_CTRL_IFACE_DBUS_NEW=y
> > +
> > +# Add introspection support for new DBus control interface
> > +CONFIG_CTRL_IFACE_DBUS_INTRO=y
> > +
> > +# Add support for loading EAP methods dynamically as shared libraries.
> > +# When this option is enabled, each EAP method can be either included
> > +# statically (CONFIG_EAP_<method>=y) or dynamically
> > (CONFIG_EAP_<method>=dyn).
> > +# Dynamic EAP methods are build as shared objects (eap_*.so) and they need
> > to
> > +# be loaded in the beginning of the wpa_supplicant configuration file
> > +# (see load_dynamic_eap parameter in the example file) before being used in
> > +# the network blocks.
> > +#
> > +# Note that some shared parts of EAP methods are included in the main
> > program
> > +# and in order to be able to use dynamic EAP methods using these parts, the
> > +# main program must have been build with the EAP method enabled (=y or
> > =dyn).
> > +# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic
> > libraries
> > +# unless at least one of them was included in the main build to force
> > inclusion
> > +# of the shared code. Similarly, at least one of EAP-SIM/AKA must be
> > included
> > +# in the main build to be able to load these methods dynamically.
> > +#
> > +# Please also note that using dynamic libraries will increase the total
> > binary
> > +# size. Thus, it may not be the best option for targets that have limited
> > +# amount of memory/flash.
> > +#CONFIG_DYNAMIC_EAP_METHODS=y
> > +
> > +# Dynamic library loading
> > +
> > +# Add the ability to configure libraries to load at compile time.
> > +# If set, these disable dynamic configuration.
> > +#CONFIG_PKCS11_ENGINE_PATH - pkcs11_engine library location.
> > +#CONFIG_PKCS11_MODULE_PATH - pkcs11_module library location.
> > +#CONFIG_OPENSC_ENGINE_PATH - opensc_engine library location.
> > +#
> > +# Prevent library loading at runtime
> > +#CONFIG_NO_PKCS11_ENGINE_PATH=y # prevents loading pkcs11_engine library.
> > +#CONFIG_NO_PKCS11_MODULE_PATH=y # prevents loading pkcs11_module library.
> > +# CONFIG_NO_OPENSC_ENGINE_PATH=y # prevents loading opensc_engine library.
> > +
> > +# Prevents loading EAP libraries at runtime
> > +#CONFIG_NO_LOAD_DYNAMIC_EAP=y
> > +
> > +# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
> > +CONFIG_IEEE80211R=y
> > +
> > +# Add support for writing debug log to a file
> > (/tmp/wpa_supplicant-log-#.txt)
> > +CONFIG_DEBUG_FILE=y
> > +
> > +# Send debug messages to syslog instead of stdout
> > +CONFIG_DEBUG_SYSLOG=y
> > +# Set syslog facility for debug messages
> > +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
> > +
> > +# Add support for sending all debug messages (regardless of debug
> > verbosity)
> > +# to the Linux kernel tracing facility. This helps debug the entire stack
> > by
> > +# making it easy to record everything happening from the driver up into the
> > +# same file, e.g., using trace-cmd.
> > +#CONFIG_DEBUG_LINUX_TRACING=y
> > +
> > +# Add support for writing debug log to Android logcat instead of standard
> > +# output
> > +#CONFIG_ANDROID_LOG=y
> > +
> > +# Enable privilege separation (see README 'Privilege separation' for
> > details)
> > +#CONFIG_PRIVSEP=y
> > +
> > +# Enable mitigation against certain attacks against TKIP by delaying
> > Michael
> > +# MIC error reports by a random amount of time between 0 and 60 seconds
> > +#CONFIG_DELAYED_MIC_ERROR_REPORT=y
> > +
> > +# Enable tracing code for developer debugging
> > +# This tracks use of memory allocations and other registrations and reports
> > +# incorrect use with a backtrace of call (or allocation) location.
> > +#CONFIG_WPA_TRACE=y
> > +# For BSD, uncomment these.
