[gentoo-commits] repo/gentoo:master commit in: net-vpn/wireguard/files/, net-vpn/wireguard/ - gentoo-commits

From:	Jason Donenfeld <zx2c4@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-vpn/wireguard/files/, net-vpn/wireguard/
Date:	Thu, 01 Jun 2017 18:15:13
Message-Id:	`1496340896.98de0b375822da3d946004d292a03c050dfaa72d.zx2c4@gentoo`

1

commit:     98de0b375822da3d946004d292a03c050dfaa72d

2

Author:     Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>

3

AuthorDate: Thu Jun  1 18:14:43 2017 +0000

4

Commit:     Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org>

5

CommitDate: Thu Jun  1 18:14:56 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98de0b37

7

8

net-vpn/wireguard: work around hotplug+!padata

9

10

Package-Manager: Portage-2.3.6, Repoman-2.3.2

11

12

 ...eguard-0.0.20170531-remove-padata-hotplug.patch | 188 +++++++++++++++++++++

13

 net-vpn/wireguard/wireguard-0.0.20170531-r1.ebuild | 115 +++++++++++++

14

 2 files changed, 303 insertions(+)

15

16

diff --git a/net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch b/net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch

17

new file mode 100644

18

index 00000000000..a1f4b80d01d

19

--- /dev/null

20

+++ b/net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch

21

@@ -0,0 +1,188 @@

22

+From 1e0405942cecfd6de2a7707f3027f326d6f2fdb4 Mon Sep 17 00:00:00 2001

23

+From: "Jason A. Donenfeld" <Jason@×××××.com>

24

+Date: Thu, 1 Jun 2017 16:55:20 +0200

25

+Subject: compat: remove padata hotplug code

26

+

27

+It's different on different kernel versions, and we're not using it

28

+anyway, so it's easiest to just get rid of it, rather than having

29

+another ifdef maze.

30

+---

31

+ src/compat/padata/padata.c | 149 ---------------------------------------------

32

+ 1 file changed, 149 deletions(-)

33

+

34

+diff --git a/src/compat/padata/padata.c b/src/compat/padata/padata.c

35

+index 480c43f..25836db 100644

36

+--- a/src/compat/padata/padata.c

37

++++ b/src/compat/padata/padata.c

38

+@@ -677,131 +677,8 @@ void padata_stop(struct padata_instance *pinst)

39

+ 	mutex_unlock(&pinst->lock);

40

+ }

41

+

42

+-#ifdef CONFIG_HOTPLUG_CPU

43

+-

44

+-static int __padata_add_cpu(struct padata_instance *pinst, int cpu)

45

+-{

46

+-	struct parallel_data *pd;

47

+-

48

+-	if (cpumask_test_cpu(cpu, cpu_online_mask)) {

49

+-		pd = padata_alloc_pd(pinst, pinst->cpumask.pcpu,

50

+-				     pinst->cpumask.cbcpu);

51

+-		if (!pd)

52

+-			return -ENOMEM;

53

+-

54

+-		padata_replace(pinst, pd);

55

+-

56

+-		if (padata_validate_cpumask(pinst, pinst->cpumask.pcpu) &&

57

+-		    padata_validate_cpumask(pinst, pinst->cpumask.cbcpu))

58

+-			__padata_start(pinst);

59

+-	}

60

+-

61

+-	return 0;

62

+-}

63

+-

64

+-static int __padata_remove_cpu(struct padata_instance *pinst, int cpu)

65

+-{

66

+-	struct parallel_data *pd = NULL;

67

+-

68

+-	if (cpumask_test_cpu(cpu, cpu_online_mask)) {

69

+-

70

+-		if (!padata_validate_cpumask(pinst, pinst->cpumask.pcpu) ||

71

+-		    !padata_validate_cpumask(pinst, pinst->cpumask.cbcpu))

72

+-			__padata_stop(pinst);

73

+-

74

+-		pd = padata_alloc_pd(pinst, pinst->cpumask.pcpu,

75

+-				     pinst->cpumask.cbcpu);

76

+-		if (!pd)

77

+-			return -ENOMEM;

78

+-

79

+-		padata_replace(pinst, pd);

80

+-

81

+-		cpumask_clear_cpu(cpu, pd->cpumask.cbcpu);

82

+-		cpumask_clear_cpu(cpu, pd->cpumask.pcpu);

83

+-	}

84

+-

85

+-	return 0;

86

+-}

87

+-

88

+- /**

89

+- * padata_remove_cpu - remove a cpu from the one or both(serial and parallel)

90

+- *                     padata cpumasks.

91

+- *

92

+- * @pinst: padata instance

93

+- * @cpu: cpu to remove

94

+- * @mask: bitmask specifying from which cpumask @cpu should be removed

95

+- *        The @mask may be any combination of the following flags:

96

+- *          PADATA_CPU_SERIAL   - serial cpumask

97

+- *          PADATA_CPU_PARALLEL - parallel cpumask

98

+- */

99

+-int padata_remove_cpu(struct padata_instance *pinst, int cpu, int mask)

100

+-{

101

+-	int err;

102

+-

103

+-	if (!(mask & (PADATA_CPU_SERIAL | PADATA_CPU_PARALLEL)))

104

+-		return -EINVAL;

105

+-

106

+-	mutex_lock(&pinst->lock);

107

+-

108

+-	get_online_cpus();

109

+-	if (mask & PADATA_CPU_SERIAL)

110

+-		cpumask_clear_cpu(cpu, pinst->cpumask.cbcpu);

111

+-	if (mask & PADATA_CPU_PARALLEL)

112

+-		cpumask_clear_cpu(cpu, pinst->cpumask.pcpu);

113

+-

114

+-	err = __padata_remove_cpu(pinst, cpu);

115

+-	put_online_cpus();

116

+-

117

+-	mutex_unlock(&pinst->lock);

118

+-

119

+-	return err;

120

+-}

121

+-

122

+-static inline int pinst_has_cpu(struct padata_instance *pinst, int cpu)

123

+-{

124

+-	return cpumask_test_cpu(cpu, pinst->cpumask.pcpu) ||

125

+-		cpumask_test_cpu(cpu, pinst->cpumask.cbcpu);

126

+-}

127

+-

128

+-static int padata_cpu_online(unsigned int cpu, struct hlist_node *node)

129

+-{

130

+-	struct padata_instance *pinst;

131

+-	int ret;

132

+-

133

+-	pinst = hlist_entry_safe(node, struct padata_instance, node);

134

+-	if (!pinst_has_cpu(pinst, cpu))

135

+-		return 0;

136

+-

137

+-	mutex_lock(&pinst->lock);

138

+-	ret = __padata_add_cpu(pinst, cpu);

139

+-	mutex_unlock(&pinst->lock);

140

+-	return ret;

141

+-}

142

+-

143

+-static int padata_cpu_prep_down(unsigned int cpu, struct hlist_node *node)

144

+-{

145

+-	struct padata_instance *pinst;

146

+-	int ret;

147

+-

148

+-	pinst = hlist_entry_safe(node, struct padata_instance, node);

149

+-	if (!pinst_has_cpu(pinst, cpu))

150

+-		return 0;

151

+-

152

+-	mutex_lock(&pinst->lock);

153

+-	ret = __padata_remove_cpu(pinst, cpu);

154

+-	mutex_unlock(&pinst->lock);

155

+-	return ret;

156

+-}

157

+-

158

+-static enum cpuhp_state hp_online;

159

+-#endif

160

+-

161

+ static void __padata_free(struct padata_instance *pinst)

162

+ {

163

+-#ifdef CONFIG_HOTPLUG_CPU

164

+-	cpuhp_state_remove_instance_nocalls(hp_online, &pinst->node);

165

+-#endif

166

+-

167

+ 	padata_stop(pinst);

168

+ 	padata_free_pd(pinst->pd);

169

+ 	free_cpumask_var(pinst->cpumask.pcpu);

170

+@@ -995,9 +872,6 @@ struct padata_instance *padata_alloc(struct workqueue_struct *wq,

171

+ 	kobject_init(&pinst->kobj, &padata_attr_type);

172

+ 	mutex_init(&pinst->lock);

173

+

174

+-#ifdef CONFIG_HOTPLUG_CPU

175

+-	cpuhp_state_add_instance_nocalls(hp_online, &pinst->node);

176

+-#endif

177

+ 	return pinst;

178

+

179

+ err_free_masks:

180

+@@ -1019,26 +893,3 @@ void padata_free(struct padata_instance *pinst)

