diff options
author | David Harrigan | 2019-10-22 11:11:10 +0100 |
---|---|---|
committer | David Harrigan | 2019-10-22 11:11:10 +0100 |
commit | 1e97882eee2b4178bb5ddc049e80e770f2395f48 (patch) | |
tree | 9cd873f566b66c9e9289921ea8b4dbb13358753e | |
parent | 20b2b7af017ea381fd217592c29abf63e835083d (diff) | |
download | aur-1e97882eee2b4178bb5ddc049e80e770f2395f48.tar.gz |
feat: use a subdirectory for configuration
Instead of pulling in the entire `/etc/wireguard` directory, use a
subdirectory, namely `/etc/wireguard/initcpio` to store the configuration.
upgpkg: mkinitcpio-wireguard 0.2.0-1
upstream release
-rw-r--r-- | .SRCINFO | 10 | ||||
-rw-r--r-- | PKGBUILD | 12 | ||||
-rw-r--r-- | README.adoc | 35 | ||||
-rw-r--r-- | mkinitcpio-wireguard.install | 2 | ||||
-rw-r--r-- | wireguard_config | 2 | ||||
-rw-r--r-- | wireguard_hook | 4 | ||||
-rw-r--r-- | wireguard_install | 4 |
7 files changed, 46 insertions, 23 deletions
@@ -1,6 +1,6 @@ pkgbase = mkinitcpio-wireguard pkgdesc = mkinitcpio hook that initialises Wireguard to assist in the remote unlocking of encrypted partitions. - pkgver = 0.1.0 + pkgver = 0.2.0 pkgrel = 1 url = https://github.com/dharrigan/mkinitcpio-wireguard install = mkinitcpio-wireguard.install @@ -8,13 +8,13 @@ pkgbase = mkinitcpio-wireguard license = Unlicense depends = mkinitcpio>=0.9.0 depends = wireguard-tools - backup = etc/wireguard/remote-unlock + backup = etc/wireguard/initcpio/unlock source = wireguard_hook source = wireguard_install source = wireguard_config - sha256sums = baa64d53adf5a60092c5df59c6ccf9e8253be4b7c947f89a9afd2cf0a84eea97 - sha256sums = edf47fa52c1e5e802a5920b8fc3dea281d33c243e79364717c64588f384befaf - sha256sums = 9385ec468589f0621d2a90839ebe4b38d37824ea706c2b2edf8f41b0f239f7e8 + sha256sums = cf4027c5c88a521f76ecfe257ee0bbcaf24294f8dcc97b8128cf77a3cd547d09 + sha256sums = 5bbbe54b9bd0469537c74f892fd30fcb90e9b49143addc7a03f4366419d6bff6 + sha256sums = 7e6c925ba973a90f63100a1a56b2e57f017d1155c1d0514f38cf9eeca557bd99 pkgname = mkinitcpio-wireguard @@ -1,7 +1,7 @@ # Maintainer: David Harrigan <dharrigan [@] gmail [dot] com> pkgname=mkinitcpio-wireguard -pkgver=0.1.0 +pkgver=0.2.0 pkgrel=1 pkgdesc='mkinitcpio hook that initialises Wireguard to assist in the remote unlocking of encrypted partitions.' url='https://github.com/dharrigan/mkinitcpio-wireguard' @@ -9,19 +9,19 @@ arch=('x86_64') license=('Unlicense') install="${pkgname}.install" depends=('mkinitcpio>=0.9.0' 'wireguard-tools') -backup=('etc/wireguard/remote-unlock') +backup=('etc/wireguard/initcpio/unlock') source=('wireguard_hook' 'wireguard_install' 'wireguard_config') package() { install -o root -g root -D ${srcdir}/wireguard_hook ${pkgdir}/usr/lib/initcpio/hooks/wireguard install -o root -g root -D ${srcdir}/wireguard_install ${pkgdir}/usr/lib/initcpio/install/wireguard - install -o root -g root -D ${srcdir}/wireguard_config ${pkgdir}/etc/wireguard/remote-unlock + install -o root -g root -D ${srcdir}/wireguard_config ${pkgdir}/etc/wireguard/initcpio/unlock } sha256sums=( -'baa64d53adf5a60092c5df59c6ccf9e8253be4b7c947f89a9afd2cf0a84eea97' -'edf47fa52c1e5e802a5920b8fc3dea281d33c243e79364717c64588f384befaf' -'9385ec468589f0621d2a90839ebe4b38d37824ea706c2b2edf8f41b0f239f7e8' +'cf4027c5c88a521f76ecfe257ee0bbcaf24294f8dcc97b8128cf77a3cd547d09' +'5bbbe54b9bd0469537c74f892fd30fcb90e9b49143addc7a03f4366419d6bff6' +'7e6c925ba973a90f63100a1a56b2e57f017d1155c1d0514f38cf9eeca557bd99' ) # vim:set syntax=sh tw=78: diff --git a/README.adoc b/README.adoc index aa2c441da469..3845d4e8c333 100644 --- a/README.adoc +++ b/README.adoc @@ -12,6 +12,29 @@ :toc: :toclevels: 5 +== ChangeLog + +IMPORTANT: Until this package has stabilised and until it has reached a 1.0.0 +release, *please be very careful* to examine the version changes listed below +as the package requirements and instructions can change to reflect a better +understanding of the problem domain. *DO NOT ASSUME THAT ANYTHING UNTIL AT +LEAST A 1.0.0 RELEASE* + +WARNING: Read the warning above. + +|=== +|Version | Note + +| *0.2.0* +a| +* Don't