* [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools @ 2017-04-27 5:30 Stefan Agner 2017-04-28 12:24 ` Martin Jansa 2017-05-18 7:29 ` Robert Yang 0 siblings, 2 replies; 11+ messages in thread From: Stefan Agner @ 2017-04-27 5:30 UTC (permalink / raw) To: martin.jansa, openembedded-devel WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. The recipes add the current experimental snapshot v0.0.20170421 out-of-tree kernel module and tools. The kernel module has some kernel configuration dependencies such as some configuration part of features/netfilter/netfilter.scc, hence netfilter.scc should be part of KERNEL_EXTRA_FEATURES (which is the case by default). Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module which is MACHINE_ARCH (like all kernel modules) we need to add this dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. Signed-off-by: Stefan Agner <stefan@agner.ch> --- Changes since v2: - Upgrade to v0.0.20170421 - Add comment about Linux kernel requirement Changes since v1: - Upgrade to v0.0.20170409 - Add wireguard-tools -> wireguard-module dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. meta-networking/conf/layer.conf | 4 ++++ .../wireguard/wireguard-module_0.0.20170421.bb | 13 +++++++++++ .../wireguard/wireguard-tools_0.0.20170421.bb | 27 ++++++++++++++++++++++ .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++ 4 files changed, 62 insertions(+) create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf index 85ad93b..b5aa159 100644 --- a/meta-networking/conf/layer.conf +++ b/meta-networking/conf/layer.conf @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses" # Override security flags require conf/distro/include/meta_networking_security_flags.inc + +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ + wireguard-tools->wireguard-module \ +" diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb new file mode 100644 index 0000000..cb21bda --- /dev/null +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb @@ -0,0 +1,13 @@ +require wireguard.inc + +inherit module + +# This module requires Linux 3.10 higher and several networking related +# configuration options. For exact kernel requirements visit: +# https://www.wireguard.io/install/#kernel-requirements + +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}" +MAKE_TARGETS = "module" +MODULES_INSTALL_TARGET = "module-install" + +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb new file mode 100644 index 0000000..79d420f --- /dev/null +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb @@ -0,0 +1,27 @@ +require wireguard.inc + +inherit bash-completion systemd pkgconfig + +DEPENDS = "wireguard-module libmnl" + +do_compile_prepend () { + cd ${S}/tools +} + +do_install () { + cd ${S}/tools + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \ + SYSTEMDUNITDIR="${systemd_unitdir}" \ + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \ + WITH_BASHCOMPLETION=yes \ + WITH_WGQUICK=yes \ + install +} + +FILES_${PN} = " \ + ${sysconfdir} \ + ${systemd_unitdir} \ + ${bindir} \ +" + +RDEPENDS_${PN} = "wireguard-module" diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc new file mode 100644 index 0000000..46a9971 --- /dev/null +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc @@ -0,0 +1,18 @@ +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN" +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \ +implemented as a kernel virtual network interface for Linux, which aims to \ +replace both IPsec for most use cases, as well as popular user space and/or \ +TLS-based solutions like OpenVPN, while being more secure, more performant, \ +and easier to use." +SECTION = "networking" +HOMEPAGE = "https://www.wireguard.io/" +LICENSE = "GPLv2" + +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" + +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d" +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000" + +S = "${WORKDIR}/WireGuard-${PV}/src/" -- 2.7.4 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools 2017-04-27 5:30 [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools Stefan Agner @ 2017-04-28 12:24 ` Martin Jansa 2017-04-29 1:18 ` Stefan Agner 2017-05-18 7:29 ` Robert Yang 1 sibling, 1 reply; 11+ messages in thread From: Martin Jansa @ 2017-04-28 12:24 UTC (permalink / raw) To: Stefan Agner; +Cc: openembedded-devel This latest version (which was merged to master yesterday) fails to build: http://errors.yoctoproject.org/Errors/Details/141421/ On Thu, Apr 27, 2017 at 7:30 AM, Stefan Agner <stefan@agner.ch> wrote: > WireGuard is an extremely simple yet fast and modern VPN that utilizes > state-of-the-art cryptography. It aims to be faster, simpler, leaner, > and more useful than IPSec, while avoiding the massive headache. > > The recipes add the current experimental snapshot v0.0.20170421 > out-of-tree kernel module and tools. The kernel module has some kernel > configuration dependencies such as some configuration part of > features/netfilter/netfilter.scc, hence netfilter.scc should be part > of KERNEL_EXTRA_FEATURES (which is the case by default). > > Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module > which is MACHINE_ARCH (like all kernel modules) we need to add this > dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. > > Signed-off-by: Stefan Agner <stefan@agner.ch> > --- > Changes since v2: > - Upgrade to v0.0.20170421 > - Add comment about Linux kernel requirement > > Changes since v1: > - Upgrade to v0.0.20170409 > - Add wireguard-tools -> wireguard-module dependency to > SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. > > meta-networking/conf/layer.conf | 4 ++++ > .../wireguard/wireguard-module_0.0.20170421.bb | 13 +++++++++++ > .../wireguard/wireguard-tools_0.0.20170421.bb | 27 > ++++++++++++++++++++++ > .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++ > 4 files changed, 62 insertions(+) > create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard- > module_0.0.20170421.bb > create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard- > tools_0.0.20170421.bb > create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc > > diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer. > conf > index 85ad93b..b5aa159 100644 > --- a/meta-networking/conf/layer.conf > +++ b/meta-networking/conf/layer.conf > @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses" > > # Override security flags > require conf/distro/include/meta_networking_security_flags.inc > + > +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ > + wireguard-tools->wireguard-module \ > +" > diff --git a/meta-networking/recipes-kernel/wireguard/wireguard- > module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/ > wireguard-module_0.0.20170421.bb > new file mode 100644 > index 0000000..cb21bda > --- /dev/null > +++ b/meta-networking/recipes-kernel/wireguard/wireguard- > module_0.0.20170421.bb > @@ -0,0 +1,13 @@ > +require wireguard.inc > + > +inherit module > + > +# This module requires Linux 3.10 higher and several networking related > +# configuration options. For exact kernel requirements visit: > +# https://www.wireguard.io/install/#kernel-requirements > + > +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}" > +MAKE_TARGETS = "module" > +MODULES_INSTALL_TARGET = "module-install" > + > +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" > diff --git a/meta-networking/recipes-kernel/wireguard/wireguard- > tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/ > wireguard-tools_0.0.20170421.bb > new file mode 100644 > index 0000000..79d420f > --- /dev/null > +++ b/meta-networking/recipes-kernel/wireguard/wireguard- > tools_0.0.20170421.bb > @@ -0,0 +1,27 @@ > +require wireguard.inc > + > +inherit bash-completion systemd pkgconfig > + > +DEPENDS = "wireguard-module libmnl" > + > +do_compile_prepend () { > + cd ${S}/tools > +} > + > +do_install () { > + cd ${S}/tools > + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" > SYSCONFDIR="${sysconfdir}" \ > + SYSTEMDUNITDIR="${systemd_unitdir}" \ > + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', > 'systemd', 'yes', '', d)} \ > + WITH_BASHCOMPLETION=yes \ > + WITH_WGQUICK=yes \ > + install > +} > + > +FILES_${PN} = " \ > + ${sysconfdir} \ > + ${systemd_unitdir} \ > + ${bindir} \ > +" > + > +RDEPENDS_${PN} = "wireguard-module" > diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc > b/meta-networking/recipes-kernel/wireguard/wireguard.inc > new file mode 100644 > index 0000000..46a9971 > --- /dev/null > +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc > @@ -0,0 +1,18 @@ > +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN" > +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \ > +implemented as a kernel virtual network interface for Linux, which aims > to \ > +replace both IPsec for most use cases, as well as popular user space > and/or \ > +TLS-based solutions like OpenVPN, while being more secure, more > performant, \ > +and easier to use." > +SECTION = "networking" > +HOMEPAGE = "https://www.wireguard.io/" > +LICENSE = "GPLv2" > + > +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a42 > 63" > + > +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-$ > {PV}.tar.xz" > + > +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d" > +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b > 5e474cc6842ac04967773cf77b26750000" > + > +S = "${WORKDIR}/WireGuard-${PV}/src/" > -- > 2.7.4 > > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools 2017-04-28 12:24 ` Martin Jansa @ 2017-04-29 1:18 ` Stefan Agner 2017-05-01 15:18 ` Joe MacDonald 0 siblings, 1 reply; 11+ messages in thread From: Stefan Agner @ 2017-04-29 1:18 UTC (permalink / raw) To: Martin Jansa; +Cc: openembedded-devel Hm, I can not reproduce here. It looks like module has not been included, the module make arguments are missing... Here it looks like this: NOTE: make -j 8 KERNEL_SRC=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source KERNELDIR=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source KERNEL_PATH=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source KERNEL_VERSION=4.10.5-yocto-standard CC=x86_64-oe-linux-gcc -fuse-ld=bfd LD=x86_64-oe-linux-ld.bfd AR=x86_64-oe-linux-ar O=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-build-artifacts KBUILD_EXTRA_SYMBOLS= module Do you have an idea what is going on? On 2017-04-28 05:24, Martin Jansa wrote: > This latest version (which was merged to master yesterday) fails to build: > > http://errors.yoctoproject.org/Errors/Details/141421/ > > On Thu, Apr 27, 2017 at 7:30 AM, Stefan Agner <stefan@agner.ch> wrote: > >> WireGuard is an extremely simple yet fast and modern VPN that utilizes >> state-of-the-art cryptography. It aims to be faster, simpler, leaner, >> and more useful than IPSec, while avoiding the massive headache. >> >> The recipes add the current experimental snapshot v0.0.20170421 >> out-of-tree kernel module and tools. The kernel module has some kernel >> configuration dependencies such as some configuration part of >> features/netfilter/netfilter.scc, hence netfilter.scc should be part >> of KERNEL_EXTRA_FEATURES (which is the case by default). >> >> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module >> which is MACHINE_ARCH (like all kernel modules) we need to add this >> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. >> >> Signed-off-by: Stefan Agner <stefan@agner.ch> >> --- >> Changes since v2: >> - Upgrade to v0.0.20170421 >> - Add comment about Linux kernel requirement >> >> Changes since v1: >> - Upgrade to v0.0.20170409 >> - Add wireguard-tools -> wireguard-module dependency to >> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. >> >> meta-networking/conf/layer.conf | 4 ++++ >> .../wireguard/wireguard-module_0.0.20170421.bb [1] | 13 +++++++++++ >> .../wireguard/wireguard-tools_0.0.20170421.bb [2] | 27 ++++++++++++++++++++++ >> .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++ >> 4 files changed, 62 insertions(+) >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc >> >> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf >> index 85ad93b..b5aa159 100644 >> --- a/meta-networking/conf/layer.conf >> +++ b/meta-networking/conf/layer.conf >> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses" >> >> # Override security flags >> require conf/distro/include/meta_networking_security_flags.inc >> + >> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ >> + wireguard-tools->wireguard-module \ >> +" >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] >> new file mode 100644 >> index 0000000..cb21bda >> --- /dev/null >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] >> @@ -0,0 +1,13 @@ >> +require wireguard.inc >> + >> +inherit module >> + >> +# This module requires Linux 3.10 higher and several networking related >> +# configuration options. For exact kernel requirements visit: >> +# https://www.wireguard.io/install/#kernel-requirements [3] >> + >> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}" >> +MAKE_TARGETS = "module" >> +MODULES_INSTALL_TARGET = "module-install" >> + >> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] >> new file mode 100644 >> index 0000000..79d420f >> --- /dev/null >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] >> >> @@ -0,0 +1,27 @@ >> +require wireguard.inc >> + >> +inherit bash-completion systemd pkgconfig >> + >> +DEPENDS = "wireguard-module libmnl" >> + >> +do_compile_prepend () { >> + cd ${S}/tools >> +} >> + >> +do_install () { >> + cd ${S}/tools >> + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \ >> + SYSTEMDUNITDIR="${systemd_unitdir}" \ >> + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \ >> + WITH_BASHCOMPLETION=yes \ >> + WITH_WGQUICK=yes \ >> + install >> +} >> + >> +FILES_${PN} = " \ >> + ${sysconfdir} \ >> + ${systemd_unitdir} \ >> + ${bindir} \ >> +" >> + >> +RDEPENDS_${PN} = "wireguard-module" >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc >> new file mode 100644 index 0000000..46a9971 >> --- /dev/null >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc >> @@ -0,0 +1,18 @@ >> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN" >> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \ >> +implemented as a kernel virtual network interface for Linux, which aims to \ >> +replace both IPsec for most use cases, as well as popular user space and/or \ >> +TLS-based solutions like OpenVPN, while being more secure, more performant, \ >> +and easier to use." >> +SECTION = "networking" >> +HOMEPAGE = "https://www.wireguard.io/" >> +LICENSE = "GPLv2" >> + >> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" >> + >> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz [4]" >> + >> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d" >> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000" >> >> + >> +S = "${WORKDIR}/WireGuard-${PV}/src/" >> -- >> 2.7.4 Links: ------ [1] http://wireguard-module_0.0.20170421.bb [2] http://wireguard-tools_0.0.20170421.bb [3] https://www.wireguard.io/install/#kernel-requirements [4] https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools 2017-04-29 1:18 ` Stefan Agner @ 2017-05-01 15:18 ` Joe MacDonald 2017-05-01 21:37 ` Stefan Agner 0 siblings, 1 reply; 11+ messages in thread From: Joe MacDonald @ 2017-05-01 15:18 UTC (permalink / raw) To: Stefan Agner; +Cc: openembedded-devel [-- Attachment #1: Type: text/plain, Size: 7452 bytes --] [Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools] On 17.04.28 (Fri 18:18) Stefan Agner wrote: > > > Hm, I can not reproduce here. It looks like module has not been > included, the module make arguments are missing... > > Here it looks like this: > > NOTE: make -j 8 > KERNEL_SRC=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source > KERNELDIR=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source > KERNEL_PATH=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source > KERNEL_VERSION=4.10.5-yocto-standard CC=x86_64-oe-linux-gcc > -fuse-ld=bfd LD=x86_64-oe-linux-ld.bfd AR=x86_64-oe-linux-ar > O=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-build-artifacts > KBUILD_EXTRA_SYMBOLS= module > > Do you have an idea what is going on? I don't off hand, but since I merged it, I'll try to investigate it. It's been somewhat complicated by the fact that this configuration builds for me but fails for the world builds as Martin notes. But the configuration that last passed for the world builds failed to build for my ARM target builds during a do_install step because it was clearly trying to look at my host system. For now I've just blacklisted the recipe in master. -J. > > On 2017-04-28 05:24, Martin Jansa wrote: > > > This latest version (which was merged to master yesterday) fails to build: > > > > http://errors.yoctoproject.org/Errors/Details/141421/ > > > > On Thu, Apr 27, 2017 at 7:30 AM, Stefan Agner <stefan@agner.ch> wrote: > > > >> WireGuard is an extremely simple yet fast and modern VPN that utilizes > >> state-of-the-art cryptography. It aims to be faster, simpler, leaner, > >> and more useful than IPSec, while avoiding the massive headache. > >> > >> The recipes add the current experimental snapshot v0.0.20170421 > >> out-of-tree kernel module and tools. The kernel module has some kernel > >> configuration dependencies such as some configuration part of > >> features/netfilter/netfilter.scc, hence netfilter.scc should be part > >> of KERNEL_EXTRA_FEATURES (which is the case by default). > >> > >> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module > >> which is MACHINE_ARCH (like all kernel modules) we need to add this > >> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. > >> > >> Signed-off-by: Stefan Agner <stefan@agner.ch> > >> --- > >> Changes since v2: > >> - Upgrade to v0.0.20170421 > >> - Add comment about Linux kernel requirement > >> > >> Changes since v1: > >> - Upgrade to v0.0.20170409 > >> - Add wireguard-tools -> wireguard-module dependency to > >> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. > >> > >> meta-networking/conf/layer.conf | 4 ++++ > >> .../wireguard/wireguard-module_0.0.20170421.bb [1] | 13 +++++++++++ > >> .../wireguard/wireguard-tools_0.0.20170421.bb [2] | 27 ++++++++++++++++++++++ > >> .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++ > >> 4 files changed, 62 insertions(+) > >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] > >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] > >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc > >> > >> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf > >> index 85ad93b..b5aa159 100644 > >> --- a/meta-networking/conf/layer.conf > >> +++ b/meta-networking/conf/layer.conf > >> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses" > >> > >> # Override security flags > >> require conf/distro/include/meta_networking_security_flags.inc > >> + > >> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ > >> + wireguard-tools->wireguard-module \ > >> +" > >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] > >> new file mode 100644 > >> index 0000000..cb21bda > >> --- /dev/null > >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] > >> @@ -0,0 +1,13 @@ > >> +require wireguard.inc > >> + > >> +inherit module > >> + > >> +# This module requires Linux 3.10 higher and several networking related > >> +# configuration options. For exact kernel requirements visit: > >> +# https://www.wireguard.io/install/#kernel-requirements [3] > >> + > >> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}" > >> +MAKE_TARGETS = "module" > >> +MODULES_INSTALL_TARGET = "module-install" > >> + > >> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" > >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] > >> new file mode 100644 > >> index 0000000..79d420f > >> --- /dev/null > >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] > >> > >> @@ -0,0 +1,27 @@ > >> +require wireguard.inc > >> + > >> +inherit bash-completion systemd pkgconfig > >> + > >> +DEPENDS = "wireguard-module libmnl" > >> + > >> +do_compile_prepend () { > >> + cd ${S}/tools > >> +} > >> + > >> +do_install () { > >> + cd ${S}/tools > >> + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \ > >> + SYSTEMDUNITDIR="${systemd_unitdir}" \ > >> + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \ > >> + WITH_BASHCOMPLETION=yes \ > >> + WITH_WGQUICK=yes \ > >> + install > >> +} > >> + > >> +FILES_${PN} = " \ > >> + ${sysconfdir} \ > >> + ${systemd_unitdir} \ > >> + ${bindir} \ > >> +" > >> + > >> +RDEPENDS_${PN} = "wireguard-module" > >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc > >> new file mode 100644 index 0000000..46a9971 > >> --- /dev/null > >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc > >> @@ -0,0 +1,18 @@ > >> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN" > >> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \ > >> +implemented as a kernel virtual network interface for Linux, which aims to \ > >> +replace both IPsec for most use cases, as well as popular user space and/or \ > >> +TLS-based solutions like OpenVPN, while being more secure, more performant, \ > >> +and easier to use." > >> +SECTION = "networking" > >> +HOMEPAGE = "https://www.wireguard.io/" > >> +LICENSE = "GPLv2" > >> + > >> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" > >> + > >> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz [4]" > >> + > >> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d" > >> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000" > >> > >> + > >> +S = "${WORKDIR}/WireGuard-${PV}/src/" > >> -- > >> 2.7.4 > > > > Links: > ------ > [1] http://wireguard-module_0.0.20170421.bb > [2] http://wireguard-tools_0.0.20170421.bb > [3] https://www.wireguard.io/install/#kernel-requirements > [4] https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz -- -Joe MacDonald. :wq [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 484 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools 2017-05-01 15:18 ` Joe MacDonald @ 2017-05-01 21:37 ` Stefan Agner 2017-05-02 12:40 ` Joe MacDonald 0 siblings, 1 reply; 11+ messages in thread From: Stefan Agner @ 2017-05-01 21:37 UTC (permalink / raw) To: Joe MacDonald; +Cc: openembedded-devel On 2017-05-01 08:18, Joe MacDonald wrote: > [Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel > module and tools] On 17.04.28 (Fri 18:18) Stefan Agner wrote: > >> >> >> Hm, I can not reproduce here. It looks like module has not been >> included, the module make arguments are missing... >> >> Here it looks like this: >> >> NOTE: make -j 8 >> KERNEL_SRC=skins/larry/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source >> KERNELDIR=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source >> KERNEL_PATH=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source >> KERNEL_VERSION=4.10.5-yocto-standard CC=x86_64-oe-linux-gcc >> -fuse-ld=bfd LD=x86_64-oe-linux-ld.bfd AR=x86_64-oe-linux-ar >> O=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-build-artifacts >> KBUILD_EXTRA_SYMBOLS= module >> >> Do you have an idea what is going on? > > I don't off hand, but since I merged it, I'll try to investigate it. > It's been somewhat complicated by the fact that this configuration > builds for me but fails for the world builds as Martin notes. But the > configuration that last passed for the world builds failed to build for > my ARM target builds during a do_install step because it was clearly > trying to look at my host system. For now I've just blacklisted the > recipe in master. Yeah it really seems that inherit module failed for some reason, which avoids a whole bunch of make arguments to be missing. Quite likely that in this case the build system starts to look at default paths. But this recipe inherits module the same way as others do. It seems to me if this recipe fails, then others such as netmap-modules should fail too... -- Stefan > > -J. > >> >> On 2017-04-28 05:24, Martin Jansa wrote: >> >> > This latest version (which was merged to master yesterday) fails to build: >> > >> > http://errors.yoctoproject.org/Errors/Details/141421/ >> > >> > On Thu, Apr 27, 2017 at 7:30 AM, Stefan Agner <stefan@agner.ch> wrote: >> > >> >> WireGuard is an extremely simple yet fast and modern VPN that utilizes >> >> state-of-the-art cryptography. It aims to be faster, simpler, leaner, >> >> and more useful than IPSec, while avoiding the massive headache. >> >> >> >> The recipes add the current experimental snapshot v0.0.20170421 >> >> out-of-tree kernel module and tools. The kernel module has some kernel >> >> configuration dependencies such as some configuration part of >> >> features/netfilter/netfilter.scc, hence netfilter.scc should be part >> >> of KERNEL_EXTRA_FEATURES (which is the case by default). >> >> >> >> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module >> >> which is MACHINE_ARCH (like all kernel modules) we need to add this >> >> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. >> >> >> >> Signed-off-by: Stefan Agner <stefan@agner.ch> >> >> --- >> >> Changes since v2: >> >> - Upgrade to v0.0.20170421 >> >> - Add comment about Linux kernel requirement >> >> >> >> Changes since v1: >> >> - Upgrade to v0.0.20170409 >> >> - Add wireguard-tools -> wireguard-module dependency to >> >> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. >> >> >> >> meta-networking/conf/layer.conf | 4 ++++ >> >> .../wireguard/wireguard-module_0.0.20170421.bb [1] | 13 +++++++++++ >> >> .../wireguard/wireguard-tools_0.0.20170421.bb [2] | 27 ++++++++++++++++++++++ >> >> .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++ >> >> 4 files changed, 62 insertions(+) >> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] >> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] >> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc >> >> >> >> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf >> >> index 85ad93b..b5aa159 100644 >> >> --- a/meta-networking/conf/layer.conf >> >> +++ b/meta-networking/conf/layer.conf >> >> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses" >> >> >> >> # Override security flags >> >> require conf/distro/include/meta_networking_security_flags.inc >> >> + >> >> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ >> >> + wireguard-tools->wireguard-module \ >> >> +" >> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] >> >> new file mode 100644 >> >> index 0000000..cb21bda >> >> --- /dev/null >> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] >> >> @@ -0,0 +1,13 @@ >> >> +require wireguard.inc >> >> + >> >> +inherit module >> >> + >> >> +# This module requires Linux 3.10 higher and several networking related >> >> +# configuration options. For exact kernel requirements visit: >> >> +# https://www.wireguard.io/install/#kernel-requirements [3] >> >> + >> >> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}" >> >> +MAKE_TARGETS = "module" >> >> +MODULES_INSTALL_TARGET = "module-install" >> >> + >> >> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" >> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] >> >> new file mode 100644 >> >> index 0000000..79d420f >> >> --- /dev/null >> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] >> >> >> >> @@ -0,0 +1,27 @@ >> >> +require wireguard.inc >> >> + >> >> +inherit bash-completion systemd pkgconfig >> >> + >> >> +DEPENDS = "wireguard-module libmnl" >> >> + >> >> +do_compile_prepend () { >> >> + cd ${S}/tools >> >> +} >> >> + >> >> +do_install () { >> >> + cd ${S}/tools >> >> + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \ >> >> + SYSTEMDUNITDIR="${systemd_unitdir}" \ >> >> + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \ >> >> + WITH_BASHCOMPLETION=yes \ >> >> + WITH_WGQUICK=yes \ >> >> + install >> >> +} >> >> + >> >> +FILES_${PN} = " \ >> >> + ${sysconfdir} \ >> >> + ${systemd_unitdir} \ >> >> + ${bindir} \ >> >> +" >> >> + >> >> +RDEPENDS_${PN} = "wireguard-module" >> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc >> >> new file mode 100644 index 0000000..46a9971 >> >> --- /dev/null >> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc >> >> @@ -0,0 +1,18 @@ >> >> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN" >> >> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \ >> >> +implemented as a kernel virtual network interface for Linux, which aims to \ >> >> +replace both IPsec for most use cases, as well as popular user space and/or \ >> >> +TLS-based solutions like OpenVPN, while being more secure, more performant, \ >> >> +and easier to use." >> >> +SECTION = "networking" >> >> +HOMEPAGE = "https://www.wireguard.io/" >> >> +LICENSE = "GPLv2" >> >> + >> >> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" >> >> + >> >> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz [4]" >> >> + >> >> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d" >> >> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000" >> >> >> >> + >> >> +S = "${WORKDIR}/WireGuard-${PV}/src/" >> >> -- >> >> 2.7.4 >> >> >> >> Links: >> ------ >> [1] http://wireguard-module_0.0.20170421.bb >> [2] http://wireguard-tools_0.0.20170421.bb >> [3] https://www.wireguard.io/install/#kernel-requirements >> [4] https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools 2017-05-01 21:37 ` Stefan Agner @ 2017-05-02 12:40 ` Joe MacDonald 0 siblings, 0 replies; 11+ messages in thread From: Joe MacDonald @ 2017-05-02 12:40 UTC (permalink / raw) To: Stefan Agner; +Cc: openembedded-devel [-- Attachment #1: Type: text/plain, Size: 8960 bytes --] [Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools] On 17.05.01 (Mon 14:37) Stefan Agner wrote: > On 2017-05-01 08:18, Joe MacDonald wrote: > > [Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel > > module and tools] On 17.04.28 (Fri 18:18) Stefan Agner wrote: > > > >> > >> > >> Hm, I can not reproduce here. It looks like module has not been > >> included, the module make arguments are missing... > >> > >> Here it looks like this: > >> > >> NOTE: make -j 8 > >> KERNEL_SRC=skins/larry/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source > >> KERNELDIR=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source > >> KERNEL_PATH=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source > >> KERNEL_VERSION=4.10.5-yocto-standard CC=x86_64-oe-linux-gcc > >> -fuse-ld=bfd LD=x86_64-oe-linux-ld.bfd AR=x86_64-oe-linux-ar > >> O=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-build-artifacts > >> KBUILD_EXTRA_SYMBOLS= module > >> > >> Do you have an idea what is going on? > > > > I don't off hand, but since I merged it, I'll try to investigate it. > > It's been somewhat complicated by the fact that this configuration > > builds for me but fails for the world builds as Martin notes. But the > > configuration that last passed for the world builds failed to build for > > my ARM target builds during a do_install step because it was clearly > > trying to look at my host system. For now I've just blacklisted the > > recipe in master. > > Yeah it really seems that inherit module failed for some reason, which > avoids a whole bunch of make arguments to be missing. Quite likely that > in this case the build system starts to look at default paths. > > But this recipe inherits module the same way as others do. It seems to > me if this recipe fails, then others such as netmap-modules should fail > too... meta-networking/recipes-kernel/netmap/netmap-modules_git.bb:PNBLACKLIST[netmap-modules] ?= "BROKEN: not compatible with default kernel version 4.8 - the recipe will be removed on 2017-09-01 unless the issue is fixed" Heh. But for different reasons. And I'm going to have a look at that soon too. Anyway, I think I have a workable solution for wireguard I'm going to send out now. -J. > > -- > Stefan > > > > > > -J. > > > >> > >> On 2017-04-28 05:24, Martin Jansa wrote: > >> > >> > This latest version (which was merged to master yesterday) fails to build: > >> > > >> > http://errors.yoctoproject.org/Errors/Details/141421/ > >> > > >> > On Thu, Apr 27, 2017 at 7:30 AM, Stefan Agner <stefan@agner.ch> wrote: > >> > > >> >> WireGuard is an extremely simple yet fast and modern VPN that utilizes > >> >> state-of-the-art cryptography. It aims to be faster, simpler, leaner, > >> >> and more useful than IPSec, while avoiding the massive headache. > >> >> > >> >> The recipes add the current experimental snapshot v0.0.20170421 > >> >> out-of-tree kernel module and tools. The kernel module has some kernel > >> >> configuration dependencies such as some configuration part of > >> >> features/netfilter/netfilter.scc, hence netfilter.scc should be part > >> >> of KERNEL_EXTRA_FEATURES (which is the case by default). > >> >> > >> >> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module > >> >> which is MACHINE_ARCH (like all kernel modules) we need to add this > >> >> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. > >> >> > >> >> Signed-off-by: Stefan Agner <stefan@agner.ch> > >> >> --- > >> >> Changes since v2: > >> >> - Upgrade to v0.0.20170421 > >> >> - Add comment about Linux kernel requirement > >> >> > >> >> Changes since v1: > >> >> - Upgrade to v0.0.20170409 > >> >> - Add wireguard-tools -> wireguard-module dependency to > >> >> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. > >> >> > >> >> meta-networking/conf/layer.conf | 4 ++++ > >> >> .../wireguard/wireguard-module_0.0.20170421.bb [1] | 13 +++++++++++ > >> >> .../wireguard/wireguard-tools_0.0.20170421.bb [2] | 27 ++++++++++++++++++++++ > >> >> .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++ > >> >> 4 files changed, 62 insertions(+) > >> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] > >> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] > >> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc > >> >> > >> >> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf > >> >> index 85ad93b..b5aa159 100644 > >> >> --- a/meta-networking/conf/layer.conf > >> >> +++ b/meta-networking/conf/layer.conf > >> >> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses" > >> >> > >> >> # Override security flags > >> >> require conf/distro/include/meta_networking_security_flags.inc > >> >> + > >> >> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ > >> >> + wireguard-tools->wireguard-module \ > >> >> +" > >> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] > >> >> new file mode 100644 > >> >> index 0000000..cb21bda > >> >> --- /dev/null > >> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] > >> >> @@ -0,0 +1,13 @@ > >> >> +require wireguard.inc > >> >> + > >> >> +inherit module > >> >> + > >> >> +# This module requires Linux 3.10 higher and several networking related > >> >> +# configuration options. For exact kernel requirements visit: > >> >> +# https://www.wireguard.io/install/#kernel-requirements [3] > >> >> + > >> >> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}" > >> >> +MAKE_TARGETS = "module" > >> >> +MODULES_INSTALL_TARGET = "module-install" > >> >> + > >> >> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" > >> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] > >> >> new file mode 100644 > >> >> index 0000000..79d420f > >> >> --- /dev/null > >> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] > >> >> > >> >> @@ -0,0 +1,27 @@ > >> >> +require wireguard.inc > >> >> + > >> >> +inherit bash-completion systemd pkgconfig > >> >> + > >> >> +DEPENDS = "wireguard-module libmnl" > >> >> + > >> >> +do_compile_prepend () { > >> >> + cd ${S}/tools > >> >> +} > >> >> + > >> >> +do_install () { > >> >> + cd ${S}/tools > >> >> + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \ > >> >> + SYSTEMDUNITDIR="${systemd_unitdir}" \ > >> >> + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \ > >> >> + WITH_BASHCOMPLETION=yes \ > >> >> + WITH_WGQUICK=yes \ > >> >> + install > >> >> +} > >> >> + > >> >> +FILES_${PN} = " \ > >> >> + ${sysconfdir} \ > >> >> + ${systemd_unitdir} \ > >> >> + ${bindir} \ > >> >> +" > >> >> + > >> >> +RDEPENDS_${PN} = "wireguard-module" > >> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc > >> >> new file mode 100644 index 0000000..46a9971 > >> >> --- /dev/null > >> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc > >> >> @@ -0,0 +1,18 @@ > >> >> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN" > >> >> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \ > >> >> +implemented as a kernel virtual network interface for Linux, which aims to \ > >> >> +replace both IPsec for most use cases, as well as popular user space and/or \ > >> >> +TLS-based solutions like OpenVPN, while being more secure, more performant, \ > >> >> +and easier to use." > >> >> +SECTION = "networking" > >> >> +HOMEPAGE = "https://www.wireguard.io/" > >> >> +LICENSE = "GPLv2" > >> >> + > >> >> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" > >> >> + > >> >> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz [4]" > >> >> + > >> >> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d" > >> >> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000" > >> >> > >> >> + > >> >> +S = "${WORKDIR}/WireGuard-${PV}/src/" > >> >> -- > >> >> 2.7.4 > >> > >> > >> > >> Links: > >> ------ > >> [1] http://wireguard-module_0.0.20170421.bb > >> [2] http://wireguard-tools_0.0.20170421.bb > >> [3] https://www.wireguard.io/install/#kernel-requirements > >> [4] https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz -- -Joe MacDonald. :wq [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 484 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools 2017-04-27 5:30 [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools Stefan Agner 2017-04-28 12:24 ` Martin Jansa @ 2017-05-18 7:29 ` Robert Yang 2017-05-18 17:55 ` Stefan Agner 1 sibling, 1 reply; 11+ messages in thread From: Robert Yang @ 2017-05-18 7:29 UTC (permalink / raw) To: Stefan Agner, martin.jansa, openembedded-devel Hi Stefan, On 04/27/2017 01:30 PM, Stefan Agner wrote: > WireGuard is an extremely simple yet fast and modern VPN that utilizes > state-of-the-art cryptography. It aims to be faster, simpler, leaner, > and more useful than IPSec, while avoiding the massive headache. > > The recipes add the current experimental snapshot v0.0.20170421 > out-of-tree kernel module and tools. The kernel module has some kernel > configuration dependencies such as some configuration part of > features/netfilter/netfilter.scc, hence netfilter.scc should be part > of KERNEL_EXTRA_FEATURES (which is the case by default). > > Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module > which is MACHINE_ARCH (like all kernel modules) we need to add this > dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. > > Signed-off-by: Stefan Agner <stefan@agner.ch> > --- > Changes since v2: > - Upgrade to v0.0.20170421 > - Add comment about Linux kernel requirement > > Changes since v1: > - Upgrade to v0.0.20170409 > - Add wireguard-tools -> wireguard-module dependency to > SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. > > meta-networking/conf/layer.conf | 4 ++++ > .../wireguard/wireguard-module_0.0.20170421.bb | 13 +++++++++++ > .../wireguard/wireguard-tools_0.0.20170421.bb | 27 ++++++++++++++++++++++ > .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++ > 4 files changed, 62 insertions(+) > create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb > create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb > create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc > > diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf > index 85ad93b..b5aa159 100644 > --- a/meta-networking/conf/layer.conf > +++ b/meta-networking/conf/layer.conf > @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses" > > # Override security flags > require conf/distro/include/meta_networking_security_flags.inc > + > +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ > + wireguard-tools->wireguard-module \ > +" > diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb > new file mode 100644 > index 0000000..cb21bda > --- /dev/null > +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb > @@ -0,0 +1,13 @@ > +require wireguard.inc > + > +inherit module > + > +# This module requires Linux 3.10 higher and several networking related > +# configuration options. For exact kernel requirements visit: > +# https://www.wireguard.io/install/#kernel-requirements > + > +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}" > +MAKE_TARGETS = "module" > +MODULES_INSTALL_TARGET = "module-install" > + > +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" > diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb > new file mode 100644 > index 0000000..79d420f > --- /dev/null > +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb > @@ -0,0 +1,27 @@ > +require wireguard.inc > + > +inherit bash-completion systemd pkgconfig > + > +DEPENDS = "wireguard-module libmnl" > + > +do_compile_prepend () { > + cd ${S}/tools > +} > + > +do_install () { > + cd ${S}/tools > + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \ > + SYSTEMDUNITDIR="${systemd_unitdir}" \ > + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \ > + WITH_BASHCOMPLETION=yes \ > + WITH_WGQUICK=yes \ > + install > +} > + > +FILES_${PN} = " \ > + ${sysconfdir} \ > + ${systemd_unitdir} \ > + ${bindir} \ > +" > + > +RDEPENDS_${PN} = "wireguard-module" > diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc > new file mode 100644 > index 0000000..46a9971 > --- /dev/null > +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc > @@ -0,0 +1,18 @@ > +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN" > +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \ > +implemented as a kernel virtual network interface for Linux, which aims to \ > +replace both IPsec for most use cases, as well as popular user space and/or \ > +TLS-based solutions like OpenVPN, while being more secure, more performant, \ > +and easier to use." > +SECTION = "networking" > +HOMEPAGE = "https://www.wireguard.io/" > +LICENSE = "GPLv2" > + > +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" > + > +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" This SRC_URI is gone, maybe it's just a temp location ? // Robert > + > +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d" > +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000" > + > +S = "${WORKDIR}/WireGuard-${PV}/src/" > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools 2017-05-18 7:29 ` Robert Yang @ 2017-05-18 17:55 ` Stefan Agner 2017-05-18 18:19 ` Joe MacDonald 0 siblings, 1 reply; 11+ messages in thread From: Stefan Agner @ 2017-05-18 17:55 UTC (permalink / raw) To: Robert Yang; +Cc: openembedded-devel On 2017-05-18 00:29, Robert Yang wrote: > Hi Stefan, > > On 04/27/2017 01:30 PM, Stefan Agner wrote: >> WireGuard is an extremely simple yet fast and modern VPN that utilizes >> state-of-the-art cryptography. It aims to be faster, simpler, leaner, >> and more useful than IPSec, while avoiding the massive headache. >> >> The recipes add the current experimental snapshot v0.0.20170421 >> out-of-tree kernel module and tools. The kernel module has some kernel >> configuration dependencies such as some configuration part of >> features/netfilter/netfilter.scc, hence netfilter.scc should be part >> of KERNEL_EXTRA_FEATURES (which is the case by default). >> >> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module >> which is MACHINE_ARCH (like all kernel modules) we need to add this >> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. >> >> Signed-off-by: Stefan Agner <stefan@agner.ch> >> --- >> Changes since v2: >> - Upgrade to v0.0.20170421 >> - Add comment about Linux kernel requirement >> >> Changes since v1: >> - Upgrade to v0.0.20170409 >> - Add wireguard-tools -> wireguard-module dependency to >> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. >> >> meta-networking/conf/layer.conf | 4 ++++ >> .../wireguard/wireguard-module_0.0.20170421.bb | 13 +++++++++++ >> .../wireguard/wireguard-tools_0.0.20170421.bb | 27 ++++++++++++++++++++++ >> .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++ >> 4 files changed, 62 insertions(+) >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc >> >> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf >> index 85ad93b..b5aa159 100644 >> --- a/meta-networking/conf/layer.conf >> +++ b/meta-networking/conf/layer.conf >> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses" >> >> # Override security flags >> require conf/distro/include/meta_networking_security_flags.inc >> + >> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ >> + wireguard-tools->wireguard-module \ >> +" >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb >> new file mode 100644 >> index 0000000..cb21bda >> --- /dev/null >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb >> @@ -0,0 +1,13 @@ >> +require wireguard.inc >> + >> +inherit module >> + >> +# This module requires Linux 3.10 higher and several networking related >> +# configuration options. For exact kernel requirements visit: >> +# https://www.wireguard.io/install/#kernel-requirements >> + >> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}" >> +MAKE_TARGETS = "module" >> +MODULES_INSTALL_TARGET = "module-install" >> + >> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb >> new file mode 100644 >> index 0000000..79d420f >> --- /dev/null >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb >> @@ -0,0 +1,27 @@ >> +require wireguard.inc >> + >> +inherit bash-completion systemd pkgconfig >> + >> +DEPENDS = "wireguard-module libmnl" >> + >> +do_compile_prepend () { >> + cd ${S}/tools >> +} >> + >> +do_install () { >> + cd ${S}/tools >> + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \ >> + SYSTEMDUNITDIR="${systemd_unitdir}" \ >> + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \ >> + WITH_BASHCOMPLETION=yes \ >> + WITH_WGQUICK=yes \ >> + install >> +} >> + >> +FILES_${PN} = " \ >> + ${sysconfdir} \ >> + ${systemd_unitdir} \ >> + ${bindir} \ >> +" >> + >> +RDEPENDS_${PN} = "wireguard-module" >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc >> new file mode 100644 >> index 0000000..46a9971 >> --- /dev/null >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc >> @@ -0,0 +1,18 @@ >> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN" >> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \ >> +implemented as a kernel virtual network interface for Linux, which aims to \ >> +replace both IPsec for most use cases, as well as popular user space and/or \ >> +TLS-based solutions like OpenVPN, while being more secure, more performant, \ >> +and easier to use." >> +SECTION = "networking" >> +HOMEPAGE = "https://www.wireguard.io/" >> +LICENSE = "GPLv2" >> + >> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" >> + >> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" > > This SRC_URI is gone, maybe it's just a temp location ? Hm, yeah Jason released a new snapshot, 0.0.20170517. He seems not to keep the old snapshots around, I guess he wants to avoid having stale versions floating around. Either we keep bumping the version everytime a new snapshot is available or we should just switch to git for OE, what do you think? -- Stefan > > // Robert > >> + >> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d" >> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000" >> + >> +S = "${WORKDIR}/WireGuard-${PV}/src/" >> ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools 2017-05-18 17:55 ` Stefan Agner @ 2017-05-18 18:19 ` Joe MacDonald 2017-05-18 18:26 ` Stefan Agner 0 siblings, 1 reply; 11+ messages in thread From: Joe MacDonald @ 2017-05-18 18:19 UTC (permalink / raw) To: Stefan Agner; +Cc: openembedded-devel [-- Attachment #1: Type: text/plain, Size: 6395 bytes --] [Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools] On 17.05.18 (Thu 10:55) Stefan Agner wrote: > On 2017-05-18 00:29, Robert Yang wrote: > > Hi Stefan, > > > > On 04/27/2017 01:30 PM, Stefan Agner wrote: > >> WireGuard is an extremely simple yet fast and modern VPN that utilizes > >> state-of-the-art cryptography. It aims to be faster, simpler, leaner, > >> and more useful than IPSec, while avoiding the massive headache. > >> > >> The recipes add the current experimental snapshot v0.0.20170421 > >> out-of-tree kernel module and tools. The kernel module has some kernel > >> configuration dependencies such as some configuration part of > >> features/netfilter/netfilter.scc, hence netfilter.scc should be part > >> of KERNEL_EXTRA_FEATURES (which is the case by default). > >> > >> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module > >> which is MACHINE_ARCH (like all kernel modules) we need to add this > >> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. > >> > >> Signed-off-by: Stefan Agner <stefan@agner.ch> > >> --- > >> Changes since v2: > >> - Upgrade to v0.0.20170421 > >> - Add comment about Linux kernel requirement > >> > >> Changes since v1: > >> - Upgrade to v0.0.20170409 > >> - Add wireguard-tools -> wireguard-module dependency to > >> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. > >> > >> meta-networking/conf/layer.conf | 4 ++++ > >> .../wireguard/wireguard-module_0.0.20170421.bb | 13 +++++++++++ > >> .../wireguard/wireguard-tools_0.0.20170421.bb | 27 ++++++++++++++++++++++ > >> .