Lochnair/vyatta-wireguard

what is the future of this repo?

timkgh opened this issue ยท 15 comments

There have been a few Wireguard recent releases but none here in a while. Do we need to give access to this repo to other developers who have the skills to build for our devices?

I did notice the official WireGuard site has removed it from their listing and came here looking for this question. Curious as to its status as well.

It's time that someone else takes over testing and publishing new releases. Most of the time there's not much to it. The builds are automated and my only interactions are fixing any issues that pops up, or targeting new firmware versions.

On that topic I've put the pipelines in a shared library on GitHub: https://github.com/Lochnair/wireguard-pipelines, so it's now easier to see how the builds are made and contribute to them.

And yes it was removed from the WireGuard website because it wasn't updated to use the new split repositories. There's also two version numbers now, one for the kernel module and one for wg.

While it's sad to read this, thank you for your hard work @Lochnair
I hope someone with the right skills continues your fine work.

We should put pressure on UBNT to pick up this work and start shipping it with their firmwares.

We should put pressure on UBNT to pick up this work and start shipping it with their firmwares.

Chances of that happening are nil. Why would Ubnt spend any resources on adding features to these old and cheap devices when they can focus on the newer more expensive ones they are currently selling?

Chances of that happening are nil. Why would Ubnt spend any resources on adding features to these old and cheap devices when they can focus on the newer more expensive ones they are currently selling?

What new devices you are talking about? I don't see any new devices in their product line for that niche (soho).

Chances of that happening are nil. Why would Ubnt spend any resources on adding features to these old and cheap devices when they can focus on the newer more expensive ones they are currently selling?

What new devices you are talking about? I don't see any new devices in their product line for that niche (soho).

USG, UDM, not sure they still care about the ER line (at least the cheap ER-X I have).

loofi commented

Thank you very much for providing Wireguard to my Edgerouter devices.
If anyone continues @Lochnair work, please make a post here.

Just to be clear, the build server will continue building binaries for the foreseeable future, I've no plans of shutting it down. Also, generally when doing a new release I verify that all builds have successfully built and run the bump_package.sh script, which pulls the new binaries and bumps the version. Meaning anyone can do:

git clone https://github.com/Lochnair/vyatta-wireguard.git
cd vyatta-wireguard
./bump_package.sh
make

And get a set of debs in the package folder.

The kernel repositories are automatically updated with the latest GPL archives when they're released on https://www.ui.com/download/. When a new FW is released, the pipelines need to be updated to target the new version in the repository mentioned above.

I see there is an updated fork here. I do not know what to check to verify its validity.

@Lochnair what you posted above, is that all it takes to build at home? Or is that what you need to do to build a new version assuming you've already built one before? The instructions in the main README are more complex.
And is there a way to limit a build to a specific version, e.g. ER-X with v1 firmware?

@heyitszach Going by the commit description he's just done what I described above. So you can just compare the checksums for the binaries if you wish to verify them.

curl -s -L https://github.com/FossoresLP/vyatta-wireguard/raw/master/e100/lib/modules/3.10.107-UBNT/kernel/net/wireguard.ko | sha256sum -
6b32f73340a9832102de0a7b1366d6ff9fbaad90ec80a34e623e0b3e61585156  -
curl -s -L https://build.lochnair.net/job/ubiquiti/job/wireguard/job/kmod-v1.10/lastSuccessfulBuild/artifact/wireguard-e100.ko | sha256sum -
6b32f73340a9832102de0a7b1366d6ff9fbaad90ec80a34e623e0b3e61585156  -

@timkgh Yes and no. The binaries that go into each release is automatically built by the build server whenever a new tag is pushed upstream. I only interact with them if something breaks. So assuming they don't, anyone can do as described above to get updated packages.

If you want to compile the binaries yourself there's more to it. I've never actually documented how they're built, but everything you'd need to do so is in some repository or other.

The pipelines the build server uses are here: https://github.com/Lochnair/wireguard-pipelines/tree/master/vars.

The Dockerfiles for the images used are available in the different branches here: https://github.com/Lochnair/dockerfiles.

You'd also need the kernel headers to build against. The pipelines for that are in the kernel repositories like this one: https://github.com/Lochnair/kernel_e100/blob/v2.0.8/master/Jenkinsfile.

git clone https://github.com/Lochnair/vyatta-wireguard.git
cd vyatta-wireguard
./bump_package.sh
make

It appears the URLs in update_binaries.sh need to be updated, the above does not work.