[oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

Stefan Agner stefan at agner.ch
Thu May 18 17:55:56 UTC 2017 

On 2017-05-18 00:29, Robert Yang wrote:
> Hi Stefan,
> 
> On 04/27/2017 01:30 PM, Stefan Agner wrote:
>> WireGuard is an extremely simple yet fast and modern VPN that utilizes
>> state-of-the-art cryptography. It aims to be faster, simpler, leaner,
>> and more useful than IPSec, while avoiding the massive headache.
>>
>> The recipes add the current experimental snapshot v0.0.20170421
>> out-of-tree kernel module and tools. The kernel module has some kernel
>> configuration dependencies such as some configuration part of
>> features/netfilter/netfilter.scc, hence netfilter.scc should be part
>> of KERNEL_EXTRA_FEATURES (which is the case by default).
>>
>> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
>> which is MACHINE_ARCH (like all kernel modules) we need to add this
>> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>>
>> Signed-off-by: Stefan Agner <stefan at agner.ch>
>> ---
>> Changes since v2:
>> - Upgrade to v0.0.20170421
>> - Add comment about Linux kernel requirement
>>
>> Changes since v1:
>> - Upgrade to v0.0.20170409
>> - Add wireguard-tools -> wireguard-module dependency to
>>   SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>>
>>  meta-networking/conf/layer.conf                    |  4 ++++
>>  .../wireguard/wireguard-module_0.0.20170421.bb     | 13 +++++++++++
>>  .../wireguard/wireguard-tools_0.0.20170421.bb      | 27 ++++++++++++++++++++++
>>  .../recipes-kernel/wireguard/wireguard.inc         | 18 +++++++++++++++
>>  4 files changed, 62 insertions(+)
>>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc
>>
>> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
>> index 85ad93b..b5aa159 100644
>> --- a/meta-networking/conf/layer.conf
>> +++ b/meta-networking/conf/layer.conf
>> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
>>
>>  # Override security flags
>>  require conf/distro/include/meta_networking_security_flags.inc
>> +
>> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
>> +  wireguard-tools->wireguard-module \
>> +"
>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>> new file mode 100644
>> index 0000000..cb21bda
>> --- /dev/null
>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>> @@ -0,0 +1,13 @@
>> +require wireguard.inc
>> +
>> +inherit module
>> +
>> +# This module requires Linux 3.10 higher and several networking related
>> +# configuration options. For exact kernel requirements visit:
>> +# https://www.wireguard.io/install/#kernel-requirements
>> +
>> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
>> +MAKE_TARGETS = "module"
>> +MODULES_INSTALL_TARGET = "module-install"
>> +
>> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>> new file mode 100644
>> index 0000000..79d420f
>> --- /dev/null
>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>> @@ -0,0 +1,27 @@
>> +require wireguard.inc
>> +
>> +inherit bash-completion systemd pkgconfig
>> +
>> +DEPENDS = "wireguard-module libmnl"
>> +
>> +do_compile_prepend () {
>> +    cd ${S}/tools
>> +}
>> +
>> +do_install () {
>> +    cd ${S}/tools
>> +    oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \
>> +        SYSTEMDUNITDIR="${systemd_unitdir}" \
>> +        WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \
>> +        WITH_BASHCOMPLETION=yes \
>> +        WITH_WGQUICK=yes \
>> +        install
>> +}
>> +
>> +FILES_${PN} = " \
>> +    ${sysconfdir} \
>> +    ${systemd_unitdir} \
>> +    ${bindir} \
>> +"
>> +
>> +RDEPENDS_${PN} = "wireguard-module"
>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc
>> new file mode 100644
>> index 0000000..46a9971
>> --- /dev/null
>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
>> @@ -0,0 +1,18 @@
>> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
>> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
>> +implemented as a kernel virtual network interface for Linux, which aims to \
>> +replace both IPsec for most use cases, as well as popular user space and/or \
>> +TLS-based solutions like OpenVPN, while being more secure, more performant, \
>> +and easier to use."
>> +SECTION = "networking"
>> +HOMEPAGE = "https://www.wireguard.io/"
>> +LICENSE = "GPLv2"
>> +
>> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
>> +
>> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"
> 
> This SRC_URI is gone, maybe it's just a temp location ?

Hm, yeah Jason released a new snapshot, 0.0.20170517. He seems not to
keep the old snapshots around, I guess he wants to avoid having stale
versions floating around.

Either we keep bumping the version everytime a new snapshot is available
or we should just switch to git for OE, what do you think?

--
Stefan

> 
> // Robert
> 
>> +
>> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d"
>> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000"
>> +
>> +S = "${WORKDIR}/WireGuard-${PV}/src/"
>>

More information about the Openembedded-devel mailing list