Development discussion of WireGuard
 help / color / mirror / Atom feed
* Migrating From Ubuntu PPA to Real Ubuntu Packages
@ 2020-08-03 10:28 Jason A. Donenfeld
  2020-08-03 10:36 ` Jasper Knockaert
  2020-08-03 16:08 ` NoddingDog
  0 siblings, 2 replies; 20+ messages in thread
From: Jason A. Donenfeld @ 2020-08-03 10:28 UTC (permalink / raw)
  To: wireguard; +Cc: unit193, apw

Hi folks,

At long last, Ubuntu now supports WireGuard on releases 20.04, 19.10,
18.04, and 16.04, which means we've got all currently supported LTS
releases covered. For that reason, we're in the process of sunsetting
the PPA that previously provided packages to some users. This email
details possible changes users might consider.

The right way to install WireGuard on Ubuntu now consists of a single
command:

    $ sudo apt install wireguard

This "wireguard" package will *automatically* pull in either one or two
packages with it:

  1) wireguard-tools: this will always be pulled in and provides wg(8)
     and wg-quick(8).
  2) wireguard-dkms: this will only be pulled in if your kernel doesn't
     already come with WireGuard.

As suggested by (2), most Ubuntu kernels now come with WireGuard out of
the box, even older releases, to which WireGuard has been backported.
This is great news and will result in much better reliability during
upgrades, as well as smoother compatibility with SecureBoot. You can
learn if your Ubuntu kernel comes with WireGuard out of the box by
running this command:

zx2c4@bionicman:~$ dpkg --get-selections | grep -v deinstall | cut -f 1 | grep linux-image | xargs apt-cache show | grep ^Provides: | grep wireguard-modules
Provides: wireguard-modules (= 1.0.20200611-1ubuntu1~18.04.1), zfs-modules (= 0.7.5-1ubuntu16.9)

Or alternatively:

zx2c4@bionicman:~$ ls -l /lib/modules/$(uname -r)/kernel/wireguard/wireguard.ko
-rw-r--r-- 1 root root 286985 Jul  9 23:13 /lib/modules/4.15.0-112-generic/kernel/wireguard/wireguard.ko

If those messages are *not* printed, then it simply means that your
Ubuntu kernel does not (yet) come with WireGuard out of the box, in
which case, the above "sudo apt install wireguard" command will
*automatically* install wireguard-dkms along with it.

Users should never need to manually install wireguard-tools or
wireguard-dkms. Rather, *only* install the "wireguard" package, and this
will automatically choose the correct additional packages to pull in.

For those who previously used the PPA, if the above commands indicate
that your kernel *does* come with WireGuard, then you'll probably want
to *remove* the wireguard-dkms package if it has not already been
automatically removed:

    $ sudo apt remove wireguard-dkms

As well, all previous users of the PPA may remove it:

   $ sudo add-apt-repository --remove ppa:wireguard/wireguard

From this point forward, all updates will be handled by Canonical from
the main Ubuntu package repositories. No PPAs are needed.

Hopefully this process should be fairly smooth. Most users have already
had Canonical-blessed WireGuard installed for some time now, so it
should be fairly smooth sailing.

Let me know if you have any questions.

Regards,
Jason

PS: In case you missed the announcement from two weeks ago, we intend
to sunset support for Ubuntu 14.04 in the PPA, and afterwards remove the
PPA itself:
- https://lists.zx2c4.com/pipermail/wireguard/2020-July/005670.html
- https://data.zx2c4.com/sunset-wg-14.04.gif

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 10:28 Migrating From Ubuntu PPA to Real Ubuntu Packages Jason A. Donenfeld
@ 2020-08-03 10:36 ` Jasper Knockaert
  2020-08-03 11:42   ` Jason A. Donenfeld
  2020-08-03 16:08 ` NoddingDog
  1 sibling, 1 reply; 20+ messages in thread
From: Jasper Knockaert @ 2020-08-03 10:36 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: wireguard, unit193, apw

Hi

On 3 Aug 2020, at 12:28, Jason A. Donenfeld wrote:

> Users should never need to manually install wireguard-tools or
> wireguard-dkms. Rather, *only* install the "wireguard" package, and 
> this
> will automatically choose the correct additional packages to pull in.

Well, I think there is a case to manually install wireguard-tools where 
you want to run wireguard in a container. In that case you may want to 
install wireguard-dkms on the host (in case its kernel doesn't yet 
support wireguard), and wireguard-tools in the container.

Best regards


Jasper

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 10:36 ` Jasper Knockaert
@ 2020-08-03 11:42   ` Jason A. Donenfeld
  0 siblings, 0 replies; 20+ messages in thread
From: Jason A. Donenfeld @ 2020-08-03 11:42 UTC (permalink / raw)
  To: Jasper Knockaert; +Cc: WireGuard mailing list, unit193, Andy Whitcroft

On Mon, Aug 3, 2020 at 12:36 PM Jasper Knockaert <jasper@knockaert.nl> wrote:
> Well, I think there is a case to manually install wireguard-tools where
> you want to run wireguard in a container. In that case you may want to
> install wireguard-dkms on the host (in case its kernel doesn't yet
> support wireguard), and wireguard-tools in the container.

