Re: wg(4) manpage tweaks

2020-11-27 Thread Renaud Allard



On 11/27/20 1:29 PM, Stuart Henderson wrote:

It's not very clear how to fetch the pubkey. OK to add this to wg(4)?

Index: wg.4
===
RCS file: /cvs/src/share/man/man4/wg.4,v
retrieving revision 1.6
diff -u -p -r1.6 wg.4
--- wg.424 Nov 2020 16:33:05 -  1.6
+++ wg.427 Nov 2020 12:28:32 -
@@ -64,6 +64,9 @@ interface may be configured to recognise
  .It Key
  Each peer uses its private key and corresponding public key to
  identify itself to others.
+The public key may be displayed by running
+.Xr ifconfig 8
+as root after configuring the private key.
  A peer configures a
  .Nm wg
  interface with its own private key and with the public keys of its peers.
@@ -138,9 +141,11 @@ but demonstrates two interfaces on the s
  .Bd -literal
  #!/bin/sh
  
+# create interfaces, set random private keys

  ifconfig wg1 create wgport 7111 wgkey `openssl rand -base64 32` rdomain 1
  ifconfig wg2 create wgport 7222 wgkey `openssl rand -base64 32` rdomain 2
  
+# retrieve the public keys associated with the private keys

  PUB1="`ifconfig wg1 | grep 'wgpubkey' | cut -d ' ' -f 2`"
  PUB2="`ifconfig wg2 | grep 'wgpubkey' | cut -d ' ' -f 2`"
  



I have no powers over the OK, but I completely agree it wasn't really clear.



smime.p7s
Description: S/MIME Cryptographic Signature


Re: wg(4) manpage tweaks

2020-11-27 Thread Jason McIntyre
On Fri, Nov 27, 2020 at 02:28:42PM +, Stuart Henderson wrote:
> On 2020/11/27 14:17, Jason McIntyre wrote:
> > On Fri, Nov 27, 2020 at 02:09:57PM +, Stuart Henderson wrote:
> > > On 2020/11/27 13:41, Jason McIntyre wrote:
> > > > > +++ wg.4  27 Nov 2020 12:28:32 -
> > > > > @@ -64,6 +64,9 @@ interface may be configured to recognise
> > > > >  .It Key
> > > > >  Each peer uses its private key and corresponding public key to
> > > > >  identify itself to others.
> > > > > +The public key may be displayed by running
> > > > > +.Xr ifconfig 8
> > > > > +as root after configuring the private key.
> > > > >  A peer configures a
> > > > >  .Nm wg
> > > > >  interface with its own private key and with the public keys of its 
> > > > > peers.
> > > > 
> > > > i'm not sure about this text. wouldn;t the "Keys" section make more
> > > > sense? the "Keys" section itself says:
> > > > 
> > > >  When an interface has a private key set with wgkey, the
> > > >  corresponding public key is shown in the status output of
> > > >  the interface, like so:
> > > > 
> > > >wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=
> > > > 
> > > > maybe we should just elaborate here?
> > > 
> > > Ah yes, that does seem a better place, maybe this helps, though
> > > perhaps the addition to the example script is enough to give the
> > > hint anyway.
> > > 
> > > Index: man4/wg.4
> > > ===
> > > RCS file: /cvs/src/share/man/man4/wg.4,v
> > > retrieving revision 1.7
> > > diff -u -p -r1.7 wg.4
> > > --- man4/wg.4 27 Nov 2020 14:04:49 -  1.7
> > > +++ man4/wg.4 27 Nov 2020 14:08:56 -
> > > @@ -124,7 +124,10 @@ will accept any random 32-byte base64 st
> > >  When an interface has a private key set with
> > >  .Nm wgkey ,
> > >  the corresponding
> > > -public key is shown in the status output of the interface, like so:
> > > +public key is shown in the status output of the interface
> > > +displayed by
> > > +.Xr ifconfig 8
> > > +when run as root, like so:
> > >  .Bd -literal -offset indent
> > >  wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=
> > >  .Ed
> > > 
> > > 
> > 
> > fine by me. i tried to think if we had any precedent in the man pages
> > for this, where output is exposed by root, but couldn't. i thought our
> > wireless interfaces did sth like that.
> > 
> > i also tried to shorten your text but couldn;t come up with anything
> > better.
> > so ok.
> > jmc
> > 
> 
> Alternatively:
> 
> Index: wg.4
> ===
> RCS file: /cvs/src/share/man/man4/wg.4,v
> retrieving revision 1.7
> diff -u -p -r1.7 wg.4
> --- wg.4  27 Nov 2020 14:04:49 -  1.7
> +++ wg.4  27 Nov 2020 14:28:03 -
> @@ -125,8 +125,9 @@ When an interface has a private key set 
>  .Nm wgkey ,
>  the corresponding
>  public key is shown in the status output of the interface, like so:
> -.Bd -literal -offset indent
> -wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=
> +.Bd -literal
> +# ifconfig wg1 | grep wgpubkey
> + wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=
>  .Ed
>  .Sh EXAMPLES
>  Create two
> 

