mirror of
https://github.com/vyos/vyos-build.git
synced 2025-10-01 20:28:40 +02:00
c260174c5b
The Debian 12 upgrade in T5003 caused a regression for connecting to legacy networks that only support TLSv1.0/1.1 for EAP-TLS. This commit fixes one part of the issue by adding Debian's patch for allowing legacy renegotiation (SSL_OP_LEGACY_SERVER_CONNECT flag). The flag used to be allowed by default, but that changed with the openssl 3.0 upgrade in Debian 12. (This commit also updates `build.sh` to just overwrite `debian/patches/series` and not delete patch files since dpkg-buildpackage/quilt never applies unlisted patches.) Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
39 lines
1.0 KiB
Bash
Executable File
39 lines
1.0 KiB
Bash
Executable File
#!/bin/bash
|
|
CWD=$(pwd)
|
|
set -e
|
|
|
|
SRC=hostap
|
|
SRC_DEB=wpa
|
|
|
|
if [ ! -d ${SRC} ]; then
|
|
echo "${SRC} directory does not exists, please 'git clone'"
|
|
exit 1
|
|
fi
|
|
if [ ! -d ${SRC_DEB} ]; then
|
|
echo "${SRC_DEB} directory does not exists, please 'git clone'"
|
|
exit 1
|
|
fi
|
|
|
|
echo "I: Copy Debian build instructions"
|
|
cp -a ${SRC_DEB}/debian ${SRC}
|
|
# Preserve Debian's default of allowing TLSv1.0 and legacy renegotiation for
|
|
# compatibility with networks that use legacy crypto
|
|
cat > ${SRC}/debian/patches/series << EOF
|
|
allow-tlsv1.patch
|
|
allow-legacy-renegotiation.patch
|
|
EOF
|
|
|
|
# Build Debian package
|
|
cd ${SRC}
|
|
|
|
echo "I: Ensure Debian build dependencies are met"
|
|
sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"
|
|
|
|
echo "I: Create new Debian Package version"
|
|
version="$(git describe --tags | tr _ .)"
|
|
dch -v ${version:7} "New version to support AES-GCM-256 for MACsec" -b
|
|
|
|
echo "I: Build Debian hostap Package"
|
|
DEB_CPPFLAGS_SET="-Wno-use-after-free -Wno-deprecated-declarations" \
|
|
dpkg-buildpackage -us -uc -tc -b -Ppkg.wpa.nogui,noudeb
|