From 115b2500d9e17f06b3a08ed908166f249322a91f Mon Sep 17 00:00:00 2001 From: Iurii Egorov Date: Sat, 9 Dec 2023 17:03:16 +0300 Subject: [PATCH] Prepare packaging --- debian/NEWS | 11 + debian/TODO | 15 + debian/amneziawg-tools.README.Debian | 16 + debian/amneziawg-tools.examples | 1 + debian/amneziawg-tools.lintian-overrides | 8 + debian/changelog | 839 ++++++++++++++++++ debian/clean | 3 + debian/compat | 1 + debian/control | 57 ++ debian/copyright | 85 ++ debian/files | 4 + debian/gbp.conf | 6 + .../0001-Avoid-using-git-during-build.patch | 21 + ...iring-glibc-2.25-for-wireguard-tools.patch | 35 + debian/patches/series | 2 + debian/rules | 38 + debian/source/format | 1 + debian/tests/control | 17 + debian/tests/keygen | 5 + debian/tests/netns-mini | 55 ++ debian/tests/wg-quick | 171 ++++ debian/upstream/signing-key.asc | 52 ++ debian/watch | 4 + 23 files changed, 1447 insertions(+) create mode 100644 debian/NEWS create mode 100644 debian/TODO create mode 100644 debian/amneziawg-tools.README.Debian create mode 100644 debian/amneziawg-tools.examples create mode 100644 debian/amneziawg-tools.lintian-overrides create mode 100644 debian/changelog create mode 100644 debian/clean create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/files create mode 100644 debian/gbp.conf create mode 100644 debian/patches/0001-Avoid-using-git-during-build.patch create mode 100644 debian/patches/0002-Avoid-requiring-glibc-2.25-for-wireguard-tools.patch create mode 100644 debian/patches/series create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 debian/tests/control create mode 100755 debian/tests/keygen create mode 100755 debian/tests/netns-mini create mode 100755 debian/tests/wg-quick create mode 100644 debian/upstream/signing-key.asc create mode 100644 debian/watch diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..897a279 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,11 @@ +amneziawg (1.0.20200206-2) unstable; urgency=medium + + As of wireguard-linux-compat and wireguard-dkms version 0.0.20200215-2, + we no longer treat installation of the wireguard metapackage as a reason + to try to reload the kernel module upon upgrade. + + See the discussion on + https://salsa.debian.org/debian/wireguard-linux-compat/merge_requests/2 + for more details. + + -- Daniel Kahn Gillmor Mon, 24 Feb 2020 10:08:35 -0500 diff --git a/debian/TODO b/debian/TODO new file mode 100644 index 0000000..667bf8e --- /dev/null +++ b/debian/TODO @@ -0,0 +1,15 @@ +Debian Packaging work for WireGuard: + + * wireguard metapackage should accept a 5.6 (or later) kernel instead + of a module + + * consider make check for wg during build: this depends on + scan-build, which is part of clang, but also wants to clean the + build tree first. Currently, we don't do any build-time tests. + + * autopkgtest: + + - from src/, run "make check" (depending on clang-tools and sparse) + and make sure it looks plausible. + + - Can we add other tests? diff --git a/debian/amneziawg-tools.README.Debian b/debian/amneziawg-tools.README.Debian new file mode 100644 index 0000000..ab9c7bc --- /dev/null +++ b/debian/amneziawg-tools.README.Debian @@ -0,0 +1,16 @@ +Using the WireGuard VPN and encrypted network tunnel +==================================================== + +To use WireGuard, you'll need an additional kernel module which will +probably be built in for Linux 5.6 and later. + +On debian systems with a kernel older than 5.6, you should be able to +build and install the kernel module with only: + + apt install linux-headers-$(uname -r) wireguard-dkms + +Please see https://www.wireguard.com/quickstart for more details on +using WireGuard. + + -- Daniel Kahn Gillmor , Wed, 15 Jan 2020 10:41:35 -0500 + diff --git a/debian/amneziawg-tools.examples b/debian/amneziawg-tools.examples new file mode 100644 index 0000000..86071d7 --- /dev/null +++ b/debian/amneziawg-tools.examples @@ -0,0 +1 @@ +contrib/* diff --git a/debian/amneziawg-tools.lintian-overrides b/debian/amneziawg-tools.lintian-overrides new file mode 100644 index 0000000..0634715 --- /dev/null +++ b/debian/amneziawg-tools.lintian-overrides @@ -0,0 +1,8 @@ +# upstream prefers the less-user-friendly locked-down /etc/wireguard by default +# to avoid leaking local system secrets. I've adjusted the debian package to follow its lead. +# see also https://bugs.debian.org/902831 +amneziawg-tools: non-standard-dir-perm etc/amneziawg/ 0700 != 0755 +# wg-quick@.service is a generator, not an initscript. On systems with sysvinit, +# the admin probably wants to integrate with something like /etc/network/interfaces +# rather than seeing a new script in /etc/init.d/. +amneziawg-tools: package-supports-alternative-init-but-no-init.d-script lib/systemd/system/awg-quick@.service diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..eb33bcf --- /dev/null +++ b/debian/changelog @@ -0,0 +1,839 @@ +amneziawg (1.0.20210914-1ubuntu2) jammy; urgency=medium + + * Add better DEP8 tests (LP: #1952102): + - d/t/control, d/t/wireguard-wgquick: test using network namespaces + and wg-quick + - d/t/netns-mini, d/t/control: test using network namespaces + and wg, taken from the wireguard-linux-compat package + * d/rules: add simple build-time test, taken from the existing + DEP8 test to generate keys (LP: #1952767) + + -- Andreas Hasenack Tue, 07 Dec 2021 08:33:57 -0300 + +amneziawg (1.0.20210914-1ubuntu1) devel; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - Switch alternative dependency order for the wireguard-modules, + wireguard-dkms alternative. + + -- Unit 193 Tue, 23 Nov 2021 11:41:45 -0500 + +amneziawg (1.0.20210914-1) unstable; urgency=medium + + * New upstream release. + * Update Standards-Version to 4.6.0. + + -- Unit 193 Mon, 27 Sep 2021 21:21:06 -0400 + +amneziawg (1.0.20210424-1ubuntu1) devel; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - Switch alternative dependency order for the wireguard-modules, + wireguard-dkms alternative. + + -- Unit 193 Mon, 16 Aug 2021 14:20:40 -0400 + +amneziawg (1.0.20210424-1) unstable; urgency=medium + + * New upstream release. + - Refresh patch. + + -- Unit 193 Fri, 13 Aug 2021 17:36:52 -0400 + +amneziawg (1.0.20210223-1ubuntu1) devel; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - Switch alternative dependency order for the wireguard-modules, + wireguard-dkms alternative. + + -- Unit 193 Tue, 16 Mar 2021 17:27:19 -0400 + +amneziawg (1.0.20210223-1) unstable; urgency=medium + + * New upstream release. + * d/control: + - Bump dh compat to 13. + - Drop Build-Depend on dkms. + * Update Standards-Version to 4.5.1. + + -- Unit 193 Thu, 25 Feb 2021 02:02:36 -0500 + +amneziawg (1.0.20200827-1ubuntu1) devel; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - Switch alternative dependency order for the wireguard-modules, + wireguard-dkms alternative. + + -- Unit 193 Wed, 30 Sep 2020 18:52:56 -0400 + +amneziawg (1.0.20200827-1) unstable; urgency=medium + + * New upstream release. + + -- Unit 193 Wed, 09 Sep 2020 03:47:59 -0400 + +amneziawg (1.0.20200820-1ubuntu1) groovy; urgency=low + + * Merge from Debian unstable. Remaining changes: + - Switch alternative dependency order for teh wireguard-modules, + wireguard-dkms alternative. + + -- Andy Whitcroft Wed, 26 Aug 2020 10:42:33 +0100 + +amneziawg (1.0.20200820-1) unstable; urgency=medium + + * New upstream release. + + -- Unit 193 Sat, 22 Aug 2020 19:19:51 -0400 + +amneziawg (1.0.20200513-1ubuntu1) groovy; urgency=medium + + * Switch alternative dependency order for the wireguard-modules, + wireguard-dkms alternative. Whichever is first is deemed the + preferred installation candidate when neither is present. When this is + wireguard-modules this is satisfied by installation of a random kernel + which claims support for wireguard regardless of its applicability. + Repeat after me, do not ever depend on a kernel. (LP: #1890201) + + -- Andy Whitcroft Mon, 03 Aug 2020 22:24:05 +0100 + +amneziawg (1.0.20200513-1) unstable; urgency=medium + + * New upstream release. + - Drop upstream patch. + * d/control: Lower 'openresolv | resolvconf' to suggests. + + -- Unit 193 Fri, 15 May 2020 18:32:16 -0400 + +amneziawg (1.0.20200510-1) unstable; urgency=medium + + [ Daniel Kahn Gillmor ] + * Add Unit193 to Uploaders + * wrap-and-sort -ast + * prefer wireguard-modules (from a kernel package) over wireguard-dkms + * keygen test only needs wireguard-tools package, not wireguard metapackage + + [ Jason A. Donenfeld ] + * debian: tests: replace ncat-client with keygen + * debian: control: set Recommends order same as Depends order + + [ Unit 193 ] + * New upstream release. + - Refresh patch. + - Grab an upstream commit to install wg-quick.target. + * d/control: + - Update my email address. + - Recommend openresolv | resolvconf. (Closes: #930735) + * d/copyright: Update attribution. + * d/wireguard-tools.lintian-overrides: Drop override about .gitignore. + + -- Unit 193 Tue, 12 May 2020 01:33:42 -0400 + +amneziawg (1.0.20200319-1) unstable; urgency=medium + + [ Unit 193 ] + * New upstream release. + * d/watch: Update to find new releases. + + -- Daniel Kahn Gillmor Sat, 21 Mar 2020 21:30:26 -0400 + +amneziawg (1.0.20200206-2) unstable; urgency=medium + + * add NEWS file documenting that the metapackage will no longer cause a + reload. + + -- Daniel Kahn Gillmor Mon, 24 Feb 2020 10:08:35 -0500 + +amneziawg (1.0.20200206-1) unstable; urgency=medium + + * new upstream release. + * d/copyright: note import of bits from libmnl + * refresh patches + * drop libmnl-dev from build-deps + + -- Daniel Kahn Gillmor Thu, 06 Feb 2020 14:06:44 -0500 + +amneziawg (1.0.20200121-2) unstable; urgency=medium + + * Transfer module reload postinst script to wireguard-dkms package + * standards-version: bump to 4.5.0 (no changes needed) + + -- Daniel Kahn Gillmor Wed, 22 Jan 2020 13:16:57 -0500 + +amneziawg (1.0.20200121-1) unstable; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Tue, 21 Jan 2020 10:12:22 -0500 + +amneziawg (1.0.20200102-1) unstable; urgency=medium + + * new upstream release + * drop wireguard-dkms binary package, now supplied by the + wireguard-linux-compat source package + * refresh patches + * drop lintian override of version-substvar-for-external-package + * ship examples from new upstream path + * update debian/copyright + * avoid using git during build to override src/version.h + + -- Daniel Kahn Gillmor Wed, 15 Jan 2020 11:25:16 -0500 + +amneziawg (0.0.20191219-1) unstable; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Thu, 19 Dec 2019 11:33:41 -0500 + +amneziawg (0.0.20191212-1) unstable; urgency=medium + + * new upstream release + * encourage nftables instead of iptables + + -- Daniel Kahn Gillmor Thu, 12 Dec 2019 10:53:37 -0500 + +amneziawg (0.0.20191206-1) unstable; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Fri, 06 Dec 2019 17:32:38 -0500 + +amneziawg (0.0.20191127-2) unstable; urgency=medium + + * wireguard-tools now Recommends: iptables because of wg-quick + + -- Daniel Kahn Gillmor Wed, 04 Dec 2019 10:46:36 -0500 + +amneziawg (0.0.20191127-1) unstable; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Mon, 02 Dec 2019 09:44:34 -0500 + +amneziawg (0.0.20191012-1) unstable; urgency=medium + + * new upstream release + * d/clean: clean up generated assembler + * more notes about autopkgtest + * standards-version: bump to 4.4.1 (no changes needed) + + -- Daniel Kahn Gillmor Tue, 15 Oct 2019 17:41:38 +0200 + +amneziawg (0.0.20190913-1) unstable; urgency=medium + + * new upstream release + * verbose build to satisfy compiler-flags-hidden complaint from bls + + -- Daniel Kahn Gillmor Thu, 26 Sep 2019 10:29:32 +0200 + +amneziawg (0.0.20190905-1) unstable; urgency=medium + + * new upstream