[meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

[meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

[Stefan Agner]

WireGuard is an extremely simple yet fast and modern VPN that utilizes
state-of-the-art cryptography. It aims to be faster, simpler, leaner,
and more useful than IPSec, while avoiding the massive headache.

The recipes add the current experimental snapshot v0.0.20170421
out-of-tree kernel module and tools. The kernel module has some kernel
configuration dependencies such as some configuration part of
features/netfilter/netfilter.scc, hence netfilter.scc should be part
of KERNEL_EXTRA_FEATURES (which is the case by default).

Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
which is MACHINE_ARCH (like all kernel modules) we need to add this
dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.

Signed-off-by: Stefan Agner <stefan@agner.ch>
---
Changes since v2:
- Upgrade to v0.0.20170421
- Add comment about Linux kernel requirement

Changes since v1:
- Upgrade to v0.0.20170409
- Add wireguard-tools -> wireguard-module dependency to
  SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.

 meta-networking/conf/layer.conf                    |  4 ++++
 .../wireguard/wireguard-module_0.0.20170421.bb     | 13 +++++++++++
 .../wireguard/wireguard-tools_0.0.20170421.bb      | 27 ++++++++++++++++++++++
 .../recipes-kernel/wireguard/wireguard.inc         | 18 +++++++++++++++
 4 files changed, 62 insertions(+)
 create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
 create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
 create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc

diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
index 85ad93b..b5aa159 100644
--- a/meta-networking/conf/layer.conf
+++ b/meta-networking/conf/layer.conf
@@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
 
 # Override security flags
 require conf/distro/include/meta_networking_security_flags.inc
+
+SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
+  wireguard-tools->wireguard-module \
+"
diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
new file mode 100644
index 0000000..cb21bda
--- /dev/null
+++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
@@ -0,0 +1,13 @@
+require wireguard.inc
+
+inherit module
+
+# This module requires Linux 3.10 higher and several networking related
+# configuration options. For exact kernel requirements visit:
+# https://www.wireguard.io/install/#kernel-requirements
+
+EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
+MAKE_TARGETS = "module"
+MODULES_INSTALL_TARGET = "module-install"
+
+RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
new file mode 100644
index 0000000..79d420f
--- /dev/null
+++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
@@ -0,0 +1,27 @@
+require wireguard.inc
+
+inherit bash-completion systemd pkgconfig
+
+DEPENDS = "wireguard-module libmnl"
+
+do_compile_prepend () {
+    cd ${S}/tools
+}
+
+do_install () {
+    cd ${S}/tools
+    oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \
+        SYSTEMDUNITDIR="${systemd_unitdir}" \
+        WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \
+        WITH_BASHCOMPLETION=yes \
+        WITH_WGQUICK=yes \
+        install
+}
+
+FILES_${PN} = " \
+    ${sysconfdir} \
+    ${systemd_unitdir} \
+    ${bindir} \
+"
+
+RDEPENDS_${PN} = "wireguard-module"
diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc
new file mode 100644
index 0000000..46a9971
--- /dev/null
+++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
@@ -0,0 +1,18 @@
+SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
+DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
+implemented as a kernel virtual network interface for Linux, which aims to \
+replace both IPsec for most use cases, as well as popular user space and/or \
+TLS-based solutions like OpenVPN, while being more secure, more performant, \
+and easier to use."
+SECTION = "networking"
+HOMEPAGE = "https://www.wireguard.io/"
+LICENSE = "GPLv2"
+
+LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"
+
+SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d"
+SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000"
+
+S = "${WORKDIR}/WireGuard-${PV}/src/"
-- 
2.7.4

Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

[Martin Jansa]

This latest version (which was merged to master yesterday) fails to build:

http://errors.yoctoproject.org/Errors/Details/141421/

On Thu, Apr 27, 2017 at 7:30 AM, Stefan Agner <stefan@agner.ch> wrote:

> WireGuard is an extremely simple yet fast and modern VPN that utilizes
> state-of-the-art cryptography. It aims to be faster, simpler, leaner,
> and more useful than IPSec, while avoiding the massive headache.
>
> The recipes add the current experimental snapshot v0.0.20170421
> out-of-tree kernel module and tools. The kernel module has some kernel
> configuration dependencies such as some configuration part of
> features/netfilter/netfilter.scc, hence netfilter.scc should be part
> of KERNEL_EXTRA_FEATURES (which is the case by default).
>
> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
> which is MACHINE_ARCH (like all kernel modules) we need to add this
> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>
> Signed-off-by: Stefan Agner <stefan@agner.ch>
> ---
> Changes since v2:
> - Upgrade to v0.0.20170421
> - Add comment about Linux kernel requirement
>
> Changes since v1:
> - Upgrade to v0.0.20170409
> - Add wireguard-tools -> wireguard-module dependency to
>   SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>
>  meta-networking/conf/layer.conf                    |  4 ++++
>  .../wireguard/wireguard-module_0.0.20170421.bb     | 13 +++++++++++
>  .../wireguard/wireguard-tools_0.0.20170421.bb      | 27
> ++++++++++++++++++++++
>  .../recipes-kernel/wireguard/wireguard.inc         | 18 +++++++++++++++
>  4 files changed, 62 insertions(+)
>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-
> module_0.0.20170421.bb
>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-
> tools_0.0.20170421.bb
>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc
>
> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.
> conf
> index 85ad93b..b5aa159 100644
> --- a/meta-networking/conf/layer.conf
> +++ b/meta-networking/conf/layer.conf
> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
>
>  # Override security flags
>  require conf/distro/include/meta_networking_security_flags.inc
> +
> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
> +  wireguard-tools->wireguard-module \
> +"
> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-
> module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/
> wireguard-module_0.0.20170421.bb
> new file mode 100644
> index 0000000..cb21bda
> --- /dev/null
> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-
> module_0.0.20170421.bb
> @@ -0,0 +1,13 @@
> +require wireguard.inc
> +
> +inherit module
> +
> +# This module requires Linux 3.10 higher and several networking related
> +# configuration options. For exact kernel requirements visit:
> +# https://www.wireguard.io/install/#kernel-requirements
> +
> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
> +MAKE_TARGETS = "module"
> +MODULES_INSTALL_TARGET = "module-install"
> +
> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-
> tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/
> wireguard-tools_0.0.20170421.bb
> new file mode 100644
> index 0000000..79d420f
> --- /dev/null
> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-
> tools_0.0.20170421.bb
> @@ -0,0 +1,27 @@
> +require wireguard.inc
> +
> +inherit bash-completion systemd pkgconfig
> +
> +DEPENDS = "wireguard-module libmnl"
> +
> +do_compile_prepend () {
> +    cd ${S}/tools
> +}
> +
> +do_install () {
> +    cd ${S}/tools
> +    oe_runmake DESTDIR="${D}" PREFIX="${prefix}"
> SYSCONFDIR="${sysconfdir}" \
> +        SYSTEMDUNITDIR="${systemd_unitdir}" \
> +        WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES',
> 'systemd', 'yes', '', d)} \
> +        WITH_BASHCOMPLETION=yes \
> +        WITH_WGQUICK=yes \
> +        install
> +}
> +
> +FILES_${PN} = " \
> +    ${sysconfdir} \
> +    ${systemd_unitdir} \
> +    ${bindir} \
> +"
> +
> +RDEPENDS_${PN} = "wireguard-module"
> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc
> b/meta-networking/recipes-kernel/wireguard/wireguard.inc
> new file mode 100644
> index 0000000..46a9971
> --- /dev/null
> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
> @@ -0,0 +1,18 @@
> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
> +implemented as a kernel virtual network interface for Linux, which aims
> to \
> +replace both IPsec for most use cases, as well as popular user space
> and/or \
> +TLS-based solutions like OpenVPN, while being more secure, more
> performant, \
> +and easier to use."
> +SECTION = "networking"
> +HOMEPAGE = "https://www.wireguard.io/"
> +LICENSE = "GPLv2"
> +
> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a42
> 63"
> +
> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-$
> {PV}.tar.xz"
> +
> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d"
> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b
> 5e474cc6842ac04967773cf77b26750000"
> +
> +S = "${WORKDIR}/WireGuard-${PV}/src/"
> --
> 2.7.4
>
>

Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

[Stefan Agner]

 

Hm, I can not reproduce here. It looks like module has not been
included, the module make arguments are missing... 