include the entire `/etc/wireguard` directory, instead use a subdirectory, namely `/etc/wireguard/initcpio` to keep things separate. + +| *0.1.0* +a| +* Initial Release + +|=== + == Rationale Firstly, encryption. Encrypt all the things. @@ -90,10 +113,10 @@ running first. A few examples of where to find documentation are listed below: * https://www.wireguard.com/quickstart/ * https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8 -After installing `mkinitcpio-wireguard`, a configuration file will be written -to `/etc/wireguard/remote-unlock`. You *MUST* edit this file to suit your -particular Wireguard requirements. The file is really simple and therefore -should be pretty self-explanatory. +After installing `mkinitcpio-wireguard`, an example configuration file will be +written to `/etc/wireguard/initcpio/unlock`. You *MUST* edit this file to suit +your particular Wireguard requirements. The file is really simple and +therefore should be pretty self-explanatory. NOTE: If you have an existing `wg0.conf` in your `/etc/wireguard` directory, you can use the contents of that file as a reference. Please be aware of the @@ -102,7 +125,7 @@ unlocking. == Hook Installation -After you have edited the `/etc/wireguard/remote-unlock` file to suit your +After you have edited the `/etc/wireguard/initcpio/unlock` file to suit your needs, ensure that you've added the `wireguard` hook to the *HOOKS* array of `/etc/mkinitcpio.conf`. Shown below is an example that also includes the use of `netconf`, `tinyssh` and `encryptssh`. @@ -113,7 +136,7 @@ HOOKS=(base udev autodetect keyboard keymap modconf block netconf wireguard tiny == Final Steps -Lastly, run (as root): +Lastly, run (still as root): ---- mkinitcpio -P diff --git a/mkinitcpio-wireguard.install b/mkinitcpio-wireguard.install index aedd9a6616f9..87d2bc150ef8 100644 --- a/mkinitcpio-wireguard.install +++ b/mkinitcpio-wireguard.install @@ -4,7 +4,7 @@ post_install() { echo ">" echo "> Now add 'wireguard' to your HOOKS array in your '/etc/mkinitcpio.conf' and rebuild the ramdisk." echo "> e.g., HOOKS=(base udev autodetect keyboard keymap modconf block netconf wireguard tinyssh encryptssh filesystems fsck)" - echo "> don't forget to configure the '/etc/wireguard/remote-unlock' file then rerun mkinitcpio..." + echo "> don't forget to configure the '/etc/wireguard/initcpio/unlock' file then rerun mkinitcpio..." echo ">" } diff --git a/wireguard_config b/wireguard_config index ec0907cc1d07..59e82c08da51 100644 --- a/wireguard_config +++ b/wireguard_config @@ -49,7 +49,7 @@ PEER_PUBLIC_KEY=abcdefg PEER_ENDPOINT=192.168.80.1:12912 # This is your private key previously setup to establish connection to the peer. -PRIVATE_KEY_FILE=/etc/wireguard/privatekey +PRIVATE_KEY_FILE=/etc/wireguard/initcpio/privatekey # If you're behind a NAT, a ping of 25 seconds is useful! PERSISTENT_KEEPALIVES=25 diff --git a/wireguard_hook b/wireguard_hook index f914e7cf50bf..59d85985fc83 100644 --- a/wireguard_hook +++ b/wireguard_hook @@ -28,8 +28,8 @@ _fatal () { echo ":: wireguard [FATAL]: ${@}. Cannot initialise Wireguard\!"; break=y; } -if [ -f /etc/wireguard/remote-unlock ]; then - . /etc/wireguard/remote-unlock +if [ -f /etc/wireguard/initcpio/unlock ]; then + . /etc/wireguard/initcpio/unlock fi run_hook() diff --git a/wireguard_install b/wireguard_install index d681830892d7..1ba2f65f774a 100644 --- a/wireguard_install +++ b/wireguard_install @@ -31,7 +31,7 @@ build() add_binary wg add_module wireguard - add_full_dir /etc/wireguard + add_full_dir /etc/wireguard/initcpio add_runscript } @@ -40,7 +40,7 @@ help() { cat <<HELPME This hook provides basic Wireguard support to assist in the remote unlocking of encrypted partitions. There are various parameters that are to be -configured via the "/etc/wireguard/remote-unlock" file. This must be done! +configured via the "/etc/wireguard/initcpio/unlock" file. This must be done! In addition to this hook, you will require something like tinyssh or dropbear appropriately configured in order to gain remote access. Please refer to the |