[WireGuard] Fedora WireGuard RPMs

Joe Doss joe at solidadmin.com
Wed Aug 17 21:39:16 CEST 2016

On 08/17/2016 09:38 AM, Jason A. Donenfeld wrote:
> Hey Joe,
> This is great news! Thanks for doing that. Are you a Fedora developer
> per chance?

I am not an official one currently, no. I don't have any packages in 
upstream Fedora yet. I am just a dude that likes to write RPMs and 
contributing to cool open source projects. :)

> A few notes for fixing this:
> 1) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-tools.git/tree/wireguard-tools.spec
> a)
>> BuildRequires:  libmnl-devel, kernel-devel, systemd
>> Requires:       wireguard-dkms, systemd
> Remove the systemd requirement.


> b)
>> install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/contrib/examples/systemd/wgserver.service \
>>    %{buildroot}%{_unitdir}/wgserver.service
>> %attr(0644, root, root) %{_unitdir}/wgserver.service
> Remove these lines. Do not install this systemd unit. It's in the
> examples directory; thus it is an EXAMPLE. It is not meant to be
> installed. When we write a unit that's meant to be installed, `make
> install` will do it automatically.

Fair enough. Removed.

> Instead, copy all of contrib/examples to /usr/share/{pkg}/examples or
> wherever the default Fedora examples directory is.


> c)
>> BuildRequires:  libmnl-devel, kernel-devel, systemd
> Are you sure that the tools package requires kernel-devel? Did you
> double check this?

It doesn't need it. Fixed.

> d)
>> install -Z -s -m 0755 -v %{_builddir}/WireGuard-experimental-%{version}/src/tools/wg \
>>    %{buildroot}%{_bindir}/wg
>> install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/contrib/examples/systemd/wgserver.service \
>>    %{buildroot}%{_unitdir}/wgserver.service
>> install -p -D -m 0644 %{_builddir}/WireGuard-experimental-%{version}/src/tools/wg.8 \
>>    %{buildroot}%{_mandir}/man8/wg.8
>> %defattr(-,root,root,-)
>> %attr(0755, root, root) %{_bindir}/wg
>> %attr(0644, root, root) %{_unitdir}/wgserver.service
>> %attr(0644, root, root) %{_mandir}/man8/wg.8*
> All of this is garbage. Instead, use `make install` and set the
> environment variables appropriately. By default they are:
> PREFIX ?= /usr
> BINDIR ?= $(PREFIX)/bin
> LIBDIR ?= $(PREFIX)/lib
> MANDIR ?= $(PREFIX)/share/man
> RUNSTATEDIR ?= /var/run
> I imagine here you'll want to roll with something like:
> DESTDIR=%{buildroot} BINDIR=%{_bindir} MANDIR=%{_mandir}
> RUNSTATEDIR=/run make install

Fixed. I guess I was doing it the hard way eh? :)

> 2) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-dkms.git/tree/wireguard-dkms.conf
> I recommend you use Debian's as a starting point:
> https://anonscm.debian.org/git/collab-maint/wireguard.git/tree/debian/wireguard-dkms.dkms
> In particular DEST_MODULE_LOCATION="/kernel/net" and
> BUILD_EXCLUSIVE_KERNEL="^(4\.[^0]|[5-9])".


> 3) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-dkms.git/tree/wireguard-dkms.spec
> a)
>> BuildRequires:  libmnl-devel, kernel-devel, sed
> The kernel module does not require libmnl-devel.


> b)
>> cp -fr %{_builddir}/WireGuard-experimental-%{version}/* %{buildroot}%{_usrsrc}/%{dkms_name}-%{version}/
> You might consider instead only copying src/.

Good idea. Fixed.

> Please let me know when you've addressed 1a, 1b, 1c, 1d, 2, 3a, and
> 3b, and then I'll add your instructions to the wireguard.io website.

Some gotchas for Fedora might be issues using DKMS if they have secure 
boot enabled. You might want to mention that as the kmod generated by 
DKMS isn't signed, so loading it with secure boot will fail.

Also, SELinux is set enforcing by default on Fedora. I am not sure if 
that is going to cause any issues either.

Other than that, the RPMs should be good to go. Let me know if you want 
any other changes before adding the install instructions to the site.

> Thanks for your hard work on this. Much appreciated.

No problem! Glad to help. Thanks for your awesome work on WireGuard. :)


Joe Doss
joe at solidadmin.com

More information about the WireGuard mailing list