tjh.dev
1{
2 lib,
3 stdenv,
4 fetchzip,
5 kernel,
6 perl,
7 wireguard-tools,
8 bc,
9}:
10
11# wireguard upstreamed since 5.6 https://lists.zx2c4.com/pipermail/wireguard/2019-December/004704.html
12assert lib.versionOlder kernel.version "5.6";
13
14stdenv.mkDerivation rec {
15 pname = "wireguard";
16 version = "1.0.20220627";
17
18 src = fetchzip {
19 url = "https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${version}.tar.xz";
20 sha256 = "sha256-skbho3e49lZ/GLp/JDQpf/yXIEjes86aYtw/dn6e0Uo=";
21 };
22
23 hardeningDisable = [ "pic" ];
24
25 KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
26
27 nativeBuildInputs = [
28 perl
29 bc
30 ]
31 ++ kernel.moduleBuildDependencies;
32
33 preBuild = "cd src";
34 buildFlags = [ "module" ];
35 makeFlags = [
36 "ARCH=${stdenv.hostPlatform.linuxArch}"
37 ]
38 ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
39 "CROSS_COMPILE=${stdenv.cc.targetPrefix}"
40 ];
41
42 INSTALL_MOD_PATH = placeholder "out";
43 installFlags = [ "DEPMOD=true" ];
44 enableParallelBuilding = true;
45
46 passthru = {
47 # remove this when our kernel comes with native wireguard support
48 # and our tests no longer tests this package
49 inherit (wireguard-tools) tests;
50 };
51
52 meta = with lib; {
53 inherit (wireguard-tools.meta) homepage license maintainers;
54 description = "Kernel module for the WireGuard secure network tunnel";
55 longDescription = ''
56 Backport of WireGuard for kernels 3.10 to 5.5, as an out of tree module.
57 (as WireGuard was merged into the Linux kernel for 5.6)
58 '';
59 downloadPage = "https://git.zx2c4.com/wireguard-linux-compat/refs/";
60 platforms = platforms.linux;
61 };
62}