diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | README.md | 35 | ||||
| -rwxr-xr-x | build-all.bash | 9 | ||||
| -rwxr-xr-x | build-one.bash | 62 | ||||
| -rw-r--r-- | files/shim.make | 7 | ||||
| -rw-r--r-- | files/wireguard.xml | 4 | ||||
| -rw-r--r-- | kernels/crosshatch/do.bash | 6 | ||||
| -rw-r--r-- | kernels/crosshatch/manifest.xml | 19 | ||||
| -rw-r--r-- | kernels/crosshatch/version-hashes.txt | 1 | ||||
| -rwxr-xr-x | util/extract-version-hash-from-factory.bash | 19 | ||||
| -rw-r--r-- | util/server.conf | 3 | ||||
| -rwxr-xr-x | util/sign-and-upload.bash | 19 |
12 files changed, 185 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..89f9ac0 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +out/ diff --git a/README.md b/README.md new file mode 100644 index 0000000..53f3604 --- /dev/null +++ b/README.md @@ -0,0 +1,35 @@ +## Android WireGuard Module Builder + +This builds [WireGuard](https://www.wireguard.com/) modules for various Android kernels. + +### Adding your phone's kernel + +1. Create a directory in `kernels/` if it doesn't already exist. + +2. Add a corresponding `manifest.xml`, with versions based on stable non-moving tags and refs. + +3. Add a `do.bash` with minimal commands for conducting the build. + +4. Add a `version-hashes.txt` containing the output of `printf '%s|%s\n' "$(sha256sum < /proc/version | cut -d ' ' -f 1)" "$(cat /proc/version)"` from your phone. + +Note that if a kernel directory already exists that is compatible (i.e. the module loads and works) with your phone's kernel, simply skip to step 4 and append the line. + +### Building + +Build all kernels: + +``` +$ ./build-all.bash +``` + +Build just one: + +``` +$ ./build-one.bash crosshatch +``` + +### Downloading + +These are built, signed, and uploaded to [the WireGuard download server](https://download.wireguard.com/android-module/). They can automatically be used by the [WireGuard app](https://play.google.com/store/apps/details?id=com.wireguard.android): + + diff --git a/build-all.bash b/build-all.bash new file mode 100755 index 0000000..c6d172e --- /dev/null +++ b/build-all.bash @@ -0,0 +1,9 @@ +#!/bin/bash +set -ex + +BASE="$(readlink -f "$(dirname "$(readlink -f "$0")")")" +for i in "$BASE"/kernels/*; do + KERNEL="${i##*/}" + [[ -d "$BASE/kernels/$KERNEL" ]] || continue + "$BASE/build-one.bash" "$KERNEL" +done diff --git a/build-one.bash b/build-one.bash new file mode 100755 index 0000000..3844271 --- /dev/null +++ b/build-one.bash @@ -0,0 +1,62 @@ +#!/bin/bash +set -ex + +[[ $# -eq 1 ]] || { echo "Usage: $0 KERNEL_NAME" >&2; exit 1; } +BASE="$(readlink -f "$(dirname "$(readlink -f "$0")")")" +KERNEL_DIR="$BASE/kernels/$1" +[[ -d $KERNEL_DIR ]] || { echo "Error: '$0' does not exist" >&2; exit 1; } + +# Step 1) Account for already built modules by hard linking new hashes to the old names. +first="" +while IFS='|' read -r hash ver; do + if [[ -f $BASE/out/wireguard-$hash.ko ]]; then + first="$hash" + break + fi +done < "$KERNEL_DIR/version-hashes.txt" +if [[ -n $first ]]; then + while IFS='|' read -r hash ver; do + [[ -f $BASE/out/wireguard-$hash.ko ]] || ln "$BASE/out/wireguard-$first.ko" "$BASE/out/wireguard-$hash.ko" + done < "$KERNEL_DIR/version-hashes.txt" + exit 0 +fi + +# Step 2) Make working directory. +D="$(mktemp -d)" +trap 'rm -rf "$D"' INT TERM EXIT +cd "$D" + +# Step 3) Initialize repo with manifests and fetch repositories. +mkdir -p manifest +cd manifest +git init +git config user.email "$(id -un)@$(hostname)" +git config user.name "$(id -un)" +cp "$KERNEL_DIR/manifest.xml" default.xml +git add default.xml +git commit -m "Initial commit" +cd .. +repo init -u ./manifest +mkdir -p .repo/local_manifests +cp "$BASE/files/wireguard.xml" .repo/local_manifests/ +repo sync + +# Step 4) Inject shim module and launch build. +mkdir -p wireguard +cp "$BASE/files/shim.make" wireguard/Makefile +exec 9>&1 +read -r output < <("$BASH" "$KERNEL_DIR/do.bash" 7>&1 >&9) +exec 9>- +[[ -f $output ]] + +# Step 5) Copy first module out and hard link the rest. +mkdir -p "$BASE/out" +first="" +while IFS='|' read -r hash vers; do + if [[ -z $first ]]; then + cp "$output" "$BASE/out/wireguard-$hash.ko" + first="$hash" + else + ln "$BASE/out/wireguard-$first.ko" "$BASE/out/wireguard-$hash.ko" + fi +done < "$KERNEL_DIR/version-hashes.txt" diff --git a/files/shim.make b/files/shim.make new file mode 100644 index 0000000..44d7997 --- /dev/null +++ b/files/shim.make @@ -0,0 +1,7 @@ +modules: + @$(MAKE) -C $(KERNEL_SRC) M=$$(readlink -f ../WireGuard/src) modules + +modules_install: + @$(MAKE) -C $(KERNEL_SRC) M=$$(readlink -f ../WireGuard/src) modules_install + +.PHONY: modules modules_install diff --git a/files/wireguard.xml b/files/wireguard.xml new file mode 100644 index 0000000..897429d --- /dev/null +++ b/files/wireguard.xml @@ -0,0 +1,4 @@ +<manifest> + <remote name="zx2c4" fetch="https://git.zx2c4.com/" /> + <project remote="zx2c4" name="WireGuard" path="WireGuard" revision="master" /> +</manifest> diff --git a/kernels/crosshatch/do.bash b/kernels/crosshatch/do.bash new file mode 100644 index 0000000..af53ee6 --- /dev/null +++ b/kernels/crosshatch/do.bash @@ -0,0 +1,6 @@ +#!/bin/bash +set -ex +sed -i 's/EXT_MODULES="/EXT_MODULES="\nwireguard/' private/msm-google/build.config.common +echo 'ccflags-y += -Wno-unused-variable' >> WireGuard/src/Kbuild +./build/build.sh +readlink -f out/android-msm-pixel-4.9/dist/wireguard.ko >&7 diff --git a/kernels/crosshatch/manifest.xml b/kernels/crosshatch/manifest.xml new file mode 100644 index 0000000..36790df --- /dev/null +++ b/kernels/crosshatch/manifest.xml @@ -0,0 +1,19 @@ +<manifest> + <remote name="aosp" fetch="https://android.googlesource.com/" /> + <default revision="refs/tags/android-10.0.0_r0.12" remote="aosp" sync-j="4" /> + + <project path="build" name="kernel/build" revision="master" clone-depth="1" /> + + <project path="private/msm-google" name="kernel/msm" clone-depth="1"> + <linkfile src="build.config.bluecross" dest="build.config" /> + </project> + <project path="private/msm-google/techpack/audio" name="kernel/msm-extra" clone-depth="1" /> + <project path="private/msm-google-modules/wlan/qca-wifi-host-cmn" name="kernel/msm-modules/qca-wfi-host-cmn" clone-depth="1" /> + <project path="private/msm-google-modules/wlan/qcacld-3.0" name="kernel/msm-modules/qcacld" clone-depth="1" /> + <project path="private/msm-google-modules/wlan/fw-api" name="kernel/msm-modules/wlan-fw-api" clone-depth="1" /> + + <project path="prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9" name="platform/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9" revision="pie-release" clone-depth="1" /> + <project