181

+ {

182

+ 	kobject_put(&pinst->kobj);

183

+ }

184

+-

185

+-#ifdef CONFIG_HOTPLUG_CPU

186

+-

187

+-static __init int padata_driver_init(void)

188

+-{

189

+-	int ret;

190

+-

191

+-	ret = cpuhp_setup_state_multi(CPUHP_AP_ONLINE_DYN, "padata:online",

192

+-				      padata_cpu_online,

193

+-				      padata_cpu_prep_down);

194

+-	if (ret < 0)

195

+-		return ret;

196

+-	hp_online = ret;

197

+-	return 0;

198

+-}

199

+-module_init(padata_driver_init);

200

+-

201

+-static __exit void padata_driver_exit(void)

202

+-{

203

+-	cpuhp_remove_multi_state(hp_online);

204

+-}

205

+-module_exit(padata_driver_exit);

206

+-#endif

207

+--

208

+cgit v1.1-9-ge9c1d

209

+

210

211

diff --git a/net-vpn/wireguard/wireguard-0.0.20170531-r1.ebuild b/net-vpn/wireguard/wireguard-0.0.20170531-r1.ebuild

212

new file mode 100644

213

index 00000000000..3d5b1b746f0

214

--- /dev/null

215

+++ b/net-vpn/wireguard/wireguard-0.0.20170531-r1.ebuild

216

@@ -0,0 +1,115 @@

217

+# Copyright 1999-2017 Gentoo Foundation

218

+# Distributed under the terms of the GNU General Public License v2

219

+

220

+EAPI=6

221

+

222

+inherit linux-mod bash-completion-r1

223

+

224

+DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography."

225

+HOMEPAGE="https://www.wireguard.io/"

226

+

227

+if [[ ${PV} == 9999 ]]; then

228

+	inherit git-r3

229

+	EGIT_REPO_URI="https://git.zx2c4.com/WireGuard"

230

+	KEYWORDS=""

231

+else

232

+	SRC_URI="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"

233

+	S="${WORKDIR}/WireGuard-${PV}"

234

+	KEYWORDS="~amd64 ~x86 ~mips ~arm ~arm64"

235

+fi

236

+

237

+LICENSE="GPL-2"

238

+SLOT="0"

239

+IUSE="debug +module +tools module-src"

240

+

241

+DEPEND="tools? ( net-libs/libmnl )"

242

+RDEPEND="${DEPEND}"

243

+

244

+MODULE_NAMES="wireguard(net:src)"

245

+BUILD_PARAMS="KERNELDIR=${KERNEL_DIR} V=1"

246

+BUILD_TARGETS="module"

247

+CONFIG_CHECK="NET INET NET_UDP_TUNNEL NF_CONNTRACK NETFILTER_XT_MATCH_HASHLIMIT CRYPTO_BLKCIPHER ~PADATA ~IP6_NF_IPTABLES"

248

+WARNING_PADATA="If you're running a multicore system you likely should enable CONFIG_PADATA for improved performance and parallel crypto."

249

+WARNING_IP6_NF_IPTABLES="If your kernel has CONFIG_IPV6, you need CONFIG_IP6_NF_IPTABLES; otherwise WireGuard will not insert."

250

+

251

+pkg_setup() {

252

+	if use module; then

253

+		linux-mod_pkg_setup

254

+		kernel_is -lt 3 10 0 && die "This version of ${PN} requires Linux >= 3.10"

255

+	fi

256

+}

257

+

258

+src_prepare() {

259

+	epatch "${FILESDIR}/${P}-remove-padata-hotplug.patch"

260

+	default

261

+}

262

+

263

+src_compile() {

264

+	use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}"

265

+	use module && linux-mod_src_compile

266

+	use tools && emake RUNSTATEDIR="${EPREFIX}/run" -C src/tools

267

+}

268

+

269

+src_install() {

270

+	use module && linux-mod_src_install

271

+	if use tools; then

272

+		dodoc README.md

273

+		dodoc -r contrib/examples

274

+		emake \

275

+			WITH_BASHCOMPLETION=yes \

276

+			WITH_SYSTEMDUNITS=yes \

277

+			WITH_WGQUICK=yes \

278

+			DESTDIR="${D}" \

279

+			BASHCOMPDIR="$(get_bashcompdir)" \

280

+			PREFIX="${EPREFIX}/usr" \

281

+			-C src/tools install

282

+		insinto /$(get_libdir)/netifrc/net

283

+		newins "${FILESDIR}"/wireguard-openrc.sh wireguard.sh

284

+	fi

285

+	use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install

286

+}

287

+

288

+pkg_postinst() {

289

+	if use module-src && ! use module; then

290

+		einfo

291

+		einfo "You have enabled the module-src USE flag without the module USE"

