From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 4Ma8FHE44l75DwAA0tVLHw (envelope-from ) for ; Thu, 11 Jun 2020 13:58:09 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id +CqaEHE44l7uJAAAB5/wlQ (envelope-from ) for ; Thu, 11 Jun 2020 13:58:09 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A9DE894053B for ; Thu, 11 Jun 2020 13:58:08 +0000 (UTC) Received: from localhost ([::1]:54852 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jjNiZ-0001p6-LW for larch@yhetil.org; Thu, 11 Jun 2020 09:58:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51466) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jjNiU-0001oz-Lj for guix-patches@gnu.org; Thu, 11 Jun 2020 09:58:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54297) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jjNiU-0001da-5Z for guix-patches@gnu.org; Thu, 11 Jun 2020 09:58:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jjNiU-00036o-2r for guix-patches@gnu.org; Thu, 11 Jun 2020 09:58:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#41803] [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) Resent-From: raingloom Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jun 2020 13:58:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 41803 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 41803@debbugs.gnu.org X-Debbugs-Original-To: Guix Patches Received: via spool by submit@debbugs.gnu.org id=B.159188387011924 (code B ref -1); Thu, 11 Jun 2020 13:58:01 +0000 Received: (at submit) by debbugs.gnu.org; 11 Jun 2020 13:57:50 +0000 Received: from localhost ([127.0.0.1]:37610 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jjNiB-000367-2V for submit@debbugs.gnu.org; Thu, 11 Jun 2020 09:57:49 -0400 Received: from lists.gnu.org ([209.51.188.17]:56400) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jjNi4-00035o-Nd for submit@debbugs.gnu.org; Thu, 11 Jun 2020 09:57:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51402) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jjNi4-0001Uv-D1 for guix-patches@gnu.org; Thu, 11 Jun 2020 09:57:36 -0400 Received: from mx1.riseup.net ([198.252.153.129]:52732) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jjNhz-0001a8-TB for guix-patches@gnu.org; Thu, 11 Jun 2020 09:57:36 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 49jQQy3RtZzFf2V for ; Thu, 11 Jun 2020 06:57:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1591883850; bh=+Dz23O9J7I5QO2ayHJdAfZ2KWP62WpK3zwI0dT2LZ6s=; h=Date:From:To:Subject:From; b=ark/c41gJzUEDORfNihR+PJaW5KsyXb3NNRcTwO8B5bObzWTnTyv3yspc38TByMym sD9VNp5ef974BBEcNERTBI4ZoYBNxYc406ZWZSmVs4p6YcwGzgx6V4G3kFdfNq/346 a/01uqZ4YAiy6TmkrM061fjuG64NIMzRXqNSa7/c= X-Riseup-User-ID: 6419B8FEDDB26BE44BC7F72BEB2246DCF65D41DCF8D9945D4D8AD143E5E33D04 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 49jQQx5PtkzJqp2 for ; Thu, 11 Jun 2020 06:57:29 -0700 (PDT) Date: Thu, 11 Jun 2020 15:56:56 +0200 From: raingloom Message-ID: <20200611155656.7ece9c24@riseup.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/82n_6_DI0gmRaaIem+Pg+fT" Received-SPF: pass client-ip=198.252.153.129; envelope-from=raingloom@riseup.net; helo=mx1.riseup.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/11 09:57:29 X-ACL-Warn: Detected OS = Linux 3.11 and newer X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: 0.9 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -0.1 (/) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=riseup.net header.s=squak header.b=ark/c41g; dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 0.09 X-TUID: dn/nWGqD9Oex --MP_/82n_6_DI0gmRaaIem+Pg+fT Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline from: https://yggdrasil-network.github.io/ "Yggdrasil is an early-stage implementation of a fully end-to-end encrypted IPv6 network." I spent the last few days packaging it and now it's in a state where I think it's usable. The configuration can include private keys, so that part should NOT go in the operating system config, because it would get stored in the world-readable Guix store. Nix works around this by merging the generated config with a JSON file and sending it to yggdrasil over its stdin. I chose not to do that because I couldn't figure out how to open a service's stdin and because I think the way I