That's a good point. There are all sorts of unusual cases where one
_might_ want to select individual packages instead of the meta
package. But if you don't know what you're doing, `sudo apt install
wireguard` is the mnemonic most people probably want. And for the
purposes of transitioning away from the PPA, that probably has the
least friction. But you're right: containerization is one instance in
which the meta package might not be desired.

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 10:28 Migrating From Ubuntu PPA to Real Ubuntu Packages Jason A. Donenfeld
  2020-08-03 10:36 ` Jasper Knockaert
@ 2020-08-03 16:08 ` NoddingDog
  2020-08-03 16:21   ` Jason A. Donenfeld
                     ` (2 more replies)
  1 sibling, 3 replies; 20+ messages in thread
From: NoddingDog @ 2020-08-03 16:08 UTC (permalink / raw)
  To: Jason A. Donenfeld, wireguard; +Cc: unit193, apw

Hello,

I'd like to report a serious problem.

I have a Dell XPS13 with Dell's OEM version of Ubuntu 18.04

I had previously added the wireguard PPA and removed it as mentioned
below.

Now, when running sudo apt install wireguard, the system wants to
install the following packages:

linux-image-5.3.0-1032-gke
linux-image-gke-5.3
wireguard-tools

These kernel images are **completely wrong** for the laptop (they are
Google Container Engine kernel images). I didn't notice and borked my
system by installing them. I had to load an old kernel and purge them
before my system would work properly again.

Maybe this needs fixing before too many other folks have the same
problem.

BR



On Mon, 2020-08-03 at 12:28 +0200, Jason A. Donenfeld wrote:
> Hi folks,
> 
> At long last, Ubuntu now supports WireGuard on releases 20.04, 19.10,
> 18.04, and 16.04, which means we've got all currently supported LTS
> releases covered. For that reason, we're in the process of sunsetting
> the PPA that previously provided packages to some users. This email
> details possible changes users might consider.
> 
> The right way to install WireGuard on Ubuntu now consists of a single
> command:
> 
>     $ sudo apt install wireguard
> 
> This "wireguard" package will *automatically* pull in either one or
> two
> packages with it:
> 
>   1) wireguard-tools: this will always be pulled in and provides
> wg(8)
>      and wg-quick(8).
>   2) wireguard-dkms: this will only be pulled in if your kernel
> doesn't
>      already come with WireGuard.
> 
> As suggested by (2), most Ubuntu kernels now come with WireGuard out
> of
> the box, even older releases, to which WireGuard has been backported.
> This is great news and will result in much better reliability during
> upgrades, as well as smoother compatibility with SecureBoot. You can
> learn if your Ubuntu kernel comes with WireGuard out of the box by
> running this command:
> 
> zx2c4@bionicman:~$ dpkg --get-selections | grep -v deinstall | cut -f
> 1 | grep linux-image | xargs apt-cache show | grep ^Provides: | grep
> wireguard-modules
> Provides: wireguard-modules (= 1.0.20200611-1ubuntu1~18.04.1), zfs-
> modules (= 0.7.5-1ubuntu16.9)
> 
> Or alternatively:
> 
> zx2c4@bionicman:~$ ls -l /lib/modules/$(uname
> -r)/kernel/wireguard/wireguard.ko
> -rw-r--r-- 1 root root 286985 Jul  9 23:13 /lib/modules/4.15.0-112-
> generic/kernel/wireguard/wireguard.ko
> 
> If those messages are *not* printed, then it simply means that your
> Ubuntu kernel does not (yet) come with WireGuard out of the box, in
> which case, the above "sudo apt install wireguard" command will
> *automatically* install wireguard-dkms along with it.
> 
> Users should never need to manually install wireguard-tools or
> wireguard-dkms. Rather, *only* install the "wireguard" package, and
> this
> will automatically choose the correct additional packages to pull in.
> 
> For those who previously used the PPA, if the above commands indicate
> that your kernel *does* come with WireGuard, then you'll probably
> want
> to *remove* the wireguard-dkms package if it has not already been
> automatically removed:
> 
>     $ sudo apt remove wireguard-dkms
> 
> As well, all previous users of the PPA may remove it:
> 
>    $ sudo add-apt-repository --remove ppa:wireguard/wireguard
> 
> From this point forward, all updates will be handled by Canonical
> from
> the main Ubuntu package repositories. No PPAs are needed.
> 
> Hopefully this process should be fairly smooth. Most users have
> already
> had Canonical-blessed WireGuard installed for some time now, so it
> should be fairly smooth sailing.
> 
> Let me know if you have any questions.
> 
> Regards,
> Jason
> 
> PS: In case you missed the announcement from two weeks ago, we intend
> to sunset support for Ubuntu 14.04 in the PPA, and afterwards remove
> the
> PPA itself:
> - https://lists.zx2c4.com/pipermail/wireguard/2020-July/005670.html
> - https://data.zx2c4.com/sunset-wg-14.04.gif


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 16:08 ` NoddingDog
@ 2020-08-03 16:21   ` Jason A. Donenfeld
  2020-08-03 16:25     ` NoddingDog
  2020-08-03 21:18   ` Andy Whitcroft
  2020-08-04 21:58   ` Jason A. Donenfeld
  2 siblings, 1 reply; 20+ messages in thread
From: Jason A. Donenfeld @ 2020-08-03 16:21 UTC (permalink / raw)
  To: lists; +Cc: wireguard, unit193, apw

