summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Harrigan2019-10-22 11:11:10 +0100
committerDavid Harrigan2019-10-22 11:11:10 +0100
commit1e97882eee2b4178bb5ddc049e80e770f2395f48 (patch)
tree9cd873f566b66c9e9289921ea8b4dbb13358753e
parent20b2b7af017ea381fd217592c29abf63e835083d (diff)
downloadaur-1e97882eee2b4178bb5ddc049e80e770f2395f48.tar.gz
feat: use a subdirectory for configuration
Instead of pulling in the entire `/etc/wireguard` directory, use a subdirectory, namely `/etc/wireguard/initcpio` to store the configuration. upgpkg: mkinitcpio-wireguard 0.2.0-1 upstream release
-rw-r--r--.SRCINFO10
-rw-r--r--PKGBUILD12
-rw-r--r--README.adoc35
-rw-r--r--mkinitcpio-wireguard.install2
-rw-r--r--wireguard_config2
-rw-r--r--wireguard_hook4
-rw-r--r--wireguard_install4
7 files changed, 46 insertions, 23 deletions
diff --git a/.SRCINFO b/.SRCINFO
index c579ddbfcf2..a43253836a0 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
pkgbase = mkinitcpio-wireguard
pkgdesc = mkinitcpio hook that initialises Wireguard to assist in the remote unlocking of encrypted partitions.
- pkgver = 0.1.0
+ pkgver = 0.2.0
pkgrel = 1
url = https://github.com/dharrigan/mkinitcpio-wireguard
install = mkinitcpio-wireguard.install
@@ -8,13 +8,13 @@ pkgbase = mkinitcpio-wireguard
license = Unlicense
depends = mkinitcpio>=0.9.0
depends = wireguard-tools
- backup = etc/wireguard/remote-unlock
+ backup = etc/wireguard/initcpio/unlock
source = wireguard_hook
source = wireguard_install
source = wireguard_config
- sha256sums = baa64d53adf5a60092c5df59c6ccf9e8253be4b7c947f89a9afd2cf0a84eea97
- sha256sums = edf47fa52c1e5e802a5920b8fc3dea281d33c243e79364717c64588f384befaf
- sha256sums = 9385ec468589f0621d2a90839ebe4b38d37824ea706c2b2edf8f41b0f239f7e8
+ sha256sums = cf4027c5c88a521f76ecfe257ee0bbcaf24294f8dcc97b8128cf77a3cd547d09
+ sha256sums = 5bbbe54b9bd0469537c74f892fd30fcb90e9b49143addc7a03f4366419d6bff6
+ sha256sums = 7e6c925ba973a90f63100a1a56b2e57f017d1155c1d0514f38cf9eeca557bd99
pkgname = mkinitcpio-wireguard
diff --git a/PKGBUILD b/PKGBUILD
index 77fe8f2d3af..21413c46dbb 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
# Maintainer: David Harrigan <dharrigan [@] gmail [dot] com>
pkgname=mkinitcpio-wireguard
-pkgver=0.1.0
+pkgver=0.2.0
pkgrel=1
pkgdesc='mkinitcpio hook that initialises Wireguard to assist in the remote unlocking of encrypted partitions.'
url='https://github.com/dharrigan/mkinitcpio-wireguard'
@@ -9,19 +9,19 @@ arch=('x86_64')
license=('Unlicense')
install="${pkgname}.install"
depends=('mkinitcpio>=0.9.0' 'wireguard-tools')
-backup=('etc/wireguard/remote-unlock')
+backup=('etc/wireguard/initcpio/unlock')
source=('wireguard_hook' 'wireguard_install' 'wireguard_config')
package() {
install -o root -g root -D ${srcdir}/wireguard_hook ${pkgdir}/usr/lib/initcpio/hooks/wireguard
install -o root -g root -D ${srcdir}/wireguard_install ${pkgdir}/usr/lib/initcpio/install/wireguard
- install -o root -g root -D ${srcdir}/wireguard_config ${pkgdir}/etc/wireguard/remote-unlock
+ install -o root -g root -D ${srcdir}/wireguard_config ${pkgdir}/etc/wireguard/initcpio/unlock
}
sha256sums=(
-'baa64d53adf5a60092c5df59c6ccf9e8253be4b7c947f89a9afd2cf0a84eea97'
-'edf47fa52c1e5e802a5920b8fc3dea281d33c243e79364717c64588f384befaf'
-'9385ec468589f0621d2a90839ebe4b38d37824ea706c2b2edf8f41b0f239f7e8'
+'cf4027c5c88a521f76ecfe257ee0bbcaf24294f8dcc97b8128cf77a3cd547d09'
+'5bbbe54b9bd0469537c74f892fd30fcb90e9b49143addc7a03f4366419d6bff6'
+'7e6c925ba973a90f63100a1a56b2e57f017d1155c1d0514f38cf9eeca557bd99'
)
# vim:set syntax=sh tw=78:
diff --git a/README.adoc b/README.adoc
index aa2c441da46..3845d4e8c33 100644
--- a/README.adoc
+++ b/README.adoc
@@ -12,6 +12,29 @@
:toc:
:toclevels: 5
+== ChangeLog
+
+IMPORTANT: Until this package has stabilised and until it has reached a 1.0.0
+release, *please be very careful* to examine the version changes listed below
+as the package requirements and instructions can change to reflect a better
+understanding of the problem domain. *DO NOT ASSUME THAT ANYTHING UNTIL AT
+LEAST A 1.0.0 RELEASE*
+
+WARNING: Read the warning above.