Here it looks like this: 

NOTE: make -j 8
KERNEL_SRC=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source
KERNELDIR=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source
KERNEL_PATH=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source
KERNEL_VERSION=4.10.5-yocto-standard CC=x86_64-oe-linux-gcc 
-fuse-ld=bfd LD=x86_64-oe-linux-ld.bfd  AR=x86_64-oe-linux-ar 
O=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-build-artifacts
KBUILD_EXTRA_SYMBOLS= module 

Do you have an idea what is going on? 

On 2017-04-28 05:24, Martin Jansa wrote: 

> This latest version (which was merged to master yesterday) fails to build: 
> 
> http://errors.yoctoproject.org/Errors/Details/141421/ 
> 
> On Thu, Apr 27, 2017 at 7:30 AM, Stefan Agner <stefan@agner.ch> wrote:
> 
>> WireGuard is an extremely simple yet fast and modern VPN that utilizes
>> state-of-the-art cryptography. It aims to be faster, simpler, leaner,
>> and more useful than IPSec, while avoiding the massive headache.
>> 
>> The recipes add the current experimental snapshot v0.0.20170421
>> out-of-tree kernel module and tools. The kernel module has some kernel
>> configuration dependencies such as some configuration part of
>> features/netfilter/netfilter.scc, hence netfilter.scc should be part
>> of KERNEL_EXTRA_FEATURES (which is the case by default).
>> 
>> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
>> which is MACHINE_ARCH (like all kernel modules) we need to add this
>> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>> 
>> Signed-off-by: Stefan Agner <stefan@agner.ch>
>> ---
>> Changes since v2:
>> - Upgrade to v0.0.20170421
>> - Add comment about Linux kernel requirement
>> 
>> Changes since v1:
>> - Upgrade to v0.0.20170409
>> - Add wireguard-tools -> wireguard-module dependency to
>> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>> 
>> meta-networking/conf/layer.conf                    |  4 ++++
>> .../wireguard/wireguard-module_0.0.20170421.bb [1]     | 13 +++++++++++
>> .../wireguard/wireguard-tools_0.0.20170421.bb [2]      | 27 ++++++++++++++++++++++
>> .../recipes-kernel/wireguard/wireguard.inc         | 18 +++++++++++++++
>> 4 files changed, 62 insertions(+)
>> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1]
>> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2]
>> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc
>> 
>> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
>> index 85ad93b..b5aa159 100644
>> --- a/meta-networking/conf/layer.conf
>> +++ b/meta-networking/conf/layer.conf
>> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
>> 
>> # Override security flags
>> require conf/distro/include/meta_networking_security_flags.inc
>> +
>> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
>> +  wireguard-tools->wireguard-module \
>> +"
>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1]
>> new file mode 100644
>> index 0000000..cb21bda
>> --- /dev/null
>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1]
>> @@ -0,0 +1,13 @@
>> +require wireguard.inc
>> +
>> +inherit module
>> +
>> +# This module requires Linux 3.10 higher and several networking related
>> +# configuration options. For exact kernel requirements visit:
>> +# https://www.wireguard.io/install/#kernel-requirements [3]
>> +
>> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
>> +MAKE_TARGETS = "module"
>> +MODULES_INSTALL_TARGET = "module-install"
>> +
>> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2]
>> new file mode 100644
>> index 0000000..79d420f
>> --- /dev/null
>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2]
>> 
>> @@ -0,0 +1,27 @@
>> +require wireguard.inc
>> +
>> +inherit bash-completion systemd pkgconfig
>> +
>> +DEPENDS = "wireguard-module libmnl"
>> +
>> +do_compile_prepend () {
>> +    cd ${S}/tools
>> +}
>> +
>> +do_install () {
>> +    cd ${S}/tools
>> +    oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \
>> +        SYSTEMDUNITDIR="${systemd_unitdir}" \
>> +        WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \
>> +        WITH_BASHCOMPLETION=yes \
>> +        WITH_WGQUICK=yes \
>> +        install
>> +}
>> +
>> +FILES_${PN} = " \
>> +    ${sysconfdir} \
>> +    ${systemd_unitdir} \
>> +    ${bindir} \
>> +"
>> +
>> +RDEPENDS_${PN} = "wireguard-module"
>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc
>> new file mode 100644 index 0000000..46a9971
>> --- /dev/null
>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
>> @@ -0,0 +1,18 @@
>> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
>> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
>> +implemented as a kernel virtual network interface for Linux, which aims to \
>> +replace both IPsec for most use cases, as well as popular user space and/or \
>> +TLS-based solutions like OpenVPN, while being more secure, more performant, \
>> +and easier to use."
>> +SECTION = "networking"
>> +HOMEPAGE = "https://www.wireguard.io/"
>> +LICENSE = "GPLv2"
>> +
>> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
>> +
>> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz [4]"
>> +
>> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d"
>> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000"
>> 
>> +
>> +S = "${WORKDIR}/WireGuard-${PV}/src/"
>> --
>> 2.7.4

  

Links:
------
[1] http://wireguard-module_0.0.20170421.bb
[2] http://wireguard-tools_0.0.20170421.bb
[3] https://www.wireguard.io/install/#kernel-requirements
[4] https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz

Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

[Joe MacDonald]

[-- Attachment #1: Type: text/plain, Size: 7452 bytes --]

[Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools] On 17.04.28 (Fri 18:18) Stefan Agner wrote:

>  
> 
> Hm, I can not reproduce here. It looks like module has not been
> included, the module make arguments are missing... 
> 
> Here it looks like this: 
> 
> NOTE: make -j 8
> KERNEL_SRC=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source
> KERNELDIR=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source
> KERNEL_PATH=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source
> KERNEL_VERSION=4.10.5-yocto-standard CC=x86_64-oe-linux-gcc 
> -fuse-ld=bfd LD=x86_64-oe-linux-ld.bfd  AR=x86_64-oe-linux-ar 
> O=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-build-artifacts
> KBUILD_EXTRA_SYMBOLS= module 
> 
> Do you have an idea what is going on? 

I don't off hand, but since I merged it, I'll try to investigate it.
It's been somewhat complicated by the fact that this configuration
builds for me but fails for the world builds as Martin notes.  But the
configuration that last passed for the world builds failed to build for
my ARM target builds during a do_install step because it was clearly
trying to look at my host system.  For now I've just blacklisted the
recipe in master.

-J.

