upgpkg: mkinitcpio-wireguard 0.4.1-3

Split out source from packaging.

-=david=-

7 files changed, 13 insertions, 365 deletions

diff --git a/.SRCINFO b/.SRCINFO
index cfd16956c867..1abf17ed81ee 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = mkinitcpio-wireguard
 	pkgdesc = mkinitcpio hook that initialises Wireguard to assist in the remote unlocking of encrypted partitions.
 	pkgver = 0.4.1
-	pkgrel = 1
+	pkgrel = 3
 	url = https://github.com/dharrigan/mkinitcpio-wireguard
 	install = mkinitcpio-wireguard.install
 	arch = x86_64
@@ -9,14 +9,8 @@ pkgbase = mkinitcpio-wireguard
 	depends = mkinitcpio>=0.9.0
 	depends = wireguard-tools
 	backup = etc/wireguard/initcpio/unlock
-	source = wireguard_hook
-	source = wireguard_install
-	source = wireguard_config
-	source = UNLICENSED
-	sha256sums = 4d406d605297cdf11cc4de93616808063c255e4b54f27731d850acc71bf28b3b
-	sha256sums = 67e56a6d5b3cab8cf1ae475f7728a9c0a148447da9d1246e53683f75fb1b6091
-	sha256sums = 0dee9306a558623fc3c7bf22348f3049189e69be7c66bc7530fee0748fb9ad93
-	sha256sums = 88d9b4eb60579c191ec391ca04c16130572d7eedc4a86daa58bf28c6e14c9bcd
+	source = https://github.com/dharrigan/mkinitcpio-wireguard/archive/0.4.1.tar.gz
+	sha256sums = a46582e0220ed7e000ee85d6ef03be6c44ce181b7f1a281352d0986688129da2
 
 pkgname = mkinitcpio-wireguard
 
diff --git a/PKGBUILD b/PKGBUILD
index 0f54002f9501..28ca9ec95211 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,28 +2,25 @@
 
 pkgname=mkinitcpio-wireguard
 pkgver=0.4.1
-pkgrel=1
+pkgrel=3
 pkgdesc='mkinitcpio hook that initialises Wireguard to assist in the remote unlocking of encrypted partitions.'
-url='https://github.com/dharrigan/mkinitcpio-wireguard'
 arch=('x86_64')
+url='https://github.com/dharrigan/mkinitcpio-wireguard'
 license=('Unlicense')
 install="${pkgname}.install"
 depends=('mkinitcpio>=0.9.0' 'wireguard-tools')
 backup=('etc/wireguard/initcpio/unlock')
-source=('wireguard_hook' 'wireguard_install' 'wireguard_config' 'UNLICENSED')
+
+source=("${url}/archive/${pkgver}.tar.gz")
+
+sha256sums=('a46582e0220ed7e000ee85d6ef03be6c44ce181b7f1a281352d0986688129da2')
 
 package() {
-	install -Dm644 ${srcdir}/wireguard_hook ${pkgdir}/usr/lib/initcpio/hooks/wireguard
-	install -Dm644 ${srcdir}/wireguard_install ${pkgdir}/usr/lib/initcpio/install/wireguard
-	install -Dm644 ${srcdir}/wireguard_config ${pkgdir}/etc/wireguard/initcpio/unlock
-	install -Dm644 ${srcdir}/UNLICENSED ${pkgdir}/usr/share/licenses/${pkgname}/UNLICENSED
+	install -Dm644 ${srcdir}/${pkgname}-${pkgver}/wireguard_hook ${pkgdir}/usr/lib/initcpio/hooks/wireguard
+	install -Dm644 ${srcdir}/${pkgname}-${pkgver}/wireguard_install ${pkgdir}/usr/lib/initcpio/install/wireguard
+	install -Dm644 ${srcdir}/${pkgname}-${pkgver}/wireguard_config ${pkgdir}/etc/wireguard/initcpio/unlock
+	install -Dm644 ${srcdir}/${pkgname}-${pkgver}/UNLICENSED ${pkgdir}/usr/share/licenses/${pkgname}/UNLICENSED
 }
 
-sha256sums=(
-'4d406d605297cdf11cc4de93616808063c255e4b54f27731d850acc71bf28b3b'
-'67e56a6d5b3cab8cf1ae475f7728a9c0a148447da9d1246e53683f75fb1b6091'
-'0dee9306a558623fc3c7bf22348f3049189e69be7c66bc7530fee0748fb9ad93'
-'88d9b4eb60579c191ec391ca04c16130572d7eedc4a86daa58bf28c6e14c9bcd'
-)
 