292

+		einfo "flag. This means that sources are installed to"

293

+		einfo "${ROOT}usr/src/wireguard instead of having the"

294

+		einfo "kernel module compiled. You will need to compile the module"

295

+		einfo "yourself. Most likely, you don't want this USE flag, and should"

296

+		einfo "rather use USE=module"

297

+		einfo

298

+	fi

299

+	use module && linux-mod_pkg_postinst

300

+

301

+	ewarn

302

+	ewarn "This software is experimental and has not yet been released."

303

+	ewarn "As such, it may contain significant issues. Please do not file"

304

+	ewarn "bug reports with Gentoo, but rather direct them upstream to:"

305

+	ewarn

306

+	ewarn "    team@×××××××××.io    security@×××××××××.io"

307

+	ewarn

308

+

309

+	if use tools; then

310

+		einfo

311

+		einfo "After installing WireGuard, if you'd like to try sending some packets through"

312

+		einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh"

313

+		einfo "test example script:"

314

+		einfo

315

+		einfo "  \$ bzcat ${ROOT}usr/share/doc/${PF}/examples/ncat-client-server/client.sh.bz2 | sudo bash -"

316

+		einfo

317

+		einfo "This will automatically setup interface wg0, through a very insecure transport"

318

+		einfo "that is only suitable for demonstration purposes. You can then try loading the"

319

+		einfo "hidden website or sending pings:"

320

+		einfo

321

+		einfo "  \$ chromium http://192.168.4.1"

322

+		einfo "  \$ ping 192.168.4.1"

323

+		einfo

324

+		einfo "If you'd like to redirect your internet traffic, you can run it with the"

325

+		einfo "\"default-route\" argument. You may not use this server for any abusive or illegal"

326

+		einfo "purposes. It is for quick testing only."

327

+		einfo

328

+		einfo "More info on getting started can be found at: https://www.wireguard.io/quickstart/"