On Mon, Aug 3, 2020 at 6:15 PM NoddingDog <lists@noddingdog.org> wrote:
>
> Hello,
>
> I'd like to report a serious problem.
>
> I have a Dell XPS13 with Dell's OEM version of Ubuntu 18.04
>
> I had previously added the wireguard PPA and removed it as mentioned
> below.
>
> Now, when running sudo apt install wireguard, the system wants to
> install the following packages:
>
> linux-image-5.3.0-1032-gke
> linux-image-gke-5.3
> wireguard-tools
>
> These kernel images are **completely wrong** for the laptop (they are
> Google Container Engine kernel images). I didn't notice and borked my
> system by installing them. I had to load an old kernel and purge them
> before my system would work properly again.
>
> Maybe this needs fixing before too many other folks have the same
> problem.

Try running `apt update` first, and please let me know if that fixes the issue.

IIRC, Andy (CC'd as apw@) initially ported WireGuard to 18.04 with a
package bug, which he later rectified.

Jason

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 16:21   ` Jason A. Donenfeld
@ 2020-08-03 16:25     ` NoddingDog
  2020-08-03 16:28       ` Jason A. Donenfeld
  2020-08-04 12:49       ` Andy Whitcroft
  0 siblings, 2 replies; 20+ messages in thread
From: NoddingDog @ 2020-08-03 16:25 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: wireguard, unit193, apw

I'm sure I did apt update after removing the PPA, but just checked
again:
 
apt update
apt install wireguard

Same result - those gke kernels are included as dependencies and "will
be installed".

Maybe Dell need to fix their bionic-oem repositories?


On Mon, 2020-08-03 at 18:21 +0200, Jason A. Donenfeld wrote:
> On Mon, Aug 3, 2020 at 6:15 PM NoddingDog <lists@noddingdog.org>
> wrote:
> > 
> > Hello,
> > 
> > I'd like to report a serious problem.
> > 
> > I have a Dell XPS13 with Dell's OEM version of Ubuntu 18.04
> > 
> > I had previously added the wireguard PPA and removed it as
> > mentioned
> > below.
> > 
> > Now, when running sudo apt install wireguard, the system wants to
> > install the following packages:
> > 
> > linux-image-5.3.0-1032-gke
> > linux-image-gke-5.3
> > wireguard-tools
> > 
> > These kernel images are **completely wrong** for the laptop (they
> > are
> > Google Container Engine kernel images). I didn't notice and borked
> > my
> > system by installing them. I had to load an old kernel and purge
> > them
> > before my system would work properly again.
> > 
> > Maybe this needs fixing before too many other folks have the same
> > problem.
> 
> Try running `apt update` first, and please let me know if that fixes
> the issue.
> 
> IIRC, Andy (CC'd as apw@) initially ported WireGuard to 18.04 with a
> package bug, which he later rectified.
> 
> Jason


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 16:25     ` NoddingDog
@ 2020-08-03 16:28       ` Jason A. Donenfeld
  2020-08-03 16:30         ` Jason A. Donenfeld
       [not found]         ` <532c74129f32cffd53c71b87858929f800c2f87b.camel@noddingdog.org>
  2020-08-04 12:49       ` Andy Whitcroft
  1 sibling, 2 replies; 20+ messages in thread
From: Jason A. Donenfeld @ 2020-08-03 16:28 UTC (permalink / raw)
  To: lists; +Cc: WireGuard mailing list, unit193, Andy Whitcroft

On Mon, Aug 3, 2020 at 6:25 PM NoddingDog <lists@noddingdog.org> wrote:
>
> I'm sure I did apt update after removing the PPA, but just checked
> again:
>
> apt update
> apt install wireguard
>
> Same result - those gke kernels are included as dependencies and "will
> be installed".
>
> Maybe Dell need to fix their bionic-oem repositories?

Ooof, that sounds disastrous. Hopefully Andy is reading these emails
and will fix this issue, but I'll poke him on IRC too.

Could you send me the URLs for the repos your laptop is using? I'd
like to double check the Release files on there. Perhaps just the
contents of /etc/apt or similar, and the name of the kernel package
your system uses?


Jason

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 16:28       ` Jason A. Donenfeld
@ 2020-08-03 16:30         ` Jason A. Donenfeld
  2020-08-03 16:43           ` NoddingDog
       [not found]         ` <532c74129f32cffd53c71b87858929f800c2f87b.camel@noddingdog.org>
  1 sibling, 1 reply; 20+ messages in thread
From: Jason A. Donenfeld @ 2020-08-03 16:30 UTC (permalink / raw)
  To: lists; +Cc: WireGuard mailing list, unit193, Andy Whitcroft, W.Jackson

On Mon, Aug 3, 2020 at 6:28 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> On Mon, Aug 3, 2020 at 6:25 PM NoddingDog <lists@noddingdog.org> wrote:
> >
> > I'm sure I did apt update after removing the PPA, but just checked
> > again:
> >
> > apt update
> > apt install wireguard
> >
> > Same result - those gke kernels are included as dependencies and "will
> > be installed".
> >
> > Maybe Dell need to fix their bionic-oem repositories?
>
> Ooof, that sounds disastrous. Hopefully Andy is reading these emails
> and will fix this issue, but I'll poke him on IRC too.
>
> Could you send me the URLs for the repos your laptop is using? I'd
> like to double check the Release files on there. Perhaps just the
> contents of /etc/apt or similar, and the name of the kernel package
> your system uses?

