<feed xmlns='http://www.w3.org/2005/Atom'>
<title>wireguard-tools, branch jd/capability-check</title>
<subtitle>Required tools for WireGuard, such as wg(8) and wg-quick(8)</subtitle>
<id>https://git.zx2c4.com/wireguard-tools/atom/?h=jd%2Fcapability-check</id>
<link rel='self' href='https://git.zx2c4.com/wireguard-tools/atom/?h=jd%2Fcapability-check'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-tools/'/>
<updated>2020-08-28T09:04:21Z</updated>
<entry>
<title>wg-quick: linux: check for CAP_NET_ADMIN and config file access before auto_su</title>
<updated>2020-08-28T09:04:21Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2020-08-28T08:58:51Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-tools/commit/?id=f3caeab25418d64309b87a76e4d5f53d011e3f40'/>
<id>urn:sha1:f3caeab25418d64309b87a76e4d5f53d011e3f40</id>
<content type='text'>
This way people can use wg-quick in situations where they only have
CAP_NET_ADMIN but not other capabilities, and are operating on writable
files.

Suggested-by: Jonny Fillmore &lt;jonathon.fillmore@netprotect.com&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>version: bump</title>
<updated>2020-08-27T08:22:09Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2020-08-27T08:22:09Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-tools/commit/?id=7a321ce808ef9cec1f45cce92befcc9e170d3aa9'/>
<id>urn:sha1:7a321ce808ef9cec1f45cce92befcc9e170d3aa9</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>Revert "wg-quick: wait on process substitutions"</title>
<updated>2020-08-27T08:19:31Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2020-08-27T08:17:42Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-tools/commit/?id=91fbeb4a926b8a75274d012a3994ef337dca51d9'/>
<id>urn:sha1:91fbeb4a926b8a75274d012a3994ef337dca51d9</id>
<content type='text'>
This reverts commit 26683f6c9ad18d9914b23312c221f27fd5ecab51, which
means the old problem comes back. That's an issue. But waiting on
process substitutions is not available with commonly used bash versions:

  # wg-quick up demo
  [#] ip link add demo type wireguard
  [#] wg setconf demo /dev/fd/63
  /usr/bin/wg-quick: line 251: wait: pid 2955 is not a child of this shell
  [#] ip link delete dev demo

This means we have to wait a few years before fixing this issue. IOW,
bash limitation; can't fix.

Reported-by: Theodore Mozzo &lt;theodore.mozzo@gmail.com&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>wg-quick: android: use iproute2 to bring up interface instead of ndc</title>
<updated>2020-08-25T19:54:22Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2020-08-25T19:54:22Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-tools/commit/?id=9a0d65e2afbd6e418c883e0de8555b4fac29f1d5'/>
<id>urn:sha1:9a0d65e2afbd6e418c883e0de8555b4fac29f1d5</id>
<content type='text'>
Android 11's ndc regresses even more, but it turns out that netd doesn't
need to track up/down state via direct invocation, so just set the
interface up by way of normal iproute2.

Reported-by: Harsh Shandilya &lt;me@msfjarvis.dev&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>version: bump</title>
<updated>2020-08-20T10:06:22Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2020-08-20T10:06:22Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-tools/commit/?id=fbca033c69d7073033e05507293e5101d29b43ef'/>
<id>urn:sha1:fbca033c69d7073033e05507293e5101d29b43ef</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>wg-quick: wait on process substitutions</title>
<updated>2020-08-06T15:47:14Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2020-08-03T08:18:40Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-tools/commit/?id=26683f6c9ad18d9914b23312c221f27fd5ecab51'/>
<id>urn:sha1:26683f6c9ad18d9914b23312c221f27fd5ecab51</id>
<content type='text'>
Bash does not propagate error values, which is a bummer, but process
substitutions are a useful feature. Introduce a new idiom to deal with
this: either "; wait $!" after the line to propagate the error, or "||
true" to indicate explicitly that we don't care about the error.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>ctype: use non-locale-specific ctype.h</title>
<updated>2020-08-06T15:47:14Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2020-08-04T12:49:21Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-tools/commit/?id=13fac76a71f25631d7415ba457bdab267d0950d4'/>
<id>urn:sha1:13fac76a71f25631d7415ba457bdab267d0950d4</id>
<content type='text'>
We also make these constant time, even though we're never distinguishing
between bits of a secret using them. From that perspective, though, this
is markedly better than the locale-specific table lookups in glibc, even
though base64 characters span two cache lines and valid private keys
must hit both.

Co-authored-by: Samuel Neves &lt;sneves@dei.uc.pt&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
Signed-off-by: Samuel Neves &lt;sneves@dei.uc.pt&gt;
</content>
</entry>
<entry>
<title>pubkey: isblank is a subset of isspace</title>
<updated>2020-08-06T15:47:14Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2020-08-04T12:04:52Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-tools/commit/?id=cf2bf0952498059c6a8987bb54b58987748af7e2'/>
<id>urn:sha1:cf2bf0952498059c6a8987bb54b58987748af7e2</id>
<content type='text'>
Therefore, there's no need to test both.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>man: wg-quick: use syncconf instead of addconf for strip example</title>
<updated>2020-07-28T12:19:10Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2020-07-28T08:57:54Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-tools/commit/?id=b4a8a18797335de6d3d416e14a2ad769219426db'/>
<id>urn:sha1:b4a8a18797335de6d3d416e14a2ad769219426db</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>systemd: add reload target to systemd unit</title>
<updated>2020-07-24T14:23:47Z</updated>
<author>
<name>Domonkos P. Tomcsanyi</name>
<email>domi@tomcsanyi.net</email>
</author>
<published>2020-07-24T14:21:52Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-tools/commit/?id=a66219fa107e1bf0a03ebbbc405879c1f0a826c5'/>
<id>urn:sha1:a66219fa107e1bf0a03ebbbc405879c1f0a826c5</id>
<content type='text'>
Users can now run `systemctl reload wg-quick@wgnet0`, as described in
the wg-quick(8) man page. Note that this won't adjust Address=, DNS=, or
the various other non-wg(8) fields.

Signed-off-by: Domonkos P. Tomcsanyi &lt;domi@tomcsanyi.net&gt;
[zx2c4: use exec for bash commands to reduce excess forks, and rewrite
        commit message]
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
</feed>
