Commit a906a6e6 authored by Nolan's avatar Nolan

Patch wireguard into our kernel.

parent 665f41ad
......@@ -19,11 +19,13 @@ UBOOT_VERSION = 2017.11
BOOTFW_VERSION = 1.20170811
BUSYBOX_VERSION = 1.28.0-uclibc
ZEROTIER1_VERSION = 1.2.12
WIREGUARD_VERSION = 0.0.20191012
KERNEL_URL=http://cdn.kernel.org/pub/linux/kernel/v4.x/linux-$(KERNEL_VERSION).tar.xz
UBOOT_URL=http://ftp.denx.de/pub/u-boot/u-boot-$(UBOOT_VERSION).tar.bz2
BOOTFW_URL=http://github.com/raspberrypi/firmware/archive/$(BOOTFW_VERSION).tar.gz
ZEROTIER1_URL=http://github.com/zerotier/ZeroTierOne/archive/$(ZEROTIER1_VERSION).tar.gz
WIREGUARD_URL=https://git.zx2c4.com/WireGuard/snapshot/WireGuard-$(WIREGUARD_VERSION).tar.xz
######################################################
# Pick/validate what target architectures we're building for.
......@@ -114,6 +116,7 @@ FSDIR := $(BUILDDIR)/fs
OSFSDIR := $(FSDIR)/rootfs
KERNELDIR := $(BUILDDIR)/linux
ZEROTIER1DIR := $(BUILDDIR)/zerotier-one
WIREGUARDDIR := $(BUILDDIR)/WireGuard
IMGFSDIR := $(BUILDDIR)/imgfs
IMAGESDIR := $(BUILDDIR)/images
......@@ -157,6 +160,23 @@ PHONY += clean
clean: fs_clean initrd_clean
rm -rf $(BUILDDIR)
WIREGUARD_SRC := $(WIREGUARDDIR)/contrib/kernel-tree/create-patch.sh
wireguard_src: $(WIREGUARD_SRC)
$(WIREGUARD_SRC):
@mkdir -p $(WIREGUARDDIR)
wget -qO- $(WIREGUARD_URL) | xz -cd | \
tee >(tar --strip-components=1 -x -C $(WIREGUARDDIR)) | \
gpg2 --no-default-keyring --keyring $(SIGDIR)/pubring.gpg \
--verify $(SIGDIR)/WireGuard-$(WIREGUARD_VERSION).tar.asc - && \
[ `echo "$${PIPESTATUS[@]}" | tr -s ' ' + | bc` -eq 0 ] || \
( rm -rf $(WIREGUARDDIR) && false )
PHONY += wireguard_patch
WIREGUARD_PATCH := $(PATCHDIR)/linux/wireguard.patch
wireguard_patch: $(WIREGUARD_PATCH)
$(WIREGUARD_PATCH): $(WIREGUARD_SRC)
$(WIREGUARD_SRC) > $(WIREGUARD_PATCH)
KERNEL_SRC := $(KERNELDIR)/Makefile
kernel_src: $(KERNEL_SRC)
$(KERNEL_SRC):
......
......@@ -870,6 +870,8 @@ CONFIG_XFRM_USER=y
CONFIG_XFRM_IPCOMP=m
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_WIREGUARD=y
# CONFIG_WIREGUARD_DEBUG is not set
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_FIB_TRIE_STATS is not set
......
......@@ -662,6 +662,8 @@ CONFIG_XFRM=y
# CONFIG_XFRM_STATISTICS is not set
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_WIREGUARD=y
# CONFIG_WIREGUARD_DEBUG is not set
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_PNP=y
......@@ -670,11 +672,11 @@ CONFIG_IP_PNP_BOOTP=y
# CONFIG_IP_PNP_RARP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE_DEMUX is not set
CONFIG_NET_IP_TUNNEL=m
CONFIG_NET_IP_TUNNEL=y
# CONFIG_IP_MROUTE is not set
# CONFIG_SYN_COOKIES is not set
# CONFIG_NET_IPVTI is not set
# CONFIG_NET_UDP_TUNNEL is not set
CONFIG_NET_UDP_TUNNEL=y
# CONFIG_NET_FOU is not set
# CONFIG_NET_FOU_IP_TUNNELS is not set
# CONFIG_INET_AH is not set
......@@ -1460,6 +1462,7 @@ CONFIG_NET_CORE=y
CONFIG_MACVLAN=m
CONFIG_MACVTAP=m
# CONFIG_VXLAN is not set
# CONFIG_GENEVE is not set
# CONFIG_GTP is not set
# CONFIG_MACSEC is not set
# CONFIG_NETCONSOLE is not set
......@@ -4137,6 +4140,7 @@ CONFIG_INTEGRITY_AUDIT=y
# CONFIG_EVM is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_XOR_BLOCKS=y
CONFIG_CRYPTO=y
#
......
ext4-on-fat-resize.patch
wireguard.patch
This diff is collapsed.
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAl2h6VEQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DronQEADIfT1aHGOwdqq/EV2DZbHp6oQ7VeZ0rmS/
ra/ZM+O+K/wOAZzLo3CatP1YRdUk4c2IMnNQe6XjFmRudq0MNnF1KTduDZX7B8WN
txojLRRj2Y8VD74/92GQfqnxo3tTbHENqypiIxf0GECgGlG0B6sBAyIR7LKFz1Ec
OK+NXmcET9uBZauVTVZRXVNfpNOImZzf/YUWqWu1xCAhNGpB9Ge6TUxi6j6al5t/
bu1Fx0C8hszsisWLQ9Xy9jJYWD7l3n7qiGxNXyd1g1QNZwwwY2EfcKmFxqwa5bp9
q2TNq+VdDSk9xU0nVlFpdbum8d9/2DeFb1txBKT4KgeO1gqV6Ra1uL0FQP4uRDgD
JaEz5MNDIrA3gfFYd9EK4JO1Ccmmzb96rnYkRiu1mm7Lf+msOJHs/WWnCd4SiP9w
FMLKSpBpTJFOxlKS7ebb1lNGShBjsxC7tsQvi/mbi/HsCaLOi6EVsN9PVZXs7Znh
kgn93tc2Z3WUhELMhtQ4ai2qdjyS0g+YZI6SIS571NxA//6SOj1zfKrRevHd8EX8
e97ByWeF4DgECLxaeS8qAK33axOwYfAW1/7SN/c4TDNePkGn90oG815voe4O7xWl
GfBgEjGLohwkvgbLhQVJw1bFwmfGz0mon+L7gvrlX7WE7EzPiyxdnhGVfZ9v2IBp
Qu55h530XA==
=Qn9R
-----END PGP SIGNATURE-----
#!/bin/bash
if [ ! -f "$1" ]; then
echo Usage: $0 path/to/keyfile.asc >&2
exit 99
fi
PUBRING="$(readlink -f "$(dirname "$(readlink -f "$0")")/pubring.gpg")"
gpg --no-default-keyring --keyring "$PUBRING" --import "$1"
rm "$PUBRING"~
#XXX Is this ownertrust part needed?
#echo echo AB9942E6D4A4CFC3412620A749FC7012A5DE03AE:6: | gpg2 --homedir . --import-ownertrust
#echo XXX replace AB99... with real key.
#echo XXX then rm any spam files.
No preview for this file type
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment