diff options
author | Jason A. Donenfeld <zx2c4@gentoo.org> | 2017-03-17 14:49:18 +0100 |
---|---|---|
committer | Jason A. Donenfeld <zx2c4@gentoo.org> | 2017-03-17 14:56:14 +0100 |
commit | 7f68c86d93d5f69d775bceb3941b3a3b46672eb1 (patch) | |
tree | b461a335b70f8d07bda55ab1e3cc54fbd568a097 /net-vpn/wireguard | |
parent | dev-ruby/nexpose: Initial version (diff) | |
download | gentoo-7f68c86d93d5f69d775bceb3941b3a3b46672eb1.tar.gz gentoo-7f68c86d93d5f69d775bceb3941b3a3b46672eb1.tar.bz2 gentoo-7f68c86d93d5f69d775bceb3941b3a3b46672eb1.zip |
Move VPN packages into net-vpn/
Diffstat (limited to 'net-vpn/wireguard')
-rw-r--r-- | net-vpn/wireguard/Manifest | 1 | ||||
-rw-r--r-- | net-vpn/wireguard/files/wireguard-openrc.sh | 45 | ||||
-rw-r--r-- | net-vpn/wireguard/metadata.xml | 14 | ||||
-rw-r--r-- | net-vpn/wireguard/wireguard-0.0.20170223.ebuild | 110 | ||||
-rw-r--r-- | net-vpn/wireguard/wireguard-9999.ebuild | 110 |
5 files changed, 280 insertions, 0 deletions
diff --git a/net-vpn/wireguard/Manifest b/net-vpn/wireguard/Manifest new file mode 100644 index 000000000000..726997c48e06 --- /dev/null +++ b/net-vpn/wireguard/Manifest @@ -0,0 +1 @@ +DIST WireGuard-0.0.20170223.tar.xz 132064 SHA256 6d2c8cd29c4f9fb404546a4749ec050739a26b4a49b5864f1dec531377c3c50d SHA512 273ef6463d447cb04b608a0379cce5c0ed4065f988b3f449995593592b42f2fc269fc249a8e3c22c28bfa682430ee20b5b7a46a96803c9c67d1b6fed7b800455 WHIRLPOOL b08e38f791bd7c60b004b3524f411801139be09f9c091c1aead9289f430594c5cd5c80bcc8da69649b9f5ba8efc83228a42e7f54ade3dc3a312fb58175e31743 diff --git a/net-vpn/wireguard/files/wireguard-openrc.sh b/net-vpn/wireguard/files/wireguard-openrc.sh new file mode 100644 index 000000000000..9c53ef0ffa72 --- /dev/null +++ b/net-vpn/wireguard/files/wireguard-openrc.sh @@ -0,0 +1,45 @@ +# Copyright (c) 2016 Gentoo Foundation +# All rights reserved. Released under the 2-clause BSD license. + +wireguard_depend() +{ + program /usr/bin/wg + after interface + before dhcp +} + +wireguard_pre_start() +{ + [[ $IFACE == wg* ]] || return 0 + ip link delete dev "$IFACE" type wireguard 2>/dev/null + ebegin "Creating WireGuard interface $IFACE" + if ! ip link add dev "$IFACE" type wireguard; then + eend $? + return $? + fi + eend 0 + + ebegin "Configuring WireGuard interface $IFACE" + set -- $(_get_array "wireguard_$IFVAR") + if [[ -f $1 && $# -eq 1 ]]; then + /usr/bin/wg setconf "$IFACE" "$1" + else + eval /usr/bin/wg set "$IFACE" "$@" + fi + if [ $? -eq 0 ]; then + _up + eend 0 + return + fi + e=$? + ip link delete dev "$IFACE" type wireguard 2>/dev/null + eend $e +} + +wireguard_post_stop() +{ + [[ $IFACE == wg* ]] || return 0 + ebegin "Removing WireGuard interface $IFACE" + ip link delete dev "$IFACE" type wireguard + eend $? +} diff --git a/net-vpn/wireguard/metadata.xml b/net-vpn/wireguard/metadata.xml new file mode 100644 index 000000000000..d5c30b1930c0 --- /dev/null +++ b/net-vpn/wireguard/metadata.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>zx2c4@gentoo.org</email> + <name>Jason A. Donenfeld</name> + </maintainer> + <use> + <flag name="tools">Compile the wg(8) tool and related helpers. You probably want this enabled.</flag> + <flag name="module">Compile the actual WireGuard kernel module. Most certainly you want this enabled, unless you're doing something strange.</flag> + <flag name="module-src">Install the module source code to /usr/src, in case you like building kernel modules yourself.</flag> + <flag name="debug">Enable verbose debug reporting in dmesg of various WireGuard peer and device information.</flag> + </use> +</pkgmetadata> diff --git a/net-vpn/wireguard/wireguard-0.0.20170223.ebuild b/net-vpn/wireguard/wireguard-0.0.20170223.ebuild new file mode 100644 index 000000000000..e19eabcaa9ce --- /dev/null +++ b/net-vpn/wireguard/wireguard-0.0.20170223.ebuild @@ -0,0 +1,110 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit linux-mod bash-completion-r1 + +DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography." +HOMEPAGE="https://www.wireguard.io/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://git.zx2c4.com/WireGuard" + KEYWORDS="" +else + SRC_URI="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" + S="${WORKDIR}/WireGuard-${PV}" + KEYWORDS="~amd64 ~x86 ~mips ~arm ~arm64" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="debug +module +tools module-src" + +DEPEND="tools? ( net-libs/libmnl )" +RDEPEND="${DEPEND}" + +MODULE_NAMES="wireguard(net:src)" +BUILD_PARAMS="KERNELDIR=${KERNEL_DIR} V=1" +BUILD_TARGETS="module" +CONFIG_CHECK="NET INET NET_UDP_TUNNEL NF_CONNTRACK NETFILTER_XT_MATCH_HASHLIMIT CRYPTO_BLKCIPHER ~PADATA ~IP6_NF_IPTABLES" +WARNING_PADATA="If you're running a multicore system you likely should enable CONFIG_PADATA for improved performance and parallel crypto." +WARNING_IP6_NF_IPTABLES="If your kernel has CONFIG_IPV6, you need CONFIG_IP6_NF_IPTABLES; otherwise WireGuard will not insert." + +pkg_setup() { + if use module; then + linux-mod_pkg_setup + kernel_is -lt 4 1 0 && die "This version of ${PN} requires Linux >= 4.1" + fi +} + +src_compile() { + use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}" + use module && linux-mod_src_compile + use tools && emake RUNSTATEDIR="${EPREFIX}/run" -C src/tools +} + +src_install() { + use module && linux-mod_src_install + if use tools; then + dodoc README.md + dodoc -r contrib/examples + emake \ + WITH_BASHCOMPLETION=yes \ + WITH_SYSTEMDUNITS=yes \ + WITH_WGQUICK=yes \ + DESTDIR="${D}" \ + BASHCOMPDIR="$(get_bashcompdir)" \ + PREFIX="${EPREFIX}/usr" \ + -C src/tools install + insinto /$(get_libdir)/netifrc/net + newins "${FILESDIR}"/wireguard-openrc.sh wireguard.sh + fi + use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install +} + +pkg_postinst() { + if use module-src && ! use module; then + einfo + einfo "You have enabled the module-src USE flag without the module USE" + einfo "flag. This means that sources are installed to" + einfo "${ROOT}usr/src/wireguard instead of having the" + einfo "kernel module compiled. You will need to compile the module" + einfo "yourself. Most likely, you don't want this USE flag, and should" + einfo "rather use USE=module" + einfo + fi + use module && linux-mod_pkg_postinst + + ewarn + ewarn "This software is experimental and has not yet been released." + ewarn "As such, it may contain significant issues. Please do not file" + ewarn "bug reports with Gentoo, but rather direct them upstream to:" + ewarn + ewarn " team@wireguard.io security@wireguard.io" + ewarn + + if use tools; then + einfo + einfo "After installing WireGuard, if you'd like to try sending some packets through" + einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh" + einfo "test example script:" + einfo + einfo " \$ bzcat ${ROOT}usr/share/doc/${PF}/examples/ncat-client-server/client.sh.bz2 | sudo bash -" + einfo + einfo "This will automatically setup interface wg0, through a very insecure transport" + einfo "that is only suitable for demonstration purposes. You can then try loading the" + einfo "hidden website or sending pings:" + einfo + einfo " \$ chromium http://192.168.4.1" + einfo " \$ ping 192.168.4.1" + einfo + einfo "If you'd like to redirect your internet traffic, you can run it with the" + einfo "\"default-route\" argument. You may not use this server for any abusive or illegal" + einfo "purposes. It is for quick testing only." + einfo + einfo "More info on getting started can be found at: https://www.wireguard.io/quickstart/" + einfo + fi +} diff --git a/net-vpn/wireguard/wireguard-9999.ebuild b/net-vpn/wireguard/wireguard-9999.ebuild new file mode 100644 index 000000000000..e19eabcaa9ce --- /dev/null +++ b/net-vpn/wireguard/wireguard-9999.ebuild @@ -0,0 +1,110 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit linux-mod bash-completion-r1 + +DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography." +HOMEPAGE="https://www.wireguard.io/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://git.zx2c4.com/WireGuard" + KEYWORDS="" +else + SRC_URI="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" + S="${WORKDIR}/WireGuard-${PV}" + KEYWORDS="~amd64 ~x86 ~mips ~arm ~arm64" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="debug +module +tools module-src" + +DEPEND="tools? ( net-libs/libmnl )" +RDEPEND="${DEPEND}" + +MODULE_NAMES="wireguard(net:src)" +BUILD_PARAMS="KERNELDIR=${KERNEL_DIR} V=1" +BUILD_TARGETS="module" +CONFIG_CHECK="NET INET NET_UDP_TUNNEL NF_CONNTRACK NETFILTER_XT_MATCH_HASHLIMIT CRYPTO_BLKCIPHER ~PADATA ~IP6_NF_IPTABLES" +WARNING_PADATA="If you're running a multicore system you likely should enable CONFIG_PADATA for improved performance and parallel crypto." +WARNING_IP6_NF_IPTABLES="If your kernel has CONFIG_IPV6, you need CONFIG_IP6_NF_IPTABLES; otherwise WireGuard will not insert." + +pkg_setup() { + if use module; then + linux-mod_pkg_setup + kernel_is -lt 4 1 0 && die "This version of ${PN} requires Linux >= 4.1" + fi +} + +src_compile() { + use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}" + use module && linux-mod_src_compile + use tools && emake RUNSTATEDIR="${EPREFIX}/run" -C src/tools +} + +src_install() { + use module && linux-mod_src_install + if use tools; then + dodoc README.md + dodoc -r contrib/examples + emake \ + WITH_BASHCOMPLETION=yes \ + WITH_SYSTEMDUNITS=yes \ + WITH_WGQUICK=yes \ + DESTDIR="${D}" \ + BASHCOMPDIR="$(get_bashcompdir)" \ + PREFIX="${EPREFIX}/usr" \ + -C src/tools install + insinto /$(get_libdir)/netifrc/net + newins "${FILESDIR}"/wireguard-openrc.sh wireguard.sh + fi + use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install +} + +pkg_postinst() { + if use module-src && ! use module; then + einfo + einfo "You have enabled the module-src USE flag without the module USE" + einfo "flag. This means that sources are installed to" + einfo "${ROOT}usr/src/wireguard instead of having the" + einfo "kernel module compiled. You will need to compile the module" + einfo "yourself. Most likely, you don't want this USE flag, and should" + einfo "rather use USE=module" + einfo + fi + use module && linux-mod_pkg_postinst + + ewarn + ewarn "This software is experimental and has not yet been released." + ewarn "As such, it may contain significant issues. Please do not file" + ewarn "bug reports with Gentoo, but rather direct them upstream to:" + ewarn + ewarn " team@wireguard.io security@wireguard.io" + ewarn + + if use tools; then + einfo + einfo "After installing WireGuard, if you'd like to try sending some packets through" + einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh" + einfo "test example script:" + einfo + einfo " \$ bzcat ${ROOT}usr/share/doc/${PF}/examples/ncat-client-server/client.sh.bz2 | sudo bash -" + einfo + einfo "This will automatically setup interface wg0, through a very insecure transport" + einfo "that is only suitable for demonstration purposes. You can then try loading the" + einfo "hidden website or sending pings:" + einfo + einfo " \$ chromium http://192.168.4.1" + einfo " \$ ping 192.168.4.1" + einfo + einfo "If you'd like to redirect your internet traffic, you can run it with the" + einfo "\"default-route\" argument. You may not use this server for any abusive or illegal" + einfo "purposes. It is for quick testing only." + einfo + einfo "More info on getting started can be found at: https://www.wireguard.io/quickstart/" + einfo + fi +} |