did it is much more elegant in the long run. The package is lightly patched to take not one but two config files, and it simply merges them internally. The patch is completely backwards compatible and unobtrusive. It took me about an hour to write and debug and most of that was just figuring out Go's syntax and type system. I will try to get upstream to accept it, or implement similar functionality. Still TODO: documenting the service as an info page. The gist of using it is: 1. look at example operating system 2. see yggdrasil -genconf -json for config options (3.) optional: save output as /etc/yggdrasil-secret.conf (4.) chmod 600 /etc/yggdrasil-secret.conf (5.) delete everything but the signing and encryption keys 6. add peers as needed, or set autoconf? to #t to connect through a local peer It seems to work fine. I could connect to open peers from one machine and another one could auto-configure itself to connect through the first one over the LAN. It's pretty nifty. --MP_/82n_6_DI0gmRaaIem+Pg+fT Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0001-gnu-go-golang-org-x-sys-update-to-05986578812163b266.patch >From e40f06bd1c11569d84cc00b92b0cf3ca4f989d9a Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 30 May 2020 12:52:00 +0200 Subject: [PATCH 1/5] gnu: go-golang-org-x-sys: update to 05986578812163b26672dabd9b425240ae2bb0ad --- gnu/packages/golang.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index d95e195ba5..de76b99039 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -723,8 +723,8 @@ processing.") (license license:bsd-3)))) (define-public go-golang-org-x-sys - (let ((commit "c709ea063b76879dc9915358f55d4d77c16ab6d5") - (revision "6")) + (let ((commit "05986578812163b26672dabd9b425240ae2bb0ad") + (revision "7")) (package (name "go-golang-org-x-sys") (version (git-version "0.0.0" revision commit)) @@ -736,7 +736,7 @@ processing.") (file-name (git-file-name name version)) (sha256 (base32 - "15nq53a6kcqchng4j0d1pjw0m6hny6126nhjdwqw5n9dzh6a226d")))) + "1q2rxb6z5l6pmlckjsz2l0b8lw7bqgk6frhzbmi1dv0y5irb2ka7")))) (build-system go-build-system) (arguments `(#:import-path "golang.org/x/sys" -- 2.26.2 --MP_/82n_6_DI0gmRaaIem+Pg+fT Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0002-gnu-add-yggdrasil-dependencies.patch >From a58a33740676b04af07143cca15d02403ee5fdab Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 30 May 2020 15:27:28 +0200 Subject: [PATCH 2/5] gnu: add yggdrasil dependencies * gnu/packages/golang.scm: (go-github-com-arceliar-phony) (go-github-com-cheggaaa-pb) (go-github-com-gologme-log) (go-github-com-hashicorp-go-syslog) (go-github-com-hjson-hjson-go) (go-github-com-mitchellh-mapstructure) (go-golang-zx2c4-com-wireguard) (go-github-com-kardianos-minwinsvc): New public variables. --- gnu/packages/golang.scm | 208 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 208 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index de76b99039..1753770ba2 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -3784,3 +3784,211 @@ used by other processes.") Porter2 stemmer}. It is written completely using finite state machines to do suffix comparison, rather than the string-based or tree-based approaches.") (license license:asl2.0)))) + +(define-public go-github-com-arceliar-phony + (let ((commit "d0c68492aca0bd4b5c5c8e0452c9b4c8af923eaf") + (revision "0")) + (package + (name "go-github-com-arceliar-phony") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/Arceliar/phony") + (commit commit))) + (sha256 + (base32 + "0876y0hlb1zh8hn0pxrb5zfdadvaqmqwlr66p19yl2a76galz992")))) + (arguments + '(#:import-path "github.com/Arceliar/phony")) + (build-system go-build-system) + (home-page "https://github.com/Arceliar/phony") + (synopsis "A very minimal actor model library") + (description "Phony is a very minimal actor model library for Go, +inspired by the causal messaging system in the Pony programming language") + (license license:expat)))) + +(define-public go-github-com-cheggaaa-pb + (package + (name "go-github-com-cheggaaa-pb") + (version "3.0.4") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/cheggaaa/pb/") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0xhsv9yf3fz918ay6w0d87jnb3hk9vxvi16jk172kqq26x7jixd0")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/cheggaaa/pb/")) + (propagated-inputs + `(("go-github-com-fatih-color" ,go-github-com-fatih-color) + ("go-github-com-mattn-go-colorable" ,go-github-com-mattn-go-colorable) + ("go-github.com-mattn-go-runewidth" ,go-github.com-mattn-go-runewidth) + ("go-golang-org-x-sys" ,go-golang-org-x-sys))) + (native-inputs + `(("go-github-com-mattn-go-isatty" ,go-github-com-mattn-go-isatty))) + (home-page "https://github.com/cheggaaa/pb/") + (synopsis "Console progress bar for Golang") + (description "") + (license license:bsd-3))) + +(define-public go-github-com-gologme-log + (package + (name "go-github-com-gologme-log") + (version "1.2.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/gologme/log") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0shjbf52xh57bx6xka7h00yjvldjl5wwnim530xxbaragqj0cg8f")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/gologme/log")) + (home-page "https://github.com/gologme/log/") + (synopsis + "A fork of the golang built in log package to add support for levels") + (description "This package is a drop in replacement for the built-in Go log +package. All the functionality of the built-in package still exists and is +unchanged. In addition, this package contains a series of small enhancements +and additions.") + ;; TODO: does this even qualify as a license? the LICENSE file is empty + ;; all it has is this paragraph in the README + ;; "This is free software, licensed under the same BSD license that the + ;; original Go log package was licensed." + (license license:bsd-3))) + +(define-public go-github-com-hashicorp-go-syslog + (package + (name "go-github-com-hashicorp-go-syslog") + (version "1.0.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hashicorp/go-syslog") + (commit (string-append "v" version)))) + (sha256 + (base32 + "09vccqggz212cg0jir6vv708d6mx0f9w5bxrcdah3h6chgmal6v1")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hashicorp/go-syslog")) + (home-page "https://github.com/hashicorp/go-syslog") + (synopsis "Golang syslog wrapper, cross-compile friendly") + (description "A very simple wrapper around log/syslog") + (license license:expat))) + +(define-public go-github-com-hjson-hjson-go + (package + (name "go-github-com-hjson-hjson-go") + (version "3.0.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hjson/hjson-go") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0q340mddapq0lxrdrzkjnw7xdwdn1lzifcf564wrmj8rggh7rl81")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hjson/hjson-go")) + (home-page "https://hjson.org/") + (synopsis "Human JSON implementation for Go") + (description "Hjson is a syntax extension to JSON. +It's intended to be used like a user interface for humans, to read and edit +before passing the JSON data to the machine.") + (license license:expat))) + +(define-public go-github-com-mitchellh-mapstructure + (package + (name "go-github-com-mitchellh-mapstructure") + (version "1.3.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/mitchellh/mapstructure") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0l3qyskfx9bwh0b17zv8yk15rrdhjmj482jsp09f9bp0d4g9k87j")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/mitchellh/mapstructure")) + (home-page "https://github.com/mitchellh/mapstructure/") + (synopsis + "Go library for decoding generic map values to and from native Go structures") + (description + "Mapstructure is a Go library for decoding generic map values to structures +and vice versa, while providing helpful error handling. +This library is most useful when decoding values from some data stream +(JSON, Gob, etc.) where you don't quite know the structure of the underlying +data until you read a part of it.") + (license license:expat))) + +(define-public go-golang-zx2c4-com-wireguard + (package + (name "go-golang-zx2c4-com-wireguard") + (version "0.0.20200320") + (source + (origin + (method git-fetch) + ;; NOTE: module URL is a redirect + ;; target: git.zx2c4.com/wireguard-go + ;; source: golang.zx2c4.com/wireguard + (uri (git-reference + (url "https://git.zx2c4.com/wireguard-go/") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0fy4qsss3i3pkq1rpgjds4aipbwlh1dr9hbbf7jn2a1c63kfks0r")))) + (build-system go-build-system) + (arguments + '(#:import-path "golang.zx2c4.com/wireguard")) + (propagated-inputs + `(("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-sys" ,go-golang-org-x-sys) + ("go-golang-org-x-text" ,go-golang-org-x-text))) + (home-page "https://git.zx2c4.com/wireguard") + (synopsis "This is an implementation of WireGuard in Go") + (description "Go Implementation of [WireGuard](https://www.wireguard.com/)") + (license license:expat))) + +(define-public go-github-com-kardianos-minwinsvc + (let ((commit "cad6b2b879b0970e4245a20ebf1a81a756e2bb70") + (revision "0")) + (package + (name "go-github-com-kardianos-minwinsvc") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/kardianos/minwinsvc") + (commit commit))) + (sha256 + (base32 + "000fk0b1ff7m6dd2n3am1l39hzl6nsl1a9p7zmq78qn6h3glabdl")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/kardianos/minwinsvc")) + (home-page "https://github.com/kardianos/minwinsvc/") + ;; some packages (Yggdrasil) need it to compile + ;; it's a tiny package and it's easier to bundle it than to patch it out + (synopsis "A minimal windows only service stub for Go") + (description "Go programs designed to run from most *nix style operating +systems can import this package to enable running programs as services without +modifying them.") + (license license:zlib)))) -- 2.26.2 --MP_/82n_6_DI0gmRaaIem+Pg+fT Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0003-gnu-add-yggdrasil-package-at-version-0.3.14-plus-pat.patch >From cba3078cded2a7fd1b60cf0ec57e7e26a2e84c10 Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 30 May 2020 15:32:56 +0200 Subject: [PATCH 3/5] gnu: add yggdrasil package at version 0.3.14 (plus patch) * gnu/packages/networking.scm: (yggdrasil): New public variable. (gnu packages golang): New dependency. * gnu/packages/patches/yggdrasil-extra-config.patch: New file. * gnu/local.mk: (yggdrasil-extra-config.patch): Added to patches. --- gnu/local.mk | 1 + gnu/packages/networking.scm | 83 ++++++++++++++++++ .../patches/yggdrasil-extra-config.patch | 86 +++++++++++++++++++ 3 files changed, 170 insertions(+) create mode 100644 gnu/packages/patches/yggdrasil-extra-config.patch diff --git a/gnu/local.mk b/gnu/local.mk index 76d6b5deba..f6a3842957 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1622,6 +1622,7 @@ dist_patch_DATA = \ %D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \ %D%/packages/patches/xsane-support-ipv6.patch \ %D%/packages/patches/xsane-tighten-default-umask.patch \ + %D%/packages/patches/yggdrasil-extra-config.patch \ %D%/packages/patches/zziplib-CVE-2018-16548.patch MISC_DISTRO_FILES = \ diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 11344216aa..a93c89d5a8 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -92,6 +92,7 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gnupg) + #:use-module (gnu packages golang) #:use-module (gnu packages gtk) #:use-module (gnu packages image) #:use-module (gnu packages libevent) @@ -3192,3 +3193,85 @@ CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices. @code{lldpd} is an implementation of LLDP. It also supports some proprietary protocols.") (license license:isc))) + +(define-public yggdrasil + (package + (name "yggdrasil") + (version "0.3.14") + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "https://github.com/yggdrasil-network/yggdrasil-go") + (commit (string-append "v" version)) + (recursive? #t))) + (sha256 + (base32 + "0vncf39gqr5hzjn948jlchppf7451a6rcvr962ng97sjdy8mplrw")) + (patches (search-patches "yggdrasil-extra-config.patch")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/yggdrasil-network/yggdrasil-go" + ;; TODO: figure out how tests are run + #:tests? #f + #:install-source? #f + #:phases (modify-phases %standard-phases + (replace 'build + (lambda _ + (for-each + (lambda (c) + (invoke "go" "build" "-v" "-ldflags=-s -w" + (string-append + "github.com/yggdrasil-network/yggdrasil-go/cmd/" + c))) + (list "yggdrasil" "yggdrasilctl")) + #t)) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin/")) + (doc (string-append out "/share/doc/yggdrasil/"))) + (mkdir-p bin) + (for-each + (lambda (f) + (install-file f bin)) + (list "yggdrasil" "yggdrasilctl")) + (mkdir-p doc) + (copy-recursively + (string-append + "src/github.com/yggdrasil-network/yggdrasil-go/" + "doc/yggdrasil-network.github.io") + doc))))))) + ;; https://github.com/kardianos/minwinsvc