118 lines
4.0 KiB
Bash
118 lines
4.0 KiB
Bash
|
# Copyright 1999-2022 Gentoo Authors
|
||
|
# Distributed under the terms of the GNU General Public License v2
|
||
|
|
||
|
EAPI=7
|
||
|
|
||
|
inherit linux-info bash-completion-r1 systemd toolchain-funcs
|
||
|
|
||
|
DESCRIPTION="Fast, modern, secure VPN tunnel"
|
||
|
HOMEPAGE="https://github.com/amnezia-vpn/amneziawg-tools"
|
||
|
|
||
|
if [[ ${PV} == 9999 ]]; then
|
||
|
inherit git-r3
|
||
|
EGIT_REPO_URI="https://github.com/amnezia-vpn/amneziawg-tools.git"
|
||
|
else
|
||
|
SRC_URI="https://github.com/amnezia-vpn/${PN}/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
|
||
|
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
|
||
|
fi
|
||
|
|
||
|
LICENSE="GPL-2"
|
||
|
SLOT="0"
|
||
|
IUSE="+wg-quick selinux"
|
||
|
|
||
|
BDEPEND="virtual/pkgconfig"
|
||
|
DEPEND=""
|
||
|
RDEPEND="${DEPEND}
|
||
|
wg-quick? (
|
||
|
|| ( net-firewall/nftables net-firewall/iptables )
|
||
|
virtual/resolvconf
|
||
|
)
|
||
|
selinux? ( sec-policy/selinux-wireguard )
|
||
|
"
|
||
|
|
||
|
wg_quick_optional_config_nob() {
|
||
|
CONFIG_CHECK="$CONFIG_CHECK ~$1"
|
||
|
declare -g ERROR_$1="CONFIG_$1: This option is required for automatic routing of default routes inside of wg-quick(8), though it is not required for general WireGuard usage."
|
||
|
}
|
||
|
|
||
|
pkg_setup() {
|
||
|
if use wg-quick; then
|
||
|
wg_quick_optional_config_nob IP_ADVANCED_ROUTER
|
||
|
wg_quick_optional_config_nob IP_MULTIPLE_TABLES
|
||
|
wg_quick_optional_config_nob IPV6_MULTIPLE_TABLES
|
||
|
if has_version net-firewall/nftables; then
|
||
|
wg_quick_optional_config_nob NF_TABLES
|
||
|
wg_quick_optional_config_nob NF_TABLES_IPV4
|
||
|
wg_quick_optional_config_nob NF_TABLES_IPV6
|
||
|
wg_quick_optional_config_nob NFT_CT
|
||
|
wg_quick_optional_config_nob NFT_FIB
|
||
|
wg_quick_optional_config_nob NFT_FIB_IPV4
|
||
|
wg_quick_optional_config_nob NFT_FIB_IPV6
|
||
|
wg_quick_optional_config_nob NF_CONNTRACK_MARK
|
||
|
elif has_version net-firewall/iptables; then
|
||
|
wg_quick_optional_config_nob NETFILTER_XTABLES
|
||
|
wg_quick_optional_config_nob NETFILTER_XT_MARK
|
||
|
wg_quick_optional_config_nob NETFILTER_XT_CONNMARK
|
||
|
wg_quick_optional_config_nob NETFILTER_XT_MATCH_COMMENT
|
||
|
wg_quick_optional_config_nob NETFILTER_XT_MATCH_ADDRTYPE
|
||
|
wg_quick_optional_config_nob IP6_NF_RAW
|
||
|
wg_quick_optional_config_nob IP_NF_RAW
|
||
|
wg_quick_optional_config_nob IP6_NF_FILTER
|
||
|
wg_quick_optional_config_nob IP_NF_FILTER
|
||
|
fi
|
||
|
fi
|
||
|
get_version
|
||
|
if [[ -f $KERNEL_DIR/include/uapi/linux/wireguard.h ]]; then
|
||
|
CONFIG_CHECK="~WIREGUARD $CONFIG_CHECK"
|
||
|
declare -g ERROR_WIREGUARD="CONFIG_WIREGUARD: This option is required for using WireGuard."
|
||
|
elif kernel_is -ge 3 10 0 && kernel_is -lt 5 6 0 && ! has_version net-vpn/wireguard-modules; then
|
||
|
ewarn
|
||
|
ewarn "Your kernel does not appear to have upstream support for WireGuard"
|
||
|
ewarn "via CONFIG_WIREGUARD. However, the net-vpn/wireguard-modules ebuild"
|
||
|
ewarn "contains a compatibility module that should work for your kernel."
|
||
|
ewarn "It is highly recommended to install it:"
|
||
|
ewarn
|
||
|
ewarn " emerge -av net-vpn/wireguard-modules"
|
||
|
ewarn
|
||
|
fi
|
||
|
linux-info_pkg_setup
|
||
|
}
|
||
|
|
||
|
src_compile() {
|
||
|
emake RUNSTATEDIR="${EPREFIX}/run" -C src CC="$(tc-getCC)" LD="$(tc-getLD)"
|
||
|
}
|
||
|
|
||
|
src_install() {
|
||
|
dodoc README.md
|
||
|
dodoc -r contrib
|
||
|
emake \
|
||
|
WITH_BASHCOMPLETION=yes \
|
||
|
WITH_SYSTEMDUNITS=yes \
|
||
|
WITH_WGQUICK=$(usex wg-quick) \
|
||
|
DESTDIR="${D}" \
|
||
|
BASHCOMPDIR="$(get_bashcompdir)" \
|
||
|
SYSTEMDUNITDIR="$(systemd_get_systemunitdir)" \
|
||
|
PREFIX="${EPREFIX}/usr" \
|
||
|
-C src install
|
||
|
use wg-quick && newinitd "${FILESDIR}/awg-quick.init" awg-quick
|
||
|
}
|
||
|
|
||
|
pkg_postinst() {
|
||
|
einfo
|
||
|
einfo "After installing WireGuard, if you'd like to try sending some packets through"
|
||
|
einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh"
|
||
|
einfo "test example script:"
|
||
|
einfo
|
||
|
einfo " \$ bzcat ${ROOT}/usr/share/doc/${PF}/contrib/ncat-client-server/client.sh.bz2 | sudo bash -"
|
||
|
einfo
|
||
|
einfo "This will automatically setup interface wg0, through a very insecure transport"
|
||
|
einfo "that is only suitable for demonstration purposes. You can then try loading the"
|
||
|
einfo "hidden website or sending pings:"
|
||
|
einfo
|
||
|
einfo " \$ chromium http://192.168.4.1"
|
||
|
einfo " \$ ping 192.168.4.1"
|
||
|
einfo
|
||
|
einfo "More info on getting started can be found at: https://www.wireguard.com/quickstart/"
|
||
|
einfo
|
||
|
}
|