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++ > >> 4 files changed, 62 insertions(+) > >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb > >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb > >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc > >> > >> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf > >> index 85ad93b..b5aa159 100644 > >> --- a/meta-networking/conf/layer.conf > >> +++ b/meta-networking/conf/layer.conf > >> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses" > >> > >> # Override security flags > >> require conf/distro/include/meta_networking_security_flags.inc > >> + > >> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ > >> + wireguard-tools->wireguard-module \ > >> +" > >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb > >> new file mode 100644 > >> index 0000000..cb21bda > >> --- /dev/null > >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb > >> @@ -0,0 +1,13 @@ > >> +require wireguard.inc > >> + > >> +inherit module > >> + > >> +# This module requires Linux 3.10 higher and several networking related > >> +# configuration options. For exact kernel requirements visit: > >> +# https://www.wireguard.io/install/#kernel-requirements > >> + > >> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}" > >> +MAKE_TARGETS = "module" > >> +MODULES_INSTALL_TARGET = "module-install" > >> + > >> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" > >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb > >> new file mode 100644 > >> index 0000000..79d420f > >> --- /dev/null > >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb > >> @@ -0,0 +1,27 @@ > >> +require wireguard.inc > >> + > >> +inherit bash-completion systemd pkgconfig > >> + > >> +DEPENDS = "wireguard-module libmnl" > >> + > >> +do_compile_prepend () { > >> + cd ${S}/tools > >> +} > >> + > >> +do_install () { > >> + cd ${S}/tools > >> + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \ > >> + SYSTEMDUNITDIR="${systemd_unitdir}" \ > >> + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \ > >> + WITH_BASHCOMPLETION=yes \ > >> + WITH_WGQUICK=yes \ > >> + install > >> +} > >> + > >> +FILES_${PN} = " \ > >> + ${sysconfdir} \ > >> + ${systemd_unitdir} \ > >> + ${bindir} \ > >> +" > >> + > >> +RDEPENDS_${PN} = "wireguard-module" > >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc > >> new file mode 100644 > >> index 0000000..46a9971 > >> --- /dev/null > >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc > >> @@ -0,0 +1,18 @@ > >> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN" > >> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \ > >> +implemented as a kernel virtual network interface for Linux, which aims to \ > >> +replace both IPsec for most use cases, as well as popular user space and/or \ > >> +TLS-based solutions like OpenVPN, while being more secure, more performant, \ > >> +and easier to use." > >> +SECTION = "networking" > >> +HOMEPAGE = "https://www.wireguard.io/" > >> +LICENSE = "GPLv2" > >> + > >> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" > >> + > >> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" > > > > This SRC_URI is gone, maybe it's just a temp location ? > > Hm, yeah Jason released a new snapshot, 0.0.20170517. He seems not to > keep the old snapshots around, I guess he wants to avoid having stale > versions floating around. > > Either we keep bumping the version everytime a new snapshot is available > or we should just switch to git for OE, what do you think? I think that given he's not just removing old tarballs from an FTP server somewhere but removing tags from the git history, it'd be best to go with a git recipe with a fixed SRCREV. -J. > > -- > Stefan > > > > > // Robert > > > >> + > >> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d" > >> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000" > >> + > >> +S = "${WORKDIR}/WireGuard-${PV}/src/" > >> -- -Joe MacDonald. :wq [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 484 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools 2017-05-18 18:19 ` Joe MacDonald @ 2017-05-18 18:26 ` Stefan Agner 2017-05-19 1:26 ` Robert Yang 0 siblings, 1 reply; 11+ messages in thread From: Stefan Agner @ 2017-05-18 18:26 UTC (permalink / raw) To: Joe MacDonald; +Cc: openembedded-devel On 2017-05-18 11:19, Joe MacDonald wrote: > [Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel > module and tools] On 17.05.18 (Thu 10:55) Stefan Agner wrote: > >> On 2017-05-18 00:29, Robert Yang wrote: >> > Hi Stefan, >> > >> > On 04/27/2017 01:30 PM, Stefan Agner wrote: >> >> WireGuard is an extremely simple yet fast and modern VPN that utilizes >> >> state-of-the-art cryptography. It aims to be faster, simpler, leaner, >> >> and more useful than IPSec, while avoiding the massive headache. >> >> >> >> The recipes add the current experimental snapshot v0.0.20170421 >> >> out-of-tree kernel module and tools. The kernel module has some kernel >> >> configuration dependencies such as some configuration part of >> >> features/netfilter/netfilter.scc, hence netfilter.scc should be part >> >> of KERNEL_EXTRA_FEATURES (which is the case by default). >> >> >> >> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module >> >> which is MACHINE_ARCH (like all kernel modules) we need to add this >> >> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. >> >> >> >> Signed-off-by: Stefan Agner <stefan@agner.ch> >> >> --- >> >> Changes since v2: >> >> - Upgrade to v0.0.20170421 >> >> - Add comment about Linux kernel requirement >> >> >> >> Changes since v1: >> >> - Upgrade to v0.0.20170409 >> >> - Add wireguard-tools -> wireguard-module dependency to >> >> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. >> >> >> >> meta-networking/conf/layer.conf | 4 ++++ >> >> .../wireguard/wireguard-module_0.0.20170421.bb | 13 +++++++++++ >> >> .../wireguard/wireguard-tools_0.0.20170421.bb | 27 ++++++++++++++++++++++ >> >> .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++ >> >> 4 files changed, 62 insertions(+) >> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb >> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb >> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc >> >> >> >> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf >> >> index 85ad93b..b5aa159 100644 >> >> --- a/meta-networking/conf/layer.conf >> >> +++ b/meta-networking/conf/layer.conf >> >> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses" >> >> >> >> # Override security flags >> >> require conf/distro/include/meta_networking_security_flags.inc >> >> + >> >> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ >> >> + wireguard-tools->wireguard-module \ >> >> +" >> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb >> >> new file mode 100644 >> >> index 0000000..cb21bda >> >> --- /dev/null >> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb >> >> @@ -0,0 +1,13 @@ >> >> +require wireguard.inc >> >> + >> >> +inherit module >> >> + >> >> +# This module requires Linux 3.10 higher and several networking related >> >> +# configuration options. For exact kernel requirements visit: >> >> +# https://www.wireguard.io/install/#kernel-requirements >> >> + >> >> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}" >> >> +MAKE_TARGETS = "module" >> >> +MODULES_INSTALL_TARGET = "module-install" >> >> + >> >> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" >> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb >> >> new file mode 100644 >> >> index 0000000..79d420f >> >> --- /dev/null >> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb >> >> @@ -0,0 +1,27 @@ >> >> +require wireguard.inc >> >> + >> >> +inherit bash-completion systemd pkgconfig >> >> + >> >> +DEPENDS = "wireguard-module libmnl" >> >> + >> >> +do_compile_prepend () { >> >> + cd ${S}/tools >> >> +} >> >> + >> >> +do_install () { >> >> + cd ${S}/tools >> >> + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \ >> >> + SYSTEMDUNITDIR="${systemd_unitdir}" \ >> >> + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \ >> >> + WITH_BASHCOMPLETION=yes \ >> >> + WITH_WGQUICK=yes \ >> >> + install >> >> +} >> >> + >> >> +FILES_${PN} = " \ >> >> + ${sysconfdir} \ >> >> + ${systemd_unitdir} \ >> >> + ${bindir} \ >> >> +" >> >> + >> >> +RDEPENDS_${PN} = "wireguard-module" >> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc >> >> new file mode 100644 >> >> index 0000000..46a9971 >> >> --- /dev/null >> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc >> >> @@ -0,0 +1,18 @@ >> >> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN" >> >> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \ >> >> +implemented as a kernel virtual network interface for Linux, which aims to \ >> >> +replace both IPsec for most use cases, as well as popular user space and/or \ >> >> +TLS-based solutions like OpenVPN, while being more secure, more performant, \ >> >> +and easier to use." >> >> +SECTION = "networking" >> >> +HOMEPAGE = "https://www.wireguard.io/" >> >> +LICENSE = "GPLv2" >> >> + >> >> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" >> >> + >> >> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" >> > >> > This SRC_URI is gone, maybe it's just a temp location ? >> >> Hm, yeah Jason released a new snapshot, 0.0.20170517. He seems not to >> keep the old snapshots around, I guess he wants to avoid having stale >> versions floating