release + * refresh patches + * include ${perl:Depends} in wireguard-dkms + + -- Daniel Kahn Gillmor Sun, 08 Sep 2019 15:42:09 -0400 + +amneziawg (0.0.20190702-3) unstable; urgency=medium + + * clean up wireguard-modules versioned dependency (Closes: #930432) + + -- Daniel Kahn Gillmor Mon, 19 Aug 2019 20:52:22 -0400 + +amneziawg (0.0.20190702-2) unstable; urgency=medium + + * Work around faulty siphash backport (Closes: #934763) + * standards-version: bump to 4.4.0 (no changes needed) + * override package-supports-alternative-init-but-no-init.d-script for + wireguard-tools + + -- Daniel Kahn Gillmor Mon, 19 Aug 2019 18:07:59 -0400 + +amneziawg (0.0.20190702-1) unstable; urgency=medium + + * new upstream version + + -- Daniel Kahn Gillmor Tue, 02 Jul 2019 09:02:32 -0400 + +amneziawg (0.0.20190601-1) unstable; urgency=medium + + * new upstream version + + -- Daniel Kahn Gillmor Mon, 17 Jun 2019 12:25:58 -0400 + +amneziawg (0.0.20190406-1) unstable; urgency=medium + + * New upstream version + * refresh patches + + -- Daniel Kahn Gillmor Mon, 08 Apr 2019 17:09:41 -0400 + +amneziawg (0.0.20190227-1) unstable; urgency=medium + + * New upstream version + + -- Daniel Kahn Gillmor Fri, 01 Mar 2019 13:34:53 -0500 + +amneziawg (0.0.20190123-1) unstable; urgency=medium + + [ Fabian Grünbichler ] + * wireguard.postinst: Add module reload on upgrade (Closes: #913446) + + [ Daniel Kahn Gillmor ] + * New upstream version (Closes: #919232) + * Tighten dependencies and description of wireguard metapackage + * Fine-tune module reload code on wireguard.postinst + * Standards-Version: bump to 4.3.0 (no changes needed) + * Update debian/copyright + * override lintian warning version-substvar-for-external-package + * move to debhelper-compat 12 + + -- Daniel Kahn Gillmor Mon, 28 Jan 2019 14:31:53 -0500 + +amneziawg (0.0.20181218-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Tue, 18 Dec 2018 13:50:07 -0500 + +amneziawg (0.0.20181119-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Mon, 19 Nov 2018 13:30:22 -0500 + +amneziawg (0.0.20181115-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Thu, 15 Nov 2018 17:47:30 -0500 + +amneziawg (0.0.20181018-1) unstable; urgency=medium + + * new upstream snapshot release + + -- Daniel Kahn Gillmor Thu, 18 Oct 2018 09:42:59 -0400 + +amneziawg (0.0.20181007-1) unstable; urgency=medium + + * new upstream snapshot release + + -- Daniel Kahn Gillmor Thu, 18 Oct 2018 09:42:44 -0400 + +amneziawg (0.0.20180925-1) unstable; urgency=medium + + * new upstream snapshot release + * d/copyright: update for licensing tweaks + + -- Daniel Kahn Gillmor Thu, 27 Sep 2018 17:02:13 -0400 + +amneziawg (0.0.20180918-1) unstable; urgency=medium + + * new upstream snapshot release + * d/copyright: note zinc change to MIT license + + -- Daniel Kahn Gillmor Wed, 19 Sep 2018 15:44:54 -0400 + +amneziawg (0.0.20180910-1) unstable; urgency=medium + + * new upstream snapshot release + * d/copyright update for new code sources + + -- Daniel Kahn Gillmor Wed, 12 Sep 2018 00:28:31 -0400 + +amneziawg (0.0.20180904-2) unstable; urgency=medium + + * dkms: use upstream version instead of debian version (closes: #906019) + + -- Daniel Kahn Gillmor Thu, 06 Sep 2018 13:08:44 -0400 + +amneziawg (0.0.20180904-1) unstable; urgency=medium + + * New upstream snapshot release + * Standards-Version: bump to 4.2.1 (no changes needed) + * debian/copyright: update move of sources to zinc + + -- Daniel Kahn Gillmor Wed, 05 Sep 2018 16:24:17 -0400 + +amneziawg (0.0.20180809-1) unstable; urgency=medium + + * Standards-Version: bump to 4.2.0 (no changes needed) + * New upstream snapshot release + + -- Daniel Kahn Gillmor Wed, 05 Sep 2018 16:24:06 -0400 + +amneziawg (0.0.20180802-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Fri, 03 Aug 2018 09:31:12 -0400 + +amneziawg (0.0.20180731-2) unstable; urgency=medium + + * ship /etc/wireguard mode 0700 by default (closes: #902831) + + -- Daniel Kahn Gillmor Tue, 31 Jul 2018 18:00:49 -0400 + +amneziawg (0.0.20180731-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Tue, 31 Jul 2018 15:42:42 -0400 + +amneziawg (0.0.20180718-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Tue, 31 Jul 2018 15:42:30 -0400 + +amneziawg (0.0.20180708-1) unstable; urgency=medium + + * New upstream snapshot release + * Standards-Version: bumped to 4.1.5 (no changes needed) + + -- Daniel Kahn Gillmor Mon, 09 Jul 2018 15:03:15 -0400 + +amneziawg (0.0.20180625-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Mon, 25 Jun 2018 14:02:58 -0400 + +amneziawg (0.0.20180620-1) unstable; urgency=medium + + * new upstream snapshot release + + -- Daniel Kahn Gillmor Thu, 21 Jun 2018 10:25:55 -0400 + +amneziawg (0.0.20180613-3) unstable; urgency=medium + + [ Helmut Grohne ] + * Fix FTCBFS (Closes: #900891) Thanks, Helmut Grohne! + + -- Daniel Kahn Gillmor Mon, 18 Jun 2018 14:35:37 -0400 + +amneziawg (0.0.20180613-2) unstable; urgency=medium + + * avoid requiring glibc-2.25 for wireguard-tools (Closes: #901802) + + -- Daniel Kahn Gillmor Mon, 18 Jun 2018 14:18:31 -0400 + +amneziawg (0.0.20180613-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Thu, 14 Jun 2018 09:59:56 -0400 + +amneziawg (0.0.20180531-1) unstable; urgency=medium + + * New upstream snapshot release + * update debian/copyright + + -- Daniel Kahn Gillmor Fri, 01 Jun 2018 16:08:33 -0400 + +amneziawg (0.0.20180524-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Thu, 24 May 2018 10:38:53 -0400 + +amneziawg (0.0.20180519-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Mon, 21 May 2018 13:42:17 -0400 + +amneziawg (0.0.20180513-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Mon, 14 May 2018 17:28:50 -0400 + +amneziawg (0.0.20180420-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Mon, 14 May 2018 17:28:31 -0400 + +amneziawg (0.0.20180413-1) unstable; urgency=medium + + * New upstream snapshot release + * Standards-Version: bump to 4.1.4 (no changes needed) + + -- Daniel Kahn Gillmor Fri, 20 Apr 2018 12:43:32 -0700 + +amneziawg (0.0.20180304-1) unstable; urgency=medium + + * new upstream snapshot release + + -- Daniel Kahn Gillmor Fri, 16 Mar 2018 01:31:06 +0000 + +amneziawg (0.0.20180218-1) unstable; urgency=medium + + * new upstream snapshot release + * update Jason's signing key + * d/control: set Rules-Requires-Root: no + * convert packaging VCS branchnames to DEP-14 + * d/copyright: embeddable-wg-library is LGPL-2.1+ + + -- Daniel Kahn Gillmor Tue, 20 Feb 2018 14:51:20 -0800 + +amneziawg (0.0.20180202-1) unstable; urgency=medium + + * new upstream snapshot release + * loosen versioned dependencies of wireguard metapackage + * d/copyright: update + + -- Daniel Kahn Gillmor Fri, 02 Feb 2018 15:26:24 -0500 + +amneziawg (0.0.20180118-1) unstable; urgency=medium + + * New upstream snapshot release + * d/copyright: update + + -- Daniel Kahn Gillmor Fri, 19 Jan 2018 00:04:53 -0500 + +amneziawg (0.0.20171221-5) unstable; urgency=medium + + * New debian package for source-only upload + + -- Daniel Kahn Gillmor Sat, 13 Jan 2018 11:35:16 -0500 + +amneziawg (0.0.20171221-4) unstable; urgency=medium + + * d/copyright: annotate a few additional files + + -- Daniel Kahn Gillmor Fri, 12 Jan 2018 16:51:08 -0500 + +amneziawg (0.0.20171221-3) unstable; urgency=medium + + * make inter-package recommendations tightly versioned + * add new wireguard metapackage + + -- Daniel Kahn Gillmor Thu, 11 Jan 2018 17:48:05 -0500 + +amneziawg (0.0.20171221-2) unstable; urgency=medium + + * wrap-and-sort -ast + * standards-version: bump to 4.1.3 (no changes needed) + * move to debhelper 11 + * move Vcs to salsa.debian.org + * clean up lintian-overrides + * include upstream changelog + + -- Daniel Kahn Gillmor Mon, 08 Jan 2018 16:30:38 -0500 + +amneziawg (0.0.20171221-1) unstable; urgency=medium + + * New upstream release + * drop workaround curve25519_generate.js, fixed upstream + + -- Daniel Kahn Gillmor Wed, 20 Dec 2017 22:13:31 -0500 + +amneziawg (0.0.20171211-1) unstable; urgency=medium + + * New upstream release + * refresh patches + * Standards-Version: bump to 4.1.2 (no changes needed) + * examples: avoid shipping pre-generated javascript artifact + + -- Daniel Kahn Gillmor Mon, 11 Dec 2017 20:56:53 -0500 + +amneziawg (0.0.20171127-1) unstable; urgency=medium + + * New upstream release. + * d/copyright: annotate new assembler + + -- Daniel Kahn Gillmor Tue, 28 Nov 2017 17:29:39 -0500 + +amneziawg (0.0.20171111-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Sat, 11 Nov 2017 18:32:19 +0800 + +amneziawg (0.0.20171101-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Tue, 07 Nov 2017 02:05:29 +0100 + +amneziawg (0.0.20171017-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Sun, 22 Oct 2017 10:11:26 -0400 + +amneziawg (0.0.20171011-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Wed, 11 Oct 2017 10:22:23 -0400 + +amneziawg (0.0.20171005-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Fri, 06 Oct 2017 15:29:08 -0700 + +amneziawg (0.0.20171001+dfsg1-1) unstable; urgency=medium + + * New upstream release + - use dfsg-free version of upstream release, dropping accidentally + shipped contrib/examples/sticky-sockets/a.out + - subsequent releases should not need dfsg-free cleanup + * Standards-Version: bump to 4.1.1 (no changes needed) + * move wireguard-dkms to Section: kernel (thanks, Lintian!) + + -- Daniel Kahn Gillmor Mon, 02 Oct 2017 10:08:23 -0700 + +amneziawg (0.0.20170918-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 18 Sep 2017 13:13:43 -0400 + +amneziawg (0.0.20170907-1) unstable; urgency=medium + + * New upstream release + * Standards-Version: bump to 4.1.0 (no changes needed) + + -- Daniel Kahn Gillmor Thu, 07 Sep 2017 10:58:53 -0400 + +amneziawg (0.0.20170810-1) unstable; urgency=medium + + * New upstream release + * Standards-Version: bumped to 4.0.1 (Priority: extra -> optional) + * added autopkgtest to wireguard demo server + + -- Daniel Kahn Gillmor Thu, 10 Aug 2017 20:48:34 -0400 + +amneziawg (0.0.20170726-1) unstable; urgency=medium + + * New upstream release + * switch documentation/metadata from wireguard.io to wireguard.com, + following upstream + + -- Daniel Kahn Gillmor Wed, 26 Jul 2017 11:52:36 -0400 + +amneziawg (0.0.20170706-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Thu, 06 Jul 2017 18:24:04 -0400 + +amneziawg (0.0.20170629-1) unstable; urgency=medium + + * New upstream release + * bumped Standards-Version to 4.0.0 (no changes needed) + + -- Daniel Kahn Gillmor Wed, 05 Jul 2017 15:14:20 -0400 + +amneziawg (0.0.20170613-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Wed, 14 Jun 2017 13:38:22 -0400 + +amneziawg (0.0.20170531-2) unstable; urgency=medium + + * add systemd to build-dependencies to learn systemdsystemunitdir + (thanks, Lintian!) + + -- Daniel Kahn Gillmor Wed, 31 May 2017 15:15:07 -0400 + +amneziawg (0.0.20170531-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Wed, 31 May 2017 11:48:41 -0400 + +amneziawg (0.0.20170517-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Wed, 17 May 2017 15:36:03 -0400 + +amneziawg (0.0.20170421-2) unstable; urgency=medium + + * update/correct debian/copyright + + -- Daniel Kahn Gillmor Tue, 25 Apr 2017 12:56:14 -0400 + +amneziawg (0.0.20170421-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 24 Apr 2017 10:00:55 -0400 + +amneziawg (0.0.20170409-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 10 Apr 2017 01:50:46 -0400 + +amneziawg (0.0.20170324-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Fri, 24 Mar 2017 00:46:22 -0400 + +amneziawg (0.0.20170320.1-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 20 Mar 2017 11:43:36 -0400 + +amneziawg (0.0.20170223-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Thu, 