Re: [Astlinux-devel] [Astlinux-users] FYI: WireGuard 1.0.0 is now official

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi David, et.al,

Brainstorming ideas are always appreciated.

Though I think our "AstLinux Principles" still apply today, as much as ever:

AstLinux Principles:
https://www.astlinux-project.org/about.html

Our current 3.16.x kernel has been getting backported fixes from upstream [1] for quite some time by Ben Hutchings ... some would argue that the current 3.16.x kernel has "all the fixes but none of the new bugs" :-)

Correct me if you disagree, but since we use i586/x86_64 architecture much of the newer kernel hardware support does not apply to us.  This is even more true for AstLinux running as VM Guests.

Additionally, a big sticking point upgrading beyond the 3.16.x kernel is our current unionfs kernel patches are no longer supported in 4.x.  Looks like we will need to switch to Aufs, which we have been giving some thought, making it backward compatible is a concern.

Some might argue we should stick with a rock-solid 3.16.x kernel for another year or so, others might suggest 4.x (unclear which is best) is warranted.  I think 5.x is too new to consider IMO, not enough testing.

Finally, packages vs. firmware-image.  I'm convinced the firmware-image approach is ideal for an appliance like AstLinux.  I've played with OpenWrt on an EdgeRouter-X, and found the package upgrade approach leaves much to be desired compared with a firmware-image approach.

Please discuss ...

Lonnie

[1] https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-queue.git/log/queue-3.16

> On Mar 30, 2020, at 10:13 AM, David Kerr <da...@ke...> wrote:
> 
> Moving to devel list.
> 
> This once again prompts the question as to what to do about AstLinux kernel version.  It feels that we are getting further and further behind and should maybe even skip 4.x and go straight to a 5.x.
> 
> Or... get out of the business of providing the low level OS components and develop on top of a standard "lightweight" distribution.  When AstLinux started up there was a need for a tight, small, integrated system that would work on typical network gateway hardware of the time.  But today's typical network gateway hardware is very capable of running a standard linux distribution.  And if we moved all the AstLinux-unique features over to installable packages I think we would benefit greatly.
> 
> Just thought I would throw this out there and see what people think.
> 
> David.
> 
> On Mon, Mar 30, 2020 at 10:36 AM Lonnie Abelbeck <li...@lo...> wrote:
> Greetings,
> 
> FYI, I forwarded (below) a note from the WireGuard mailing list.
> 
> My favorite VPN type (as well as many of you reading this) has achieved a major milestone.  Additionally, an outside security audit of WireGuard has been performed.
> 
> For those previously concerned about the non-official status of WireGuard, those concerns should now be minimized.
> 
> Lonnie
> 
> 
> ================
> Begin forwarded message:
> 
> From: "Jason A. Donenfeld" <Ja...@zx...>
> Subject: [ANNOUNCE] WireGuard 1.0.0 for Linux 5.6 Released
> Date: March 29, 2020 at 9:16:43 PM CDT
> To: WireGuard mailing list <wir...@li...>
> 
> Hi folks,
> 
> Earlier this evening, Linus released [1] Linus 5.6, which contains our
> first release of WireGuard. This is quite exciting. It means that
> kernels from here on out will have WireGuard built-in by default. And
> for those of you who were scared away prior by the "dOnT uSe tHiS
> k0de!!1!" warnings everywhere, you now have something more stable to
> work with.
> 
> The last several weeks of 5.6 development and stabilization have been
> exciting, with our codebase undergoing a quick security audit [3], and
> some real headway in terms of getting into distributions.
> 
> We'll also continue to maintain our wireguard-linux-compat [2]
> backports repo for older kernels. On the backports front, WireGuard
> was backported to Ubuntu 20.04 (via wireguard-linux-compat) [4] and
> Debian Buster (via a real backport to 5.5.y) [5]. I'm also maintaining
> real backports, not via the compat layer, to 5.4.y [6] and 5.5.y [7],
> and we'll see where those wind up; 5.4.y is an LTS release.
> 
> Meanwhile, the usual up-to-date distributions like Arch, Gentoo, and
> Fedora 32 will be getting WireGuard automatically by virtue of having
> 5.6, and I expect these to increase in number over time.
> 
> Enjoy!
> Jason
> 
> 
> [1] https://lore.kernel.org/lkml/CAHk-=wi9...@ma.../
> [2] https://git.zx2c4.com/wireguard-linux-compat/
> [3] https://lore.kernel.org/netdev/202...@zx.../
> [4] https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/tree/debian/dkms-versions?h=master-next
> [5] https://salsa.debian.org/kernel-team/linux/-/tree/master/debian%2Fpatches%2Ffeatures%2Fall%2Fwireguard
> [6] https://git.zx2c4.com/wireguard-linux/log/?h=backport-5.4.y
> [7] https://git.zx2c4.com/wireguard-linux/log/?h=backport-5.5.y
> 
> 
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
> _______________________________________________
> Astlinux-devel mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-devel