Simple version bump. Changes:
* netns: use read built-in instead of ncat hack for dmesg
* netns: use time-based test instead of quantity-based
* qemu: allow for cross compilation
* qemu: work around ccache bugs
* qemu: test using four cores
* selftest: initialize mutex in routingtable selftest
We now cross compile and run in QEMU for x86_64, i686,
ARMv7, Aarch64, and MIPS. You can see the current build
status on: https://www.wireguard.com/build-status/
* stats: more robust accounting
* compat: fix up stat calculation for udp tunnel
The statistics from `ip link -stats` or from `wg show` are
now much more accurate.
* global: accept decent check_patch.pl suggestions
* global: infuriating kernel iterator style
* global: style nits
* global: use fewer BUG_ONs
* global: get rid of useless forward declarations
* blake2: include headers for macros
* tools: correct type for CTRL_ATTR_FAMILY_ID
Lots of style cleanups.
* crypto/avx: make sure we can actually use ymm registers
This fixes an issue on some Xen platforms that expose
conflicting CPU features.
* peer: get rid of peer_for_each magic
* peer: store total number of peers instead of iterating
A major cleanup of our peer iteration logic, getting rid
of a big ugly macro and clarifying our locking semantics.
* compat: be sure to include header before testing
* wg-quick: allow specifiying multiple hooks
You can now specify {Post,Pre}{Down,Up} multiple times, and
the commands will then run in succession.
* wg-quick: remember to rewind DNS settings on failure
Small consistency fix.
* wg-quick: allow for saving existing interface
There is now a 'save' option for saving an existing
configuration without having to bring down the device.
* wg-quick: fsync the temporary file before renaming
In case the system looses power, you are now left with
either the old file or the new file but not an empty file.
* wg-quick: allow for the hatchet, but not by default
In order to account for distributions that do not have an
implementation of resolvconf(8), the contrib directory ships
with an alternative implementation that may be patched in.
This was extensively discussed and debated on the mailing
list.
* device: only take reference if netns is different
Solves an important memory leak when tearing down network
namespaces that haven't moved the wireguard device.
* device: expand scope of destruct lock
* timers: guard entire setting in block
Just to be certain.
* curve25519: only enable int128 if compiler support is sound
Allows building for Aarch64 with old gcc (such as that used
by Android) where we don't want to branch to a __multi3.
* contrib: add reresolve-dns
A small script that's been passed around for a while now for
reresolving DNS entries from a cronjob.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
It's kinda obvious that these are kernel configuration files
and, looking at various other distros it seems more common
to call the files 'config-<foo>'.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Copying the entire local directory into the container allows
us to check for the existence of the patch directory and
only apply the patches if the directory exists.
An alternative would have been to re-arrange the patch directory
into a sub-directory, but in terms of copying wouldn't have
made that much if a difference.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Simple version bump. Changes:
* noise: handshake constants can be read-only after init
* noise: no need to take the RCU lock if we're not dereferencing
* send: improve dead packet control flow
* receive: improve control flow
* socket: eliminate dead code
* device: our use of queues means this check is worthless
* device: no need to take lock for integer comparison
* blake2s: modernize API and have faster _final
* compat: support READ_ONCE
* compat: just make ro_after_init read_mostly
Assorted cleanups to the module, including nice things like marking our
precomputations as const.
* Makefile: even prettier output
* Makefile: do not clean before cloc
* selftest: better test index for rate limiter
* netns: disable accept_dad for all interfaces
Fixes in our testing and build infrastructure. Now works on the 4.14 rc
series.
* qemu: add build-only target
* qemu: work on ubuntu toolchain
* qemu: add more debugging options to main makefile
* qemu: simplify shutdown
* qemu: open /dev/console if we're started early
* qemu: phase out bitbanging
* qemu: always create directory before untarring
* qemu: newer packages
* qemu: put hvc directive into configuration
This is the beginning of working out a cross building test suite, so we do
several tricks to be less platform independent.
