Bug#700870: [pkg-wpa-devel] Bug#700870: building eapol_test

2016-03-27 Thread Christopher Hoskin 
Dear Stefan,

Thanks for the prompt reply! I have been able to build the packages using
the method outlined below for v2.3, v2.4, v2.5 and hostapd master (52844d6d
at the time of writing) and they all build fine. Also, I observe that since
October 2015 [0], cloning the http://w1.fi/hostap.git repository and
building eapol_test [1] has been part of the continuous integration of the
FreeRADIUS project. As the FreeRADIUS continuous integration tests
typically run several times a day [2], this would imply that there has been
a period of stability recently and also presumably that the FreeRADIUS
project has an interest in ensuring that this
remains the case.

Christopher

[0]
http://lists.freeradius.org/pipermail/freeradius-devel/2015-October/011322.html
[1]
https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/scripts/travis/eapol_test-build.sh
[2] https://travis-ci.org/FreeRADIUS/freeradius-server/builds

Package Building Method:

git clone git://w1.fi/hostap.git
cd hostap/
cp -r ../pkg-wpa/wpa/trunk/debian ./

wget -O eapoltest.patch  "
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;filename=eapoltest.patch;bug=700870;msg=35
"
patch -p1 < eapoltest.patch
rm eapoltest.patch

dch --newversion 2.5.52844d6d-1
git archive --format tar --prefix wpa-2.5.52844d6d/ master README COPYING
CONTRIBUTIONS  src wpa_supplicant hostapd hs20 tests eap_example doc
wlantest wpadebug wpaspy radius_example mac80211_hwsim Android.mk
build_release | xz -c6 > ../wpa_2.5.52844d6d.orig.tar.xz
debuild -S
(comment out any patches which nolonger apply in debian/patches/series)
debuild

For X =3,4,5

git checkout hostap_2_X
dch --newversion 2.X-1
git archive --format tar --prefix wpa-2.X/ hostap_2_X README COPYING
CONTRIBUTIONS  src wpa_supplicant hostapd hs20 tests eap_example doc
wlantest wpadebug wpaspy radius_example mac80211_hwsim patches Android.mk
build_release | xz -c6 > ../wpa_2.X.orig.tar.xz
debuild -S
debuild

Bug#700870: [pkg-wpa-devel] Bug#700870: building eapol_test

2016-03-23 Thread Stefan Lippers-Hollmann 
Hi

On 2016-03-24, Christopher Hoskin wrote:
> Hello, I've been doing some work on the upstream FreeRADIUS 3 Debian
> package, with a view to eventually getting it accepted into Debian (Bug
> #797181).
> 
> https://github.com/FreeRADIUS/freeradius-server/pulls?q=is%3Apr+author%3Amans0954
> 
> I'm currently looking at enabling build and autopkgtest tests. Upstream
> have some tests which make use of eapol_test.
> 
> If eapol_test isn't available on the system, the upstream script clones the
> upstream hostap repository and builds it. This isn't appropriate for a
> Debian package. Including enough of the hostap source within the FreeRADIUS
> Debian package to build eapol_test would not be ideal.
> 
> Therefore, I'd also like to request that Matthew Newton's patch is applied,
> so that the proposed eapoltest package can be specified as a build
> dependency of FreeRADIUS. The patch appears to apply and build against the
> latest wpa source package trunk (on amd64 at least).
> 
> Please, would this be possible?

Just a very quick/ short preliminary response, in general I'm not 
exactly thrilled about adding this -considering my build issues with 
eapol_test in previous src:wpa versions- but I haven't actually 
revisited this particular question recently.

*If* eapol_test builds with v2.3, v2.4, v2.5 and hostapd HEAD without 
having to fix bugs in the upstream code (I haven't tested this yet), I 
could be convinced to add this functionality (well, v2.5 and HEAD would
be more important than the previous versions) to src:wpa, but if this
would still be a 'constant' source for build issues (demonstrating that 
this isn't actually tested by upstream - last time I looked into it, 
the build issues were trivial, but quite numerous), I'd tend towards
declining this (however, if there'd be an src:wpa co-maintainer who'd 
take care of this aspect...). Have you checked buildability recently?

