From 6687698375d7846a50ab00f1ad5a151618464e14 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 5 Dec 2017 20:38:58 +0100 Subject: Create flashable zip --- Android.mk | 4 +++ fetch.sh | 4 +++ standalone/.gitignore | 4 +-- standalone/Makefile | 48 ++++++++++++++++++----------- standalone/README.md | 7 ++--- standalone/bash/.gitignore | 2 ++ standalone/bash/Android.mk | 23 ++++++++++++++ standalone/bash/fetch.sh | 14 +++++++++ standalone/install.sh | 14 --------- standalone/installer.sh | 76 ++++++++++++++++++++++++++++++++++++++++++++++ version-check.sh | 4 +++ wg-quick.bash | 4 +-- 12 files changed, 164 insertions(+), 40 deletions(-) create mode 100644 standalone/bash/.gitignore create mode 100644 standalone/bash/Android.mk create mode 100755 standalone/bash/fetch.sh delete mode 100755 standalone/install.sh create mode 100644 standalone/installer.sh diff --git a/Android.mk b/Android.mk index e67dab3..e9edde6 100644 --- a/Android.mk +++ b/Android.mk @@ -1,3 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2015-2017 Jason A. Donenfeld . All Rights Reserved. + WIREGUARD_PATH := $(call my-dir) fetch: diff --git a/fetch.sh b/fetch.sh index a745f1d..6e0b8b9 100755 --- a/fetch.sh +++ b/fetch.sh @@ -1,4 +1,8 @@ #!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2015-2017 Jason A. Donenfeld . All Rights Reserved. + set -e WIREGUARD_VERSION=79944b183795bb69e12d612bd802b54599b9eb99 LIBMNL_VERSION=1.0.4 diff --git a/standalone/.gitignore b/standalone/.gitignore index 1ab7ab1..030cc7a 100644 --- a/standalone/.gitignore +++ b/standalone/.gitignore @@ -1,2 +1,2 @@ -wg-build/ -*.tar.gz +wireguard-tools.zip +build diff --git a/standalone/Makefile b/standalone/Makefile index 6ada959..1a8f70f 100644 --- a/standalone/Makefile +++ b/standalone/Makefile @@ -1,24 +1,36 @@ -ARCHS := $(shell ndk-build NDK_PROJECT_PATH=$(PWD)/wg-build APP_BUILD_SCRIPT=$(PWD)/../Android.mk APP_PLATFORM=21 DUMP_NDK_KNOWN_DEVICE_ABIS 2>/dev/null) +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2015-2017 Jason A. Donenfeld . All Rights Reserved. -all: $(foreach ARCH,$(ARCHS),wg-tools-$(ARCH).tar.gz) +ARCHS := $(shell ndk-build NDK_PROJECT_PATH=$(PWD)/build APP_BUILD_SCRIPT=$(PWD)/../Android.mk APP_PLATFORM=21 DUMP_NDK_KNOWN_DEVICE_ABIS 2>/dev/null) + +all: wireguard-tools.zip clean: - rm -rf wg-build $(foreach ARCH,$(ARCHS),wg-tools-$(ARCH).tar.gz) - -wg: - rm -rf wg-build - mkdir -p wg-build - ndk-build NDK_PROJECT_PATH=$(PWD)/wg-build APP_BUILD_SCRIPT=$(PWD)/../Android.mk APP_PLATFORM=21 - -define arch_rule -wg-build/libs/$(1)/wg: wg -wg-tools-$(1).tar.gz: wg-build/libs/$(1)/wg install.sh ../wg-quick.bash addonsd.sh - rm -f $$@ - mkdir -p wg-build/libs/$(1)/wg-tools - ln -frst wg-build/libs/$(1)/wg-tools/ $$^ - tar -chzf $$@ -C wg-build/libs/$(1) wg-tools -endef -$(foreach ARCH,$(ARCHS),$(eval $(call arch_rule,$(ARCH)))) + rm -rf build wireguard-tools.zip + +wg-build: + ndk-build NDK_PROJECT_PATH=$(PWD)/build APP_BUILD_SCRIPT=$(PWD)/../Android.mk APP_PLATFORM=21 + +bash-build: + ndk-build NDK_PROJECT_PATH=$(PWD)/build APP_BUILD_SCRIPT=$(PWD)/bash/Android.mk APP_PLATFORM=21 IN_THE_RIGHT_PLACE=yes-yes-i-am + +$(foreach ARCH,$(ARCHS),build/libs/$(ARCH)/wg): wg-build +$(foreach ARCH,$(ARCHS),build/libs/$(ARCH)/libncurses.so build/libs/$(ARCH)/bash): bash-build + +wireguard-tools.zip: $(foreach ARCH,$(ARCHS),build/libs/$(ARCH)/libncurses.so build/libs/$(ARCH)/bash build/libs/$(ARCH)/wg) installer.sh ../wg-quick.bash addonsd.sh + rm -rf $@ build/zip build/*.zip + mkdir -p build/zip