* tools: encoding: be more paranoid
* tools: retry resolution except when fatal
* tools: don't insist on having a private key
* tools: add pass example to wg-quick man page
* tools: style
* tools: newline after warning
* tools: account for padding being in zero attribute
Several important tools fixes, one of which suppresses a needless warning.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
'make firmware_install' adds the firmware blobs creating
during the build to '/lib/firmware' in the result tarball.
This should be installed along with the kernel modules.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
By running:
./scripts/update-component-sha.sh --image linuxkit/alpine ad35b6ddbc70faa07e59a9d7dee7707c08122e8d
Signed-off-by: Ian Campbell <ijc@docker.com>
For some use cases, we may want to add additional kernel
configuration options (e.g. when adding AUFS). This commit
enables it by:
- renaming DEBUG to EXTRA
- append kernel_config${EXTRA} to the kernel config
- allowing passing in an EXTRA argument to the make file
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Without this change, recent Docker build produce this warning:
[WARNING]: Empty continuation line found in:
RUN apk add xz xz-dev zlib-dev && if [ $(uname -m) == x86_64 ]; then apk add libunwind-dev;
fi
[WARNING]: Empty continuation lines will become errors in a future release.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The kernel config for debug kernels is created by concatenating
config files, so we can't use diff to check it.
This fixes a regression introduced by:
9362de0a ("kernel: Verify kernel config")
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The new Dockerfile.kconfig can be used, via the 'kconfig' make target
to build a 'linuxkit/kconfig' images. This images contains the patched
source and default kernel configs for all supported kernels.
It's useful to updating the kernel config files.
While at it, also update the alpine base.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The kernel build currently downloads the source tar ball every
time, which is a little tedious when experimenting with kernel
configs or when compiling the kernel multiple times.
This commit adds a new 'fetch' make target which downloads the
kernel sources into ./sources. Then in the Dockerfile we add
the directory and only download the source if it is not present.
The tarballs signature is till checked on each build.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Since we supply a full .config file we can check that after
make defconfig/oldconfig it hasn't changed. This should catch
cases where a config option has changed between releases.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The original kernel Dockerfile hardcodes the amd64 as the
only arch supported, this patch removes this kind of hardcode
and make the Dockerfile is ready to support both amd64 and
arm64 by using the runtime arch type.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
It clashes with libelf-dev but libelf-dev is sufficient
to compile the kernel. This also allows us to remove the
'|| true' from the 'apk add', catching errors with the
tools installation.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The perf utility is somewhat kernel specific so might as well
compile it when we compile the kernel. The resulting binary
is statically linked (and stripped for size) and is added the
resulting kernel packages.
Although we add alpine packages such as libunwind and other,
it seems that the config detection code for perf/tools does
not detect them.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Also add additional tools and libraries useful/needed for
compiling some of the ./tools in the kernel source.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The vmlinux image is the un-stripped kernel image containing
full debug information which is useful for kernel debugging.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Building debug kernels (with additional run time checks and debugging)
was broken a few commits back. This adds back support for building debug
kernels.
In addition, it builds and uploads debug kernels for selected kernel
series (4.9.x LTS and latest stable). The tag for these kernels has
a "_dbg" suffix.
Update documentation.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- Use a RUN command per artefact created
- Use WORKDIR to avoid "cd /linux" on every RUN command
- Copy all relevant build artefacts to /out
- Only create one additional layer in final stage
- Add System.map to output image
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Previously we hardcoded `bzImage` which is not used for all
use cases or architectures.
fix#1630
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Use multi-stage builds
- Use a single Dockerfile for all kernels
Kernel version and series are passed in as arguments
- Use a separate kernel config per kernel version
These have been copied from kernel_config and ran
through oldconfig to tidy them up
- Rename patch directories
- Refactor the Makefile to use a template
- Allows building of all kernels without arguments to make
- Use git tree hash as the image tag
- Don't build the image if the tag already exists
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Unused. This should not affect anything, and I didnt actually bump
the kernel version; am working on te build in CI for this...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
