net-vpn/wireguard-tools: Move to portage-stable; Sync with Gentoo

upstream gentoo sync ref: 717ed38536
2025-08-15 00:46:58 +02:00 · 2022-10-14 10:30:28 +00:00 · 2022-10-14 10:30:28 +00:00 · 8797830870
commit 8797830870
parent d009528d60
5 changed files with 285 additions and 0 deletions
--- a/sdk_container/src/third_party/portage-stable/net-vpn/wireguard-tools/Manifest
+++ b/sdk_container/src/third_party/portage-stable/net-vpn/wireguard-tools/Manifest
@ -0,0 +1,2 @@
+DIST wireguard-tools-1.0.20210424.tar.xz 96816 BLAKE2B 4787624d296c22241ff366c799eb07e1e718534eab9c998df24003380ed9743f76c3b8f779c7e534404573583c9654a43527d4c96de0def78a3d88d30ca6985e SHA512 b919c7ce1e8ee8660ccc1490d3dad7817f3d6f0ab79f26866e8ed10d40545a9ddca67959ff6cc84ac36a91683c1f58d274d91d47f40c0b9a7bfee4009dcbbf59
+DIST wireguard-tools-1.0.20210914.tar.xz 99744 BLAKE2B 020f4a61597dafc6663e9ee5659f9401416692f5dc8e23afe8d59054bffd32c92814ff2e1f99d6ffe558fdfcf756afc1838e4d425847f892ad4b627a077fe614 SHA512 6727ea65551dbb064457449b93a943bd6534ca93bc7fa5704c2f6826266c98688ee9ea28731fda57a5245d5f63c05f3899fcca54e40c0b6251b7c4796e957445
--- a/sdk_container/src/third_party/portage-stable/net-vpn/wireguard-tools/files/wg-quick.init
+++ b/sdk_container/src/third_party/portage-stable/net-vpn/wireguard-tools/files/wg-quick.init
@ -0,0 +1,38 @@
+#!/sbin/openrc-run
+# Copyright 2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="WireGuard"
+description="WireGuard via wg-quick(8)"
+
+depend() {
+	need net
+	use dns
+}
+
+CONF="${SVCNAME#*.}"
+
+checkconfig() {
+	if [ "$CONF" = "$SVCNAME" ]; then
+		eerror "You cannot call this init script directly. You must create a symbolic link to it with the configuration name:"
+		eerror "    ln -s /etc/init.d/wg-quick /etc/init.d/wg-quick.vpn0"
+		eerror "And then call it instead:"
+		eerror "    /etc/init.d/wg-quick.vpn0 start"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting $description for $CONF"
+	wg-quick up "$CONF"
+	eend $? "Failed to start $description for $CONF"
+}
+
+stop() {
+	checkconfig || return 1
+	ebegin "Stopping $description for $CONF"
+	wg-quick down "$CONF"
+	eend $? "Failed to stop $description for $CONF"
+}
--- a/sdk_container/src/third_party/portage-stable/net-vpn/wireguard-tools/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/net-vpn/wireguard-tools/metadata.xml
@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>zx2c4@gentoo.org</email>
+		<name>Jason A. Donenfeld</name>
+	</maintainer>
+	<use>
+		<flag name="wg-quick">Install the wg-quick(8) helper tool. Most users want to use this.</flag>
+	</use>
+</pkgmetadata>
--- a/sdk_container/src/third_party/portage-stable/net-vpn/wireguard-tools/wireguard-tools-1.0.20210424.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-vpn/wireguard-tools/wireguard-tools-1.0.20210424.ebuild
@ -0,0 +1,117 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit linux-info bash-completion-r1 systemd toolchain-funcs
+
+DESCRIPTION="Required tools for WireGuard, such as wg(8) and wg-quick(8)"
+HOMEPAGE="https://www.wireguard.com/"
+
+if [[ ${PV} == 9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://git.zx2c4.com/wireguard-tools"
+else
+	SRC_URI="https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-${PV}.tar.xz"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="+wg-quick selinux"
+
+BDEPEND="virtual/pkgconfig"
+DEPEND=""
+RDEPEND="${DEPEND}
+	wg-quick? (
+		|| ( net-firewall/nftables net-firewall/iptables )
+		virtual/resolvconf
+	)
+	selinux? ( sec-policy/selinux-wireguard )
+"
+
+wg_quick_optional_config_nob() {
+	CONFIG_CHECK="$CONFIG_CHECK ~$1"
+	declare -g ERROR_$1="CONFIG_$1: This option is required for automatic routing of default routes inside of wg-quick(8), though it is not required for general WireGuard usage."