23 Feb 2017 11:29:01 -0500 + +amneziawg (0.0.20170214-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Tue, 14 Feb 2017 08:51:02 -0500 + +amneziawg (0.0.20170213-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 13 Feb 2017 19:06:05 -0500 + +amneziawg (0.0.20170115-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 06 Feb 2017 04:40:14 -0500 + +amneziawg (0.0.20170105-1) UNRELEASED; urgency=medium + + * New upstream release + - adds wg-quick + - adds bash tab completion for wg + - adds systemd .service template for wg-quick + + -- Daniel Kahn Gillmor Wed, 11 Jan 2017 23:19:09 -0500 + +amneziawg (0.0.20161230-1) unstable; urgency=medium + + * New upstream release. + + -- Daniel Kahn Gillmor Tue, 03 Jan 2017 02:21:26 -0500 + +amneziawg (0.0.20161223-1) unstable; urgency=medium + + * New upstream release. + * use uptream's install-dkms Makefile target and dkms.conf instead of + maintaining our own. + + -- Daniel Kahn Gillmor Sat, 24 Dec 2016 16:58:46 -0500 + +amneziawg (0.0.20161218-1) unstable; urgency=medium + + * New upstream release. + * Move from experimental to unstable. Upstream isn't committed to a + long-term stable branch, so we should keep this from migrating to + stretch, but it has stabilized enough for wider distribution. + * Note: we are not using upstream's install-dkms Makefile target. + + -- Daniel Kahn Gillmor Thu, 22 Dec 2016 08:25:15 -0500 + +amneziawg (0.0.20161129-experimental1) experimental; urgency=medium + + * new upstream release + * generate src/version.h from debian package version instead of git + repo. + + -- Daniel Kahn Gillmor Mon, 05 Dec 2016 23:01:22 -0500 + +amneziawg (0.0.20161116.1-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Thu, 17 Nov 2016 08:07:52 +0900 + +amneziawg (0.0.20161110-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Thu, 10 Nov 2016 12:25:50 -0800 + +amneziawg (0.0.20161105-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Sun, 06 Nov 2016 01:47:35 -0400 + +amneziawg (0.0.20161103-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Fri, 04 Nov 2016 10:34:52 -0400 + +amneziawg (0.0.20161102-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Wed, 02 Nov 2016 12:52:58 -0400 + +amneziawg (0.0.20161025-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Tue, 25 Oct 2016 10:05:12 -0400 + +amneziawg (0.0.20161014-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Mon, 24 Oct 2016 14:04:50 -0400 + +amneziawg (0.0.20160808-experimental2) experimental; urgency=medium + + [ Jason A. Donenfeld ] + * properly ship self-tests (Closes: #833961) + + -- Daniel Kahn Gillmor Fri, 12 Aug 2016 01:45:04 -0400 + +amneziawg (0.0.20160808-experimental1) experimental; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 08 Aug 2016 16:54:39 -0400 + +amneziawg (0.0.20160722-experimental1) experimental; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Fri, 22 Jul 2016 17:21:11 -0400 + +amneziawg (0.0.20160711-experimental1) experimental; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Tue, 12 Jul 2016 13:20:26 +0200 + +amneziawg (0.0.20160708.1-experimental1) experimental; urgency=medium + + * New upstream release + * build-depend on pkg-config + * ship upstream examples + + -- Daniel Kahn Gillmor Fri, 08 Jul 2016 23:13:54 +0200 + +amneziawg (0.0.20160630-experimental2) experimental; urgency=medium + + * avoid shipping example/demo scripts at request of upstream + * limit wireguard-tools to only linux platforms, since it makes no sense + elsewhere. + + -- Daniel Kahn Gillmor Sat, 02 Jul 2016 10:32:49 -0400 + +amneziawg (0.0.20160630-experimental1) experimental; urgency=medium + + * First package upload (Closes: #829107) + + -- Daniel Kahn Gillmor Thu, 30 Jun 2016 12:50:33 -0400 diff --git a/debian/clean b/debian/clean new file mode 100644 index 0000000..52ca60f --- /dev/null +++ b/debian/clean @@ -0,0 +1,3 @@ +src/*.o +src/*.d +src/wg diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f11c82a --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 \ No newline at end of file diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..36ab811 --- /dev/null +++ b/debian/control @@ -0,0 +1,57 @@ +Source: amneziawg +Section: net +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Daniel Kahn Gillmor +Uploaders: + Unit 193 , +Build-Depends: + debhelper, + pkg-config, + systemd, +Standards-Version: 4.6.0 +Homepage: https://www.wireguard.com +Vcs-Git: https://github.com/amnezia-vpn/amnezia-wg-tools.git +Vcs-Browser: https://github.com/amnezia-vpn/amnezia-wg-tools +Rules-Requires-Root: no + +Package: amneziawg +Architecture: all +Depends: + amneziawg-dkms (>= 0.0.20200121-2) | amneziawg-modules (>= 0.0.20191219), + amneziawg-tools (>= ${source:Version}), + ${misc:Depends}, +Description: fast, modern, secure kernel VPN tunnel (metapackage) + WireGuard is a novel VPN that runs inside the Linux Kernel and uses + state-of-the-art cryptography (the "Noise" protocol). It aims to be + faster, simpler, leaner, and more useful than IPSec, while avoiding + the massive headache. It intends to be considerably more performant + than OpenVPN. WireGuard is designed as a general purpose VPN for + running on embedded interfaces and super computers alike, fit for + many different circumstances. It runs over UDP. + . + This metapackage explicitly depends on both the kernel module and the + userspace tooling. + +Package: amneziawg-tools +Architecture: linux-any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + nftables | iptables, + amneziawg-modules (>= 0.0.20171001) | amneziawg-dkms (>= 0.0.20191219), +Suggests: openresolv | resolvconf, +Description: fast, modern, secure kernel VPN tunnel (userland utilities) + WireGuard is a novel VPN that runs inside the Linux Kernel and uses + state-of-the-art cryptography (the "Noise" protocol). It aims to be + faster, simpler, leaner, and more