Wireguard: remove scripts, only provide binaries and example config

SynoCommunity · Apr 17, 2021 · 0374641 · 0374641
1 parent 9a0f8e8
commit 0374641
Show file tree

Hide file tree

Showing 10 changed files with 57 additions and 301 deletions.
diff --git a/cross/wireguard/Makefile → cross/wireguard-linux-compat/Makefile b/cross/wireguard/Makefile → cross/wireguard-linux-compat/Makefile
@@ -1,9 +1,9 @@
-PKG_NAME = wireguard
-PKG_VERS = 1.0.20210124
+PKG_NAME = wireguard-linux-compat
+PKG_VERS = 1.0.20210219
 PKG_EXT = tar.xz
-PKG_DIST_SITE = https://git.zx2c4.com/wireguard-linux-compat/snapshot
-PKG_DIST_NAME = wireguard-linux-compat-$(PKG_VERS).$(PKG_EXT)
-PKG_DIR =  wireguard-linux-compat-$(PKG_VERS)
+PKG_DIST_SITE = https://git.zx2c4.com/$(PKG_NAME)/snapshot
+PKG_DIST_NAME = $(PKG_NAME)-$(PKG_VERS).$(PKG_EXT)
+PKG_DIR =  $(PKG_NAME)-$(PKG_VERS)/src
 
 DEPENDS = cross/libmnl
 
@@ -15,14 +15,11 @@ LICENSE  = GPLv2
 
 ENV += KERNELDIR=$(WORK_DIR)/linux
 
-CONFIGURE_TARGET = noop
-COMPILE_TARGET = wireguard-compile
+CONFIGURE_TARGET = nop
 INSTALL_TARGET = wireguard-install
 
 include ../../mk/spksrc.cross-cc.mk
 
 .PHONY: wireguard-compile wireguard-install
-wireguard-compile:
-	$(RUN) DESTDIR=$(STAGING_INSTALL_PREFIX) $(MAKE) -C src/ module
 wireguard-install:
-	install -m 644 $(WORK_DIR)/$(PKG_DIR)/src/wireguard.ko $(STAGING_INSTALL_PREFIX)/
+	install -m 644 $(WORK_DIR)/$(PKG_DIR)/wireguard.ko $(STAGING_INSTALL_PREFIX)/
diff --git a/cross/wireguard/PLIST → cross/wireguard-linux-compat/PLIST b/cross/wireguard/PLIST → cross/wireguard-linux-compat/PLIST
diff --git a/cross/wireguard-linux-compat/digests b/cross/wireguard-linux-compat/digests
@@ -0,0 +1,3 @@
+wireguard-linux-compat-1.0.20210219.tar.xz SHA1 83b00a70ee971f257603805dcf918134a85fb868
+wireguard-linux-compat-1.0.20210219.tar.xz SHA256 99d35296b8d847a0d4db97a4dda96b464311a6354e75fe0bef6e7c4578690f00
+wireguard-linux-compat-1.0.20210219.tar.xz MD5 8f177b685c7a18ea51ae7f4132cfb444
diff --git a/cross/wireguard-tools/Makefile b/cross/wireguard-tools/Makefile
@@ -1,13 +1,9 @@
 PKG_NAME = wireguard-tools
-PKG_VERS = 1.0.20200827
+PKG_VERS = 1.0.20210315
 PKG_EXT = tar.xz
 PKG_DIST_SITE = https://git.zx2c4.com/$(PKG_NAME)/snapshot
 PKG_DIST_NAME = $(PKG_NAME)-$(PKG_VERS).$(PKG_EXT)
-PKG_DIR =  $(PKG_NAME)-$(PKG_VERS)
-
-# DEPENDS = cross/bash
-
-REQ_KERNEL = 1
+PKG_DIR =  $(PKG_NAME)-$(PKG_VERS)/src
 
 HOMEPAGE = https://www.wireguard.com
 COMMENT  = WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache.
@@ -18,14 +14,11 @@ ENV += WITH_BASHCOMPLETION=no
 ENV += WITH_SYSTEMDUNITS=no
 ENV += PREFIX=$(STAGING_INSTALL_PREFIX)
 
