On S= at, Feb 11, 2017 at 1:03 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:

Mellow yell= ow,

That's a great idea. Do you intend to track dkg's sid package more = or
less faithfully?

In that package repository= , I intend to track the sid package exactly. If I ever take up hacking on w= ireguard, I'll use a separate repository for any modified versions.

If so, I= 'd be happy to advertise this on the
wireguard.io/install/ page, since I'm sure a lot of people (incl= uding
myself!) would benefit immensely from that.

Cool! I'll see about setting up debian stable as well.

= =C2=A0

Could you sen= d some bulletproof instructions -- 3 or 4 lines of
commands like what's there currently -- and I'll put it on the site= ?

The instructions you have on there no= w are fine if you're okay with packagecloud's shell script. Manual = instructions that work are:

sudo apt-get install -= y apt-transport-https linux-headers-amd64 curl

curl -L https://packagecloud.i= o/danderson/wireguard/gpgkey | sudo apt-key add -

echo "= deb https:/= /packagecloud.io/danderson/wireguard/debian/ stretch main" | sudo = tee /etc/apt/sources.list.d/wireguard.list

sudo apt-get update

sudo apt-get install -y wireguard-dkms wireguard-tools

Note that right now, only amd64 packages are available. If you= think there's demand for Debian on 32-bit x86, I can set up i386 build= ers as well.

- Dave

Thanks,
Jason

--001a113cff4407a31b05483e238f-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 3f423862 for ; Sat, 11 Feb 2017 09:51:07 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 9e6969d3 for ; Sat, 11 Feb 2017 09:51:07 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id a2819124 for ; Sat, 11 Feb 2017 09:51:07 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 0373ac18 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Sat, 11 Feb 2017 09:51:07 +0000 (UTC) Received: by mail-ot0-f175.google.com with SMTP id 65so44240099otq.2 for ; Sat, 11 Feb 2017 02:04:56 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: From: "Jason A. Donenfeld" Date: Sat, 11 Feb 2017 11:04:54 +0100 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: David Anderson Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hi Dave, Good idea. I don't like the scary pipe to bash one liners. I'll go with what you suggested. However, is `linux-headers-amd64` really required? Thanks, Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dave@natulte.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c079f66d for ; Sat, 11 Feb 2017 10:02:25 +0000 (UTC) Received: from mail-ua0-f173.google.com (mail-ua0-f173.google.com [209.85.217.173]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 4e8bfdd9 for ; Sat, 11 Feb 2017 10:02:25 +0000 (UTC) Received: by mail-ua0-f173.google.com with SMTP id y9so44012732uae.2 for ; Sat, 11 Feb 2017 02:16:14 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References:

From: David Anderson Date: Sat, 11 Feb 2017 02:15:53 -0800 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: "Jason A. Donenfeld" Content-Type: multipart/alternative; boundary=001a113cff44111a7105483e818a Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --001a113cff44111a7105483e818a Content-Type: text/plain; charset=UTF-8 Hi, Yes, linux-headers-amd64 is required, otherwise the wireguard-dkms package won't build the kernel module, and leave a very confused user. I *think* I saw a conversation in this list's archives about whether the headers should be made a dependency of wireguard-dkms, but I can't find it now... - Dave On Sat, Feb 11, 2017 at 2:04 AM, Jason A. Donenfeld wrote: > Hi Dave, > > Good idea. I don't like the scary pipe to bash one liners. I'll go > with what you suggested. However, is `linux-headers-amd64` really > required? > > Thanks, > Jason > --001a113cff44111a7105483e818a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi,

Yes, linux-headers-amd64 is require= d, otherwise the wireguard-dkms package won't build the kernel module, = and leave a very confused user. I *think* I saw a conversation in this list= 's archives about whether the headers should be made a dependency of wi= reguard-dkms, but I can't find it now...

- Dav= e

On S= at, Feb 11, 2017 at 2:04 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:

Hi Dave,

Good idea. I don't like the scary pipe to bash one liners. I'll go<= br> with what you suggested. However, is `linux-headers-amd64` really
required?

Thanks,
Jason

--001a113cff44111a7105483e818a-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 8d593e86 for ; Sat, 11 Feb 2017 10:03:22 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 6224ca8d for ; Sat, 11 Feb 2017 10:03:22 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 4154f4f2 for ; Sat, 11 Feb 2017 10:03:22 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 14a5e76d (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Sat, 11 Feb 2017 10:03:21 +0000 (UTC) Received: by mail-ot0-f172.google.com with SMTP id 32so44362098oth.3 for ; Sat, 11 Feb 2017 02:17:10 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References:

From: "Jason A. Donenfeld" Date: Sat, 11 Feb 2017 11:17:09 +0100 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: David Anderson Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hi Dave, Ahh right, that old debate. Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dave@natulte.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 7a061352 for ; Sat, 11 Feb 2017 11:35:31 +0000 (UTC) Received: from mail-vk0-f50.google.com (mail-vk0-f50.google.com [209.85.213.50]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 6dfe75cc for ; Sat, 11 Feb 2017 11:35:31 +0000 (UTC) Received: by mail-vk0-f50.google.com with SMTP id t8so40612246vke.3 for ; Sat, 11 Feb 2017 03:49:20 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References:

From: David Anderson Date: Sat, 11 Feb 2017 03:48:59 -0800 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: "Jason A. Donenfeld" Content-Type: multipart/alternative; boundary=94eb2c07ad500577bf05483fce9f Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --94eb2c07ad500577bf05483fce9f Content-Type: text/plain; charset=UTF-8 Okay, I've set up a Debian stable builder as well... However, Debian stable has a 3.16 kernel, and wireguard-dkms requires >=3.18, so installation fails. Assuming 3.18 is a hard lower-bound on kernel versions, it looks like jessie will never run in-kernel wireguard. Fortunately it'll be moot in a few months when stretch becomes the new stable. - Dave On Sat, Feb 11, 2017 at 2:17 AM, Jason A. Donenfeld wrote: > Hi Dave, > > Ahh right, that old debate. > > Jason > --94eb2c07ad500577bf05483fce9f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Okay, I've set up a Debian stable builder as well... H= owever, Debian stable has a 3.16 kernel, and wireguard-dkms requires >= =3D3.18, so installation fails. Assuming 3.18 is a hard lower-bound on kern= el versions, it looks like jessie will never run in-kernel wireguard. Fortu= nately it'll be moot in a few months when stretch becomes the new stabl= e.

- Dave

<= div class=3D"gmail_extra">

On Sat, Feb 11, 20= 17 at 2:17 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
=

Hi Dave,

Ahh right, that old debate.

Jason

--94eb2c07ad500577bf05483fce9f-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 5150742f for ; Sat, 11 Feb 2017 12:18:22 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 74d8b87f for ; Sat, 11 Feb 2017 12:18:22 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 6c25dac2 for ; Sat, 11 Feb 2017 12:18:22 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id ca75f6ff (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Sat, 11 Feb 2017 12:18:22 +0000 (UTC) Received: by mail-ot0-f174.google.com with SMTP id 32so45413171oth.3 for ; Sat, 11 Feb 2017 04:32:11 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: From: "Jason A. Donenfeld" Date: Sat, 11 Feb 2017 13:32:10 +0100 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: David Anderson Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hey Dave, On Sat, Feb 11, 2017 at 10:49 AM, David Anderson wrote: > Note that right now, only amd64 packages are available. If you think there's > demand for Debian on 32-bit x86, I can set up i386 builders as well. I doubt anybody cares about i386, but likely armv{6,7} and arm64 are in demand somewhat, at the very least due to Rasberrian users. Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 1c15a5c5 for ; Sat, 11 Feb 2017 13:15:00 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 6b54b4e6 for ; Sat, 11 Feb 2017 13:15:00 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 0d7f6401 for ; Sat, 11 Feb 2017 13:15:00 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id e5708011 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Sat, 11 Feb 2017 13:14:59 +0000 (UTC) Received: by mail-oi0-f53.google.com with SMTP id w204so33609236oiw.0 for ; Sat, 11 Feb 2017 05:28:49 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References:

From: "Jason A. Donenfeld" Date: Sat, 11 Feb 2017 14:28:47 +0100 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: David Anderson Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hey David, On Sat, Feb 11, 2017 at 12:48 PM, David Anderson wrote: > Okay, I've set up a Debian stable builder as well... However, Debian stable > has a 3.16 kernel, and wireguard-dkms requires >=3.18, so installation > fails. Assuming 3.18 is a hard lower-bound on kernel versions, it looks like > jessie will never run in-kernel wireguard. Fortunately it'll be moot in a > few months when stretch becomes the new stable. I probably could backport to 3.16... It's a bit of a PITA but still possible if there's sufficient demand. I'll wait to see if people pipe up. Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: baptiste@bitsofnetworks.org Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id cdf95eae for ; Sat, 11 Feb 2017 16:14:12 +0000 (UTC) Received: from mails.bitsofnetworks.org (rezine.polyno.me [193.33.56.138]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id b147f9c5 for ; Sat, 11 Feb 2017 16:14:12 +0000 (UTC) Date: Sat, 11 Feb 2017 17:27:58 +0100 From: Baptiste Jonglez To: David Anderson Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) Message-ID: <20170211162758.GA4633@tuxmachine.polynome.dn42> References:

MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jI8keyz6grp/JLjh" In-Reply-To: Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --jI8keyz6grp/JLjh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 11, 2017 at 03:48:59AM -0800, David Anderson wrote: > Okay, I've set up a Debian stable builder as well... However, Debian stab= le > has a 3.16 kernel, and wireguard-dkms requires >=3D3.18, so installation > fails. Assuming 3.18 is a hard lower-bound on kernel versions, it looks > like jessie will never run in-kernel wireguard. Fortunately it'll be moot > in a few months when stretch becomes the new stable. Jessie-backports has linux 4.9, so it's probably much simpler to require users to install this. > On Sat, Feb 11, 2017 at 2:17 AM, Jason A. Donenfeld wro= te: >=20 > > Hi Dave, > > > > Ahh right, that old debate. > > > > Jason > > > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard --jI8keyz6grp/JLjh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjVflzZuxNlVFbt5QvgHsIqBOLkYFAlifO4cACgkQvgHsIqBO LkYfDxAAhfzkY5BuIX+yV5YbDem0brgcDzZQIQdYp+EwCTmmecMiSNCUGyH4Y8VG JtdNvqHEkqCli0q4nfyO0ZLTgy1qCLS6w7msyUAcsBo8P3pNQvrLID4YeXxHsqhm ppWtZk3MSIIkryl7JbUu5XGhnCQxSYJ45dEhkHrcAF3+t/GyIXKBmN5Hk90nD9fE DnxWDlA7psP4na+YL7GGME+GtWBv7+O08+UjW1nUcaaaj919hw+MBBT4p0uCNkgZ AZ4LmRRVdgEugAxDYRbd0iKVP+V9dULWCzX7xFPPOwHrkyUr+TwoZvede7ez1vQF lO/hNPJZS4q9VmYuXsni5KRM1w6cmTiYcbVKPaIYogt5AEDOXoueN6yPjpaZo1th jV2az10Spv2Hrfg+9DCBeF6i//7Mp5COtcFwf+cD1gxqbfZQKR1txktsZtzK3ucE jjZeR38K3QkxoHiTU1cBoZNMNkAPQMNeZCWdwQKfIg80SL7EdWtHPb11BoPvMu8J PlqmafTbgf248lLBHNN96Fux1Vrb85DHtrDg9rpmKdFD3r0MwCRvnzQQ/Rxb1LTo 1TDCZ0DQ9FqJhfZAK5oKgUP0Yl6mAnGrjoH8FVTNbWDURJz5P0y77v1Blh67DIFM XQ9ZTKOmWAcx4ls7fPjXFQVrCoUO/TqoVafKIh5pyHPQWpS9Fvg= =chEj -----END PGP SIGNATURE----- --jI8keyz6grp/JLjh-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dave@natulte.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 8f6d414b for ; Sat, 11 Feb 2017 21:22:55 +0000 (UTC) Received: from mail-ua0-f174.google.com (mail-ua0-f174.google.com [209.85.217.174]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 41220cde for ; Sat, 11 Feb 2017 21:22:55 +0000 (UTC) Received: by mail-ua0-f174.google.com with SMTP id 35so48379410uak.1 for ; Sat, 11 Feb 2017 13:36:47 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: From: David Anderson Date: Sat, 11 Feb 2017 13:36:26 -0800 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: "Jason A. Donenfeld" Content-Type: multipart/alternative; boundary=f403045f89f4e8bf1c05484802bc Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --f403045f89f4e8bf1c05484802bc Content-Type: text/plain; charset=UTF-8 On Sat, Feb 11, 2017 at 4:32 AM, Jason A. Donenfeld wrote: > Hey Dave, > > On Sat, Feb 11, 2017 at 10:49 AM, David Anderson wrote: > > Note that right now, only amd64 packages are available. If you think > there's > > demand for Debian on 32-bit x86, I can set up i386 builders as well. > > I doubt anybody cares about i386, but likely armv{6,7} and arm64 are > in demand somewhat, at the very least due to Rasberrian users. > Hmm, I don't have functional arm-ish things on hand, but I'll see what I can do with emulated setups. I'll skip i386 for now, if it turns out to be in demand it's one VM spinup away. > Jason > --f403045f89f4e8bf1c05484802bc Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On S= at, Feb 11, 2017 at 4:32 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:

Hey Dave,

On Sat, Feb 11, 2017 at 10:49 AM, David Anderson <dave@natulte.net> wrote:
> Note that right now, only amd64 packages are available. If you think t= here's
> demand for Debian on 32-bit x86, I can set up i386 builders as well.
I doubt anybody cares about i386, but likely armv{6,7} and arm64 are=
in demand somewhat, at the very least due to Rasberrian users.

Hmm, I don't have functional arm-ish things on = hand, but I'll see what I can do with emulated setups. I'll skip i3= 86 for now, if it turns out to be in demand it's one VM spinup away.

Jason

--f403045f89f4e8bf1c05484802bc-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dave@natulte.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id f6e0bd71 for ; Sat, 11 Feb 2017 21:24:36 +0000 (UTC) Received: from mail-ua0-f174.google.com (mail-ua0-f174.google.com [209.85.217.174]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 5b5ef202 for ; Sat, 11 Feb 2017 21:24:36 +0000 (UTC) Received: by mail-ua0-f174.google.com with SMTP id y9so48531886uae.2 for ; Sat, 11 Feb 2017 13:38:29 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <20170211162758.GA4633@tuxmachine.polynome.dn42> References:

<20170211162758.GA4633@tuxmachine.polynome.dn42> From: David Anderson Date: Sat, 11 Feb 2017 13:38:08 -0800 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: Baptiste Jonglez Content-Type: multipart/alternative; boundary=001a113ed1a2f805d005484808c9 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --001a113ed1a2f805d005484808c9 Content-Type: text/plain; charset=UTF-8 On Sat, Feb 11, 2017 at 8:27 AM, Baptiste Jonglez < baptiste@bitsofnetworks.org> wrote: > On Sat, Feb 11, 2017 at 03:48:59AM -0800, David Anderson wrote: > > Okay, I've set up a Debian stable builder as well... However, Debian > stable > > has a 3.16 kernel, and wireguard-dkms requires >=3.18, so installation > > fails. Assuming 3.18 is a hard lower-bound on kernel versions, it looks > > like jessie will never run in-kernel wireguard. Fortunately it'll be moot > > in a few months when stretch becomes the new stable. > > Jessie-backports has linux 4.9, so it's probably much simpler to require > users to install this. > Oh, excellent! I'll leave the jessie builder running then. Jason: I'll get back to you once I've looked into setting up builds for arm, to see how to revise the instructions. Given that each distro version is likely to be slightly different, perhaps it'd be better to just link to a readme on packagecloud.io, to avoid cluttering the install instructions on wireguard.io? - Dave > > > On Sat, Feb 11, 2017 at 2:17 AM, Jason A. Donenfeld > wrote: > > > > > Hi Dave, > > > > > > Ahh right, that old debate. > > > > > > Jason > > > > > > _______________________________________________ > > WireGuard mailing list > > WireGuard@lists.zx2c4.com > > https://lists.zx2c4.com/mailman/listinfo/wireguard > > --001a113ed1a2f805d005484808c9 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On S= at, Feb 11, 2017 at 8:27 AM, Baptiste Jonglez <baptiste@bitsofne= tworks.org> wrote:

On Sat, Feb 11, 2017 at 03:48:59AM -0800, David Anderson wrote: > Okay, I've set up a Debian stable builder as well... However, Debi= an stable
> has a 3.16 kernel, and wireguard-dkms requires >=3D3.18, so install= ation
> fails. Assuming 3.18 is a hard lower-bound on kernel versions, it look= s
> like jessie will never run in-kernel wireguard. Fortunately it'll = be moot
> in a few months when stretch becomes the new stable.

Jessie-backports has linux 4.9, so it's probably much simpler to= require
users to install this.

Oh, excellent! I= 'll leave the jessie builder running then.

Jas= on: I'll get back to you once I've looked into setting up builds fo= r arm, to see how to revise the instructions. Given that each distro versio= n is likely to be slightly different, perhaps it'd be better to just li= nk to a readme on packagecloud.io, t= o avoid cluttering the install instructions on wireguard.io?

- Dave

=C2=A0

> On Sat, Feb 11, 2017 at 2:17 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> > Hi Dave,
> >
> > Ahh right, that old debate.
> >
> > Jason
> >

> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com=
> https://lists.zx2c4.com/mailman/listinfo= /wireguard

--001a113ed1a2f805d005484808c9-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dave@natulte.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id f267c82d for ; Sun, 12 Feb 2017 02:27:11 +0000 (UTC) Received: from mail-ua0-f178.google.com (mail-ua0-f178.google.com [209.85.217.178]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id b7929175 for ; Sun, 12 Feb 2017 02:27:11 +0000 (UTC) Received: by mail-ua0-f178.google.com with SMTP id 96so49737629uaq.3 for ; Sat, 11 Feb 2017 18:41:04 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References:

From: David Anderson Date: Sat, 11 Feb 2017 18:40:43 -0800 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: "Jason A. Donenfeld" Content-Type: multipart/alternative; boundary=001a113ed1a21e392a05484c4377 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --001a113ed1a21e392a05484c4377 Content-Type: text/plain; charset=UTF-8 I'm failing at setting up arm builds, raspbian/rpi emulation is not in a great shape these days. In the meantime, debian stable for amd64 is up. Updated instructions for both debian versions are at https://packagecloud.io/danderson/wireguard#readme-scrollto . In particular, the jessie install requires first installing a backported kernel. I'll keep poking at arm builds for a bit, but I don't promise anything. - Dave On Sat, Feb 11, 2017 at 1:36 PM, David Anderson wrote: > On Sat, Feb 11, 2017 at 4:32 AM, Jason A. Donenfeld > wrote: > >> Hey Dave, >> >> On Sat, Feb 11, 2017 at 10:49 AM, David Anderson >> wrote: >> > Note that right now, only amd64 packages are available. If you think >> there's >> > demand for Debian on 32-bit x86, I can set up i386 builders as well. >> >> I doubt anybody cares about i386, but likely armv{6,7} and arm64 are >> in demand somewhat, at the very least due to Rasberrian users. >> > > Hmm, I don't have functional arm-ish things on hand, but I'll see what I > can do with emulated setups. I'll skip i386 for now, if it turns out to be > in demand it's one VM spinup away. > > >> Jason >> > > --001a113ed1a21e392a05484c4377 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I'm failing at setting up arm builds, raspbian/rpi emu= lation is not in a great shape these days. In the meantime, debian stable f= or amd64 is up. Updated instructions for both debian versions are at=C2=A0<= a href=3D"https://packagecloud.io/danderson/wireguard#readme-scrollto">http= s://packagecloud.io/danderson/wireguard#readme-scrollto . In particular= , the jessie install requires first installing a backported kernel. I'l= l keep poking at arm builds for a bit, but I don't promise anything.

- Dave

On Sat, Feb 11, 2017 at 1:36 PM, David Anderson <dave@nat= ulte.net> wrote:

On Sat, Feb 11, 2017 at 4:32 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
Hey Dave,

On Sat, Feb 11, 2017 at 10:49 AM, David Anderson <dave@natulte.net> wrote:
> Note that right now, only amd64 packages are available. If you think t= here's
> demand for Debian on 32-bit x86, I can set up i386 builders as well.
I doubt anybody cares about i386, but likely armv{6,7} and arm64 are=
in demand somewhat, at the very least due to Rasberrian users.

