Building linux-libre with Wireguard

Building linux-libre with Wireguard

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 1354 bytes --]

I'm taking a look at how to build linux-libre with Wireguard built in.

There are two primary methods offered by Wireguard. Instructions:

https://www.wireguard.com/install/

First, you can run 'create-patch.sh' [0] which prints to stdout a patch that
can be applied to the kernel source code.

Second, you can run 'jury-rig.sh' [0] which symlinks the Wireguard source
tree into an existing kernel tree and makes the necessary changes to the
kernel config.

I tried the latter [1] but the kernel build fails like this:

------
/gnu/store/q19l04vd2za80mk1845pz7r8cz29qk43-bash-minimal-4.4.23/bin/sh: net/wireguard/modules.order: Permission denied
make[2]: *** [scripts/Makefile.build:450: net/wireguard/modules.order] Error 1
make[1]: *** [scripts/Makefile.build:516: net/wireguard] Error 2
make: *** [Makefile:1058: net] Error 2
make: *** Waiting for unfinished jobs....
------

Well, it takes several hours to reach this point so I am not going to
try it again right away with --keep-failed, oops. But it makes sense
that if the build process tried to make some changes to the Wireguard
code that was linked from /gnu/store that it would fail.

I would really prefer to use 'create-patch.sh' to generate and apply the
patch at build-time so I will try that next.

[0]
https://git.zx2c4.com/WireGuard/tree/contrib/kernel-tree
[1] See the attached module

[-- Attachment #1.2: wireguard.scm --]
[-- Type: text/plain, Size: 2375 bytes --]

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019 Leo Famulari <leo@famulari.name>
;;;
;;; This file is NOT part of GNU Guix, but is supposed to be used with GNU
;;; Guix and thus has the same license.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (leo packages wireguard)
  #:use-module (guix git-download)
  #:use-module (guix licenses)
  #:use-module (guix packages)
  #:use-module (guix build utils)
  #:use-module (guix utils) ;substitute-keyword-arguments
  #:use-module (gnu packages linux))

(define %wireguard-version "0.0.20190123")

(define wireguard-source
  (origin
    ;; XXX It's simpler to have a directory than a tarball?
    (method git-fetch)
    (uri (git-reference
           (url "https://git.zx2c4.com/WireGuard")
           (commit %wireguard-version)))
    (file-name (string-append "wireguard-source-" %wireguard-version))
    (sha256
     (base32
      "1lyl3nmsgp9jk9js3vz032vdx7cg9ynkwzdr19wrr26pkxhpcnxr"))))

(define-public linux-libre-with-wireguard
  (package
    (inherit linux-libre)
    (name "linux-libre-with-wireguard")
    (native-inputs
     `(("wireguard-source" ,wireguard-source)
       ,@(package-native-inputs linux-libre)))
    (arguments
     (substitute-keyword-arguments (package-arguments linux-libre)
       ((#:phases phases)
        `(modify-phases ,phases
           (add-after 'unpack 'add-wireguard
             (lambda* (#:key inputs outputs #:allow-other-keys)
               (let* ((wireguard-src (assoc-ref inputs "wireguard-source"))
                      (wireguard-patch-tool (string-append wireguard-src "/contrib/kernel-tree/jury-rig.sh")))
                 (invoke "sh" wireguard-patch-tool "."))))))))))

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Building linux-libre with Wireguard

[Ludovic Courtès]

Hi Leo,

Leo Famulari <leo@famulari.name> skribis:

> I'm taking a look at how to build linux-libre with Wireguard built in.
>
> There are two primary methods offered by Wireguard. Instructions:
>
> https://www.wireguard.com/install/
>
> First, you can run 'create-patch.sh' [0] which prints to stdout a patch that
> can be applied to the kernel source code.
>
> Second, you can run 'jury-rig.sh' [0] which symlinks the Wireguard source
> tree into an existing kernel tree and makes the necessary changes to the
> kernel config.
>
> I tried the latter [1] but the kernel build fails like this:
>
> ------
> /gnu/store/q19l04vd2za80mk1845pz7r8cz29qk43-bash-minimal-4.4.23/bin/sh: net/wireguard/modules.order: Permission denied
> make[2]: *** [scripts/Makefile.build:450: net/wireguard/modules.order] Error 1
> make[1]: *** [scripts/Makefile.build:516: net/wireguard] Error 2
> make: *** [Makefile:1058: net] Error 2
> make: *** Waiting for unfinished jobs....
> ------

The checkout made by ‘wireguard-source’ is read-only.  I suppose
‘jury-rig.sh’ somehow copies files from there, preserving read-only
permissions and eventually leading to that “Permission denied”.

Does that make sense?

Ludo’.

Re: Building linux-libre with Wireguard

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 486 bytes --]

On Wed, Mar 06, 2019 at 02:24:32PM +0100, Ludovic Courtès wrote:
> The checkout made by ‘wireguard-source’ is read-only.  I suppose
> ‘jury-rig.sh’ somehow copies files from there, preserving read-only
> permissions and eventually leading to that “Permission denied”.
> 
> Does that make sense?

Yeah. I ended up adding a WireGuard package in 7a0479bb7b8535a that uses
'create-patch.sh'. This can be applied to a kernel source checkout and
WireGuard does work :)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]