diff --git a/README.md b/README.md index 58795f7..6bc2955 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ This supplies the main userspace tooling for using and configuring WireGuard tunnels, including the -[`wg(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8) and -[`wg-quick(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8) +[`awg(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8) and +[`awg-quick(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8) utilities. This project supports Linux, OpenBSD, FreeBSD, macOS, Windows, and Android. diff --git a/amneziawg-tools.spec b/amneziawg-tools.spec new file mode 100644 index 0000000..5933a2e --- /dev/null +++ b/amneziawg-tools.spec @@ -0,0 +1,374 @@ +Name: amneziawg-tools +Version: 1.0.20240201 +Release: 1%{?dist} +URL: https://www.wireguard.com/ +Summary: Fast, modern, secure VPN tunnel +License: GPLv2 + +Source0: https://github.com/amnezia-vpn/amneziawg-tools/archive/refs/tags/v%{version}.tar.gz + +%{?systemd_requires} +BuildRequires: make +BuildRequires: systemd +BuildRequires: gcc + +%description +WireGuard is a novel VPN that runs inside the Linux Kernel and uses +state-of-the-art cryptography (the "Noise" protocol). It aims to be +faster, simpler, leaner, and more useful than IPSec, while avoiding +the massive headache. It intends to be considerably more performant +than OpenVPN. WireGuard is designed as a general purpose VPN for +running on embedded interfaces and super computers alike, fit for +many different circumstances. It runs over UDP. + +This package provides the wg binary for controlling WireGuard. + +%prep +%autosetup -p1 + +%build +%set_build_flags + +## Start DNS Hatchet +%if (0%{?fedora} && 0%{?fedora} < 33) || (0%{?rhel} && 0%{?rhel} < 9) +pushd contrib/dns-hatchet +./apply.sh +popd +%endif +## End DNS Hatchet + +%make_build RUNSTATEDIR=%{_rundir} -C src + +%install +%make_install BINDIR=%{_bindir} MANDIR=%{_mandir} RUNSTATEDIR=%{_rundir} \ +WITH_BASHCOMPLETION=yes WITH_WGQUICK=yes WITH_SYSTEMDUNITS=yes -C src + +%files +%doc README.md contrib +%license COPYING +%{_bindir}/awg +%{_bindir}/awg-quick +%{_sysconfdir}/amnezia/amneziawg/ +%{_datadir}/bash-completion/completions/awg +%{_datadir}/bash-completion/completions/awg-quick +%{_unitdir}/awg-quick@.service +%{_unitdir}/awg-quick.target +%{_mandir}/man8/awg.8* +%{_mandir}/man8/awg-quick.8* + +%changelog +* Thu Feb 1 2024 Yuri Egorov - 1.0.20240201-1 +- Update to 1.0.20240201 + +* Tue Sep 21 2021 Joe Doss - 1.0.20210914-1 +- contrib/launchd: fix xml syntax error +- wg-quick: darwin: account for "link#XX" gateways +- ipc: add wireguard-nt support +- ipc: cache windows lookups to avoid O(n^2) with nested lookups +- ipc: remove windows elevation +- ipc: windows: don't display disabled adapters +- ipc: windows: use devpkey instead of nci for name +- wg-quick: android: adjust for android 12 +- wg-quick: openbsd: set DNS with resolvd(8) + +* Fri Jul 23 2021 Fedora Release Engineering - 1.0.20210424-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Apr 30 2021 Joe Doss - 1.0.20210424-1 +- wg-quick: freebsd: check for socket using -S, not -f +- wg-quick: freebsd: do not assume point-to-point interface flag +- wg-quick: freebsd: use ifconfig for determining if interface is up +- wg-quick: kill route monitor when loop terminates + +* Mon Mar 15 2021 Joe Doss - 1.0.20210315-1 +- Makefile: fix version indicator +- wireguard-tools: const correctness +- wireguard-tools: drag in headers for prototypes +- ipc: uniformly ignore preshared keys that are zero +- wg-quick: freebsd: add kernel support +- ipc: freebsd: add initial FreeBSD support +- wg-quick: freebsd: avoid writing private keys to /tmp + +* Tue Feb 23 2021 Joe Doss - 1.0.20210223-1 +- wg-quick: android: do not free iterated pointer +- wg-quick: openbsd: no use for userspace support +- embeddable-wg-library: sync latest from netlink.h +- wincompat: recent mingw has inet_ntop/inet_pton +- wincompat: add resource and manifest and enable lto +- wincompat: do not elevate by default +- completion: add help and syncconf completions +- sticky-sockets: do not use SO_REUSEADDR +- man: LOG_LEVEL variables changed name +- ipc: do not use fscanf with trailing \n +- ipc: read trailing responses after set operation + +* Wed Jan 27 2021 Fedora Release Engineering - 1.0.20200827-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Oct 02 2020 Joe Doss - 1.0.20200827-2 +- Disable contrib/dns-hatchet/apply.sh on Fedora 33+ and RHEL9+ + +* Sat Aug 29 2020 Joe Doss - 1.0.20200827-1 +- Update to 1.0.20200827 +- wg-quick: android: use iproute2 to bring up interface instead of ndc +- wg-quick: Revert wait on process substitutions + +* Thu Aug 20 2020 Joe Doss - 1.0.20200820-1 +- Update to 1.0.20200820 +- ipc: split into separate files per-platform +- wincompat: fold random into genkey +- systemd: add reload target to systemd unit +- man: wg-quick: use syncconf instead of addconf for strip example +- pubkey: isblank is a subset of isspace +- ctype: use non-locale-specific ctype.h +- wg-quick: wait on process substitutions + +* Wed Jul 29 2020 Fedora Release Engineering - 1.0.20200513-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed May 13 2020 Joe Doss - 1.0.20200513-1 +- Update to 1.0.20200513 +- Makefile: remember to install all systemd units +- ipc: openbsd: switch to array ioctl interface + +* Mon May 11 2020 Joe Doss - 1.0.20200510-1 +- Update to 1.0.20200510 +- ipc: add support for openbsd kernel implementation +- ipc: cleanup openbsd support +- wg-quick: add support for openbsd kernel implementation +- wg-quick: cleanup openbsd support +- wg-quick: support dns search domains +- Makefile: simplify silent cleaning +- ipc: remove extra space +- git: add gitattributes so tarball doesn't have gitignore files +- terminal: specialize color_mode to stdout only +- wg-quick: android: support application whitelist +- systemd: add wg-quick.target + +* Wed Apr 15 2020 Leigh Scott - 1.0.20200319-2 +- Add missing config directory +- Remove default buildroot BuildRequires +- Simplify doc install +- Remove commented lines +- Use correct macro for bash-completion + +* Fri Mar 20 2020 Joe Doss - 1.0.20200319-1 +- Update to 1.0.20200319 + +* Thu Feb 6 2020 Joe Doss - 1.0.20200206-1 +- Update to 1.0.20200206 +- Remove libmnl dependency + +* Tue Jan 21 2020 Joe Doss - 1.0.20200121-1 +- Update to 1.0.20200121 +- Spec changes to pass Fedora RPM review + +* Thu Jan 2 2020 Joe Doss - 1.0.20200102-1 +- Update to 1.0.20200102 +- Remove patch to fix dns-hatchet path + +* Thu Dec 26 2019 Joe Doss - 1.0.20191226-1 +- Update to 1.0.20191226 +- Split wireguard-tools back into it's own spec file +- Add in patch to fix dns-hatchet path + +* Mon Oct 14 2019 Joe Doss - 0.0.20191012-1 +- Update to 0.0.20191012 + +* Mon Sep 16 2019 Joe Doss - 0.0.20190913-1 +- Update to 0.0.20190913 + +* Mon Sep 9 2019 Joe Doss - 0.0.20190905-1 +- Update to 0.0.20190905 + +* Tue Jul 2 2019 Joe Doss - 0.0.20190702-1 +- Update to 0.0.20190702 + +* Sat Jun 1 2019 Joe Doss - 0.0.20190601-1 +- Update to 0.0.20190601 + +* Fri May 31 2019 Joe Doss - 0.0.20190531-1 +- Update to 0.0.20190531 + +* Sat Apr 6 2019 Joe Doss - 0.0.20190406-1 +- Update to 0.0.20190406 + +* Wed Feb 27 2019 Joe Doss - 0.0.20190227-1 +- Update to 0.0.20190227 + +* Thu Jan 24 2019 Joe Doss - 0.0.20190123-1 +- Update to 0.0.20190123 + +* Wed Dec 19 2018 Joe Doss - 0.0.20181218-1 +- Update to 0.0.20181218 + +* Thu Nov 15 2018 Joe Doss - 0.0.20181115-1 +- Update to 0.0.20181115 + +* Sun Oct 14 2018 Joe Doss - 0.0.20181018-1 +- Update to 0.0.20181018 + +* Sun Oct 14 2018 Joe Doss - 0.0.20181007-2 +- Add make as a build dependency + +* Sun Oct 7 2018 Joe Doss - 0.0.20181007-1 +- Update to 0.0.20181007 + +* Tue Sep 25 2018 Joe Doss - 0.0.20180925-1 +- Update to 0.0.20180925 + +* Tue Sep 18 2018 Joe Doss - 0.0.20180918-2 +- Add BuildRequires gcc to fix builds on F29 and Rawhide + +* Tue Sep 18 2018 Joe Doss - 0.0.20180918-1 +- Update to 0.0.20180918 + +* Mon Sep 10 2018 Joe Doss - 0.0.20180910-1 +- Update to 0.0.20180910 + +* Wed Sep 5 2018 Joe Doss - 0.0.20180904-1 +- Update to 0.0.20180904 + +* Thu Aug 9 2018 Joe Doss - 0.0.20180809-1 +- Update to 0.0.20180809 + +* Sun Aug 5 2018 Joe Doss - 0.0.20180802-1 +- Update to 0.0.20180802 + +* Wed Jul 18 2018 Joe Doss - 0.0.20180718-1 +- Update to 0.0.20180718 + +* Tue Jul 10 2018 Joe Doss - 0.0.20180708-1 +- Update to 0.0.20180708 + +* Fri Jun 29 2018 Joe Doss - 0.0.20180625-1 +- Update to 0.0.20180625 + +* Wed Jun 20 2018 Joe Doss - 0.0.20180620-1 +- Update to 0.0.20180620 + +* Wed Jun 13 2018 Joe Doss - 0.0.20180613-1 +- Update to 0.0.20180613 + +* Wed May 30 2018 Joe Doss - 0.0.20180531-1 +- Update to 0.0.20180531 + +* Wed May 23 2018 Joe Doss - 0.0.20180524-1 +- Update to 0.0.20180524 + +* Thu May 17 2018 Joe Doss - 0.0.20180519-1 +- Update to 0.0.20180519 + +* Sun May 13 2018 Joe Doss - 0.0.20180513-1 +- Update to 0.0.20180513 +- Drop support for RHEL 7.4, moving on instead to RHEL 7.5 + +* Fri Apr 20 2018 Joe Doss - 0.0.20180420-1 +- Update to 0.0.20180420 + +* Sun Apr 15 2018 Joe Doss - 0.0.20180413-1 +- Update to 0.0.20180413 + +* Mon Mar 05 2018 Joe Doss - 0.0.20180304-1 +- Update to 0.0.20180304 + +* Mon Feb 19 2018 Joe Doss - 0.0.20180218-1 +- Update to 0.0.20180218 + +* Sun Feb 04 2018 Joe Doss - 0.0.20180202-1 +- Update to 0.0.20180202 + +* Thu Jan 18 2018 Joe Doss - 0.0.20180118-1 +- Update to 0.0.20180118 + +* Thu Dec 21 2017 Joe Doss - 0.0.20171221-1 +- Update to 0.0.20171221 + +* Tue Dec 12 2017 Joe Doss - 0.0.20171211-1 +- Update to 0.0.20171211 + +* Mon Nov 27 2017 Joe Doss - 0.0.20171127-1 +- Update to 0.0.20171127 + +* Thu Nov 23 2017 Joe Doss - 0.0.20171122-1 +- Update to 0.0.20171122 + +* Sat Nov 11 2017 Joe Doss - 0.0.20171111-1 +- Update to 0.0.20171111 + +* Wed Nov 01 2017 Joe Doss - 0.0.20171101-1 +- Update to 0.0.20171101 +- Add temporary DNS hatchet to wg-quick + +* Thu Oct 26 2017 Joe Doss - 0.0.20171017-1 +- Update to 0.0.20171017 + +* Wed Oct 11 2017 Joe Doss - 0.0.20171011-1 +- Update to 0.0.20171011 + +* Fri Oct 6 2017 Joe Doss - 0.0.20171005-1 +- Update to 0.0.20171005 +- Update RPM spec URL to www.wireguard.com + +* Mon Oct 2 2017 Joe Doss - 0.0.20171001-1 +- Update to 0.0.20171001 + +* Mon Sep 18 2017 Joe Doss - 0.0.20170918-1 +- Update to 0.0.20170918 +- Drop support for RHEL 7.3, moving on instead to RHEL 7.4. + +* Thu Sep 7 2017 Joe Doss - 0.0.20170907-1 +- Update to 0.0.20170907 + +* Wed Aug 9 2017 Joe Doss - 0.0.20170810-1 +- Update to 0.0.20170810 + +* Mon Jul 31 2017 Joe Doss - 0.0.20170726-1 +- Update to 0.0.20170726 + +* Thu Jun 29 2017 Joe Doss - 0.0.20170629-1 +- Update to 0.0.20170629 + +* Tue Jun 13 2017 Joe Doss - 