329

+		einfo

330

+	fi

331

+}

1	commit: 98de0b375822da3d946004d292a03c050dfaa72d
2	Author: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
3	AuthorDate: Thu Jun 1 18:14:43 2017 +0000
4	Commit: Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org>
5	CommitDate: Thu Jun 1 18:14:56 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98de0b37
7
8	net-vpn/wireguard: work around hotplug+!padata
9
10	Package-Manager: Portage-2.3.6, Repoman-2.3.2
11
12	...eguard-0.0.20170531-remove-padata-hotplug.patch \| 188 +++++++++++++++++++++
13	net-vpn/wireguard/wireguard-0.0.20170531-r1.ebuild \| 115 +++++++++++++
14	2 files changed, 303 insertions(+)
15
16	diff --git a/net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch b/net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch
17	new file mode 100644
18	index 00000000000..a1f4b80d01d
19	--- /dev/null
20	+++ b/net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch
21	@@ -0,0 +1,188 @@
22	+From 1e0405942cecfd6de2a7707f3027f326d6f2fdb4 Mon Sep 17 00:00:00 2001
23	+From: "Jason A. Donenfeld" <Jason@×××××.com>
24	+Date: Thu, 1 Jun 2017 16:55:20 +0200
25	+Subject: compat: remove padata hotplug code
26	+
27	+It's different on different kernel versions, and we're not using it
28	+anyway, so it's easiest to just get rid of it, rather than having
29	+another ifdef maze.
30	+---
31	+ src/compat/padata/padata.c \| 149 ---------------------------------------------
32	+ 1 file changed, 149 deletions(-)
33	+
34	+diff --git a/src/compat/padata/padata.c b/src/compat/padata/padata.c
35	+index 480c43f..25836db 100644
36	+--- a/src/compat/padata/padata.c
37	++++ b/src/compat/padata/padata.c
38	+@@ -677,131 +677,8 @@ void padata_stop(struct padata_instance *pinst)
39	+ mutex_unlock(&pinst->lock);
40	+ }
41	+
42	+-#ifdef CONFIG_HOTPLUG_CPU
43	+-
44	+-static int __padata_add_cpu(struct padata_instance *pinst, int cpu)
45	+-{
46	+- struct parallel_data *pd;
47	+-
48	+- if (cpumask_test_cpu(cpu, cpu_online_mask)) {
49	+- pd = padata_alloc_pd(pinst, pinst->cpumask.pcpu,
50	+- pinst->cpumask.cbcpu);
51	+- if (!pd)
52	+- return -ENOMEM;
53	+-
54	+- padata_replace(pinst, pd);
55	+-
56	+- if (padata_validate_cpumask(pinst, pinst->cpumask.pcpu) &&
57	+- padata_validate_cpumask(pinst, pinst->cpumask.cbcpu))
58	+- __padata_start(pinst);
59	+- }
60	+-
61	+- return 0;
62	+-}
63	+-
64	+-static int __padata_remove_cpu(struct padata_instance *pinst, int cpu)
65	+-{
66	+- struct parallel_data *pd = NULL;
67	+-
68	+- if (cpumask_test_cpu(cpu, cpu_online_mask)) {
69	+-
70	+- if (!padata_validate_cpumask(pinst, pinst->cpumask.pcpu) \|\|
71	+- !padata_validate_cpumask(pinst, pinst->cpumask.cbcpu))
72	+- __padata_stop(pinst);
73	+-
74	+- pd = padata_alloc_pd(pinst, pinst->cpumask.pcpu,
75	+- pinst->cpumask.cbcpu);
76	+- if (!pd)
77	+- return -ENOMEM;
78	+-
79	+- padata_replace(pinst, pd);
80	+-
81	+- cpumask_clear_cpu(cpu, pd->cpumask.cbcpu);
82	+- cpumask_clear_cpu(cpu, pd->cpumask.pcpu);
83	+- }
84	+-
85	+- return 0;
86	+-}
87	+-
88	+- /**
89	+- * padata_remove_cpu - remove a cpu from the one or both(serial and parallel)
90	+- * padata cpumasks.
91	+- *
92	+- * @pinst: padata instance
93	+- * @cpu: cpu to remove
94	+- * @mask: bitmask specifying from which cpumask @cpu should be removed
95	+- * The @mask may be any combination of the following flags:
96	+- * PADATA_CPU_SERIAL - serial cpumask
97	+- * PADATA_CPU_PARALLEL - parallel cpumask
98	+- */
99	+-int padata_remove_cpu(struct padata_instance *pinst, int cpu, int mask)
100	+-{
101	+- int err;
102	+-
103	+- if (!(mask & (PADATA_CPU_SERIAL \| PADATA_CPU_PARALLEL)))
104	+- return -EINVAL;
105	+-
106	+- mutex_lock(&pinst->lock);
107	+-
108	+- get_online_cpus();
