[oe] [meta-networking][PATCH v2] wireguard: add WireGuard kernel module and tools
Martin Jansa
martin.jansa at gmail.com
Wed Apr 26 18:10:28 UTC 2017
On Tue, Apr 11, 2017 at 11:00:09PM -0700, Stefan Agner wrote:
> WireGuard is an extremely simple yet fast and modern VPN that utilizes
> state-of-the-art cryptography. It aims to be faster, simpler, leaner,
> and more useful than IPSec, while avoiding the massive headache.
>
> The recipes add the current experimental snapshot v0.0.20170409
> out-of-tree kernel module and tools. The kernel module has some kernel
> configuration dependencies such as some configuration part of
> features/netfilter/netfilter.scc, hence netfilter.scc should be part
> of KERNEL_EXTRA_FEATURES (which is the case by default).
>
> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
> which is MACHINE_ARCH (like all kernel modules) we need to add this
> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
I know it's not possible to check it from recipe, but it might be useful
to mention which kernel options this requires, one of my builds failed
with:
wireguard-module/0.0.20170409-r0/WireGuard-0.0.20170409/src/Kbuild:30:
*** "WireGuard requires CONFIG_NETFILTER_XT_MATCH_HASHLIMIT to be
configured in your kernel. See
https://www.wireguard.io/install/#kernel-requirements for more info".
Stop.
So the error message is quite good, but still might be useful to mention
this URL in the recipe as well.
>
> Signed-off-by: Stefan Agner <stefan at agner.ch>
> ---
> Changes since v1:
> - Upgrade to v0.0.20170409
> - Add wireguard-tools -> wireguard-module dependency to
> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>
> meta-networking/conf/layer.conf | 4 ++++
> .../wireguard/wireguard-module_0.0.20170409.bb | 9 ++++++++
> .../wireguard/wireguard-tools_0.0.20170409.bb | 27 ++++++++++++++++++++++
> .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++
> 4 files changed, 58 insertions(+)
> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170409.bb
> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170409.bb
> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc
>
> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
> index 85ad93b..b5aa159 100644
> --- a/meta-networking/conf/layer.conf
> +++ b/meta-networking/conf/layer.conf
> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
>
> # Override security flags
> require conf/distro/include/meta_networking_security_flags.inc
> +
> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
> + wireguard-tools->wireguard-module \
> +"
> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170409.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170409.bb
> new file mode 100644
> index 0000000..aeb8269
> --- /dev/null
> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170409.bb
> @@ -0,0 +1,9 @@
> +require wireguard.inc
> +
> +inherit module
> +
> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
> +MAKE_TARGETS = "module"
> +MODULES_INSTALL_TARGET = "module-install"
> +
> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170409.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170409.bb
> new file mode 100644
> index 0000000..79d420f
> --- /dev/null
> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170409.bb
> @@ -0,0 +1,27 @@
> +require wireguard.inc
> +
> +inherit bash-completion systemd pkgconfig
> +
> +DEPENDS = "wireguard-module libmnl"
> +
> +do_compile_prepend () {
> + cd ${S}/tools
> +}
> +
> +do_install () {
> + cd ${S}/tools
> + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \
> + SYSTEMDUNITDIR="${systemd_unitdir}" \
> + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \
> + WITH_BASHCOMPLETION=yes \
> + WITH_WGQUICK=yes \
> + install
> +}
> +
> +FILES_${PN} = " \
> + ${sysconfdir} \
> + ${systemd_unitdir} \
> + ${bindir} \
> +"
> +
> +RDEPENDS_${PN} = "wireguard-module"
> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc
> new file mode 100644
> index 0000000..db98517
> --- /dev/null
> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
> @@ -0,0 +1,18 @@
> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
> +implemented as a kernel virtual network interface for Linux, which aims to \
> +replace both IPsec for most use cases, as well as popular user space and/or \
> +TLS-based solutions like OpenVPN, while being more secure, more performant, \
> +and easier to use."
> +SECTION = "networking"
> +HOMEPAGE = "https://www.wireguard.io/"
> +LICENSE = "GPLv2"
> +
> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
> +
> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"
> +
> +SRC_URI[md5sum] = "5d3146bbd38c534386eb4a0c026780ff"
> +SRC_URI[sha256sum] = "31473b4d14178f82d6ff46df019d57982c210c03d1a985d54db35bdd76efbb18"
> +
> +S = "${WORKDIR}/WireGuard-${PV}/src/"
> --
> 2.7.4
>
--
Martin 'JaMa' Jansa jabber: Martin.Jansa at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20170426/303c6262/attachment-0002.sig>
More information about the Openembedded-devel
mailing list