this is shorter (good), but less explicit about the need for root (less good).
i guess it's a trade off.

i think on balance i like the way you've done it here, but i'm fine
either way. i'd remove ", like so" though. also i don;t think you should
remove the indent - it would make the openssl example above it look
wonky.

jmc



Re: wg(4) manpage tweaks

2020-11-27 Thread Stuart Henderson
On 2020/11/27 14:17, Jason McIntyre wrote:
> On Fri, Nov 27, 2020 at 02:09:57PM +, Stuart Henderson wrote:
> > On 2020/11/27 13:41, Jason McIntyre wrote:
> > > > +++ wg.427 Nov 2020 12:28:32 -
> > > > @@ -64,6 +64,9 @@ interface may be configured to recognise
> > > >  .It Key
> > > >  Each peer uses its private key and corresponding public key to
> > > >  identify itself to others.
> > > > +The public key may be displayed by running
> > > > +.Xr ifconfig 8
> > > > +as root after configuring the private key.
> > > >  A peer configures a
> > > >  .Nm wg
> > > >  interface with its own private key and with the public keys of its 
> > > > peers.
> > > 
> > > i'm not sure about this text. wouldn;t the "Keys" section make more
> > > sense? the "Keys" section itself says:
> > > 
> > >When an interface has a private key set with wgkey, the
> > >corresponding public key is shown in the status output of
> > >the interface, like so:
> > > 
> > >  wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=
> > > 
> > > maybe we should just elaborate here?
> > 
> > Ah yes, that does seem a better place, maybe this helps, though
> > perhaps the addition to the example script is enough to give the
> > hint anyway.
> > 
> > Index: man4/wg.4
> > ===
> > RCS file: /cvs/src/share/man/man4/wg.4,v
> > retrieving revision 1.7
> > diff -u -p -r1.7 wg.4
> > --- man4/wg.4   27 Nov 2020 14:04:49 -  1.7
> > +++ man4/wg.4   27 Nov 2020 14:08:56 -
> > @@ -124,7 +124,10 @@ will accept any random 32-byte base64 st
> >  When an interface has a private key set with
> >  .Nm wgkey ,
> >  the corresponding
> > -public key is shown in the status output of the interface, like so:
> > +public key is shown in the status output of the interface
> > +displayed by
> > +.Xr ifconfig 8
> > +when run as root, like so:
> >  .Bd -literal -offset indent
> >  wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=
> >  .Ed
> > 
> > 
> 
> fine by me. i tried to think if we had any precedent in the man pages
> for this, where output is exposed by root, but couldn't. i thought our
> wireless interfaces did sth like that.
> 
> i also tried to shorten your text but couldn;t come up with anything
> better.
> so ok.
> jmc
> 

Alternatively:

Index: wg.4
===
RCS file: /cvs/src/share/man/man4/wg.4,v
retrieving revision 1.7
diff -u -p -r1.7 wg.4
--- wg.427 Nov 2020 14:04:49 -  1.7
+++ wg.427 Nov 2020 14:28:03 -
@@ -125,8 +125,9 @@ When an interface has a private key set 
 .Nm wgkey ,
 the corresponding
 public key is shown in the status output of the interface, like so:
-.Bd -literal -offset indent
-wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=
+.Bd -literal
+# ifconfig wg1 | grep wgpubkey
+   wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=
 .Ed
 .Sh EXAMPLES
 Create two



Re: wg(4) manpage tweaks

2020-11-27 Thread Jason McIntyre
On Fri, Nov 27, 2020 at 02:09:57PM +, Stuart Henderson wrote:
> On 2020/11/27 13:41, Jason McIntyre wrote:
> > > +++ wg.4  27 Nov 2020 12:28:32 -
> > > @@ -64,6 +64,9 @@ interface may be configured to recognise
> > >  .It Key
> > >  Each peer uses its private key and corresponding public key to
> > >  identify itself to others.
> > > +The public key may be displayed by running
> > > +.Xr ifconfig 8
> > > +as root after configuring the private key.
> > >  A peer configures a
> > >  .Nm wg
> > >  interface with its own private key and with the public keys of its peers.
> > 
> > i'm not sure about this text. wouldn;t the "Keys" section make more
> > sense? the "Keys" section itself says:
> > 
> >  When an interface has a private key set with wgkey, the
> >  corresponding public key is shown in the status output of
> >  the interface, like so:
> > 
> >wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=
> > 
> > maybe we should just elaborate here?
> 
> Ah yes, that does seem a better place, maybe this helps, though
> perhaps the addition to the example script is enough to give the
> hint anyway.
> 
> Index: man4/wg.4
> ===
> RCS file: /cvs/src/share/man/man4/wg.4,v
> retrieving revision 1.7
> diff -u -p -r1.7 wg.4
> --- man4/wg.4 27 Nov 2020 14:04:49 -  1.7
> +++ man4/wg.4 27 Nov 2020 14:08:56 -
> @@ -124,7 +124,10 @@ will accept any random 32-byte base64 st
>  When an interface has a private key set with
>  .Nm wgkey ,
>  the corresponding
> -public key is shown in the status output of the interface, like so:
> +public key is shown in the status output of the interface
> +displayed by
> +.Xr ifconfig 8
> +when run as root, like so:
>  .Bd -literal -offset indent
>  wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=
>  .Ed
> 
> 

fine by me. i tried to think if we had any precedent in the man pages
for this, where output is exposed by root, but couldn't. i thought our
wireless interfaces did sth like that.

i also tried to shorten your text but couldn;t come up with anything
better.

so ok.
jmc



Re: wg(4) manpage tweaks

2020-11-27 Thread Stuart Henderson
On 2020/11/27 13:41, Jason McIntyre wrote:
> > +++ wg.427 Nov 2020 12:28:32 -
> > @@ -64,6 +64,9 @@ interface may be configured to recognise
> >  .It Key
> >  Each peer uses its private key and corresponding public key to
> >  identify itself to others.
> > +The public key may be displayed by running
> > +.Xr ifconfig 8
> > +as root after configuring the private key.
> >  A peer configures a
> >  .Nm wg
> >  interface with its own private key and with the public keys of its peers.
> 
> i'm not sure about this text. wouldn;t the "Keys" section make more
> sense? the "Keys" section itself says:
> 
>When an interface has a private key set with wgkey, the
>corresponding public key is shown in the status output of
>the interface, like so:
> 
>  wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=
> 
> maybe we should just elaborate here?

Ah yes, that does seem a better place, maybe this helps, though
perhaps the addition to the example script is enough to give the
hint anyway.

Index: man4/wg.4
===
RCS file: /cvs/src/share/man/man4/wg.4,v
retrieving revision 1.7
diff -u -p -r1.7 wg.4
--- man4/wg.4   27 Nov 2020 14:04:49 -  1.7
+++ man4/wg.4   27 Nov 2020 14:08:56 -
@@ -124,7 +124,10 @@ will accept any random 32-byte base64 st
 When an interface has a private key set with
 .Nm wgkey ,
 the corresponding
-public key is shown in the status output of the interface, like so:
+public key is shown in the status output of the interface
+displayed by
+.Xr ifconfig 8
+when run as root, like so:
 .Bd -literal -offset indent
 wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=
 .Ed


> i agree a bit of explanation makes sense here. saying that, you should
> really join "create interfaces" and "set random private keys" with a
> semicolon or "and" or somesuch, not a comma.

I've committed that with a semicolon.



Re: wg(4) manpage tweaks

2020-11-27 Thread Jason McIntyre
On Fri, Nov 27, 2020 at 12:29:01PM +, Stuart Henderson wrote:
> It's not very clear how to fetch the pubkey. OK to add this to wg(4)?
> 

hi.

> Index: wg.4
> ===
> RCS file: /cvs/src/share/man/man4/wg.4,v
> retrieving revision 1.6
> diff -u -p -r1.6 wg.4
> --- wg.4  24 Nov 2020 16:33:05 -  1.6
> +++ wg.4  27 Nov 2020 12:28:32 -
> @@ -64,6 +64,9 @@ interface may be configured to recognise
>  .It Key
>  Each peer uses its private key and corresponding public key to
>  identify itself to others.
> +The public key may be displayed by running
> +.Xr ifconfig 8
> +as root after configuring the private key.
>  A peer configures a
>  .Nm wg
>  interface with its own private key and with the public keys of its peers.

i'm not sure about this text. wouldn;t the "Keys" section make more
sense? the "Keys" section itself says:

 When an interface has a private key set with wgkey, the
 corresponding public key is shown in the status output of
 the interface, like so:

   wgpubkey NW5l2q2MArV5ZXpVXSZwBOyqhohOf8ImDgUB+jPtJps=

maybe we should just elaborate here?

> @@ -138,9 +141,11 @@ but demonstrates two interfaces on the s
>  .Bd -literal
>  #!/bin/sh
>  
> +# create interfaces, set random private keys

i agree a bit of explanation makes sense here. saying that, you should
really join "create interfaces" and "set random private keys" with a
semicolon or "and" or somesuch, not a comma.

jmc

>  ifconfig wg1 create wgport 7111 wgkey `openssl rand -base64 32` rdomain 1
>  ifconfig wg2 create wgport 7222 wgkey `openssl rand -base64 32` rdomain 2
>  
> +# retrieve the public keys associated with the private keys
>  PUB1="`ifconfig wg1 | grep 'wgpubkey' | cut -d ' ' -f 2`"
>  PUB2="`ifconfig wg2 | grep 'wgpubkey' | cut -d ' ' -f 2`"
>  




wg(4) manpage tweaks

2020-11-27 Thread Stuart Henderson
It's not very clear how to fetch the pubkey. OK to add this to wg(4)?

Index: wg.4
===
RCS file: /cvs/src/share/man/man4/wg.4,v
retrieving revision 1.6
diff -u -p -r1.6 wg.4
--- wg.424 Nov 2020 16:33:05 -  1.6
+++ wg.427 Nov 2020 12:28:32 -
@@ -64,6 +64,9 @@ interface may be configured to recognise
 .It Key
 Each peer uses its private key and corresponding public key to
 identify itself to others.
+The public key may be displayed by running
+.Xr ifconfig 8
+as root after configuring the private key.
 A peer configures a
 .Nm wg
 interface with its own private key and with the public keys of its peers.
@@ -138,9 +141,11 @@ but demonstrates two interfaces on the s
 .Bd -literal
 #!/bin/sh
 
+# create interfaces, set random private keys
 ifconfig wg1 create wgport 7111 wgkey `openssl rand -base64 32` rdomain 1
 ifconfig wg2 create wgport 7222 wgkey `openssl rand -base64 32` rdomain 2
 
+# retrieve the public keys associated with the private keys
 PUB1="`ifconfig wg1 | grep 'wgpubkey' | cut -d ' ' -f 2`"
 PUB2="`ifconfig wg2 | grep 'wgpubkey' | cut -d ' ' -f 2`"