+}
+
+pkg_setup() {
+	if use wg-quick; then
+		wg_quick_optional_config_nob IP_ADVANCED_ROUTER
+		wg_quick_optional_config_nob IP_MULTIPLE_TABLES
+		wg_quick_optional_config_nob IPV6_MULTIPLE_TABLES
+		if has_version net-firewall/nftables; then
+			wg_quick_optional_config_nob NF_TABLES
+			wg_quick_optional_config_nob NF_TABLES_IPV4
+			wg_quick_optional_config_nob NF_TABLES_IPV6
+			wg_quick_optional_config_nob NFT_CT
+			wg_quick_optional_config_nob NFT_FIB
+			wg_quick_optional_config_nob NFT_FIB_IPV4
+			wg_quick_optional_config_nob NFT_FIB_IPV6
+			wg_quick_optional_config_nob NF_CONNTRACK_MARK
+		elif has_version net-firewall/iptables; then
+			wg_quick_optional_config_nob NETFILTER_XTABLES
+			wg_quick_optional_config_nob NETFILTER_XT_MARK
+			wg_quick_optional_config_nob NETFILTER_XT_CONNMARK
+			wg_quick_optional_config_nob NETFILTER_XT_MATCH_COMMENT
+			wg_quick_optional_config_nob NETFILTER_XT_MATCH_ADDRTYPE
+			wg_quick_optional_config_nob IP6_NF_RAW
+			wg_quick_optional_config_nob IP_NF_RAW
+			wg_quick_optional_config_nob IP6_NF_FILTER
+			wg_quick_optional_config_nob IP_NF_FILTER
+		fi
+	fi
+	get_version
+	if [[ -f $KERNEL_DIR/include/uapi/linux/wireguard.h ]]; then
+		CONFIG_CHECK="~WIREGUARD $CONFIG_CHECK"
+		declare -g ERROR_WIREGUARD="CONFIG_WIREGUARD: This option is required for using WireGuard."
+	elif kernel_is -ge 3 10 0 && kernel_is -lt 5 6 0 && ! has_version net-vpn/wireguard-modules; then
+		ewarn
+		ewarn "Your kernel does not appear to have upstream support for WireGuard"
+		ewarn "via CONFIG_WIREGUARD. However, the net-vpn/wireguard-modules ebuild"
+		ewarn "contains a compatibility module that should work for your kernel."
+		ewarn "It is highly recommended to install it:"
+		ewarn
+		ewarn "    emerge -av net-vpn/wireguard-modules"
+		ewarn
+	fi
+	linux-info_pkg_setup
+}
+
+src_compile() {
+	emake RUNSTATEDIR="${EPREFIX}/run" -C src CC="$(tc-getCC)" LD="$(tc-getLD)"
+}
+
+src_install() {
+	dodoc README.md
+	dodoc -r contrib
+	emake \
+		WITH_BASHCOMPLETION=yes \
+		WITH_SYSTEMDUNITS=yes \
+		WITH_WGQUICK=$(usex wg-quick) \
+		DESTDIR="${D}" \
+		BASHCOMPDIR="$(get_bashcompdir)" \
+		SYSTEMDUNITDIR="$(systemd_get_systemunitdir)" \
+		PREFIX="${EPREFIX}/usr" \
+		-C src install
+	use wg-quick && newinitd "${FILESDIR}/wg-quick.init" wg-quick
+}
+
+pkg_postinst() {
+	einfo
+	einfo "After installing WireGuard, if you'd like to try sending some packets through"
+	einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh"
+	einfo "test example script:"
+	einfo
+	einfo "  \$ bzcat ${ROOT}/usr/share/doc/${PF}/contrib/ncat-client-server/client.sh.bz2 | sudo bash -"
+	einfo
+	einfo "This will automatically setup interface wg0, through a very insecure transport"
+	einfo "that is only suitable for demonstration purposes. You can then try loading the"
+	einfo "hidden website or sending pings:"
+	einfo
+	einfo "  \$ chromium http://192.168.4.1"
+	einfo "  \$ ping 192.168.4.1"
+	einfo
+	einfo "More info on getting started can be found at: https://www.wireguard.com/quickstart/"
+	einfo
+}
--- a/sdk_container/src/third_party/portage-stable/net-vpn/wireguard-tools/wireguard-tools-1.0.20210914.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-vpn/wireguard-tools/wireguard-tools-1.0.20210914.ebuild
@ -0,0 +1,117 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit linux-info bash-completion-r1 systemd toolchain-funcs
+
+DESCRIPTION="Required tools for WireGuard, such as wg(8) and wg-quick(8)"
+HOMEPAGE="https://www.wireguard.com/"
+
+if [[ ${PV} == 9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://git.zx2c4.com/wireguard-tools"
+else
+	SRC_URI="https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-${PV}.tar.xz"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="+wg-quick selinux"
+
+BDEPEND="virtual/pkgconfig"
+DEPEND=""
+RDEPEND="${DEPEND}
+	wg-quick? (
+		|| ( net-firewall/nftables net-firewall/iptables )
+		virtual/resolvconf
+	)
+	selinux? ( sec-policy/selinux-wireguard )
+"
+
+wg_quick_optional_config_nob() {
+	CONFIG_CHECK="$CONFIG_CHECK ~$1"
+	declare -g ERROR_$1="CONFIG_$1: This option is required for automatic routing of default routes inside of wg-quick(8), though it is not required for general WireGuard usage."