around. >> >> Either we keep bumping the version everytime a new snapshot is available >> or we should just switch to git for OE, what do you think? > > I think that given he's not just removing old tarballs from an FTP > server somewhere but removing tags from the git history, it'd be best to > go with a git recipe with a fixed SRCREV. According to the snapshot announcement the new snapshot made breaking changes to the protocol. It might be the reason they removed the old snapshots, I am not sure how that has been handled in the past... I guess the snapshots are slightly better tested and have a somewhat more consistent state than git, so I would have preferred snapshots... Just sent out a patch to move to the latest snapshot, lets see how things move from this point, if the snapshots disappear I can switch to git, does that sound ok? -- Stefan > > -J. > >> >> -- >> Stefan >> >> > >> > // Robert >> > >> >> + >> >> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d" >> >> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000" >> >> + >> >> +S = "${WORKDIR}/WireGuard-${PV}/src/" >> >> ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools 2017-05-18 18:26 ` Stefan Agner @ 2017-05-19 1:26 ` Robert Yang 0 siblings, 0 replies; 11+ messages in thread From: Robert Yang @ 2017-05-19 1:26 UTC (permalink / raw) To: Stefan Agner, Joe MacDonald; +Cc: openembedded-devel On 05/19/2017 02:26 AM, Stefan Agner wrote: > On 2017-05-18 11:19, Joe MacDonald wrote: >> [Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel >> module and tools] On 17.05.18 (Thu 10:55) Stefan Agner wrote: >> >>> On 2017-05-18 00:29, Robert Yang wrote: >>>> Hi Stefan, >>>> >>>> On 04/27/2017 01:30 PM, Stefan Agner wrote: >>>>> WireGuard is an extremely simple yet fast and modern VPN that utilizes >>>>> state-of-the-art cryptography. It aims to be faster, simpler, leaner, >>>>> and more useful than IPSec, while avoiding the massive headache. >>>>> >>>>> The recipes add the current experimental snapshot v0.0.20170421 >>>>> out-of-tree kernel module and tools. The kernel module has some kernel >>>>> configuration dependencies such as some configuration part of >>>>> features/netfilter/netfilter.scc, hence netfilter.scc should be part >>>>> of KERNEL_EXTRA_FEATURES (which is the case by default). >>>>> >>>>> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module >>>>> which is MACHINE_ARCH (like all kernel modules) we need to add this >>>>> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. >>>>> >>>>> Signed-off-by: Stefan Agner <stefan@agner.ch> >>>>> --- >>>>> Changes since v2: >>>>> - Upgrade to v0.0.20170421 >>>>> - Add comment about Linux kernel requirement >>>>> >>>>> Changes since v1: >>>>> - Upgrade to v0.0.20170409 >>>>> - Add wireguard-tools -> wireguard-module dependency to >>>>> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. >>>>> >>>>> meta-networking/conf/layer.conf | 4 ++++ >>>>> .../wireguard/wireguard-module_0.0.20170421.bb | 13 +++++++++++ >>>>> .../wireguard/wireguard-tools_0.0.20170421.bb | 27 ++++++++++++++++++++++ >>>>> .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++ >>>>> 4 files changed, 62 insertions(+) >>>>> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb >>>>> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb >>>>> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc >>>>> >>>>> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf >>>>> index 85ad93b..b5aa159 100644 >>>>> --- a/meta-networking/conf/layer.conf >>>>> +++ b/meta-networking/conf/layer.conf >>>>> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses" >>>>> >>>>> # Override security flags >>>>> require conf/distro/include/meta_networking_security_flags.inc >>>>> + >>>>> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ >>>>> + wireguard-tools->wireguard-module \ >>>>> +" >>>>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb >>>>> new file mode 100644 >>>>> index 0000000..cb21bda >>>>> --- /dev/null >>>>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb >>>>> @@ -0,0 +1,13 @@ >>>>> +require wireguard.inc >>>>> + >>>>> +inherit module >>>>> + >>>>> +# This module requires Linux 3.10 higher and several networking related >>>>> +# configuration options. For exact kernel requirements visit: >>>>> +# https://www.wireguard.io/install/#kernel-requirements >>>>> + >>>>> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}" >>>>> +MAKE_TARGETS = "module" >>>>> +MODULES_INSTALL_TARGET = "module-install" >>>>> + >>>>> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" >>>>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb >>>>> new file mode 100644 >>>>> index 0000000..79d420f >>>>> --- /dev/null >>>>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb >>>>> @@ -0,0 +1,27 @@ >>>>> +require wireguard.inc >>>>> + >>>>> +inherit bash-completion systemd pkgconfig >>>>> + >>>>> +DEPENDS = "wireguard-module libmnl" >>>>> + >>>>> +do_compile_prepend () { >>>>> + cd ${S}/tools >>>>> +} >>>>> + >>>>> +do_install () { >>>>> + cd ${S}/tools >>>>> + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \ >>>>> + SYSTEMDUNITDIR="${systemd_unitdir}" \ >>>>> + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \ >>>>> + WITH_BASHCOMPLETION=yes \ >>>>> + WITH_WGQUICK=yes \ >>>>> + install >>>>> +} >>>>> + >>>>> +FILES_${PN} = " \ >>>>> + ${sysconfdir} \ >>>>> + ${systemd_unitdir} \ >>>>> + ${bindir} \ >>>>> +" >>>>> + >>>>> +RDEPENDS_${PN} = "wireguard-module" >>>>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc >>>>> new file mode 100644 >>>>> index 0000000..46a9971 >>>>> --- /dev/null >>>>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc >>>>> @@ -0,0 +1,18 @@ >>>>> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN" >>>>> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \ >>>>> +implemented as a kernel virtual network interface for Linux, which aims to \ >>>>> +replace both IPsec for most use cases, as well as popular user space and/or \ >>>>> +TLS-based solutions like OpenVPN, while being more secure, more performant, \ >>>>> +and easier to use." >>>>> +SECTION = "networking" >>>>> +HOMEPAGE = "https://www.wireguard.io/" >>>>> +LICENSE = "GPLv2" >>>>> + >>>>> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" >>>>> + >>>>> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" >>>> >>>> This SRC_URI is gone, maybe it's just a temp location ? >>> >>> Hm, yeah Jason released a new snapshot, 0.0.20170517. He seems not to >>> keep the old snapshots around, I guess he wants to avoid having stale >>> versions floating around. >>> >>> Either we keep bumping the version everytime a new snapshot is available >>> or we should just switch to git for OE, what do you think? >> >> I think that given he's not just removing old tarballs from an FTP >> server somewhere but removing tags from the git history, it'd be best to >> go with a git recipe with a fixed SRCREV. > > According to the snapshot announcement the new snapshot made breaking > changes to the protocol. It might be the reason they removed the old > snapshots, I am not sure how that has been handled in the past... > > I guess the snapshots are slightly better tested and have a somewhat > more consistent state than git, so I would have preferred snapshots... > > Just sent out a patch to move to the latest snapshot, lets see how > things move from this point, if the snapshots disappear I can switch to > git, does that sound ok? I prefer git in this case rather than may break again. // Robert > > -- > Stefan > >> >> -J. >> >>> >>> -- >>> Stefan >>> >>>> >>>> // Robert >>>> >>>>> + >>>>> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d" >>>>> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000" >>>>> + >>>>> +S = "${WORKDIR}/WireGuard-${PV}/src/" >>>>> > ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2017-05-19 1:26 UTC | newest] Thread overview: 11+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-04-27 5:30 [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools Stefan Agner 2017-04-28 12:24 ` Martin Jansa 2017-04-29 1:18 ` Stefan Agner 2017-05-01 15:18 ` Joe MacDonald 2017-05-01 21:37 ` Stefan Agner 2017-05-02 12:40 ` Joe MacDonald 2017-05-18 7:29 ` Robert Yang 2017-05-18 17:55 ` Stefan Agner 2017-05-18 18:19 ` Joe MacDonald 2017-05-18 18:26 ` Stefan Agner 2017-05-19 1:26 ` Robert Yang
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.