WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* final call for Ubuntu 14.04 WireGuard support
@ 2020-07-21 13:12 Jason A. Donenfeld
  2020-07-22 15:03 ` Jason A. Donenfeld
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Jason A. Donenfeld @ 2020-07-21 13:12 UTC (permalink / raw)
  To: WireGuard mailing list
  Cc: Jasper Knockaert, Roman Mamedov, Andy Whitcroft, unit193,
	Joachim Lindenberg, Daniel Kahn Gillmor

Hi,

As we speak, Canonical is finishing up their support for Ubuntu 16.04.
That means WireGuard will be supported in their kernels and in their
package repositories for Ubuntu 20.04, 19.10, 18.04, and 16.04.

That means our PPA will only contain packages for Ubuntu 14.04.

Ordinary support from Canonical (as well as public kernel sources) for
14.04 was EOL'd April 2019, over one year ago. Although there is
technically support until April 2022, this is something that Canonical
sells commercially, with those updates not released to the public
(afaict). As well, my attempts to fix problems in the 14.04 kernel
have been rejected, e.g.
https://lists.ubuntu.com/archives/kernel-team/2020-May/110084.html .

With our PPA soon only needing to support 14.04, and with Canonical
not really supporting 14.04 for ordinary folks any more, I am leaning
toward dropping our PPA, and 14.04 support with it, and marking our
downstreaming efforts for Ubuntu integration as "complete".

If you _are_ using WireGuard on Ubuntu 14.04 or know somebody who is,
this would be the time to pipe up, so that we don't leave anyone
hanging. Feel free to respond to this thread regarding ongoing
WireGuard+14.04 usage and why updating your operating system isn't
convenient, or send me an email privately if public disclosure of your
infrastructure isn't an option.

Thanks,
Jason

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: final call for Ubuntu 14.04 WireGuard support
  2020-07-21 13:12 final call for Ubuntu 14.04 WireGuard support Jason A. Donenfeld
@ 2020-07-22 15:03 ` Jason A. Donenfeld
  2020-10-07 11:15 ` Maykel Moya
  2020-10-07 11:23 ` Jason A. Donenfeld
  2 siblings, 0 replies; 4+ messages in thread
From: Jason A. Donenfeld @ 2020-07-22 15:03 UTC (permalink / raw)
  To: WireGuard mailing list
  Cc: Jasper Knockaert, Roman Mamedov, Andy Whitcroft, unit193,
	Joachim Lindenberg, Daniel Kahn Gillmor

We've added a warning to the 14.04 package in the PPA now:
https://data.zx2c4.com/sunset-wg-14.04.gif

Hopefully this will encourage folks to let us know if there are
actually lingering 14.04 users.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: final call for Ubuntu 14.04 WireGuard support
  2020-07-21 13:12 final call for Ubuntu 14.04 WireGuard support Jason A. Donenfeld
  2020-07-22 15:03 ` Jason A. Donenfeld
@ 2020-10-07 11:15 ` Maykel Moya
  2020-10-07 11:23 ` Jason A. Donenfeld
  2 siblings, 0 replies; 4+ messages in thread
From: Maykel Moya @ 2020-10-07 11:15 UTC (permalink / raw)
  To: wireguard

Hi, Jason

On 21/7/20 15:12, Jason A. Donenfeld wrote:

> If you _are_ using WireGuard on Ubuntu 14.04 or know somebody who is,
> this would be the time to pipe up, so that we don't leave anyone
> hanging. Feel free to respond to this thread regarding ongoing
> WireGuard+14.04 usage and why updating your operating system isn't
> convenient, or send me an email privately if public disclosure of your
> infrastructure isn't an option.

A little late to the party, but anyway...

I'm one of the users of Wireguard in a Ubuntu 14.04. The big red warning
in the postinst script lead me here.

Despite being on trusty, I'm using a 4.4.0 kernel provided trough
trusty-security[1], specifically package linux-image-4.4.0-148-generic
version 4.4.0-148.174~14.04.1.

Today I upgraded the wireguard version to the latest one available in
the PPA, 1.0.20200712-1ppa1~14.04.2 and the module failed to build with
the following error:

$ cat make.log
DKMS make.log for wireguard-1.0.20200712 for kernel 4.4.0-148-generic
(x86_64)
Wed Oct  7 10:28:06 UTC 2020
make: Entering directory `/usr/src/linux-headers-4.4.0-148-generic'
  LD      /var/lib/dkms/wireguard/1.0.20200712/build/built-in.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/main.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/noise.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/device.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/peer.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/timers.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/queueing.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/send.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/receive.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/socket.o
/var/lib/dkms/wireguard/1.0.20200712/build/socket.c: In function ‘send6’:
/var/lib/dkms/wireguard/1.0.20200712/build/socket.c:139:18: error:
‘const struct ipv6_stub’ has no member named ‘ipv6_dst_lookup_flow’
   dst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(sock), sock, &fl,
                  ^
make[1]: *** [/var/lib/dkms/wireguard/1.0.20200712/build/socket.o] Error 1
make: *** [_module_/var/lib/dkms/wireguard/1.0.20200712/build] Error 2
make: Leaving directory `/usr/src/linux-headers-4.4.0-148-generic'

I saw the CI and latest wireguard-linux-compat is tested against 4.4.238.

This kernel is based on upstream 4.4.177

$ cat /proc/version_signature
Ubuntu 4.4.0-148.174~14.04.1-generic 4.4.177

Given that wireguard-linux-compat aims to support kernel versions 3.10
to 5.5, I'm writing with the hope to clarify if this bug is related to
compatibility with linux 4.4.x or something related to this specific
combination of distro provided kernel and unsupported distro.

I manage to make it work by forcing the compat definition of
ipv6_dst_lookup_flow with an ugly patch, just checking for
kernel_version 4.4.177.

--- compat.h.orig       2020-07-22 14:28:54.000000000 +0000
+++ compat.h    2020-10-07 11:00:04.385854751 +0000
@@ -94,7 +94,13 @@

 #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 17, 0) && LINUX_VERSION_CODE
>= KERNEL_VERSION(3, 16, 83)
 #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup_flow(b, c, d)
-#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5) &&
LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0)) || (LINUX_VERSION_CODE <
KERNEL_VERSION(5, 3, 18) && LINUX_VERSION_CODE >= KERNEL_VERSION(4,
20, 0) && !defined(ISUBUNTU1904)) || (!defined(ISRHEL8) &&
!defined(ISDEBIAN) && !defined(ISUBUNTU1804) && LINUX_VERSION_CODE <
KERNEL_VERSION(4, 19, 119) && LINUX_VERSION_CODE >= KERNEL_VERSION(4
, 15, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 181) &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)) || (LINUX_VERSION_CODE <
KERNEL_VERSION(4, 9, 224) && LINUX_VERSION_CODE >= KERNEL_
VERSION(4, 5, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 224) &&
!defined(ISUBUNTU1604))
+#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5)    &&
LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(5, 3, 18)   &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 20, 0) &&
!defined(ISUBUNTU1904)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 119) &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0) && !defined(ISRHEL8) &&
!defined(ISDEBIAN) && !defined(ISUBUNTU1804)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 181) &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 224)  &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 5, 0)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 224)  &&
!defined(ISUBUNTU1604)) || \
+      (LINUX_VERSION_CODE == KERNEL_VERSION(4, 4, 177))
 #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, &dst, c)
+ (void *)0 ?: dst
 #endif

Despite the outcome of this email, please consider aligning the
conditional clauses, they are much easier to read than having everything
in one line.

Given that Ubuntu defines in compat.h are solely based on kernel
versions and support for older releases will be dropped at some point, I
don't know if the decent fix for this is to change the latest clause from:

kernel_version < 4.4.224 && !ubuntu_1604

to just:

kernel_version < 4.4.224

Thanks for the great work,
maykel

[1]:
http://security.ubuntu.com/ubuntu/dists/trusty-security/main/binary-amd64/

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: final call for Ubuntu 14.04 WireGuard support
  2020-07-21 13:12 final call for Ubuntu 14.04 WireGuard support Jason A. Donenfeld
  2020-07-22 15:03 ` Jason A. Donenfeld
  2020-10-07 11:15 ` Maykel Moya
@ 2020-10-07 11:23 ` Jason A. Donenfeld
  2 siblings, 0 replies; 4+ messages in thread
From: Jason A. Donenfeld @ 2020-10-07 11:23 UTC (permalink / raw)
  To: WireGuard mailing list; +Cc: unit193

An update on this thread: with dwindling usage and the poor quality of
Canonical's ESM offering, 14.04 support has been sunset and the PPA
removed.

All users should update to a newer distro.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-21 13:12 final call for Ubuntu 14.04 WireGuard support Jason A. Donenfeld
2020-07-22 15:03 ` Jason A. Donenfeld
2020-10-07 11:15 ` Maykel Moya
2020-10-07 11:23 ` Jason A. Donenfeld

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git