> > +#LIBS += -lexecinfo
> > +#LIBS_p += -lexecinfo
> > +#LIBS_c += -lexecinfo
> > +
> > +# Use libbfd to get more details for developer debugging
> > +# This enables use of libbfd to get more detailed symbols for the
> > backtraces
> > +# generated by CONFIG_WPA_TRACE=y.
> > +#CONFIG_WPA_TRACE_BFD=y
> > +# For BSD, uncomment these.
> > +#LIBS += -lbfd -liberty -lz
> > +#LIBS_p += -lbfd -liberty -lz
> > +#LIBS_c += -lbfd -liberty -lz
> > +
> > +# wpa_supplicant depends on strong random number generation being available
> > +# from the operating system. os_get_random() function is used to fetch
> > random
> > +# data when needed, e.g., for key generation. On Linux and BSD systems,
> > this
> > +# works by reading /dev/urandom. It should be noted that the OS entropy
> > pool
> > +# needs to be properly initialized before wpa_supplicant is started. This
> > is
> > +# important especially on embedded devices that do not have a hardware
> > random
> > +# number generator and may by default start up with minimal entropy
> > available
> > +# for random number generation.
> > +#
> > +# As a safety net, wpa_supplicant is by default trying to internally
> > collect
> > +# additional entropy for generating random data to mix in with the data
> > fetched
> > +# from the OS. This by itself is not considered to be very strong, but it
> > may
> > +# help in cases where the system pool is not initialized properly.
> > However, it
> > +# is very strongly recommended that the system pool is initialized with
> > enough
> > +# entropy either by using hardware assisted random number generator or by
> > +# storing state over device reboots.
> > +#
> > +# wpa_supplicant can be configured to maintain its own entropy store over
> > +# restarts to enhance random number generation. This is not perfect, but
> > it is
> > +# much more secure than using the same sequence of random numbers after
> > every
> > +# reboot. This can be enabled with -e<entropy file> command line option.
> > The
> > +# specified file needs to be readable and writable by wpa_supplicant.
> > +#
> > +# If the os_get_random() is known to provide strong random data (e.g., on
> > +# Linux/BSD, the board in question is known to have reliable source of
> > random
> > +# data from /dev/urandom), the internal wpa_supplicant random pool can be
> > +# disabled. This will save some in binary size and CPU use. However, this
> > +# should only be considered for builds that are known to be used on devices
> > +# that meet the requirements described above.
> > +#CONFIG_NO_RANDOM_POOL=y
> > +
> > +# Should we attempt to use the getrandom(2) call that provides more
> > reliable
> > +# yet secure randomness source than /dev/random on Linux 3.17 and newer.
> > +# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
> > +#CONFIG_GETRANDOM=y
> > +
> > +# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
> > +CONFIG_IEEE80211AC=y
> > +
> > +# IEEE 802.11ax HE support (mainly for AP mode)
> > +CONFIG_IEEE80211AX=y
> > +
> > +# IEEE 802.11be EHT support (mainly for AP mode)
> > +# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE.
> > +# Note: This is experimental and work in progress. The definitions are
> > still
> > +# subject to change and this should not be expected to interoperate with
> > the
> > +# final IEEE 802.11be version.
> > +#CONFIG_IEEE80211BE=y
> > +
> > +# Wireless Network Management (IEEE Std 802.11v-2011)
> > +# Note: This is experimental and not complete implementation.
> > +#CONFIG_WNM=y
> > +
> > +# Interworking (IEEE 802.11u)
> > +# This can be used to enable functionality to improve interworking with
> > +# external networks (GAS/ANQP to learn more about the networks and network
> > +# selection based on available credentials).
> > +CONFIG_INTERWORKING=y
> > +
> > +# Hotspot 2.0
> > +CONFIG_HS20=y
> > +
> > +# Enable interface matching in wpa_supplicant
> > +#CONFIG_MATCH_IFACE=y
> > +
> > +# Disable roaming in wpa_supplicant
> > +#CONFIG_NO_ROAMING=y
> > +
> > +# AP mode operations with wpa_supplicant
> > +# This can be used for controlling AP mode operations with wpa_supplicant.
> > It
> > +# should be noted that this is mainly aimed at simple cases like
> > +# WPA2-Personal while more complex configurations like WPA2-Enterprise
> > with an
> > +# external RADIUS server can be supported with hostapd.