Regards
Stefan Lippers-Hollmann


pgpa50bOT3paK.pgp
Description: Digitale Signatur von OpenPGP

Bug#700870: [pkg-wpa-devel] Bug#700870: building eapol_test

2015-10-06 Thread Matthew Newton 
Control: reassign -1 wpa
Control: tags -1 + patch

Hi Stefan,

On Fri, Feb 21, 2014 at 02:26:30AM +, Stefan Lippers-Hollmann wrote:
> On Monday 18 February 2013, Matthew Newton wrote:
> > The wpa_supplicant package contains a really useful tool,
> > eapol_test. It is not currently packaged, and it would be great if
> > this could be. Use of this, for example, often comes up on the

> At the moment, as of wpa_supplicant 1.1, this causes too many build 
> problems, e.g. right now (after fixing the first one), I'm at:
...
> I will revisit this once we've switched to wpa 2.1 (very soon), but
> won't make any promises yet; an updated and slightly fixed variant of 
> your patch is attached.

I have updated the patch again for the latest source wpa package.

This builds cleanly with sbuild on jessie and unstable, and passes
lintian checks on both (aside from warnings not from this patch).

Is this able to be added now, please?

Many thanks!

Matthew


-- 
Matthew Newton, Ph.D. 

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, 
diff --git a/debian/config/wpasupplicant/kfreebsd b/debian/config/wpasupplicant/kfreebsd
index 8179215..efd4d8a 100644
--- a/debian/config/wpasupplicant/kfreebsd
+++ b/debian/config/wpasupplicant/kfreebsd
@@ -185,7 +185,7 @@ CONFIG_HT_OVERRIDES=y
 CONFIG_VHT_OVERRIDES=y
 
 # Development testing
-#CONFIG_EAPOL_TEST=y
+CONFIG_EAPOL_TEST=y
 
 # Select control interface backend for external programs, e.g, wpa_cli:
 # unix = UNIX domain sockets (default for Linux/*BSD)
diff --git a/debian/config/wpasupplicant/linux b/debian/config/wpasupplicant/linux
index 2224fc3..9018eb5 100644
--- a/debian/config/wpasupplicant/linux
+++ b/debian/config/wpasupplicant/linux
@@ -185,7 +185,7 @@ CONFIG_HT_OVERRIDES=y
 CONFIG_VHT_OVERRIDES=y
 
 # Development testing
-#CONFIG_EAPOL_TEST=y
+CONFIG_EAPOL_TEST=y
 
 # Select control interface backend for external programs, e.g, wpa_cli:
 # unix = UNIX domain sockets (default for Linux/*BSD)
diff --git a/debian/control b/debian/control
index 0ade1ee..e109346 100644
--- a/debian/control
+++ b/debian/control
@@ -97,3 +97,13 @@ Description: Client support for WPA and WPA2 (IEEE 802.11i)
  association with IEEE 802.11i networks.
  .
  This is a udeb of wpasupplicant for use by the debian-installer.
+
+Package: eapoltest
+Architecture: any
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Description: EAPoL testing utility
+ eapol_test allows testing EAP authentication methods without using
+ a full 802.1X connection. It is frequently used to test the EAP
+ configuration of RADIUS systems. It is an administrator tool and not
+ required for standard 802.1X authentication.
diff --git a/debian/eapoltest.install b/debian/eapoltest.install
new file mode 100644
index 000..d3fe2c3
--- /dev/null
+++ b/debian/eapoltest.install
@@ -0,0 +1 @@
+wpa_supplicant/eapol_test usr/bin/
diff --git a/debian/eapoltest.lintian-overrides b/debian/eapoltest.lintian-overrides
new file mode 100644
index 000..45ffdbc
--- /dev/null
+++ b/debian/eapoltest.lintian-overrides
@@ -0,0 +1,6 @@
+# We distribute the package under the terms of the BSD license due to the
+# openssl issue, tell lintian to not complain:
+eapoltest: possible-gpl-code-linked-with-openssl
+
+# These are numerous and unlikely to be fixed anytime soon, filter them out.
+eapoltest: hyphen-used-as-minus-sign
diff --git a/debian/eapoltest.manpages b/debian/eapoltest.manpages
new file mode 100644
index 000..1c02297
--- /dev/null
+++ b/debian/eapoltest.manpages
@@ -0,0 +1 @@
+wpa_supplicant/doc/docbook/eapol_test.8
diff --git a/debian/rules b/debian/rules
index 478b47e..135ac62 100755
--- a/debian/rules
+++ b/debian/rules
@@ -64,6 +64,8 @@ override_dh_auto_build:
 	  --buildsystem=makefile \
 		  --parallel
 	dh_auto_clean --sourcedirectory=src --buildsystem=makefile
+	# build eapol_test
+	$(MAKE) -C wpa_supplicant/ eapol_test
 