Hmm, I don't have functional arm-ish thi= ngs on hand, but I'll see what I can do with emulated setups. I'll = skip i386 for now, if it turns out to be in demand it's one VM spinup a= way.

Jason

--001a113ed1a21e392a05484c4377-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 5c7f326d for ; Sun, 12 Feb 2017 13:28:22 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 987d60f0 for ; Sun, 12 Feb 2017 13:28:22 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 51f7d7c7 for ; Sun, 12 Feb 2017 13:28:22 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 21abae9e (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Sun, 12 Feb 2017 13:28:22 +0000 (UTC) Received: by mail-ot0-f175.google.com with SMTP id 32so53987139oth.3 for ; Sun, 12 Feb 2017 05:42:20 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References:

From: "Jason A. Donenfeld" Date: Sun, 12 Feb 2017 14:42:18 +0100 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: David Anderson Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Sun, Feb 12, 2017 at 3:40 AM, David Anderson wrote: > > I'm failing at setting up arm builds, raspbian/rpi emulation is not in a = great shape these days. In the meantime, debian stable for amd64 is up. Upd= ated instructions for both debian versions are at https://packagecloud.io/d= anderson/wireguard#readme-scrollto . In particular, the jessie install requ= ires first installing a backported kernel. I'll keep poking at arm builds f= or a bit, but I don't promise anything. Good idea. I'll link to that instead. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dkg@fifthhorseman.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 6dbcf8b4 for ; Sun, 12 Feb 2017 22:47:42 +0000 (UTC) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 7c34d6bf for ; Sun, 12 Feb 2017 22:47:42 +0000 (UTC) From: Daniel Kahn Gillmor To: David Anderson , wireguard@lists.zx2c4.com Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) In-Reply-To: References: Date: Sun, 12 Feb 2017 18:01:34 -0500 Message-ID: <874lzzqai9.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri 2017-02-10 19:23:50 -0500, David Anderson wrote: > In case it's of use to anyone, I've built wireguard packages for Debian > testing. I wanted to play with wireguard on my Debian Stretch systems, but > wireguard is currently locked to Sid only until 1.0 brings API stability > guarantees. > > So, I set up a cronjob that rebuilds the Sid source package on a Stretch > system, and the result is wireguard packages that track the latest releas= e, > but don't pull in unstable versions of libc and whatnot when you try to > install them, as would happen if you tried to install via package pinning. > > Naturally, you have only my word that the packages are unmodified rebuilds > of Debian's original package, and you're trusting packagecloud to not > tamper with the packages (it's their signing keys, not mine) so caveat > emptor. It works for me, it might work for you as well. > > With the warnings and disclaimers out of the way, here's the repo: > https://packagecloud.io/danderson/wireguard?filter=3Ddebs I appreciate your interest in getting wider distribution for wireguard, David, but i'm not convinced this approach makes much sense. It seems like a lot of extra work compared to just putting wireguard into stretch-backports once stretch is released. Until stretch releases, people running testing should be able to just add the unstable repository and pin it to be lower priority than testing (see apt_preferences(5)). Using this standard approach, users won't need to: a) add a new key to their apt configuration, which increases the attack surface for all installed packages (btw, the proposed shell pipe into "apt-key add -" is deprecated, see for example commentary at https://bugs.debian.org/853858) =20 b) be dependent on some alternate suite of build daemons -- if debian supports your build environment, the buildds will have the wireguard packages. So I don't see much to recommend the proposed approach by comparison, and i don't think that it should be documented as a recommended approach upstream, unless there are clearer benefits that i'm missing here. In that case, i'd like to know what those benefits are :) --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlig6U4ACgkQFJitxsGS Mje8fg/8CVd9/De6zlkid57Xo4Mk0gVhfxj/EZIssWyxH0C+MPNzyHTJtVwdUnXG MKeBplbcynW2h+V4LLNfASY/bDR4/KsqvCScFtBNvFXwBE9TlcvXIr5PC3VJEPp7 J4vglI2cB7i/TBvJlkBIeOAHMDnWgWdIACM/qQ+irMmXG3udu1fFIiIioMXoS5yd PwKATPR6V5mZqL5nu6yXoN7g80MDOJcF6tGcz74QT6bAKQZ7DwtO9FzCGM7pcmxe CN5cuVr/8M4ddD7CRcgGlwAo+9dUTn5IIIYZ7epor3+YIhHaBxQz2jOeyRpLh2TS 0hKD0+vulDP3e7/ImXH1+5FOX7ccYf6eMQ8t75+Apn/o6nsY5dN+FBlVEd4hhE9r 1mKD5S2cyrsbnOt5hQMRsZCiJytr9DVYVD5QdBAdyxlBosnoxR9lRjr5W0dEktoD DqvwmHF/lKCMiiCrm6GZ2CwuZCjBQV4NqV/MLc12YAO3g/km59ExMLwzUYu5T99n MsJuRWpkRoMulAOrDt69MzxAfY0yL5Wej6/B5MlKJ1z/rnoycKJklAumWaewSdus 8A2s96h1W8ka29BmTMqFuObSL3K788eIPUS59nEXlwoePTKoa5cvsB5bFUQ3g8OE NOGeiDJBB+HXwabjnrRfetwOxKBzCRo9ocIzkmnuhXCBQ6nG5GM= =Wahu -----END PGP SIGNATURE----- --=-=-=-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id b55854ab for ; Sun, 12 Feb 2017 23:23:38 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 700e9f34 for ; Sun, 12 Feb 2017 23:23:38 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id cf66b9c4 for ; Sun, 12 Feb 2017 23:23:38 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id d2951dcc (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Sun, 12 Feb 2017 23:23:38 +0000 (UTC) Received: by mail-ot0-f172.google.com with SMTP id 65so57821157otq.2 for ; Sun, 12 Feb 2017 15:37:38 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <874lzzqai9.fsf@alice.fifthhorseman.net> References: <874lzzqai9.fsf@alice.fifthhorseman.net> From: "Jason A. Donenfeld" Date: Mon, 13 Feb 2017 00:37:37 +0100 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: Daniel Kahn Gillmor Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hey Daniel, That makes sense to me. I don't know much about Debian best practices, so I'll defer to your judgement and revert the /install/ page instruction. If David manages to convince you otherwise, I'll re-add it then. Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dave@natulte.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 32893f63 for ; Tue, 14 Feb 2017 04:41:58 +0000 (UTC) Received: from mail-vk0-f44.google.com (mail-vk0-f44.google.com [209.85.213.44]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 0b364e54 for ; Tue, 14 Feb 2017 04:41:58 +0000 (UTC) Received: by mail-vk0-f44.google.com with SMTP id k127so73718565vke.0 for ; Mon, 13 Feb 2017 20:56:07 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <874lzzqai9.fsf@alice.fifthhorseman.net> References: <874lzzqai9.fsf@alice.fifthhorseman.net> From: David Anderson Date: Mon, 13 Feb 2017 20:55:45 -0800 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: Daniel Kahn Gillmor Content-Type: multipart/alternative; boundary=001a11415e88b491660548766155 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --001a11415e88b491660548766155 Content-Type: text/plain; charset=UTF-8 On Sun, Feb 12, 2017 at 3:01 PM, Daniel Kahn Gillmor wrote: > On Fri 2017-02-10 19:23:50 -0500, David Anderson wrote: > > In case it's of use to anyone, I've built wireguard packages for Debian > > testing. I wanted to play with wireguard on my Debian Stretch systems, > but > > wireguard is currently locked to Sid only until 1.0 brings API stability > > guarantees. > > > > So, I set up a cronjob that rebuilds the Sid source package on a Stretch > > system, and the result is wireguard packages that track the latest > release, > > but don't pull in unstable versions of libc and whatnot when you try to > > install them, as would happen if you tried to install via package > pinning. > > > > Naturally, you have only my word that the packages are unmodified > rebuilds > > of Debian's original package, and you're trusting packagecloud to not > > tamper with the packages (it's their signing keys, not mine) so caveat > > emptor. It works for me, it might work for you as well. > > > > With the warnings and disclaimers out of the way, here's the repo: > > https://packagecloud.io/danderson/wireguard?filter=debs > > I appreciate your interest in getting wider distribution for wireguard, > David, but i'm not convinced this approach makes much sense. > > It seems like a lot of extra work compared to just putting wireguard > into stretch-backports once stretch is released. > "Once stretch is released" could be a few months still, right? It's only just gone into final freeze. I agree that once it's released, backports is definitely the right way to distribute. > Until stretch releases, people running testing should be able to just > add the unstable repository and pin it to be lower priority than testing > (see apt_preferences(5)). > So, I'd initially tried doing this, by adding the unstable repository at a negative priority. What turned me off is that even with that low preference, attempting to install the wireguard packages seemed to pull in some core system libraries (libc and such) from unstable as well. And while I'm excited about wireguard, I'm not "install unstable base libraries" excited :). That said, it's quite possible I was just not using the preference system correctly. If it's possible to express "Install *only* wireguard-* from unstable, never anything else", then I agree, that's definitely the way to go. > > Using this standard approach, users won't need to: > > a) add a new key to their apt configuration, which increases the attack > surface for all installed packages (btw, the proposed shell pipe > into "apt-key add -" is deprecated, see for example commentary at > https://bugs.debian.org/853858) > > b) be dependent on some alternate suite of build daemons -- if debian > supports your build environment, the buildds will have the wireguard > packages. > > So I don't see much to recommend the proposed approach by comparison, > and i don't think that it should be documented as a recommended approach > upstream, unless there are clearer benefits that i'm missing here. In > that case, i'd like to know what those benefits are :) > Fair enough, I defer to your greater experience with Debian packaging. Fortunately, packagecloud's stats say that there were no installs from my repository, so assuming I can get pinning to work properly, the only systems that need cleanup are my own. Cheers, - Dave > > --dkg > --001a11415e88b491660548766155 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On S= un, Feb 12, 2017 at 3:01 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.ne= t> wrote:

= On Fri 2017-02-10 19:23:50 -0500, David Anderson wrote:
> In case it's of use to anyone, I've built wireguard packages f= or Debian
> testing. I wanted to play with wireguard on my Debian Stretch systems,= but
> wireguard is currently locked to Sid only until 1.0 brings API stabili= ty
> guarantees.
>
> So, I set up a cronjob that rebuilds the Sid source package on a Stret= ch
> system, and the result is wireguard packages that track the latest rel= ease,
> but don't pull in unstable versions of libc and whatnot when you t= ry to
> install them, as would happen if you tried to install via package pinn= ing.
>
> Naturally, you have only my word that the packages are unmodified rebu= ilds
> of Debian's original package, and you're trusting packagecloud= to not
> tamper with the packages (it's their signing keys, not mine) so ca= veat
> emptor. It works for me, it might work for you as well.
>
> With the warnings and disclaimers out of the way, here's the repo:=
> https://packagecloud.io/danderson= /wireguard?filter=3Ddebs

I appreciate your interest in getting wider distribution for wiregua= rd,
David, but i'm not convinced this approach makes much sense.

It seems like a lot of extra work compared to just putting wireguard
into stretch-backports once stretch is released.

<= /div>

"Once stretch is released" could be a few months still,= right? It's only just gone into final freeze. I agree that once it'= ;s released, backports is definitely the right way to distribute.

=C2=A0

Until stretch releases, people = running testing should be able to just
add the unstable repository and pin it to be lower priority than testing (see apt_preferences(5)).

So, I'd i= nitially tried doing this, by adding the unstable repository at a negative = priority. What turned me off is that even with that low preference, attempt= ing to install the wireguard packages seemed to pull in some core system li= braries (libc and such) from unstable as well. And while I'm excited ab= out wireguard, I'm not "install unstable base libraries" exci= ted :).

That said, it's quite possible I was j= ust not using the preference system correctly. If it's possible to expr= ess "Install *only* wireguard-* from unstable, never anything else&quo= t;, then I agree, that's definitely the way to go.

=C2=A0

Using this standard approach, users won't need to:

=C2=A0a) add a new key to their apt configuration, which increases the atta= ck
=C2=A0 =C2=A0 surface for all installed packages (btw, the proposed shell p= ipe
=C2=A0 =C2=A0 into "apt-key add -" is deprecated, see for example= commentary at
=C2=A0 =C2=A0 https://bugs.debian.org/853858)

=C2=A0b) be dependent on some alternate suite of build daemons -- if debian=
=C2=A0 =C2=A0 supports your build environment, the buildds will have the wi= reguard
=C2=A0 =C2=A0 packages.

So I don't see much to recommend the proposed approach by comparison, and i don't think that it should be documented as a recommended approac= h
upstream, unless there are clearer benefits that i'm missing here.=C2= =A0 In
that case, i'd like to know what those benefits are :)

Fair enough, I defer to your greater experience with De= bian packaging. Fortunately, packagecloud's stats say that there were n= o installs from my repository, so assuming I can get pinning to work proper= ly, the only systems that need cleanup are my own.

Cheers,

- Dave

=C2=A0

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0--dkg

--001a11415e88b491660548766155-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dkg@fifthhorseman.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id f7d8eca3 for ; Tue, 14 Feb 2017 21:39:20 +0000 (UTC) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id b7983b3d for ; Tue, 14 Feb 2017 21:39:20 +0000 (UTC) From: Daniel Kahn Gillmor To: David Anderson Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) In-Reply-To: References: <874lzzqai9.fsf@alice.fifthhorseman.net> Date: Tue, 14 Feb 2017 10:50:14 -0500 Message-ID: <87o9y4n555.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Mon 2017-02-13 23:55:45 -0500, David Anderson wrote: > "Once stretch is released" could be a few months still, right? It's only > just gone into final freeze. I agree that once it's released, backports is > definitely the right way to distribute. Yep, it could still be a few months, depending on how rapidly we're able to fix the remaining outstanding release-critical bugs. > So, I'd initially tried doing this, by adding the unstable repository at a > negative priority. What turned me off is that even with that low > preference, attempting to install the wireguard packages seemed to pull in > some core system libraries (libc and such) from unstable as well. And while > I'm excited about wireguard, I'm not "install unstable base libraries" > excited :). absolutely! However, i'm a little surprised that this happened. If you could show a transcript of what you did specifically, and what the resultant proposed apt changes were, i'd be interested in understanding what went on there. on a similar system i'm using (stretch, with unstable available but pinned low), i see only packages from stretch being installed (aside from wireguard itself, clearly) 0 root@test:~# cat /etc/apt/sources.list.d/unstable.list deb http://ftp.us.debian.org/debian/ unstable main 0 root@test:~# cat /etc/apt/preferences.d/limit-unstable Package: * Pin: release a=unstable Pin-Priority: 200 1 root@test:~# apt install wireguard-dkms wireguard-tools -d Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: binutils cpp cpp-6 dkms gcc gcc-6 libasan3 libatomic1 libcc1-0 libcilkrts5 libgcc-6-dev libgomp1 libisl15 libitm1 liblsan0 libmpc3 libmpfr4 libmpx2 libquadmath0 libtsan0 libubsan0 make patch Suggested packages: binutils-doc cpp-doc gcc-6-locales python3-apport menu gcc-multilib manpages-dev autoconf automake libtool flex bison gdb gcc-doc gcc-6-multilib gcc-6-doc libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan3-dbg liblsan0-dbg libtsan0-dbg libubsan0-dbg libcilkrts5-dbg libmpx2-dbg libquadmath0-dbg make-doc ed diffutils-doc Recommended packages: fakeroot sudo linux-headers-686-pae | linux-headers-amd64 | linux-headers-generic | linux-headers lsb-release libc6-dev | libc-dev libc6-dev The following NEW packages will be installed: binutils cpp cpp-6 dkms gcc gcc-6 libasan3 libatomic1 libcc1-0 libcilkrts5 libgcc-6-dev libgomp1 libisl15 libitm1 liblsan0 libmpc3 libmpfr4 libmpx2 libquadmath0 libtsan0 libubsan0 make patch wireguard-dkms wireguard-tools 0 upgraded, 25 newly installed, 0 to remove and 0 not upgraded. Need to get 22.4 MB of archives. After this operation, 94.5 MB of additional disk space will be used. Do you want to continue? [Y/n] Get:1 http://ftp.us.debian.org/debian stretch/main amd64 libmpfr4 amd64 3.1.5-1 [556 kB] Get:2 http://ftp.us.debian.org/debian stretch/main amd64 libmpc3 amd64 1.0.3-1 [40.2 kB] Get:3 http://ftp.us.debian.org/debian stretch/main amd64 binutils amd64 2.27.90.20170124-2 [3,761 kB] Get:4 http://ftp.us.debian.org/debian stretch/main amd64 libisl15 amd64 0.18-1 [564 kB] Get:5 http://ftp.us.debian.org/debian stretch/main amd64 cpp-6 amd64 6.3.0-6 [6,574 kB] Get:6 http://ftp.us.debian.org/debian stretch/main amd64 cpp amd64 4:6.3.0-1 [18.6 kB] Get:7 http://ftp.us.debian.org/debian stretch/main amd64 libcc1-0 amd64 6.3.0-6 [30.7 kB] Get:8 http://ftp.us.debian.org/debian stretch/main amd64 libgomp1 amd64 6.3.0-6 [73.2 kB] Get:9 http://ftp.us.debian.org/debian stretch/main amd64 libitm1 amd64 6.3.0-6 [27.3 kB] Get:10 http://ftp.us.debian.org/debian stretch/main amd64 libatomic1 amd64 6.3.0-6 [8,904 B] Get:11 http://ftp.us.debian.org/debian stretch/main amd64 libasan3 amd64 6.3.0-6 [311 kB] Get:12 http://ftp.us.debian.org/debian stretch/main amd64 liblsan0 amd64 6.3.0-6 [115 kB] Get:13 http://ftp.us.debian.org/debian stretch/main amd64 libtsan0 amd64 6.3.0-6 [256 kB] Get:14 http://ftp.us.debian.org/debian stretch/main amd64 libubsan0 amd64 6.3.0-6 [107 kB] Get:15 http://ftp.us.debian.org/debian stretch/main amd64 libcilkrts5 amd64 6.3.0-6 [40.6 kB] Get:16 http://ftp.us.debian.org/debian stretch/main amd64 libmpx2 amd64 6.3.0-6 [11.2 kB] Get:17 http://ftp.us.debian.org/debian stretch/main amd64 libquadmath0 amd64 6.3.0-6 [131 kB] Get:18 http://ftp.us.debian.org/debian stretch/main amd64 libgcc-6-dev amd64 6.3.0-6 [2,296 kB] Get:19 http://ftp.us.debian.org/debian stretch/main amd64 gcc-6 amd64 6.3.0-6 [6,852 kB] Get:20 http://ftp.us.debian.org/debian stretch/main amd64 gcc amd64 4:6.3.0-1 [5,184 B] Get:21 http://ftp.us.debian.org/debian stretch/main amd64 make amd64 4.1-9 [299 kB] Get:22 http://ftp.us.debian.org/debian stretch/main amd64 patch amd64 2.7.5-1 [109 kB] Get:23 http://ftp.us.debian.org/debian stretch/main amd64 dkms all 2.3-2 [74.8 kB] Get:24 http://ftp.us.debian.org/debian unstable/main amd64 wireguard-dkms all 0.0.20170213-1 [90.2 kB] Get:25 http://ftp.us.debian.org/debian unstable/main amd64 wireguard-tools amd64 0.0.20170213-1 [44.9 kB] Fetched 22.4 MB in 2s (9,247 kB/s) Download complete and in download only mode 0 root@test:~# Please let me know what you're seeing that's different. Regards, --dkg From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: baptiste@bitsofnetworks.org Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 4a5e4003 for ; Wed, 15 Feb 2017 21:31:51 +0000 (UTC) Received: from mails.bitsofnetworks.org (rezine.polyno.me [193.33.56.138]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 31d2a2d6 for ; Wed, 15 Feb 2017 21:31:51 +0000 (UTC) Date: Wed, 15 Feb 2017 22:31:54 +0100 From: Baptiste Jonglez To: Daniel Kahn Gillmor Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) Message-ID: <20170215213153.GC16102@tuxmachine.polynome.dn42> References: <874lzzqai9.fsf@alice.fifthhorseman.net> <87o9y4n555.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="9zSXsLTf0vkW971A" In-Reply-To: <87o9y4n555.fsf@alice.fifthhorseman.net> Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --9zSXsLTf0vkW971A Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 14, 2017 at 10:50:14AM -0500, Daniel Kahn Gillmor wrote: > on a similar system i'm using (stretch, with unstable available but > pinned low), i see only packages from stretch being installed (aside > from wireguard itself, clearly) >=20 > 0 root@test:~# cat /etc/apt/sources.list.d/unstable.list=20 > deb http://ftp.us.debian.org/debian/ unstable main > 0 root@test:~# cat /etc/apt/preferences.d/limit-unstable=20 > Package: * > Pin: release a=3Dunstable > Pin-Priority: 200 Thanks for the hint, it worked fine on my stretch system! Here are the packages that got pulled: The following NEW packages will be installed: dkms linux-compiler-gcc-6-x86 linux-headers-4.9.0-1-amd64 linux-headers-4.9.0-1-common linux-headers-amd64 linux-kbuild-4.9 wireguard-dkms wireguard-tools On jessie, it worked exactly the same with the 4.9 kernel from jessie-backports: # cat /etc/apt/sources.list deb http://httpredir.debian.org/debian jessie main deb http://httpredir.debian.org/debian jessie-backports main deb http://httpredir.debian.org/debian unstable main # cat /etc/apt/preferences.d/limit-unstable Package: * Pin: release a=3Dunstable Pin-Priority: 200 # apt update # apt install -t jessie-backports linux-image-amd64 linux-base # reboot # apt install wireguard-dkms wireguard-tools # ./client.sh # ping 192.168.4.1 PING 192.168.4.1 (192.168.4.1) 56(84) bytes of data. 64 bytes from 192.168.4.1: icmp_seq=3D1 ttl=3D64 time=3D15.1 ms For the record, it also works fine with the 4.1.34.mptcp kernel from multipath-tcp.org on jessie :) Jason, can you write something up on the Wireguard website, since it's so simple? Baptiste --9zSXsLTf0vkW971A Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjVflzZuxNlVFbt5QvgHsIqBOLkYFAlikyLwACgkQvgHsIqBO LkaiKRAApzurKfCspjbrhP1pDFn1wh31qlcGTY4VqnHHGcqk1dCQcmQsbpwed9DY tQVzJTyFovluPalclFwyi+4lGBXo3iYEWpHqh5TKSQmp2AuS0t2L782Wo+Sv0amJ 3DUgQpCEvenS7VVNZRvWqKIlfIHMwX4nBZtBJWRAMdOlKRXIb4DcVeloMCQu3RNL Q82Y3dRxWT+FHVZ2deShAp5ABnbSNgd0HwnvFmgCV04dPZGZkzzCKD6M9pWJK3/K 7yqq8RNq0tem79qLlVeb4ZRmH7OQC+O/jtqR0gct3z1U2a5qLYdmQyznpSltcn1t ULkEsRE7goMB9Libg50jvSBNcC9/k30lZMxXKMCc3mklwxCQ3G7Z35AOgy9SoG73 3VEFWgqQCwXBAjOntYRQygh1E+LFgsgLEx6H4SZ/BhdAWMDeRqVRiKT8syY1FP3w w2jXObO5vVTCavVAFFrRm7tsYMQ+1mx3pVVvNUHL+C+FzjXp9XefSr/TBx+QHzVf Vx9eye4ExBLJy4iXEGS72JrGdDCJGNMM3UeQQd0oRg1md4c081L1NYbTvO2jly0p ROIn5KLjHl6ckStBCxNwqoUzqZRWAc24HiO1q4UDui1GdjptCKJnqfPHKSLrHp7A l486K7xxu1BmZLoDN0GxG9UUmgEFRNcepM6ZGGCKUNL+T/6j8gE= =V0AZ -----END PGP SIGNATURE----- --9zSXsLTf0vkW971A-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dkg@fifthhorseman.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id a59a6f2b for ; Fri, 17 Feb 2017 02:48:59 +0000 (UTC) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id cba94a63 for ; Fri, 17 Feb 2017 02:48:59 +0000 (UTC) From: Daniel Kahn Gillmor To: Baptiste Jonglez Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) In-Reply-To: <20170215213153.GC16102@tuxmachine.polynome.dn42> References: <874lzzqai9.fsf@alice.fifthhorseman.net> <87o9y4n555.fsf@alice.fifthhorseman.net> <20170215213153.GC16102@tuxmachine.polynome.dn42> Date: Thu, 16 Feb 2017 21:46:15 -0500 Message-ID: <87y3x5h6vc.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --=-=-= Content-Type: text/plain Hi Baptiste-- On Wed 2017-02-15 16:31:54 -0500, Baptiste Jonglez wrote: > On jessie, it worked exactly the same with the 4.9 kernel from > jessie-backports: > > # cat /etc/apt/sources.list > deb http://httpredir.debian.org/debian jessie main > deb http://httpredir.debian.org/debian jessie-backports main > deb http://httpredir.debian.org/debian unstable main > # cat /etc/apt/preferences.d/limit-unstable > Package: * > Pin: release a=unstable > Pin-Priority: 200 > # apt update > # apt install -t jessie-backports linux-image-amd64 linux-base > # reboot > # apt install wireguard-dkms wireguard-tools > # ./client.sh > # ping 192.168.4.1 > PING 192.168.4.1 (192.168.4.1) 56(84) bytes of data. > 64 bytes from 192.168.4.1: icmp_seq=1 ttl=64 time=15.1 ms interesting, thanks for testing and reporting back! are you sure that with this installation on jessie, the wireguard packages are the only things that got pulled in from unstable? If you have apt-show-versions installed, you might try grepping through its output to make sure. Regards, --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlimY/gACgkQFJitxsGS MjcDXhAAuglhvs6IIVaHw1bB1epHkM7YoOQZ4FSaJ7mu+J6u4i17mEnl2MmehSbE K4+aLQzERDbUAJl5M5iZFBY9EWVORT/bSjrJFIZgDRkmGiuNK9poc+newK/ZCeFa 1l0R2wDkroRhuSje5i4iOhW33LL3wX55eMTjGpygrNP2JNbulcRdJTfJEAGhsgjQ MWsanQudLjdkhren7NDQvTsPZu4QF6LamNzKhoBuuyJcpFR/4UKn8NmII0GFXWts EK/qsEYgcW6diaN43RHD7BeK4C4qZtgj1E0bb/gkgT09RdMMyiNdSEr9o4H5OsgH Nmxs5w8WUgY6h9aadKRRdyAVe0R+/MZ9bHrDy+aTPxYT+qC8RAIRdxgo2Mfvb9Qj YWAQpzouHk+zsR9qOQewHt9zKF+I7CnILTh/1ENsxNkCfgKOpuTvJ4aXZpbI65TG aG2L5/QfuEqTZu2oXY95sCJIBu9unU7HPxNwVNDfol7x/ErI68GMPW24WBgT/eiB iC/0Xh/TsXDsLRD0Wf1gvh41R0QHdmYhYKvwRGHVn7OsZqwqRHiwxk++vWAHq/oc BnGsnd/OIIU5p13HK8MYovunDWeE6vZY3RA9rhiRT/R1huDOnXOv7aNmX477WYLS ++ot+8gXeAkhWatvGf304W7j+R+xvbEhCTMoZ93LGWu4o9vzVIQ= =DmIa -----END PGP SIGNATURE----- --=-=-=-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dave@natulte.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id f5536fe9 for ; Fri, 17 Feb 2017 03:14:16 +0000 (UTC) Received: from mail-ua0-f174.google.com (mail-ua0-f174.google.com [209.85.217.174]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 3c25e919 for ; Fri, 17 Feb 2017 03:14:16 +0000 (UTC) Received: by mail-ua0-f174.google.com with SMTP id t17so14892303uae.3 for ; Thu, 16 Feb 2017 19:14:33 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <87o9y4n555.fsf@alice.fifthhorseman.net> References: <874lzzqai9.fsf@alice.fifthhorseman.net> <87o9y4n555.fsf@alice.fifthhorseman.net> From: David Anderson Date: Thu, 16 Feb 2017 19:14:11 -0800 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: Daniel Kahn Gillmor Content-Type: multipart/alternative; boundary=94eb2c05b050f906e60548b14f9d Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --94eb2c05b050f906e60548b14f9d Content-Type: text/plain; charset=UTF-8 On Tue, Feb 14, 2017 at 7:50 AM, Daniel Kahn Gillmor wrote: > On Mon 2017-02-13 23:55:45 -0500, David Anderson wrote: > > "Once stretch is released" could be a few months still, right? It's only > > just gone into final freeze. I agree that once it's released, backports > is > > definitely the right way to distribute. > > Yep, it could still be a few months, depending on how rapidly we're able > to fix the remaining outstanding release-critical bugs. > > > So, I'd initially tried doing this, by adding the unstable repository at > a > > negative priority. What turned me off is that even with that low > > preference, attempting to install the wireguard packages seemed to pull > in > > some core system libraries (libc and such) from unstable as well. And > while > > I'm excited about wireguard, I'm not "install unstable base libraries" > > excited :). > > absolutely! However, i'm a little surprised that this happened. If you > could show a transcript of what you did specifically, and what the > resultant proposed apt changes were, i'd be interested in understanding > what went on there. > Apologies for the delay. I tried pinning again on a fresh Stretch VM. It looks like I confused myself by assuming that all the extra packages to be installed were from sid as well, whereas -d shows that the vast majority are coming from stretch/main. Sorry about the confusion, given this behavior I completely agree that this should be the documented way to get wireguard before stretch gets released as stable. The transcript below still shows one additional package being pulled from sid/main, the dkms package. I find this strange: wireguard-dkms depends on dkms >=2.1.0.0, stretch has dkms 2.3-2, and sid has dkms 2.3-3. Despite the negative priority for unstable, apt picks 2.3-3 from sid, even though the dependency could be satisfied out of stretch. What am I missing? root@atik # echo "deb http://ftp.us.debian.org/debian sid main" >/etc/apt/sources.list.d/sid.list root@atik # cat >/etc/apt/preferences.d/avoid_sid < > on a similar system i'm using (stretch, with unstable available but > pinned low), i see only packages from stretch being installed (aside > from wireguard itself, clearly) > > 0 root@test:~# cat /etc/apt/sources.list.d/unstable.list > deb http://ftp.us.debian.org/debian/ unstable main > 0 root@test:~# cat /etc/apt/preferences.d/limit-unstable > Package: * > Pin: release a=unstable > Pin-Priority: 200 > 1 root@test:~# apt install wireguard-dkms wireguard-tools -d > Reading package lists... Done > Building dependency tree > Reading state information... Done > The following additional packages will be installed: > binutils cpp cpp-6 dkms gcc gcc-6 libasan3 libatomic1 libcc1-0 > libcilkrts5 > libgcc-6-dev libgomp1 libisl15 libitm1 liblsan0 libmpc3 libmpfr4 libmpx2 > libquadmath0 libtsan0 libubsan0 make patch > Suggested packages: > binutils-doc cpp-doc gcc-6-locales python3-apport menu gcc-multilib > manpages-dev autoconf automake libtool flex bison gdb gcc-doc > gcc-6-multilib > gcc-6-doc libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg > libasan3-dbg > liblsan0-dbg libtsan0-dbg libubsan0-dbg libcilkrts5-dbg libmpx2-dbg > libquadmath0-dbg make-doc ed diffutils-doc > Recommended packages: > fakeroot sudo linux-headers-686-pae | linux-headers-amd64 > | linux-headers-generic | linux-headers lsb-release libc6-dev | libc-dev > libc6-dev > The following NEW packages will be installed: > binutils cpp cpp-6 dkms gcc gcc-6 libasan3 libatomic1 libcc1-0 > libcilkrts5 > libgcc-6-dev libgomp1 libisl15 libitm1 liblsan0 libmpc3 libmpfr4 libmpx2 > libquadmath0 libtsan0 libubsan0 make patch wireguard-dkms wireguard-tools > 0 upgraded, 25 newly installed, 0 to remove and 0 not upgraded. > Need to get 22.4 MB of archives. > After this operation, 94.5 MB of additional disk space will be used. > Do you want to continue? [Y/n] > Get:1 http://ftp.us.debian.org/debian stretch/main amd64 libmpfr4 amd64 > 3.1.5-1 [556 kB] > Get:2 http://ftp.us.debian.org/debian stretch/main amd64 libmpc3 amd64 > 1.0.3-1 [40.2 kB] > Get:3 http://ftp.us.debian.org/debian stretch/main amd64 binutils amd64 > 2.27.90.20170124-2 [3,761 kB] > Get:4 http://ftp.us.debian.org/debian stretch/main amd64 libisl15 amd64 > 0.18-1 [564 kB] > Get:5 http://ftp.us.debian.org/debian stretch/main amd64 cpp-6 amd64 > 6.3.0-6 [6,574 kB] > Get:6 http://ftp.us.debian.org/debian stretch/main amd64 cpp amd64 > 4:6.3.0-1 [18.6 kB] > Get:7 http://ftp.us.debian.org/debian stretch/main amd64 libcc1-0 amd64 > 6.3.0-6 [30.7 kB] > Get:8 http://ftp.us.debian.org/debian stretch/main amd64 libgomp1 amd64 > 6.3.0-6 [73.2 kB] > Get:9 http://ftp.us.debian.org/debian stretch/main amd64 libitm1 amd64 > 6.3.0-6 [27.3 kB] > Get:10 http://ftp.us.debian.org/debian stretch/main amd64 libatomic1 > amd64 6.3.0-6 [8,904 B] > Get:11 http://ftp.us.debian.org/debian stretch/main amd64 libasan3 amd64 > 6.3.0-6 [311 kB] > Get:12 http://ftp.us.debian.org/debian stretch/main amd64 liblsan0 amd64 > 6.3.0-6 [115 kB] > Get:13 http://ftp.us.debian.org/debian stretch/main amd64 libtsan0 amd64 > 6.3.0-6 [256 kB] > Get:14 http://ftp.us.debian.org/debian stretch/main amd64 libubsan0 amd64 > 6.3.0-6 [107 kB] > Get:15 http://ftp.us.debian.org/debian stretch/main amd64 libcilkrts5 > amd64 6.3.0-6 [40.6 kB] > Get:16 http://ftp.us.debian.org/debian stretch/main amd64 libmpx2 amd64 > 6.3.0-6 [11.2 kB] > Get:17 http://ftp.us.debian.org/debian stretch/main amd64 libquadmath0 > amd64 6.3.0-6 [131 kB] > Get:18 http://ftp.us.debian.org/debian stretch/main amd64 libgcc-6-dev > amd64 6.3.0-6 [2,296 kB] > Get:19 http://ftp.us.debian.org/debian stretch/main amd64 gcc-6 amd64 > 6.3.0-6 [6,852 kB] > Get:20 http://ftp.us.debian.org/debian stretch/main amd64 gcc amd64 > 4:6.3.0-1 [5,184 B] > Get:21 http://ftp.us.debian.org/debian stretch/main amd64 make amd64 > 4.1-9 [299 kB] > Get:22 http://ftp.us.debian.org/debian stretch/main amd64 patch amd64 > 2.7.5-1 [109 kB] > Get:23 http://ftp.us.debian.org/debian stretch/main amd64 dkms all 2.3-2 > [74.8 kB] > Get:24 http://ftp.us.debian.org/debian unstable/main amd64 wireguard-dkms > all 0.0.20170213-1 [90.2 kB] > Get:25 http://ftp.us.debian.org/debian unstable/main amd64 > wireguard-tools amd64 0.0.20170213-1 [44.9 kB] > Fetched 22.4 MB in 2s (9,247 kB/s) > Download complete and in download only mode > 0 root@test:~# > > Please let me know what you're seeing that's different. > > Regards, > > --dkg > --94eb2c05b050f906e60548b14f9d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On T= ue, Feb 14, 2017 at 7:50 AM, Daniel Kahn Gillmor <dkg@fifthhorseman.ne= t> wrote:

On Mon 2017-02-13 23:55:45 -0500, David Anderson w= rote:
> "Once stretch is released" could be a few months still, righ= t? It's only
> just gone into final freeze. I agree that once it's released, back= ports is
> definitely the right way to distribute.

Yep, it could still be a few months, depending on how rapidly we'= ;re able
to fix the remaining outstanding release-critical bugs.

> So, I'd initially tried doing this, by adding the unstable reposit= ory at a
> negative priority. What turned me off is that even with that low
> preference, attempting to install the wireguard packages seemed to pul= l in
> some core system libraries (libc and such) from unstable as well. And = while
> I'm excited about wireguard, I'm not "install unstable ba= se libraries"
> excited :).

absolutely!=C2=A0 However, i'm a little surprised that this happ= ened.=C2=A0 If you
could show a transcript of what you did specifically, and what the
resultant proposed apt changes were, i'd be interested in understanding=
what went on there.

Apologies for the d= elay. I tried pinning again on a fresh Stretch VM. It looks like I confused= myself by assuming that all the extra packages to be installed were from s= id as well, whereas -d shows that the vast majority are coming from stretch= /main. Sorry about the confusion, given this behavior I completely agree th= at this should be the documented way to get wireguard before stretch gets r= eleased as stable.

The transcript below still show= s one additional package being pulled from sid/main, the dkms package. I fi= nd this strange: wireguard-dkms depends on dkms >=3D2.1.0.0, stretch has= dkms 2.3-2, and sid has dkms 2.3-3. Despite the negative priority for unst= able, apt picks 2.3-3 from sid, even though the dependency could be satisfi= ed out of stretch. What am I missing?

root@atik #= =C2=A0echo "deb http://ftp= .us.debian.org/debian sid main" >/etc/apt/sources.list.d/sid.li= st

root@atik # cat >/etc/apt/preferences.d/avoid_sid <&= lt;EOF

Package: *

Pin: release a=3Dunstable

<= div>Pin-Priority: -10

EOF

root@atik # apt update<= /div>

Hit:1 http://security= .debian.org stretch/updates InRelease

Hit:2 http://ftp.us.debian.org/debian stretch InRe= lease =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0=C2=A0

Hit:3 http://ftp.us.debian.org/debian stretch-updates InRelease =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0

Ge= t:4 http://ftp.us.debian.org/de= bian sid InRelease [231 kB] =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0

Hit:5 http://deb.robustperception.io precise In= Release =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0

Get:6 http://ftp.= us.debian.org/debian sid/main amd64 Packages [7,446 kB]

Get:7= http://ftp.us.debian.org/debia= n sid/main Translation-en [5,645 kB]

Fetched 13.3 MB in 7s (1= ,739 kB/s) =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0

Reading package lists... Done

Building dependency tree =C2=A0 =C2=A0 =C2=A0=C2=A0

Reading st= ate information... Done

All packages are up to date.

<= div>root@atik # apt upgrade

Reading package lists... Done

Building dependency tree =C2=A0 =C2=A0 =C2=A0=C2=A0

Readi= ng state information... Done

Calculating upgrade... Done

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

root@atik # apt install -d wireguard-dkms/unstable wireguard-tools/un= stable

Reading package lists... Done

Building dependenc= y tree =C2=A0 =C2=A0 =C2=A0=C2=A0

Reading state information... Do= ne

Selected version '0.0.20170214-1' (Debian:unstable [al= l]) for 'wireguard-dkms'

Selected version '0.0.201702= 14-1' (Debian:unstable [amd64]) for 'wireguard-tools'

The following additional packages will be installed:

=C2=A0 dkms= fakeroot gcc libfakeroot linux-headers-amd64

Suggested packages:=

=C2=A0 python3-apport menu gcc-multilib autoconf automake libtoo= l flex bison gdb gcc-doc

The following NEW packages will be insta= lled:

=C2=A0 dkms fakeroot gcc libfakeroot linux-headers-amd64 wi= reguard-dkms wireguard-tools

0 upgraded, 7 newly installed, 0 to = remove and 59 not upgraded.

Need to get 348 kB of archives.