Bingo:

zx2c4@bionicman:~$ apt-cache show linux-image-oem | grep Provides
zx2c4@bionicman:~$ apt-cache show linux-image-generic | grep Provides
Provides: wireguard-modules (= 1.0.20200611-1ubuntu1~18.04.1),
zfs-modules (= 0.7.5-1ubuntu16.9)

Indeed looks like maybe this was left out of linux-image-oem? That's
surprising, especially given the trials and tribulations we went
through initially to get this deployed to Dell customers.

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
       [not found]         ` <532c74129f32cffd53c71b87858929f800c2f87b.camel@noddingdog.org>
@ 2020-08-03 16:42           ` Jason A. Donenfeld
  2020-08-04 12:36             ` Andy Whitcroft
  0 siblings, 1 reply; 20+ messages in thread
From: Jason A. Donenfeld @ 2020-08-03 16:42 UTC (permalink / raw)
  To: NoddingDog; +Cc: WireGuard mailing list, unit193, Andy Whitcroft, W.Jackson

Looks like we're all set for these kernels:

zx2c4@bionicman:~$ apt-cache show linux-image-* | grep -C5 "^Source: linux-meta" | grep -B10 "^Provides: .*wireguard-modules" | grep ^Package:
Package: linux-image-generic
Package: linux-image-aws
Package: linux-image-azure
Package: linux-image-azure-edge
Package: linux-image-gcp
Package: linux-image-kvm
Package: linux-image-lowlatency
Package: linux-image-virtual
Package: linux-image-aws-edge
Package: linux-image-aws-lts-18.04
Package: linux-image-gcp-edge
Package: linux-image-generic-hwe-18.04
Package: linux-image-generic-hwe-18.04-edge
Package: linux-image-gke-5.4
Package: linux-image-lowlatency-hwe-18.04
Package: linux-image-lowlatency-hwe-18.04-edge
Package: linux-image-oracle
Package: linux-image-oracle-edge
Package: linux-image-virtual-hwe-18.04
Package: linux-image-virtual-hwe-18.04-edge
Package: linux-image-gke-5.3

But we are not all set for these kernels:

zx2c4@bionicman:~$ comm -23 <(apt-cache show linux-image-* | grep -C5 "^Source: linux-meta" | grep ^Package: | sort | uniq) <(apt-cache show linux-image-* | grep -C5 "^Source: linux-meta" | grep -B10 "^Provides: .*wireguard-modules" | grep ^Package: | sort | uniq)
Package: linux-image-azure-lts-18.04
Package: linux-image-extra-virtual
Package: linux-image-extra-virtual-hwe-16.04
Package: linux-image-extra-virtual-hwe-16.04-edge
Package: linux-image-extra-virtual-hwe-18.04
Package: linux-image-extra-virtual-hwe-18.04-edge
Package: linux-image-gcp-lts-18.04
Package: linux-image-generic-hwe-16.04
Package: linux-image-generic-hwe-16.04-edge
Package: linux-image-gke
Package: linux-image-gke-4.15
Package: linux-image-gke-5.0
Package: linux-image-gkeop-5.3
Package: linux-image-gkeop-5.4
Package: linux-image-lowlatency-hwe-16.04
Package: linux-image-lowlatency-hwe-16.04-edge
Package: linux-image-oem
Package: linux-image-oem-osp1
Package: linux-image-oracle-lts-18.04
Package: linux-image-virtual-gkeop-5.0
Package: linux-image-virtual-hwe-16.04
Package: linux-image-virtual-hwe-16.04-edge

Appears that the "oem" kernel is part of the bad list.

I'll note that this is at least the third time Canonical has forgotten
the "Provides:" line for kernel packages. I'd highly recommend they
put some time into double checking their procedures.

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 16:30         ` Jason A. Donenfeld
@ 2020-08-03 16:43           ` NoddingDog
  2020-08-03 16:47             ` Jason A. Donenfeld
  0 siblings, 1 reply; 20+ messages in thread
From: NoddingDog @ 2020-08-03 16:43 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

Good you've found the issue.

That'll teach me to be an early adopter... ;-)