is windows only + (propagated-inputs + `(("go-github-com-arceliar-phony" ,go-github-com-arceliar-phony) + ("go-github-com-cheggaaa-pb" ,go-github-com-cheggaaa-pb) + ("go-github-com-gologme-log" ,go-github-com-gologme-log) + ("go-github-com-hashicorp-go-syslog" ,go-github-com-hashicorp-go-syslog) + ("go-github-com-hjson-hjson-go" ,go-github-com-hjson-hjson-go) + ("go-github-com-kardianos-minwinsvc" ,go-github-com-kardianos-minwinsvc) + ("go-github-com-mitchellh-mapstructure" + ,go-github-com-mitchellh-mapstructure) + ("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-text" ,go-golang-org-x-text) + ("go-golang-zx2c4-com-wireguard" ,go-golang-zx2c4-com-wireguard) + ("go-netlink" ,go-netlink) + ("go-netns" ,go-netns))) + (home-page "https://yggdrasil-network.github.io/blog.html") + (synopsis "An experiment in scalable routing as an encrypted IPv6 overlay network") + (description "Yggdrasil is an early-stage implementation of a fully end-to-end encrypted +IPv6 network. It is lightweight, self-arranging, supported on multiple platforms and allows +pretty much any IPv6-capable application to communicate securely with other Yggdrasil nodes. +Yggdrasil does not require you to have IPv6 Internet connectivity - it also works over IPv4.") + (license + ;; As a special exception to the GNU Lesser General Public License version 3 + ;; ("LGPL3"), the copyright holders of this Library give you permission to + ;; convey to a third party a Combined Work that links statically or dynamically + ;; to this Library without providing any Minimal Corresponding Source or + ;; Minimal Application Code as set out in 4d or providing the installation + ;; information set out in section 4e, provided that you comply with the other + ;; provisions of LGPL3 and provided that you meet, for the Application the + ;; terms and conditions of the license(s) which apply to the Application. + license:lgpl3))) diff --git a/gnu/packages/patches/yggdrasil-extra-config.patch b/gnu/packages/patches/yggdrasil-extra-config.patch new file mode 100644 index 0000000000..e3502eb644 --- /dev/null +++ b/gnu/packages/patches/yggdrasil-extra-config.patch @@ -0,0 +1,86 @@ +diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go +index 813e950..08d35cc 100644 +--- a/cmd/yggdrasil/main.go ++++ b/cmd/yggdrasil/main.go +@@ -40,11 +40,12 @@ type node struct { + admin module.Module // admin.AdminSocket + } + +-func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config.NodeConfig { ++func readConfig(useconf *bool, useconffile *string, extraconffile *string, normaliseconf *bool) *config.NodeConfig { + // Use a configuration file. If -useconf, the configuration will be read + // from stdin. If -useconffile, the configuration will be read from the + // filesystem. + var conf []byte ++ var extraconf []byte + var err error + if *useconffile != "" { + // Read the file from the filesystem +@@ -56,6 +57,21 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err != nil { + panic(err) + } ++ if *extraconffile != "" { ++ extraconf, err = ioutil.ReadFile(*extraconffile); ++ } ++ if err != nil { ++ panic(err) ++ } ++ // Generate a new configuration - this gives us a set of sane defaults - ++ // then parse the configuration we loaded above on top of it. The effect ++ // of this is that any configuration item that is missing from the provided ++ // configuration will use a sane default. ++ cfg := config.GenerateConfig() ++ var confs [2][]byte ++ confs[0]=conf ++ confs[1]=extraconf ++ for _, conf := range confs { + // If there's a byte order mark - which Windows 10 is now incredibly fond of + // throwing everywhere when it's converting things into UTF-16 for the hell + // of it - remove it and decode back down into UTF-8. This is necessary +@@ -69,11 +85,6 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + panic(err) + } + } +- // Generate a new configuration - this gives us a set of sane defaults - +- // then parse the configuration we loaded above on top of it. The effect +- // of this is that any configuration item that is missing from the provided +- // configuration will use a sane default. +- cfg := config.GenerateConfig() + var dat map[string]interface{} + if err := hjson.Unmarshal(conf, &dat); err != nil { + panic(err) +@@ -112,6 +123,7 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err = mapstructure.Decode(dat, &cfg); err != nil { + panic(err) + } ++ } + return cfg + } + +@@ -164,6 +176,7 @@ func main() { + genconf := flag.Bool("genconf", false, "print a new config to stdout") + useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin") + useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path") ++ extraconffile := flag.String("extraconffile", "", "extra (usually private) HJSON/JSON config from specified file path") + normaliseconf := flag.Bool("normaliseconf", false, "use in combination with either -useconf or -useconffile, outputs your configuration normalised") + confjson := flag.Bool("json", false, "print configuration from -genconf or -normaliseconf as JSON instead of HJSON") + autoconf := flag.Bool("autoconf", false, "automatic mode (dynamic IP, peer with IPv6 neighbors)") +@@ -187,7 +200,7 @@ func main() { + cfg = config.GenerateConfig() + case *useconffile != "" || *useconf: + // Read the configuration from either stdin or from the filesystem +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + // If the -normaliseconf option was specified then remarshal the above + // configuration and print it back to stdout. This lets the user update + // their configuration file with newly mapped names (like above) or to +@@ -332,7 +345,7 @@ func main() { + goto exit + case _ = <-r: + if *useconffile != "" { +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + logger.Infoln("Reloading configuration from", *useconffile) + n.core.UpdateConfig(cfg) + n.tuntap.UpdateConfig(cfg) -- 2.26.2 --MP_/82n_6_DI0gmRaaIem+Pg+fT Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0004-gnu-services-Add-new-service-for-yggdrasil-network.patch >From 9c0dc50704663207023c671b1116f070a445104c Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:09:57 +0200 Subject: [PATCH 4/5] gnu: services: Add new service for yggdrasil network. * gnu/services/networking.scm: (yggdrasil-service-type yggdrasil-configuration yggdrasil-configuration? yggdrasil-configuration-package yggdrasil-configuration-auto-conf yggdrasil-configuration-log-level yggdrasil-configuration-log-to): New public variables. ( yggdrasil-configuration-file yggdrasil-shepherd-service %yggdrasil-accounts): New private variables ((json),(srfi srfi-43)): New dependencies. --- gnu/services/networking.scm | 113 +++++++++++++++++++++++++++++++++++- 1 file changed, 112 insertions(+), 1 deletion(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index d6b0aee357..ddb8e9a17c 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -59,7 +59,9 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) + #:use-module (srfi srfi-43) #:use-module (ice-9 match) + #:use-module (json) #:re-export (static-networking-service static-networking-service-type) #:export (%facebook-host-aliases @@ -178,7 +180,15 @@ pagekite-configuration-kitesecret pagekite-configuration-frontend pagekite-configuration-kites - pagekite-configuration-extra-file)) + pagekite-configuration-extra-file + + yggdrasil-service-type + yggdrasil-configuration + yggdrasil-configuration? + yggdrasil-configuration-package + yggdrasil-configuration-auto-conf + yggdrasil-configuration-log-level + yggdrasil-configuration-log-to)) ;;; Commentary: ;;; @@ -1756,4 +1766,105 @@ table inet filter { "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make local servers publicly accessible on the web, even behind NATs and firewalls."))) + +;;; +;;; Yggdrasil +;;; + +(define-record-type* + yggdrasil-configuration + make-yggdrasil-configuration + yggdrasil-configuration? + (package yggdrasil-configuration-package + (default yggdrasil)) + (json-config yggdrasil-configuration-json-config + (default '())) + (config-file yggdrasil-config-file + (default "/etc/yggdrasil-private.conf")) + (autoconf? yggdrasil-configuration-autoconf? + (default #f)) + (log-level yggdrasil-configuration-log-level + (default 'info)) + (log-to yggdrasil-configuration-log-to + (default 'stdout))) + +(define (yggdrasil-configuration-file config) + (define (scm->yggdrasil-json x) + (define key-value? + dotted-list?) + (define (param->camel str) + (string-concatenate + (map + string-capitalize + (string-split str (cut eqv? <> #\-))))) + (cond + ((key-value? x) + (let ((k (car