 # vim:set syntax=sh tw=78:
diff --git a/README.adoc b/README.adoc
deleted file mode 100644
index 5ecc8bb8f967..000000000000
--- a/README.adoc
+++ /dev/null
@@ -1,180 +0,0 @@
-= mkinitcpio Wireguard hook
-:author: David Harrigan
-:email: <dharrigan [@] gmail [dot] com>
-:docinfo: true
-:doctype: book
-:icons: font
-:numbered:
-:sectlinks:
-:sectnums:
-:setanchors:
-:source-highlighter: highlightjs
-:toc:
-:toclevels: 5
-
-== ChangeLog
-
-IMPORTANT: Until this package has stabilised and until it has reached a 1.0.0
-release, *please be very careful* to examine the version changes listed below
-as the package requirements and instructions can change to reflect a better
-understanding of the problem domain. *DO NOT ASSUME THAT ANYTHING UNTIL AT
-LEAST A 1.0.0 RELEASE*
-
-WARNING: Read the warning above.
-
-|===
-|Version | Note
-
-| *0.4.1*
-a|
-* Remove unnecessary license headers and simply copy UNLICENSED to appropriate place
-* Minor bugfixes - thanks @undiabler!
-
-| *0.4.0*
-a|
-* Add a route based upon the ALLOWED_IPS.
-
-| *0.3.0*
-a|
-* Various tidy ups and script improvements.
-* Rename PRIVATE_KEY_FILE to PRIVATE_KEYFILE - BREAKING CHANGE!
-
-| *0.2.0*
-a|
-* Don't include the entire `/etc/wireguard` directory, instead use a subdirectory, namely `/etc/wireguard/initcpio` to keep things separate.
-
-| *0.1.0*
-a|
-* Initial Release.
-
-|===
-
-== Rationale
-
-Firstly, encryption. Encrypt all the things.
-
-Secondly, I think https://www.wireguard.io[Wireguard] is pretty awesome. It's
-really easy to setup and use and works flawlessly (at least for me 😄).
-
-Thirdly, the ability to remotely unlock encrypted partitions is extremely
-useful.  However, a limitation is that in order to remotely unlock the
-partition via SSH, you normally need to be on the same network (or at least
-routeable) to the computer that needs unlocking.
-
-As far as I could tell, there was nothing available in
-https://aur.archlinux.org[AUR] that provided a Wireguard hook for
-`mkinitcpio`. Creating a hook should allow a basic Wireguard interface to be
-established so that - via a secure network - you could gain access to the
-remote machine. This is my small attempt to achieve that aim.
-
-IMPORTANT: I developed this little hook for myself and I'm releasing it into
-the general community in the (probably misguided) hope that others may find it
-useful too. As usual, no warranty implied or otherwise is given towards the
-fitness of this software in meeting *YOUR* needs. Please refer to the included
-https://unlicense.org[Unlicense] license file for more information. That said,
-I find this little hook useful - perhaps you may too - so please enjoy! Oh,
-and please be be awesome to each other!
-
-WARNING: Ensure you have read the Arch wiki section on
-https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Remote_unlocking_of_the_root_(or_other)_partition[remote
-unlocking]. It's a *very* good idea to get remote unlocking working *first* on
-your local network - proving that it works for you (this includes using either
-*tinyssh* or *dropbear* to authenticate and unlock successfully)
-- *before* attempting to setup this mkinitcpio Wireguard hook for remote
-unlocking.
-
-IMPORTANT: It is also *strongly* recommend that a *separate* Wireguard network
-is setup and configured *just* for unlocking. You see, a private key (and a
-public key) and a configuration file are written to the ramdisk (which
-typically lives in an unencrypted boot partition). It's super trivially easy
-for anyone to copy this ramdisk, extract out the contents and use the private
-key and Wireguard configuration found therein to connect to your Wireguard
-network. As a minimum, you could disable (on the remote peer *nominally called
-the `server`*) the ability for the target machine (the `client` - the one on
-which you are remotely unlocking partitions) to connect and authenticate -
-only enabling connection *when* and *if* required. Please be careful and think
-this through! Safety first!
-
-== OS Installation
-
-Standard installation rules apply. Here's an example using the
-https://github.com/Jguer/yay[yay] package manager to install the utility.
-
-`yay -S mkinitcpio-wireguard`
-
-Please refer to your favourite package manager's documentation in learn how to