On Mon, 2020-08-03 at 18:30 +0200, Jason A. Donenfeld wrote:
> On Mon, Aug 3, 2020 at 6:28 PM Jason A. Donenfeld <Jason@zx2c4.com>
> wrote:
> > 
> > On Mon, Aug 3, 2020 at 6:25 PM NoddingDog <lists@noddingdog.org>
> > wrote:
> > > 
> > > I'm sure I did apt update after removing the PPA, but just
> > > checked
> > > again:
> > > 
> > > apt update
> > > apt install wireguard
> > > 
> > > Same result - those gke kernels are included as dependencies and
> > > "will
> > > be installed".
> > > 
> > > Maybe Dell need to fix their bionic-oem repositories?
> > 
> > Ooof, that sounds disastrous. Hopefully Andy is reading these
> > emails
> > and will fix this issue, but I'll poke him on IRC too.
> > 
> > Could you send me the URLs for the repos your laptop is using? I'd
> > like to double check the Release files on there. Perhaps just the
> > contents of /etc/apt or similar, and the name of the kernel package
> > your system uses?
> 
> Bingo:
> 
> zx2c4@bionicman:~$ apt-cache show linux-image-oem | grep Provides
> zx2c4@bionicman:~$ apt-cache show linux-image-generic | grep Provides
> Provides: wireguard-modules (= 1.0.20200611-1ubuntu1~18.04.1),
> zfs-modules (= 0.7.5-1ubuntu16.9)
> 
> Indeed looks like maybe this was left out of linux-image-oem? That's
> surprising, especially given the trials and tribulations we went
> through initially to get this deployed to Dell customers.


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 16:43           ` NoddingDog
@ 2020-08-03 16:47             ` Jason A. Donenfeld
  2020-08-03 16:49               ` NoddingDog
  0 siblings, 1 reply; 20+ messages in thread
From: Jason A. Donenfeld @ 2020-08-03 16:47 UTC (permalink / raw)
  To: lists; +Cc: WireGuard mailing list, Andy Whitcroft, W.Jackson, unit193

On Mon, Aug 3, 2020 at 6:43 PM NoddingDog <lists@noddingdog.org> wrote:
>
> Good you've found the issue.
>
> That'll teach me to be an early adopter... ;-)

Sigh. Sorry you're having that experience with WireGuard. Usually
things go quite a bit better with the WireGuard side of things, but
this seems pretty par for the course with _Ubuntu_ and Canonical's
kernel team. We've had perpetual issues over the last 6 months with
getting Canonical to release high quality packages in a timely manner.
A pretty large portion of my time is spent dealing with these bugs and
Ubuntu in general. I'm hoping they can finally get their stuff worked
out and support users properly, and I had hoped that everything was
*finally* in order today, but it seems like it was not meant to be.
Problems continue, alas. I've poked Andy on IRC and hopefully we can
get fixes for this deployed as soon as their procedures and paperwork
allow.

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 16:47             ` Jason A. Donenfeld
@ 2020-08-03 16:49               ` NoddingDog
  0 siblings, 0 replies; 20+ messages in thread
From: NoddingDog @ 2020-08-03 16:49 UTC (permalink / raw)
  To: Jason A. Donenfeld
  Cc: WireGuard mailing list, Andy Whitcroft, W.Jackson, unit193

On Mon, 2020-08-03 at 18:47 +0200, Jason A. Donenfeld wrote:
> On Mon, Aug 3, 2020 at 6:43 PM NoddingDog <lists@noddingdog.org>
> wrote:
> > 
> > Good you've found the issue.
> > 
> > That'll teach me to be an early adopter... ;-)
> 
> Sigh. Sorry you're having that experience with WireGuard. Usually
> things go quite a bit better with the WireGuard side of things, but
> this seems pretty par for the course with _Ubuntu_ and Canonical's
> kernel team. We've had perpetual issues over the last 6 months with
> getting Canonical to release high quality packages in a timely
> manner.
> A pretty large portion of my time is spent dealing with these bugs
> and
> Ubuntu in general. I'm hoping they can finally get their stuff worked
> out and support users properly, and I had hoped that everything was
> *finally* in order today, but it seems like it was not meant to be.
> Problems continue, alas. I've poked Andy on IRC and hopefully we can
> get fixes for this deployed as soon as their procedures and paperwork
> allow.

"Sorry you're having that experience with WireGuard."

No hard feelings at all... I'm using it extensively and this is the
first time I've had any problems with wireguard. Keep up the good work!


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 16:08 ` NoddingDog
  2020-08-03 16:21   ` Jason A. Donenfeld
@ 2020-08-03 21:18   ` Andy Whitcroft
  2020-08-03 21:24     ` Jason A. Donenfeld
  2020-08-04 21:58   ` Jason A. Donenfeld
  2 siblings, 1 reply; 20+ messages in thread
From: Andy Whitcroft @ 2020-08-03 21:18 UTC (permalink / raw)
  To: NoddingDog; +Cc: Jason A. Donenfeld, wireguard, unit193

On Mon, Aug 03, 2020 at 06:08:56PM +0200, NoddingDog wrote:
> Hello,
> 
> I'd like to report a serious problem.
> 
> I have a Dell XPS13 with Dell's OEM version of Ubuntu 18.04
> 
> I had previously added the wireguard PPA and removed it as mentioned
> below.
> 
> Now, when running sudo apt install wireguard, the system wants to
> install the following packages:
> 
> linux-image-5.3.0-1032-gke
> linux-image-gke-5.3
> wireguard-tools

Yes, this is primarily a bug in the Depends on the wireguard package:

    Depends: wireguard-modules (>= 0.0.20191219) | wireguard-dkms (>=
        0.0.20200121-2), wireguard-tools (>= 1.0.20200513-1)

The linux-oem kernel has (separatly) a bug in its Provides so it does
not think it contains wireguard.ko.  In that scenario we want the apt
resolver to pick wireguard-dkms as at least that way you have a
wireguard.ko.  But the way it is formed it will pick wireguard-modules
for installation if neither is installed already.  This can only be
solved by installing an unrelated kernel.