path="prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.9" name="platform/prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.9" revision="pie-release" clone-depth="1" /> + <project path="prebuilts-master/clang/host/linux-x86" name="platform/prebuilts/clang/host/linux-x86" revision="android10-dev" clone-depth="1" groups="partner" /> + <project path="prebuilts-master/misc" name="platform/prebuilts/misc" revision="pie-release" clone-depth="1" /> +</manifest> diff --git a/kernels/crosshatch/version-hashes.txt b/kernels/crosshatch/version-hashes.txt new file mode 100644 index 0000000..064fb9a --- /dev/null +++ b/kernels/crosshatch/version-hashes.txt @@ -0,0 +1 @@ +151ffb15b80d95e59c32d2f694c7a45a99f6ec43f564eca4eb08d81c6e2cf201|Linux version 4.9.165-g3206e079fc69-ab5845057 (android-build@wprm7.hot.corp.google.com) (Android (5484270 based on r353983c) clang version 9.0.3 (https://android.googlesource.com/toolchain/clang 745b335211bb9eadfa6aa6301f84715cee4b37c5) (https://android.googlesource.com/toolchain/llvm 60cf23e54e46c807513f7a36d0a7b777920b5881) (based on LLVM 9.0.3svn)) #0 SMP PREEMPT Sat Aug 31 00:42:08 UTC 2019 diff --git a/util/extract-version-hash-from-factory.bash b/util/extract-version-hash-from-factory.bash new file mode 100755 index 0000000..a9e0778 --- /dev/null +++ b/util/extract-version-hash-from-factory.bash @@ -0,0 +1,19 @@ +#!/bin/bash +set -e + +URL="$1" +# Expecting URL like https://dl.google.com/dl/android/aosp/crosshatch-qp1a.191005.007-factory-2989a08d.zip +[[ -n $URL ]] || { echo "Usage: $0 URL" >&2; exit 1; } + +D="$(mktemp -d)" +trap 'rm -rf "$D"' INT TERM EXIT +cd "$D" + +curl -#o out.zip "$URL" +bsdtar --strip-components 1 -xvf out.zip +bsdtar -xvf image-*.zip boot.img +abootimg -x boot.img +unlz4 zImage Image +version="$(strings Image | grep '^Linux version [^%]' | head -n 1)" +[[ -n $version ]] || { echo "ERROR: no proper version in image" >&2; exit 1; } +printf '\n==========================================\n\n%s|%s\n' "$(echo "$version" | sha256sum | cut -d ' ' -f 1)" "$version" diff --git a/util/server.conf b/util/server.conf new file mode 100644 index 0000000..dcf2fa1 --- /dev/null +++ b/util/server.conf @@ -0,0 +1,3 @@ +WEB_SERVER=metheny.zx2c4.com +SERVER_PATH=/var/www/htdocs/download.wireguard.com/android-module/ +SIGNING_KEY="$HOME/Projects/yubihsm/keys/wireguard-android-module.sec" diff --git a/util/sign-and-upload.bash b/util/sign-and-upload.bash new file mode 100755 index 0000000..6d80694 --- /dev/null +++ b/util/sign-and-upload.bash @@ -0,0 +1,19 @@ +#!/bin/bash +set -ex + +BASE="$(readlink -f "$(dirname "$(readlink -f "$0")")")" +source "$BASE/server.conf" +SSH_OPTS=( -q -o ControlMaster=auto -o ControlPath=../.ssh-deployment.sock ) + +cd "$BASE/../out" +sha256sum *.ko > modules.txt +signify -S -e -s "$SIGNING_KEY" -m modules.txt +rm modules.txt + +ssh "${SSH_OPTS[@]}" -Nf "$WEB_SERVER" +ssh -t "${SSH_OPTS[@]}" $WEB_SERVER "sudo -u nginx -v" +rsync -aizm --delete --rsh="ssh ${SSH_OPTS[*]}" --rsync-path="sudo -n -u nginx rsync" ./ "$WEB_SERVER:$SERVER_PATH" +ssh -t "${SSH_OPTS[@]}" "$WEB_SERVER" "sudo chown -R nginx:nginx '$SERVER_PATH'" +ssh -t "${SSH_OPTS[@]}" "$WEB_SERVER" "sudo find '$SERVER_PATH' -type f -exec chmod 640 {} \;; sudo find '$SERVER_PATH' -type d -exec chmod 750 {} \;;" +ssh -O exit "${SSH_OPTS[@]}" "$WEB_SERVER" + |