From: Erich T. <eri...@th...> - 2018-08-23 20:31:34
|
Hi John HI everybody and sorry for cross posting Am 23.08.2018 um 20:20 schrieb John Sager: > Erich, > > I have used Bering-uClibc for many years as a router/firewall and recently I > have become interested in a new VPN server - wireguard: > https://www.wireguard.com. This is a lightweight VPN server - much more so > than IPSec or OpenVPN. It runs in a kernel module and has a control > application to set it up. I now have a build environment for Bering-uClibc > v6.1.4, in the attached archive wireguard_bering6.tgz. I haven't included > the source but the latest version can be downloaded from > https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20180809.tar.xz > > The build environment builds the kernel module, puts it in kernel/extra & > then runs depmod. It then builds the control application and the lrp package > contains this, a startup script, an init.d script that calls it, and a dummy > VPN server config. > > However to integrate with Bering-uClibc it needs a couple of changes, one to > busybox.config and one to root.linuxrc in initrd. The startup script, > wg-quick, requires bash, I guess this can be easily integrated using a dependency. and it needs 'readlink -f' hence the change to > busybox.config to include this readlink option. OK The change to root.linuxrc > is to generate a link from /dev/fd to /proc/self/fd. Is proc/self/fd provided by the kernel module? Can this link be generated by the startup script? The startup script uses > the construct: > 'wg setconf "$INTERFACE" <(echo "$WG_CONFIG")' to set up the VPN > configuration from an environment variable. When piping the output of the > echo command in the subprocess into wg, bash uses /dev/fd/N to refer to the > pipe, where N is the fd number of the script end of the pipe. > > Wireguard is currently very much in beta with fairly regular snapshots so > you may not want to include it in a mainline distribution of Bering yet but > it's there to play with. Very interesting work. I heard about wireguard some time ago but did not pay much attention. I believe the easiest way would be to discuss this on leaf-devel and I hope you can be tricked into integrating it yourself in the repository. Should you not be susbscribed to leaf-devel then please do so. I am sure KP would be very keen to welcome a new contributor. About the beta stage, as long as this is packed in a .lrp file, everybody is free to use it or not. Being just a small group forces us to rely heavily on the work done uplink. > > Also, I found an issue with ntpd.lrp. Currently it doesn't save the drift > file /var/lib/ntp/ntp.drift, which stores the frequency error of the system > clock to allow ntp to synchronise quickly on reboot. The file ntpd.local > should also have the line 'var/lib/ntp' to save that directory. This can be done easily. I am working right now on a rather big overhaul of initrd and signed packages, so I might be a bit distracted. Thank you anyway for the heads up and hope to see you on leaf-devel cheers ET |
From: John S. <jo...@sa...> - 2018-08-23 22:10:13
|
Erich, On 23/08/18 21:31, Erich Titl wrote: > Hi John ... > The change to root.linuxrc >> is to generate a link from /dev/fd to /proc/self/fd. > > Is proc/self/fd provided by the kernel module? Can this link be > generated by the startup script? > /proc/self is a standard feature of the kernel and it is a soft link to /proc/<N> where N is the PID of this process. I guess most modern Linux distributions, and also *BSD apparently, have /dev/fd as a link to /proc/self/fd if bash assumes it will be there. > > I believe the easiest way would be to discuss this on leaf-devel and I > hope you can be tricked into integrating it yourself in the repository. > Should you not be susbscribed to leaf-devel then please do so. I am sure > KP would be very keen to welcome a new contributor. I have just joined leaf-devel so I'll follow up on there. John |
From: John S. <jo...@sa...> - 2018-08-24 10:11:33
|