> > +CONFIG_AP=y
> > +
> > +# P2P (Wi-Fi Direct)
> > +# This can be used to enable P2P support in wpa_supplicant. See README-P2P
> > for
> > +# more information on P2P operations.
> > +CONFIG_P2P=y
> > +
> > +# Enable TDLS support
> > +CONFIG_TDLS=y
> > +
> > +# Wi-Fi Display
> > +# This can be used to enable Wi-Fi Display extensions for P2P using an
> > external
> > +# program to control the additional information exchanges in the messages.
> > +CONFIG_WIFI_DISPLAY=y
> > +
> > +# Autoscan
> > +# This can be used to enable automatic scan support in wpa_supplicant.
> > +# See wpa_supplicant.conf for more information on autoscan usage.
> > +#
> > +# Enabling directly a module will enable autoscan support.
> > +# For exponential module:
> > +#CONFIG_AUTOSCAN_EXPONENTIAL=y
> > +# For periodic module:
> > +#CONFIG_AUTOSCAN_PERIODIC=y
> > +
> > +# Password (and passphrase, etc.) backend for external storage
> > +# These optional mechanisms can be used to add support for storing
> > passwords
> > +# and other secrets in external (to wpa_supplicant) location. This allows,
> > for
> > +# example, operating system specific key storage to be used
> > +#
> > +# External password backend for testing purposes (developer use)
> > +#CONFIG_EXT_PASSWORD_TEST=y
> > +# File-based backend to read passwords from an external file.
> > +#CONFIG_EXT_PASSWORD_FILE=y
> > +
> > +# Enable Fast Session Transfer (FST)
> > +#CONFIG_FST=y
> > +
> > +# Enable CLI commands for FST testing
> > +#CONFIG_FST_TEST=y
> > +
> > +# OS X builds. This is only for building eapol_test.
> > +#CONFIG_OSX=y
> > +
> > +# Automatic Channel Selection
> > +# This will allow wpa_supplicant to pick the channel automatically when
> > channel
> > +# is set to "0".
> > +#
> > +# TODO: Extend parser to be able to parse "channel=acs_survey" as an
> > alternative
> > +# to "channel=0". This would enable us to eventually add other ACS
> > algorithms in
> > +# similar way.
> > +#
> > +# Automatic selection is currently only done through initialization, later
> > on
> > +# we hope to do background checks to keep us moving to more ideal channels
> > as
> > +# time goes by. ACS is currently only supported through the nl80211 driver
> > and
> > +# your driver must have survey dump capability that is filled by the driver
> > +# during scanning.
> > +#
> > +# TODO: In analogy to hostapd be able to customize the ACS survey
> > algorithm with
> > +# a newly to create wpa_supplicant.conf variable acs_num_scans.
> > +#
> > +# Supported ACS drivers:
> > +# * ath9k
> > +# * ath5k
> > +# * ath10k
> > +#
> > +# For more details refer to:
> > +# http://wireless.kernel.org/en/users/Documentation/acs
> > +#CONFIG_ACS=y
> > +
> > +# Support Multi Band Operation
> > +#CONFIG_MBO=y
> > +
> > +# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
> > +#CONFIG_FILS=y
> > +# FILS shared key authentication with PFS
> > +#CONFIG_FILS_SK_PFS=y
> > +
> > +# Support RSN on IBSS networks
> > +# This is needed to be able to use mode=1 network profile with proto=RSN
> > and
> > +# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
> > +CONFIG_IBSS_RSN=y
> > +
> > +# External PMKSA cache control
> > +# This can be used to enable control interface commands that allow the
> > current
> > +# PMKSA cache entries to be fetched and new entries to be added.
> > +#CONFIG_PMKSA_CACHE_EXTERNAL=y
> > +
> > +# Mesh Networking (IEEE 802.11s)
> > +#CONFIG_MESH=y
> > +
> > +# Background scanning modules
> > +# These can be used to request wpa_supplicant to perform background
> > scanning
> > +# operations for roaming within an ESS (same SSID). See the bgscan
> > parameter in
> > +# the wpa_supplicant.conf file for more details.
> > +# Periodic background scans based on signal strength
> > +CONFIG_BGSCAN_SIMPLE=y
> > +# Learn channels used by the network and try to avoid bgscans on other
> > +# channels (experimental)
> > +#CONFIG_BGSCAN_LEARN=y
> > +
> > +# Opportunistic Wireless Encryption (OWE)
> > +# Experimental implementation of draft-harkins-owe-07.txt
> > +#CONFIG_OWE=y
> > +
> > +# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect)
> > +CONFIG_DPP=y
> > +# DPP version 2 support
> > +CONFIG_DPP2=y
> > +# DPP version 3 support (experimental and still changing; do not enable for
> > +# production use)
> > +#CONFIG_DPP3=y
> > +
> > +# Wired equivalent privacy (WEP)
> > +# WEP is an obsolete cryptographic data confidentiality algorithm that is
> > not
> > +# considered secure. It should not be used for anything anymore. The
> > +# functionality needed to use WEP is available in the current
> > wpa_supplicant
> > +# release under this optional build parameter. This functionality is
> > subject to
> > +# be completely removed in a future release.
> > +#CONFIG_WEP=y
> > +
> > +# Remove all TKIP functionality
> > +# TKIP is an old cryptographic data confidentiality algorithm that is not
> > +# considered secure. It should not be used anymore for anything else than a
> > +# backwards compatibility option as a group cipher when connecting to APs
> > that
> > +# use WPA+WPA2 mixed mode. For now, the default wpa_supplicant build
> > includes
> > +# support for this by default, but that functionality is subject to be
> > removed
> > +# in the future.
> > +#CONFIG_NO_TKIP=y
> > +
> > +# Pre-Association Security Negotiation (PASN)
> > +# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol
> > +# design is still subject to change. As such, this should not yet be
> > enabled in
> > +# production use.
> > +#CONFIG_PASN=y
> > +
> > +# Disable support for Radio Measurement (IEEE 802.11k) and supported
> > operating
> > +# class indication. Removing these is not recommended since they can help
> > the
> > +# AP manage the network and STA steering.
> > +#CONFIG_NO_RRM=y
> > +
> > +# Disable support for Robust AV streaming for consumer and enterprise Wi-Fi
> > +# applications; IEEE Std 802.11-2020, 4.3.24; SCS, MSCS, QoS Management
> > +#CONFIG_NO_ROBUST_AV=y
> > +
> > +# Disable support for WMM admission control
> > +#CONFIG_NO_WMM_AC=y
> > +
> > +# Wi-Fi Aware unsynchronized service discovery (NAN USD)
> > +#CONFIG_NAN_USD=y
> > diff --git
> > a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb
> > b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb
> > index ffb1cf617d..b9a8964439 100644
> > --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb
> > +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb
> > @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM =
> > "file://COPYING;md5=5ebcb90236d1ad640558c3d3cd3035df \
> > DEPENDS = "dbus libnl"
> >
> > SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
> > + file://defconfig \
> > file://wpa-supplicant.sh \
> > file://wpa_supplicant.conf \
> > file://wpa_supplicant.conf-sane \
> > @@ -37,7 +38,9 @@ EXTRA_OEMAKE = "'LIBDIR=${libdir}' 'INCDIR=${includedir}'
> > 'BINDIR=${sbindir}'"
> >
> > do_configure () {
> > ${MAKE} -C wpa_supplicant clean
> > - sed -e '/^CONFIG_TLS=/d' <wpa_supplicant/defconfig
> > >wpa_supplicant/.config
> > + install -m 0755 ${UNPACKDIR}/defconfig wpa_supplicant/.config
> > +
> > + sed -i '/CONFIG_TLS=/d' wpa_supplicant/.config
> >
> > if ${@ bb.utils.contains('PACKAGECONFIG', 'openssl', 'true',
> > 'false', d) }; then
> > echo 'CONFIG_TLS=openssl' >>wpa_supplicant/.config
> > --
> > 2.34.1
> >
> >
> >
> >
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#226913):
https://lists.openembedded.org/g/openembedded-core/message/226913
Mute This Topic: https://lists.openembedded.org/mt/116508467/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
