On Tue, Apr 11, 2017 at 11:00:09PM -0700, Stefan Agner wrote: > WireGuard is an extremely simple yet fast and modern VPN that utilizes > state-of-the-art cryptography. It aims to be faster, simpler, leaner, > and more useful than IPSec, while avoiding the massive headache. > > The recipes add the current experimental snapshot v0.0.20170409 > out-of-tree kernel module and tools. The kernel module has some kernel > configuration dependencies such as some configuration part of > features/netfilter/netfilter.scc, hence netfilter.scc should be part > of KERNEL_EXTRA_FEATURES (which is the case by default). > > Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module > which is MACHINE_ARCH (like all kernel modules) we need to add this > dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.
I know it's not possible to check it from recipe, but it might be useful to mention which kernel options this requires, one of my builds failed with: wireguard-module/0.0.20170409-r0/WireGuard-0.0.20170409/src/Kbuild:30: *** "WireGuard requires CONFIG_NETFILTER_XT_MATCH_HASHLIMIT to be configured in your kernel. See https://www.wireguard.io/install/#kernel-requirements for more info". Stop. So the error message is quite good, but still might be useful to mention this URL in the recipe as well. > > Signed-off-by: Stefan Agner <[email protected]> > --- > Changes since v1: > - Upgrade to v0.0.20170409 > - Add wireguard-tools -> wireguard-module dependency to > SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS. > > meta-networking/conf/layer.conf | 4 ++++ > .../wireguard/wireguard-module_0.0.20170409.bb | 9 ++++++++ > .../wireguard/wireguard-tools_0.0.20170409.bb | 27 > ++++++++++++++++++++++ > .../recipes-kernel/wireguard/wireguard.inc | 18 +++++++++++++++ > 4 files changed, 58 insertions(+) > create mode 100644 > meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170409.bb > create mode 100644 > meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170409.bb > create mode 100644 meta-networking/recipes-kernel/wireguard/wireguard.inc > > diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf > index 85ad93b..b5aa159 100644 > --- a/meta-networking/conf/layer.conf > +++ b/meta-networking/conf/layer.conf > @@ -21,3 +21,7 @@ LICENSE_PATH += "${LAYERDIR}/licenses" > > # Override security flags > require conf/distro/include/meta_networking_security_flags.inc > + > +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ > + wireguard-tools->wireguard-module \ > +" > diff --git > a/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170409.bb > b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170409.bb > new file mode 100644 > index 0000000..aeb8269 > --- /dev/null > +++ > b/meta-networking/recipes-kernel/wireguard/wireguard-module_0.0.20170409.bb > @@ -0,0 +1,9 @@ > +require wireguard.inc > + > +inherit module > + > +EXTRA_OEMAKE += "KERNELDIR=${STAGING_KERNEL_DIR}" > +MAKE_TARGETS = "module" > +MODULES_INSTALL_TARGET = "module-install" > + > +RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" > diff --git > a/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170409.bb > b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170409.bb > new file mode 100644 > index 0000000..79d420f > --- /dev/null > +++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_0.0.20170409.bb > @@ -0,0 +1,27 @@ > +require wireguard.inc > + > +inherit bash-completion systemd pkgconfig > + > +DEPENDS = "wireguard-module libmnl" > + > +do_compile_prepend () { > + cd ${S}/tools > +} > + > +do_install () { > + cd ${S}/tools > + oe_runmake DESTDIR="${D}" PREFIX="${prefix}" SYSCONFDIR="${sysconfdir}" \ > + SYSTEMDUNITDIR="${systemd_unitdir}" \ > + WITH_SYSTEMDUNITS=${@bb.utils.contains('DISTRO_FEATURES', 'systemd', > 'yes', '', d)} \ > + WITH_BASHCOMPLETION=yes \ > + WITH_WGQUICK=yes \ > + install > +} > + > +FILES_${PN} = " \ > + ${sysconfdir} \ > + ${systemd_unitdir} \ > + ${bindir} \ > +" > + > +RDEPENDS_${PN} = "wireguard-module" > diff --git a/meta-networking/recipes-kernel/wireguard/wireguard.inc > b/meta-networking/recipes-kernel/wireguard/wireguard.inc > new file mode 100644 > index 0000000..db98517 > --- /dev/null > +++ b/meta-networking/recipes-kernel/wireguard/wireguard.inc > @@ -0,0 +1,18 @@ > +SUMMARY = "WireGuard is an extremely simple yet fast and modern VPN" > +DESCRIPTION="WireGuard is a secure network tunnel, operating at layer 3, \ > +implemented as a kernel virtual network interface for Linux, which aims to \ > +replace both IPsec for most use cases, as well as popular user space and/or \ > +TLS-based solutions like OpenVPN, while being more secure, more performant, \ > +and easier to use." > +SECTION = "networking" > +HOMEPAGE = "https://www.wireguard.io/"; > +LICENSE = "GPLv2" > + > +LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" > + > +SRC_URI = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"; > + > +SRC_URI[md5sum] = "5d3146bbd38c534386eb4a0c026780ff" > +SRC_URI[sha256sum] = > "31473b4d14178f82d6ff46df019d57982c210c03d1a985d54db35bdd76efbb18" > + > +S = "${WORKDIR}/WireGuard-${PV}/src/" > -- > 2.7.4 > -- Martin 'JaMa' Jansa jabber: [email protected]
signature.asc
Description: Digital signature
-- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
