Openbsd update recommendation

Openbsd update recommendation

[jungle Boogie]

Hi All,

For openBSD instructions here:
https://www.wireguard.com/install/#packages

Curl is not apart of base, so you can either assume the users have
curl installed, or use ftp(1) in the example. If you're doing the
latter, you'll need a pkg_add to also include curl.

https://man.openbsd.org/ftp.1


Also, I already have a go path setup. How do I get around this?

cd .gopath/src/git.zx2c4.com/wireguard-go && dep ensure -vendor-only -v
/usr/src/wireguard/wireguard-go-0.0.20180531 is not within a known GOPATH/src
gmake: *** [Makefile:33: vendor/.created] Error 1
gmake: Leaving directory '/usr/src/wireguard/wireguard-go-0.0.20180531'


$ echo $GOPATH
/home/jungle/gopath

Thanks!

-- 
-------
inum: 883510009027723
sip: jungleboogie@sip2sip.info

Re: Openbsd update recommendation

[Jason A. Donenfeld]

Hey Jungle,

On Sat, Jun 2, 2018 at 1:26 AM, jungle Boogie <jungleboogie0@gmail.com> wrote:
> Hi All,
>
> For openBSD instructions here:
> https://www.wireguard.com/install/#packages
>
> Curl is not apart of base, so you can either assume the users have
> curl installed, or use ftp(1) in the example. If you're doing the
> latter, you'll need a pkg_add to also include curl.
>
> https://man.openbsd.org/ftp.1

I love how OpenBSD commands keep evolving over time. Thanks for the
suggestion. I've updated the page.

> Also, I already have a go path setup. How do I get around this?
>
> cd .gopath/src/git.zx2c4.com/wireguard-go && dep ensure -vendor-only -v
> /usr/src/wireguard/wireguard-go-0.0.20180531 is not within a known GOPATH/src
> gmake: *** [Makefile:33: vendor/.created] Error 1
> gmake: Leaving directory '/usr/src/wireguard/wireguard-go-0.0.20180531'

Somebody mentioned this on IRC the other day (maybe you?), but I
didn't figure out what was going on then. I just now triaged the
issue: in ksh(1), before exec'ing a new process, it resolves all
symlinks of pwd. Try for yourself:

# ksh
# mkdir a
# ln -s a b
# cd b
# ksh -c pwd
/root/a

That's pretty weird behavior, but maybe there's an interesting reason
for it; I'll poke around tomorrow and see if I can figure it out.

In any case, I've worked around it now in the install script and
tested on a fresh OpenBSD 6.3 install, so you should now be able to
run:

# ftp -o - https://xn--4db.cc/IKuBc62Z | sh

Let me know how it goes, and thanks for the report.

Regards,
Jason

Re: Openbsd update recommendation

[Jungle Boogie]

Hi Jason,
On Sat 02 Jun 2018  5:15 AM, Jason A. Donenfeld wrote:
> Hey Jungle,
> 
> On Sat, Jun 2, 2018 at 1:26 AM, jungle Boogie <jungleboogie0@gmail.com> wrote:
> > Hi All,
> >
> > For openBSD instructions here:
> > https://www.wireguard.com/install/#packages
> >
> > Curl is not apart of base, so you can either assume the users have
> > curl installed, or use ftp(1) in the example. If you're doing the
> > latter, you'll need a pkg_add to also include curl.
> >
> > https://man.openbsd.org/ftp.1
> 
> I love how OpenBSD commands keep evolving over time. Thanks for the
> suggestion. I've updated the page.
> 

Yeah, the ftp command from way back is different on Linux than on openBSD. It
can still do the plain ol' ftp connections, though. ;)

> > Also, I already have a go path setup. How do I get around this?
> >
> > cd .gopath/src/git.zx2c4.com/wireguard-go && dep ensure -vendor-only -v
> > /usr/src/wireguard/wireguard-go-0.0.20180531 is not within a known GOPATH/src
> > gmake: *** [Makefile:33: vendor/.created] Error 1
> > gmake: Leaving directory '/usr/src/wireguard/wireguard-go-0.0.20180531'
> 
> Somebody mentioned this on IRC the other day (maybe you?), but I
> didn't figure out what was going on then. I just now triaged the
> issue: in ksh(1), before exec'ing a new process, it resolves all
> symlinks of pwd. Try for yourself:
> 
> # ksh
> # mkdir a
> # ln -s a b
> # cd b
> # ksh -c pwd
> /root/a
> 
> That's pretty weird behavior, but maybe there's an interesting reason
> for it; I'll poke around tomorrow and see if I can figure it out.
> 

Interesting behavior. I don't know the reason behind it, though.

> In any case, I've worked around it now in the install script and
> tested on a fresh OpenBSD 6.3 install, so you should now be able to
> run:
> 
> # ftp -o - https://xn--4db.cc/IKuBc62Z | sh
> 
> Let me know how it goes, and thanks for the report.
> 

It went great! I was able to install wireguard on two amd64 arch platform
machines.

I do still see this in the install file:
curl -sLO "$URI_KMODTOOLS"
curl -sLO "$URI_GO"

I'd still recommend adding curl to the pkg_add section for fewer errors during
install.

The process for getting the tunnel working on openBSD is similar to linux, but
the interface is tun and starts with tun0.

Once I'm more confident with the steps, I'll write something up.

> Regards,
> Jason

Thanks,
j.b.

Re: Openbsd update recommendation

[Matthias Urlichs]

On 02.06.2018 05:15, Jason A. Donenfeld wrote:
> # ksh -c pwd
> /root/a
>
> That's pretty weird behavior, but maybe there's an interesting reason
> for it

Yes.

# mv ../a ../xx
# /bin/pwd

Basically you have three choices, (a) check whether $PWD points to the
current directory, (b) reconstruct the current path by walking up and
"readdir()" on each level, (c) ask the kernel.

In order to make some interesting attacks via symlinks more difficult,
(b) is somewhat safer. However, it's also significantly more expensive.
(c) works on Linux, just readlink("/proc/self/cwd"); it's equivalent to
(b). I don't know whether OpenBSD can do that, though.

-- 
-- Matthias Urlichs

Re: Openbsd update recommendation

[Jason A. Donenfeld]

Hey Jungle,

On Sat, Jun 2, 2018 at 9:08 AM, Jungle Boogie <jungleboogie0@gmail.com> wrote:
> Interesting behavior. I don't know the reason behind it, though.

I figured the whole thing out, and wrote up a really detailed commit here:
https://git.zx2c4.com/wireguard-go/commit/?id=a050431f2660d73e191ab8100d2f0934c8aedbf9

Might be of general interest.

> I do still see this in the install file:
> curl -sLO "$URI_KMODTOOLS"
> curl -sLO "$URI_GO"

Nice catch -- I changed these to ftp(1) as well.

> The process for getting the tunnel working on openBSD is similar to linux, but
> the interface is tun and starts with tun0.

Yea, OpenBSD annoyingly does not support arbitrary network interface
names, so I have to do a fake mapping in wg-quick.

>
> Once I'm more confident with the steps, I'll write something up.

Great, thanks. Any status on actually getting these made into proper
packages, so people aren't as inclined to rely on the script, which is
only intended as a stopgap solution?

Jason

Re: Openbsd update recommendation

[Jungle Boogie]

Hey Jason,
On Sat 02 Jun 2018  4:39 PM, Jason A. Donenfeld wrote:
> Hey Jungle,
> 
> On Sat, Jun 2, 2018 at 9:08 AM, Jungle Boogie <jungleboogie0@gmail.com> wrote:
> > Interesting behavior. I don't know the reason behind it, though.
> 
> I figured the whole thing out, and wrote up a really detailed commit here:
> https://git.zx2c4.com/wireguard-go/commit/?id=a050431f2660d73e191ab8100d2f0934c8aedbf9
> 
> Might be of general interest.
> 

Good info! Thanks for taking the time to keep things running smootly across many
different platforms.

> >
> > Once I'm more confident with the steps, I'll write something up.
> 
> Great, thanks. Any status on actually getting these made into proper
> packages, so people aren't as inclined to rely on the script, which is
> only intended as a stopgap solution?
> 

I haven't seen any updates on the thread you wrote about. Maybe I'll drop a
line.
However, your script is probably the best option until you make a 1.0, or
non-snapshot release. The reason is the package may not be updated weekly, and
each week, you seem to bring in useful improvements and changes. The -release
build of openBSD doesn't receive new package updates. If your snapshot was
made into a port/package a few weeks before the 6.4 -release, it would be the
only available option until the next release. Fortunately, -release builds
happen very often, every six months.

> Jason

Best,
j.b.