+
+|===
+|Version | Note
+
+| *0.2.0*
+a|
+* Don't include the entire `/etc/wireguard` directory, instead use a subdirectory, namely `/etc/wireguard/initcpio` to keep things separate.
+
+| *0.1.0*
+a|
+* Initial Release
+
+|===
+
== Rationale
Firstly, encryption. Encrypt all the things.
@@ -90,10 +113,10 @@ running first. A few examples of where to find documentation are listed below:
* https://www.wireguard.com/quickstart/
* https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8
-After installing `mkinitcpio-wireguard`, a configuration file will be written
-to `/etc/wireguard/remote-unlock`. You *MUST* edit this file to suit your
-particular Wireguard requirements. The file is really simple and therefore
-should be pretty self-explanatory.
+After installing `mkinitcpio-wireguard`, an example configuration file will be
+written to `/etc/wireguard/initcpio/unlock`. You *MUST* edit this file to suit
+your particular Wireguard requirements. The file is really simple and
+therefore should be pretty self-explanatory.
NOTE: If you have an existing `wg0.conf` in your `/etc/wireguard` directory,
you can use the contents of that file as a reference. Please be aware of the
@@ -102,7 +125,7 @@ unlocking.
== Hook Installation
-After you have edited the `/etc/wireguard/remote-unlock` file to suit your
+After you have edited the `/etc/wireguard/initcpio/unlock` file to suit your
needs, ensure that you've added the `wireguard` hook to the *HOOKS* array of
`/etc/mkinitcpio.conf`. Shown below is an example that also includes the use
of `netconf`, `tinyssh` and `encryptssh`.
@@ -113,7 +136,7 @@ HOOKS=(base udev autodetect keyboard keymap modconf block netconf wireguard tiny
== Final Steps
-Lastly, run (as root):
+Lastly, run (still as root):
----
mkinitcpio -P
diff --git a/mkinitcpio-wireguard.install b/mkinitcpio-wireguard.install
index aedd9a6616f..87d2bc150ef 100644
--- a/mkinitcpio-wireguard.install
+++ b/mkinitcpio-wireguard.install
@@ -4,7 +4,7 @@ post_install() {
echo ">"
echo "> Now add 'wireguard' to your HOOKS array in your '/etc/mkinitcpio.conf' and rebuild the ramdisk."
echo "> e.g., HOOKS=(base udev autodetect keyboard keymap modconf block netconf wireguard tinyssh encryptssh filesystems fsck)"
- echo "> don't forget to configure the '/etc/wireguard/remote-unlock' file then rerun mkinitcpio..."
+ echo "> don't forget to configure the '/etc/wireguard/initcpio/unlock' file then rerun mkinitcpio..."
echo ">"
}
diff --git a/wireguard_config b/wireguard_config
index ec0907cc1d0..59e82c08da5 100644
--- a/wireguard_config
+++ b/wireguard_config
@@ -49,7 +49,7 @@ PEER_PUBLIC_KEY=abcdefg
PEER_ENDPOINT=192.168.80.1:12912
# This is your private key previously setup to establish connection to the peer.
-PRIVATE_KEY_FILE=/etc/wireguard/privatekey
+PRIVATE_KEY_FILE=/etc/wireguard/initcpio/privatekey
# If you're behind a NAT, a ping of 25 seconds is useful!
PERSISTENT_KEEPALIVES=25
diff --git a/wireguard_hook b/wireguard_hook
index f914e7cf50b..59d85985fc8 100644
--- a/wireguard_hook
+++ b/wireguard_hook
@@ -28,8 +28,8 @@
_fatal () { echo ":: wireguard [FATAL]: ${@}. Cannot initialise Wireguard\!"; break=y; }
-if [ -f /etc/wireguard/remote-unlock ]; then
- . /etc/wireguard/remote-unlock
+if [ -f /etc/wireguard/initcpio/unlock ]; then
+ . /etc/wireguard/initcpio/unlock
fi
run_hook()
diff --git a/wireguard_install b/wireguard_install
index d681830892d..1ba2f65f774 100644
--- a/wireguard_install
+++ b/wireguard_install
@@ -31,7 +31,7 @@ build()
add_binary wg
add_module wireguard
- add_full_dir /etc/wireguard
+ add_full_dir /etc/wireguard/initcpio
add_runscript
}
@@ -40,7 +40,7 @@ help() {
cat <<HELPME
This hook provides basic Wireguard support to assist in the remote unlocking
of encrypted partitions. There are various parameters that are to be
-configured via the "/etc/wireguard/remote-unlock" file. This must be done!
+configured via the "/etc/wireguard/initcpio/unlock" file. This must be done!
In addition to this hook, you will require something like tinyssh or dropbear
appropriately configured in order to gain remote access. Please refer to the