From e4ae4d465b37873e11fcac930b98a0180cf69986 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 6 Dec 2017 20:58:13 +0100 Subject: Improve readme --- README.md | 40 ++++++++++++++++++------ standalone-kernel/patch-kernel.sh | 1 + standalone-tools/.gitignore | 2 ++ standalone-tools/Makefile | 31 +++++++++++++++++++ standalone-tools/addonsd.sh | 37 ++++++++++++++++++++++ standalone-tools/installer.sh | 65 +++++++++++++++++++++++++++++++++++++++ standalone/.gitignore | 2 -- standalone/Makefile | 31 ------------------- standalone/README.md | 8 ----- standalone/addonsd.sh | 37 ---------------------- standalone/installer.sh | 65 --------------------------------------- 11 files changed, 167 insertions(+), 152 deletions(-) create mode 100755 standalone-kernel/patch-kernel.sh create mode 100644 standalone-tools/.gitignore create mode 100644 standalone-tools/Makefile create mode 100644 standalone-tools/addonsd.sh create mode 100644 standalone-tools/installer.sh delete mode 100644 standalone/.gitignore delete mode 100644 standalone/Makefile delete mode 100644 standalone/README.md delete mode 100644 standalone/addonsd.sh delete mode 100644 standalone/installer.sh diff --git a/README.md b/README.md index 1d06d9f..701efd2 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ -[WireGuard](https://www.wireguard.com/) for Android ROMs -========================== +# [WireGuard](https://www.wireguard.com/) for Android ROMs and Kernels -This is a repository meant to be included via a `local_manifest.xml`, so that [WireGuard](https://www.wireguard.com/) is built into the kernel and userland of an Android ROM. This is currently tested on Android 7 and kernels ≥3.10. It may be used with [the WireGuard Android GUI app](https://play.google.com/apps/testing/com.wireguard.android). +This repository contains various ways of integrating [WireGuard](https://www.wireguard.com/) into Android systems. The result may be used with [the WireGuard Android GUI app](https://play.google.com/apps/testing/com.wireguard.android). This is currently tested on Android 7 and kernels ≥3.10. -Usage ------ +## Integrating into ROMs Directly -Add the following local manifest to your project, or include the `` and `` lines in an existing manifest: +This is the preferred approach. It is embedded into your ROM via a simple `local_manifest.xml`, so that WireGuard is built into the kernel and userland of an Android ROM. + +To use, add the following local manifest to your project, or include the `` and `` lines in an existing manifest: ``` @@ -16,7 +16,29 @@ Add the following local manifest to your project, or include the `` and ``` -Tools ------ +After that calls to `repo sync` and `mka bacon` will do the right thing, giving you a WireGuard-enabled ROM. + +## Standalone Kernel Module + +If you do not wish to run a custom ROM, but would still like to build a kernel with WireGuard, you may patch WireGuard into your kernel using the following script: + +``` +$ cd standalone-kernel +$ ./patch-kernel.sh path/to/kernel +``` + +After this, WireGuard will be included as part of the ordinary kernel build. + +## Standalone Tools + +If your kernel already has WireGuard, perhaps via a standalone kernel module, but you need the tools for userland, you may build a flashable zip file, installable via recovery, with: + +``` +$ cd standalone-tools +$ make -j$(nproc) +$ adb sideload wireguard-tools.zip +``` + +## `wg-quick(8)` for Android -In addition to the kernel module, this repository also contains a version of [`wg-quick(8)`](https://git.zx2c4.com/WireGuard/about/src/tools/wg-quick.8) that works with Android 7's `ndc` command. Compared to the ordinary wg-quick, this one does not support `SaveConfig` and `{Pre,Post}{Up,Down}`. Put your configuration files into `/data/misc/wireguard/`. After that, the normal `wg-quick up|down` commands will work as usual. Users who only want the tools without having to use this inside a ROM may use the [standalone tool building/installing scripts](standalone/README.md). +All of the above approaches include [`wg-quick(8)`](https://git.zx2c4.com/WireGuard/about/src/tools/wg-quick.8) for Android, which works via calls to Android's `ndc` command. Compared to the ordinary wg-quick, this one does not support `SaveConfig` and `{Pre,Post}{Up,Down}`. Put your configuration files into `/data/misc/wireguard/`. After that, the normal `wg-quick up|down` commands will work as usual. This is used automatically via the [the WireGuard Android GUI app](https://play.google.com/apps/testing/com.wireguard.android). diff --git a/standalone-kernel/patch-kernel.sh b/standalone-kernel/patch-kernel.sh new file mode 100755 index 0000000..0d45f7a --- /dev/null +++ b/standalone-kernel/patch-kernel.sh @@ -0,0 +1 @@ +echo work in progress diff --git a/standalone-tools/.gitignore b/standalone-tools/.gitignore new file mode 100644 index 0000000..030cc7a --- /dev/null +++ b/standalone-tools/.gitignore @@ -0,0 +1,2 @@ +wireguard-tools.zip +build diff --git a/standalone-tools/Makefile b/standalone-tools/Makefile new file mode 100644 index 0000000..1e49b07 --- /dev/null +++ b/standalone-tools/Makefile @@ -0,0 +1,31 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2015-2017 Jason A. Donenfeld . All Rights Reserved. + +ARCHS := $(shell ndk-build NDK_PROJECT_PATH=$(PWD)/build APP_BUILD_SCRIPT=$(PWD)/../Android.mk APP_PLATFORM=21 DUMP_NDK_KNOWN_DEVICE_ABIS 2>/dev/null) + +all: wireguard-tools.zip + +clean: + rm -rf build wireguard-tools.zip + +wg-build: ../wg-quick.c + ndk-build NDK_PROJECT_PATH=$(PWD)/build APP_BUILD_SCRIPT=$(PWD)/../Android.mk APP_PLATFORM=21 + +$(foreach ARCH,$(ARCHS),build/libs/$(ARCH)/wg build/libs/$(ARCH)/wg-quick): wg-build + +wireguard-tools.zip: $(foreach ARCH,$(ARCHS),build/libs/$(ARCH)/wg-quick build/libs/$(ARCH)/wg) installer.sh addonsd.sh + rm -rf $@ build/zip build/*.zip + mkdir -p build/zip build/zip/addon.d build/zip/META-INF/com/google/android + ln -frs build/libs build/zip/arch + ln -frs addonsd.sh build/zip/addon.d/40-wireguard.sh + ln -frs installer.sh build/zip/META-INF/com/google/android/update-binary + touch build/zip/META-INF/com/google/android/updater-script + cd build/zip && zip -0Xr ../unaligned-$@ . + openssl req -x509 -nodes -newkey rsa:2048 -keyout build/key.pem -out build/cert.pem -days 3650 -subj /CN=$$(hostname)/ + openssl pkcs8 -topk8 -inform PEM -outform DER -in build/key.pem -out build/key.pk8 -nocrypt + $(ANDROID_HOME)/build-tools/27.0.1/zipalign -v -p 4 build/unaligned-$@ build/aligned-$@ + $(ANDROID_HOME)/build-tools/27.0.1/apksigner sign --key build/key.pk8 --cert build/cert.pem --min-sdk-version 21 --out $@ build/aligned-$@ + +.PHONY: clean all +.SECONDARY: diff --git a/standalone-tools/addonsd.sh b/standalone-tools/addonsd.sh new file mode 100644 index 0000000..90865d0 --- /dev/null +++ b/standalone-tools/addonsd.sh @@ -0,0 +1,37 @@ +#!