Bump wireguard module to version 1.0.20211208

* Add option to choose whether to load built-in or external module * Bump openresolv version to 3.12.0
tusc · Jan 22, 2022 · 6138ae8 · 6138ae8
1 parent f1126ce
commit 6138ae8
Show file tree

Hide file tree

Showing 8 changed files with 27 additions and 49 deletions.
diff --git a/README.md b/README.md
@@ -22,10 +22,10 @@ The Unifi UDM is built on a powerful quad core ARM64 CPU that can sustain up to
 
 
 ## Install
-1. We first need to download the tar file onto the UDM. Connect to it via SSH and type the following command to download the tar file. You need to download the following tar file. NOTE: always [this link](https://github.com/tusc/wireguard-kmod/releases) check for the latest release.
+1. We first need to download the tar file onto the UDM. Connect to it via SSH and type the following command to download the tar file. You need to download the following tar file. NOTE: always check [this link](https://github.com/tusc/wireguard-kmod/releases) for the latest release.
 
     ```sh
-    curl -LJo wireguard-kmod.tar.Z https://github.com/tusc/wireguard-kmod/releases/download/v11-05-21/wireguard-kmod-11-05-21.tar.Z
+    curl -LJo wireguard-kmod.tar.Z https://github.com/tusc/wireguard-kmod/releases/download/v01-22-22/wireguard-kmod-01-22-22.tar.Z
     ```
 
 2. From this directory type the following to extract the files:
@@ -54,6 +54,8 @@ The Unifi UDM is built on a powerful quad core ARM64 CPU that can sustain up to
     [13540.520126] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <[email protected]>. All Rights Reserved.
     ```
 
+    The script will first try to load the built-in wireguard module if it exists. If it doesn't exist, the external module provided by this package will be loaded instead. You can set `LOAD_BUILTIN=0` at the top of the `setup_wireguard.sh` script to always load the external module. Note that only recent UDM releases since 1.11.0 have the built-in module, and it is not always up-to-date.
+
     The tar file includes other useful utils such as htop, iftop and [qrencode.](#faq)
 
 ## Build from source

diff --git a/src/bases/udm-1.11.0/kernel-config b/src/bases/udm-1.11.0/kernel-config
@@ -3730,44 +3730,7 @@ CONFIG_PSTORE_PMSG=y
 CONFIG_PSTORE_RAM=y
 # CONFIG_SYSV_FS is not set
 # CONFIG_UFS_FS is not set
-CONFIG_NETWORK_FILESYSTEMS=y
-CONFIG_NFS_FS=m
-CONFIG_NFS_V2=m
-CONFIG_NFS_V3=m
-# CONFIG_NFS_V3_ACL is not set
-CONFIG_NFS_V4=m
-# CONFIG_NFS_SWAP is not set
-# CONFIG_NFS_V4_1 is not set
-# CONFIG_NFS_USE_LEGACY_DNS is not set
-CONFIG_NFS_USE_KERNEL_DNS=y
-CONFIG_NFSD=m
-CONFIG_NFSD_V3=y
-# CONFIG_NFSD_V3_ACL is not set
-CONFIG_NFSD_V4=y
-# CONFIG_NFSD_BLOCKLAYOUT is not set
-# CONFIG_NFSD_SCSILAYOUT is not set
-# CONFIG_NFSD_FLEXFILELAYOUT is not set
-CONFIG_GRACE_PERIOD=m
-CONFIG_LOCKD=m
-CONFIG_LOCKD_V4=y
-CONFIG_NFS_COMMON=y
-CONFIG_SUNRPC=m
-CONFIG_SUNRPC_GSS=m
-CONFIG_RPCSEC_GSS_KRB5=m
-# CONFIG_SUNRPC_DEBUG is not set
-# CONFIG_CEPH_FS is not set
-CONFIG_CIFS=m
-# CONFIG_CIFS_STATS2 is not set
-CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y
-# CONFIG_CIFS_WEAK_PW_HASH is not set
-# CONFIG_CIFS_UPCALL is not set
-# CONFIG_CIFS_XATTR is not set
-CONFIG_CIFS_DEBUG=y
-# CONFIG_CIFS_DEBUG2 is not set
-# CONFIG_CIFS_DEBUG_DUMP_KEYS is not set
-# CONFIG_CIFS_DFS_UPCALL is not set
-# CONFIG_CODA_FS is not set
-# CONFIG_AFS_FS is not set
+# CONFIG_NETWORK_FILESYSTEMS is not set
 CONFIG_NLS=y
 CONFIG_NLS_DEFAULT="iso8859-1"
 # CONFIG_NLS_CODEPAGE_437 is not set

diff --git a/src/build-wireguard.sh b/src/build-wireguard.sh
@@ -71,7 +71,7 @@ do
 	   make wireguard-linux-compat-dirclean
 	   sed -i -e '/CONFIG_LOCALVERSION=/s/.*/CONFIG_LOCALVERSION="'$ver'"/' kernel-config
 	   make wireguard-linux-compat-rebuild -j6
-	   cp ./output/build/wireguard-linux-compat-1.0.20210606/src/wireguard.ko ../wireguard/modules/wireguard-${prefix}${ver}.ko
+	   cp ./output/build/wireguard-linux-compat-1.0.20211208/src/wireguard.ko ../wireguard/modules/wireguard-${prefix}${ver}.ko
 	   # the netfiler raw module is required in the wg-quick script for iptables-restore
 	   cp ./output/build/linux-custom/net/ipv4/netfilter/iptable_raw.ko ../wireguard/modules/iptable_raw-${prefix}${ver}.ko
 	   cp ./output/build/linux-custom/net/ipv6/netfilter/ip6table_raw.ko ../wireguard/modules/ip6table_raw-${prefix}${ver}.ko
@@ -87,7 +87,17 @@ if [ ! -f "../wireguard/usr/sbin/iftop" ]; then
 	mkdir -p ../wireguard/sbin
 
