New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WireGuard: Make tools available on other platforms #40744
Conversation
Wireguard is now split into two pretty much independent packages: `wireguard` (Linux-specific kernel module) and `wireguard-tools`, which is cross-platform.
73465a9
to
865abfa
Compare
/cc @Mic92 |
@GrahamcOfBorg build wireguard-tools |
Success on aarch64-linux (full log) Attempted: wireguard-tools Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: wireguard-tools Partial log (click to expand)
|
Success on x86_64-darwin (full log) Attempted: wireguard-tools Partial log (click to expand)
|
@GrahamcOfBorg build linuxPackages.wireguard |
No attempt on x86_64-darwin (full log) The following builds were skipped because they don't evaluate on x86_64-darwin: linuxPackages.wireguard Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: linuxPackages.wireguard Partial log (click to expand)
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, other than fetchurl
on snapshot.
Because cgit snapshots are not deterministic.
Success on aarch64-linux (full log) Attempted: linuxPackages.wireguard Partial log (click to expand)
|
@@ -5500,6 +5500,8 @@ with pkgs; | |||
|
|||
whois = callPackage ../tools/networking/whois { }; | |||
|
|||
wireguard-tools = callPackage ../tools/networking/wireguard-tools { }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need to rename this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly to avoid ambiguity, reduce potential confusion and make it clear that when you are installing wireguard-tools
you are getting only tools, not all of WireGuard. Also because wireguard-tools
are a separate package in many other distros.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer keep the upstream name instead because it is easier to guess.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also the reference in our nixos module needs to be renamed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe wireguard-tools
is actually easier to guess, because it is called this way in (almost) every other major distro (Debian, Fedora, Arch, OpenSUSE, OpenWrt, Homebrew). So this name is consistent with the way others name it and, more importantly, with what the package actually does.
I guess, let’s wait for what @zx2c4 has to say on this matter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also the reference in our nixos module needs to be renamed.
I believe I renamed it right in my first commit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Mic92: wireguard-tools indeed seems to be an upstream-approved name for that package. See Homebrew/homebrew-core#27863 for example.
version = "0.0.20180514"; | ||
|
||
src = fetchurl { | ||
src = fetchzip { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it is a good idea to split this file because now somebody might by accident update only one of the two packages. Why not mark the user space component as platform independent instead of duplicating the package?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My understanding is that the versions of the module and tools are actually more-or-less independent, but I might be wrong.
I also find current logic with returning a different derivation based on the presence of the kernel
argument somewhat, um, unorthodox.
instead of duplicating the package
Which directory will we put it into then? The kernel module really belongs to os-specific/linux
and tools really do not belong there. I considered having a separate .nix
file with the source definition, but a) I was not sure which directory to put it into 🙂, b) see my previous point, I believe the versions are independent, so I chose the simplest path.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could as well be inherit (wireguard-tools) src
. This shouldn't matter long-term, because Wireguard is going to be upstreamed to the kernel tree.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Userspace and kernelspace need to be kept in think. If the netlink interface is extended they might become incompatible. This might change when wireguard gets upstream, but we are not there yet.
cc @zx2c4 |
@GrahamcOfBorg build linuxPackages.wireguard |
No attempt on x86_64-darwin (full log) The following builds were skipped because they don't evaluate on x86_64-darwin: linuxPackages.wireguard Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: linuxPackages.wireguard Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: linuxPackages.wireguard Partial log (click to expand)
|
|
Success on x86_64-darwin (full log) Attempted: wireguard-tools The following builds were skipped because they don't evaluate on x86_64-darwin: linuxPackages_testing_bcachefs.wireguard, linuxPackages_4_16.wireguard, linuxPackages_4_14.wireguard, linuxPackages.wireguard, linuxPackages_hardened.wireguard, linuxPackages_4_9.wireguard, linuxPackages_copperhead_stable.wireguard, linuxPackages_latest_hardened.wireguard, linuxPackages_4_4.wireguard, linuxPackages_copperhead_lts.wireguard, linuxPackages_samus_4_12.wireguard, linuxPackages_samus_latest.wireguard, linuxPackages_xen_dom0_hardened.wireguard, linuxPackages_latest_xen_dom0.wireguard, linuxPackages_xen_dom0.wireguard, linuxPackages_latest.wireguard, linuxPackages_latest_xen_dom0_hardened.wireguard Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: linuxPackages_testing_bcachefs.wireguard, linuxPackages_4_16.wireguard, linuxPackages_4_14.wireguard, linuxPackages.wireguard, linuxPackages_hardened.wireguard, linuxPackages_4_9.wireguard, linuxPackages_copperhead_stable.wireguard, linuxPackages_latest_hardened.wireguard, linuxPackages_4_4.wireguard, linuxPackages_copperhead_lts.wireguard, linuxPackages_samus_4_12.wireguard, wireguard-tools, linuxPackages_samus_latest.wireguard, linuxPackages_xen_dom0_hardened.wireguard, linuxPackages_latest_xen_dom0.wireguard, linuxPackages_xen_dom0.wireguard, linuxPackages_latest.wireguard, linuxPackages_latest_xen_dom0_hardened.wireguard Partial log (click to expand)
|
Failure on aarch64-linux (full log) Attempted: linuxPackages_testing_bcachefs.wireguard, linuxPackages_4_16.wireguard, linuxPackages_4_14.wireguard, linuxPackages.wireguard, linuxPackages_hardened.wireguard, linuxPackages_4_9.wireguard, linuxPackages_copperhead_stable.wireguard, linuxPackages_latest_hardened.wireguard, linuxPackages_4_4.wireguard, linuxPackages_copperhead_lts.wireguard, wireguard-tools, linuxPackages_xen_dom0_hardened.wireguard, linuxPackages_latest_xen_dom0.wireguard, linuxPackages_xen_dom0.wireguard, linuxPackages_latest.wireguard, linuxPackages_latest_xen_dom0_hardened.wireguard The following builds were skipped because they don't evaluate on aarch64-linux: linuxPackages_samus_4_12.wireguard, linuxPackages_samus_latest.wireguard Partial log (click to expand)
|
Wireguard is now split into two pretty much independent packages:
wireguard
(Linux-specific kernel module) andwireguard-tools
, which is cross-platform.Motivation for this change
Make tools available on darwin and any other platforms.
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)I have built a NixOS configuration but have not actually activated it, merely made sure there were no errors and checked visually that the module and tools seem to be present in it as expected.