1 |
commit: 98de0b375822da3d946004d292a03c050dfaa72d |
2 |
Author: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Jun 1 18:14:43 2017 +0000 |
4 |
Commit: Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jun 1 18:14:56 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98de0b37 |
7 |
|
8 |
net-vpn/wireguard: work around hotplug+!padata |
9 |
|
10 |
Package-Manager: Portage-2.3.6, Repoman-2.3.2 |
11 |
|
12 |
...eguard-0.0.20170531-remove-padata-hotplug.patch | 188 +++++++++++++++++++++ |
13 |
net-vpn/wireguard/wireguard-0.0.20170531-r1.ebuild | 115 +++++++++++++ |
14 |
2 files changed, 303 insertions(+) |
15 |
|
16 |
diff --git a/net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch b/net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch |
17 |
new file mode 100644 |
18 |
index 00000000000..a1f4b80d01d |
19 |
--- /dev/null |
20 |
+++ b/net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch |
21 |
@@ -0,0 +1,188 @@ |
22 |
+From 1e0405942cecfd6de2a7707f3027f326d6f2fdb4 Mon Sep 17 00:00:00 2001 |
23 |
+From: "Jason A. Donenfeld" <Jason@×××××.com> |
24 |
+Date: Thu, 1 Jun 2017 16:55:20 +0200 |
25 |
+Subject: compat: remove padata hotplug code |
26 |
+ |
27 |
+It's different on different kernel versions, and we're not using it |
28 |
+anyway, so it's easiest to just get rid of it, rather than having |
29 |
+another ifdef maze. |
30 |
+--- |
31 |
+ src/compat/padata/padata.c | 149 --------------------------------------------- |
32 |
+ 1 file changed, 149 deletions(-) |
33 |
+ |
34 |
+diff --git a/src/compat/padata/padata.c b/src/compat/padata/padata.c |
35 |
+index 480c43f..25836db 100644 |
36 |
+--- a/src/compat/padata/padata.c |
37 |
++++ b/src/compat/padata/padata.c |
38 |
+@@ -677,131 +677,8 @@ void padata_stop(struct padata_instance *pinst) |
39 |
+ mutex_unlock(&pinst->lock); |
40 |
+ } |
41 |
+ |
42 |
+-#ifdef CONFIG_HOTPLUG_CPU |
43 |
+- |
44 |
+-static int __padata_add_cpu(struct padata_instance *pinst, int cpu) |
45 |
+-{ |
46 |
+- struct parallel_data *pd; |
47 |
+- |
48 |
+- if (cpumask_test_cpu(cpu, cpu_online_mask)) { |
49 |
+- pd = padata_alloc_pd(pinst, pinst->cpumask.pcpu, |
50 |
+- pinst->cpumask.cbcpu); |
51 |
+- if (!pd) |
52 |
+- return -ENOMEM; |
53 |
+- |
54 |
+- padata_replace(pinst, pd); |
55 |
+- |
56 |
+- if (padata_validate_cpumask(pinst, pinst->cpumask.pcpu) && |
57 |
+- padata_validate_cpumask(pinst, pinst->cpumask.cbcpu)) |
58 |
+- __padata_start(pinst); |
59 |
+- } |
60 |
+- |
61 |
+- return 0; |
62 |
+-} |
63 |
+- |
64 |
+-static int __padata_remove_cpu(struct padata_instance *pinst, int cpu) |
65 |
+-{ |
66 |
+- struct parallel_data *pd = NULL; |
67 |
+- |
68 |
+- if (cpumask_test_cpu(cpu, cpu_online_mask)) { |
69 |
+- |
70 |
+- if (!padata_validate_cpumask(pinst, pinst->cpumask.pcpu) || |
71 |
+- !padata_validate_cpumask(pinst, pinst->cpumask.cbcpu)) |
72 |
+- __padata_stop(pinst); |
73 |
+- |
74 |
+- pd = padata_alloc_pd(pinst, pinst->cpumask.pcpu, |
75 |
+- pinst->cpumask.cbcpu); |
76 |
+- if (!pd) |
77 |
+- return -ENOMEM; |
78 |
+- |
79 |
+- padata_replace(pinst, pd); |