0.0.20170613-1 +- Update to 0.0.20170613 + +* Mon Jun 12 2017 Joe Doss - 0.0.20170612-1 +- Update to 0.0.20170612 + +* Wed May 31 2017 Joe Doss - 0.0.20170531-1 +- Update to 0.0.20170531 + +* Wed May 17 2017 Joe Doss - 0.0.20170517-1 +- Update to 0.0.20170517 + +* Mon Apr 24 2017 Joe Doss - 0.0.20170421-1 +- Update to 0.0.20170421 + +* Mon Apr 10 2017 Joe Doss - 0.0.20170409-1 +- Update to 0.0.20170409 + +* Fri Mar 24 2017 Joe Doss - 0.0.20170324-1 +- Update to 0.0.20170324 + +* Mon Mar 20 2017 Joe Doss - 0.0.20170320.1-1 +- Update to 0.0.20170320.1 + +* Thu Mar 2 2017 Joe Doss - 0.0.20170223-1 +- Update to 0.0.20170223 + +* Thu Feb 16 2017 Joe Doss - 0.0.20170214-1 +- Update to 0.0.20170214 + +* Thu Jan 5 2017 Joe Doss - 0.0.20170105-1 +- Update to 0.0.20170105 +- Add wg-quick, bash-completion, and systemd service + +* Mon Dec 19 2016 Jason A. Donenfeld - 0.0.20161218-1 +- Spec adjustments + +* Wed Aug 17 2016 Joe Doss - 0.0.20160808-2 +- Spec adjustments + +* Mon Aug 15 2016 Joe Doss - 0.0.20160808-1 +- Initial WireGuard Tools RPM +- Version 0.0.20160808 \ No newline at end of file diff --git a/contrib/embeddable-wg-library/wireguard.c b/contrib/embeddable-wg-library/wireguard.c index 4941549..c905b17 100644 --- a/contrib/embeddable-wg-library/wireguard.c +++ b/contrib/embeddable-wg-library/wireguard.c @@ -26,7 +26,7 @@ /* wireguard.h netlink uapi: */ -#define WG_GENL_NAME "wireguard" +#define WG_GENL_NAME "amneziawg" #define WG_GENL_VERSION 1 enum wg_cmd { @@ -48,6 +48,15 @@ enum wgdevice_attribute { WGDEVICE_A_LISTEN_PORT, WGDEVICE_A_FWMARK, WGDEVICE_A_PEERS, + WGDEVICE_A_JC, + WGDEVICE_A_JMIN, + WGDEVICE_A_JMAX, + WGDEVICE_A_S1, + WGDEVICE_A_S2, + WGDEVICE_A_H1, + WGDEVICE_A_H2, + WGDEVICE_A_H3, + WGDEVICE_A_H4, __WGDEVICE_A_LAST }; diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..897a279 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,11 @@ +amneziawg (1.0.20200206-2) unstable; urgency=medium + + As of wireguard-linux-compat and wireguard-dkms version 0.0.20200215-2, + we no longer treat installation of the wireguard metapackage as a reason + to try to reload the kernel module upon upgrade. + + See the discussion on + https://salsa.debian.org/debian/wireguard-linux-compat/merge_requests/2 + for more details. + + -- Daniel Kahn Gillmor Mon, 24 Feb 2020 10:08:35 -0500 diff --git a/debian/TODO b/debian/TODO new file mode 100644 index 0000000..667bf8e --- /dev/null +++ b/debian/TODO @@ -0,0 +1,15 @@ +Debian Packaging work for WireGuard: + + * wireguard metapackage should accept a 5.6 (or later) kernel instead + of a module + + * consider make check for wg during build: this depends on + scan-build, which is part of clang, but also wants to clean the + build tree first. Currently, we don't do any build-time tests. + + * autopkgtest: + + - from src/, run "make check" (depending on clang-tools and sparse) + and make sure it looks plausible. + + - Can we add other tests? diff --git a/debian/amneziawg-tools.README.Debian b/debian/amneziawg-tools.README.Debian new file mode 100644 index 0000000..ab9c7bc --- /dev/null +++ b/debian/amneziawg-tools.README.Debian @@ -0,0 +1,16 @@ +Using the WireGuard VPN and encrypted network tunnel +==================================================== + +To use WireGuard, you'll need an additional kernel module which will +probably be built in for Linux 5.6 and later. + +On debian systems with a kernel older than 5.6, you should be able to +build and install the kernel module with only: + + apt install linux-headers-$(uname -r) wireguard-dkms + +Please see https://www.wireguard.com/quickstart for more details on +using WireGuard. + + -- Daniel Kahn Gillmor , Wed, 15 Jan 2020 10:41:35 -0500 + diff --git a/debian/amneziawg-tools.examples b/debian/amneziawg-tools.examples new file mode 100644 index 0000000..86071d7 --- /dev/null +++ b/debian/amneziawg-tools.examples @@ -0,0 +1 @@ +contrib/* diff --git a/debian/amneziawg-tools.lintian-overrides b/debian/amneziawg-tools.lintian-overrides new file mode 100644 index 0000000..0634715 --- /dev/null +++ b/debian/amneziawg-tools.lintian-overrides @@ -0,0 +1,8 @@ +# upstream prefers the less-user-friendly locked-down /etc/wireguard by default +# to avoid leaking local system secrets. I've adjusted the debian package to follow its lead. +# see also https://bugs.debian.org/902831 +amneziawg-tools: non-standard-dir-perm etc/amneziawg/ 0700 != 0755 +# wg-quick@.service is a generator, not an initscript. On systems with sysvinit, +# the admin probably wants to integrate with something like /etc/network/interfaces +# rather than seeing a new script in /etc/init.d/. +amneziawg-tools: package-supports-alternative-init-but-no-init.d-script lib/systemd/system/awg-quick@.service diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..eb33bcf --- /dev/null +++ b/debian/changelog @@ -0,0 +1,839 @@ +amneziawg (1.0.20210914-1ubuntu2) jammy; urgency=medium + + * Add better DEP8 tests (LP: #1952102): + - d/t/control, d/t/wireguard-wgquick: test using network namespaces + and wg-quick + - d/t/netns-mini, d/t/control: test using network namespaces + and wg, taken from the wireguard-linux-compat package + * d/rules: add simple build-time test, taken from the existing + DEP8 test to generate keys (LP: #1952767) + + -- Andreas Hasenack Tue, 07 Dec 2021 08:33:57 -0300 + +amneziawg (1.0.20210914-1ubuntu1) devel; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - Switch alternative dependency order for the wireguard-modules, + wireguard-dkms alternative. + + -- Unit 193 Tue, 23 Nov 2021 11:41:45 -0500 + +amneziawg (1.0.20210914-1) unstable; urgency=medium + + * New upstream release. + * Update Standards-Version to 4.6.0. + + -- Unit 193 Mon, 27 Sep 2021 21:21:06 -0400 + +amneziawg (1.0.20210424-1ubuntu1) devel; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - Switch alternative dependency order for the wireguard-modules, + wireguard-dkms alternative. + + -- Unit 193 Mon, 16 Aug 2021 14:20:40 -0400 + +amneziawg (1.0.20210424-1) unstable; urgency=medium + + * New upstream release. + - Refresh patch. + + -- Unit 193 Fri, 13 Aug 2021 17:36:52 -0400 + +amneziawg (1.0.20210223-1ubuntu1) devel; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - Switch alternative dependency order for the wireguard-modules, + wireguard-dkms alternative. + + -- Unit 193 Tue, 16 Mar 2021 17:27:19 -0400 + +amneziawg (1.0.20210223-1) unstable; urgency=medium + + * New upstream release. + * d/control: + - Bump dh compat to 13. + - Drop Build-Depend on dkms. + * Update Standards-Version to 4.5.1. + + -- Unit 193 Thu, 25 Feb 2021 02:02:36 -0500 + +amneziawg (1.0.20200827-1ubuntu1) devel; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - Switch alternative dependency order for the wireguard-modules, + wireguard-dkms alternative. + + -- Unit 193 Wed, 30 Sep 2020 18:52:56 -0400 + +amneziawg (1.0.20200827-1) unstable; urgency=medium + + * New upstream release. + + -- Unit 193 Wed, 09 Sep 2020 03:47:59 -0400 + +amneziawg (1.0.20200820-1ubuntu1) groovy; urgency=low + + * Merge from Debian unstable. Remaining changes: + - Switch alternative dependency order for teh wireguard-modules, + wireguard-dkms alternative. + + -- Andy Whitcroft Wed, 26 Aug 2020 10:42:33 +0100 + +amneziawg (1.0.20200820-1) unstable; urgency=medium + + * New upstream release. + + -- Unit 193 Sat, 22 Aug 2020 19:19:51 -0400 + +amneziawg (1.0.20200513-1ubuntu1) groovy; urgency=medium + + * Switch alternative dependency order for the wireguard-modules, + wireguard-dkms alternative. Whichever is first is deemed the + preferred installation candidate when neither is present. When this is + wireguard-modules this is satisfied by installation of a random kernel + which claims support for wireguard regardless of its applicability. + Repeat after me, do not ever depend on a kernel. (LP: #1890201) + + -- Andy Whitcroft Mon, 03 Aug 2020 22:24:05 +0100 + +amneziawg (1.0.20200513-1) unstable; urgency=medium + + * New upstream release. + - Drop upstream patch. + * d/control: Lower 'openresolv | resolvconf' to suggests. + + -- Unit 193 Fri, 15 May 2020 18:32:16 -0400 + +amneziawg (1.0.20200510-1) unstable; urgency=medium + + [ Daniel Kahn Gillmor ] + * Add Unit193 to Uploaders + * wrap-and-sort -ast + * prefer wireguard-modules (from a kernel package) over wireguard-dkms + * keygen test only needs wireguard-tools package, not wireguard metapackage + + [ Jason A. Donenfeld ] + * debian: tests: replace ncat-client with keygen + * debian: control: set Recommends order same as Depends order + + [ Unit 193 ] + * New upstream release. + - Refresh patch. + - Grab an upstream commit to install wg-quick.target. + * d/control: + - Update my email address. + - Recommend openresolv | resolvconf. (Closes: #930735) + * d/copyright: Update attribution. + * d/wireguard-tools.lintian-overrides: Drop override about .gitignore. + + -- Unit 193 Tue, 12 May 2020 01:33:42 -0400 + +amneziawg (1.0.20200319-1) unstable; urgency=medium + + [ Unit 193 ] + * New upstream release. + * d/watch: Update to find new releases. + + -- Daniel Kahn Gillmor Sat, 21 Mar 2020 21:30:26 -0400 + +amneziawg (1.0.20200206-2) unstable; urgency=medium + + * add NEWS file documenting that the metapackage will no longer cause a + reload. + + -- Daniel Kahn Gillmor Mon, 24 Feb 2020 10:08:35 -0500 + +amneziawg (1.0.20200206-1) unstable; urgency=medium + + * new upstream release. + * d/copyright: note import of bits from libmnl + * refresh patches + * drop libmnl-dev from build-deps + + -- Daniel Kahn Gillmor Thu, 06 Feb 2020 14:06:44 -0500 + +amneziawg (1.0.20200121-2) unstable; urgency=medium + + * Transfer module reload postinst script to wireguard-dkms package + * standards-version: bump to 4.5.0 (no changes needed) + + -- Daniel Kahn Gillmor Wed, 22 Jan 2020 13:16:57 -0500 + +amneziawg (1.0.20200121-1) unstable; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Tue, 21 Jan 2020 10:12:22 -0500 + +amneziawg (1.0.20200102-1) unstable; urgency=medium + + * new upstream release + * drop wireguard-dkms binary package, now supplied by the + wireguard-linux-compat source package + * refresh patches + * drop lintian override of version-substvar-for-external-package + * ship examples from new upstream path + * update debian/copyright + * avoid using git during build to override src/version.h + + -- Daniel Kahn Gillmor Wed, 15 Jan 2020 11:25:16 -0500 + +amneziawg (0.0.20191219-1) unstable; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Thu, 19 Dec 2019 11:33:41 -0500 + +amneziawg (0.0.20191212-1) unstable; urgency=medium + + * new upstream release + * encourage nftables instead of iptables + + -- Daniel Kahn Gillmor Thu, 12 Dec 2019 10:53:37 -0500 + +amneziawg (0.0.20191206-1) unstable; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Fri, 06 Dec 2019 17:32:38 -0500 + +amneziawg (0.0.20191127-2) unstable; urgency=medium + + * wireguard-tools now Recommends: iptables because of wg-quick + + -- Daniel Kahn Gillmor Wed, 04 Dec 2019 10:46:36 -0500 + +amneziawg (0.0.20191127-1) unstable; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Mon, 02 Dec 2019 09:44:34 -0500 + +amneziawg (0.0.20191012-1) unstable; urgency=medium + + * new upstream release + * d/clean: clean up generated assembler + * more notes about autopkgtest + * standards-version: bump to 4.4.1 (no changes needed) + + -- Daniel Kahn Gillmor Tue, 15 Oct 2019 17:41:38 +0200 + +amneziawg (0.0.20190913-1) unstable; urgency=medium + + * new upstream release + * verbose build to satisfy compiler-flags-hidden complaint from bls + + -- Daniel Kahn Gillmor Thu, 26 Sep 2019 10:29:32 +0200 + +amneziawg (0.0.20190905-1) unstable; urgency=medium + + * new upstream release + * refresh patches + * include ${perl:Depends} in wireguard-dkms + + -- Daniel Kahn Gillmor Sun, 08 Sep 2019 15:42:09 -0400 + +amneziawg (0.0.20190702-3) unstable; urgency=medium + + * clean up wireguard-modules versioned dependency (Closes: #930432) + + -- Daniel Kahn Gillmor Mon, 19 Aug 2019 20:52:22 -0400 + +amneziawg (0.0.20190702-2) unstable; urgency=medium + + * Work around faulty siphash backport (Closes: #934763) + * standards-version: bump to 4.4.0 (no changes needed) + * override package-supports-alternative-init-but-no-init.d-script for + wireguard-tools + + -- Daniel Kahn Gillmor Mon, 19 Aug 2019 18:07:59 -0400 + +amneziawg (0.0.20190702-1) unstable; urgency=medium + + * new upstream version + + -- Daniel Kahn Gillmor Tue, 02 Jul 2019 09:02:32 -0400 + +amneziawg (0.0.20190601-1) unstable; urgency=medium + + * new upstream version + + -- Daniel Kahn Gillmor Mon, 17 Jun 2019 12:25:58 -0400 + +amneziawg (0.0.20190406-1) unstable; urgency=medium + + * New upstream version + * refresh patches + + -- Daniel Kahn Gillmor Mon, 08 Apr 2019 17:09:41 -0400 + +amneziawg (0.0.20190227-1) unstable; urgency=medium + + * New upstream version + + -- Daniel Kahn Gillmor Fri, 01 Mar 2019 13:34:53 -0500 + +amneziawg (0.0.20190123-1) unstable; urgency=medium + + [ Fabian Grünbichler ] + * wireguard.postinst: Add module reload on upgrade (Closes: #913446) + + [ Daniel Kahn Gillmor ] + * New upstream version (Closes: #919232) + * Tighten dependencies and description of wireguard metapackage + * Fine-tune module reload code on wireguard.postinst + * Standards-Version: bump to 4.3.0 (no changes needed) + * Update debian/copyright + * override lintian warning version-substvar-for-external-package + * move to debhelper-compat 12 + + -- Daniel Kahn Gillmor Mon, 28 Jan 2019 14:31:53 -0500 + +amneziawg (0.0.20181218-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Tue, 18 Dec 2018 13:50:07 -0500 + +amneziawg (0.0.20181119-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Mon, 19 Nov 2018 13:30:22 -0500 + +amneziawg (0.0.20181115-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Thu, 15 Nov 2018 17:47:30 -0500 + +amneziawg (0.0.20181018-1) unstable; urgency=medium + + * new upstream snapshot release + + -- Daniel Kahn Gillmor Thu, 18 Oct 2018 09:42:59 -0400 + +amneziawg (0.0.20181007-1) unstable; urgency=medium + + * new upstream snapshot release + + -- Daniel Kahn Gillmor Thu, 18 Oct 2018 09:42:44 -0400 + +amneziawg (0.0.20180925-1) unstable; urgency=medium + + * new upstream snapshot release + * d/copyright: update for licensing tweaks + + -- Daniel Kahn Gillmor Thu, 27 Sep 2018 17:02:13 -0400 + +amneziawg (0.0.20180918-1) unstable; urgency=medium + + * new upstream snapshot release + * d/copyright: note zinc change to MIT license + + -- Daniel Kahn Gillmor Wed, 19 Sep 2018 15:44:54 -0400 + +amneziawg (0.0.20180910-1) unstable; urgency=medium + + * new upstream snapshot release + * d/copyright update for new code sources + + -- Daniel Kahn Gillmor Wed, 12 Sep 2018 00:28:31 -0400 + +amneziawg (0.0.20180904-2) unstable; urgency=medium + + * dkms: use upstream version instead of debian version (closes: #906019) + + -- Daniel Kahn Gillmor Thu, 06 Sep 2018 13:08:44 -0400 + +amneziawg (0.0.20180904-1) unstable; urgency=medium + + * New upstream snapshot release + * Standards-Version: bump to 4.2.1 (no changes needed) + * debian/copyright: update move of sources to zinc + + -- Daniel Kahn Gillmor Wed, 05 Sep 2018 16:24:17 -0400 + +amneziawg (0.0.20180809-1) unstable; urgency=medium + + * Standards-Version: bump to 4.2.0 (no changes needed) + * New upstream snapshot release + + -- Daniel Kahn Gillmor Wed, 05 Sep 2018 16:24:06 -0400 + +amneziawg (0.0.20180802-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Fri, 03 Aug 2018 09:31:12 -0400 + +amneziawg (0.0.20180731-2) unstable; urgency=medium + + * ship /etc/wireguard mode 0700 by default (closes: #902831) + + -- Daniel Kahn Gillmor Tue, 31 Jul 2018 18:00:49 -0400 + +amneziawg (0.0.20180731-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Tue, 31 Jul 2018 15:42:42 -0400 + +amneziawg (0.0.20180718-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Tue, 31 Jul 2018 15:42:30 -0400 + +amneziawg (0.0.20180708-1) unstable; urgency=medium + + * New upstream snapshot release + * Standards-Version: bumped to 4.1.5 (no changes needed) + + -- Daniel Kahn Gillmor Mon, 09 Jul 2018 15:03:15 -0400 + +amneziawg (0.0.20180625-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Mon, 25 Jun 2018 14:02:58 -0400 + +amneziawg (0.0.20180620-1) unstable; urgency=medium + + * new upstream snapshot release + + -- Daniel Kahn Gillmor Thu, 21 Jun 2018 10:25:55 -0400 + +amneziawg (0.0.20180613-3) unstable; urgency=medium + + [ Helmut Grohne ] + * Fix FTCBFS (Closes: #900891) Thanks, Helmut Grohne! + + -- Daniel Kahn Gillmor Mon, 18 Jun 2018 14:35:37 -0400 + +amneziawg (0.0.20180613-2) unstable; urgency=medium + + * avoid requiring glibc-2.25 for wireguard-tools (Closes: #901802) + + -- Daniel Kahn Gillmor Mon, 18 Jun 2018 14:18:31 -0400 + +amneziawg (0.0.20180613-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Thu, 14 Jun 2018 09:59:56 -0400 + +amneziawg (0.0.20180531-1) unstable; urgency=medium + + * New upstream snapshot release + * update debian/copyright + + -- Daniel Kahn Gillmor Fri, 01 Jun 2018 16:08:33 -0400 + +amneziawg (0.0.20180524-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Thu, 24 May 2018 10:38:53 -0400 + +amneziawg (0.0.20180519-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Mon, 21 May 2018 13:42:17 -0400 + +amneziawg (0.0.20180513-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Mon, 14 May 2018 17:28:50 -0400 + +amneziawg (0.0.20180420-1) unstable; urgency=medium + + * New upstream snapshot release + + -- Daniel Kahn Gillmor Mon, 14 May 2018 17:28:31 -0400 + +amneziawg (0.0.20180413-1) unstable; urgency=medium + + * New upstream snapshot release + * Standards-Version: bump to 4.1.4 (no changes needed) + + -- Daniel Kahn Gillmor Fri, 20 Apr 2018 12:43:32 -0700 + +amneziawg (0.0.20180304-1) unstable; urgency=medium + + * new upstream snapshot release + + -- Daniel Kahn Gillmor Fri, 16 Mar 2018 01:31:06 +0000 + +amneziawg (0.0.20180218-1) unstable; urgency=medium + + * new upstream snapshot release + * update Jason's signing key + * d/control: set Rules-Requires-Root: no + * convert packaging VCS branchnames to DEP-14 + * d/copyright: embeddable-wg-library is LGPL-2.1+ + + -- Daniel Kahn Gillmor Tue, 20 Feb 2018 14:51:20 -0800 + +amneziawg (0.0.20180202-1) unstable; urgency=medium + + * new upstream snapshot release + * loosen versioned dependencies of wireguard metapackage + * d/copyright: update + + -- Daniel Kahn Gillmor Fri, 02 Feb 2018 15:26:24 -0500 + +amneziawg (0.0.20180118-1) unstable; urgency=medium + + * New upstream snapshot release + * d/copyright: update + + -- Daniel Kahn Gillmor Fri, 19 Jan 2018 00:04:53 -0500 + +amneziawg (0.0.20171221-5) unstable; urgency=medium + + * New debian package for source-only upload + + -- Daniel Kahn Gillmor Sat, 13 Jan 2018 11:35:16 -0500 + +amneziawg (0.0.20171221-4) unstable; urgency=medium + + * d/copyright: annotate a few additional files + + -- Daniel Kahn Gillmor Fri, 12 Jan 2018 16:51:08 -0500 + +amneziawg (0.0.20171221-3) unstable; urgency=medium + + * make inter-package recommendations tightly versioned + * add new wireguard metapackage + + -- Daniel Kahn Gillmor Thu, 11 Jan 2018 17:48:05 -0500 + +amneziawg (0.0.20171221-2) unstable; urgency=medium + + * wrap-and-sort -ast + * standards-version: bump to 4.1.3 (no changes needed) + * move to debhelper 11 + * move Vcs to salsa.debian.org + * clean up lintian-overrides + * include upstream changelog + + -- Daniel Kahn Gillmor Mon, 08 Jan 2018 16:30:38 -0500 + +amneziawg (0.0.20171221-1) unstable; urgency=medium + + * New upstream release + * drop workaround curve25519_generate.js, fixed upstream + + -- Daniel Kahn Gillmor Wed, 20 Dec 2017 22:13:31 -0500 + +amneziawg (0.0.20171211-1) unstable; urgency=medium + + * New upstream release + * refresh patches + * Standards-Version: bump to 4.1.2 (no changes needed) + * examples: avoid shipping pre-generated javascript artifact + + -- Daniel Kahn Gillmor Mon, 11 Dec 2017 20:56:53 -0500 + +amneziawg (0.0.20171127-1) unstable; urgency=medium + + * New upstream release. + * d/copyright: annotate new assembler + + -- Daniel Kahn Gillmor Tue, 28 Nov 2017 17:29:39 -0500 + +amneziawg (0.0.20171111-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Sat, 11 Nov 2017 18:32:19 +0800 + +amneziawg (0.0.20171101-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Tue, 07 Nov 2017 02:05:29 +0100 + +amneziawg (0.0.20171017-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Sun, 22 Oct 2017 10:11:26 -0400 + +amneziawg (0.0.20171011-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Wed, 11 Oct 2017 10:22:23 -0400 + +amneziawg (0.0.20171005-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Fri, 06 Oct 2017 15:29:08 -0700 + +amneziawg (0.0.20171001+dfsg1-1) unstable; urgency=medium + + * New upstream release + - use dfsg-free version of upstream release, dropping accidentally + shipped contrib/examples/sticky-sockets/a.out + - subsequent releases should not need dfsg-free cleanup + * Standards-Version: bump to 4.1.1 (no changes needed) + * move wireguard-dkms to Section: kernel (thanks, Lintian!) + + -- Daniel Kahn Gillmor Mon, 02 Oct 2017 10:08:23 -0700 + +amneziawg (0.0.20170918-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 18 Sep 2017 13:13:43 -0400 + +amneziawg (0.0.20170907-1) unstable; urgency=medium + + * New upstream release + * Standards-Version: bump to 4.1.0 (no changes needed) + + -- Daniel Kahn Gillmor Thu, 07 