* [WireGuard] Fedora WireGuard RPMs @ 2016-08-17 3:24 Joe Doss 2016-08-17 14:38 ` Jason A. Donenfeld 0 siblings, 1 reply; 7+ messages in thread From: Joe Doss @ 2016-08-17 3:24 UTC (permalink / raw) To: wireguard Hey there! I saw the project was missing packages for Fedora, so I wrote some specs for RPMs to install the kernel module via DKMS and one for WireGuard tools. They are up on my Copr. https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/ Which can be enabled with: sudo dnf copr enable jdoss/wireguard and the packages installed with: sudo dnf install wireguard-dkms wireguard-tools I haven't tested them other than making sure the kernel module loads on Fedora 24 and doing the first parts of the quick start. Let me know what you think and feedback for improvements on the specs is welcome. Thanks! Joe -- Joe Doss joe@solidadmin.com ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [WireGuard] Fedora WireGuard RPMs 2016-08-17 3:24 [WireGuard] Fedora WireGuard RPMs Joe Doss @ 2016-08-17 14:38 ` Jason A. Donenfeld 2016-08-17 14:44 ` David Woodhouse 2016-08-17 19:39 ` Joe Doss 0 siblings, 2 replies; 7+ messages in thread From: Jason A. Donenfeld @ 2016-08-17 14:38 UTC (permalink / raw) To: Joe Doss; +Cc: WireGuard mailing list Hey Joe, This is great news! Thanks for doing that. Are you a Fedora developer per chance? A few notes for fixing this: 1) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-tools.git/tree/wireguard-tools.spec a) > BuildRequires: libmnl-devel, kernel-devel, systemd > Requires: wireguard-dkms, systemd Remove the systemd requirement. b) > install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/contrib/examples/systemd/wgserver.service \ > %{buildroot}%{_unitdir}/wgserver.service > %attr(0644, root, root) %{_unitdir}/wgserver.service Remove these lines. Do not install this systemd unit. It's in the examples directory; thus it is an EXAMPLE. It is not meant to be installed. When we write a unit that's meant to be installed, `make install` will do it automatically. Instead, copy all of contrib/examples to /usr/share/{pkg}/examples or wherever the default Fedora examples directory is. c) > BuildRequires: libmnl-devel, kernel-devel, systemd Are you sure that the tools package requires kernel-devel? Did you double check this? d) > install -Z -s -m 0755 -v %{_builddir}/WireGuard-experimental-%{version}/src/tools/wg \ > %{buildroot}%{_bindir}/wg > install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/contrib/examples/systemd/wgserver.service \ > %{buildroot}%{_unitdir}/wgserver.service > install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/src/tools/wg.8 \ > %{buildroot}%{_mandir}/man8/wg.8 > %defattr(-,root,root,-) > %attr(0755, root, root) %{_bindir}/wg > %attr(0644, root, root) %{_unitdir}/wgserver.service > %attr(0644, root, root) %{_mandir}/man8/wg.8* All of this is garbage. Instead, use `make install` and set the environment variables appropriately. By default they are: PREFIX ?= /usr DESTDIR ?= BINDIR ?= $(PREFIX)/bin LIBDIR ?= $(PREFIX)/lib MANDIR ?= $(PREFIX)/share/man RUNSTATEDIR ?= /var/run I imagine here you'll want to roll with something like: DESTDIR=%{buildroot} BINDIR=%{_bindir} MANDIR=%{_mandir} RUNSTATEDIR=/run make install 2) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-dkms.git/tree/wireguard-dkms.conf I recommend you use Debian's as a starting point: https://anonscm.debian.org/git/collab-maint/wireguard.git/tree/debian/wireguard-dkms.dkms In particular DEST_MODULE_LOCATION="/kernel/net" and BUILD_EXCLUSIVE_KERNEL="^(4\.[^0]|[5-9])". 3) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-dkms.git/tree/wireguard-dkms.spec a) > BuildRequires: libmnl-devel, kernel-devel, sed The kernel module does not require libmnl-devel. b) > cp -fr %{_builddir}/WireGuard-experimental-%{version}/* %{buildroot}%{_usrsrc}/%{dkms_name}-%{version}/ You might consider instead only copying src/. Please let me know when you've addressed 1a, 1b, 1c, 1d, 2, 3a, and 3b, and then I'll add your instructions to the wireguard.io website. Thanks for your hard work on this. Much appreciated. Jason ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [WireGuard] Fedora WireGuard RPMs 2016-08-17 14:38 ` Jason A. Donenfeld @ 2016-08-17 14:44 ` David Woodhouse 2016-08-17 14:57 ` Jason A. Donenfeld 2016-08-17 19:39 ` Joe Doss 1 sibling, 1 reply; 7+ messages in thread From: David Woodhouse @ 2016-08-17 14:44 UTC (permalink / raw) To: Jason A. Donenfeld, Joe Doss; +Cc: WireGuard mailing list [-- Attachment #1: Type: text/plain, Size: 488 bytes --] On Wed, 2016-08-17 at 16:38 +0200, Jason A. Donenfeld wrote: > > a) > > BuildRequires: libmnl-devel, kernel-devel, systemd > > Requires: wireguard-dkms, systemd > > Remove the systemd requirement. The BR should also be for 'pkgconfig(libmnl)', not 'libmnl-devel', shouldn't it? Unless WireGuard isn't actually using pkgconfig to find the library? In which case WireGuard should be fixed and *then* the BR should be for 'pkgconfig(libmnl)' :) -- dwmw2 [-- Attachment #2: smime.p7s --] [-- Type: application/x-pkcs7-signature, Size: 5760 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [WireGuard] Fedora WireGuard RPMs 2016-08-17 14:44 ` David Woodhouse @ 2016-08-17 14:57 ` Jason A. Donenfeld 0 siblings, 0 replies; 7+ messages in thread From: Jason A. Donenfeld @ 2016-08-17 14:57 UTC (permalink / raw) To: David Woodhouse; +Cc: WireGuard mailing list On Wed, Aug 17, 2016 at 4:44 PM, David Woodhouse <dwmw2@infradead.org> wrote: > > The BR should also be for 'pkgconfig(libmnl)', not 'libmnl-devel', > shouldn't it? > > Unless WireGuard isn't actually using pkgconfig to find the library? > In which case WireGuard should be fixed and *then* the BR should be for > 'pkgconfig(libmnl)' :) WireGuard is using pkgconfig. David is right about pkgconfig(libmnl). ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [WireGuard] Fedora WireGuard RPMs 2016-08-17 14:38 ` Jason A. Donenfeld 2016-08-17 14:44 ` David Woodhouse @ 2016-08-17 19:39 ` Joe Doss 2016-08-17 20:17 ` Bruno Wolff III 2016-08-18 0:13 ` Jason A. Donenfeld 1 sibling, 2 replies; 7+ messages in thread From: Joe Doss @ 2016-08-17 19:39 UTC (permalink / raw) To: WireGuard mailing list On 08/17/2016 09:38 AM, Jason A. Donenfeld wrote: > Hey Joe, > > This is great news! Thanks for doing that. Are you a Fedora developer > per chance? I am not an official one currently, no. I don't have any packages in upstream Fedora yet. I am just a dude that likes to write RPMs and contributing to cool open source projects. :) > A few notes for fixing this: > > 1) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-tools.git/tree/wireguard-tools.spec > > a) >> BuildRequires: libmnl-devel, kernel-devel, systemd >> Requires: wireguard-dkms, systemd > > Remove the systemd requirement. Done. > b) >> install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/contrib/examples/systemd/wgserver.service \ >> %{buildroot}%{_unitdir}/wgserver.service >> %attr(0644, root, root) %{_unitdir}/wgserver.service > > Remove these lines. Do not install this systemd unit. It's in the > examples directory; thus it is an EXAMPLE. It is not meant to be > installed. When we write a unit that's meant to be installed, `make > install` will do it automatically. Fair enough. Removed. > Instead, copy all of contrib/examples to /usr/share/{pkg}/examples or > wherever the default Fedora examples directory is. Done. > c) >> BuildRequires: libmnl-devel, kernel-devel, systemd > > Are you sure that the tools package requires kernel-devel? Did you > double check this? It doesn't need it. Fixed. > d) >> install -Z -s -m 0755 -v %{_builddir}/WireGuard-experimental-%{version}/src/tools/wg \ >> %{buildroot}%{_bindir}/wg >> install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/contrib/examples/systemd/wgserver.service \ >> %{buildroot}%{_unitdir}/wgserver.service >> install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/src/tools/wg.8 \ >> %{buildroot}%{_mandir}/man8/wg.8 >> %defattr(-,root,root,-) >> %attr(0755, root, root) %{_bindir}/wg >> %attr(0644, root, root) %{_unitdir}/wgserver.service >> %attr(0644, root, root) %{_mandir}/man8/wg.8* > > All of this is garbage. Instead, use `make install` and set the > environment variables appropriately. By default they are: > PREFIX ?= /usr > DESTDIR ?= > BINDIR ?= $(PREFIX)/bin > LIBDIR ?= $(PREFIX)/lib > MANDIR ?= $(PREFIX)/share/man > RUNSTATEDIR ?= /var/run > > I imagine here you'll want to roll with something like: > > DESTDIR=%{buildroot} BINDIR=%{_bindir} MANDIR=%{_mandir} > RUNSTATEDIR=/run make install Fixed. I guess I was doing it the hard way eh? :) > 2) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-dkms.git/tree/wireguard-dkms.conf > > I recommend you use Debian's as a starting point: > https://anonscm.debian.org/git/collab-maint/wireguard.git/tree/debian/wireguard-dkms.dkms > > In particular DEST_MODULE_LOCATION="/kernel/net" and > BUILD_EXCLUSIVE_KERNEL="^(4\.[^0]|[5-9])". Done. > 3) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-dkms.git/tree/wireguard-dkms.spec > > a) >> BuildRequires: libmnl-devel, kernel-devel, sed > > The kernel module does not require libmnl-devel. Fixed. > b) >> cp -fr %{_builddir}/WireGuard-experimental-%{version}/* %{buildroot}%{_usrsrc}/%{dkms_name}-%{version}/ > > You might consider instead only copying src/. Good idea. Fixed. > Please let me know when you've addressed 1a, 1b, 1c, 1d, 2, 3a, and > 3b, and then I'll add your instructions to the wireguard.io website. Some gotchas for Fedora might be issues using DKMS if they have secure boot enabled. You might want to mention that as the kmod generated by DKMS isn't signed, so loading it with secure boot will fail. Also, SELinux is set enforcing by default on Fedora. I am not sure if that is going to cause any issues either. Other than that, the RPMs should be good to go. Let me know if you want any other changes before adding the install instructions to the site. > Thanks for your hard work on this. Much appreciated. No problem! Glad to help. Thanks for your awesome work on WireGuard. :) Joe -- Joe Doss joe@solidadmin.com ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [WireGuard] Fedora WireGuard RPMs 2016-08-17 19:39 ` Joe Doss @ 2016-08-17 20:17 ` Bruno Wolff III 2016-08-18 0:13 ` Jason A. Donenfeld 1 sibling, 0 replies; 7+ messages in thread From: Bruno Wolff III @ 2016-08-17 20:17 UTC (permalink / raw) To: Joe Doss; +Cc: WireGuard mailing list On Wed, Aug 17, 2016 at 14:39:16 -0500, Joe Doss <joe@solidadmin.com> wrote: > >Also, SELinux is set enforcing by default on Fedora. I am not sure if >that is going to cause any issues either. Users run unconfined (technically there are confined by a policy that lets them do almost anything) so generally there won't be a problem for stuff they run manually. However I did hit issues running stuff in a service. I didn't try to figure out what the correct fix was and kust added an allow rule. I suspect there was a better solution using labelling, but I didn't think it was worth worrying about. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [WireGuard] Fedora WireGuard RPMs 2016-08-17 19:39 ` Joe Doss 2016-08-17 20:17 ` Bruno Wolff III @ 2016-08-18 0:13 ` Jason A. Donenfeld 1 sibling, 0 replies; 7+ messages in thread From: Jason A. Donenfeld @ 2016-08-18 0:13 UTC (permalink / raw) To: Joe Doss; +Cc: WireGuard mailing list Hey Joe, Terrific! We're all set now: https://www.wireguard.io/install/ I've put the instructions on there. Thanks so much for doing this. I really appreciate it. Regards, Jason ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2016-08-18 0:08 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-08-17 3:24 [WireGuard] Fedora WireGuard RPMs Joe Doss 2016-08-17 14:38 ` Jason A. Donenfeld 2016-08-17 14:44 ` David Woodhouse 2016-08-17 14:57 ` Jason A. Donenfeld 2016-08-17 19:39 ` Joe Doss 2016-08-17 20:17 ` Bruno Wolff III 2016-08-18 0:13 ` Jason A. Donenfeld
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.