Am working on solving these problems variously.

-apw

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 21:18   ` Andy Whitcroft
@ 2020-08-03 21:24     ` Jason A. Donenfeld
  0 siblings, 0 replies; 20+ messages in thread
From: Jason A. Donenfeld @ 2020-08-03 21:24 UTC (permalink / raw)
  To: Andy Whitcroft
  Cc: NoddingDog, WireGuard mailing list, unit193, Daniel Kahn Gillmor

Hi Andy,

On Mon, Aug 3, 2020 at 11:18 PM Andy Whitcroft <apw@canonical.com> wrote:
> Yes, this is primarily a bug in the Depends on the wireguard package:
>
>     Depends: wireguard-modules (>= 0.0.20191219) | wireguard-dkms (>=
>         0.0.20200121-2), wireguard-tools (>= 1.0.20200513-1)

As discussed, this ordering here has the effect of making manifest the
bug you mentioned below, the missing Provides of your meta package.
Without this ordering, there would still be a bug, but most users
wouldn't notice and things would just be subtly worse and eventually
break during some dkms crossover update situation, as we've had
before. So, also not good. Not as dramatic, of course, but not good
either, and would probably be harder to diagnose and fix later on. And
anyway, I'm grateful that we were able to catch this bug so quickly
here. So, fixing that Provides:, as you indicated below, remains
priority in my mind.

For changing the order of the Depends:, I'd encourage you to send a MR
to https://salsa.debian.org/debian/wireguard/-/merge_requests or file
a Debian bug report, so that the Debian maintainers (CC'd) can
deliberate with you on if changing the order actually makes good sense
for both Ubuntu and for Debian. In that lucky scenario, Ubuntu can
carry on auto importing the changed Debian package, without the need
for you to manually change it.

> The linux-oem kernel has (separatly) a bug in its Provides so it does
> not think it contains wireguard.ko.  In that scenario we want the apt
> resolver to pick wireguard-dkms as at least that way you have a
> wireguard.ko.  But the way it is formed it will pick wireguard-modules
> for installation if neither is installed already.  This can only be
> solved by installing an unrelated kernel.

Correct. This is the bug to be solved here and now.

> Am working on solving these problems variously.

Thanks a lot for jumping on this so quickly. I really appreciate it.

Regards,
Jason

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 16:42           ` Jason A. Donenfeld
@ 2020-08-04 12:36             ` Andy Whitcroft
  2020-08-04 13:26               ` Jason A. Donenfeld
  0 siblings, 1 reply; 20+ messages in thread
From: Andy Whitcroft @ 2020-08-04 12:36 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: NoddingDog, WireGuard mailing list, unit193, W.Jackson

On Mon, Aug 03, 2020 at 06:42:49PM +0200, Jason A. Donenfeld wrote:
> Looks like we're all set for these kernels:
> 
> zx2c4@bionicman:~$ apt-cache show linux-image-* | grep -C5 "^Source: linux-meta" | grep -B10 "^Provides: .*wireguard-modules" | grep ^Package:
> Package: linux-image-generic
> Package: linux-image-aws
> Package: linux-image-azure
> Package: linux-image-azure-edge
> Package: linux-image-gcp
> Package: linux-image-kvm
> Package: linux-image-lowlatency
> Package: linux-image-virtual
> Package: linux-image-aws-edge
> Package: linux-image-aws-lts-18.04
> Package: linux-image-gcp-edge
> Package: linux-image-generic-hwe-18.04
> Package: linux-image-generic-hwe-18.04-edge
> Package: linux-image-gke-5.4
> Package: linux-image-lowlatency-hwe-18.04
> Package: linux-image-lowlatency-hwe-18.04-edge
> Package: linux-image-oracle
> Package: linux-image-oracle-edge
> Package: linux-image-virtual-hwe-18.04
> Package: linux-image-virtual-hwe-18.04-edge
> Package: linux-image-gke-5.3
> 
> But we are not all set for these kernels:
> 
> zx2c4@bionicman:~$ comm -23 <(apt-cache show linux-image-* | grep -C5 "^Source: linux-meta" | grep ^Package: | sort | uniq) <(apt-cache show linux-image-* | grep -C5 "^Source: linux-meta" | grep -B10 "^Provides: .*wireguard-modules" | grep ^Package: | sort | uniq)
> Package: linux-image-azure-lts-18.04
> Package: linux-image-extra-virtual
> Package: linux-image-extra-virtual-hwe-16.04
> Package: linux-image-extra-virtual-hwe-16.04-edge
> Package: linux-image-extra-virtual-hwe-18.04
> Package: linux-image-extra-virtual-hwe-18.04-edge
> Package: linux-image-gcp-lts-18.04
> Package: linux-image-generic-hwe-16.04
> Package: linux-image-generic-hwe-16.04-edge
> Package: linux-image-gke
> Package: linux-image-gke-4.15
> Package: linux-image-gke-5.0
> Package: linux-image-gkeop-5.3
> Package: linux-image-gkeop-5.4
> Package: linux-image-lowlatency-hwe-16.04
> Package: linux-image-lowlatency-hwe-16.04-edge
> Package: linux-image-oem
> Package: linux-image-oem-osp1
> Package: linux-image-oracle-lts-18.04
> Package: linux-image-virtual-gkeop-5.0
> Package: linux-image-virtual-hwe-16.04
> Package: linux-image-virtual-hwe-16.04-edge
> 
> Appears that the "oem" kernel is part of the bad list.