80 |
+- |
81 |
+- cpumask_clear_cpu(cpu, pd->cpumask.cbcpu); |
82 |
+- cpumask_clear_cpu(cpu, pd->cpumask.pcpu); |
83 |
+- } |
84 |
+- |
85 |
+- return 0; |
86 |
+-} |
87 |
+- |
88 |
+- /** |
89 |
+- * padata_remove_cpu - remove a cpu from the one or both(serial and parallel) |
90 |
+- * padata cpumasks. |
91 |
+- * |
92 |
+- * @pinst: padata instance |
93 |
+- * @cpu: cpu to remove |
94 |
+- * @mask: bitmask specifying from which cpumask @cpu should be removed |
95 |
+- * The @mask may be any combination of the following flags: |
96 |
+- * PADATA_CPU_SERIAL - serial cpumask |
97 |
+- * PADATA_CPU_PARALLEL - parallel cpumask |
98 |
+- */ |
99 |
+-int padata_remove_cpu(struct padata_instance *pinst, int cpu, int mask) |
100 |
+-{ |
101 |
+- int err; |
102 |
+- |
103 |
+- if (!(mask & (PADATA_CPU_SERIAL | PADATA_CPU_PARALLEL))) |
104 |
+- return -EINVAL; |
105 |
+- |
106 |
+- mutex_lock(&pinst->lock); |
107 |
+- |
108 |
+- get_online_cpus(); |
109 |
+- if (mask & PADATA_CPU_SERIAL) |
110 |
+- cpumask_clear_cpu(cpu, pinst->cpumask.cbcpu); |
111 |
+- if (mask & PADATA_CPU_PARALLEL) |
112 |
+- cpumask_clear_cpu(cpu, pinst->cpumask.pcpu); |
113 |
+- |
114 |
+- err = __padata_remove_cpu(pinst, cpu); |
115 |
+- put_online_cpus(); |
116 |
+- |
117 |
+- mutex_unlock(&pinst->lock); |
118 |
+- |
119 |
+- return err; |
120 |
+-} |
121 |
+- |
122 |
+-static inline int pinst_has_cpu(struct padata_instance *pinst, int cpu) |
123 |
+-{ |
124 |
+- return cpumask_test_cpu(cpu, pinst->cpumask.pcpu) || |
125 |
+- cpumask_test_cpu(cpu, pinst->cpumask.cbcpu); |
126 |
+-} |
127 |
+- |
128 |
+-static int padata_cpu_online(unsigned int cpu, struct hlist_node *node) |
129 |
+-{ |
130 |
+- struct padata_instance *pinst; |
131 |
+- int ret; |
132 |
+- |
133 |
+- pinst = hlist_entry_safe(node, struct padata_instance, node); |
134 |
+- if (!pinst_has_cpu(pinst, cpu)) |
135 |
+- return 0; |
136 |
+- |
137 |
+- mutex_lock(&pinst->lock); |
138 |
+- ret = __padata_add_cpu(pinst, cpu); |
139 |
+- mutex_unlock(&pinst->lock); |
140 |
+- return ret; |
141 |
+-} |
142 |
+- |
143 |
+-static int padata_cpu_prep_down(unsigned int cpu, struct hlist_node *node) |
144 |
+-{ |
145 |
+- struct padata_instance *pinst; |
146 |
+- int ret; |
147 |
+- |
148 |
+- pinst = hlist_entry_safe(node, struct padata_instance, node); |
149 |
+- if (!pinst_has_cpu(pinst, cpu)) |
150 |
+- return 0; |
151 |
+- |
152 |
+- mutex_lock(&pinst->lock); |
153 |
+- ret = __padata_remove_cpu(pinst, cpu); |
154 |
+- mutex_unlock(&pinst->lock); |
155 |
+- return ret; |
156 |
+-} |
157 |
+- |
158 |
+-static enum cpuhp_state hp_online; |
159 |
+-#endif |
160 |
+- |
161 |
+ static void __padata_free(struct padata_instance *pinst) |
162 |
+ { |
163 |
+-#ifdef CONFIG_HOTPLUG_CPU |
164 |
+- cpuhp_state_remove_instance_nocalls(hp_online, &pinst->node); |
165 |
+-#endif |
166 |
+- |
167 |
+ padata_stop(pinst); |
168 |
+ padata_free_pd(pinst->pd); |
169 |
+ free_cpumask_var(pinst->cpumask.pcpu); |
170 |
+@@ -995,9 +872,6 @@ struct padata_instance *padata_alloc(struct workqueue_struct *wq, |
171 |
+ kobject_init(&pinst->kobj, &padata_attr_type); |
172 |
+ mutex_init(&pinst->lock); |
173 |
+ |
174 |
+-#ifdef CONFIG_HOTPLUG_CPU |
175 |
+- cpuhp_state_add_instance_nocalls(hp_online, &pinst->node); |
176 |
+-#endif |
177 |
+ return pinst; |
178 |
+ |
179 |
+ err_free_masks: |
180 |
+@@ -1019,26 +893,3 @@ void padata_free(struct padata_instance *pinst) |
181 |
+ { |
182 |
+ kobject_put(&pinst->kobj); |
183 |
+ } |
184 |
+- |
185 |
+-#ifdef CONFIG_HOTPLUG_CPU |
186 |
+- |
187 |
+-static __init int padata_driver_init(void) |
188 |
+-{ |
189 |
+- int ret; |
190 |
+- |
191 |
+- ret = cpuhp_setup_state_multi(CPUHP_AP_ONLINE_DYN, "padata:online", |
192 |
+- padata_cpu_online, |
193 |
+- padata_cpu_prep_down); |
194 |
+- if (ret < 0) |
195 |
+- return ret; |
196 |
+- hp_online = ret; |
197 |
+- return 0; |
198 |
+-} |
199 |
+-module_init(padata_driver_init); |
200 |
+- |
201 |
+-static __exit void padata_driver_exit(void) |
202 |
+-{ |
203 |
+- cpuhp_remove_multi_state(hp_online); |
204 |
+-} |
205 |
+-module_exit(padata_driver_exit); |
206 |
+-#endif |
207 |
+-- |
208 |
+cgit v1.1-9-ge9c1d |
209 |
+ |
210 |
|
211 |
diff --git a/net-vpn/wireguard/wireguard-0.0.20170531-r1.ebuild b/net-vpn/wireguard/wireguard-0.0.20170531-r1.ebuild |
212 |
new file mode 100644 |
213 |
index 00000000000..3d5b1b746f0 |
214 |
--- /dev/null |
215 |
+++ b/net-vpn/wireguard/wireguard-0.0.20170531-r1.ebuild |
216 |
@@ -0,0 +1,115 @@ |
217 |
+# Copyright 1999-2017 Gentoo Foundation |
218 |
+# Distributed under the terms of the GNU General Public License v2 |
219 |
+ |
220 |
+EAPI=6 |
221 |
+ |
222 |
+inherit linux-mod bash-completion-r1 |
223 |
+ |
224 |
+DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography." |
225 |
+HOMEPAGE="https://www.wireguard.io/" |
226 |
+ |
227 |
+if [[ ${PV} == 9999 ]]; then |
228 |
+ inherit git-r3 |
229 |
+ EGIT_REPO_URI="https://git.zx2c4.com/WireGuard" |
230 |
+ KEYWORDS="" |
231 |
+else |
232 |
+ SRC_URI="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" |
233 |
+ S="${WORKDIR}/WireGuard-${PV}" |
234 |
+ KEYWORDS="~amd64 ~x86 ~mips ~arm ~arm64" |
235 |
+fi |
236 |
+ |
237 |
+LICENSE="GPL-2" |
238 |
+SLOT="0" |
239 |
+IUSE="debug +module +tools module-src" |
240 |
+ |
241 |
+DEPEND="tools? ( net-libs/libmnl )" |
242 |
+RDEPEND="${DEPEND}" |
243 |
+ |
244 |
+MODULE_NAMES="wireguard(net:src)" |
245 |
+BUILD_PARAMS="KERNELDIR=${KERNEL_DIR} V=1" |
246 |
+BUILD_TARGETS="module" |
247 |
+CONFIG_CHECK="NET INET NET_UDP_TUNNEL NF_CONNTRACK NETFILTER_XT_MATCH_HASHLIMIT CRYPTO_BLKCIPHER ~PADATA ~IP6_NF_IPTABLES" |
248 |
+WARNING_PADATA="If you're running a multicore system you likely should enable CONFIG_PADATA for improved performance and parallel crypto." |
249 |
+WARNING_IP6_NF_IPTABLES="If your kernel has CONFIG_IPV6, you need CONFIG_IP6_NF_IPTABLES; otherwise WireGuard will not insert." |
250 |
+ |
251 |
+pkg_setup() { |
252 |
+ if use module; then |
253 |
+ linux-mod_pkg_setup |
254 |
+ kernel_is -lt 3 10 0 && die "This version of ${PN} requires Linux >= 3.10" |
255 |
+ fi |
256 |
+} |
257 |
+ |
258 |
+src_prepare() { |