-CONFIGURE_TARGET = noop
-COMPILE_TARGET = wireguard-compile
+CONFIGURE_TARGET = nop
 INSTALL_TARGET = wireguard-install
 
 include ../../mk/spksrc.cross-cc.mk
 
-.PHONY: wireguard-compile wireguard-install
-wireguard-compile:
-	$(RUN) $(MAKE) -C src/
+.PHONY: wireguard-install
 wireguard-install:
-	$(RUN) $(MAKE) -C src/ install
+	$(RUN) $(MAKE) install
diff --git a/cross/wireguard-tools/digests b/cross/wireguard-tools/digests
@@ -1,3 +1,3 @@
-wireguard-tools-1.0.20200827.tar.xz SHA1 96356ca99fe4fb2abaccb27fc336d6183df1979e
-wireguard-tools-1.0.20200827.tar.xz SHA256 51bc85e33a5b3cf353786ae64b0f1216d7a871447f058b6137f793eb0f53b7fd
-wireguard-tools-1.0.20200827.tar.xz MD5 70c4c1a0260d89ca27abdadad10f450b
+wireguard-tools-1.0.20210315.tar.xz SHA1 b8b6f8da60be50a55c4a3ad835bcf0b6ae174a34
+wireguard-tools-1.0.20210315.tar.xz SHA256 af001d5492be6bf58ef0bebe04b446b6f50eb53e1226fab679cc34af40733a22
+wireguard-tools-1.0.20210315.tar.xz MD5 d6663d322ee5e5c4353838c6e9f98a1a
diff --git a/cross/wireguard/digests b/cross/wireguard/digests
diff --git a/spk/wireguard/Makefile b/spk/wireguard/Makefile
@@ -1,11 +1,17 @@
 SPK_NAME = wireguard
-SPK_VERS = 1.0.20200827
+SPK_VERS = 1.0.20210219
 SPK_REV = 1
 SPK_ICON = src/wireguard.png
 
-DEPENDS = cross/$(SPK_NAME) cross/$(SPK_NAME)-tools
+DEPENDS = cross/$(SPK_NAME)-linux-compat cross/$(SPK_NAME)-tools
 UNSUPPORTED_ARCHES = $(PPC_ARCHES)
 
+include ../../mk/spksrc.archs.mk
+# SRM has ash as a shell
+ifeq ($(findstring $(ARCH),$(SRM_ARMv7_ARCHS)),$(ARCH))
+DEPENDS += cross/bash
+endif
+
 MAINTAINER = publicarray
 DESCRIPTION  = WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache.
 DISPLAY_NAME = WireGuard
@@ -14,12 +20,14 @@ LICENSE = GPLv2
 
 FWPORTS = src/$(SPK_NAME).sc
 
-SSS_SCRIPT = src/start-stop-status.sh
-INSTALLER_SCRIPT = src/install.sh
-STARTABLE = yes
+STARTABLE = no
+SYSTEM_GROUP = system
 SERVICE_USER = auto
+SERVICE_SETUP = src/service-setup.sh
+SERVICE_PORT = 51820
+SERVICE_PORT_TITLE = $(DISPLAY_NAME)
 
-SPK_COMMANDS += /bin/wg
-SPK_COMMANDS += /bin/wg-quick
+SPK_COMMANDS += bin/wg
+SPK_COMMANDS += bin/wg-quick
 
 include ../../mk/spksrc.spk.mk
diff --git a/spk/wireguard/src/install.sh b/spk/wireguard/src/install.sh
diff --git a/spk/wireguard/src/service-setup.sh b/spk/wireguard/src/service-setup.sh
@@ -1,44 +1,33 @@
-# shellcheck disable=SC2129
+# shellcheck disable=SC2148
 SERVERPORT=51820
 NETWORK=172.23.0.1/24 # why 172.23 ? because Synology SRM uses 172.22 and 172.21 for OpenVPN and L2TP/IPsec
 INTERFACE=eth0
-# PID_FILE="${SYNOPKG_PKGDEST}/var/wireguard.pid"
+
+WG="$SYNOPKG_PKGDEST/bin/wg"
+WG_QUICK="$SYNOPKG_PKGDEST/bin/wg-quick"
+CONFIG="$SYNOPKG_PKGVAR/wg0.conf"
 
 config() {
     # if the config does not exist make one
-    if [ ! -f "${SYNOPKG_PKGDEST}/var/wg0.conf" ]; then
+    if [ ! -f "${CONFIG}" ]; then
         echo "Creating config file" >> "${LOG_FILE}" 2>&1
-        DDNS=$(grep -m 1 hostname= /etc/ddns.conf | cut -d = -f 2)
+        DDNS=$(grep -m 1 hostname= /etc/ddns.conf | cut -d = -f 2)  >> "${LOG_FILE}" 2>&1
         if [ -z "$DDNS" ]; then
-            DDNS=$(nslookup myip.opendns.com resolver1.opendns.com | tail -n +3 | sed -n 's/Address .:\s*//p') || DDNS=$(wget -qO- https://checkip.amazonaws.com)
+            DDNS=$(nslookup myip.opendns.com resolver1.opendns.com | tail -n +3 | grep 'Address' | awk -F ':' '{print $2}') || DDNS=$(wget -qO- https://checkip.amazonaws.com)  >> "${LOG_FILE}" 2>&1
         fi
-        echo "Endpoint = $DDNS" >> "${LOG_FILE}" 2>&1
-        server_privkey=$(wg genkey)
-        client_privkey=$(wg genkey)
-cat<<EOF > "${SYNOPKG_PKGDEST}/var/wg0.conf"
-# NOTICE - Work in Progress
-# WireGuard is not yet complete. You should not rely on this code.
-# It has not undergone proper degrees of security auditing and the protocol
-# is still subject to change. We're working toward a stable 1.0 release,
-# but that time has not yet come. There are experimental snapshots tagged
-# with "0.0.YYYYMMDD", but these should not be considered real releases and
-# they may contain security vulnerabilities (which would not be eligible for CVEs,
-# since this is pre-release snapshot software).
-# However, if you're interested in helping out, we could really use your help
-# and we readily welcome any form of feedback and review.
-# There's currently quite a bit of work to do on the project todo list,
-# and the more folks testing this out, the better.
-
+        echo "Endpoint = $DDNS"  >> "${LOG_FILE}" 2>&1
+        server_privkey=$($WG genkey)
+        client_privkey=$($WG genkey)
+cat<<EOF > "${CONFIG}"
 [Interface]
 Address = $NETWORK
 ListenPort = $SERVERPORT
 PrivateKey = $server_privkey
-SaveConfig = false
 PostUp = iptables -A SYNO_FORWARD_ACCEPT -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
 PostDown = iptables -D SYNO_FORWARD_ACCEPT -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $INTERFACE -j MASQUERADE
 
 [Peer]
-PublicKey = $(echo "$client_privkey" | wg pubkey)
+PublicKey = $(echo "$client_privkey" | $WG pubkey)
 AllowedIPs = 172.23.0.2/32 # select a unique ip inside of $NETWORK
 
 ## Sample Client Configuration ##
@@ -48,7 +37,7 @@ AllowedIPs = 172.23.0.2/32 # select a unique ip inside of $NETWORK
 ## DNS = 1.1.1.1
 ##
 ## [Peer]
-## PublicKey = $(echo "$server_privkey" | wg pubkey)
+## PublicKey = $(echo "$server_privkey" | $WG pubkey)
 ## Endpoint = $DDNS:$SERVERPORT
 ## AllowedIPs = 0.0.0.0/0, ::/0
 ## # This is for if you're behind a NAT and
@@ -57,35 +46,23 @@ AllowedIPs = 172.23.0.2/32 # select a unique ip inside of $NETWORK
 ## # Optional
 ## # MTU = 1432
 EOF
-        echo "$server_privkey" | wg pubkey > "${SYNOPKG_PKGDEST}/var/publickey"
-        # Allow synoedit to edit these files
-        # chmod 775 "${SYNOPKG_PKGDEST}/var/" >> "${LOG_FILE}" 2>&1
-        # chown :system "${SYNOPKG_PKGDEST}/var/" >> "${LOG_FILE}" 2>&1
+        echo "$server_privkey" | $WG pubkey > "${SYNOPKG_PKGVAR}/publickey"
     fi
 }
 
 service_postinst () {
-    mkdir -p "${SYNOPKG_PKGDEST}/etc/" >> "${INST_LOG}" 2>&1
+    if [ ! -x /bin/bash ]; then # SRM
+        # change shebang to packaged bash
+        sed -i 's/#!\/bin\/bash/#!\/var\/packages\/wireguard\/target\/bin\/bash/' "$WG_QUICK"
+    fi
     # load kernel module and verify that is is loaded
-    insmod "${SYNOPKG_PKGDEST}/wireguard.ko" >> "${INST_LOG}" 2>&1
-    lsmod | grep ^wireguard >> "${INST_LOG}" 2>&1
-
-    # if [ -x "/bin/bash" ]; then
-    #     # change shebang to packaged bash
-    #     sed -i 's/#!\/bin\/bash/#!\/var\/packages\/wireguard\/target\/bin\/bash/' /usr/local/bin/wg-quick
-    # fi
-
-}
-
-service_prestart() {
-    echo "service_prestart" >> "${LOG_FILE}" 2>&1
+    insmod "${SYNOPKG_PKGDEST}/wireguard.ko"
+    lsmod | grep wireguard
     config
-    wg-quick up "${SYNOPKG_PKGDEST}/var/wg0.conf" >> "${LOG_FILE}" 2>&1
 }
-service_poststop () {
-    echo "service_poststop" >> "${LOG_FILE}" 2>&1
-    wg-quick down "${SYNOPKG_PKGDEST}/var/wg0.conf" >> "${LOG_FILE}" 2>&1
-    chmod 744 "${SYNOPKG_PKGDEST}/var/wg0.conf"  >> "${LOG_FILE}" 2>&1
+
+daemon_status () {
+    lsmod | grep wireguard
 }
 
 service_postuninst () {