-install it for you 😄
-
-NOTE: Obviously, you must also install Wireguard! Choose either manual
-installation (using git and compiling it yourself), or using `wireguard-arch`
-or `wireguard-dkms`. Life is short, so personally I just roll with
-`wireguard-arch`. Seems to work OOTB for me, but YMMV...
-
-== Configuration
-
-IMPORTANT: The setup and running of `mkinitcpio-wireguard` is *very* basic and
-makes *lots* of assumptions. *This is intentional!* This hook is simple
-because it is designed to get a minimal Wireguard up and running so that you
-can remotely unlock encrypted partitions. The script does not attempt to do
-anything else. This script will never be super fancy or clever.
-
-WARNING: Please read and familiarise yourself with how Wireguard works. In
-particular, please refer to the *numerous* examples online of how to setup and
-configure Wireguard. It is *strongly* suggested you get Wireguard up and
-running first. A few examples of where to find documentation are listed below:
-
-* https://wiki.archlinux.org/index.php/WireGuard
-* https://www.wireguard.com/quickstart/
-* https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8
-
-After installing `mkinitcpio-wireguard`, an example configuration file will be
-written to `/etc/wireguard/initcpio/unlock`. You *MUST* edit this file to suit
-your particular Wireguard requirements. The file is really simple and
-therefore should be pretty self-explanatory.
-
-NOTE: If you have an existing `wg0.conf` in your `/etc/wireguard` directory,
-you can use the contents of that file as a reference. Please be aware of the
-warning above concerning the recommended use of a separate network for remote
-unlocking.
-
-== Hook Installation
-
-After you have edited the `/etc/wireguard/initcpio/unlock` file to suit your
-needs, ensure that you've added the `wireguard` hook to the *HOOKS* array of
-`/etc/mkinitcpio.conf`. Shown below is an example that also includes the use
-of `netconf`, `tinyssh` and `encryptssh`.
-
-----
-HOOKS=(base udev autodetect keyboard keymap modconf block netconf wireguard tinyssh encryptssh filesystems fsck)
-----
-
-== Final Steps
-
-Lastly, run (still as root):
-
-----
-mkinitcpio -P
-----
-
-This will regenerate the ramdisk with your Wireguard configuration.
-
-You should now be able to reboot your machine and after the interface has come
-up be able to ping it via your Wireguard network! You should now also be able
-to SSH to the machine (you did remember to set that all up before doing this,
-right?) and unlock any encrypted partitions and thus enable the continuation
-of your boot process! FTW!
-
-NOTE: It could take a minute or two for your Wireguard interface to
-authenticate and be recognised by the remote peer. Please be patient and hang
-on in there!
-
-== Unlicensed
-
-Find the full unlicense in the UNLICENSE file, but here's a snippet.
-This is free and unencumbered software released into the public domain.
-
-----
-Anyone is free to copy, modify, publish, use, compile, sell, or distribute
-this software, either in source code form or as a compiled binary, for any
-purpose, commercial or non-commercial, and by any means.
-----
diff --git a/UNLICENSED b/UNLICENSED
deleted file mode 100644
index cf1ab25da034..000000000000
--- a/UNLICENSED
+++ /dev/null
@@ -1,24 +0,0 @@
-This is free and unencumbered software released into the public domain.
-
-Anyone is free to copy, modify, publish, use, compile, sell, or
-distribute this software, either in source code form or as a compiled
-binary, for any purpose, commercial or non-commercial, and by any
-means.
-
-In jurisdictions that recognize copyright laws, the author or authors
-of this software dedicate any and all copyright interest in the
-software to the public domain. We make this dedication for the benefit
-of the public at large and to the detriment of our heirs and
-successors. We intend this dedication to be an overt act of
-relinquishment in perpetuity of all present and future rights to this
-software under copyright law.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-
-For more information, please refer to <http://unlicense.org>
diff --git a/wireguard_config b/wireguard_config
deleted file mode 100644
index 758a108d2d9d..000000000000