> 
> On 2017-04-28 05:24, Martin Jansa wrote: 
> 
> > This latest version (which was merged to master yesterday) fails to build: 
> > 
> > http://errors.yoctoproject.org/Errors/Details/141421/ 
> > 
> > On Thu, Apr 27, 2017 at 7:30 AM, Stefan Agner <stefan@agner.ch> wrote:
> > 
> >> WireGuard is an extremely simple yet fast and modern VPN that utilizes
> >> state-of-the-art cryptography. It aims to be faster, simpler, leaner,
> >> and more useful than IPSec, while avoiding the massive headache.
> >> 
> >> The recipes add the current experimental snapshot v0.0.20170421
> >> out-of-tree kernel module and tools. The kernel module has some kernel
> >> configuration dependencies such as some configuration part of
> >> features/netfilter/netfilter.scc, hence netfilter.scc should be part
> >> of KERNEL_EXTRA_FEATURES (which is the case by default).
> >> 
> >> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
> >> which is MACHINE_ARCH (like all kernel modules) we need to add this
> >> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
> >> 
> >> Signed-off-by: Stefan Agner <stefan@agner.ch>
> >> ---
> >> Changes since v2:
> >> - Upgrade to v0.0.20170421
> >> - Add comment about Linux kernel requirement
> >> 
> >> Changes since v1:
> >> - Upgrade to v0.0.20170409
> >> - Add wireguard-tools -> wireguard-module dependency to
> >> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
> >> 
> >> meta-networking/conf/layer.conf                    |  4 ++++
> >> .../wireguard/wireguard-module_0.0.20170421.bb [1]     | 13 +++++++++++
> >> .../wireguard/wireguard-tools_0.0.20170421.bb [2]      | 27 ++++++++++++++++++++++
> >> .../recipes-kernel/wireguard/wireguard.inc         | 18 +++++++++++++++
> >> 4 files changed, 62 insertions(+)
> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1]
> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2]
> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc
> >> 
> >> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
> >> index 85ad93b..b5aa159 100644
> >> --- a/meta-networking/conf/layer.conf
> >> +++ b/meta-networking/conf/layer.conf
> >> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
> >> 
> >> # Override security flags
> >> require conf/distro/include/meta_networking_security_flags.inc
> >> +
> >> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
> >> +  wireguard-tools->wireguard-module \
> >> +"
> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1]
> >> new file mode 100644
> >> index 0000000..cb21bda
> >> --- /dev/null
> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1]
> >> @@ -0,0 +1,13 @@
> >> +require wireguard.inc
> >> +
> >> +inherit module
> >> +
> >> +# This module requires Linux 3.10 higher and several networking related
> >> +# configuration options. For exact kernel requirements visit:
> >> +# https://www.wireguard.io/install/#kernel-requirements [3]
> >> +
> >> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
> >> +MAKE_TARGETS = "module"
> >> +MODULES_INSTALL_TARGET = "module-install"
> >> +
> >> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2]
> >> new file mode 100644
> >> index 0000000..79d420f
> >> --- /dev/null
> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2]
> >> 
> >> @@ -0,0 +1,27 @@
> >> +require wireguard.inc
> >> +
> >> +inherit bash-completion systemd pkgconfig
> >> +
> >> +DEPENDS = "wireguard-module libmnl"
> >> +
> >> +do_compile_prepend () {
> >> +    cd ${S}/tools
> >> +}
> >> +
> >> +do_install () {
> >> +    cd ${S}/tools
> >> +    oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \
> >> +        SYSTEMDUNITDIR="${systemd_unitdir}" \
> >> +        WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \
> >> +        WITH_BASHCOMPLETION=yes \
> >> +        WITH_WGQUICK=yes \
> >> +        install
> >> +}
> >> +
> >> +FILES_${PN} = " \
> >> +    ${sysconfdir} \
> >> +    ${systemd_unitdir} \
> >> +    ${bindir} \
> >> +"
> >> +
> >> +RDEPENDS_${PN} = "wireguard-module"
> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc
> >> new file mode 100644 index 0000000..46a9971
> >> --- /dev/null
> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
> >> @@ -0,0 +1,18 @@
> >> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
> >> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
> >> +implemented as a kernel virtual network interface for Linux, which aims to \
> >> +replace both IPsec for most use cases, as well as popular user space and/or \
> >> +TLS-based solutions like OpenVPN, while being more secure, more performant, \
> >> +and easier to use."
> >> +SECTION = "networking"
> >> +HOMEPAGE = "https://www.wireguard.io/"
> >> +LICENSE = "GPLv2"
> >> +
> >> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
> >> +
> >> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz [4]"
> >> +
> >> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d"
> >> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000"
> >> 
> >> +
> >> +S = "${WORKDIR}/WireGuard-${PV}/src/"
> >> --
> >> 2.7.4
> 
>   
> 
> Links:
> ------
> [1] http://wireguard-module_0.0.20170421.bb
> [2] http://wireguard-tools_0.0.20170421.bb
> [3] https://www.wireguard.io/install/#kernel-requirements
> [4] https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz
-- 
-Joe MacDonald.
:wq

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 484 bytes --]

Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

[Stefan Agner]

On 2017-05-01 08:18, Joe MacDonald wrote:
> [Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel
> module and tools] On 17.04.28 (Fri 18:18) Stefan Agner wrote:
> 
>>
>>
>> Hm, I can not reproduce here. It looks like module has not been
>> included, the module make arguments are missing...
>>
>> Here it looks like this:
>>
>> NOTE: make -j 8
>> KERNEL_SRC=skins/larry/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source
>> KERNELDIR=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source
>> KERNEL_PATH=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source
>> KERNEL_VERSION=4.10.5-yocto-standard CC=x86_64-oe-linux-gcc
>> -fuse-ld=bfd LD=x86_64-oe-linux-ld.bfd  AR=x86_64-oe-linux-ar
>> O=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-build-artifacts
>> KBUILD_EXTRA_SYMBOLS= module
>>
>> Do you have an idea what is going on?
> 
> I don't off hand, but since I merged it, I'll try to investigate it.
> It's been somewhat complicated by the fact that this configuration
> builds for me but fails for the world builds as Martin notes.  But the
> configuration that last passed for the world builds failed to build for
> my ARM target builds during a do_install step because it was clearly
> trying to look at my host system.  For now I've just blacklisted the
> recipe in master.

Yeah it really seems that inherit module failed for some reason, which
avoids a whole bunch of make arguments to be missing. Quite likely that
in this case the build system starts to look at default paths.

But this recipe inherits module the same way as others do. It seems to
me if this recipe fails, then others such as netmap-modules should fail
too...

--
Stefan


> 
> -J.
> 
>>
>> On 2017-04-28 05:24, Martin Jansa wrote:
>>
>> > This latest version (which was merged to master yesterday) fails to build:
>> >
>> > http://errors.yoctoproject.org/Errors/Details/141421/
>> >
>> > On Thu, Apr 27, 2017 at 7:30 AM, Stefan Agner <stefan@agner.ch> wrote:
>> >
>> >> WireGuard is an extremely simple yet fast and modern VPN that utilizes
>> >> state-of-the-art cryptography. It aims to be faster, simpler, leaner,
>> >> and more useful than IPSec, while avoiding the massive headache.
>> >>
>> >> The recipes add the current experimental snapshot v0.0.20170421
>> >> out-of-tree kernel module and tools. The kernel module has some kernel
>> >> configuration dependencies such as some configuration part of
>> >> features/netfilter/netfilter.scc, hence netfilter.scc should be part
>> >> of KERNEL_EXTRA_FEATURES (which is the case by default).
>> >>
>> >> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
>> >> which is MACHINE_ARCH (like all kernel modules) we need to add this
>> >> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>> >>
>> >> Signed-off-by: Stefan Agner <stefan@agner.ch>
>> >> ---
>> >> Changes since v2:
>> >> - Upgrade to v0.0.20170421
>> >> - Add comment about Linux kernel requirement
>> >>
>> >> Changes since v1:
>> >> - Upgrade to v0.0.20170409
>> >> - Add wireguard-tools -> wireguard-module dependency to
>> >> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>> >>
>> >> meta-networking/conf/layer.conf                    |  4 ++++
>> >> .../wireguard/wireguard-module_0.0.20170421.bb [1]     | 13 +++++++++++
>> >> .../wireguard/wireguard-tools_0.0.20170421.bb [2]      | 27 ++++++++++++++++++++++
>> >> .../recipes-kernel/wireguard/wireguard.inc         | 18 +++++++++++++++
>> >> 4 files changed, 62 insertions(+)
>> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1]
>> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2]
>> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc
>> >>
>> >> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
>> >> index 85ad93b..b5aa159 100644
>> >> --- a/meta-networking/conf/layer.conf
>> >> +++ b/meta-networking/conf/layer.conf
>> >> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
>> >>
>> >> # Override security flags
>> >> require conf/distro/include/meta_networking_security_flags.inc
>> >> +
>> >> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
>> >> +  wireguard-tools->wireguard-module \
>> >> +"
>> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1]
>> >> new file mode 100644
>> >> index 0000000..cb21bda
>> >> --- /dev/null
>> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1]
>> >> @@ -0,0 +1,13 @@
>> >> +require wireguard.inc
>> >> +
>> >> +inherit module
>> >> +
>> >> +# This module requires Linux 3.10 higher and several networking related
>> >> +# configuration options. For exact kernel requirements visit:
>> >> +# https://www.wireguard.io/install/#kernel-requirements [3]
>> >> +
>> >> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
>> >> +MAKE_TARGETS = "module"
>> >> +MODULES_INSTALL_TARGET = "module-install"
>> >> +
>> >> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
>> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2]
>> >> new file mode 100644
>> >> index 0000000..79d420f
>> >> --- /dev/null
>> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2]
>> >>
>> >> @@ -0,0 +1,27 @@
>> >> +require wireguard.inc
>> >> +
>> >> +inherit bash-completion systemd pkgconfig
>> >> +
>> >> +DEPENDS = "wireguard-module libmnl"
>> >> +
>> >> +do_compile_prepend () {
>> >> +    cd ${S}/tools
>> >> +}
>> >> +
>> >> +do_install () {
>> >> +    cd ${S}/tools
>> >> +    oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \
>> >> +        SYSTEMDUNITDIR="${systemd_unitdir}" \
>> >> +        WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \
>> >> +        WITH_BASHCOMPLETION=yes \
>> >> +        WITH_WGQUICK=yes \
>> >> +        install
>> >> +}
>> >> +
>> >> +FILES_${PN} = " \
>> >> +    ${sysconfdir} \
>> >> +    ${systemd_unitdir} \
>> >> +    ${bindir} \
>> >> +"
>> >> +
>> >> +RDEPENDS_${PN} = "wireguard-module"
>> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc
>> >> new file mode 100644 index 0000000..46a9971
>> >> --- /dev/null
>> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
>> >> @@ -0,0 +1,18 @@
>> >> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
>> >> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
>> >> +implemented as a kernel virtual network interface for Linux, which aims to \
>> >> +replace both IPsec for most use cases, as well as popular user space and/or \
>> >> +TLS-based solutions like OpenVPN, while being more secure, more performant, \
>> >> +and easier to use."
>> >> +SECTION = "networking"
>> >> +HOMEPAGE = "https://www.wireguard.io/"
>> >> +LICENSE = "GPLv2"
>> >> +
>> >> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
>> >> +
>> >> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz [4]"
>> >> +
>> >> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d"
>> >> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000"
>> >>
>> >> +
>> >> +S = "${WORKDIR}/WireGuard-${PV}/src/"
>> >> --
>> >> 2.7.4
>>
>>
>>
>> Links:
>> ------
>> [1] http://wireguard-module_0.0.20170421.bb
>> [2] http://wireguard-tools_0.0.20170421.bb
>> [3] https://www.wireguard.io/install/#kernel-requirements
>> [4] https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz

Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

[Joe MacDonald]

[-- Attachment #1: Type: text/plain, Size: 8960 bytes --]

[Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools] On 17.05.01 (Mon 14:37) Stefan Agner wrote:

> On 2017-05-01 08:18, Joe MacDonald wrote:
> > [Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel
> > module and tools] On 17.04.28 (Fri 18:18) Stefan Agner wrote:
> > 
> >>
> >>
> >> Hm, I can not reproduce here. It looks like module has not been
> >> included, the module make arguments are missing...
> >>
> >> Here it looks like this:
> >>
> >> NOTE: make -j 8
> >> KERNEL_SRC=skins/larry/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source
> >> KERNELDIR=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source
> >> KERNEL_PATH=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-source
> >> KERNEL_VERSION=4.10.5-yocto-standard CC=x86_64-oe-linux-gcc
> >> -fuse-ld=bfd LD=x86_64-oe-linux-ld.bfd  AR=x86_64-oe-linux-ar
> >> O=/build/ags/oe-core/build/tmp-glibc/work-shared/qemux86-64/kernel-build-artifacts
> >> KBUILD_EXTRA_SYMBOLS= module
> >>
> >> Do you have an idea what is going on?
> > 
> > I don't off hand, but since I merged it, I'll try to investigate it.
> > It's been somewhat complicated by the fact that this configuration
> > builds for me but fails for the world builds as Martin notes.  But the
> > configuration that last passed for the world builds failed to build for
> > my ARM target builds during a do_install step because it was clearly
> > trying to look at my host system.  For now I've just blacklisted the
> > recipe in master.
> 
> Yeah it really seems that inherit module failed for some reason, which
> avoids a whole bunch of make arguments to be missing. Quite likely that
> in this case the build system starts to look at default paths.
> 
> But this recipe inherits module the same way as others do. It seems to
> me if this recipe fails, then others such as netmap-modules should fail
> too...

meta-networking/recipes-kernel/netmap/netmap-modules_git.bb:PNBLACKLIST[netmap-modules] ?= "BROKEN: not compatible with default kernel version 4.8 - the recipe will be removed on 2017-09-01 unless the issue is fixed"

Heh.

But for different reasons.  And I'm going to have a look at that soon
too.  Anyway, I think I have a workable solution for wireguard I'm going
to send out now.

-J.