build/zip/addon.d build/zip/scripts build/zip/META-INF/com/google/android + ln -frs build/libs build/zip/arch + ln -frs ../wg-quick.bash build/zip/scripts/wg-quick + ln -frs addonsd.sh build/zip/addon.d/40-wireguard.sh + ln -frs installer.sh build/zip/META-INF/com/google/android/update-binary + touch build/zip/META-INF/com/google/android/updater-script + cd build/zip && zip -0Xr ../unaligned-$@ . + openssl req -x509 -nodes -newkey rsa:2048 -keyout build/key.pem -out build/cert.pem -days 3650 -subj /CN=$$(hostname)/ + openssl pkcs8 -topk8 -inform PEM -outform DER -in build/key.pem -out build/key.pk8 -nocrypt + $(ANDROID_HOME)/build-tools/27.0.1/zipalign -v -p 4 build/unaligned-$@ build/aligned-$@ + $(ANDROID_HOME)/build-tools/27.0.1/apksigner sign --key build/key.pk8 --cert build/cert.pem --min-sdk-version 21 --out $@ build/aligned-$@ .PHONY: clean all .SECONDARY: diff --git a/standalone/README.md b/standalone/README.md index afd5a0f..5c4d1dd 100644 --- a/standalone/README.md +++ b/standalone/README.md @@ -1,9 +1,8 @@ # Standalone WireGuard Tools for Android -This compiles and creates a tarball which you can use to install the -WireGuard tools into an existing ROM via root. +This compiles and creates a flashable which you can use to install the +WireGuard tools into an existing ROM via recovery. ## Installation -Type `make`, copy the resulting `.tar.gz` to your device, and as root, -run `sh ./install.sh`. The installation should survive ROM reflashes. +Type `make`, and then `adb sideload` the resulting zip onto your phone. diff --git a/standalone/bash/.gitignore b/standalone/bash/.gitignore new file mode 100644 index 0000000..1993ef8 --- /dev/null +++ b/standalone/bash/.gitignore @@ -0,0 +1,2 @@ +android_external_bash-cm-14.1 +android_external_libncurses-cm-14.1 diff --git a/standalone/bash/Android.mk b/standalone/bash/Android.mk new file mode 100644 index 0000000..937e56c --- /dev/null +++ b/standalone/bash/Android.mk @@ -0,0 +1,23 @@ +ifeq ($(IN_THE_RIGHT_PLACE),yes-yes-i-am) +THIS_DIR := $(call my-dir) + +# AOSP build system things: +define all-c-files-under +$(call all-named-files-under,*.c,$(1)) +endef +define all-named-files-under +$(call find-files-in-subdirs,$(LOCAL_PATH),"$(1)",$(2)) +endef +define find-files-in-subdirs +$(sort $(patsubst ./%,%, \ + $(shell cd $(1) ; \ + find -L $(3) -name $(2) -and -not -name ".*") \ + )) +endef + +$(shell cd $(THIS_DIR) && ./fetch.sh ) +include $(THIS_DIR)/android_external_libncurses-cm-14.1/Android.mk +include $(THIS_DIR)/android_external_bash-cm-14.1/Android.mk +__ndk_modules.bash.CFLAGS += -D'getdtablesize()=sysconf(_SC_OPEN_MAX)' +__ndk_modules.builtins.CFLAGS += -D'getdtablesize()=sysconf(_SC_OPEN_MAX)' +endif diff --git a/standalone/bash/fetch.sh b/standalone/bash/fetch.sh new file mode 100755 index 0000000..b1b77e8 --- /dev/null +++ b/standalone/bash/fetch.sh @@ -0,0 +1,14 @@ +#!/bin/sh +set -e + +if [ ! -d android_external_bash-cm-14.1 ]; then + curl -L -o bash.zip https://github.com/LineageOS/android_external_bash/archive/cm-14.1.zip + unzip bash.zip + rm bash.zip +fi + +if [ ! -d android_external_libncurses-cm-14.1 ]; then + curl -L -o ncurses.zip https://github.com/LineageOS/android_external_libncurses/archive/cm-14.1.zip + unzip ncurses.zip + rm ncurses.zip +fi diff --git a/standalone/install.sh b/standalone/install.sh deleted file mode 100755 index eaef86d..0000000 --- a/standalone/install.