 	# Use 1.9.0-10 buildroot config for utilities
-	cp ../bases/udm-1.9.0-10/buildroot-config.txt ./.config
+	base="../bases/udm-1.9.0-10"
+	cp "${base}/buildroot-config.txt" ./.config
+	cp "${base}/kernel-config" ./
+	rm -rf ./linux-patches ./patches
+	if [ -d "${base}/linux-patches" ]; then
+		cp -rf "${base}/linux-patches" ./
+	fi
+	if [ -d "${base}/patches" ]; then
+		cp -rf "${base}/patches" ./
+	fi
+	rm -rf output/build/linux-*
 
 	make wireguard-tools-rebuild
 	cp ./output/target/usr/bin/wg ../wireguard/usr/bin

diff --git a/src/packages/openresolv/openresolv.hash b/src/packages/openresolv/openresolv.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  7d74c669849183ecefdfcec30d25664b1ca24ba1ca8c2ad5de50fcaeef3b4810  openresolv-3.10.0.tar.gz
+sha256  96b573e26d145f208d3758c2cd6fbf824b01005fc4cb7cedbdae29b3a3c8cb02  openresolv-3.12.0.tar.gz
 sha256  384740bf5e19e7628d20f4dcc22925062fdc6020e9a6f074e567d4d797be57a0  LICENSE
diff --git a/src/packages/openresolv/openresolv.mk b/src/packages/openresolv/openresolv.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENRESOLV_VERSION = 3.10.0
+OPENRESOLV_VERSION = 3.12.0
 OPENRESOLV_SITE = $(call github,rsmarples,openresolv,openresolv-$(OPENRESOLV_VERSION))
 OPENRESOLV_LICENSE = BSD-2-Clause
 OPENRESOLV_LICENSE_FILES = LICENSE

diff --git a/src/packages/wireguard-linux-compat/wireguard-linux-compat.hash b/src/packages/wireguard-linux-compat/wireguard-linux-compat.hash
@@ -1,5 +1,3 @@
-# https://lists.zx2c4.com/pipermail/wireguard/2020-April/005296.html
-sha256  cf166348fbb67419528e73049ce001d29131aea367fa6aef9d3e223f7251e116  wireguard-linux-compat-1.0.20200413.tar.xz
 # Locally calculated
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
-sha256  3f5d990006e6eabfd692d925ec314fff2c5ee7dcdb869a6510d579acfdd84ec0  wireguard-linux-compat-1.0.20210606.tar.xz
+sha256  c0e607138a17daac656f508d8e63ea3737b5221fa5d9288191ddeb099f5a3b92  wireguard-linux-compat-1.0.20211208.tar.xz
diff --git a/src/packages/wireguard-linux-compat/wireguard-linux-compat.mk b/src/packages/wireguard-linux-compat/wireguard-linux-compat.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-WIREGUARD_LINUX_COMPAT_VERSION = 1.0.20210606
+WIREGUARD_LINUX_COMPAT_VERSION = 1.0.20211208
 WIREGUARD_LINUX_COMPAT_SITE = https://git.zx2c4.com/wireguard-linux-compat/snapshot
 WIREGUARD_LINUX_COMPAT_SOURCE = wireguard-linux-compat-$(WIREGUARD_LINUX_COMPAT_VERSION).tar.xz
 WIREGUARD_LINUX_COMPAT_LICENSE = GPL-2.0

diff --git a/src/wireguard/setup_wireguard.sh b/src/wireguard/setup_wireguard.sh
@@ -7,6 +7,11 @@
 # v4-10-21	Updated release to include utils such as htop, iftop and qrencode. The last one allows easy import of wireguard configs
 #		into your IOS/Android WireGuard client using QR codes. 
 # v6-23-21	Added support for resolvconf
+
+# Set this to 1 to try to load the built-in wireguard module first. External module will still be loaded if built-in one doesn't exist.
+# Set to 0 to only load external module.
+LOAD_BUILTIN=1
+
 DATA_DIR="."
 if [ -d "/mnt/data" ]; then
 	DATA_DIR="/mnt/data"
@@ -50,7 +55,7 @@ if [ $? -eq 1 ]
 then
    ver=`uname -r`
    echo "loading wireguard..."
-   if [ -e /lib/modules/$ver/extra/wireguard.ko ]; then
+   if [ "$LOAD_BUILTIN" = "1" -a -e /lib/modules/$ver/extra/wireguard.ko ]; then
       modprobe wireguard
    elif [ -e $WIREGUARD/modules/wireguard-$ver.ko ]; then
      insmod $WIREGUARD/modules/wireguard-$ver.ko