> 
> --
> Stefan
> 
> 
> > 
> > -J.
> > 
> >>
> >> On 2017-04-28 05:24, Martin Jansa wrote:
> >>
> >> > This latest version (which was merged to master yesterday) fails to build:
> >> >
> >> > http://errors.yoctoproject.org/Errors/Details/141421/
> >> >
> >> > On Thu, Apr 27, 2017 at 7:30 AM, Stefan Agner <stefan@agner.ch> wrote:
> >> >
> >> >> WireGuard is an extremely simple yet fast and modern VPN that utilizes
> >> >> state-of-the-art cryptography. It aims to be faster, simpler, leaner,
> >> >> and more useful than IPSec, while avoiding the massive headache.
> >> >>
> >> >> The recipes add the current experimental snapshot v0.0.20170421
> >> >> out-of-tree kernel module and tools. The kernel module has some kernel
> >> >> configuration dependencies such as some configuration part of
> >> >> features/netfilter/netfilter.scc, hence netfilter.scc should be part
> >> >> of KERNEL_EXTRA_FEATURES (which is the case by default).
> >> >>
> >> >> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
> >> >> which is MACHINE_ARCH (like all kernel modules) we need to add this
> >> >> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
> >> >>
> >> >> Signed-off-by: Stefan Agner <stefan@agner.ch>
> >> >> ---
> >> >> Changes since v2:
> >> >> - Upgrade to v0.0.20170421
> >> >> - Add comment about Linux kernel requirement
> >> >>
> >> >> Changes since v1:
> >> >> - Upgrade to v0.0.20170409
> >> >> - Add wireguard-tools -> wireguard-module dependency to
> >> >> SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
> >> >>
> >> >> meta-networking/conf/layer.conf                    |  4 ++++
> >> >> .../wireguard/wireguard-module_0.0.20170421.bb [1]     | 13 +++++++++++
> >> >> .../wireguard/wireguard-tools_0.0.20170421.bb [2]      | 27 ++++++++++++++++++++++
> >> >> .../recipes-kernel/wireguard/wireguard.inc         | 18 +++++++++++++++
> >> >> 4 files changed, 62 insertions(+)
> >> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1]
> >> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2]
> >> >> create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc
> >> >>
> >> >> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
> >> >> index 85ad93b..b5aa159 100644
> >> >> --- a/meta-networking/conf/layer.conf
> >> >> +++ b/meta-networking/conf/layer.conf
> >> >> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
> >> >>
> >> >> # Override security flags
> >> >> require conf/distro/include/meta_networking_security_flags.inc
> >> >> +
> >> >> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
> >> >> +  wireguard-tools->wireguard-module \
> >> >> +"
> >> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1] b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1]
> >> >> new file mode 100644
> >> >> index 0000000..cb21bda
> >> >> --- /dev/null
> >> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb [1]
> >> >> @@ -0,0 +1,13 @@
> >> >> +require wireguard.inc
> >> >> +
> >> >> +inherit module
> >> >> +
> >> >> +# This module requires Linux 3.10 higher and several networking related
> >> >> +# configuration options. For exact kernel requirements visit:
> >> >> +# https://www.wireguard.io/install/#kernel-requirements [3]
> >> >> +
> >> >> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
> >> >> +MAKE_TARGETS = "module"
> >> >> +MODULES_INSTALL_TARGET = "module-install"
> >> >> +
> >> >> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
> >> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2] b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2]
> >> >> new file mode 100644
> >> >> index 0000000..79d420f
> >> >> --- /dev/null
> >> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb [2]
> >> >>
> >> >> @@ -0,0 +1,27 @@
> >> >> +require wireguard.inc
> >> >> +
> >> >> +inherit bash-completion systemd pkgconfig
> >> >> +
> >> >> +DEPENDS = "wireguard-module libmnl"
> >> >> +
> >> >> +do_compile_prepend () {
> >> >> +    cd ${S}/tools
> >> >> +}
> >> >> +
> >> >> +do_install () {
> >> >> +    cd ${S}/tools
> >> >> +    oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \
> >> >> +        SYSTEMDUNITDIR="${systemd_unitdir}" \
> >> >> +        WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \
> >> >> +        WITH_BASHCOMPLETION=yes \
> >> >> +        WITH_WGQUICK=yes \
> >> >> +        install
> >> >> +}
> >> >> +
> >> >> +FILES_${PN} = " \
> >> >> +    ${sysconfdir} \
> >> >> +    ${systemd_unitdir} \
> >> >> +    ${bindir} \
> >> >> +"
> >> >> +
> >> >> +RDEPENDS_${PN} = "wireguard-module"
> >> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc
> >> >> new file mode 100644 index 0000000..46a9971
> >> >> --- /dev/null
> >> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
> >> >> @@ -0,0 +1,18 @@
> >> >> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
> >> >> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
> >> >> +implemented as a kernel virtual network interface for Linux, which aims to \
> >> >> +replace both IPsec for most use cases, as well as popular user space and/or \
> >> >> +TLS-based solutions like OpenVPN, while being more secure, more performant, \
> >> >> +and easier to use."
> >> >> +SECTION = "networking"
> >> >> +HOMEPAGE = "https://www.wireguard.io/"
> >> >> +LICENSE = "GPLv2"
> >> >> +
> >> >> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
> >> >> +
> >> >> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz [4]"
> >> >> +
> >> >> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d"
> >> >> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000"
> >> >>
> >> >> +
> >> >> +S = "${WORKDIR}/WireGuard-${PV}/src/"
> >> >> --
> >> >> 2.7.4
> >>
> >>
> >>
> >> Links:
> >> ------
> >> [1] http://wireguard-module_0.0.20170421.bb
> >> [2] http://wireguard-tools_0.0.20170421.bb
> >> [3] https://www.wireguard.io/install/#kernel-requirements
> >> [4] https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz

-- 
-Joe MacDonald.
:wq

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 484 bytes --]

Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

[Robert Yang]

Hi Stefan,

On 04/27/2017 01:30 PM, Stefan Agner wrote:
> WireGuard is an extremely simple yet fast and modern VPN that utilizes
> state-of-the-art cryptography. It aims to be faster, simpler, leaner,
> and more useful than IPSec, while avoiding the massive headache.
>
> The recipes add the current experimental snapshot v0.0.20170421
> out-of-tree kernel module and tools. The kernel module has some kernel
> configuration dependencies such as some configuration part of
> features/netfilter/netfilter.scc, hence netfilter.scc should be part
> of KERNEL_EXTRA_FEATURES (which is the case by default).
>
> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
> which is MACHINE_ARCH (like all kernel modules) we need to add this
> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>
> Signed-off-by: Stefan Agner <stefan@agner.ch>
> ---
> Changes since v2:
> - Upgrade to v0.0.20170421
> - Add comment about Linux kernel requirement
>
> Changes since v1:
> - Upgrade to v0.0.20170409
> - Add wireguard-tools -> wireguard-module dependency to
>   SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>
>  meta-networking/conf/layer.conf                    |  4 ++++
>  .../wireguard/wireguard-module_0.0.20170421.bb     | 13 +++++++++++
>  .../wireguard/wireguard-tools_0.0.20170421.bb      | 27 ++++++++++++++++++++++
>  .../recipes-kernel/wireguard/wireguard.inc         | 18 +++++++++++++++
>  4 files changed, 62 insertions(+)
>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc
>
> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
> index 85ad93b..b5aa159 100644
> --- a/meta-networking/conf/layer.conf
> +++ b/meta-networking/conf/layer.conf
> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
>
>  # Override security flags
>  require conf/distro/include/meta_networking_security_flags.inc
> +
> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
> +  wireguard-tools->wireguard-module \
> +"
> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
> new file mode 100644
> index 0000000..cb21bda
> --- /dev/null
> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
> @@ -0,0 +1,13 @@
> +require wireguard.inc
> +
> +inherit module
> +
> +# This module requires Linux 3.10 higher and several networking related
> +# configuration options. For exact kernel requirements visit:
> +# https://www.wireguard.io/install/#kernel-requirements
> +
> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
> +MAKE_TARGETS = "module"
> +MODULES_INSTALL_TARGET = "module-install"
> +
> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
> new file mode 100644
> index 0000000..79d420f
> --- /dev/null
> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
> @@ -0,0 +1,27 @@
> +require wireguard.inc
> +
> +inherit bash-completion systemd pkgconfig
> +
> +DEPENDS = "wireguard-module libmnl"
> +
> +do_compile_prepend () {
> +    cd ${S}/tools
> +}
> +
> +do_install () {
> +    cd ${S}/tools
> +    oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \
> +        SYSTEMDUNITDIR="${systemd_unitdir}" \
> +        WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \
> +        WITH_BASHCOMPLETION=yes \
> +        WITH_WGQUICK=yes \
> +        install
> +}
> +
> +FILES_${PN} = " \
> +    ${sysconfdir} \
> +    ${systemd_unitdir} \
> +    ${bindir} \
> +"
> +
> +RDEPENDS_${PN} = "wireguard-module"
> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc
> new file mode 100644
> index 0000000..46a9971
> --- /dev/null
> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
> @@ -0,0 +1,18 @@
> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
> +implemented as a kernel virtual network interface for Linux, which aims to \
> +replace both IPsec for most use cases, as well as popular user space and/or \
> +TLS-based solutions like OpenVPN, while being more secure, more performant, \
> +and easier to use."
> +SECTION = "networking"
> +HOMEPAGE = "https://www.wireguard.io/"
> +LICENSE = "GPLv2"
> +
> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
> +
> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"

This SRC_URI is gone, maybe it's just a temp location ?