Reading around the subject it seems that /dev/fd -> /proc/self/fd has been around since at least Linux 2.6, and there should also be soft links for /dev/stdin, /dev/stdout /dev/stderr: ln -s /dev/self/fd/0 /dev/stdin ln -s /dev/self/fd/1 /dev/stdout ln -s /dev/self/fd/2 /dev/stderr Perhaps these should also be added to the root.linuxrc script to avoid any issues with code that depends on them. John On 23/08/18 22:41, John Sager wrote: > Erich, > > > On 23/08/18 21:31, Erich Titl wrote: >> Hi John > > ... > >> The change to root.linuxrc >>> is to generate a link from /dev/fd to /proc/self/fd. >> >> Is proc/self/fd provided by the kernel module? Can this link be >> generated by the startup script? >> > > /proc/self is a standard feature of the kernel and it is a soft link to > /proc/<N> where N is the PID of this process. I guess most modern Linux > distributions, and also *BSD apparently, have /dev/fd as a link to > /proc/self/fd if bash assumes it will be there. > > >> >> I believe the easiest way would be to discuss this on leaf-devel and I >> hope you can be tricked into integrating it yourself in the repository. >> Should you not be susbscribed to leaf-devel then please do so. I am sure >> KP would be very keen to welcome a new contributor. > > I have just joined leaf-devel so I'll follow up on there. > > > John > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > leaf-devel mailing list > lea...@li... > https://lists.sourceforge.net/lists/listinfo/leaf-devel > |
From: Erich T. <eri...@th...> - 2018-08-24 18:19:21
|
Hi John Am 24.08.2018 um 12:11 schrieb John Sager: > Reading around the subject it seems that /dev/fd -> /proc/self/fd has been > around since at least Linux 2.6, and there should also be soft links for > /dev/stdin, /dev/stdout /dev/stderr: > > ln -s /dev/self/fd/0 /dev/stdin > ln -s /dev/self/fd/1 /dev/stdout > ln -s /dev/self/fd/2 /dev/stderr > > Perhaps these should also be added to the root.linuxrc script to avoid any > issues with code that depends on them. Should not hurt, we could include this for the next release, which may have the new initrd. cheers ET |
From: John S. <jo...@sa...> - 2018-08-25 08:06:06
|
Erich, This /dev/fd thing is a bit more nuanced than I thought. The configure script for bash tests for its presence, and will try other ways of doing the subprocess pipes if not (e.g using /proc/self/fd on Linux), but the test runs for the system that the toolchain is hosted on, and there are no specific --enable options that could influence this feature for the target system. So inevitably a build of Bering-uClibc on more or less any modern flavour of Linux will require /dev/fd to be present on the target to support bash (and maybe other programs). John On 24/08/18 19:19, Erich Titl wrote: > Hi John > > Am 24.08.2018 um 12:11 schrieb John Sager: >> Reading around the subject it seems that /dev/fd -> /proc/self/fd has been >> around since at least Linux 2.6, and there should also be soft links for >> /dev/stdin, /dev/stdout /dev/stderr: >> >> ln -s /dev/self/fd/0 /dev/stdin >> ln -s /dev/self/fd/1 /dev/stdout >> ln -s /dev/self/fd/2 /dev/stderr >> >> Perhaps these should also be added to the root.linuxrc script to avoid any >> issues with code that depends on them. > > Should not hurt, we could include this for the next release, which may > have the new initrd. > > cheers > > ET > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > leaf-devel mailing list > lea...@li... > https://lists.sourceforge.net/lists/listinfo/leaf-devel > |
From: Erich T. <eri...@th...> - 2018-08-25 15:08:38
|
Hi John Am 25.08.2018 um 12:43 schrieb John Sager: > I do use bash anyway for something else on my firewall, and so I've just > used it on the VPN server as well. wireguard/buildtool.cfg has a package > dependency on bash. > > I have build environments for both 6.0.6 and 6.1.4 and I have built > wireguard on both together with kernel (to build the module) and kmodules > and initrd as they both change. I'll talk to KP about getting on git so I > can commit the wireguard stuff. Good, you may want to branch off the git branch apkg-using-gpg as it has all the latest initrd stuff which has not been merged to master yet. I typically leave the task to merge to master to KP. Be aware, the latest initrd looks for gpg signed packages and root.linuxrc will barf for unsigned ones, although still accept it. cheers ET |