109	+- if (mask & PADATA_CPU_SERIAL)
110	+- cpumask_clear_cpu(cpu, pinst->cpumask.cbcpu);
111	+- if (mask & PADATA_CPU_PARALLEL)
112	+- cpumask_clear_cpu(cpu, pinst->cpumask.pcpu);
113	+-
114	+- err = __padata_remove_cpu(pinst, cpu);
115	+- put_online_cpus();
116	+-
117	+- mutex_unlock(&pinst->lock);
118	+-
119	+- return err;
120	+-}
121	+-
122	+-static inline int pinst_has_cpu(struct padata_instance *pinst, int cpu)
123	+-{
124	+- return cpumask_test_cpu(cpu, pinst->cpumask.pcpu) \|\|
125	+- cpumask_test_cpu(cpu, pinst->cpumask.cbcpu);
126	+-}
127	+-
128	+-static int padata_cpu_online(unsigned int cpu, struct hlist_node *node)
129	+-{
130	+- struct padata_instance *pinst;
131	+- int ret;
132	+-
133	+- pinst = hlist_entry_safe(node, struct padata_instance, node);
134	+- if (!pinst_has_cpu(pinst, cpu))
135	+- return 0;
136	+-
137	+- mutex_lock(&pinst->lock);
138	+- ret = __padata_add_cpu(pinst, cpu);
139	+- mutex_unlock(&pinst->lock);
140	+- return ret;
141	+-}
142	+-
143	+-static int padata_cpu_prep_down(unsigned int cpu, struct hlist_node *node)
144	+-{
145	+- struct padata_instance *pinst;
146	+- int ret;
147	+-
148	+- pinst = hlist_entry_safe(node, struct padata_instance, node);
149	+- if (!pinst_has_cpu(pinst, cpu))
150	+- return 0;
151	+-
152	+- mutex_lock(&pinst->lock);
153	+- ret = __padata_remove_cpu(pinst, cpu);
154	+- mutex_unlock(&pinst->lock);
155	+- return ret;
156	+-}
157	+-
158	+-static enum cpuhp_state hp_online;
159	+-#endif
160	+-
161	+ static void __padata_free(struct padata_instance *pinst)
162	+ {
163	+-#ifdef CONFIG_HOTPLUG_CPU
164	+- cpuhp_state_remove_instance_nocalls(hp_online, &pinst->node);
165	+-#endif
166	+-
167	+ padata_stop(pinst);
168	+ padata_free_pd(pinst->pd);
169	+ free_cpumask_var(pinst->cpumask.pcpu);
170	+@@ -995,9 +872,6 @@ struct padata_instance padata_alloc(struct workqueue_struct wq,
171	+ kobject_init(&pinst->kobj, &padata_attr_type);
172	+ mutex_init(&pinst->lock);
173	+
174	+-#ifdef CONFIG_HOTPLUG_CPU
175	+- cpuhp_state_add_instance_nocalls(hp_online, &pinst->node);
176	+-#endif
177	+ return pinst;
178	+
179	+ err_free_masks:
180	+@@ -1019,26 +893,3 @@ void padata_free(struct padata_instance *pinst)
181	+ {
182	+ kobject_put(&pinst->kobj);
183	+ }
184	+-
185	+-#ifdef CONFIG_HOTPLUG_CPU
186	+-
187	+-static __init int padata_driver_init(void)
188	+-{
189	+- int ret;
190	+-
191	+- ret = cpuhp_setup_state_multi(CPUHP_AP_ONLINE_DYN, "padata:online",
192	+- padata_cpu_online,
193	+- padata_cpu_prep_down);
194	+- if (ret < 0)
195	+- return ret;
196	+- hp_online = ret;
197	+- return 0;
198	+-}
199	+-module_init(padata_driver_init);
200	+-
201	+-static __exit void padata_driver_exit(void)
202	+-{
203	+- cpuhp_remove_multi_state(hp_online);
204	+-}
205	+-module_exit(padata_driver_exit);
206	+-#endif
207	+--
208	+cgit v1.1-9-ge9c1d
209	+
210
211	diff --git a/net-vpn/wireguard/wireguard-0.0.20170531-r1.ebuild b/net-vpn/wireguard/wireguard-0.0.20170531-r1.ebuild
212	new file mode 100644
213	index 00000000000..3d5b1b746f0
214	--- /dev/null
215	+++ b/net-vpn/wireguard/wireguard-0.0.20170531-r1.ebuild
216	@@ -0,0 +1,115 @@
217	+# Copyright 1999-2017 Gentoo Foundation
218	+# Distributed under the terms of the GNU General Public License v2
219	+
220	+EAPI=6
221	+
222	+inherit linux-mod bash-completion-r1
223	+
224	+DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography."
225	+HOMEPAGE="https://www.wireguard.io/"
226	+
227	+if [[ ${PV} == 9999 ]]; then
228	+ inherit git-r3
229	+ EGIT_REPO_URI="https://git.zx2c4.com/WireGuard"
230	+ KEYWORDS=""
231	+else
232	+ SRC_URI="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"
233	+ S="${WORKDIR}/WireGuard-${PV}"
234	+ KEYWORDS="~amd64 ~x86 ~mips ~arm ~arm64"
235	+fi
236	+
237	+LICENSE="GPL-2"
238	+SLOT="0"
239	+IUSE="debug +module +tools module-src"
240	+
241	+DEPEND="tools? ( net-libs/libmnl )"
242	+RDEPEND="${DEPEND}"
243	+
244	+MODULE_NAMES="wireguard(net:src)"
245	+BUILD_PARAMS="KERNELDIR=${KERNEL_DIR} V=1"
246	+BUILD_TARGETS="module"
247	+CONFIG_CHECK="NET INET NET_UDP_TUNNEL NF_CONNTRACK NETFILTER_XT_MATCH_HASHLIMIT CRYPTO_BLKCIPHER ~PADATA ~IP6_NF_IPTABLES"
248	+WARNING_PADATA="If you're running a multicore system you likely should enable CONFIG_PADATA for improved performance and parallel crypto."
249	+WARNING_IP6_NF_IPTABLES="If your kernel has CONFIG_IPV6, you need CONFIG_IP6_NF_IPTABLES; otherwise WireGuard will not insert."
250	+
251	+pkg_setup() {
252	+ if use module; then
253	+ linux-mod_pkg_setup
254	+ kernel_is -lt 3 10 0 && die "This version of ${PN} requires Linux >= 3.10"
255	+ fi
256	+}
257	+
258	+src_prepare() {
259	+ epatch "${FILESDIR}/${P}-remove-padata-hotplug.patch"
260	+ default
261	+}
262	+
263	+src_compile() {
264	+ use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}"
265	+ use module && linux-mod_src_compile
266	+ use tools && emake RUNSTATEDIR="${EPREFIX}/run" -C src/tools
267	+}
268	+
269	+src_install() {
270	+ use module && linux-mod_src_install
271	+ if use tools; then
272	+ dodoc README.md
273	+ dodoc -r contrib/examples
274	+ emake \
275	+ WITH_BASHCOMPLETION=yes \
276	+ WITH_SYSTEMDUNITS=yes \
277	+ WITH_WGQUICK=yes \
278	+ DESTDIR="${D}" \
279	+ BASHCOMPDIR="$(get_bashcompdir)" \
280	+ PREFIX="${EPREFIX}/usr" \
281	+ -C src/tools install
282	+ insinto /$(get_libdir)/netifrc/net
283	+ newins "${FILESDIR}"/wireguard-openrc.sh wireguard.sh
284	+ fi
285	+ use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install
286	+}
287	+
288	+pkg_postinst() {
289	+ if use module-src && ! use module; then
290	+ einfo
291	+ einfo "You have enabled the module-src USE flag without the module USE"
292	+ einfo "flag. This means that sources are installed to"
293	+ einfo "${ROOT}usr/src/wireguard instead of having the"
294	+ einfo "kernel module compiled. You will need to compile the module"
295	+ einfo "yourself. Most likely, you don't want this USE flag, and should"
296	+ einfo "rather use USE=module"
297	+ einfo
298	+ fi
299	+ use module && linux-mod_pkg_postinst
300	+
301	+ ewarn
302	+ ewarn "This software is experimental and has not yet been released."
303	+ ewarn "As such, it may contain significant issues. Please do not file"
304	+ ewarn "bug reports with Gentoo, but rather direct them upstream to:"
305	+ ewarn
306	+ ewarn " team@×××××××××.io security@×××××××××.io"
307	+ ewarn
308	+
309	+ if use tools; then
310	+ einfo
311	+ einfo "After installing WireGuard, if you'd like to try sending some packets through"
312	+ einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh"
313	+ einfo "test example script:"
314	+ einfo
315	+ einfo " \$ bzcat ${ROOT}usr/share/doc/${PF}/examples/ncat-client-server/client.sh.bz2 \| sudo bash -"
316	+ einfo
317	+ einfo "This will automatically setup interface wg0, through a very insecure transport"
318	+ einfo "that is only suitable for demonstration purposes. You can then try loading the"
319	+ einfo "hidden website or sending pings:"
320	+ einfo
321	+ einfo " \$ chromium http://192.168.4.1"
322	+ einfo " \$ ping 192.168.4.1"
323	+ einfo
324	+ einfo "If you'd like to redirect your internet traffic, you can run it with the"
325	+ einfo "\"default-route\" argument. You may not use this server for any abusive or illegal"
326	+ einfo "purposes. It is for quick testing only."
327	+ einfo
328	+ einfo "More info on getting started can be found at: https://www.wireguard.io/quickstart/"
329	+ einfo
330	+ fi
331	+}

Gentoo Archives: gentoo-commits