Sep 2017 10:58:53 -0400 + +amneziawg (0.0.20170810-1) unstable; urgency=medium + + * New upstream release + * Standards-Version: bumped to 4.0.1 (Priority: extra -> optional) + * added autopkgtest to wireguard demo server + + -- Daniel Kahn Gillmor Thu, 10 Aug 2017 20:48:34 -0400 + +amneziawg (0.0.20170726-1) unstable; urgency=medium + + * New upstream release + * switch documentation/metadata from wireguard.io to wireguard.com, + following upstream + + -- Daniel Kahn Gillmor Wed, 26 Jul 2017 11:52:36 -0400 + +amneziawg (0.0.20170706-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Thu, 06 Jul 2017 18:24:04 -0400 + +amneziawg (0.0.20170629-1) unstable; urgency=medium + + * New upstream release + * bumped Standards-Version to 4.0.0 (no changes needed) + + -- Daniel Kahn Gillmor Wed, 05 Jul 2017 15:14:20 -0400 + +amneziawg (0.0.20170613-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Wed, 14 Jun 2017 13:38:22 -0400 + +amneziawg (0.0.20170531-2) unstable; urgency=medium + + * add systemd to build-dependencies to learn systemdsystemunitdir + (thanks, Lintian!) + + -- Daniel Kahn Gillmor Wed, 31 May 2017 15:15:07 -0400 + +amneziawg (0.0.20170531-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Wed, 31 May 2017 11:48:41 -0400 + +amneziawg (0.0.20170517-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Wed, 17 May 2017 15:36:03 -0400 + +amneziawg (0.0.20170421-2) unstable; urgency=medium + + * update/correct debian/copyright + + -- Daniel Kahn Gillmor Tue, 25 Apr 2017 12:56:14 -0400 + +amneziawg (0.0.20170421-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 24 Apr 2017 10:00:55 -0400 + +amneziawg (0.0.20170409-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 10 Apr 2017 01:50:46 -0400 + +amneziawg (0.0.20170324-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Fri, 24 Mar 2017 00:46:22 -0400 + +amneziawg (0.0.20170320.1-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 20 Mar 2017 11:43:36 -0400 + +amneziawg (0.0.20170223-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Thu, 23 Feb 2017 11:29:01 -0500 + +amneziawg (0.0.20170214-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Tue, 14 Feb 2017 08:51:02 -0500 + +amneziawg (0.0.20170213-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 13 Feb 2017 19:06:05 -0500 + +amneziawg (0.0.20170115-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 06 Feb 2017 04:40:14 -0500 + +amneziawg (0.0.20170105-1) UNRELEASED; urgency=medium + + * New upstream release + - adds wg-quick + - adds bash tab completion for wg + - adds systemd .service template for wg-quick + + -- Daniel Kahn Gillmor Wed, 11 Jan 2017 23:19:09 -0500 + +amneziawg (0.0.20161230-1) unstable; urgency=medium + + * New upstream release. + + -- Daniel Kahn Gillmor Tue, 03 Jan 2017 02:21:26 -0500 + +amneziawg (0.0.20161223-1) unstable; urgency=medium + + * New upstream release. + * use uptream's install-dkms Makefile target and dkms.conf instead of + maintaining our own. + + -- Daniel Kahn Gillmor Sat, 24 Dec 2016 16:58:46 -0500 + +amneziawg (0.0.20161218-1) unstable; urgency=medium + + * New upstream release. + * Move from experimental to unstable. Upstream isn't committed to a + long-term stable branch, so we should keep this from migrating to + stretch, but it has stabilized enough for wider distribution. + * Note: we are not using upstream's install-dkms Makefile target. + + -- Daniel Kahn Gillmor Thu, 22 Dec 2016 08:25:15 -0500 + +amneziawg (0.0.20161129-experimental1) experimental; urgency=medium + + * new upstream release + * generate src/version.h from debian package version instead of git + repo. + + -- Daniel Kahn Gillmor Mon, 05 Dec 2016 23:01:22 -0500 + +amneziawg (0.0.20161116.1-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Thu, 17 Nov 2016 08:07:52 +0900 + +amneziawg (0.0.20161110-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Thu, 10 Nov 2016 12:25:50 -0800 + +amneziawg (0.0.20161105-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Sun, 06 Nov 2016 01:47:35 -0400 + +amneziawg (0.0.20161103-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Fri, 04 Nov 2016 10:34:52 -0400 + +amneziawg (0.0.20161102-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Wed, 02 Nov 2016 12:52:58 -0400 + +amneziawg (0.0.20161025-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Tue, 25 Oct 2016 10:05:12 -0400 + +amneziawg (0.0.20161014-experimental1) experimental; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor Mon, 24 Oct 2016 14:04:50 -0400 + +amneziawg (0.0.20160808-experimental2) experimental; urgency=medium + + [ Jason A. Donenfeld ] + * properly ship self-tests (Closes: #833961) + + -- Daniel Kahn Gillmor Fri, 12 Aug 2016 01:45:04 -0400 + +amneziawg (0.0.20160808-experimental1) experimental; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Mon, 08 Aug 2016 16:54:39 -0400 + +amneziawg (0.0.20160722-experimental1) experimental; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Fri, 22 Jul 2016 17:21:11 -0400 + +amneziawg (0.0.20160711-experimental1) experimental; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Tue, 12 Jul 2016 13:20:26 +0200 + +amneziawg (0.0.20160708.1-experimental1) experimental; urgency=medium + + * New upstream release + * build-depend on pkg-config + * ship upstream examples + + -- Daniel Kahn Gillmor Fri, 08 Jul 2016 23:13:54 +0200 + +amneziawg (0.0.20160630-experimental2) experimental; urgency=medium + + * avoid shipping example/demo scripts at request of upstream + * limit wireguard-tools to only linux platforms, since it makes no sense + elsewhere. + + -- Daniel Kahn Gillmor Sat, 02 Jul 2016 10:32:49 -0400 + +amneziawg (0.0.20160630-experimental1) experimental; urgency=medium + + * First package upload (Closes: #829107) + + -- Daniel Kahn Gillmor Thu, 30 Jun 2016 12:50:33 -0400 diff --git a/debian/clean b/debian/clean new file mode 100644 index 0000000..52ca60f --- /dev/null +++ b/debian/clean @@ -0,0 +1,3 @@ +src/*.o +src/*.d +src/wg diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f11c82a --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 \ No newline at end of file diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..36ab811 --- /dev/null +++ b/debian/control @@ -0,0 +1,57 @@ +Source: amneziawg +Section: net +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Daniel Kahn Gillmor +Uploaders: + Unit 193 , +Build-Depends: + debhelper, + pkg-config, + systemd, +Standards-Version: 4.6.0 +Homepage: https://www.wireguard.com +Vcs-Git: https://github.com/amnezia-vpn/amnezia-wg-tools.git +Vcs-Browser: https://github.com/amnezia-vpn/amnezia-wg-tools +Rules-Requires-Root: no + +Package: amneziawg +Architecture: all +Depends: + amneziawg-dkms (>= 0.0.20200121-2) | amneziawg-modules (>= 0.0.20191219), + amneziawg-tools (>= ${source:Version}), + ${misc:Depends}, +Description: fast, modern, secure kernel VPN tunnel (metapackage) + WireGuard is a novel VPN that runs inside the Linux Kernel and uses + state-of-the-art cryptography (the "Noise" protocol). It aims to be + faster, simpler, leaner, and more useful than IPSec, while avoiding + the massive headache. It intends to be considerably more performant + than OpenVPN. WireGuard is designed as a general purpose VPN for + running on embedded interfaces and super computers alike, fit for + many different circumstances. It runs over UDP. + . + This metapackage explicitly depends on both the kernel module and the + userspace tooling. + +Package: amneziawg-tools +Architecture: linux-any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + nftables | iptables, + amneziawg-modules (>= 0.0.20171001) | amneziawg-dkms (>= 0.0.20191219), +Suggests: openresolv | resolvconf, +Description: fast, modern, secure kernel VPN tunnel (userland utilities) + WireGuard is a novel VPN that runs inside the Linux Kernel and uses + state-of-the-art cryptography (the "Noise" protocol). It aims to be + faster, simpler, leaner, and more useful than IPSec, while avoiding + the massive headache. It intends to be considerably more performant + than OpenVPN. WireGuard is designed as a general purpose VPN for + running on embedded interfaces and super computers alike, fit for + many different circumstances. It runs over UDP. + . + This package contains command-line tools to interact with the + WireGuard kernel module. Currently, it provides only a single tool: + . + awg: set and retrieve configuration of WireGuard interfaces diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..fc51ad2 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,85 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: WireGuard command-line tools +Source: https://www.wireguard.com/ +Upstream-Contact: WireGuard mailing list + +Files: * +Copyright: 2015-2020 Jason A. Donenfeld +License: GPL-2 + +Files: contrib/external-tests/python/main.py +Copyright: 2018 Piotr Lizonczyk +License: MIT + +Files: src/netlink.h contrib/embeddable-wg-library/* +Copyright: 2015-2020 Jason A. Donenfeld + 2008-2012 Pablo Neira Ayuso +License: LGPL-2.1+ + +Files: src/curve25519-fiat32.h +Copyright: 2015-2016 The fiat-crypto Authors. + 2018-2020 Jason A. Donenfeld +License: GPL-2 or MIT + +Files: src/curve25519-hacl64.h +Copyright: 2016-2017 INRIA and Microsoft Corporation. + 2018-2020 Jason A. Donenfeld +License: GPL-2 or MIT + +Files: src/uapi/openbsd/net/if_wg.h +Copyright: 2020 Matt Dunwoodie + 2020 Jason A. Donenfeld +License: ISC + +Files: debian/* +Copyright: 2016-2020 Daniel Kahn Gillmor +License: GPL-2 + +License: GPL-2 + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2. + . + On Debian systems, the complete text of the GNU General Public License + version 2 can be found in file "/usr/share/common-licenses/GPL-2". + +License: LGPL-2.1+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; version 2.1 or later. + . + On Debian systems, the complete text of the GNU Lesser General Public + License version 2.1 can be found in file + "/usr/share/common-licenses/LGPL-2.1". + +License: MIT + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + +License: ISC + Permission to use, copy, modify, and/or distribute this software for + any purpose with or without fee is hereby granted, provided that the + above copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/debian/files b/debian/files new file mode 100644 index 0000000..8ccd5d0 --- /dev/null +++ b/debian/files @@ -0,0 +1,4 @@ +amneziawg-tools-dbgsym_1.0.20210914-1ubuntu2_amd64.ddeb debug optional automatic=yes +amneziawg-tools_1.0.20210914-1ubuntu2_amd64.deb net optional +amneziawg_1.0.20210914-1ubuntu2_all.deb net optional +amneziawg_1.0.20210914-1ubuntu2_amd64.buildinfo net optional diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..8d82621 