// Robert

> +
> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d"
> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000"
> +
> +S = "${WORKDIR}/WireGuard-${PV}/src/"
>

Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

[Stefan Agner]

On 2017-05-18 00:29, Robert Yang wrote:
> Hi Stefan,
> 
> On 04/27/2017 01:30 PM, Stefan Agner wrote:
>> WireGuard is an extremely simple yet fast and modern VPN that utilizes
>> state-of-the-art cryptography. It aims to be faster, simpler, leaner,
>> and more useful than IPSec, while avoiding the massive headache.
>>
>> The recipes add the current experimental snapshot v0.0.20170421
>> out-of-tree kernel module and tools. The kernel module has some kernel
>> configuration dependencies such as some configuration part of
>> features/netfilter/netfilter.scc, hence netfilter.scc should be part
>> of KERNEL_EXTRA_FEATURES (which is the case by default).
>>
>> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
>> which is MACHINE_ARCH (like all kernel modules) we need to add this
>> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>>
>> Signed-off-by: Stefan Agner <stefan@agner.ch>
>> ---
>> Changes since v2:
>> - Upgrade to v0.0.20170421
>> - Add comment about Linux kernel requirement
>>
>> Changes since v1:
>> - Upgrade to v0.0.20170409
>> - Add wireguard-tools -> wireguard-module dependency to
>>   SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>>
>>  meta-networking/conf/layer.conf                    |  4 ++++
>>  .../wireguard/wireguard-module_0.0.20170421.bb     | 13 +++++++++++
>>  .../wireguard/wireguard-tools_0.0.20170421.bb      | 27 ++++++++++++++++++++++
>>  .../recipes-kernel/wireguard/wireguard.inc         | 18 +++++++++++++++
>>  4 files changed, 62 insertions(+)
>>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc
>>
>> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
>> index 85ad93b..b5aa159 100644
>> --- a/meta-networking/conf/layer.conf
>> +++ b/meta-networking/conf/layer.conf
>> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
>>
>>  # Override security flags
>>  require conf/distro/include/meta_networking_security_flags.inc
>> +
>> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
>> +  wireguard-tools->wireguard-module \
>> +"
>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>> new file mode 100644
>> index 0000000..cb21bda
>> --- /dev/null
>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>> @@ -0,0 +1,13 @@
>> +require wireguard.inc
>> +
>> +inherit module
>> +
>> +# This module requires Linux 3.10 higher and several networking related
>> +# configuration options. For exact kernel requirements visit:
>> +# https://www.wireguard.io/install/#kernel-requirements
>> +
>> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
>> +MAKE_TARGETS = "module"
>> +MODULES_INSTALL_TARGET = "module-install"
>> +
>> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>> new file mode 100644
>> index 0000000..79d420f
>> --- /dev/null
>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>> @@ -0,0 +1,27 @@
>> +require wireguard.inc
>> +
>> +inherit bash-completion systemd pkgconfig
>> +
>> +DEPENDS = "wireguard-module libmnl"
>> +
>> +do_compile_prepend () {
>> +    cd ${S}/tools
>> +}
>> +
>> +do_install () {
>> +    cd ${S}/tools
>> +    oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \
>> +        SYSTEMDUNITDIR="${systemd_unitdir}" \
>> +        WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \
>> +        WITH_BASHCOMPLETION=yes \
>> +        WITH_WGQUICK=yes \
>> +        install
>> +}
>> +
>> +FILES_${PN} = " \
>> +    ${sysconfdir} \
>> +    ${systemd_unitdir} \
>> +    ${bindir} \
>> +"
>> +
>> +RDEPENDS_${PN} = "wireguard-module"
>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc
>> new file mode 100644
>> index 0000000..46a9971
>> --- /dev/null
>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
>> @@ -0,0 +1,18 @@
>> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
>> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
>> +implemented as a kernel virtual network interface for Linux, which aims to \
>> +replace both IPsec for most use cases, as well as popular user space and/or \
>> +TLS-based solutions like OpenVPN, while being more secure, more performant, \
>> +and easier to use."
>> +SECTION = "networking"
>> +HOMEPAGE = "https://www.wireguard.io/"
>> +LICENSE = "GPLv2"
>> +
>> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
>> +
>> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"
> 
> This SRC_URI is gone, maybe it's just a temp location ?

Hm, yeah Jason released a new snapshot, 0.0.20170517. He seems not to
keep the old snapshots around, I guess he wants to avoid having stale
versions floating around.

Either we keep bumping the version everytime a new snapshot is available
or we should just switch to git for OE, what do you think?

--
Stefan

> 
> // Robert
> 
>> +
>> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d"
>> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000"
>> +
>> +S = "${WORKDIR}/WireGuard-${PV}/src/"
>>

Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

[Joe MacDonald]

[-- Attachment #1: Type: text/plain, Size: 6395 bytes --]

[Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools] On 17.05.18 (Thu 10:55) Stefan Agner wrote:

> On 2017-05-18 00:29, Robert Yang wrote:
> > Hi Stefan,
> > 
> > On 04/27/2017 01:30 PM, Stefan Agner wrote:
> >> WireGuard is an extremely simple yet fast and modern VPN that utilizes
> >> state-of-the-art cryptography. It aims to be faster, simpler, leaner,
> >> and more useful than IPSec, while avoiding the massive headache.
> >>
> >> The recipes add the current experimental snapshot v0.0.20170421
> >> out-of-tree kernel module and tools. The kernel module has some kernel
> >> configuration dependencies such as some configuration part of
> >> features/netfilter/netfilter.scc, hence netfilter.scc should be part
> >> of KERNEL_EXTRA_FEATURES (which is the case by default).
> >>
> >> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
> >> which is MACHINE_ARCH (like all kernel modules) we need to add this
> >> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
> >>
> >> Signed-off-by: Stefan Agner <stefan@agner.ch>
> >> ---
> >> Changes since v2:
> >> - Upgrade to v0.0.20170421
> >> - Add comment about Linux kernel requirement
> >>
> >> Changes since v1:
> >> - Upgrade to v0.0.20170409
> >> - Add wireguard-tools -> wireguard-module dependency to
> >>   SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
> >>
> >>  meta-networking/conf/layer.conf                    |  4 ++++
> >>  .../wireguard/wireguard-module_0.0.20170421.bb     | 13 +++++++++++
> >>  .../wireguard/wireguard-tools_0.0.20170421.bb      | 27 ++++++++++++++++++++++
> >>  .../recipes-kernel/wireguard/wireguard.inc         | 18 +++++++++++++++
> >>  4 files changed, 62 insertions(+)
> >>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
> >>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
> >>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc
> >>
> >> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
> >> index 85ad93b..b5aa159 100644
> >> --- a/meta-networking/conf/layer.conf
> >> +++ b/meta-networking/conf/layer.conf
> >> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
> >>
> >>  # Override security flags
> >>  require conf/distro/include/meta_networking_security_flags.inc
> >> +
> >> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
> >> +  wireguard-tools->wireguard-module \
> >> +"
> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
> >> new file mode 100644
> >> index 0000000..cb21bda
> >> --- /dev/null
> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
> >> @@ -0,0 +1,13 @@
> >> +require wireguard.inc
> >> +
> >> +inherit module
> >> +
> >> +# This module requires Linux 3.10 higher and several networking related
> >> +# configuration options. For exact kernel requirements visit:
> >> +# https://www.wireguard.io/install/#kernel-requirements
> >> +
> >> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
> >> +MAKE_TARGETS = "module"
> >> +MODULES_INSTALL_TARGET = "module-install"
> >> +
> >> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
> >> new file mode 100644
> >> index 0000000..79d420f
> >> --- /dev/null
> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
> >> @@ -0,0 +1,27 @@
> >> +require wireguard.inc
> >> +
> >> +inherit bash-completion systemd pkgconfig
> >> +
> >> +DEPENDS = "wireguard-module libmnl"
> >> +
> >> +do_compile_prepend () {
> >> +    cd ${S}/tools
> >> +}
> >> +
> >> +do_install () {
> >> +    cd ${S}/tools
> >> +    oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \
> >> +        SYSTEMDUNITDIR="${systemd_unitdir}" \
> >> +        WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \
> >> +        WITH_BASHCOMPLETION=yes \
> >> +        WITH_WGQUICK=yes \
> >> +        install
> >> +}
> >> +
> >> +FILES_${PN} = " \
> >> +    ${sysconfdir} \
> >> +    ${systemd_unitdir} \
> >> +    ${bindir} \
> >> +"
> >> +
> >> +RDEPENDS_${PN} = "wireguard-module"
> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc
> >> new file mode 100644
> >> index 0000000..46a9971
> >> --- /dev/null
> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
> >> @@ -0,0 +1,18 @@
> >> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
> >> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
> >> +implemented as a kernel virtual network interface for Linux, which aims to \
> >> +replace both IPsec for most use cases, as well as popular user space and/or \
> >> +TLS-based solutions like OpenVPN, while being more secure, more performant, \
> >> +and easier to use."
> >> +SECTION = "networking"
> >> +HOMEPAGE = "https://www.wireguard.io/"
> >> +LICENSE = "GPLv2"
> >> +
> >> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
> >> +
> >> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"
> > 
> > This SRC_URI is gone, maybe it's just a temp location ?
> 
> Hm, yeah Jason released a new snapshot, 0.0.20170517. He seems not to
> keep the old snapshots around, I guess he wants to avoid having stale
> versions floating around.
> 
> Either we keep bumping the version everytime a new snapshot is available
> or we should just switch to git for OE, what do you think?

I think that given he's not just removing old tarballs from an FTP
server somewhere but removing tags from the git history, it'd be best to
go with a git recipe with a fixed SRCREV.

-J.

> 
> --
> Stefan
> 
> > 
> > // Robert
> > 
> >> +
> >> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d"
> >> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000"
> >> +
> >> +S = "${WORKDIR}/WireGuard-${PV}/src/"
> >>
-- 
-Joe MacDonald.
:wq

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 484 bytes --]

Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

[Stefan Agner]

On 2017-05-18 11:19, Joe MacDonald wrote:
> [Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel
> module and tools] On 17.05.18 (Thu 10:55) Stefan Agner wrote:
> 
>> On 2017-05-18 00:29, Robert Yang wrote:
>> > Hi Stefan,
>> >
>> > On 04/27/2017 01:30 PM, Stefan Agner wrote:
>> >> WireGuard is an extremely simple yet fast and modern VPN that utilizes
>> >> state-of-the-art cryptography. It aims to be faster, simpler, leaner,
>> >> and more useful than IPSec, while avoiding the massive headache.
>> >>
>> >> The recipes add the current experimental snapshot v0.0.20170421
>> >> out-of-tree kernel module and tools. The kernel module has some kernel
>> >> configuration dependencies such as some configuration part of
>> >> features/netfilter/netfilter.scc, hence netfilter.scc should be part
>> >> of KERNEL_EXTRA_FEATURES (which is the case by default).
>> >>
>> >> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
>> >> which is MACHINE_ARCH (like all kernel modules) we need to add this
>> >> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>> >>
>> >> Signed-off-by: Stefan Agner <stefan@agner.ch>
>> >> ---
>> >> Changes since v2:
>> >> - Upgrade to v0.0.20170421
>> >> - Add comment about Linux kernel requirement
>> >>
>> >> Changes since v1:
>> >> - Upgrade to v0.0.20170409
>> >> - Add wireguard-tools -> wireguard-module dependency to
>> >>   SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>> >>
>> >>  meta-networking/conf/layer.conf                    |  4 ++++
>> >>  .../wireguard/wireguard-module_0.0.20170421.bb     | 13 +++++++++++
>> >>  .../wireguard/wireguard-tools_0.0.20170421.bb      | 27 ++++++++++++++++++++++
>> >>  .../recipes-kernel/wireguard/wireguard.inc         | 18 +++++++++++++++
>> >>  4 files changed, 62 insertions(+)
>> >>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>> >>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>> >>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc
>> >>
>> >> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
>> >> index 85ad93b..b5aa159 100644
>> >> --- a/meta-networking/conf/layer.conf
>> >> +++ b/meta-networking/conf/layer.conf
>> >> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
>> >>
>> >>  # Override security flags
>> >>  require conf/distro/include/meta_networking_security_flags.inc
>> >> +
>> >> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
>> >> +  wireguard-tools->wireguard-module \
>> >> +"
>> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>> >> new file mode 100644
>> >> index 0000000..cb21bda
>> >> --- /dev/null
>> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>> >> @@ -0,0 +1,13 @@
>> >> +require wireguard.inc
>> >> +
>> >> +inherit module
>> >> +
>> >> +# This module requires Linux 3.10 higher and several networking related
>> >> +# configuration options. For exact kernel requirements visit:
>> >> +# https://www.wireguard.io/install/#kernel-requirements
>> >> +
>> >> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
>> >> +MAKE_TARGETS = "module"
>> >> +MODULES_INSTALL_TARGET = "module-install"
>> >> +
>> >> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
>> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>> >> new file mode 100644
>> >> index 0000000..79d420f
>> >> --- /dev/null
>> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>> >> @@ -0,0 +1,27 @@
>> >> +require wireguard.inc
>> >> +
>> >> +inherit bash-completion systemd pkgconfig
>> >> +
>> >> +DEPENDS = "wireguard-module libmnl"
>> >> +
>> >> +do_compile_prepend () {
>> >> +    cd ${S}/tools
>> >> +}
>> >> +
>> >> +do_install () {
>> >> +    cd ${S}/tools
>> >> +    oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \
>> >> +        SYSTEMDUNITDIR="${systemd_unitdir}" \
>> >> +        WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \
>> >> +        WITH_BASHCOMPLETION=yes \
>> >> +        WITH_WGQUICK=yes \
>> >> +        install
>> >> +}
>> >> +
>> >> +FILES_${PN} = " \
>> >> +    ${sysconfdir} \
>> >> +    ${systemd_unitdir} \
>> >> +    ${bindir} \
>> >> +"
>> >> +
>> >> +RDEPENDS_${PN} = "wireguard-module"
>> >> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc
>> >> new file mode 100644
>> >> index 0000000..46a9971
>> >> --- /dev/null
>> >> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
>> >> @@ -0,0 +1,18 @@
>> >> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
>> >> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
>> >> +implemented as a kernel virtual network interface for Linux, which aims to \
>> >> +replace both IPsec for most use cases, as well as popular user space and/or \
>> >> +TLS-based solutions like OpenVPN, while being more secure, more performant, \
>> >> +and easier to use."
>> >> +SECTION = "networking"
>> >> +HOMEPAGE = "https://www.wireguard.io/"
>> >> +LICENSE = "GPLv2"
>> >> +
>> >> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
>> >> +
>> >> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"
>> >
>> > This SRC_URI is gone, maybe it's just a temp location ?
>>
>> Hm, yeah Jason released a new snapshot, 0.0.20170517. He seems not to
>> keep the old snapshots around, I guess he wants to avoid having stale
>> versions floating around.
>>
>> Either we keep bumping the version everytime a new snapshot is available
>> or we should just switch to git for OE, what do you think?
> 
> I think that given he's not just removing old tarballs from an FTP
> server somewhere but removing tags from the git history, it'd be best to
> go with a git recipe with a fixed SRCREV.

According to the snapshot announcement the new snapshot made breaking
changes to the protocol. It might be the reason they removed the old
snapshots, I am not sure how that has been handled in the past...

I guess the snapshots are slightly better tested and have a somewhat
more consistent state than git, so I would have preferred snapshots...

Just sent out a patch to move to the latest snapshot, lets see how
things move from this point, if the snapshots disappear I can switch to
git, does that sound ok?

--
Stefan

> 
> -J.
> 
>>
>> --
>> Stefan
>>
>> >
>> > // Robert
>> >
>> >> +
>> >> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d"
>> >> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000"
>> >> +
>> >> +S = "${WORKDIR}/WireGuard-${PV}/src/"
>> >>

Re: [meta-networking][PATCH v3] wireguard: add WireGuard kernel module and tools

[Robert Yang]

On 05/19/2017 02:26 AM, Stefan Agner wrote:
> On 2017-05-18 11:19, Joe MacDonald wrote:
>> [Re: [oe] [meta-networking][PATCH v3] wireguard: add WireGuard kernel
>> module and tools] On 17.05.18 (Thu 10:55) Stefan Agner wrote:
>>
>>> On 2017-05-18 00:29, Robert Yang wrote:
>>>> Hi Stefan,
>>>>
>>>> On 04/27/2017 01:30 PM, Stefan Agner wrote:
>>>>> WireGuard is an extremely simple yet fast and modern VPN that utilizes
>>>>> state-of-the-art cryptography. It aims to be faster, simpler, leaner,
>>>>> and more useful than IPSec, while avoiding the massive headache.
>>>>>
>>>>> The recipes add the current experimental snapshot v0.0.20170421
>>>>> out-of-tree kernel module and tools. The kernel module has some kernel
>>>>> configuration dependencies such as some configuration part of
>>>>> features/netfilter/netfilter.scc, hence netfilter.scc should be part
>>>>> of KERNEL_EXTRA_FEATURES (which is the case by default).
>>>>>
>>>>> Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
>>>>> which is MACHINE_ARCH (like all kernel modules) we need to add this
>>>>> dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>>>>>
>>>>> Signed-off-by: Stefan Agner <stefan@agner.ch>
>>>>> ---
>>>>> Changes since v2:
>>>>> - Upgrade to v0.0.20170421
>>>>> - Add comment about Linux kernel requirement
>>>>>
>>>>> Changes since v1:
>>>>> - Upgrade to v0.0.20170409
>>>>> - Add wireguard-tools -> wireguard-module dependency to
>>>>>   SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
>>>>>
>>>>>  meta-networking/conf/layer.conf                    |  4 ++++
>>>>>  .../wireguard/wireguard-module_0.0.20170421.bb     | 13 +++++++++++
>>>>>  .../wireguard/wireguard-tools_0.0.20170421.bb      | 27 ++++++++++++++++++++++
>>>>>  .../recipes-kernel/wireguard/wireguard.inc         | 18 +++++++++++++++
>>>>>  4 files changed, 62 insertions(+)
>>>>>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>>>>>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>>>>>  create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc
>>>>>
>>>>> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
>>>>> index 85ad93b..b5aa159 100644
>>>>> --- a/meta-networking/conf/layer.conf
>>>>> +++ b/meta-networking/conf/layer.conf
>>>>> @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
>>>>>
>>>>>  # Override security flags
>>>>>  require conf/distro/include/meta_networking_security_flags.inc
>>>>> +
>>>>> +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
>>>>> +  wireguard-tools->wireguard-module \
>>>>> +"
>>>>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>>>>> new file mode 100644
>>>>> index 0000000..cb21bda
>>>>> --- /dev/null
>>>>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170421.bb
>>>>> @@ -0,0 +1,13 @@
>>>>> +require wireguard.inc
>>>>> +
>>>>> +inherit module
>>>>> +
>>>>> +# This module requires Linux 3.10 higher and several networking related
>>>>> +# configuration options. For exact kernel requirements visit:
>>>>> +# https://www.wireguard.io/install/#kernel-requirements
>>>>> +
>>>>> +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}"
>>>>> +MAKE_TARGETS = "module"
>>>>> +MODULES_INSTALL_TARGET = "module-install"
>>>>> +
>>>>> +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit"
>>>>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>>>>> new file mode 100644
>>>>> index 0000000..79d420f
>>>>> --- /dev/null
>>>>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170421.bb
>>>>> @@ -0,0 +1,27 @@
>>>>> +require wireguard.inc
>>>>> +
>>>>> +inherit bash-completion systemd pkgconfig
>>>>> +
>>>>> +DEPENDS = "wireguard-module libmnl"
>>>>> +
>>>>> +do_compile_prepend () {
>>>>> +    cd ${S}/tools
>>>>> +}
>>>>> +
>>>>> +do_install () {
>>>>> +    cd ${S}/tools
>>>>> +    oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \
>>>>> +        SYSTEMDUNITDIR="${systemd_unitdir}" \
>>>>> +        WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', '', d)} \
>>>>> +        WITH_BASHCOMPLETION=yes \
>>>>> +        WITH_WGQUICK=yes \
>>>>> +        install
>>>>> +}
>>>>> +
>>>>> +FILES_${PN} = " \
>>>>> +    ${sysconfdir} \
>>>>> +    ${systemd_unitdir} \
>>>>> +    ${bindir} \
>>>>> +"
>>>>> +
>>>>> +RDEPENDS_${PN} = "wireguard-module"
>>>>> diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc b/meta-networking/recipes-kernel/wireguard/wireguard.inc
>>>>> new file mode 100644
>>>>> index 0000000..46a9971
>>>>> --- /dev/null
>>>>> +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc
>>>>> @@ -0,0 +1,18 @@
>>>>> +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN"
>>>>> +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \
>>>>> +implemented as a kernel virtual network interface for Linux, which aims to \
>>>>> +replace both IPsec for most use cases, as well as popular user space and/or \
>>>>> +TLS-based solutions like OpenVPN, while being more secure, more performant, \
>>>>> +and easier to use."
>>>>> +SECTION = "networking"
>>>>> +HOMEPAGE = "https://www.wireguard.io/"
>>>>> +LICENSE = "GPLv2"
>>>>> +
>>>>> +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
>>>>> +
>>>>> +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"
>>>>
>>>> This SRC_URI is gone, maybe it's just a temp location ?
>>>
>>> Hm, yeah Jason released a new snapshot, 0.0.20170517. He seems not to
>>> keep the old snapshots around, I guess he wants to avoid having stale
>>> versions floating around.
>>>
>>> Either we keep bumping the version everytime a new snapshot is available
>>> or we should just switch to git for OE, what do you think?
>>
>> I think that given he's not just removing old tarballs from an FTP
>> server somewhere but removing tags from the git history, it'd be best to
>> go with a git recipe with a fixed SRCREV.
>
> According to the snapshot announcement the new snapshot made breaking
> changes to the protocol. It might be the reason they removed the old
> snapshots, I am not sure how that has been handled in the past...
>
> I guess the snapshots are slightly better tested and have a somewhat
> more consistent state than git, so I would have preferred snapshots...
>
> Just sent out a patch to move to the latest snapshot, lets see how
> things move from this point, if the snapshots disappear I can switch to
> git, does that sound ok?

I prefer git in this case rather than may break again.

// Robert

>
> --
> Stefan
>
>>
>> -J.
>>
>>>
>>> --
>>> Stefan
>>>
>>>>
>>>> // Robert
>>>>
>>>>> +
>>>>> +SRC_URI[md5sum] = "8e559f4fd672b15c38a15eb4d88cc84d"
>>>>> +SRC_URI[sha256sum] = "03c82af774224cd171d000ee4a519b5e474cc6842ac04967773cf77b26750000"
>>>>> +
>>>>> +S = "${WORKDIR}/WireGuard-${PV}/src/"
>>>>>
>