useful than IPSec, while avoiding + the massive headache. It intends to be considerably more performant + than OpenVPN. WireGuard is designed as a general purpose VPN for + running on embedded interfaces and super computers alike, fit for + many different circumstances. It runs over UDP. + . + This package contains command-line tools to interact with the + WireGuard kernel module. Currently, it provides only a single tool: + . + awg: set and retrieve configuration of WireGuard interfaces diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..fc51ad2 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,85 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: WireGuard command-line tools +Source: https://www.wireguard.com/ +Upstream-Contact: WireGuard mailing list + +Files: * +Copyright: 2015-2020 Jason A. Donenfeld +License: GPL-2 + +Files: contrib/external-tests/python/main.py +Copyright: 2018 Piotr Lizonczyk +License: MIT + +Files: src/netlink.h contrib/embeddable-wg-library/* +Copyright: 2015-2020 Jason A. Donenfeld + 2008-2012 Pablo Neira Ayuso +License: LGPL-2.1+ + +Files: src/curve25519-fiat32.h +Copyright: 2015-2016 The fiat-crypto Authors. + 2018-2020 Jason A. Donenfeld +License: GPL-2 or MIT + +Files: src/curve25519-hacl64.h +Copyright: 2016-2017 INRIA and Microsoft Corporation. + 2018-2020 Jason A. Donenfeld +License: GPL-2 or MIT + +Files: src/uapi/openbsd/net/if_wg.h +Copyright: 2020 Matt Dunwoodie + 2020 Jason A. Donenfeld +License: ISC + +Files: debian/* +Copyright: 2016-2020 Daniel Kahn Gillmor +License: GPL-2 + +License: GPL-2 + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2. + . + On Debian systems, the complete text of the GNU General Public License + version 2 can be found in file "/usr/share/common-licenses/GPL-2". + +License: LGPL-2.1+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; version 2.1 or later. + . + On Debian systems, the complete text of the GNU Lesser General Public + License version 2.1 can be found in file + "/usr/share/common-licenses/LGPL-2.1". + +License: MIT + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + +License: ISC + Permission to use, copy, modify, and/or distribute this software for + any purpose with or without fee is hereby granted, provided that the + above copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/debian/files b/debian/files new file mode 100644 index 0000000..8ccd5d0 --- /dev/null +++ b/debian/files @@ -0,0 +1,4 @@ +amneziawg-tools-dbgsym_1.0.20210914-1ubuntu2_amd64.ddeb debug optional automatic=yes +amneziawg-tools_1.0.20210914-1ubuntu2_amd64.deb net optional +amneziawg_1.0.20210914-1ubuntu2_all.deb net optional +amneziawg_1.0.20210914-1ubuntu2_amd64.buildinfo net optional diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..8d82621 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,6 @@ +[DEFAULT] +debian-branch = debian/master +upstream-tag = v%(version)s + +[buildpackage] +compression = xz diff --git a/debian/patches/0001-Avoid-using-git-during-build.patch b/debian/patches/0001-Avoid-using-git-during-build.patch new file mode 100644 index 0000000..8f06c5f --- /dev/null +++ b/debian/patches/0001-Avoid-using-git-during-build.patch @@ -0,0 +1,21 @@ +From: Daniel Kahn Gillmor +Date: Wed, 15 Jan 2020 11:23:27 -0500 +Subject: Avoid using git during build + +--- + src/Makefile | 4 ---- + 1 file changed, 4 deletions(-) + +--- a/src/Makefile 2021-08-13 17:36:03.385973646 -0400 ++++ b/src/Makefile 2021-08-13 17:36:03.369973776 -0400 +@@ -48,10 +48,6 @@ + ifeq ($(DEBUG),yes) + CFLAGS += -g + endif +-WIREGUARD_TOOLS_VERSION = $(patsubst v%,%,$(shell GIT_DIR="$(PWD)/../.git" git describe --dirty 2>/dev/null)) +-ifneq ($(WIREGUARD_TOOLS_VERSION),) +-CFLAGS += -D'WIREGUARD_TOOLS_VERSION="$(WIREGUARD_TOOLS_VERSION)"' +-endif + ifeq ($(PLATFORM),freebsd) + LDLIBS += -lnv + endif diff --git a/debian/patches/0002-Avoid-requiring-glibc-2.25-for-wireguard-tools.patch b/debian/patches/0002-Avoid-requiring-glibc-2.25-for-wireguard-tools.patch new file mode 100644 index 0000000..364269e --- /dev/null +++ b/debian/patches/0002-Avoid-requiring-glibc-2.25-for-wireguard-tools.patch @@ -0,0 +1,35 @@ +From: Daniel Kahn Gillmor +Date: Mon, 18 Jun 2018 14:11:10 -0400 +Subject: Avoid requiring glibc 2.25 for wireguard-tools + +Upstream's instructions (https://www.wireguard.com/install/) suggest +enabling the debian unstable repository to run wireguard. + +Without this patch, the current version of wireguard-tools will end up +with a dependency on glibc 2.25 because of the invocation of +getentropy. + +We avoid this situation (and fall through to the syscall interface +for the Linux kernel) by omitting the test here. + +If we move wireguard into testing (and from there to +stretch-backports) then i think we can convince upstream to change +their installation instructions to refer to stretch-backports, and we +can remove this patch. +--- + src/genkey.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/genkey.c b/src/genkey.c +index d1bb643..6cdee42 100644 +--- a/src/genkey.c ++++ b/src/genkey.c +@@ -40,7 +40,7 @@ static inline bool __attribute__((__warn_unused_result__)) get_random_bytes(uint + return false; + } + +-#if defined(__OpenBSD__) || (defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_12) || (defined(__GLIBC__) && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25))) ++#if defined(__OpenBSD__) || (defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_12) + if (!getentropy(out, len)) + return true; + #endif diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..a0ed131 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,2 @@ +0001-Avoid-using-git-during-build.patch +0002-Avoid-requiring-glibc-2.25-for-wireguard-tools.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..6ddd947 --- /dev/null +++ b/debian/rules @@ -0,0 +1,38 @@ +#!