x)) + (v (cdr x))) + (cons + (if (symbol? k) + (param->camel (symbol->string k)) + k) + v))) + ((list? x) (map scm->yggdrasil-json x)) + ((vector? x) (vector-map scm->yggdrasil-json x)) + (else x))) + (computed-file + "yggdrasil.conf" + #~(call-with-output-file #$output + (lambda (port) + ;; it's HJSON, so comments are a-okay + (display "# Generated by yggdrasil-service\n" port) + (display #$(scm->json-string + (scm->yggdrasil-json + (yggdrasil-configuration-json-config config))) + port))))) + +(define (yggdrasil-shepherd-service config) + "Return a for yggdrasil with CONFIG." + (define yggdrasil-command + #~(append + (list (string-append + #$(yggdrasil-configuration-package config) + "/bin/yggdrasil") + "-useconffile" + #$(yggdrasil-configuration-file config)) + (if #$(yggdrasil-configuration-autoconf? config) + '("-autoconf") + '()) + (let ((extraconf #$(yggdrasil-config-file config))) + (if extraconf + (list "-extraconffile" extraconf) + '())) + (list "-loglevel" + #$(symbol->string + (yggdrasil-configuration-log-level config)) + "-logto" + #$(symbol->string + (yggdrasil-configuration-log-to config))))) + (list (shepherd-service + (documentation "Connect to the Yggdrasil mesh network") + (provision '(yggdrasil)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + #$yggdrasil-command + #:log-file "/var/log/yggdrasil.log")) + (stop #~(make-kill-destructor))))) + +;; TODO: somehow chown the socket. might be better to fix upstream? +(define %yggdrasil-accounts + (list (user-group (name "yggdrasil") (system? #t)))) + +(define yggdrasil-service-type + (service-type + (name 'yggdrasil) + (description + "Connect to the Yggdrasil mesh network. +See yggdrasil -genconf for config options.") + (extensions + (list (service-extension shepherd-root-service-type + yggdrasil-shepherd-service) + (service-extension account-service-type + (const %yggdrasil-accounts)))))) + ;;; networking.scm ends here -- 2.26.2 --MP_/82n_6_DI0gmRaaIem+Pg+fT Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0005-gnu-system-add-example-with-yggdrasil.patch >From d2d9ad6c3402924edd6090ffcad50e2c9d2bd448 Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:16:42 +0200 Subject: [PATCH 5/5] gnu: system: add example with yggdrasil * gnu/system/examples/yggdrasil.tmpl: New file. --- gnu/system/examples/yggdrasil.tmpl | 61 ++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 gnu/system/examples/yggdrasil.tmpl diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdrasil.tmpl new file mode 100644 index 0000000000..244a899bd0 --- /dev/null +++ b/gnu/system/examples/yggdrasil.tmpl @@ -0,0 +1,61 @@ +;; This is an operating system configuration template +;; for a "bare bones" setup, with no X11 display server. + +(use-modules (gnu)) +(use-service-modules networking ssh) +(use-package-modules admin networking screen) + +(operating-system + (host-name "ruby-guard-5545") + (timezone "Europe/Budapest") + (locale "en_US.utf8") + + ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the + ;; target hard disk, and "my-root" is the label of the target + ;; root file system. + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target "/dev/sdX"))) + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + ;; This is where user accounts are specified. The "root" + ;; account is implicit, and is initially created with the + ;; empty password. + (users (cons (user-account + (name "alice") + (comment "Bob's sister") + (group "users") + + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. Adding it to "audio" + ;; and "video" allows the user to play sound + ;; and access the webcam. + (supplementary-groups '("wheel" + "audio" "video"))) + %base-user-accounts)) + + ;; Globally-installed packages. + (packages (cons* screen yggdrasil htop %base-packages)) + + ;; Add services to the baseline: a DHCP client and + ;; an SSH server. + (services + (append + (list + (service dhcp-client-service-type) + (service yggdrasil-service-type + (yggdrasil-configuration + (log-to 'stdout) + (log-level 'debug) + (autoconf? #f) + (json-config + ;; choose one from https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))))) + (service openssh-service-type + (openssh-configuration + (port-number 2222)))) + %base-services))) -- 2.26.2 --MP_/82n_6_DI0gmRaaIem+Pg+fT--