 override_dh_auto_clean:
 	dh_auto_clean --sourcedirectory=wpa_supplicant/doc/docbook \
@@ -118,6 +120,7 @@ override_dh_installchangelogs:
 	dh_installchangelogs --package=hostapd hostapd/ChangeLog
 	dh_installchangelogs --package=wpasupplicant wpa_supplicant/ChangeLog
 	dh_installchangelogs --package=wpagui wpa_supplicant/ChangeLog
+	dh_installchangelogs --package=eapoltest wpa_supplicant/ChangeLog
 
 override_dh_gencontrol:
 	dh_gencontrol -phostapd -- '-v1:$(VERSION)'

Bug#700870: [pkg-wpa-devel] Bug#700870: building eapol_test

2014-02-20 Thread Stefan Lippers-Hollmann 
Hi

On Monday 18 February 2013, Matthew Newton wrote:
[...]
 The wpa_supplicant package contains a really useful tool,
 eapol_test. It is not currently packaged, and it would be great if
 this could be. Use of this, for example, often comes up on the
 FreeRADIUS mailing list for RADIUS administrators to test their
 EAP configuration.
 
 It's fairly easy to build from source, but our use case has it
 installed on all our RADIUS servers for system monitoring. In this
 case, having it packaged would make things much easier to deploy
 and maintain.
 
 It doesn't build by default, and is generally only of interest to
 administrators, so probably is not worth putting in the
 wpasupplicant package, although that would be an option.
 
 I've created two small patches to the build system (for
 squeeze/0.6.10-2.1 and unstable/1.0-3) that build eapol_test and
 create a new 'eapoltest' package.
 
 Please would you consider adding this?
[...]

At the moment, as of wpa_supplicant 1.1, this causes too many build 
problems, e.g. right now (after fixing the first one), I'm at:

cc -c -o ../src/rsn_supp/wpa_ie.o -g -O2 -fPIE -fstack-protector 
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -MMD -Wall 
-D_FORTIFY_SOURCE=2 -I../src -I../src/utils -Werror -DEAPOL_TEST 
-DCONFIG_BACKEND_FILE -DCONFIG_IEEE80211W -DCONFIG_IEEE80211R -DCONFIG_PEERKEY 
-DCONFIG_IBSS_RSN -DCONFIG_P2P -DCONFIG_INTERWORKING  -DCONFIG_DRIVER_WIRED 
-DCONFIG_DRIVER_NL80211 -DCONFIG_LIBNL20 `pkg-config --cflags libnl-3.0` 
-DCONFIG_DRIVER_NONE  -DCONFIG_DRIVER_WEXT -DCONFIG_WIRELESS_EXTENSION  
-DEAP_TLS -DEAP_PEAP -DEAP_TTLS -DEAP_MD5 -DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP 
-DEAP_SIM -DEAP_LEAP -DEAP_PSK -DEAP_AKA -DEAP_AKA_PRIME -DEAP_FAST -DEAP_PAX 
-DEAP_SAKE -DEAP_GPSK -DEAP_GPSK_SHA256 -DEAP_PWD -DCONFIG_WPS2 -DCONFIG_WPS 
-DEAP_WSC -DCONFIG_WPS_ER -DCONFIG_WPS_UPNP -DCONFIG_WPS_REG_DISABLE_OPEN 
-DEAP_IKEV2 -DEAP_TNC -DIEEE8021X_EAPOL -DCONFIG_AP -DCONFIG_NO_RADIUS 
-DCONFIG_NO_ACCOUNTING -DCONFIG_NO_VLAN -DEAP_SERVER -DEAP_SERVER_IDENTITY 
-DCONFIG_IEEE80211N -DNEED_AP_MLME -DEAP_SERVER_WSC -DCONFIG_NO_RADIUS 
-DPCSC_FUNCS -I/usr/include/PCSC -DPKCS12_FUNCS -DCONFIG_SMARTCARD 
-DCONFIG_TLSV11 -DEAP_TLS_OPENSSL -DCONFIG_SHA256 -DALL_DH_GROUPS 
-DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX -DCONFIG_CTRL_IFACE_DBUS 
-DDBUS_API_SUBJECT_TO_CHANGE -I/usr/include/dbus-1.0 
-I/usr/lib/i386-linux-gnu/dbus-1.0/include   -DCONFIG_CTRL_IFACE_DBUS_NEW 
-DCONFIG_CTRL_IFACE_DBUS_INTRO -I/usr/include/dbus-1.0 
-I/usr/lib/i386-linux-gnu/dbus-1.0/include   -DCONFIG_DBUS -DCONFIG_SME 
-DCONFIG_DEBUG_SYSLOG -DLOG_HOSTAPD=LOG_DAEMON -DCONFIG_DEBUG_FILE 
-DCONFIG_DELAYED_MIC_ERROR_REPORT -DCONFIG_BGSCAN_SIMPLE -DCONFIG_BGSCAN 
-DCONFIG_GAS -DCONFIG_OFFCHANNEL ../src/rsn_supp/wpa_ie.c
../src/utils/wpa_debug.c: In function '_wpa_hexdump':
../src/utils/wpa_debug.c:196:10: error: format '%lu' expects argument of type 
'long unsigned int', but argument 4 has type 'size_t' [-Werror=format=]
  title, len, display);

with CONFIG_EAPOL_TEST=y enabled, another problem is the missing 
manpage for the eapoltest binary. The number of (trivial) build 
problems however indicates that this build target is barely tested
upstream.

I will revisit this once we've switched to wpa 2.1 (very soon), but
won't make any promises yet; an updated and slightly fixed variant of 
your patch is attached.

Regards
Stefan Lippers-Hollmann
Index: debian/config/wpasupplicant/kfreebsd
===
--- debian/config/wpasupplicant/kfreebsd	(revision 1858)
+++ debian/config/wpasupplicant/kfreebsd	(working copy)
@@ -223,7 +223,7 @@
 CONFIG_PCSC=y
 
 # Development testing
-#CONFIG_EAPOL_TEST=y
+CONFIG_EAPOL_TEST=y
 
 # Select control interface backend for external programs, e.g, wpa_cli:
 # unix = UNIX domain sockets (default for Linux/*BSD)
Index: debian/config/wpasupplicant/linux
===
--- debian/config/wpasupplicant/linux	(revision 1858)
+++ debian/config/wpasupplicant/linux	(working copy)
@@ -222,7 +222,7 @@
 CONFIG_PCSC=y
 
 # Development testing
-#CONFIG_EAPOL_TEST=y
+CONFIG_EAPOL_TEST=y
 
 # Select control interface backend for external programs, e.g, wpa_cli:
 # unix = UNIX domain sockets (default for Linux/*BSD)
Index: debian/control
===
--- debian/control	(revision 1858)
+++ debian/control	(working copy)
@@ -96,3 +96,12 @@
  association with IEEE 802.11i networks.
  .
  This is a udeb of wpasupplicant for use by the debian-installer.
+
+Package: eapoltest
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: EAPoL testing utility
+ eapol_test allows testing EAP authentication methods without using
+ a full 802.1X connection. It is frequently used to test the EAP
+ configuration of RADIUS systems. It is an administrator tool and not
+ required for standard 802.1X