Ludovic Courtès writes: > Hi, > > Marius Bakke skribis: > >> Ludovic Courtès writes: >> >>> Hello Marius, >>> >>> Marius Bakke skribis: >>> >>>> Attached is a security update for WPA Supplicant. >>>> >>>> The new version toggles a lot of build-time options to more closely >>>> resemble what Debian and Arch do. Unfortunately the new defaults >>>> appears to require OpenSSL instead of GnuTLS. >>> >>> What happens when you keep CONFIG_TLS=gnutls? >> >> The linker fails to find a lot of OpenSSL interfaces. Short excerpt: >> >> ld: ../src/common/dpp.o: in function `dpp_set_pubkey_point': >> /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplicant/../src/common/dpp.c:538: undefined reference to `EVP_PKEY_get1_EC_KEY' >> ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplicant/../src/common/dpp.c:545: undefined reference to `EC_KEY_get0_group' >> ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplicant/../src/common/dpp.c:552: undefined reference to `EC_KEY_free' >> >> Omitting the OpenSSL input makes it fail earlier due to lack of headers. > > OK. > >>> This change is unrelated to the upgrade, right? It would break Connman >>> (which expects to talk to wpa_supplicant over D-Bus), as well as >>> NetworkManager probably, no? Or am I missing something? >> >> The distinguishing feature between "wpa-supplicant-minimal" and >> "wpa-supplicant" is D-Bus support. >> >> Upstream enabled D-Bus by default in version 2.8, so I toggled it back >> with the snippet above so "wpa-supplicant-minimal" stays the same. >> >> However I notice now that the new "wpa-supplicant-minimal" has D-Bus in >> its closure even though the D-Bus interface is disabled. >> >> So I'm not sure if it makes sense to have the separate -minimal variant >> anymore. The size of both wpa-supplicant variants are 102.4MiB after >> this patch, down from 157.4 and 143.1 MiB on the Guix master branch. > > Well you’re right, maybe it doesn’t make much sense to keep both > variants in that case. Errh nevermind, the "wpa-supplicant-minimal" package does *not* have D-Bus in its closure. The updated sizes are 87.8 and 102.1 MiB. > So I guess you can go ahead and push so we can all test it in the coming > days! I have tested this on a few different setups and it appears to work fine. Pushed as aeb1ed1abcc953694bcd742ae5e3ba5a13506373!