259 |
+ epatch "${FILESDIR}/${P}-remove-padata-hotplug.patch" |
260 |
+ default |
261 |
+} |
262 |
+ |
263 |
+src_compile() { |
264 |
+ use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}" |
265 |
+ use module && linux-mod_src_compile |
266 |
+ use tools && emake RUNSTATEDIR="${EPREFIX}/run" -C src/tools |
267 |
+} |
268 |
+ |
269 |
+src_install() { |
270 |
+ use module && linux-mod_src_install |
271 |
+ if use tools; then |
272 |
+ dodoc README.md |
273 |
+ dodoc -r contrib/examples |
274 |
+ emake \ |
275 |
+ WITH_BASHCOMPLETION=yes \ |
276 |
+ WITH_SYSTEMDUNITS=yes \ |
277 |
+ WITH_WGQUICK=yes \ |
278 |
+ DESTDIR="${D}" \ |
279 |
+ BASHCOMPDIR="$(get_bashcompdir)" \ |
280 |
+ PREFIX="${EPREFIX}/usr" \ |
281 |
+ -C src/tools install |
282 |
+ insinto /$(get_libdir)/netifrc/net |
283 |
+ newins "${FILESDIR}"/wireguard-openrc.sh wireguard.sh |
284 |
+ fi |
285 |
+ use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install |
286 |
+} |
287 |
+ |
288 |
+pkg_postinst() { |
289 |
+ if use module-src && ! use module; then |
290 |
+ einfo |
291 |
+ einfo "You have enabled the module-src USE flag without the module USE" |
292 |
+ einfo "flag. This means that sources are installed to" |
293 |
+ einfo "${ROOT}usr/src/wireguard instead of having the" |
294 |
+ einfo "kernel module compiled. You will need to compile the module" |
295 |
+ einfo "yourself. Most likely, you don't want this USE flag, and should" |
296 |
+ einfo "rather use USE=module" |
297 |
+ einfo |
298 |
+ fi |
299 |
+ use module && linux-mod_pkg_postinst |
300 |
+ |
301 |
+ ewarn |
302 |
+ ewarn "This software is experimental and has not yet been released." |
303 |
+ ewarn "As such, it may contain significant issues. Please do not file" |
304 |
+ ewarn "bug reports with Gentoo, but rather direct them upstream to:" |
305 |
+ ewarn |
306 |
+ ewarn " team@×××××××××.io security@×××××××××.io" |
307 |
+ ewarn |
308 |
+ |
309 |
+ if use tools; then |
310 |
+ einfo |
311 |
+ einfo "After installing WireGuard, if you'd like to try sending some packets through" |
312 |
+ einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh" |
313 |
+ einfo "test example script:" |
314 |
+ einfo |
315 |
+ einfo " \$ bzcat ${ROOT}usr/share/doc/${PF}/examples/ncat-client-server/client.sh.bz2 | sudo bash -" |
316 |
+ einfo |
317 |
+ einfo "This will automatically setup interface wg0, through a very insecure transport" |
318 |
+ einfo "that is only suitable for demonstration purposes. You can then try loading the" |
319 |
+ einfo "hidden website or sending pings:" |
320 |
+ einfo |
321 |
+ einfo " \$ chromium http://192.168.4.1" |
322 |
+ einfo " \$ ping 192.168.4.1" |
323 |
+ einfo |
324 |
+ einfo "If you'd like to redirect your internet traffic, you can run it with the" |
325 |
+ einfo "\"default-route\" argument. You may not use this server for any abusive or illegal" |
326 |
+ einfo "purposes. It is for quick testing only." |
327 |
+ einfo |
328 |
+ einfo "More info on getting started can be found at: https://www.wireguard.io/quickstart/" |
329 |
+ einfo |
330 |
+ fi |
331 |
+} |