wireguard: integrate tools into alpine

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

projects/wireguard/README.md

@@ -18,8 +18,7 @@ A full technical paper from NDSS 2017 is available [here](https://www.wireguard.
 The `kernel/patches-*` sub-directories contain a kernel patch.
 
 ### Userspace Tools
-This project embeds the `wireguard-tools` package in the userspace image.
-This is built into the `mobylinux/init-wireguard` image that is generated by `cd init-wireguard && make`.
+The userspace tools are available from the `wireguard-tools` package.
 
 ## Quickstart
 The quickest way to get started is to use the provided `examples/wireguard.yml` in this directory and use the prebuilt images.

projects/wireguard/tools/.gitignore

@@ -1,2 +0,0 @@
-sbin/
-usr/

projects/wireguard/tools/Dockerfile

@@ -1,13 +0,0 @@
-FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 as tools
-RUN echo http://dl-cdn.alpinelinux.org/alpine/edge/testing >> /etc/apk/repositories
-RUN \
-  apk update && \
-  apk upgrade -a && \
-  apk add --no-cache wireguard-tools
-
-FROM scratch
-ENTRYPOINT []
-CMD []
-WORKDIR /
-COPY --from=tools /usr/bin/wg /usr/bin/wg-quick /usr/bin/
-COPY --from=tools /usr/lib/libmnl.so* /lib/

projects/wireguard/tools/Makefile

@@ -1,16 +0,0 @@
-.PHONY: tag push
-default: push
-
-IMAGE=wireguard-utils
-DEPS=Dockerfile
-ORG?=linuxkit
-
-HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}')
-
-tag: $(DEPS)
-	docker pull $(ORG)/$(IMAGE):$(HASH) || \
-	docker build --no-cache -t $(ORG)/$(IMAGE):$(HASH) .
-
-push: tag
-	docker pull $(ORG)/$(IMAGE):$(HASH) || \
-	docker push $(ORG)/$(IMAGE):$(HASH)

projects/wireguard/wireguard.yml

@@ -1,31 +0,0 @@
-init:
-  - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
-  - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
-  - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4
-  - linuxkit/wireguard-utils:26fe3d38455f2d441549e3c54bdec1b26ac819b8
-onboot:
-  - name: sysctl
-    image: linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64
-  - name: binfmt
-    image: linuxkit/binfmt:603e5f064b3e8a64088c0fcf7a80d2783541ee1d
-  - name: dhcpcd
-    image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
-    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
-services:
-  - name: rngd
-    image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b
-  - name: nginx
-    image: nginx:alpine
-    capabilities:
-     - CAP_NET_BIND_SERVICE
-     - CAP_CHOWN
-     - CAP_SETUID
-     - CAP_SETGID
-     - CAP_DAC_OVERRIDE
-files:
-  - path: etc/docker/daemon.json
-    contents: '{"debug": true}'
-trust:
-  org:
-    - linuxkit

tools/alpine/Dockerfile

@@ -27,6 +27,9 @@ RUN abuild-sign /mirror/$(uname -m)/APKINDEX.tar.gz
 # fetch OVMF for qemu EFI boot (this is not added as a package)
 RUN apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/community ovmf
 
+# add the tools for WireGuard, since the kernel module is now included
+RUN apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/testing -U wireguard-tools
+
 # set this as our repo but keep a copy of the upstream for downstream use
 RUN mv /etc/apk/repositories /etc/apk/repositories.upstream && echo "/mirror" > /etc/apk/repositories && apk update