This list is somewhat inaccurate as about half of those are transitional
packages an not expected to actually have provides.  linux-oem is
unfortuantly converted but misses its linux-meta-oem changes.  This is
being sorted out.  The remaining are being reviewed.

-apw

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 16:25     ` NoddingDog
  2020-08-03 16:28       ` Jason A. Donenfeld
@ 2020-08-04 12:49       ` Andy Whitcroft
  2020-08-04 13:14         ` Jason A. Donenfeld
  1 sibling, 1 reply; 20+ messages in thread
From: Andy Whitcroft @ 2020-08-04 12:49 UTC (permalink / raw)
  To: NoddingDog; +Cc: Jason A. Donenfeld, wireguard, unit193

On Mon, Aug 03, 2020 at 06:25:51PM +0200, NoddingDog wrote:
> I'm sure I did apt update after removing the PPA, but just checked
> again:
>  
> apt update
> apt install wireguard
> 
> Same result - those gke kernels are included as dependencies and "will
> be installed".
> 
> Maybe Dell need to fix their bionic-oem repositories?

The breakage here came from bad dependancies on the Debian wireguard
packages which we backported to these series.  They incorrectly (for
Ubuntu) depend primarily on wireguard-modules which triggers an actual
dependancy on a kernel package; a severe no-no for exactly the issue
hit here.  It should likely have been caught in review but was not.

New packages are in the review queue and expected in -proposed today
across the board.  They will be released as soon as is practicle.

-apw

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-04 12:49       ` Andy Whitcroft
@ 2020-08-04 13:14         ` Jason A. Donenfeld
  0 siblings, 0 replies; 20+ messages in thread
From: Jason A. Donenfeld @ 2020-08-04 13:14 UTC (permalink / raw)
  To: Andy Whitcroft; +Cc: NoddingDog, WireGuard mailing list, unit193

On Tue, Aug 4, 2020 at 2:49 PM Andy Whitcroft <apw@canonical.com> wrote:
>
> On Mon, Aug 03, 2020 at 06:25:51PM +0200, NoddingDog wrote:
> > I'm sure I did apt update after removing the PPA, but just checked
> > again:
> >
> > apt update
> > apt install wireguard
> >
> > Same result - those gke kernels are included as dependencies and "will
> > be installed".
> >
> > Maybe Dell need to fix their bionic-oem repositories?
>
> The breakage here came from bad dependancies on the Debian wireguard
> packages which we backported to these series.  They incorrectly (for
> Ubuntu) depend primarily on wireguard-modules which triggers an actual
> dependancy on a kernel package; a severe no-no for exactly the issue
> hit here.  It should likely have been caught in review but was not.
>
> New packages are in the review queue and expected in -proposed today
> across the board.  They will be released as soon as is practicle.

The breakage is because you forgot the Provides: in the oem-meta
package. Debian's ordering of the Depends: just helped unearth the
problem, as explained in a message yesterday.

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-04 12:36             ` Andy Whitcroft
@ 2020-08-04 13:26               ` Jason A. Donenfeld
  0 siblings, 0 replies; 20+ messages in thread
From: Jason A. Donenfeld @ 2020-08-04 13:26 UTC (permalink / raw)
  To: Andy Whitcroft; +Cc: NoddingDog, WireGuard mailing list, unit193, W.Jackson

On Tue, Aug 4, 2020 at 2:37 PM Andy Whitcroft <apw@canonical.com> wrote:
>
> On Mon, Aug 03, 2020 at 06:42:49PM +0200, Jason A. Donenfeld wrote:
> > Looks like we're all set for these kernels:
> >
> > zx2c4@bionicman:~$ apt-cache show linux-image-* | grep -C5 "^Source: linux-meta" | grep -B10 "^Provides: .*wireguard-modules" | grep ^Package:
> > Package: linux-image-generic
> > Package: linux-image-aws
> > Package: linux-image-azure
> > Package: linux-image-azure-edge
> > Package: linux-image-gcp
> > Package: linux-image-kvm
> > Package: linux-image-lowlatency
> > Package: linux-image-virtual
> > Package: linux-image-aws-edge
> > Package: linux-image-aws-lts-18.04
> > Package: linux-image-gcp-edge
> > Package: linux-image-generic-hwe-18.04
> > Package: linux-image-generic-hwe-18.04-edge
> > Package: linux-image-gke-5.4
> > Package: linux-image-lowlatency-hwe-18.04
> > Package: linux-image-lowlatency-hwe-18.04-edge
> > Package: linux-image-oracle
> > Package: linux-image-oracle-edge
> > Package: linux-image-virtual-hwe-18.04
> > Package: linux-image-virtual-hwe-18.04-edge
> > Package: linux-image-gke-5.3
> >
> > But we are not all set for these kernels:
> >
> > zx2c4@bionicman:~$ comm -23 <(apt-cache show linux-image-* | grep -C5 "^Source: linux-meta" | grep ^Package: | sort | uniq) <(apt-cache show linux-image-* | grep -C5 "^Source: linux-meta" | grep -B10 "^Provides: .*wireguard-modules" | grep ^Package: | sort | uniq)
> > Package: linux-image-azure-lts-18.04
> > Package: linux-image-extra-virtual
> > Package: linux-image-extra-virtual-hwe-16.04
> > Package: linux-image-extra-virtual-hwe-16.04-edge
> > Package: linux-image-extra-virtual-hwe-18.04
> > Package: linux-image-extra-virtual-hwe-18.04-edge
> > Package: linux-image-gcp-lts-18.04
> > Package: linux-image-generic-hwe-16.04
> > Package: linux-image-generic-hwe-16.04-edge
> > Package: linux-image-gke
> > Package: linux-image-gke-4.15
> > Package: linux-image-gke-5.0
> > Package: linux-image-gkeop-5.3
> > Package: linux-image-gkeop-5.4
> > Package: linux-image-lowlatency-hwe-16.04
> > Package: linux-image-lowlatency-hwe-16.04-edge
> > Package: linux-image-oem
> > Package: linux-image-oem-osp1
> > Package: linux-image-oracle-lts-18.04
> > Package: linux-image-virtual-gkeop-5.0
> > Package: linux-image-virtual-hwe-16.04
> > Package: linux-image-virtual-hwe-16.04-edge
> >
> > Appears that the "oem" kernel is part of the bad list.
>
> This list is somewhat inaccurate as about half of those are transitional
> packages an not expected to actually have provides.  linux-oem is
> unfortuantly converted but misses its linux-meta-oem changes.  This is
> being sorted out.  The remaining are being reviewed.

Thanks for clarifying. So we're now certain about linux-meta-oem (aka
Dell's kernel) being broken. Could you keep the list updated if you're
able to confirm that others are broken too?

Jason

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-03 16:08 ` NoddingDog
  2020-08-03 16:21   ` Jason A. Donenfeld
  2020-08-03 21:18   ` Andy Whitcroft
@ 2020-08-04 21:58   ` Jason A. Donenfeld
  2020-08-05  6:23     ` NoddingDog
  2 siblings, 1 reply; 20+ messages in thread
From: Jason A. Donenfeld @ 2020-08-04 21:58 UTC (permalink / raw)
  To: lists; +Cc: wireguard, unit193, apw

Hey NoddingDog,

I think that the fix has now been released to -updates, as of about 20
minutes ago. It may still take some time to hit the mirrors, but can
you see if "apt update && apt upgrade && apt install wireguard"
produces a saner result than last time?

Thanks to Andy for getting this fixed so quickly!

Jason

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Migrating From Ubuntu PPA to Real Ubuntu Packages
  2020-08-04 21:58   ` Jason A. Donenfeld
@ 2020-08-05  6:23     ` NoddingDog
  0 siblings, 0 replies; 20+ messages in thread
From: NoddingDog @ 2020-08-05  6:23 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: wireguard, unit193, apw

On Tue, 2020-08-04 at 23:58 +0200, Jason A. Donenfeld wrote:
> Hey NoddingDog,
> 
> I think that the fix has now been released to -updates, as of about
> 20
> minutes ago. It may still take some time to hit the mirrors, but can
> you see if "apt update && apt upgrade && apt install wireguard"
> produces a saner result than last time?
> 
> Thanks to Andy for getting this fixed so quickly!
> 
> Jason

OK, I tried again and this time the following packages were offered:
linux-headers-oem
linux-image-oem
linux-oem
wireguard tools

Installed, rebooted and all seems fine. Thanks all for the fix!



^ permalink raw reply	[flat|nested] 20+ messages in thread

end of thread, other threads:[~2020-08-05  6:23 UTC | newest]

Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-03 10:28 Migrating From Ubuntu PPA to Real Ubuntu Packages Jason A. Donenfeld
2020-08-03 10:36 ` Jasper Knockaert
2020-08-03 11:42   ` Jason A. Donenfeld
2020-08-03 16:08 ` NoddingDog
2020-08-03 16:21   ` Jason A. Donenfeld
2020-08-03 16:25     ` NoddingDog
2020-08-03 16:28       ` Jason A. Donenfeld
2020-08-03 16:30         ` Jason A. Donenfeld
2020-08-03 16:43           ` NoddingDog
2020-08-03 16:47             ` Jason A. Donenfeld
2020-08-03 16:49               ` NoddingDog
     [not found]         ` <532c74129f32cffd53c71b87858929f800c2f87b.camel@noddingdog.org>
2020-08-03 16:42           ` Jason A. Donenfeld
2020-08-04 12:36             ` Andy Whitcroft
2020-08-04 13:26               ` Jason A. Donenfeld
2020-08-04 12:49       ` Andy Whitcroft
2020-08-04 13:14         ` Jason A. Donenfeld
2020-08-03 21:18   ` Andy Whitcroft
2020-08-03 21:24     ` Jason A. Donenfeld
2020-08-04 21:58   ` Jason A. Donenfeld
2020-08-05  6:23     ` NoddingDog

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/wireguard

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 wireguard wireguard/ http://inbox.vuxu.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git