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -mount -o rw,remount /system - -cp -v ./addonsd.sh /system/addon.d/40-wireguard.sh -if [ -f ./wg ]; then - cp -v ./wg /system/xbin/wg -else - echo "Warning: this directory does not contain wg. You may have forgotten to compile it." >&2 -fi -cp -v ./wg-quick.bash /system/xbin/wg-quick -chmod 755 /system/xbin/wg /system/xbin/wg-quick /system/addon.d/40-wireguard.sh -mkdir -pvm 700 /data/misc/wireguard - -mount -o ro,remount /system diff --git a/standalone/installer.sh b/standalone/installer.sh new file mode 100644 index 0000000..59a44f8 --- /dev/null +++ b/standalone/installer.sh @@ -0,0 +1,76 @@ +#!/sbin/sh +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2015-2017 Jason A. Donenfeld . All Rights Reserved. + +SCRIPT="$1" +OUTFD="$2" +ZIP="$3" +ARCH="$(getprop ro.product.cpu.abi)" + +print() { + echo "ui_print [+] $*" >&$OUTFD +} + +die() { + echo "ui_print [-] $*" >&$OUTFD + exit 1 +} + +cleanup() { + mount -o ro,remount /system + rm -rf /tmp/wireguard +} + +mount_system() { + local slot dev + + if grep -q /system /proc/mounts; then + print "Remounting system partition r/w" + mount -o rw,remount /system + else + print "Mounting system partition" + + slot="$(getprop ro.boot.slot_suffix)" + [ -z "$slot" ] && slot="$(getprop ro.boot.slot)" + + dev="$(find /dev/block -iname "system$slot" -print | head -n 1)" + [ -n "$dev" ] || die "Could not find system partition" + + mount -o rw "$dev" /system || die "Could not mount system partition" + fi +} + +echo "ui_print ==================================" >&$OUTFD +echo "ui_print = WireGuard Tools =" >&$OUTFD +echo "ui_print = by zx2c4 =" >&$OUTFD +echo "ui_print = www.wireguard.com =" >&$OUTFD +echo "ui_print ==================================" >&$OUTFD + +trap cleanup INT TERM EXIT + +mount_system + +rm -rf /tmp/wireguard +mkdir -p /tmp/wireguard +print "Extracting files" +unzip -d /tmp/wireguard "$ZIP" +[ -f /tmp/wireguard/arch/$ARCH/wg ] || die "Not available for device's ABI" +print "Copying WireGuard tools" +cp /tmp/wireguard/scripts/wg-quick /tmp/wireguard/arch/$(getprop ro.product.cpu.abi)/wg /system/xbin/ +cp /tmp/wireguard/addon.d/40-wireguard.sh /system/addon.d/ +chmod 755 /system/xbin/wg /system/xbin/wg-quick /system/addon.d/40-wireguard.sh + +if [ ! -f /system/xbin/bash ]; then + print "Installing bash" + cp /tmp/wireguard/arch/$ARCH/bash /system/xbin/ + chmod 755 /system/xbin/bash + if [ -d /system/lib64 -a ! -f /system/lib64/libncurses.so ]; then + cp /tmp/wireguard/arch/$ARCH/libncurses.so /system/lib64/ + elif [ ! -d /system/lib64 -a ! -f /system/lib/libncurses.so ]; then + cp /tmp/wireguard/arch/$ARCH/libncurses.so /system/lib/ + fi +fi + +mkdir -pm 700 /data/misc/wireguard +print "Success! Be sure your kernel has the WireGuard module enabled." diff --git a/version-check.sh b/version-check.sh index 02fe1f4..ecca6dc 100755 --- a/version-check.sh +++ b/version-check.sh @@ -1,4 +1,8 @@ #!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2015-2017 Jason A. Donenfeld . All Rights Reserved. + set -e [[ -n $1 && -f $1/Makefile ]] [[ $(< "$1/Makefile") =~ VERSION[[:space:]]*=[[:space:]]*([0-9]+).*PATCHLEVEL[[:space:]]*=[[:space:]]*([0-9]+).*SUBLEVEL[[:space:]]*=[[:space:]]*([0-9]+) ]] diff --git a/wg-quick.bash b/wg-quick.bash index 49b69f7..164e553 100644 --- a/wg-quick.bash +++ b/wg-quick.bash @@ -1,7 +1,7 @@ #!/system/xbin/bash +# SPDX-License-Identifier: GPL-2.0 # -# Copyright (C) 2016-2017 Jason A. Donenfeld . All Rights Reserved. -# +# Copyright (C) 2015-2017 Jason A. Donenfeld . All Rights Reserved. set -e -o pipefail shopt -s extglob -- cgit v1.2.3-59-g8ed1b