+}
+
+pkg_setup() {
+	if use wg-quick; then
+		wg_quick_optional_config_nob IP_ADVANCED_ROUTER
+		wg_quick_optional_config_nob IP_MULTIPLE_TABLES
+		wg_quick_optional_config_nob IPV6_MULTIPLE_TABLES
+		if has_version net-firewall/nftables; then
+			wg_quick_optional_config_nob NF_TABLES
+			wg_quick_optional_config_nob NF_TABLES_IPV4
+			wg_quick_optional_config_nob NF_TABLES_IPV6
+			wg_quick_optional_config_nob NFT_CT
+			wg_quick_optional_config_nob NFT_FIB
+			wg_quick_optional_config_nob NFT_FIB_IPV4
+			wg_quick_optional_config_nob NFT_FIB_IPV6
+			wg_quick_optional_config_nob NF_CONNTRACK_MARK
+		elif has_version net-firewall/iptables; then
+			wg_quick_optional_config_nob NETFILTER_XTABLES
+			wg_quick_optional_config_nob NETFILTER_XT_MARK
+			wg_quick_optional_config_nob NETFILTER_XT_CONNMARK
+			wg_quick_optional_config_nob NETFILTER_XT_MATCH_COMMENT
+			wg_quick_optional_config_nob NETFILTER_XT_MATCH_ADDRTYPE
+			wg_quick_optional_config_nob IP6_NF_RAW
+			wg_quick_optional_config_nob IP_NF_RAW
+			wg_quick_optional_config_nob IP6_NF_FILTER
+			wg_quick_optional_config_nob IP_NF_FILTER
+		fi
+	fi
+	get_version
+	if [[ -f $KERNEL_DIR/include/uapi/linux/wireguard.h ]]; then
+		CONFIG_CHECK="~WIREGUARD $CONFIG_CHECK"
+		declare -g ERROR_WIREGUARD="CONFIG_WIREGUARD: This option is required for using WireGuard."
+	elif kernel_is -ge 3 10 0 && kernel_is -lt 5 6 0 && ! has_version net-vpn/wireguard-modules; then
+		ewarn
+		ewarn "Your kernel does not appear to have upstream support for WireGuard"
+		ewarn "via CONFIG_WIREGUARD. However, the net-vpn/wireguard-modules ebuild"
+		ewarn "contains a compatibility module that should work for your kernel."
+		ewarn "It is highly recommended to install it:"
+		ewarn
+		ewarn "    emerge -av net-vpn/wireguard-modules"
+		ewarn
+	fi
+	linux-info_pkg_setup
+}
+
+src_compile() {
+	emake RUNSTATEDIR="${EPREFIX}/run" -C src CC="$(tc-getCC)" LD="$(tc-getLD)"
+}
+
+src_install() {
+	dodoc README.md
+	dodoc -r contrib
+	emake \
+		WITH_BASHCOMPLETION=yes \
+		WITH_SYSTEMDUNITS=yes \
+		WITH_WGQUICK=$(usex wg-quick) \
+		DESTDIR="${D}" \
+		BASHCOMPDIR="$(get_bashcompdir)" \
+		SYSTEMDUNITDIR="$(systemd_get_systemunitdir)" \
+		PREFIX="${EPREFIX}/usr" \
+		-C src install
+	use wg-quick && newinitd "${FILESDIR}/wg-quick.init" wg-quick
+}
+
+pkg_postinst() {
+	einfo
+	einfo "After installing WireGuard, if you'd like to try sending some packets through"
+	einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh"
+	einfo "test example script:"
+	einfo
+	einfo "  \$ bzcat ${ROOT}/usr/share/doc/${PF}/contrib/ncat-client-server/client.sh.bz2 | sudo bash -"
+	einfo
+	einfo "This will automatically setup interface wg0, through a very insecure transport"
+	einfo "that is only suitable for demonstration purposes. You can then try loading the"
+	einfo "hidden website or sending pings:"
+	einfo
+	einfo "  \$ chromium http://192.168.4.1"
+	einfo "  \$ ping 192.168.4.1"
+	einfo
+	einfo "More info on getting started can be found at: https://www.wireguard.com/quickstart/"
+	einfo
+}