/sbin/sh + +. /tmp/backuptool.functions + +list_files() { +cat <<_EOF +xbin/wg +xbin/wg-quick +_EOF +} + +case "$1" in + backup) + list_files | while read FILE DUMMY; do + backup_file $S/"$FILE" + done + ;; + restore) + list_files | while read FILE REPLACEMENT; do + R="" + [ -n "$REPLACEMENT" ] && R="$S/$REPLACEMENT" + [ -f "$C/$S/$FILE" ] && restore_file $S/"$FILE" "$R" + done + ;; + pre-backup) + # Stub + ;; + post-backup) + # Stub + ;; + pre-restore) + # Stub + ;; + post-restore) + # Stub + ;; +esac diff --git a/standalone-tools/installer.sh b/standalone-tools/installer.sh new file mode 100644 index 0000000..84dacdc --- /dev/null +++ b/standalone-tools/installer.sh @@ -0,0 +1,65 @@ +#!/sbin/sh +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2015-2017 Jason A. Donenfeld . All Rights Reserved. + +SCRIPT="$1" +OUTFD="$2" +ZIP="$3" +ARCH="$(getprop ro.product.cpu.abi)" + +print() { + echo "ui_print [+] $*" >&$OUTFD +} + +die() { + echo "ui_print [-] $*" >&$OUTFD + exit 1 +} + +cleanup() { + mount -o ro,remount /system + rm -rf /tmp/wireguard +} + +mount_system() { + local slot dev + + if grep -q /system /proc/mounts; then + print "Remounting system partition r/w" + mount -o rw,remount /system + else + print "Mounting system partition" + + slot="$(getprop ro.boot.slot_suffix)" + [ -z "$slot" ] && slot="$(getprop ro.boot.slot)" + + dev="$(find /dev/block -iname "system$slot" -print | head -n 1)" + [ -n "$dev" ] || die "Could not find system partition" + + mount -o rw "$dev" /system || die "Could not mount system partition" + fi +} + +echo "ui_print ==================================" >&$OUTFD +echo "ui_print = WireGuard Tools =" >&$OUTFD +echo "ui_print = by zx2c4 =" >&$OUTFD +echo "ui_print = www.wireguard.com =" >&$OUTFD +echo "ui_print ==================================" >&$OUTFD + +trap cleanup INT TERM EXIT + +mount_system + +rm -rf /tmp/wireguard +mkdir -p /tmp/wireguard +print "Extracting files" +unzip -d /tmp/wireguard "$ZIP" +[ -d /tmp/wireguard/arch/$ARCH ] || die "Not available for device's ABI" +print "Installing WireGuard tools" +cp /tmp/wireguard/arch/$(getprop ro.product.cpu.abi)/* /system/xbin/ +cp /tmp/wireguard/addon.d/40-wireguard.sh /system/addon.d/ +chmod 755 /system/xbin/wg /system/xbin/wg-quick /system/addon.d/40-wireguard.sh + +mkdir -pm 700 /data/misc/wireguard +print "Success! Be sure your kernel has the WireGuard module enabled." diff --git a/standalone/.gitignore b/standalone/.gitignore deleted file mode 100644 index 030cc7a..0000000 --- a/standalone/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -wireguard-tools.zip -build diff --git a/standalone/Makefile b/standalone/Makefile deleted file mode 100644 index 1e49b07..0000000 --- a/standalone/Makefile +++ /dev/null @@ -1,31 +0,0 @@ -# SPDX-License-Identifier: GPL-2.0 -# -# Copyright (C) 2015-2017 Jason A. Donenfeld . All Rights Reserved. - -ARCHS := $(shell ndk-build NDK_PROJECT_PATH=$(PWD)/build APP_BUILD_SCRIPT=$(PWD)/../Android.mk APP_PLATFORM=21 DUMP_NDK_KNOWN_DEVICE_ABIS 2>/dev/null) - -all: wireguard-tools.zip - -clean: - rm -rf build wireguard-tools.zip - -wg-build: ../wg-quick.c - ndk-build NDK_PROJECT_PATH=$(PWD)/build APP_BUILD_SCRIPT=$(PWD)/../Android.mk APP_PLATFORM=21 - -$(foreach ARCH,$(ARCHS),build/libs/$(ARCH)/wg build/libs/$(ARCH)/wg-quick): wg-build - -wireguard-tools.zip: $(foreach ARCH,$(ARCHS),build/libs/$(ARCH)/wg-quick build/libs/$(ARCH)/wg) installer.sh addonsd.sh - rm -rf $@ build/zip build/*.zip - mkdir -p build/zip build/zip/addon.d build/zip/META-INF/com/google/android - ln -frs build/libs build/zip/arch - ln -frs addonsd.sh build/zip/addon.d/40-wireguard.sh - ln -frs installer.sh build/zip/META-INF/com/google/android/update-binary - touch build/zip/META-INF/com/google/android/updater-script - cd build/zip && zip -0Xr ../unaligned-$@ . - openssl req -x509 -nodes -newkey rsa:2048 -keyout build/key.pem -out build/cert.pem -days 3650 -subj /CN=$$(hostname)/ - openssl pkcs8 -topk8 -inform PEM -outform DER -in build/key.pem -out build/key.pk8 -nocrypt - $(ANDROID_HOME)/build-tools/27.0.1/zipalign -v -p 4 build/unaligned-$@ build/aligned-$@ - $(ANDROID_HOME)/build-tools/27.0.1/apksigner sign --key build/key.pk8 --cert build/cert.pem --min-sdk-version 21 --out $@ build/aligned-$@ - -.PHONY: clean all -.SECONDARY: diff --git a/standalone/README.md b/standalone/README.md deleted file mode 100644 index 5c4d1dd..0000000 --- a/standalone/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# Standalone WireGuard Tools for Android - -This compiles and creates a flashable which you can use to install the -WireGuard tools into an existing ROM via recovery. - -## Installation - -Type `make`, and then `adb sideload` the resulting zip onto your phone. diff --git a/standalone/addonsd.sh b/standalone/addonsd.sh deleted file mode 100644 index 90865d0..0000000 --- a/standalone/addonsd.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/sbin/sh - -. /tmp/backuptool.functions - -list_files() { -cat <<_EOF -xbin/wg -xbin/wg-quick -_EOF -} - -case "$1" in - backup) - list_files | while read FILE DUMMY; do - backup_file $S/"$FILE" - done - ;; - restore) - list_files | while read FILE REPLACEMENT; do - R="" - [ -n "$REPLACEMENT" ] && R="$S/$REPLACEMENT" - [ -f "$C/$S/$FILE" ] && restore_file $S/"$FILE" "$R" - done - ;; - pre-backup) - # Stub - ;; - post-backup) - # Stub - ;; - pre-restore) - # Stub - ;; - post-restore) - # Stub - ;; -esac diff --git a/standalone/installer.sh b/standalone/installer.sh deleted file mode 100644 index 84dacdc..0000000 --- a/standalone/installer.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/sbin/sh -# SPDX-License-Identifier: GPL-2.0 -# -# Copyright (C) 2015-2017 Jason A. Donenfeld . All Rights Reserved. - -SCRIPT="$1" -OUTFD="$2" -ZIP="$3" -ARCH="$(getprop ro.product.cpu.abi)" - -print() { - echo "ui_print [+] $*" >&$OUTFD -} - -die() { - echo "ui_print [-] $*" >&$OUTFD - exit 1 -} - -cleanup() { - mount -o ro,remount /system - rm -rf /tmp/wireguard -} - -mount_system() { - local slot dev - - if grep -q /system /proc/mounts; then - print "Remounting system partition r/w" - mount -o rw,remount /system - else - print "Mounting system partition" - - slot="$(getprop ro.boot.slot_suffix)" - [ -z "$slot" ] && slot="$(getprop ro.boot.slot)" - - dev="$(find /dev/block -iname "system$slot" -print | head -n 1)" - [ -n "$dev" ] || die "Could not find system partition" - - mount -o rw "$dev" /system || die "Could not mount system partition" - fi -} - -echo "ui_print ==================================" >&$OUTFD -echo "ui_print = WireGuard Tools =" >&$OUTFD -echo "ui_print = by zx2c4 =" >&$OUTFD -echo "ui_print = www.wireguard.com =" >&$OUTFD -echo "ui_print ==================================" >&$OUTFD - -trap cleanup INT TERM EXIT - -mount_system - -rm -rf /tmp/wireguard -mkdir -p /tmp/wireguard -print "Extracting files" -unzip -d /tmp/wireguard "$ZIP" -[ -d /tmp/wireguard/arch/$ARCH ] || die "Not available for device's ABI" -print "Installing WireGuard tools" -cp /tmp/wireguard/arch/$(getprop ro.product.cpu.abi)/* /system/xbin/ -cp /tmp/wireguard/addon.d/40-wireguard.sh /system/addon.d/ -chmod 755 /system/xbin/wg /system/xbin/wg-quick /system/addon.d/40-wireguard.sh - -mkdir -pm 700 /data/misc/wireguard -print "Success! Be sure your kernel has the WireGuard module enabled." -- cgit v1.2.3-59-g8ed1b