--- a/wireguard_config
+++ /dev/null
@@ -1,34 +0,0 @@
-#
-# Information pertaining to the Wireguard mkinitcpio hook
-#
-# Please ensure you've read the documentation on how to setup and configure
-# Wireguard for your needs. It's vital that you ensure that you can connect
-# successfully before working on enabling remote unlocking functionality.
-
-# All the values below are just examples. You must change them to suit
-# your Wireguard network setup.
-
-# Specifies the name of the Wireguard interface (usually wg0)
-INTERFACE=wg0
-
-# Specifies the address that the Wireguard interface will use.
-# Please ensure you specify the address in CIDR format.
-INTERFACE_ADDR=10.0.200.21/32
-
-# This is the public key of the peer.
-PEER_PUBLIC_KEY=abcdefg
-
-# This is the IP address and port of the peer.
-# Usually this is the external public-facing IP, but it may also be internal!
-PEER_ENDPOINT=192.168.80.1:12912
-
-# This is your private key previously setup to establish connection to the peer.
-PRIVATE_KEYFILE=/etc/wireguard/initcpio/privatekey
-
-# If you're behind a NAT, a ping of 25 seconds is useful!
-PERSISTENT_KEEPALIVES=25
-
-# The IP range that will be allowed.
-ALLOWED_IPS=10.0.200.0/24
-
-# vim:set syntax=sh tw=78:
diff --git a/wireguard_hook b/wireguard_hook
deleted file mode 100644
index da8c0d232171..000000000000
--- a/wireguard_hook
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/bash
-
-_fatal () { echo ":: wireguard [FATAL]: ${@}. Cannot initialise Wireguard!"; break=y; }
-
-if [ -s /etc/wireguard/initcpio/unlock ]; then
-    . /etc/wireguard/initcpio/unlock
-fi
-
-run_hook()
-{
-    if [ -z $INTERFACE ]; then
-        _fatal 'Interface name is not defined!'
-        return 1
-    fi
-
-    if [ -z $INTERFACE_ADDR ]; then
-        _fatal 'Interface address is not defined!'
-        return 1
-    fi
-
-    if [ -z $PEER_PUBLIC_KEY ]; then
-        _fatal 'Peer Public Key is not defined!'
-        return 1
-    fi
-
-    if [ ! -s $PRIVATE_KEYFILE ]; then
-        _fatal 'Private keyfile is not defined!'
-        return 1
-    fi
-
-    if [ -z $PEER_ENDPOINT ]; then
-        _fatal 'Peer endpoint is not defined!'
-        return 1
-    fi
-
-    if [ -z $PERSISTENT_KEEPALIVES ]; then
-        _fatal 'Persistent Keep Alives is not defined!'
-        return 1
-    fi
-
-    if [ -z $ALLOWED_IPS ]; then
-        _fatal 'Allowed IPs is not defined!'
-        return 1
-    fi
-
-    echo "Starting Wireguard."
-
-    ip link add dev $INTERFACE type wireguard
-    wg set $INTERFACE \
-        private-key $PRIVATE_KEYFILE \
-        peer $PEER_PUBLIC_KEY \
-        endpoint $PEER_ENDPOINT \
-        persistent-keepalive $PERSISTENT_KEEPALIVES \
-        allowed-ips $ALLOWED_IPS
-    ip addr add $INTERFACE_ADDR dev $INTERFACE
-    ip link set $INTERFACE up
-    ip route add $ALLOWED_IPS dev $INTERFACE
-}
-
-run_cleanuphook() {
-
-    ip link delete dev $INTERFACE
-
-}
-# vim:set syntax=sh tw=78:
diff --git a/wireguard_install b/wireguard_install
deleted file mode 100644
index 4438f4654182..000000000000
--- a/wireguard_install
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/bash
-
-build()
-{
-    if [ ! -s /etc/wireguard/initcpio/unlock ]; then
-        error "Missing Wireguard initcpio hook unlock configuration file! Exiting!"
-        return 1
-    else
-        . /etc/wireguard/initcpio/unlock
-        if [ ! -s $PRIVATE_KEYFILE ]; then
-            error "Missing Wireguard initcpio hook Private Keyfile! Exiting!"
-            return 1
-        fi
-    fi
-
-    add_binary wg
-    add_module wireguard
-
-    add_dir /etc/wireguard/initcpio
-
-    add_file $PRIVATE_KEYFILE
-    add_file /etc/wireguard/initcpio/unlock
-
-    add_runscript
-}
-
-help() {
-    cat <<HELPME
-This hook provides basic Wireguard support to assist in the remote unlocking
-of encrypted partitions. There are various parameters that are to be
-configured via the "/etc/wireguard/initcpio/unlock" file. This must be done!
-
-In addition to this hook, you will require something like tinyssh or dropbear
-appropriately configured in order to gain remote access. Please refer to the
-Arch Wiki for further details with regards to remote unlocking of encrypted
-partitions.
-HELPME
-}
-
-# vim:set syntax=sh tw=78: