* [WireGuard] Fedora WireGuard RPMs
@ 2016-08-17 3:24 Joe Doss
2016-08-17 14:38 ` Jason A. Donenfeld
0 siblings, 1 reply; 7+ messages in thread
From: Joe Doss @ 2016-08-17 3:24 UTC (permalink / raw)
To: wireguard
Hey there!
I saw the project was missing packages for Fedora, so I wrote some specs
for RPMs to install the kernel module via DKMS and one for WireGuard
tools. They are up on my Copr.
https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/
Which can be enabled with:
sudo dnf copr enable jdoss/wireguard
and the packages installed with:
sudo dnf install wireguard-dkms wireguard-tools
I haven't tested them other than making sure the kernel module loads on
Fedora 24 and doing the first parts of the quick start. Let me know what
you think and feedback for improvements on the specs is welcome.
Thanks!
Joe
--
Joe Doss
joe@solidadmin.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [WireGuard] Fedora WireGuard RPMs
2016-08-17 3:24 [WireGuard] Fedora WireGuard RPMs Joe Doss
@ 2016-08-17 14:38 ` Jason A. Donenfeld
2016-08-17 14:44 ` David Woodhouse
2016-08-17 19:39 ` Joe Doss
0 siblings, 2 replies; 7+ messages in thread
From: Jason A. Donenfeld @ 2016-08-17 14:38 UTC (permalink / raw)
To: Joe Doss; +Cc: WireGuard mailing list
Hey Joe,
This is great news! Thanks for doing that. Are you a Fedora developer
per chance?
A few notes for fixing this:
1) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-tools.git/tree/wireguard-tools.spec
a)
> BuildRequires: libmnl-devel, kernel-devel, systemd
> Requires: wireguard-dkms, systemd
Remove the systemd requirement.
b)
> install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/contrib/examples/systemd/wgserver.service \
> %{buildroot}%{_unitdir}/wgserver.service
> %attr(0644, root, root) %{_unitdir}/wgserver.service
Remove these lines. Do not install this systemd unit. It's in the
examples directory; thus it is an EXAMPLE. It is not meant to be
installed. When we write a unit that's meant to be installed, `make
install` will do it automatically.
Instead, copy all of contrib/examples to /usr/share/{pkg}/examples or
wherever the default Fedora examples directory is.
c)
> BuildRequires: libmnl-devel, kernel-devel, systemd
Are you sure that the tools package requires kernel-devel? Did you
double check this?
d)
> install -Z -s -m 0755 -v %{_builddir}/WireGuard-experimental-%{version}/src/tools/wg \
> %{buildroot}%{_bindir}/wg
> install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/contrib/examples/systemd/wgserver.service \
> %{buildroot}%{_unitdir}/wgserver.service
> install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/src/tools/wg.8 \
> %{buildroot}%{_mandir}/man8/wg.8
> %defattr(-,root,root,-)
> %attr(0755, root, root) %{_bindir}/wg
> %attr(0644, root, root) %{_unitdir}/wgserver.service
> %attr(0644, root, root) %{_mandir}/man8/wg.8*
All of this is garbage. Instead, use `make install` and set the
environment variables appropriately. By default they are:
PREFIX ?= /usr
DESTDIR ?=
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
RUNSTATEDIR ?= /var/run
I imagine here you'll want to roll with something like:
DESTDIR=%{buildroot} BINDIR=%{_bindir} MANDIR=%{_mandir}
RUNSTATEDIR=/run make install
2) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-dkms.git/tree/wireguard-dkms.conf
I recommend you use Debian's as a starting point:
https://anonscm.debian.org/git/collab-maint/wireguard.git/tree/debian/wireguard-dkms.dkms
In particular DEST_MODULE_LOCATION="/kernel/net" and
BUILD_EXCLUSIVE_KERNEL="^(4\.[^0]|[5-9])".
3) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-dkms.git/tree/wireguard-dkms.spec
a)
> BuildRequires: libmnl-devel, kernel-devel, sed
The kernel module does not require libmnl-devel.
b)
> cp -fr %{_builddir}/WireGuard-experimental-%{version}/* %{buildroot}%{_usrsrc}/%{dkms_name}-%{version}/
You might consider instead only copying src/.
Please let me know when you've addressed 1a, 1b, 1c, 1d, 2, 3a, and
3b, and then I'll add your instructions to the wireguard.io website.
Thanks for your hard work on this. Much appreciated.
Jason
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [WireGuard] Fedora WireGuard RPMs
2016-08-17 14:38 ` Jason A. Donenfeld
@ 2016-08-17 14:44 ` David Woodhouse
2016-08-17 14:57 ` Jason A. Donenfeld
2016-08-17 19:39 ` Joe Doss
1 sibling, 1 reply; 7+ messages in thread
From: David Woodhouse @ 2016-08-17 14:44 UTC (permalink / raw)
To: Jason A. Donenfeld, Joe Doss; +Cc: WireGuard mailing list
[-- Attachment #1: Type: text/plain, Size: 488 bytes --]
On Wed, 2016-08-17 at 16:38 +0200, Jason A. Donenfeld wrote:
>
> a)
> > BuildRequires: libmnl-devel, kernel-devel, systemd
> > Requires: wireguard-dkms, systemd
>
> Remove the systemd requirement.
The BR should also be for 'pkgconfig(libmnl)', not 'libmnl-devel',
shouldn't it?
Unless WireGuard isn't actually using pkgconfig to find the library?
In which case WireGuard should be fixed and *then* the BR should be for
'pkgconfig(libmnl)' :)
--
dwmw2
[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5760 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [WireGuard] Fedora WireGuard RPMs
2016-08-17 14:44 ` David Woodhouse
@ 2016-08-17 14:57 ` Jason A. Donenfeld
0 siblings, 0 replies; 7+ messages in thread
From: Jason A. Donenfeld @ 2016-08-17 14:57 UTC (permalink / raw)
To: David Woodhouse; +Cc: WireGuard mailing list
On Wed, Aug 17, 2016 at 4:44 PM, David Woodhouse <dwmw2@infradead.org> wrote:
>
> The BR should also be for 'pkgconfig(libmnl)', not 'libmnl-devel',
> shouldn't it?
>
> Unless WireGuard isn't actually using pkgconfig to find the library?
> In which case WireGuard should be fixed and *then* the BR should be for
> 'pkgconfig(libmnl)' :)
WireGuard is using pkgconfig. David is right about pkgconfig(libmnl).
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [WireGuard] Fedora WireGuard RPMs
2016-08-17 14:38 ` Jason A. Donenfeld
2016-08-17 14:44 ` David Woodhouse
@ 2016-08-17 19:39 ` Joe Doss
2016-08-17 20:17 ` Bruno Wolff III
2016-08-18 0:13 ` Jason A. Donenfeld
1 sibling, 2 replies; 7+ messages in thread
From: Joe Doss @ 2016-08-17 19:39 UTC (permalink / raw)
To: WireGuard mailing list
On 08/17/2016 09:38 AM, Jason A. Donenfeld wrote:
> Hey Joe,
>
> This is great news! Thanks for doing that. Are you a Fedora developer
> per chance?
I am not an official one currently, no. I don't have any packages in
upstream Fedora yet. I am just a dude that likes to write RPMs and
contributing to cool open source projects. :)
> A few notes for fixing this:
>
> 1) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-tools.git/tree/wireguard-tools.spec
>
> a)
>> BuildRequires: libmnl-devel, kernel-devel, systemd
>> Requires: wireguard-dkms, systemd
>
> Remove the systemd requirement.
Done.
> b)
>> install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/contrib/examples/systemd/wgserver.service \
>> %{buildroot}%{_unitdir}/wgserver.service
>> %attr(0644, root, root) %{_unitdir}/wgserver.service
>
> Remove these lines. Do not install this systemd unit. It's in the
> examples directory; thus it is an EXAMPLE. It is not meant to be
> installed. When we write a unit that's meant to be installed, `make
> install` will do it automatically.
Fair enough. Removed.
> Instead, copy all of contrib/examples to /usr/share/{pkg}/examples or
> wherever the default Fedora examples directory is.
Done.
> c)
>> BuildRequires: libmnl-devel, kernel-devel, systemd
>
> Are you sure that the tools package requires kernel-devel? Did you
> double check this?
It doesn't need it. Fixed.
> d)
>> install -Z -s -m 0755 -v %{_builddir}/WireGuard-experimental-%{version}/src/tools/wg \
>> %{buildroot}%{_bindir}/wg
>> install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/contrib/examples/systemd/wgserver.service \
>> %{buildroot}%{_unitdir}/wgserver.service
>> install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/src/tools/wg.8 \
>> %{buildroot}%{_mandir}/man8/wg.8
>> %defattr(-,root,root,-)
>> %attr(0755, root, root) %{_bindir}/wg
>> %attr(0644, root, root) %{_unitdir}/wgserver.service
>> %attr(0644, root, root) %{_mandir}/man8/wg.8*
>
> All of this is garbage. Instead, use `make install` and set the
> environment variables appropriately. By default they are:
> PREFIX ?= /usr
> DESTDIR ?=
> BINDIR ?= $(PREFIX)/bin
> LIBDIR ?= $(PREFIX)/lib
> MANDIR ?= $(PREFIX)/share/man
> RUNSTATEDIR ?= /var/run
>
> I imagine here you'll want to roll with something like:
>
> DESTDIR=%{buildroot} BINDIR=%{_bindir} MANDIR=%{_mandir}
> RUNSTATEDIR=/run make install
Fixed. I guess I was doing it the hard way eh? :)
> 2) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-dkms.git/tree/wireguard-dkms.conf
>
> I recommend you use Debian's as a starting point:
> https://anonscm.debian.org/git/collab-maint/wireguard.git/tree/debian/wireguard-dkms.dkms
>
> In particular DEST_MODULE_LOCATION="/kernel/net" and
> BUILD_EXCLUSIVE_KERNEL="^(4\.[^0]|[5-9])".
Done.
> 3) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-dkms.git/tree/wireguard-dkms.spec
>
> a)
>> BuildRequires: libmnl-devel, kernel-devel, sed
>
> The kernel module does not require libmnl-devel.
Fixed.
> b)
>> cp -fr %{_builddir}/WireGuard-experimental-%{version}/* %{buildroot}%{_usrsrc}/%{dkms_name}-%{version}/
>
> You might consider instead only copying src/.
Good idea. Fixed.
> Please let me know when you've addressed 1a, 1b, 1c, 1d, 2, 3a, and
> 3b, and then I'll add your instructions to the wireguard.io website.
Some gotchas for Fedora might be issues using DKMS if they have secure
boot enabled. You might want to mention that as the kmod generated by
DKMS isn't signed, so loading it with secure boot will fail.
Also, SELinux is set enforcing by default on Fedora. I am not sure if
that is going to cause any issues either.
Other than that, the RPMs should be good to go. Let me know if you want
any other changes before adding the install instructions to the site.
> Thanks for your hard work on this. Much appreciated.
No problem! Glad to help. Thanks for your awesome work on WireGuard. :)
Joe
--
Joe Doss
joe@solidadmin.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [WireGuard] Fedora WireGuard RPMs
2016-08-17 19:39 ` Joe Doss
@ 2016-08-17 20:17 ` Bruno Wolff III
2016-08-18 0:13 ` Jason A. Donenfeld
1 sibling, 0 replies; 7+ messages in thread
From: Bruno Wolff III @ 2016-08-17 20:17 UTC (permalink / raw)
To: Joe Doss; +Cc: WireGuard mailing list
On Wed, Aug 17, 2016 at 14:39:16 -0500,
Joe Doss <joe@solidadmin.com> wrote:
>
>Also, SELinux is set enforcing by default on Fedora. I am not sure if
>that is going to cause any issues either.
Users run unconfined (technically there are confined by a policy that lets
them do almost anything) so generally there won't be a problem for stuff
they run manually. However I did hit issues running stuff in a service.
I didn't try to figure out what the correct fix was and kust added an
allow rule. I suspect there was a better solution using labelling, but I
didn't think it was worth worrying about.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [WireGuard] Fedora WireGuard RPMs
2016-08-17 19:39 ` Joe Doss
2016-08-17 20:17 ` Bruno Wolff III
@ 2016-08-18 0:13 ` Jason A. Donenfeld
1 sibling, 0 replies; 7+ messages in thread
From: Jason A. Donenfeld @ 2016-08-18 0:13 UTC (permalink / raw)
To: Joe Doss; +Cc: WireGuard mailing list
Hey Joe,
Terrific! We're all set now:
https://www.wireguard.io/install/
I've put the instructions on there.
Thanks so much for doing this. I really appreciate it.
Regards,
Jason
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2016-08-18 0:08 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-17 3:24 [WireGuard] Fedora WireGuard RPMs Joe Doss
2016-08-17 14:38 ` Jason A. Donenfeld
2016-08-17 14:44 ` David Woodhouse
2016-08-17 14:57 ` Jason A. Donenfeld
2016-08-17 19:39 ` Joe Doss
2016-08-17 20:17 ` Bruno Wolff III
2016-08-18 0:13 ` Jason A. Donenfeld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).