After this operation, 1,360 kB of additional disk space will be used.<= /div>

Do you want to continue? [Y/n]=C2=A0

Get:1 http://ftp.us.debian.org/debian stretch= /main amd64 gcc amd64 4:6.3.0-1 [5,184 B]

Get:2 http://ftp.us.debian.org/debian sid/main amd= 64 dkms all 2.3-3 [74.9 kB]

Get:3 http://ftp.us.debian.org/debian stretch/main amd64 libfake= root amd64 1.21-3.1 [45.7 kB]

Get:4 http://ftp.us.debian.org/debian stretch/main amd64 faker= oot amd64 1.21-3.1 [85.6 kB]

Get:5 http://ftp.us.debian.org/debian stretch/main amd64 linux-= headers-amd64 amd64 4.9+78 [5,744 B]

Get:6 http://ftp.us.debian.org/debian sid/main amd64 wi= reguard-dkms all 0.0.20170214-1 [85.5 kB]

Get:7 http://ftp.us.debian.org/debian sid/main amd= 64 wireguard-tools amd64 0.0.20170214-1 [44.9 kB]

Fetched 348 kB = in 0s (531 kB/s) =C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0

Download compl= ete and in download only mode

Cheer= s,

- Dave

=C2=A0

on a similar system i'm using (stretch, with unstable available but
pinned low), i see only packages from stretch being installed (aside
from wireguard itself, clearly)

0 root@test:~# cat /etc/apt/sources.list.d/unstable.list
deb http://ftp.us.debian.org/debian/ unstable main
0 root@test:~# cat /etc/apt/preferences.d/limit-unstable
Package: *
Pin: release a=3Dunstable
Pin-Priority: 200
1 root@test:~# apt install wireguard-dkms wireguard-tools -d
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
=C2=A0 binutils cpp cpp-6 dkms gcc gcc-6 libasan3 libatomic1 libcc1-0 libci= lkrts5
=C2=A0 libgcc-6-dev libgomp1 libisl15 libitm1 liblsan0 libmpc3 libmpfr4 lib= mpx2
=C2=A0 libquadmath0 libtsan0 libubsan0 make patch
Suggested packages:
=C2=A0 binutils-doc cpp-doc gcc-6-locales python3-apport menu gcc-multilib<= br> =C2=A0 manpages-dev autoconf automake libtool flex bison gdb gcc-doc gcc-6-= multilib
=C2=A0 gcc-6-doc libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasa= n3-dbg
=C2=A0 liblsan0-dbg libtsan0-dbg libubsan0-dbg libcilkrts5-dbg libmpx2-dbg<= br> =C2=A0 libquadmath0-dbg make-doc ed diffutils-doc
Recommended packages:
=C2=A0 fakeroot sudo linux-headers-686-pae | linux-headers-amd64
=C2=A0 | linux-headers-generic | linux-headers lsb-release libc6-dev | libc= -dev
=C2=A0 libc6-dev
The following NEW packages will be installed:
=C2=A0 binutils cpp cpp-6 dkms gcc gcc-6 libasan3 libatomic1 libcc1-0 libci= lkrts5
=C2=A0 libgcc-6-dev libgomp1 libisl15 libitm1 liblsan0 libmpc3 libmpfr4 lib= mpx2
=C2=A0 libquadmath0 libtsan0 libubsan0 make patch wireguard-dkms wireguard-= tools
0 upgraded, 25 newly installed, 0 to remove and 0 not upgraded.
Need to get 22.4 MB of archives.
After this operation, 94.5 MB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://ftp.us.debian.org/debian stretch/main amd64 lib= mpfr4 amd64 3.1.5-1 [556 kB]
Get:2 http://ftp.us.debian.org/debian stretch/main amd64 lib= mpc3 amd64 1.0.3-1 [40.2 kB]
Get:3 http://ftp.us.debian.org/debian stretch/main amd64 bin= utils amd64 2.27.90.20170124-2 [3,761 kB]
Get:4 http://ftp.us.debian.org/debian stretch/main amd64 lib= isl15 amd64 0.18-1 [564 kB]
Get:5 http://ftp.us.debian.org/debian stretch/main amd64 cpp= -6 amd64 6.3.0-6 [6,574 kB]
Get:6 http://ftp.us.debian.org/debian stretch/main amd64 cpp= amd64 4:6.3.0-1 [18.6 kB]
Get:7 http://ftp.us.debian.org/debian stretch/main amd64 lib= cc1-0 amd64 6.3.0-6 [30.7 kB]
Get:8 http://ftp.us.debian.org/debian stretch/main amd64 lib= gomp1 amd64 6.3.0-6 [73.2 kB]
Get:9 http://ftp.us.debian.org/debian stretch/main amd64 lib= itm1 amd64 6.3.0-6 [27.3 kB]
Get:10 http://ftp.us.debian.org/debian stretch/main amd64 li= batomic1 amd64 6.3.0-6 [8,904 B]
Get:11 http://ftp.us.debian.org/debian stretch/main amd64 li= basan3 amd64 6.3.0-6 [311 kB]
Get:12 http://ftp.us.debian.org/debian stretch/main amd64 li= blsan0 amd64 6.3.0-6 [115 kB]
Get:13 http://ftp.us.debian.org/debian stretch/main amd64 li= btsan0 amd64 6.3.0-6 [256 kB]
Get:14 http://ftp.us.debian.org/debian stretch/main amd64 li= bubsan0 amd64 6.3.0-6 [107 kB]
Get:15 http://ftp.us.debian.org/debian stretch/main amd64 li= bcilkrts5 amd64 6.3.0-6 [40.6 kB]
Get:16 http://ftp.us.debian.org/debian stretch/main amd64 li= bmpx2 amd64 6.3.0-6 [11.2 kB]
Get:17 http://ftp.us.debian.org/debian stretch/main amd64 li= bquadmath0 amd64 6.3.0-6 [131 kB]
Get:18 http://ftp.us.debian.org/debian stretch/main amd64 li= bgcc-6-dev amd64 6.3.0-6 [2,296 kB]
Get:19 http://ftp.us.debian.org/debian stretch/main amd64 gc= c-6 amd64 6.3.0-6 [6,852 kB]
Get:20 http://ftp.us.debian.org/debian stretch/main amd64 gc= c amd64 4:6.3.0-1 [5,184 B]
Get:21 http://ftp.us.debian.org/debian stretch/main amd64 ma= ke amd64 4.1-9 [299 kB]
Get:22 http://ftp.us.debian.org/debian stretch/main amd64 pa= tch amd64 2.7.5-1 [109 kB]
Get:23 http://ftp.us.debian.org/debian stretch/main amd64 dk= ms all 2.3-2 [74.8 kB]
Get:24 http://ftp.us.debian.org/debian unstable/main amd64 w= ireguard-dkms all 0.0.20170213-1 [90.2 kB]
Get:25 http://ftp.us.debian.org/debian unstable/main amd64 w= ireguard-tools amd64 0.0.20170213-1 [44.9 kB]
Fetched 22.4 MB in 2s (9,247 kB/s)
Download complete and in download only mode
0 root@test:~#

Please let me know what you're seeing that's different.

Regards,

=C2=A0 =C2=A0 =C2=A0 =C2=A0--dkg

--94eb2c05b050f906e60548b14f9d-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: baptiste@bitsofnetworks.org Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 90d3f74f for ; Fri, 17 Feb 2017 08:15:28 +0000 (UTC) Received: from mails.bitsofnetworks.org (rezine.polyno.me [193.33.56.138]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 9b67fe8f for ; Fri, 17 Feb 2017 08:15:28 +0000 (UTC) Date: Fri, 17 Feb 2017 09:15:32 +0100 From: Baptiste Jonglez To: Daniel Kahn Gillmor Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) Message-ID: <20170217081532.GA20080@lud.polynome.dn42> References: <874lzzqai9.fsf@alice.fifthhorseman.net> <87o9y4n555.fsf@alice.fifthhorseman.net> <20170215213153.GC16102@tuxmachine.polynome.dn42> <87y3x5h6vc.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="a8Wt8u1KmwUX3Y2C" In-Reply-To: <87y3x5h6vc.fsf@alice.fifthhorseman.net> Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --a8Wt8u1KmwUX3Y2C Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 16, 2017 at 09:46:15PM -0500, Daniel Kahn Gillmor wrote: > On Wed 2017-02-15 16:31:54 -0500, Baptiste Jonglez wrote: > > On jessie, it worked exactly the same with the 4.9 kernel from > > jessie-backports: > > > > # cat /etc/apt/sources.list > > deb http://httpredir.debian.org/debian jessie main > > deb http://httpredir.debian.org/debian jessie-backports main > > deb http://httpredir.debian.org/debian unstable main > > # cat /etc/apt/preferences.d/limit-unstable > > Package: * > > Pin: release a=3Dunstable > > Pin-Priority: 200 > > # apt update > > # apt install -t jessie-backports linux-image-amd64 linux-base > > # reboot > > # apt install wireguard-dkms wireguard-tools > > # ./client.sh > > # ping 192.168.4.1 > > PING 192.168.4.1 (192.168.4.1) 56(84) bytes of data. > > 64 bytes from 192.168.4.1: icmp_seq=3D1 ttl=3D64 time=3D15.1 ms >=20 > interesting, thanks for testing and reporting back! >=20 > are you sure that with this installation on jessie, the wireguard > packages are the only things that got pulled in from unstable? Yes, it pulled only dkms and menu (from jessie). Though I probably had the other dependencies already installed (from jessie or jessie-backports). --a8Wt8u1KmwUX3Y2C Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjVflzZuxNlVFbt5QvgHsIqBOLkYFAlimsSAACgkQvgHsIqBO LkZ3/BAAs2rWZ0QbW3XukjoiWfIbFmTxQeLs7N/Vwtv67dX96oZeTeDVLhxIzaB2 lv5jpKKzfGR3jBmBbGBJ2x37K+73S7+EQTl9B6MQcbY70RQxdpqXwHXj1WIkpbeX OtVSAfKZfWBPduURnkBQHHrRHE15s+W7v2MA9UakjwkpIxLtN/ei8omTyjDyTcS8 0jX2GPAPuzRu02Y1Vo2FqYLXbLl3FFnLSSowL20m7QkTz8bxRHcRWgIGXlhgUn/U PQny8IyKv9Cn0OrOlSAYSodAYSsXQFjKWVvjrRXT7cjo1G+/nlIjkmpTZR/BdhBw g7Cr+8Zndqm7li5u+D6mo3aMqMGALa8RMy3ZuR7ACR8XZhe44ZG1lyZ8DsfrQ8ZK oV9tfOpfx4tslFVF67lQq2ASpJysyU7dtk6R7lXAKKCJZ6MSzB+ht3tTPIy+VJb7 2nR+uBbFt1Dgr9E5FH7WrcKLk2xFT/+sJ/TpZnjzZHLrcbmSdhndF7k9LNYlMfjF S0CWjunVB33hlcDrWepIltQdgsa6s51ZMxwPSWiic18tLrfng0dSjgaGNmwSJDET SshNW4BpfJorn1gxNv4WUinw92hjn/8bzz2bWcBUzt3AXrYI+h7pNkRBg5Ld4tRW E8tyReuf7paNSGYITUT0AzZkNmne6pcR10e2E7ymBMFeOADPc4A= =vM2Q -----END PGP SIGNATURE----- --a8Wt8u1KmwUX3Y2C-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c5238f5d for ; Fri, 17 Feb 2017 13:32:37 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id fcb2ceb5 for ; Fri, 17 Feb 2017 13:32:37 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 2b6b6c96 for ; Fri, 17 Feb 2017 13:32:37 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id f326d078 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Fri, 17 Feb 2017 13:32:37 +0000 (UTC) Received: by mail-ot0-f179.google.com with SMTP id 32so31387782oth.3 for ; Fri, 17 Feb 2017 05:32:57 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <20170217081532.GA20080@lud.polynome.dn42> References: <874lzzqai9.fsf@alice.fifthhorseman.net> <87o9y4n555.fsf@alice.fifthhorseman.net> <20170215213153.GC16102@tuxmachine.polynome.dn42> <87y3x5h6vc.fsf@alice.fifthhorseman.net> <20170217081532.GA20080@lud.polynome.dn42> From: "Jason A. Donenfeld" Date: Fri, 17 Feb 2017 14:32:56 +0100 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: Baptiste Jonglez Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hey guys, Very nice investigation. I think adding some simple instructions on this to the WireGuard website makes sense. If you've got a one or two or three or four line command to magically add these files and sync the repos, could you send it along? Then I'll include it on the page. Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dkg@fifthhorseman.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id e066739e for ; Fri, 17 Feb 2017 19:49:33 +0000 (UTC) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id d6e7f5d3 for ; Fri, 17 Feb 2017 19:49:33 +0000 (UTC) From: Daniel Kahn Gillmor To: David Anderson Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) In-Reply-To: References: <874lzzqai9.fsf@alice.fifthhorseman.net> <87o9y4n555.fsf@alice.fifthhorseman.net> Date: Fri, 17 Feb 2017 14:49:13 -0500 Message-ID: <87efywha2u.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --=-=-= Content-Type: text/plain On Thu 2017-02-16 22:14:11 -0500, David Anderson wrote: > The transcript below still shows one additional package being pulled from > sid/main, the dkms package. I find this strange: wireguard-dkms depends on > dkms >=2.1.0.0, stretch has dkms 2.3-2, and sid has dkms 2.3-3. Despite the > negative priority for unstable, apt picks 2.3-3 from sid, even though the > dependency could be satisfied out of stretch. What am I missing? That is indeed weird. what does "apt-cache policy dkms" show you? what if you "apt install dkms" on its own first, which version do you get? --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlinU7kACgkQFJitxsGS Mjd7tRAAwYdbCeqgbTuVmVSRypbSHsoaz2YwqfLDbwRaJC53wgY5X8eOczZp1QGn 15JzquQjIRsEe/D7/2359mTXdD8JHsspSGlFkizmqES5JdrES4gEK9L78YzvB4uB yrkcy73+aRz7bPEpyGIgdZs8UNgbXxpxEm/mK3zClvPjxYobYHgAM0srwgkq+EAe drxfYn+AYrOQr1DwgY5cowKlctpPQDFMxD8sF0brn/h9EQFAZwWxL8q19WJQOjRw AbzSeFkLs/pBZ1f95sorUsH55wRZKZqif8TBNqaw01RsPOtNXOkQcSx8f4q4n2c7 Vq+s+28XzFVVjB+A32W2oAiLhTIJl6geP60jQfNlnto5yujL6UPQeTOpsupES7FY SOjhLAM2kfKY1eTo6kqjK8HZkw+iFCU70Qr6May56oqHHAiU/+ibjGJ/C8mcitve EaRF2JOuDhzvT6Ct4jXjl+gAWRsZtuWywcZ5X+hcAMgjFZaAm7GmZ8YeeCFIqpGa M0LJ9NaFzKuIbCOK/71+hhVnm5uaDfIJtS3ESD2pzIfcsDn3xxpu/oJRPX6+sh6o G+6ID421xWg3enXHno9Wi/tp1vSIGTbEZScRxVEarp3lbx503A7fKSPfOVYmULda pLtI2pA4/MoUJ/raxPkpgiowpmHu5xxWEcDEruSmGbt4madHmS4= =iklP -----END PGP SIGNATURE----- --=-=-=-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dave@natulte.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 12116eea for ; Mon, 20 Feb 2017 23:52:56 +0000 (UTC) Received: from mail-vk0-f44.google.com (mail-vk0-f44.google.com [209.85.213.44]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 9f4086f5 for ; Mon, 20 Feb 2017 23:52:56 +0000 (UTC) Received: by mail-vk0-f44.google.com with SMTP id t8so70582884vke.3 for ; Mon, 20 Feb 2017 15:53:42 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <87efywha2u.fsf@alice.fifthhorseman.net> References: <874lzzqai9.fsf@alice.fifthhorseman.net> <87o9y4n555.fsf@alice.fifthhorseman.net> <87efywha2u.fsf@alice.fifthhorseman.net> From: David Anderson Date: Mon, 20 Feb 2017 15:53:21 -0800 Message-ID: Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing) To: Daniel Kahn Gillmor Content-Type: multipart/alternative; boundary=001a11440db81becc20548fef91d Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --001a11440db81becc20548fef91d Content-Type: text/plain; charset=UTF-8 On Fri, Feb 17, 2017 at 11:49 AM, Daniel Kahn Gillmor wrote: > On Thu 2017-02-16 22:14:11 -0500, David Anderson wrote: > > The transcript below still shows one additional package being pulled from > > sid/main, the dkms package. I find this strange: wireguard-dkms depends > on > > dkms >=2.1.0.0, stretch has dkms 2.3-2, and sid has dkms 2.3-3. Despite > the > > negative priority for unstable, apt picks 2.3-3 from sid, even though the > > dependency could be satisfied out of stretch. What am I missing? > > That is indeed weird. what does "apt-cache policy dkms" show you? > # apt-cache policy dkms dkms: Installed: (none) Candidate: 2.3-2 Version table: 2.3-3 -1 -10 http://ftp.us.debian.org/debian sid/main amd64 Packages 100 /var/lib/dpkg/status 2.3-2 500 500 http://ftp.us.debian.org/debian stretch/main amd64 Packages what if you "apt install dkms" on its own first, which version do you > get? > # apt install -d dkms Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: fakeroot gcc libfakeroot linux-headers-amd64 Suggested packages: python3-apport menu gcc-multilib autoconf automake libtool flex bison gdb gcc-doc The following NEW packages will be installed: dkms fakeroot gcc libfakeroot linux-headers-amd64 0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. Need to get 217 kB of archives. After this operation, 717 kB of additional disk space will be used. Do you want to continue? [Y/n] Get:1 http://ftp.us.debian.org/debian stretch/main amd64 gcc amd64 4:6.3.0-1 [5,184 B] Get:2 http://ftp.us.debian.org/debian stretch/main amd64 dkms all 2.3-2 [74.8 kB] Get:3 http://ftp.us.debian.org/debian stretch/main amd64 libfakeroot amd64 1.21-3.1 [45.7 kB] Get:4 http://ftp.us.debian.org/debian stretch/main amd64 fakeroot amd64 1.21-3.1 [85.6 kB] Get:5 http://ftp.us.debian.org/debian stretch/main amd64 linux-headers-amd64 amd64 4.9+78 [5,744 B] Fetched 217 kB in 0s (328 kB/s) Download complete and in download only mode Looks like installing just dkms correctly selects from Stretch, whereas installing as a dependency of wireguard-dkms pulls in the sid version. - Dave > > --dkg > --001a11440db81becc20548fef91d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On F= ri, Feb 17, 2017 at 11:49 AM, Daniel Kahn Gillmor <dkg@fifthhorseman.n= et> wrote:

On Thu 2017-02-16 22:14:11 -0500, David Anderson = wrote:
> The transcript below still shows one additional package being pulled f= rom
> sid/main, the dkms package. I find this strange: wireguard-dkms depend= s on
> dkms >=3D2.1.0.0, stretch has dkms 2.3-2, and sid has dkms 2.3-3. D= espite the
> negative priority for unstable, apt picks 2.3-3 from sid, even though = the
> dependency could be satisfied out of stretch. What am I missing?

That is indeed weird.=C2=A0 what does "apt-cache policy dkms&qu= ot; show you?

# apt-cache policy d= kms

dkms:

=C2=A0 Installed: (none)

=C2=A0 Can= didate: 2.3-2

=C2=A0 Version table:

=C2=A0 =C2=A0 =C2= =A02.3-3 -1

=C2=A0 =C2=A0 =C2=A0 =C2=A0 -10 http://ftp.us.debian.org/debian sid/main amd64 P= ackages

=C2=A0 =C2=A0 =C2=A0 =C2=A0 100 /var/lib/dpkg/status

=C2=A0 =C2=A0 =C2=A02.3-2 500

=C2=A0 =C2=A0 =C2=A0 =C2=A0 5= 00 http://ftp.us.debian.org/deb= ian stretch/main amd64 Packages

what if you "apt i= nstall dkms" on its own first, which version do you
get?

# apt install -d dkms

Reading package lists... Done

Building dependency tree =C2=A0 = =C2=A0 =C2=A0=C2=A0

Reading state information... Done

T= he following additional packages will be installed:

=C2=A0 fakero= ot gcc libfakeroot linux-headers-amd64

Suggested packages:

<= div>=C2=A0 python3-apport menu gcc-multilib autoconf automake libtool flex = bison gdb gcc-doc

The following NEW packages will be installed:

=C2=A0 dkms fakeroot gcc libfakeroot linux-headers-amd64

0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.

N= eed to get 217 kB of archives.

After this operation, 717 kB of ad= ditional disk space will be used.

Do you want to continue? [Y/n]= =C2=A0

Get:1 http://f= tp.us.debian.org/debian stretch/main amd64 gcc amd64 4:6.3.0-1 [5,184 B= ]

Get:2 http://ftp.us= .debian.org/debian stretch/main amd64 dkms all 2.3-2 [74.8 kB]

Get:3 http://ftp.us.debian.or= g/debian stretch/main amd64 libfakeroot amd64 1.21-3.1 [45.7 kB]

<= div>Get:4 http://ftp.us.debian.= org/debian stretch/main amd64 fakeroot amd64 1.21-3.1 [85.6 kB]

Get:5 http://ftp.us.debian.o= rg/debian stretch/main amd64 linux-headers-amd64 amd64 4.9+78 [5,744 B]=

Fetched 217 kB in 0s (328 kB/s) =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0

Download complete and in download only mode

Looks like installing just dkms correctly selects from= Stretch, whereas installing as a dependency of wireguard-dkms pulls in the= sid version.

- Dave

=C2= =A0

=C2=A0 =C2=A0 =C2=A0 =C2=A0 --dkg