Skip to content
Permalink
Browse files

Patch wireguard into our kernel.

  • Loading branch information
nolanl committed Nov 26, 2019
1 parent 665f41a commit a906a6e680d460fd319c32897371cbb99b7bbe14
@@ -19,11 +19,13 @@ UBOOT_VERSION = 2017.11
BOOTFW_VERSION = 1.20170811
BUSYBOX_VERSION = 1.28.0-uclibc
ZEROTIER1_VERSION = 1.2.12
WIREGUARD_VERSION = 0.0.20191012

KERNEL_URL=http://cdn.kernel.org/pub/linux/kernel/v4.x/linux-$(KERNEL_VERSION).tar.xz
UBOOT_URL=http://ftp.denx.de/pub/u-boot/u-boot-$(UBOOT_VERSION).tar.bz2
BOOTFW_URL=http://github.com/raspberrypi/firmware/archive/$(BOOTFW_VERSION).tar.gz
ZEROTIER1_URL=http://github.com/zerotier/ZeroTierOne/archive/$(ZEROTIER1_VERSION).tar.gz
WIREGUARD_URL=https://git.zx2c4.com/WireGuard/snapshot/WireGuard-$(WIREGUARD_VERSION).tar.xz

######################################################
# Pick/validate what target architectures we're building for.
@@ -114,6 +116,7 @@ FSDIR := $(BUILDDIR)/fs
OSFSDIR := $(FSDIR)/rootfs
KERNELDIR := $(BUILDDIR)/linux
ZEROTIER1DIR := $(BUILDDIR)/zerotier-one
WIREGUARDDIR := $(BUILDDIR)/WireGuard
IMGFSDIR := $(BUILDDIR)/imgfs
IMAGESDIR := $(BUILDDIR)/images

@@ -157,6 +160,23 @@ PHONY += clean
clean: fs_clean initrd_clean
rm -rf $(BUILDDIR)

WIREGUARD_SRC := $(WIREGUARDDIR)/contrib/kernel-tree/create-patch.sh
wireguard_src: $(WIREGUARD_SRC)
$(WIREGUARD_SRC):
@mkdir -p $(WIREGUARDDIR)
wget -qO- $(WIREGUARD_URL) | xz -cd | \
tee >(tar --strip-components=1 -x -C $(WIREGUARDDIR)) | \
gpg2 --no-default-keyring --keyring $(SIGDIR)/pubring.gpg \
--verify $(SIGDIR)/WireGuard-$(WIREGUARD_VERSION).tar.asc - && \
[ `echo "$${PIPESTATUS[@]}" | tr -s ' ' + | bc` -eq 0 ] || \
( rm -rf $(WIREGUARDDIR) && false )

PHONY += wireguard_patch
WIREGUARD_PATCH := $(PATCHDIR)/linux/wireguard.patch
wireguard_patch: $(WIREGUARD_PATCH)
$(WIREGUARD_PATCH): $(WIREGUARD_SRC)
$(WIREGUARD_SRC) > $(WIREGUARD_PATCH)

KERNEL_SRC := $(KERNELDIR)/Makefile
kernel_src: $(KERNEL_SRC)
$(KERNEL_SRC):
@@ -870,6 +870,8 @@ CONFIG_XFRM_USER=y
CONFIG_XFRM_IPCOMP=m
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_WIREGUARD=y
# CONFIG_WIREGUARD_DEBUG is not set
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_FIB_TRIE_STATS is not set
@@ -662,6 +662,8 @@ CONFIG_XFRM=y
# CONFIG_XFRM_STATISTICS is not set
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_WIREGUARD=y
# CONFIG_WIREGUARD_DEBUG is not set
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_PNP=y
@@ -670,11 +672,11 @@ CONFIG_IP_PNP_BOOTP=y
# CONFIG_IP_PNP_RARP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE_DEMUX is not set
CONFIG_NET_IP_TUNNEL=m
CONFIG_NET_IP_TUNNEL=y
# CONFIG_IP_MROUTE is not set
# CONFIG_SYN_COOKIES is not set
# CONFIG_NET_IPVTI is not set
# CONFIG_NET_UDP_TUNNEL is not set
CONFIG_NET_UDP_TUNNEL=y
# CONFIG_NET_FOU is not set
# CONFIG_NET_FOU_IP_TUNNELS is not set
# CONFIG_INET_AH is not set
@@ -1460,6 +1462,7 @@ CONFIG_NET_CORE=y
CONFIG_MACVLAN=m
CONFIG_MACVTAP=m
# CONFIG_VXLAN is not set
# CONFIG_GENEVE is not set
# CONFIG_GTP is not set
# CONFIG_MACSEC is not set
# CONFIG_NETCONSOLE is not set
@@ -4137,6 +4140,7 @@ CONFIG_INTEGRITY_AUDIT=y
# CONFIG_EVM is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_XOR_BLOCKS=y
CONFIG_CRYPTO=y

#
@@ -1 +1,2 @@
ext4-on-fat-resize.patch
wireguard.patch

0 comments on commit a906a6e

Please sign in to comment.