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,6 @@ +[DEFAULT] +debian-branch = debian/master +upstream-tag = v%(version)s + +[buildpackage] +compression = xz diff --git a/debian/patches/0001-Avoid-using-git-during-build.patch b/debian/patches/0001-Avoid-using-git-during-build.patch new file mode 100644 index 0000000..8f06c5f --- /dev/null +++ b/debian/patches/0001-Avoid-using-git-during-build.patch @@ -0,0 +1,21 @@ +From: Daniel Kahn Gillmor +Date: Wed, 15 Jan 2020 11:23:27 -0500 +Subject: Avoid using git during build + +--- + src/Makefile | 4 ---- + 1 file changed, 4 deletions(-) + +--- a/src/Makefile 2021-08-13 17:36:03.385973646 -0400 ++++ b/src/Makefile 2021-08-13 17:36:03.369973776 -0400 +@@ -48,10 +48,6 @@ + ifeq ($(DEBUG),yes) + CFLAGS += -g + endif +-WIREGUARD_TOOLS_VERSION = $(patsubst v%,%,$(shell GIT_DIR="$(PWD)/../.git" git describe --dirty 2>/dev/null)) +-ifneq ($(WIREGUARD_TOOLS_VERSION),) +-CFLAGS += -D'WIREGUARD_TOOLS_VERSION="$(WIREGUARD_TOOLS_VERSION)"' +-endif + ifeq ($(PLATFORM),freebsd) + LDLIBS += -lnv + endif diff --git a/debian/patches/0002-Avoid-requiring-glibc-2.25-for-wireguard-tools.patch b/debian/patches/0002-Avoid-requiring-glibc-2.25-for-wireguard-tools.patch new file mode 100644 index 0000000..364269e --- /dev/null +++ b/debian/patches/0002-Avoid-requiring-glibc-2.25-for-wireguard-tools.patch @@ -0,0 +1,35 @@ +From: Daniel Kahn Gillmor +Date: Mon, 18 Jun 2018 14:11:10 -0400 +Subject: Avoid requiring glibc 2.25 for wireguard-tools + +Upstream's instructions (https://www.wireguard.com/install/) suggest +enabling the debian unstable repository to run wireguard. + +Without this patch, the current version of wireguard-tools will end up +with a dependency on glibc 2.25 because of the invocation of +getentropy. + +We avoid this situation (and fall through to the syscall interface +for the Linux kernel) by omitting the test here. + +If we move wireguard into testing (and from there to +stretch-backports) then i think we can convince upstream to change +their installation instructions to refer to stretch-backports, and we +can remove this patch. +--- + src/genkey.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/genkey.c b/src/genkey.c +index d1bb643..6cdee42 100644 +--- a/src/genkey.c ++++ b/src/genkey.c +@@ -40,7 +40,7 @@ static inline bool __attribute__((__warn_unused_result__)) get_random_bytes(uint + return false; + } + +-#if defined(__OpenBSD__) || (defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_12) || (defined(__GLIBC__) && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25))) ++#if defined(__OpenBSD__) || (defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_12) + if (!getentropy(out, len)) + return true; + #endif diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..a0ed131 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,2 @@ +0001-Avoid-using-git-during-build.patch +0002-Avoid-requiring-glibc-2.25-for-wireguard-tools.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..6ddd947 --- /dev/null +++ b/debian/rules @@ -0,0 +1,38 @@ +#!/usr/bin/make -f + +include /usr/share/dpkg/default.mk + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DEB_VERSION_UPSTREAM + +AMNEZIAWG_ARGS = WITH_BASHCOMPLETION=yes WITH_WGQUICK=yes WITH_SYSTEMDUNITS=yes V=1 + +%: + dh $@ + +override_dh_auto_build-arch: + dh_auto_build --sourcedirectory=src -- $(AMNEZIAWG_ARGS) + +override_dh_auto_install-arch: + $(MAKE) -C src DESTDIR=../debian/amneziawg-tools $(AMNEZIAWG_ARGS) install + +override_dh_fixperms: + dh_fixperms -Xetc/amnezia + +override_dh_installexamples: + dh_installexamples -Xexternal-tests + +define test_wg +set -x; set -e; \ +echo "Testing command $1" && \ +a="$$(src/wg $1)" && b="$$(src/wg $1)" && \ +echo "a=$$a b=$$b" && \ +test -n "$$a" && \ +test -n "$$b" && \ +test "$$a" != "$$b" +endef + +override_dh_auto_test: + test "$$(head -c 32 /dev/zero | base64 | src/wg pubkey)" = "L+V9o0fNYkMVKNqsX7spBzD/9oSvxM/C7ZCZX1jLO3Q=" + $(call test_wg,genpsk) + $(call test_wg,genkey) diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..21e7456 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,17 @@ +Tests: keygen +Restrictions: superficial +Depends: + wireguard-tools, + +Tests: wg-quick +Restrictions: needs-root, isolation-machine, allow-stderr +Depends: + iproute2, + @, + +Tests: netns-mini +Restrictions: needs-root, isolation-machine +Depends: + iproute2, + iputils-ping, + @, diff --git a/debian/tests/keygen b/debian/tests/keygen new file mode 100755 index 0000000..63d4ed1 --- /dev/null +++ b/debian/tests/keygen @@ -0,0 +1,5 @@ +#!/bin/bash +set -e + +[[ $(head -c 32 /dev/zero | base64 | wg pubkey) == "L+V9o0fNYkMVKNqsX7spBzD/9oSvxM/C7ZCZX1jLO3Q=" ]] +[[ $(wg genpsk) != "$(wg genpsk)" ]] diff --git a/debian/tests/netns-mini b/debian/tests/netns-mini new file mode 100755 index 0000000..cce52d9 --- /dev/null +++ b/debian/tests/netns-mini @@ -0,0 +1,55 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2015-2020 Jason A. Donenfeld . All Rights Reserved. +set -e + +exec 3>&1 +netns0="wg-test-$$-0" +netns1="wg-test-$$-1" +netns2="wg-test-$$-2" +pretty() { echo -e "\x1b[32m\x1b[1m[+] ${1:+NS$1: }${2}\x1b[0m" >&3; } +pp() { pretty "" "$*"; "$@"; } +n1() { pretty 1 "$*"; ip netns exec $netns1 "$@"; } +n2() { pretty 2 "$*"; ip netns exec $netns2 "$@"; } +ip0() { pretty 0 "ip $*"; ip -n $netns0 "$@"; } +ip1() { pretty 1 "ip $*"; ip -n $netns1 "$@"; } +ip2() { pretty 2 "ip $*"; ip -n $netns2 "$@"; } + +cleanup() { + set +e + exec 2>/dev/null + ip0 link del dev wg0 + ip1 link del dev wg0 + ip2 link del dev wg0 + local to_kill="$(ip netns pids $netns0) $(ip netns pids $netns1) $(ip netns pids $netns2)" + [[ -n $to_kill ]] && kill $to_kill + pp ip netns del $netns1 + pp ip netns del $netns2 + pp ip netns del $netns0 + exit +} +trap cleanup EXIT + +ip netns del $netns0 2>/dev/null || true +ip netns del $netns1 2>/dev/null || true +ip netns del $netns2 2>/dev/null || true +pp ip netns add $netns0 +pp ip netns add $netns1 +pp ip netns add $netns2 +ip0 link set up dev lo +ip0 link add dev wg0 type wireguard +ip0 link set wg0 netns $netns1 +ip0 link add dev wg0 type wireguard +ip0 link set wg0 netns $netns2 +ip1 addr add 192.168.241.1/24 dev wg0 +ip2 addr add 192.168.241.2/24 dev wg0 +key1="$(pp wg genkey)" +key2="$(pp wg genkey)" +pub1="$(pp wg pubkey <<<"$key1")" +pub2="$(pp wg pubkey <<<"$key2")" +n1 wg set wg0 private-key <(echo "$key1") listen-port 1 peer "$pub2" allowed-ips 192.168.241.2/32 +n2 wg set wg0 private-key <(echo "$key2") listen-port 2 peer "$pub1" allowed-ips 192.168.241.1/32 +ip1 link set up dev wg0 +ip2 link set up dev wg0 +n2 wg set wg0 peer "$pub1" endpoint 127.0.0.1:1 +n2 ping -c 10 -f -W 1 192.168.241.1 diff --git a/debian/tests/wg-quick b/debian/tests/wg-quick new file mode 100755 index 0000000..73d6c7a --- /dev/null +++ b/debian/tests/wg-quick @@ -0,0 +1,171 @@ +#!/bin/bash + +set -e +set -o pipefail + +LEFT_NS="left_ns" +LEFT_GW="10.0.5.1/24" +LEFT_PORT=3001 +LEFT_INT="10.0.1.1/24" +WG_LEFT_INTERFACE="wg_left" +WG_LEFT_INTERFACE_CONF="/etc/wireguard/${WG_LEFT_INTERFACE}.conf" + +RIGHT_NS="right_ns" +RIGHT_GW="10.0.5.2/24" +RIGHT_PORT=3002 +RIGHT_INT="10.0.1.2/24" +WG_RIGHT_INTERFACE="wg_right" +WG_RIGHT_INTERFACE_CONF="/etc/wireguard/${WG_RIGHT_INTERFACE}.conf" + +cleanup() { + if [ $? -ne 0 ]; then + echo "Some test failed, here is some debugging" + dmesg -T | grep wireguard + fi + rm -f "${WG_LEFT_INTERFACE_CONF}" "${WG_RIGHT_INTERFACE_CONF}" + ip netns delete "${LEFT_NS}" &>/dev/null + ip netns delete "${RIGHT_NS}" &>/dev/null +} + +trap cleanup EXIT + + +setup() { + umask 0077 + echo "Generating keys" + LEFT_PRIVKEY="$(wg genkey)" + RIGHT_PRIVKEY="$(wg genkey)" + LEFT_PUBKEY="$(wg pubkey <<<"${LEFT_PRIVKEY}")" + RIGHT_PUBKEY="$(wg pubkey <<<"${RIGHT_PRIVKEY}")" + + echo "Generating wireguard config" + cat > "${WG_LEFT_INTERFACE_CONF}" <<-EOF + [Interface] + ListenPort = ${LEFT_PORT} + PrivateKey = ${LEFT_PRIVKEY} + Address = ${LEFT_GW} + + [Peer] + PublicKey = ${RIGHT_PUBKEY} + AllowedIPs = ${RIGHT_GW%%/*}/32 + Endpoint = ${RIGHT_INT%%/*}:${RIGHT_PORT} + EOF + + cat > "${WG_RIGHT_INTERFACE_CONF}" <<-EOF + [Interface] + ListenPort = ${RIGHT_PORT} + PrivateKey = ${RIGHT_PRIVKEY} + Address = ${RIGHT_GW} + + [Peer] + PublicKey = ${LEFT_PUBKEY} + AllowedIPs = ${LEFT_GW%%/*}/32 + Endpoint = ${LEFT_INT%%/*}:${LEFT_PORT} + EOF + + echo "Cleaning up old namespaces" + ip netns delete "${LEFT_NS}" &> /dev/null || true + ip netns delete "${RIGHT_NS}" &> /dev/null || true + + echo "Creating new namespaces ${LEFT_NS} and ${RIGHT_NS} and adding loopback interface to them" + ip netns add "${LEFT_NS}" + ip netns exec "${LEFT_NS}" ip link set dev lo up + + ip netns add "${RIGHT_NS}" + ip netns exec "${RIGHT_NS}" ip link set dev lo up + + echo "Creating veth interface connecting both namespaces" + ip link add p1 netns "${LEFT_NS}" type veth peer p2 netns "${RIGHT_NS}" + ip -n "${LEFT_NS}" addr add "${LEFT_INT}" dev p1 + ip -n "${LEFT_NS}" link set p1 up + + ip -n "${RIGHT_NS}" addr add "${RIGHT_INT}" dev p2 + ip -n "${RIGHT_NS}" link set p2 up + + echo "Bringing up LEFT wireguard interface in namespace ${LEFT_NS}" + ip netns exec "${LEFT_NS}" wg-quick up "${WG_LEFT_INTERFACE}" + + echo "Bringing up RIGHT wireguard interface in namespace ${RIGHT_NS}" + ip netns exec "${RIGHT_NS}" wg-quick up "${WG_RIGHT_INTERFACE}" +} + +show_config() { + echo "${LEFT_NS} namespace:" + ip netns exec "${LEFT_NS}" wg showconf "${WG_LEFT_INTERFACE}" + echo + echo "${RIGHT_NS} namespace:" + ip netns exec "${RIGHT_NS}" wg showconf "${WG_RIGHT_INTERFACE}" +} + +test_stats() { + local -i ret + local output="" + # to be run after the ping tests + # by now, we MUST have "transfer" and "last handshake" + for ns in "${LEFT_NS}" "${RIGHT_NS}"; do + echo "Namespace ${ns}" + output=$(ip netns exec "${ns}" wg show) + echo "${output}" | grep -E "latest handshake:" || { + ret=$? + echo "Missing \"latest handshake\" from stats in namespace ${ns}" + echo "Got this output:" + echo "${output}" + return $ret + } + echo "${output}" | grep -E "transfer:.*received.*sent" || { + ret=$? + echo "Missing \"transfer\" stats in namespace ${ns}" + echo "Got this output:" + echo "${output}" + return $ret + } + done +} + +test_gw_ping() { + echo "Pinging right gateway, from ${LEFT_NS} namespace" + ip netns exec "${LEFT_NS}" ping -W 2 -c 1 "${RIGHT_GW%%/*}" || return $? + echo + echo "Pinging left gateway, from ${RIGHT_NS} namespace" + ip netns exec "${RIGHT_NS}" ping -W 2 -c 1 "${LEFT_GW%%/*}" || return $? +} + +test_wireguard_ping() { + echo "Pinging right wireguard IP from ${LEFT_NS} namespace" + ip netns exec "${LEFT_NS}" ping -W 2 -c 1 "${RIGHT_INT%%/*}" || return $? + echo + echo "Pinging left wireguard IP from ${RIGHT_NS} namesapce" + ip netns exec "${RIGHT_NS}" ping -W 2 -c 1 "${LEFT_INT%%/*}" || return $? +} + + +echo "Setting things up" +setup || { + echo "Failed vpn test setup" + exit 1 +} + +echo +echo "This is the config" +show_config + +echo +echo "Testing gateway ping" +test_gw_ping || { + echo "Failed gateway ping" + exit 1 +} + +echo +echo "Testing wireguard interface ping" +test_wireguard_ping || { + echo "Failed wireguard interface ping" + exit 1 +} + +echo +echo "Testing vpn stats" +test_stats || { + echo "Failed to verify vpn stats" + exit 1 +} diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..1f28e2e --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE0yIvABEADc7Zn9kj02BBd1JQMtyidTHLbY2JnmMlGFx2pwoBCuw3ObDo3G +s7GDxhiK7KoupaUbPklp8NSk914kusr0IOfCcis6lINOKEt3v31yJOpZzWxa0Wha +DXUDWVJc4XhKSdg1LeNtFpLIl1CuOtmaMdOaH8lpKkr/5sL4FeG0g/a3R3ZOzOOj +zoGAx79pyhp92L/qo5FfATTzmD2Pq9m6rxcftiO312gpT7ztKlWvsDmc4iJyyL54 +1m57zSkG5aJqFexwW3C/iJOCSAiY/r6QTmqkbVA2BSSPANOXX9v0A1GX1rcayywR +w7qZelYpaH6pBLUioI2mmnO432kxK2UKrxd3+1wz1G+fg3GWjaabruVnR+KBV4uJ +Q140o6oj/r9k1Busl6elyDeFAdmO6D6i9Pj90oXJIEk0/wxf+DPmag8lVmxEH1CL +ST0M1t68sR38VhNSeyTdcwnsW20D1Ag55aGk3ZN5eXDIw3ccGzFPBfV3w5wfGwWz +idMmAQMxAmhnQCqwSjIXzv1Gv4NeVGze+/t28zUQInTZyZmxi5niMiz0NUeLqREX +bepmUJulYPeXrty/6/7N6jkakXp7kNGIK2Zigadca/18x9H5DgEXHl0eW7ZOgSUH +qQmmnvNNrArhYXlckYapIAZhwLJDGgv3ZhRyYRCEQ9BktVcE0+2R6zb3GQARAQAB +tCRKYXNvbiBBLiBEb25lbmZlbGQgPEphc29uQHp4MmM0LmNvbT6JAlUEEwECAD8C +GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEEq5lC5tSkz8NBJiCnSfxwEqXe +A64FAlp2RGIFCRLnu/IACgkQSfxwEqXeA67KJg//QxU7sM0SCN97+bu/Z7cRAffx +MW+X84rRZRrZvAwkDutTSsvSaBn3dwF5VEnCB25q3px4ybjl0bJF7Klp0RVOBJZo +FEo5BivXH9Ib6eCBn3EGk9g/K9ZZtJP44yF5oW/WZGjlTQdo/plYTd/8COkNA9LX +z3f59ljvQaJNMOUBxnMJVqgvNufbdQehS5dbimhDn5CmBfC7mEpMbrlC7e0O43yl +Tu+BuNssvrX/d3hU7zCYVDDZjVgqSY78YMpvre9xj1WdSdCx9FHo97UcGRHAlm2m +IFIunvZB4s2nWafYAjZ2mg0/gEmn6pIUO+yTSziscoZOedwYDY6FRR26YDjDebF3 +oy5AqgfF8pYACtaKRShJjEfncJhZGKYshuZbuRtXs3yfIQi3QT2MCaCpcZ7C2llS +/ire0qpq1Fp8a6tcyY/8ycr5fp7FO+SHPAQ9tnCZvej7N8guEF/LxkiekxQtkAYM +Fk3Ve4ihFpfy+vT7eF4k95nd067dOwWC+wo/RZMpl5ZBxZJ1ZNzR/Uf9WQ+26KpN +V3pu1cWuh4wjq9auz4MbU/sUMoC69HLDzxgPr8B0aKyU16nyy882R3Xp/SpKqhak +2l95vVi+vjz5YJ9xwoELQCGyb0HscmwNktOqNuev2tze7DpBq6SouK7mibVc9nhD +s9cpv6qFWLLPG9nXC2G5Ag0ETTIi8AEQAL7FzsM9ztt7nCWg8CD8uT5JB0rwGcZT +GZLKSHZAySNO1Gb0Zl0sKkp77UbBy1Unc7VAHmvfFVyUk8xuvkju/kKrLXu3xHNZ +tdIu/o/db4KgDi+ty7YyOrQrmT2a8/Gv5bwAdbtnYvK3i5FMC52iYK+Jd5I4TNAR +ajl+BaJXeuZ99Lf3GiBdkxVQ9B2Q9avUhwkqN0eYUHrZhGgsQ48LfFSnDS7RxBOY +3XX8/+28EqpQjDvHe34vVQXQ6xwusH1ZqD8Q9w1c+DkvS7aqa7pGMRVgcrejYp6e +rcXH4G5S/tzIqcnA0wTX3570grpsSNM1lIQ43f5mcfYuSdIpE0YiHwKVlvBiHnq/ +elyVZEB6Ul00SuW8FbsnrC/w6EFO1Mw1W8nFPHAM2hBuMXYgb4nwNxfFcT0X7Bt1 +1dxIZo3isTRckzwkoXjwB09w1QQK5VvDh4vRS8mCEWRKq3jIZACxYq0wvCMwfbzj +SpFwXlz3VEYAqOxZvbrOQ+0e8YBkrqxpygBI+Gw/yQMkh1KPUtswNyLzoQ4+Mul1 +fDvpAJ44wIFZDnIrr77xzfJ7h6Br0m6o5TinaF87Oxd1QsrY2ba0UfEza8atMmN/ +kwcHdzW4lvJyzzGr+skvhsMdTj/qdyVmCyr/F6FoUyGrq9C+Ww3iXjSbV5g5i/Ol +qurBVLPww8zdABEBAAGJAjwEGAECACYCGwwWIQSrmULm1KTPw0EmIKdJ/HASpd4D +rgUCWnZEdAUJEue8BAAKCRBJ/HASpd4DrlguEACoHU3QB6p7bTY2HdEMRTpz0+pe +E+OYJdB8/1JKqtW/odkTCQmodcJD1AO0jw5NGcFr0SyIzgXxrxFgCBTNGDNIoE+D +gw9Nm6sXwDkeuoyEWHMGPdAYA0da8R9VHmJAG9ezMlHzggpgXMR5DTs16usIqrhG +/gGEgvQWKl3snE+IDiGPLR8VwgF6g1dNEXvwCKhvnM700CBrQqbbmlL+JNVD0q8K +qgtGaf1vqdoDWTalsrqfHLusRUoJOLkJcnaxJnx7mGoBQSjGLuDWlQhg+laQr/H+ +pgTbOAvfTPLIMQNUJDPg4FenoG2uMlAadDEKJnsyo0jblPuaE7b9VBIFAHgrRO2/ +Dgi3/3lUC/srZtPWp+yde10BgFadCgz/jbcfoD2Uq8uOJ8notSFHkqwu5UH/T0qZ +Dd8H4HIgDCrIgOt2WaIriP/317xv5nqDCT/m7yKVxn/Uabu4GW5BFgLv1jUCrmNK +eLGNYnN6xg1djR9hrD7Bvoi4fOU+EnrDmslXr1XZzjrn5ricsY5ezyD1lKPFXEnM +X3gdVkKVzsBx0ZmhkFGiu1qZzGeWfLMDPNHmAZLN7Ovl/oEv7aVfWzzAaAy4kHPJ +utFoKSYJ9MjfAiFlY9XiihNMJ2ZL8csKEGNE6AC0fiArfzh6WBMUU0xFRlVE/D8/ +UqdkAOEzK8aNJzzwqg== +=cPUl +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..6bcb8c9 --- /dev/null +++ b/debian/watch @@ -0,0 +1,4 @@ +version=4 +opts=mode=git,pgpmode=gittag \ + https://github.com/amnezia-vpn/amnezia-wg-tools.git \ + refs/tags/v?([\d\.]+) diff --git a/src/Makefile b/src/Makefile index dca6b45..0c2bf9b 100644 --- a/src/Makefile +++ b/src/Makefile @@ -92,18 +92,19 @@ clean: $(RM) wg *.o *.d $(wildcard wincompat/*.o wincompat/*.lib wincompat/*.dll) install: wg - @install -v -d "$(DESTDIR)$(BINDIR)" && install -v -m 0755 wg "$(DESTDIR)$(BINDIR)/wg" - @install -v -d "$(DESTDIR)$(MANDIR)/man8" && install -v -m 0644 man/wg.8 "$(DESTDIR)$(MANDIR)/man8/wg.8" + @install -v -d "$(DESTDIR)$(BINDIR)" && install -v -m 0755 wg "$(DESTDIR)$(BINDIR)/awg" + @install -v -d "$(DESTDIR)$(MANDIR)/man8" && install -v -m 0644 man/wg.8 "$(DESTDIR)$(MANDIR)/man8/awg.8" @[ "$(WITH_BASHCOMPLETION)" = "yes" ] || exit 0; \ - install -v -d "$(DESTDIR)$(BASHCOMPDIR)" && install -v -m 0644 completion/wg.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/wg" + install -v -d "$(DESTDIR)$(BASHCOMPDIR)" && install -v -m 0644 completion/wg.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/awg" @[ "$(WITH_WGQUICK)" = "yes" ] || exit 0; \ - install -v -m 0755 wg-quick/$(PLATFORM).bash "$(DESTDIR)$(BINDIR)/wg-quick" && install -v -m 0700 -d "$(DESTDIR)$(SYSCONFDIR)/wireguard" + install -v -m 0755 wg-quick/$(PLATFORM).bash "$(DESTDIR)$(BINDIR)/awg-quick" && install -v -m 0700 -d "$(DESTDIR)$(SYSCONFDIR)/amnezia/amneziawg" @[ "$(WITH_WGQUICK)" = "yes" ] || exit 0; \ - install -v -m 0644 man/wg-quick.8 "$(DESTDIR)$(MANDIR)/man8/wg-quick.8" + install -v -m 0644 man/wg-quick.8 "$(DESTDIR)$(MANDIR)/man8/awg-quick.8" @[ "$(WITH_WGQUICK)" = "yes" -a "$(WITH_BASHCOMPLETION)" = "yes" ] || exit 0; \ - install -v -m 0644 completion/wg-quick.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/wg-quick" + install -v -m 0644 completion/wg-quick.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/awg-quick" @[ "$(WITH_WGQUICK)" = "yes" -a "$(WITH_SYSTEMDUNITS)" = "yes" ] || exit 0; \ - install -v -d "$(DESTDIR)$(SYSTEMDUNITDIR)" && install -v -m 0644 systemd/* "$(DESTDIR)$(SYSTEMDUNITDIR)/" + install -v -d "$(DESTDIR)$(SYSTEMDUNITDIR)" && install -v -m 0644 systemd/wg-quick.target "$(DESTDIR)$(SYSTEMDUNITDIR)/awg-quick.target" && \ + install -v -m 0644 systemd/wg-quick@.service "$(DESTDIR)$(SYSTEMDUNITDIR)/awg-quick@.service" check: clean scan-build --html-title=wireguard-tools -maxloop 100 --view --keep-going $(MAKE) wg diff --git a/src/completion/wg-quick.bash-completion b/src/completion/wg-quick.bash-completion index f8973cd..08eab3a 100644 --- a/src/completion/wg-quick.bash-completion +++ b/src/completion/wg-quick.bash-completion @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-2.0 # Copyright (C) 2015-2020 Jason A. Donenfeld . All Rights Reserved. -_wg_quick_completion() { +_awg_quick_completion() { local p i a search_paths old_glob search_paths=( /etc/wireguard ) @@ -27,7 +27,7 @@ _wg_quick_completion() { COMPREPLY+=( "${a[@]}" ) elif [[ ${COMP_WORDS[1]} == down ]]; then if [[ $OSTYPE == *openbsd* || $OSTYPE == *darwin* ]]; then - for i in /var/run/wireguard/*.name; do + for i in /var/run/amneziawg/*.name; do i="${i##*/}"; i="${i%.name}" mapfile -t a < <(compgen -W "$i" -- "${COMP_WORDS[2]}") COMPREPLY+=( "${a[@]}" ) @@ -40,4 +40,4 @@ _wg_quick_completion() { eval "$old_glob" } -complete -o filenames -o nosort -F _wg_quick_completion wg-quick +complete -o filenames -o nosort -F _awg_quick_completion awg-quick diff --git a/src/completion/wg.bash-completion b/src/completion/wg.bash-completion index 3c062b4..918c503 100644 --- a/src/completion/wg.bash-completion +++ b/src/completion/wg.bash-completion @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-2.0 # Copyright (C) 2015-2020 Jason A. Donenfeld . All Rights Reserved. -_wg_completion() { +_awg_completion() { local a if [[ $COMP_CWORD -eq 1 ]]; then @@ -96,4 +96,4 @@ _wg_completion() { COMPREPLY+=( $(compgen -W "${words[*]}" -- "${COMP_WORDS[COMP_CWORD]}") ) } -complete -o nosort -F _wg_completion wg +complete -o nosort -F _awg_completion awg diff --git a/src/ipc-freebsd.h b/src/ipc-freebsd.h index 2c4f7cc..1acddc4 100644 --- a/src/ipc-freebsd.h +++ b/src/ipc-freebsd.h @@ -91,64 +91,64 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname) dev->flags |= WGDEVICE_HAS_LISTEN_PORT; } } - if (nvlist_exists_number(nvl_device, "junk_packet_count")) { - number = nvlist_get_number(nvl_device, "junk_packet_count"); + if (nvlist_exists_number(nvl_device, "jc")) { + number = nvlist_get_number(nvl_device, "jc"); if (number <= UINT16_MAX){ dev->junk_packet_count = number; dev->flags |= WGDEVICE_HAS_JC; } } - if (nvlist_exists_number(nvl_device, "junk_packet_min_size")) { - number = nvlist_get_number(nvl_device, "junk_packet_min_size"); + if (nvlist_exists_number(nvl_device, "jmin")) { + number = nvlist_get_number(nvl_device, "jmin"); if (number <= UINT16_MAX){ dev->junk_packet_min_size = number; dev->flags |= WGDEVICE_HAS_JMIN; } } - if (nvlist_exists_number(nvl_device, "junk_packet_max_size")) { - number = nvlist_get_number(nvl_device, "junk_packet_max_size"); + if (nvlist_exists_number(nvl_device, "jmax")) { + number = nvlist_get_number(nvl_device, "jmax"); if (number <= UINT16_MAX){ dev->junk_packet_max_size = number; dev->flags |= WGDEVICE_HAS_JMAX; } } - if (nvlist_exists_number(nvl_device, "init_packet_junk_size")) { - number = nvlist_get_number(nvl_device, "init_packet_junk_size"); + if (nvlist_exists_number(nvl_device, "s1")) { + number = nvlist_get_number(nvl_device, "s1"); if (number <= UINT16_MAX){ dev->init_packet_junk_size = number; dev->flags |= WGDEVICE_HAS_S1; } } - if (nvlist_exists_number(nvl_device, "response_packet_junk_size")) { - number = nvlist_get_number(nvl_device, "response_packet_junk_size"); + if (nvlist_exists_number(nvl_device, "s2")) { + number = nvlist_get_number(nvl_device, "s2"); if (number <= UINT16_MAX){ dev->response_packet_junk_size = number; dev->flags |= WGDEVICE_HAS_S2; } } - if (nvlist_exists_number(nvl_device, "init_packet_magic_header")) { - number = nvlist_get_number(nvl_device, "init_packet_magic_header"); + if (nvlist_exists_number(nvl_device, "h1")) { + number = nvlist_get_number(nvl_device, "h1"); if (number <= UINT32_MAX){ dev->init_packet_magic_header = number; dev->flags |= WGDEVICE_HAS_H1; } } - if (nvlist_exists_number(nvl_device, "response_packet_magic_header")) { - number = nvlist_get_number(nvl_device, "response_packet_magic_header"); + if (nvlist_exists_number(nvl_device, "h2")) { + number = nvlist_get_number(nvl_device, "h2"); if (number <= UINT32_MAX){ dev->response_packet_magic_header = number; dev->flags |= WGDEVICE_HAS_H2; } } - if (nvlist_exists_number(nvl_device, "underload_packet_magic_header")) { - number = nvlist_get_number(nvl_device, "underload_packet_magic_header"); + if (nvlist_exists_number(nvl_device, "h3")) { + number = nvlist_get_number(nvl_device, "h3"); if (number <= UINT32_MAX){ dev->underload_packet_magic_header = number; dev->flags |= WGDEVICE_HAS_H3; } } - if (nvlist_exists_number(nvl_device, "transport_packet_magic_header")) { - number = nvlist_get_number(nvl_device, "transport_packet_magic_header"); + if (nvlist_exists_number(nvl_device, "h4")) { + number = nvlist_get_number(nvl_device, "h4"); if (number <= UINT32_MAX){ dev->transport_packet_magic_header = number; dev->flags |= WGDEVICE_HAS_H4; @@ -337,23 +337,23 @@ static int kernel_set_device(struct wgdevice *dev) if (dev->flags & WGDEVICE_HAS_LISTEN_PORT) nvlist_add_number(nvl_device, "listen-port", dev->listen_port); if (dev->flags & WGDEVICE_HAS_JC) - nvlist_add_number(nvl_device, "junk_packet_count", dev->junk_packet_count); + nvlist_add_number(nvl_device, "jc", dev->junk_packet_count); if (dev->flags & WGDEVICE_HAS_JMIN) - nvlist_add_number(nvl_device, "junk_packet_min_size", dev->junk_packet_min_size); + nvlist_add_number(nvl_device, "jmin", dev->junk_packet_min_size); if (dev->flags & WGDEVICE_HAS_JMAX) - nvlist_add_number(nvl_device, "junk_packet_max_size", dev->junk_packet_max_size); + nvlist_add_number(nvl_device, "jmax", dev->junk_packet_max_size); if (dev->flags & WGDEVICE_HAS_S1) - nvlist_add_number(nvl_device, "init_packet_junk_size", dev->init_packet_junk_size); + nvlist_add_number(nvl_device, "s1", dev->init_packet_junk_size); if (dev->flags & WGDEVICE_HAS_S2) - nvlist_add_number(nvl_device, "response_packet_junk_size", dev->response_packet_junk_size); + nvlist_add_number(nvl_device, "s2", dev->response_packet_junk_size); if (dev->flags & WGDEVICE_HAS_H1) - nvlist_add_number(nvl_device, "init_packet_magic_header", dev->init_packet_magic_header); + nvlist_add_number(nvl_device, "h1", dev->init_packet_magic_header); if (dev->flags & WGDEVICE_HAS_H2) - nvlist_add_number(nvl_device, "response_packet_magic_header", dev->response_packet_magic_header); + nvlist_add_number(nvl_device, "h2", dev->response_packet_magic_header); if (dev->flags & WGDEVICE_HAS_H3) - nvlist_add_number(nvl_device, "underload_packet_magic_header", dev->underload_packet_magic_header); + nvlist_add_number(nvl_device, "h3", dev->underload_packet_magic_header); if (dev->flags & WGDEVICE_HAS_H4) - nvlist_add_number(nvl_device, "transport_packet_magic_header", dev->transport_packet_magic_header); + nvlist_add_number(nvl_device, "h4", dev->transport_packet_magic_header); if (dev->flags & WGDEVICE_HAS_FWMARK) nvlist_add_number(nvl_device, "user-cookie", dev->fwmark); if (dev->flags & WGDEVICE_REPLACE_PEERS) diff --git a/src/ipc-linux.h b/src/ipc-linux.h index 21cf205..8626e1d 100644 --- a/src/ipc-linux.h +++ b/src/ipc-linux.h @@ -459,41 +459,59 @@ static int parse_device(const struct nlattr *attr, void *data) break; case WGDEVICE_A_PEERS: return mnl_attr_parse_nested(attr, parse_peers, device); - case WGDEVICE_HAS_JC: - if (!mnl_attr_validate(attr, MNL_TYPE_U16)) + case WGDEVICE_A_JC: + if (!mnl_attr_validate(attr, MNL_TYPE_U16)) { device->junk_packet_count = mnl_attr_get_u16(attr); + device->flags |= WGDEVICE_HAS_JC; + } break; - case WGDEVICE_HAS_JMIN: - if (!mnl_attr_validate(attr, MNL_TYPE_U16)) + case WGDEVICE_A_JMIN: + if (!mnl_attr_validate(attr, MNL_TYPE_U16)) { device->junk_packet_min_size = mnl_attr_get_u16(attr); + device->flags |= WGDEVICE_HAS_JMIN; + } break; - case WGDEVICE_HAS_JMAX: - if (!mnl_attr_validate(attr, MNL_TYPE_U16)) + case WGDEVICE_A_JMAX: + if (!mnl_attr_validate(attr, MNL_TYPE_U16)) { device->junk_packet_max_size = mnl_attr_get_u16(attr); + device->flags |= WGDEVICE_HAS_JMAX; + } break; - case WGDEVICE_HAS_S1: - if (!mnl_attr_validate(attr, MNL_TYPE_U16)) + case WGDEVICE_A_S1: + if (!mnl_attr_validate(attr, MNL_TYPE_U16)) { device->init_packet_junk_size = mnl_attr_get_u16(attr); + device->flags |= WGDEVICE_HAS_S1; + } break; - case WGDEVICE_HAS_S2: - if (!mnl_attr_validate(attr, MNL_TYPE_U16)) + case WGDEVICE_A_S2: + if (!mnl_attr_validate(attr, MNL_TYPE_U16)) { device->response_packet_junk_size = mnl_attr_get_u16(attr); + device->flags |= WGDEVICE_HAS_S2; + } break; - case WGDEVICE_HAS_H1: - if (!mnl_attr_validate(attr, MNL_TYPE_U32)) + case WGDEVICE_A_H1: + if (!mnl_attr_validate(attr, MNL_TYPE_U32)) { device->init_packet_magic_header = mnl_attr_get_u32(attr); + device->flags |= WGDEVICE_HAS_H1; + } break; - case WGDEVICE_HAS_H2: - if (!mnl_attr_validate(attr, MNL_TYPE_U32)) + case WGDEVICE_A_H2: + if (!mnl_attr_validate(attr, MNL_TYPE_U32)) { device->response_packet_magic_header = mnl_attr_get_u32(attr); + device->flags |= WGDEVICE_HAS_H2; + } break; - case WGDEVICE_HAS_H3: - if (!mnl_attr_validate(attr, MNL_TYPE_U32)) + case WGDEVICE_A_H3: + if (!mnl_attr_validate(attr, MNL_TYPE_U32)) { device->underload_packet_magic_header = mnl_attr_get_u32(attr); + device->flags |= WGDEVICE_HAS_H3; + } break; - case WGDEVICE_HAS_H4: - if (!mnl_attr_validate(attr, MNL_TYPE_U32)) + case WGDEVICE_A_H4: + if (!mnl_attr_validate(attr, MNL_TYPE_U32)) { device->transport_packet_magic_header = mnl_attr_get_u32(attr); + device->flags |= WGDEVICE_HAS_H4; + } break; } diff --git a/src/ipc-uapi-unix.h b/src/ipc-uapi-unix.h index aaf60ca..fcc47ee 100644 --- a/src/ipc-uapi-unix.h +++ b/src/ipc-uapi-unix.h @@ -14,7 +14,7 @@ #include #include -#define SOCK_PATH RUNSTATEDIR "/wireguard/" +#define SOCK_PATH RUNSTATEDIR "/amneziawg/" #define SOCK_SUFFIX ".sock" static FILE *userspace_interface_file(const char *iface) diff --git a/src/systemd/wg-quick@.service b/src/systemd/wg-quick@.service index dbdab44..d77712a 100644 --- a/src/systemd/wg-quick@.service +++ b/src/systemd/wg-quick@.service @@ -2,9 +2,9 @@ Description=WireGuard via wg-quick(8) for %I After=network-online.target nss-lookup.target Wants=network-online.target nss-lookup.target -PartOf=wg-quick.target -Documentation=man:wg-quick(8) -Documentation=man:wg(8) +PartOf=awg-quick.target +Documentation=man:awg-quick(8) +Documentation=man:awg(8) Documentation=https://www.wireguard.com/ Documentation=https://www.wireguard.com/quickstart/ Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8 @@ -13,9 +13,9 @@ Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8 [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/usr/bin/wg-quick up %i -ExecStop=/usr/bin/wg-quick down %i -ExecReload=/bin/bash -c 'exec /usr/bin/wg syncconf %i <(exec /usr/bin/wg-quick strip %i)' +ExecStart=/usr/bin/awg-quick up %i +ExecStop=/usr/bin/awg-quick down %i +ExecReload=/bin/bash -c 'exec /usr/bin/awg syncconf %i <(exec /usr/bin/awg-quick strip %i)' Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity [Install] diff --git a/src/uapi/linux/linux/wireguard.h b/src/uapi/linux/linux/wireguard.h index 33d9d66..afa4128 100644 --- a/src/uapi/linux/linux/wireguard.h +++ b/src/uapi/linux/linux/wireguard.h @@ -131,7 +131,7 @@ #ifndef _WG_UAPI_WIREGUARD_H #define _WG_UAPI_WIREGUARD_H -#define WG_GENL_NAME "wireguard" +#define WG_GENL_NAME "amneziawg" #define WG_GENL_VERSION 1 #define WG_KEY_LEN 32 diff --git a/src/wg-quick/android.c b/src/wg-quick/android.c index 1263ee4..9eee75f 100644 --- a/src/wg-quick/android.c +++ b/src/wg-quick/android.c @@ -41,6 +41,7 @@ static bool is_exiting = false; static bool binder_available = false; static unsigned int sdk_version; +static bool is_asecurity_on = false; static void *xmalloc(size_t size) { @@ -632,7 +633,10 @@ static void auto_su(int argc, char *argv[]) static void add_if(const char *iface) { - cmd("ip link add %s type wireguard", iface); + if (is_asecurity_on) + cmd("amneziawg-go %s", iface); + else + cmd("ip link add %s type wireguard", iface); } static void del_if(const char *iface) @@ -1256,6 +1260,24 @@ static void parse_options(char **iface, char **config, unsigned int *mtu, char * } else if (!strncasecmp(clean, "MTU=", 4) && j > 4) { *mtu = atoi(clean + 4); continue; + } else if (!strncasecmp(clean, "Jc=", 3) && j > 4 { + is_asecurity_on = true; + } else if (!strncasecmp(clean, "Jmin=", 5) && j > 4 { + is_asecurity_on = true; + } else if (!strncasecmp(clean, "Jmax=", 5) && j > 4 { + is_asecurity_on = true; + } else if (!strncasecmp(clean, "S1=", 3) && j > 4 { + is_asecurity_on = true; + } else if (!strncasecmp(clean, "S2=", 3) && j > 4 { + is_asecurity_on = true; + } else if (!strncasecmp(clean, "H1=", 3) && j > 4 { + is_asecurity_on = true; + } else if (!strncasecmp(clean, "H2=", 3) && j > 4 { + is_asecurity_on = true; + } else if (!strncasecmp(clean, "H3=", 3) && j > 4 { + is_asecurity_on = true; + } else if (!strncasecmp(clean, "H4=", 3) && j > 4 { + is_asecurity_on = true; } } *config = concat_and_free(*config, "", line); @@ -1300,4 +1322,4 @@ int main(int argc, char *argv[]) return 1; } return 0; -} +} \ No newline at end of file diff --git a/src/wg-quick/wg b/src/wg-quick/awg similarity index 100% rename from src/wg-quick/wg rename to src/wg-quick/awg diff --git a/src/wg-quick/darwin.bash b/src/wg-quick/darwin.bash index c938112..9efbe09 100755 --- a/src/wg-quick/darwin.bash +++ b/src/wg-quick/darwin.bash @@ -41,7 +41,7 @@ die() { [[ ${BASH_VERSINFO[0]} -ge 4 ]] || die "Version mismatch: bash ${BASH_VERSINFO[0]} detected, when bash 4+ required" -CONFIG_SEARCH_PATHS=( /etc/wireguard /usr/local/etc/wireguard ) +CONFIG_SEARCH_PATHS=( /etc/amnezia/amneziawg /usr/local/etc/amnezia/amneziawg ) parse_options() { local interface_section=0 line key value stripped path v @@ -110,10 +110,10 @@ auto_su() { get_real_interface() { local interface diff wg show interfaces >/dev/null - [[ -f "/var/run/wireguard/$INTERFACE.name" ]] || return 1 - interface="$(< "/var/run/wireguard/$INTERFACE.name")" - [[ -n $interface && -S "/var/run/wireguard/$interface.sock" ]] || return 1 - diff=$(( $(stat -f %m "/var/run/wireguard/$interface.sock" 2>/dev/null || echo 200) - $(stat -f %m "/var/run/wireguard/$INTERFACE.name" 2>/dev/null || echo 100) )) + [[ -f "/var/run/amneziawg/$INTERFACE.name" ]] || return 1 + interface="$(< "/var/run/amneziawg/$INTERFACE.name")" + [[ -n $interface && -S "/var/run/amneziawg/$interface.sock" ]] || return 1 + diff=$(( $(stat -f %m "/var/run/amneziawg/$interface.sock" 2>/dev/null || echo 200) - $(stat -f %m "/var/run/wireguard/$INTERFACE.name" 2>/dev/null || echo 100) )) [[ $diff -ge 2 || $diff -le -2 ]] && return 1 REAL_INTERFACE="$interface" echo "[+] Interface for $INTERFACE is $REAL_INTERFACE" >&2 @@ -121,9 +121,9 @@ get_real_interface() { } add_if() { - export WG_TUN_NAME_FILE="/var/run/wireguard/$INTERFACE.name" - mkdir -p "/var/run/wireguard/" - cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" utun + export WG_TUN_NAME_FILE="/var/run/amneziawg/$INTERFACE.name" + mkdir -p "/var/run/amneziawg/" + cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" utun get_real_interface } @@ -519,4 +519,4 @@ fi [[ -n $LAUNCHED_BY_LAUNCHD ]] && wait -exit 0 +exit 0 \ No newline at end of file diff --git a/src/wg-quick/freebsd.bash b/src/wg-quick/freebsd.bash index f72daf6..8cb065d 100755 --- a/src/wg-quick/freebsd.bash +++ b/src/wg-quick/freebsd.bash @@ -28,6 +28,8 @@ CONFIG_FILE="" PROGRAM="${0##*/}" ARGS=( "$@" ) +IS_ASESCURITY_ON=0 + cmd() { echo "[#] $*" >&3 "$@" @@ -38,7 +40,7 @@ die() { exit 1 } -CONFIG_SEARCH_PATHS=( /etc/wireguard /usr/local/etc/wireguard ) +CONFIG_SEARCH_PATHS=( /etc/amnezia/amneziawg /usr/local/etc/amnezia/amneziawg ) unset ORIGINAL_TMPDIR make_temp() { @@ -96,6 +98,17 @@ parse_options() { PostDown) POST_DOWN+=( "$value" ); continue ;; SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;; esac + case "$key" in + Jc);& + Jmin);& + Jmax);& + S1);& + S2);& + H1);& + H2);& + H3);& + H4) IS_ASESCURITY_ON=1;; + esac fi WG_CONFIG+="$line"$'\n' done < "$CONFIG_FILE" @@ -116,7 +129,11 @@ auto_su() { add_if() { local ret rc - if ret="$(cmd ifconfig wg create name "$INTERFACE" 2>&1 >/dev/null)"; then + local cmd="ifconfig wg create name "$INTERFACE"" + if [[ $IS_ASESCURITY_ON == 1 ]]; then + cmd="amneziawg-go "$INTERFACE""; + fi + if ret="$(cmd $cmd 2>&1 >/dev/null)"; then return 0 fi rc=$? @@ -125,7 +142,7 @@ add_if() { return $rc fi echo "[!] Missing WireGuard kernel support ($ret). Falling back to slow userspace implementation." >&3 - cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" "$INTERFACE" + cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" "$INTERFACE" } del_routes() { @@ -154,8 +171,8 @@ del_routes() { del_if() { [[ $HAVE_SET_DNS -eq 0 ]] || unset_dns - if [[ -S /var/run/wireguard/$INTERFACE.sock ]]; then - cmd rm -f "/var/run/wireguard/$INTERFACE.sock" + if [[ -S /var/run/amneziawg/$INTERFACE.sock ]]; then + cmd rm -f "/var/run/amneziawg/$INTERFACE.sock" else cmd ifconfig "$INTERFACE" destroy fi @@ -484,4 +501,4 @@ else exit 1 fi -exit 0 +exit 0 \ No newline at end of file diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash index 4193ce5..f503b5e 100755 --- a/src/wg-quick/linux.bash +++ b/src/wg-quick/linux.bash @@ -40,7 +40,7 @@ die() { parse_options() { local interface_section=0 line key value stripped v CONFIG_FILE="$1" - [[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf" + [[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/amnezia/amneziawg/$CONFIG_FILE.conf" [[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist" [[ $CONFIG_FILE =~ (^|/)([a-zA-Z0-9_=+.-]{1,15})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf" CONFIG_FILE="$(readlink -f "$CONFIG_FILE")" @@ -87,11 +87,11 @@ auto_su() { add_if() { local ret - if ! cmd ip link add "$INTERFACE" type wireguard; then + if ! cmd ip link add "$INTERFACE" type amneziawg; then ret=$? - [[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret - echo "[!] Missing WireGuard kernel module. Falling back to slow userspace implementation." >&2 - cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" "$INTERFACE" + [[ -e /sys/module/amneziawg ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" >/dev/null && exit $ret + echo "[!] Missing WireGuard (Amnezia VPN) kernel module. Falling back to slow userspace implementation." >&2 + cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" "$INTERFACE" fi } @@ -99,7 +99,7 @@ del_if() { local table [[ $HAVE_SET_DNS -eq 0 ]] || unset_dns [[ $HAVE_SET_FIREWALL -eq 0 ]] || remove_firewall - if [[ -z $TABLE || $TABLE == auto ]] && get_fwmark table && [[ $(wg show "$INTERFACE" allowed-ips) =~ /0(\ |$'\n'|$) ]]; then + if [[ -z $TABLE || $TABLE == auto ]] && get_fwmark table && [[ $(awg show "$INTERFACE" allowed-ips) =~ /0(\ |$'\n'|$) ]]; then while [[ $(ip -4 rule show 2>/dev/null) == *"lookup $table"* ]]; do cmd ip -4 rule delete table $table done @@ -132,7 +132,7 @@ set_mtu_up() { [[ $endpoint =~ ^\[?([a-z0-9:.]+)\]?:[0-9]+$ ]] || continue output="$(ip route get "${BASH_REMATCH[1]}" || true)" [[ ( $output =~ mtu\ ([0-9]+) || ( $output =~ dev\ ([^ ]+) && $(ip link show dev "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) ) ) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}" - done < <(wg show "$INTERFACE" endpoints) + done < <(awg show "$INTERFACE" endpoints) if [[ $mtu -eq 0 ]]; then read -r output < <(ip route show default || true) || true [[ ( $output =~ mtu\ ([0-9]+) || ( $output =~ dev\ ([^ ]+) && $(ip link show dev "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) ) ) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}" @@ -180,7 +180,7 @@ add_route() { get_fwmark() { local fwmark - fwmark="$(wg show "$INTERFACE" fwmark)" || return 1 + fwmark="$(awg show "$INTERFACE" fwmark)" || return 1 [[ -n $fwmark && $fwmark != off ]] || return 1 printf -v "$1" "%d" "$fwmark" return 0 @@ -199,7 +199,7 @@ remove_firewall() { for iptables in iptables ip6tables; do restore="" found=0 while read -r line; do - [[ $line == "*"* || $line == COMMIT || $line == "-A "*"-m comment --comment \"wg-quick(8) rule for $INTERFACE\""* ]] || continue + [[ $line == "*"* || $line == COMMIT || $line == "-A "*"-m comment --comment \"awg-quick(8) rule for $INTERFACE\""* ]] || continue [[ $line == "-A"* ]] && found=1 printf -v restore '%s%s\n' "$restore" "${line/#-A/-D}" done < <($iptables-save 2>/dev/null) @@ -216,7 +216,7 @@ add_default() { while [[ -n $(ip -4 route show table $table 2>/dev/null) || -n $(ip -6 route show table $table 2>/dev/null) ]]; do ((table++)) done - cmd wg set "$INTERFACE" fwmark $table + cmd awg set "$INTERFACE" fwmark $table fi local proto=-4 iptables=iptables pf=ip [[ $1 == *:* ]] && proto=-6 iptables=ip6tables pf=ip6 @@ -224,7 +224,7 @@ add_default() { cmd ip $proto rule add table main suppress_prefixlength 0 cmd ip $proto route add "$1" dev "$INTERFACE" table $table - local marker="-m comment --comment \"wg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd + local marker="-m comment --comment \"awg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd printf -v nftcmd '%sadd table %s %s\n' "$nftcmd" "$pf" "$nftable" printf -v nftcmd '%sadd chain %s %s preraw { type filter hook prerouting priority -300; }\n' "$nftcmd" "$pf" "$nftable" printf -v nftcmd '%sadd chain %s %s premangle { type filter hook prerouting priority -150; }\n' "$nftcmd" "$pf" "$nftable" @@ -248,7 +248,7 @@ add_default() { } set_config() { - cmd wg setconf "$INTERFACE" <(echo "$WG_CONFIG") + cmd awg setconf "$INTERFACE" <(echo "$WG_CONFIG") } save_config() { @@ -278,7 +278,7 @@ save_config() { done old_umask="$(umask)" umask 077 - current_config="$(cmd wg showconf "$INTERFACE")" + current_config="$(cmd awg showconf "$INTERFACE")" trap 'rm -f "$CONFIG_FILE.tmp"; exit' INT TERM EXIT echo "${current_config/\[Interface\]$'\n'/$new_config}" > "$CONFIG_FILE.tmp" || die "Could not write configuration file" sync "$CONFIG_FILE.tmp" @@ -302,8 +302,8 @@ cmd_usage() { CONFIG_FILE is a configuration file, whose filename is the interface name followed by \`.conf'. Otherwise, INTERFACE is an interface name, with - configuration found at /etc/wireguard/INTERFACE.conf. It is to be readable - by wg(8)'s \`setconf' sub-command, with the exception of the following additions + configuration found at /etc/amnezia/INTERFACE.conf. It is to be readable + by awg(8)'s \`setconf' sub-command, with the exception of the following additions to the [Interface] section, which are handled by $PROGRAM: - Address: may be specified one or more times and contains one or more @@ -319,7 +319,7 @@ cmd_usage() { - SaveConfig: if set to \`true', the configuration is saved from the current state of the interface upon shutdown. - See wg-quick(8) for more info and examples. + See awg-quick(8) for more info and examples. _EOF } @@ -335,7 +335,7 @@ cmd_up() { done set_mtu_up set_dns - for i in $(while read -r _ i; do for i in $i; do [[ $i =~ ^[0-9a-z:.]+/[0-9]+$ ]] && echo "$i"; done; done < <(wg show "$INTERFACE" allowed-ips) | sort -nr -k 2 -t /); do + for i in $(while read -r _ i; do for i in $i; do [[ $i =~ ^[0-9a-z:.]+/[0-9]+$ ]] && echo "$i"; done; done < <(awg show "$INTERFACE" allowed-ips) | sort -nr -k 2 -t /); do add_route "$i" done execute_hooks "${POST_UP[@]}" @@ -343,7 +343,7 @@ cmd_up() { } cmd_down() { - [[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface" + [[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface" execute_hooks "${PRE_DOWN[@]}" [[ $SAVE_CONFIG -eq 0 ]] || save_config del_if @@ -353,7 +353,7 @@ cmd_down() { } cmd_save() { - [[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface" + [[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface" save_config } diff --git a/src/wg-quick/openbsd.bash b/src/wg-quick/openbsd.bash index b58ecf5..502cc9a 100755 --- a/src/wg-quick/openbsd.bash +++ b/src/wg-quick/openbsd.bash @@ -27,6 +27,7 @@ SAVE_CONFIG=0 CONFIG_FILE="" PROGRAM="${0##*/}" ARGS=( "$@" ) +IS_ASESCURITY_ON=0 cmd() { echo "[#] $*" >&3 @@ -41,7 +42,7 @@ die() { parse_options() { local interface_section=0 line key value stripped CONFIG_FILE="$1" - [[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf" + [[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/amnezia/amneziawg/$CONFIG_FILE.conf" [[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist" [[ $CONFIG_FILE =~ (^|/)([a-zA-Z0-9_=+.-]{1,15})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf" CONFIG_FILE="$(readlink -f "$CONFIG_FILE")" @@ -68,6 +69,17 @@ parse_options() { PostDown) POST_DOWN+=( "$value" ); continue ;; SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;; esac + case "$key" in + Jc);& + Jmin);& + Jmax);& + S1);& + S2);& + H1);& + H2);& + H3);& + H4) IS_ASESCURITY_ON=1;; + esac fi WG_CONFIG+="$line"$'\n' done < "$CONFIG_FILE" @@ -106,14 +118,19 @@ add_if() { while true; do local -A existing_ifs="( $(wg show interfaces | sed 's/\([^ ]*\)/[\1]=1/g') )" local index ret - for ((index=0; index <= 2147483647; ++index)); do [[ -v existing_ifs[wg$index] ]] || break; done - if ret="$(cmd ifconfig wg$index create description "wg-quick: $INTERFACE" 2>&1)"; then - REAL_INTERFACE="wg$index" - return 0 + if [[ $IS_ASESCURITY_ON == 1 ]]; then + cmd "amneziawg-go "$INTERFACE""; + return $? + else + for ((index=0; index <= 2147483647; ++index)); do [[ -v existing_ifs[wg$index] ]] || break; done + if ret="$(cmd ifconfig wg$index create description "wg-quick: $INTERFACE" 2>&1)"; then + REAL_INTERFACE="wg$index" + return 0 + fi + [[ $ret == *"ifconfig: SIOCIFCREATE: File exists"* ]] && continue + echo "$ret" >&3 + return 1 fi - [[ $ret == *"ifconfig: SIOCIFCREATE: File exists"* ]] && continue - echo "$ret" >&3 - return 1 done } @@ -478,4 +495,4 @@ else exit 1 fi -exit 0 +exit 0 \ No newline at end of file