linuxserver · aptalca · Jun 22, 2020 · Jun 19, 2020 · Jun 19, 2020 · Jun 20, 2020
diff --git a/Dockerfile b/Dockerfile
@@ -14,22 +14,37 @@ RUN \
  apt-get update && \
  apt-get install -y \
 	bc \
+	build-essential \
 	curl \
-	dkms \
+	git \
 	gnupg \ 
 	ifupdown \
 	iproute2 \
 	iptables \
 	iputils-ping \
+	jq \
 	libc6 \
+	libelf-dev \
 	perl \
+	pkg-config \
 	qrencode && \
- apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \
- echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
- echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
  echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \
  echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \
- apt-get install resolvconf && \
+ apt-get install -y --no-install-recommends \
+	dkms \
+	resolvconf && \
+ echo "**** install wireguard-tools ****" && \
+ if [ -z ${WIREGUARD_RELEASE+x} ]; then \
+	WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
+	| jq -r .[0].name); \
+ fi && \
+ cd /app && \
+ git clone https://git.zx2c4.com/wireguard-linux-compat && \
+ git clone https://git.zx2c4.com/wireguard-tools && \
+ cd wireguard-tools && \
+ git checkout "${WIREGUARD_RELEASE}" && \
+ make -C src -j$(nproc) && \
+ make -C src install && \
  echo "**** install CoreDNS ****" && \
  COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
 	| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \

diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
@@ -14,22 +14,37 @@ RUN \
  apt-get update && \
  apt-get install -y \
 	bc \
+	build-essential \
 	curl \
-	dkms \
+	git \
 	gnupg \ 
 	ifupdown \
 	iproute2 \
 	iptables \
 	iputils-ping \
+	jq \
 	libc6 \
+	libelf-dev \
 	perl \
+	pkg-config \
 	qrencode && \
- apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \
- echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
- echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
  echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \
  echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \
- apt-get install resolvconf && \
+ apt-get install -y --no-install-recommends \
+	dkms \
+	resolvconf && \
+ echo "**** install wireguard-tools ****" && \
+ if [ -z ${WIREGUARD_RELEASE+x} ]; then \
+	WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
+	| jq -r .[0].name); \
+ fi && \
+ cd /app && \
+ git clone https://git.zx2c4.com/wireguard-linux-compat && \
+ git clone https://git.zx2c4.com/wireguard-tools && \
+ cd wireguard-tools && \
+ git checkout "${WIREGUARD_RELEASE}" && \
+ make -C src -j$(nproc) && \
+ make -C src install && \
  echo "**** install CoreDNS ****" && \
  COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
 	| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \

diff --git a/Dockerfile.armhf b/Dockerfile.armhf
@@ -14,22 +14,37 @@ RUN \
  apt-get update && \
  apt-get install -y \
 	bc \
+	build-essential \
 	curl \
-	dkms \
+	git \
 	gnupg \ 
 	ifupdown \
 	iproute2 \
 	iptables \
 	iputils-ping \
+	jq \
 	libc6 \
+	libelf-dev \
 	perl \
+	pkg-config \
 	qrencode && \
- apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \
- echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
- echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
  echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \
  echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \
- apt-get install resolvconf && \
+ apt-get install -y --no-install-recommends \
+	dkms \
+	resolvconf && \
+ echo "**** install wireguard-tools ****" && \
+ if [ -z ${WIREGUARD_RELEASE+x} ]; then \
+	WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
+	| jq -r .[0].name); \
+ fi && \
+ cd /app && \
+ git clone https://git.zx2c4.com/wireguard-linux-compat && \
+ git clone https://git.zx2c4.com/wireguard-tools && \
+ cd wireguard-tools && \
+ git checkout "${WIREGUARD_RELEASE}" && \
+ make -C src -j$(nproc) && \
+ make -C src install && \
  echo "**** install CoreDNS ****" && \
  COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
 	| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -103,7 +103,7 @@ pipeline {
       steps{
         script{
           env.EXT_RELEASE = sh(
-            script: ''' curl -sX GET http://ppa.launchpad.net/wireguard/wireguard/ubuntu/dists/bionic/main/binary-amd64/Packages.gz | gunzip -c |grep -A 7 -m 1 'Package: wireguard' | awk -F ': ' '/Version/{print $2;exit}' ''',
+            script: ''' curl -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name ''',
             returnStdout: true).trim()
             env.RELEASE_LINK = 'custom_command'
         }

diff --git a/README.md b/README.md
@@ -168,11 +168,11 @@ In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as bel
 &nbsp;
 ## Application Setup
 
-This image is designed for Ubuntu and Debian based systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream).
+This image is designed for Ubuntu and Debian based systems mainly (it works on some others, but ymmv). During container start, it will first check if the wireguard module is already installed and loaded. If not, it will then check if the kernel headers are already installed (in `/usr/src`) and if not, attempt to download the necessary kernel headers from the ubuntu/debian/raspbian repos; then will compile and install the kernel module.
 
 If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv).
 
-With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees).
+With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images prior to focal](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees).
 
 This can be run as a server or a client, based on the parameters used. 
 
@@ -268,6 +268,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **19.06.20:** - Add support for Ubuntu Focal (20.04) kernels. Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs.
 * **29.05.20:** - Add support for 64bit raspbian.
 * **28.04.20:** - Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64).
 * **20.04.20:** - Fix typo in client mode conf existence check.

diff --git a/jenkins-vars.yml b/jenkins-vars.yml
@@ -3,7 +3,7 @@
 # jenkins variables
 project_name: docker-wireguard
 external_type: na
-custom_version_command: "curl -sX GET http://ppa.launchpad.net/wireguard/wireguard/ubuntu/dists/bionic/main/binary-amd64/Packages.gz | gunzip -c |grep -A 7 -m 1 'Package: wireguard' | awk -F ': ' '/Version/{print $2;exit}'"
+custom_version_command: "curl -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name"
 release_type: stable
 release_tag: latest
 ls_branch: master

diff --git a/readme-vars.yml b/readme-vars.yml
@@ -54,11 +54,11 @@ optional_block_1_items: ""
 # application setup block
 app_setup_block_enabled: true
 app_setup_block: |
-  This image is designed for Ubuntu and Debian based systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream).
+  This image is designed for Ubuntu and Debian based systems mainly (it works on some others, but ymmv). During container start, it will first check if the wireguard module is already installed and loaded. If not, it will then check if the kernel headers are already installed (in `/usr/src`) and if not, attempt to download the necessary kernel headers from the ubuntu/debian/raspbian repos; then will compile and install the kernel module.
 
   If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv).
 
-  With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees).
+  With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images prior to focal](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees).
 
   This can be run as a server or a client, based on the parameters used. 
 
@@ -85,6 +85,7 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "19.06.20:", desc: "Add support for Ubuntu Focal (20.04) kernels. Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs." }
   - { date: "29.05.20:", desc: "Add support for 64bit raspbian." }
   - { date: "28.04.20:", desc: "Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64)." }
   - { date: "20.04.20:", desc: "Fix typo in client mode conf existence check." }