From 664e290e0b65c542e0a215bb352c20cbed8f43ae Mon Sep 17 00:00:00 2001 From: Joe Doss Date: Wed, 30 May 2018 21:09:16 -0500 Subject: [PATCH 1/5] Check SHA256 hash on tarball and add -j4 to make. --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 86d0eee..d955b85 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,7 @@ MAINTAINER "Joe Doss" ARG WIREGUARD_VERSION ARG WIREGUARD_KERNEL_VERSION +ARG WIREGUARD_SHA265 WORKDIR /tmp @@ -20,11 +21,12 @@ RUN dnf update -y && dnf install \ kernel-devel-${WIREGUARD_KERNEL_VERSION}.rpm \ kernel-modules-${WIREGUARD_KERNEL_VERSION}.rpm -y && \ dnf clean all && \ - curl -SL https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${WIREGUARD_VERSION}.tar.xz | tar xJ -C /usr/src/ + curl -LS https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${WIREGUARD_VERSION}.tar.xz | { t="$(mktemp)"; trap "rm -f '$t'" INT TERM EXIT; cat >| "$t"; \ + sha256sum --quiet -c <<<"${WIREGUARD_SHA265} $t" || exit 1; cat "$t"; } | tar xJf - WORKDIR /usr/src/WireGuard-${WIREGUARD_VERSION}/src -RUN KERNELDIR=/usr/lib/modules/${WIREGUARD_KERNEL_VERSION}/build make && make install +RUN KERNELDIR=/usr/lib/modules/${WIREGUARD_KERNEL_VERSION}/build make -j$(nproc) && make install FROM fedora MAINTAINER "Joe Doss" From f5b596896c30b32f09d39d54a3eaa2e44f8f06c3 Mon Sep 17 00:00:00 2001 From: Joe Doss Date: Wed, 30 May 2018 21:09:41 -0500 Subject: [PATCH 2/5] Update to 0.0.20180531 and add in WIREGUARD_SHA265 var. --- atomic-wireguard | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/atomic-wireguard b/atomic-wireguard index d637f09..d6e041a 100644 --- a/atomic-wireguard +++ b/atomic-wireguard @@ -1,2 +1,3 @@ WIREGUARD_PRUNE_OLD_VERSIONS=false -WIREGUARD_VERSION=0.0.20180524 +WIREGUARD_SHA265=ff653095cc0e4c491ab6cd095ddf5d1db207f48f947fb92873a73220363f423c +WIREGUARD_VERSION=0.0.20180531 From 353516551139dd78be38e9baa17a352ec411a3c8 Mon Sep 17 00:00:00 2001 From: Joe Doss Date: Wed, 30 May 2018 21:10:16 -0500 Subject: [PATCH 3/5] Add in WIREGUARD_SHA265 --build-arg. --- atomic-wireguard-module | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/atomic-wireguard-module b/atomic-wireguard-module index 6c5e7c8..9b18712 100755 --- a/atomic-wireguard-module +++ b/atomic-wireguard-module @@ -38,7 +38,9 @@ build_wireguard() echo "The WireGuard ${WIREGUARD_VERSION} kernel module container is not built." echo "Building ${WIREGUARD_VERSION} kernel module for ${WIREGUARD_KERNEL_VERSION} ..." - podman build --build-arg WIREGUARD_VERSION=${WIREGUARD_VERSION} --build-arg WIREGUARD_KERNEL_VERSION=${WIREGUARD_KERNEL_VERSION} \ + podman build --build-arg WIREGUARD_VERSION=${WIREGUARD_VERSION} \ + --build-arg WIREGUARD_SHA265=${WIREGUARD_SHA265} \ + --build-arg WIREGUARD_KERNEL_VERSION=${WIREGUARD_KERNEL_VERSION} \ -t wireguard:${WIREGUARD_VERSION} git://github.com/jdoss/atomic-wireguard fi @@ -50,7 +52,9 @@ build_wireguard() echo "The WireGuard kernel module for ${WIREGUARD_KERNEL_VERSION} is not the correct version." echo "Building ${WIREGUARD_VERSION} kernel module for ${WIREGUARD_KERNEL_VERSION} ..." - podman build --build-arg WIREGUARD_VERSION=${WIREGUARD_VERSION} --build-arg WIREGUARD_KERNEL_VERSION=${WIREGUARD_KERNEL_VERSION} \ + podman build --build-arg WIREGUARD_VERSION=${WIREGUARD_VERSION} \ + --build-arg WIREGUARD_SHA265=${WIREGUARD_SHA265} \ + --build-arg WIREGUARD_KERNEL_VERSION=${WIREGUARD_KERNEL_VERSION} \ -t wireguard:${WIREGUARD_VERSION} git://github.com/jdoss/atomic-wireguard fi From f2e40fab752db2726cfef4bc053e3b8aae0ae9d9 Mon Sep 17 00:00:00 2001 From: Joe Doss Date: Wed, 30 May 2018 21:11:05 -0500 Subject: [PATCH 4/5] Add WIREGUARD_SHA265 documentation. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ec83453..778faa5 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ unload Unload wireguard kernel module reload Build and reload wireguard kernel module ``` -Atomic Wireguard also has a systemd unit file which on start waits for NetworkManager to finish starting up and then it will build and load the WireGuard kernel module. You can also use `systemctl reload atomic-wireguard` to run the build process, unload and then load the kernel module. This is handy if you want to change the WireGuard kernel module version. To change the version, just edit the `WIREGUARD_VERSION` line in `/etc/sysconfig/atomic-wireguard`. Please note that this needs to be the exact version number of a released snapshot. You can verify that the kernel module is loaded with `lsmod |grep wireguard`. +Atomic Wireguard also has a systemd unit file which on start waits for NetworkManager to finish starting up and then it will build and load the WireGuard kernel module. You can also use `systemctl reload atomic-wireguard` to run the build process, unload and then load the kernel module. This is handy if you want to change the WireGuard kernel module version. To change the version, just edit the `WIREGUARD_VERSION` and `WIREGUARD_SHA265` lines in `/etc/sysconfig/atomic-wireguard`. Please note that this needs to be the exact version number and SHA256 hash of a released WireGuard snapshot. You can verify that the kernel module is loaded with `lsmod |grep wireguard`. ### Setting up systemd-networkd From b4ec6adaa54ff551ed6961a77a8d2d0e59a85692 Mon Sep 17 00:00:00 2001 From: Joe Doss Date: Tue, 5 Jun 2018 13:31:37 -0500 Subject: [PATCH 5/5] Fix SHA265 typo, fix SHA256 bash onliner, & nuke kernel-devel from final container. --- Dockerfile | 12 +++++------- atomic-wireguard | 2 +- atomic-wireguard-module | 4 ++-- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index d955b85..c22a1c2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,9 @@ - FROM fedora as builder MAINTAINER "Joe Doss" ARG WIREGUARD_VERSION ARG WIREGUARD_KERNEL_VERSION -ARG WIREGUARD_SHA265 +ARG WIREGUARD_SHA256 WORKDIR /tmp @@ -21,10 +20,11 @@ RUN dnf update -y && dnf install \ kernel-devel-${WIREGUARD_KERNEL_VERSION}.rpm \ kernel-modules-${WIREGUARD_KERNEL_VERSION}.rpm -y && \ dnf clean all && \ - curl -LS https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${WIREGUARD_VERSION}.tar.xz | { t="$(mktemp)"; trap "rm -f '$t'" INT TERM EXIT; cat >| "$t"; \ - sha256sum --quiet -c <<<"${WIREGUARD_SHA265} $t" || exit 1; cat "$t"; } | tar xJf - + curl -LS https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${WIREGUARD_VERSION}.tar.xz | \ + { t="$(mktemp)"; trap "rm -f '$t'" INT TERM EXIT; cat >| "$t"; sha256sum --quiet -c <<<"${WIREGUARD_SHA256} $t" \ + || exit 1; cat "$t"; } | tar xJf - -WORKDIR /usr/src/WireGuard-${WIREGUARD_VERSION}/src +WORKDIR /tmp/WireGuard-${WIREGUARD_VERSION}/src RUN KERNELDIR=/usr/lib/modules/${WIREGUARD_KERNEL_VERSION}/build make -j$(nproc) && make install @@ -37,10 +37,8 @@ WORKDIR /tmp RUN dnf update -y && dnf install kmod koji -y && \ koji download-build --rpm --arch=x86_64 kernel-core-${WIREGUARD_KERNEL_VERSION} && \ - koji download-build --rpm --arch=x86_64 kernel-devel-${WIREGUARD_KERNEL_VERSION} && \ koji download-build --rpm --arch=x86_64 kernel-modules-${WIREGUARD_KERNEL_VERSION} && \ dnf install /tmp/kernel-core-${WIREGUARD_KERNEL_VERSION}.rpm \ - kernel-devel-${WIREGUARD_KERNEL_VERSION}.rpm \ kernel-modules-${WIREGUARD_KERNEL_VERSION}.rpm -y && \ dnf clean all && rm -f /tmp/*.rpm diff --git a/atomic-wireguard b/atomic-wireguard index d6e041a..15c9b2b 100644 --- a/atomic-wireguard +++ b/atomic-wireguard @@ -1,3 +1,3 @@ WIREGUARD_PRUNE_OLD_VERSIONS=false -WIREGUARD_SHA265=ff653095cc0e4c491ab6cd095ddf5d1db207f48f947fb92873a73220363f423c +WIREGUARD_SHA256=ff653095cc0e4c491ab6cd095ddf5d1db207f48f947fb92873a73220363f423c WIREGUARD_VERSION=0.0.20180531 diff --git a/atomic-wireguard-module b/atomic-wireguard-module index 9b18712..f4af0f9 100755 --- a/atomic-wireguard-module +++ b/atomic-wireguard-module @@ -39,7 +39,7 @@ build_wireguard() echo "Building ${WIREGUARD_VERSION} kernel module for ${WIREGUARD_KERNEL_VERSION} ..." podman build --build-arg WIREGUARD_VERSION=${WIREGUARD_VERSION} \ - --build-arg WIREGUARD_SHA265=${WIREGUARD_SHA265} \ + --build-arg WIREGUARD_SHA256=${WIREGUARD_SHA256} \ --build-arg WIREGUARD_KERNEL_VERSION=${WIREGUARD_KERNEL_VERSION} \ -t wireguard:${WIREGUARD_VERSION} git://github.com/jdoss/atomic-wireguard fi @@ -53,7 +53,7 @@ build_wireguard() echo "Building ${WIREGUARD_VERSION} kernel module for ${WIREGUARD_KERNEL_VERSION} ..." podman build --build-arg WIREGUARD_VERSION=${WIREGUARD_VERSION} \ - --build-arg WIREGUARD_SHA265=${WIREGUARD_SHA265} \ + --build-arg WIREGUARD_SHA256=${WIREGUARD_SHA256} \ --build-arg WIREGUARD_KERNEL_VERSION=${WIREGUARD_KERNEL_VERSION} \ -t wireguard:${WIREGUARD_VERSION} git://github.com/jdoss/atomic-wireguard fi