/usr/bin/make -f + +include /usr/share/dpkg/default.mk + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DEB_VERSION_UPSTREAM + +AMNEZIAWG_ARGS = WITH_BASHCOMPLETION=yes WITH_WGQUICK=yes WITH_SYSTEMDUNITS=yes V=1 + +%: + dh $@ + +override_dh_auto_build-arch: + dh_auto_build --sourcedirectory=src -- $(AMNEZIAWG_ARGS) + +override_dh_auto_install-arch: + $(MAKE) -C src DESTDIR=../debian/amneziawg-tools $(AMNEZIAWG_ARGS) install + +override_dh_fixperms: + dh_fixperms -Xetc/amnezia + +override_dh_installexamples: + dh_installexamples -Xexternal-tests + +define test_wg +set -x; set -e; \ +echo "Testing command $1" && \ +a="$$(src/wg $1)" && b="$$(src/wg $1)" && \ +echo "a=$$a b=$$b" && \ +test -n "$$a" && \ +test -n "$$b" && \ +test "$$a" != "$$b" +endef + +override_dh_auto_test: + test "$$(head -c 32 /dev/zero | base64 | src/wg pubkey)" = "L+V9o0fNYkMVKNqsX7spBzD/9oSvxM/C7ZCZX1jLO3Q=" + $(call test_wg,genpsk) + $(call test_wg,genkey) diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..21e7456 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,17 @@ +Tests: keygen +Restrictions: superficial +Depends: + wireguard-tools, + +Tests: wg-quick +Restrictions: needs-root, isolation-machine, allow-stderr +Depends: + iproute2, + @, + +Tests: netns-mini +Restrictions: needs-root, isolation-machine +Depends: + iproute2, + iputils-ping, + @, diff --git a/debian/tests/keygen b/debian/tests/keygen new file mode 100755 index 0000000..63d4ed1 --- /dev/null +++ b/debian/tests/keygen @@ -0,0 +1,5 @@ +#!/bin/bash +set -e + +[[ $(head -c 32 /dev/zero | base64 | wg pubkey) == "L+V9o0fNYkMVKNqsX7spBzD/9oSvxM/C7ZCZX1jLO3Q=" ]] +[[ $(wg genpsk) != "$(wg genpsk)" ]] diff --git a/debian/tests/netns-mini b/debian/tests/netns-mini new file mode 100755 index 0000000..cce52d9 --- /dev/null +++ b/debian/tests/netns-mini @@ -0,0 +1,55 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2015-2020 Jason A. Donenfeld . All Rights Reserved. +set -e + +exec 3>&1 +netns0="wg-test-$$-0" +netns1="wg-test-$$-1" +netns2="wg-test-$$-2" +pretty() { echo -e "\x1b[32m\x1b[1m[+] ${1:+NS$1: }${2}\x1b[0m" >&3; } +pp() { pretty "" "$*"; "$@"; } +n1() { pretty 1 "$*"; ip netns exec $netns1 "$@"; } +n2() { pretty 2 "$*"; ip netns exec $netns2 "$@"; } +ip0() { pretty 0 "ip $*"; ip -n $netns0 "$@"; } +ip1() { pretty 1 "ip $*"; ip -n $netns1 "$@"; } +ip2() { pretty 2 "ip $*"; ip -n $netns2 "$@"; } + +cleanup() { + set +e + exec 2>/dev/null + ip0 link del dev wg0 + ip1 link del dev wg0 + ip2 link del dev wg0 + local to_kill="$(ip netns pids $netns0) $(ip netns pids $netns1) $(ip netns pids $netns2)" + [[ -n $to_kill ]] && kill $to_kill + pp ip netns del $netns1 + pp ip netns del $netns2 + pp ip netns del $netns0 + exit +} +trap cleanup EXIT + +ip netns del $netns0 2>/dev/null || true +ip netns del $netns1 2>/dev/null || true +ip netns del $netns2 2>/dev/null || true +pp ip netns add $netns0 +pp ip netns add $netns1 +pp ip netns add $netns2 +ip0 link set up dev lo +ip0 link add dev wg0 type wireguard +ip0 link set wg0 netns $netns1 +ip0 link add dev wg0 type wireguard +ip0 link set wg0 netns $netns2 +ip1 addr add 192.168.241.1/24 dev wg0 +ip2 addr add 192.168.241.2/24 dev wg0 +key1="$(pp wg genkey)" +key2="$(pp wg genkey)" +pub1="$(pp wg pubkey <<<"$key1")" +pub2="$(pp wg pubkey <<<"$key2")" +n1 wg set wg0 private-key <(echo "$key1") listen-port 1 peer "$pub2" allowed-ips 192.168.241.2/32 +n2 wg set wg0 private-key <(echo "$key2") listen-port 2 peer "$pub1" allowed-ips 192.168.241.1/32 +ip1 link set up dev wg0 +ip2 link set up dev wg0 +n2 wg set wg0 peer "$pub1" endpoint 127.0.0.1:1 +n2 ping -c 10 -f -W 1 192.168.241.1 diff --git a/debian/tests/wg-quick b/debian/tests/wg-quick new file mode 100755 index 0000000..73d6c7a --- /dev/null +++ b/debian/tests/wg-quick @@ -0,0 +1,171 @@ +#!/bin/bash + +set -e +set -o pipefail + +LEFT_NS="left_ns" +LEFT_GW="10.0.5.1/24" +LEFT_PORT=3001 +LEFT_INT="10.0.1.1/24" +WG_LEFT_INTERFACE="wg_left" +WG_LEFT_INTERFACE_CONF="/etc/wireguard/${WG_LEFT_INTERFACE}.conf" + +RIGHT_NS="right_ns" +RIGHT_GW="10.0.5.2/24" +RIGHT_PORT=3002 +RIGHT_INT="10.0.1.2/24" +WG_RIGHT_INTERFACE="wg_right" +WG_RIGHT_INTERFACE_CONF="/etc/wireguard/${WG_RIGHT_INTERFACE}.conf" + +cleanup() { + if [ $? -ne 0 ]; then + echo "Some test failed, here is some debugging" + dmesg -T | grep wireguard + fi + rm -f "${WG_LEFT_INTERFACE_CONF}" "${WG_RIGHT_INTERFACE_CONF}" + ip netns delete "${LEFT_NS}" &>/dev/null + ip netns delete "${RIGHT_NS}" &>/dev/null +} + +trap cleanup EXIT + + +setup() { + umask 0077 + echo "Generating keys" + LEFT_PRIVKEY="$(wg genkey)" + RIGHT_PRIVKEY="$(wg genkey)" + LEFT_PUBKEY="$(wg pubkey <<<"${LEFT_PRIVKEY}")" + RIGHT_PUBKEY="$(wg pubkey <<<"${RIGHT_PRIVKEY}")" + + echo "Generating wireguard config" + cat > "${WG_LEFT_INTERFACE_CONF}" <<-EOF + [Interface] + ListenPort = ${LEFT_PORT} + PrivateKey = ${LEFT_PRIVKEY} + Address = ${LEFT_GW} + + [Peer] + PublicKey = ${RIGHT_PUBKEY} + AllowedIPs = ${RIGHT_GW%%/*}/32 + Endpoint = ${RIGHT_INT%%/*}:${RIGHT_PORT} + EOF + + cat > "${WG_RIGHT_INTERFACE_CONF}" <<-EOF + [Interface] + ListenPort = ${RIGHT_PORT} + PrivateKey = ${RIGHT_PRIVKEY} + Address = ${RIGHT_GW} + + [Peer] + PublicKey = ${LEFT_PUBKEY} + AllowedIPs = ${LEFT_GW%%/*}/32 + Endpoint = ${LEFT_INT%%/*}:${LEFT_PORT} + EOF + + echo "Cleaning up old namespaces" + ip netns delete "${LEFT_NS}" &> /dev/null || true + ip netns delete "${RIGHT_NS}" &> /dev/null || true + + echo "Creating new namespaces ${LEFT_NS} and ${RIGHT_NS} and adding loopback interface to them" + ip netns add "${LEFT_NS}" + ip netns exec "${LEFT_NS}" ip link set dev lo up + + ip netns add "${RIGHT_NS}" + ip netns exec "${RIGHT_NS}" ip link set dev lo up + + echo "Creating veth interface connecting both namespaces" + ip link add p1 netns "${LEFT_NS}" type veth peer p2 netns "${RIGHT_NS}" + ip -n "${LEFT_NS}" addr add "${LEFT_INT}" dev p1 + ip -n "${LEFT_NS}" link set p1 up + + ip -n "${RIGHT_NS}" addr add "${RIGHT_INT}" dev p2 + ip -n "${RIGHT_NS}" link set p2 up + + echo "Bringing up LEFT wireguard interface in namespace ${LEFT_NS}" + ip netns exec "${LEFT_NS}" wg-quick up "${WG_LEFT_INTERFACE}" + + echo "Bringing up RIGHT wireguard interface in namespace ${RIGHT_NS}" + ip netns exec "${RIGHT_NS}" wg-quick up "${WG_RIGHT_INTERFACE}" +} + +show_config() { + echo "${LEFT_NS} namespace:" + ip netns exec "${LEFT_NS}" wg showconf "${WG_LEFT_INTERFACE}" + echo + echo "${RIGHT_NS} namespace:" + ip netns exec "${RIGHT_NS}" wg showconf "${WG_RIGHT_INTERFACE}" +} + +test_stats() { + local -i ret + local output="" + # to be run after the ping tests + # by now, we MUST have "transfer" and "last handshake" + for ns in "${LEFT_NS}" "${RIGHT_NS}"; do + echo "Namespace ${ns}" + output=$(ip netns exec "${ns}" wg show) + echo "${output}" | grep -E "latest handshake:" || { + ret=$? + echo "Missing \"latest handshake\" from stats in namespace ${ns}" + echo "Got this output:" + echo "${output}" + return $ret + } + echo "${output}" | grep -E "transfer:.*received.*sent" || { + ret=$? + echo "Missing \"transfer\" stats in namespace ${ns}" + echo "Got this output:" + echo "${output}" + return $ret + } + done +} + +test_gw_ping() { + echo "Pinging right gateway, from ${LEFT_NS} namespace" + ip netns exec "${LEFT_NS}" ping -W 2 -c 1 "${RIGHT_GW%%/*}" || return $? + echo + echo "Pinging left gateway, from ${RIGHT_NS} namespace" + ip netns exec "${RIGHT_NS}" ping -W 2 -c 1 "${LEFT_GW%%/*}" || return $? +} + +test_wireguard_ping() { + echo "Pinging right wireguard IP from ${LEFT_NS} namespace" + ip netns exec "${LEFT_NS}" ping -W 2 -c 1 "${RIGHT_INT%%/*}" || return $? + echo + echo "Pinging left wireguard IP from ${RIGHT_NS} namesapce" + ip netns exec "${RIGHT_NS}" ping -W 2 -c 1 "${LEFT_INT%%/*}" || return $? +} + + +echo "Setting things up" +setup || { + echo "Failed vpn test setup" + exit 1 +} + +echo +echo "This is the config" +show_config + +echo +echo "Testing gateway ping" +test_gw_ping || { + echo "Failed gateway ping" + exit 1 +} + +echo +echo "Testing wireguard interface ping" +test_wireguard_ping || { + echo "Failed wireguard interface ping" + exit 1 +} + +echo +echo "Testing vpn stats" +test_stats || { + echo "Failed to verify vpn stats" + exit 1 +} diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..1f28e2e --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE0yIvABEADc7Zn9kj02BBd1JQMtyidTHLbY2JnmMlGFx2pwoBCuw3ObDo3G +s7GDxhiK7KoupaUbPklp8NSk914kusr0IOfCcis6lINOKEt3v31yJOpZzWxa0Wha +DXUDWVJc4XhKSdg1LeNtFpLIl1CuOtmaMdOaH8lpKkr/5sL4FeG0g/a3R3ZOzOOj +zoGAx79pyhp92L/qo5FfATTzmD2Pq9m6rxcftiO312gpT7ztKlWvsDmc4iJyyL54 +1m57zSkG5aJqFexwW3C/iJOCSAiY/r6QTmqkbVA2BSSPANOXX9v0A1GX1rcayywR +w7qZelYpaH6pBLUioI2mmnO432kxK2UKrxd3+1wz1G+fg3GWjaabruVnR+KBV4uJ +Q140o6oj/r9k1Busl6elyDeFAdmO6D6i9Pj90oXJIEk0/wxf+DPmag8lVmxEH1CL +ST0M1t68sR38VhNSeyTdcwnsW20D1Ag55aGk3ZN5eXDIw3ccGzFPBfV3w5wfGwWz +idMmAQMxAmhnQCqwSjIXzv1Gv4NeVGze+/t28zUQInTZyZmxi5niMiz0NUeLqREX +bepmUJulYPeXrty/6/7N6jkakXp7kNGIK2Zigadca/18x9H5DgEXHl0eW7ZOgSUH +qQmmnvNNrArhYXlckYapIAZhwLJDGgv3ZhRyYRCEQ9BktVcE0+2R6zb3GQARAQAB +tCRKYXNvbiBBLiBEb25lbmZlbGQgPEphc29uQHp4MmM0LmNvbT6JAlUEEwECAD8C +GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEEq5lC5tSkz8NBJiCnSfxwEqXe +A64FAlp2RGIFCRLnu/IACgkQSfxwEqXeA67KJg//QxU7sM0SCN97+bu/Z7cRAffx +MW+X84rRZRrZvAwkDutTSsvSaBn3dwF5VEnCB25q3px4ybjl0bJF7Klp0RVOBJZo +FEo5BivXH9Ib6eCBn3EGk9g/K9ZZtJP44yF5oW/WZGjlTQdo/plYTd/8COkNA9LX +z3f59ljvQaJNMOUBxnMJVqgvNufbdQehS5dbimhDn5CmBfC7mEpMbrlC7e0O43yl +Tu+BuNssvrX/d3hU7zCYVDDZjVgqSY78YMpvre9xj1WdSdCx9FHo97UcGRHAlm2m +IFIunvZB4s2nWafYAjZ2mg0/gEmn6pIUO+yTSziscoZOedwYDY6FRR26YDjDebF3 +oy5AqgfF8pYACtaKRShJjEfncJhZGKYshuZbuRtXs3yfIQi3QT2MCaCpcZ7C2llS +/ire0qpq1Fp8a6tcyY/8ycr5fp7FO+SHPAQ9tnCZvej7N8guEF/LxkiekxQtkAYM +Fk3Ve4ihFpfy+vT7eF4k95nd067dOwWC+wo/RZMpl5ZBxZJ1ZNzR/Uf9WQ+26KpN +V3pu1cWuh4wjq9auz4MbU/sUMoC69HLDzxgPr8B0aKyU16nyy882R3Xp/SpKqhak +2l95vVi+vjz5YJ9xwoELQCGyb0HscmwNktOqNuev2tze7DpBq6SouK7mibVc9nhD +s9cpv6qFWLLPG9nXC2G5Ag0ETTIi8AEQAL7FzsM9ztt7nCWg8CD8uT5JB0rwGcZT +GZLKSHZAySNO1Gb0Zl0sKkp77UbBy1Unc7VAHmvfFVyUk8xuvkju/kKrLXu3xHNZ +tdIu/o/db4KgDi+ty7YyOrQrmT2a8/Gv5bwAdbtnYvK3i5FMC52iYK+Jd5I4TNAR +ajl+BaJXeuZ99Lf3GiBdkxVQ9B2Q9avUhwkqN0eYUHrZhGgsQ48LfFSnDS7RxBOY +3XX8/+28EqpQjDvHe34vVQXQ6xwusH1ZqD8Q9w1c+DkvS7aqa7pGMRVgcrejYp6e +rcXH4G5S/tzIqcnA0wTX3570grpsSNM1lIQ43f5mcfYuSdIpE0YiHwKVlvBiHnq/ +elyVZEB6Ul00SuW8FbsnrC/w6EFO1Mw1W8nFPHAM2hBuMXYgb4nwNxfFcT0X7Bt1 +1dxIZo3isTRckzwkoXjwB09w1QQK5VvDh4vRS8mCEWRKq3jIZACxYq0wvCMwfbzj +SpFwXlz3VEYAqOxZvbrOQ+0e8YBkrqxpygBI+Gw/yQMkh1KPUtswNyLzoQ4+Mul1 +fDvpAJ44wIFZDnIrr77xzfJ7h6Br0m6o5TinaF87Oxd1QsrY2ba0UfEza8atMmN/ +kwcHdzW4lvJyzzGr+skvhsMdTj/qdyVmCyr/F6FoUyGrq9C+Ww3iXjSbV5g5i/Ol +qurBVLPww8zdABEBAAGJAjwEGAECACYCGwwWIQSrmULm1KTPw0EmIKdJ/HASpd4D +rgUCWnZEdAUJEue8BAAKCRBJ/HASpd4DrlguEACoHU3QB6p7bTY2HdEMRTpz0+pe +E+OYJdB8/1JKqtW/odkTCQmodcJD1AO0jw5NGcFr0SyIzgXxrxFgCBTNGDNIoE+D +gw9Nm6sXwDkeuoyEWHMGPdAYA0da8R9VHmJAG9ezMlHzggpgXMR5DTs16usIqrhG +/gGEgvQWKl3snE+IDiGPLR8VwgF6g1dNEXvwCKhvnM700CBrQqbbmlL+JNVD0q8K +qgtGaf1vqdoDWTalsrqfHLusRUoJOLkJcnaxJnx7mGoBQSjGLuDWlQhg+laQr/H+ +pgTbOAvfTPLIMQNUJDPg4FenoG2uMlAadDEKJnsyo0jblPuaE7b9VBIFAHgrRO2/ +Dgi3/3lUC/srZtPWp+yde10BgFadCgz/jbcfoD2Uq8uOJ8notSFHkqwu5UH/T0qZ +Dd8H4HIgDCrIgOt2WaIriP/317xv5nqDCT/m7yKVxn/Uabu4GW5BFgLv1jUCrmNK +eLGNYnN6xg1djR9hrD7Bvoi4fOU+EnrDmslXr1XZzjrn5ricsY5ezyD1lKPFXEnM +X3gdVkKVzsBx0ZmhkFGiu1qZzGeWfLMDPNHmAZLN7Ovl/oEv7aVfWzzAaAy4kHPJ +utFoKSYJ9MjfAiFlY9XiihNMJ2ZL8csKEGNE6AC0fiArfzh6WBMUU0xFRlVE/D8/ +UqdkAOEzK8aNJzzwqg== +=cPUl +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..6bcb8c9 --- /dev/null +++ b/debian/watch @@ -0,0 +1,4 @@ +version=4 +opts=mode=git,pgpmode=gittag \ + https://github.com/amnezia-vpn/amnezia-wg-tools.git \ + refs/tags/v?([\d\.]+)