本来很高兴国产操作系统能有一个比较跟得上时代的版本、但是OpenEuler一些蜜汁操作真是能把人搞死了,接下来讲述如何在欧拉上安装wireguard.
先说为什么写这个文章,欧拉(5.10.0-106.18.0.68.oe2209.x86_64)把整个wiregard模块给砍掉了,并且是最小化安装。
首先你去yum查这个包,结果是这样的:
[root@localhost src]# yum search wireguard
Last metadata expiration check: 2:20:25 ago on Mon 10 Jul 2023 12:15:31 AM CST.
===================================================================== Name & Summary Matched: wireguard ======================================================================
wireguard-tools-debuginfo.x86_64 : Debug information for package wireguard-tools
wireguard-tools-debugsource.x86_64 : Debug sources for package wireguard-tools
========================================================================== Name Matched: wireguard ===========================================================================
wireguard-tools.x86_64 : Fast, modern, secure VPN tunnel
不得不说欧拉官方是真的骚、他把wireguard
内核模块砍掉了,然后源里面还维护着wireguard-tools。
当然了这是后话,看到这我还是对欧拉心怀希望的,然后我尝试手动挂载wireguard:
[root@localhost src]# modprobe wireguard
modprobe: FATAL: Module sda not found in directory /lib/modules/5.10.0-106.18.0.68.oe2209.x86_64
好家伙,怎么没有这个内核module?嗯?难道没编译?可以理解,毕竟咱国产操作系统也不能全抄不是。
然后我拉下来了他的内核源码:
[root@localhost src]# yum search kernel-dev
Last metadata expiration check: 2:25:53 ago on Mon 10 Jul 2023 12:15:31 AM CST.
========================================================================== Name Matched: kernel-dev ==========================================================================
kernel-devel.x86_64 : Development package for building kernel modules to match the 5.10.0-106.18.0.68.oe2209.x86_64 kernel
切换到wireguard目录: `cd /usr/src/kernels/5.10.0-106.18.0.68.oe2209.x86_6/drivers/net/wireguard`
。然后我发现:
[root@localhost src]# cd /usr/src/kernels/5.10.0-106.18.0.68.oe2209.x86_64/drivers/net/wireguard/
[root@localhost wireguard]# ll
total 4
-rw-r--r--. 1 root root 483 Sep 24 2022 Makefile
(黑人问号脸),真tm可以,我本来以为只是编译内核的时候把这个module去了,没想到是直接把代码干掉了。好好好,你这么玩是吧,好好好。
wireguard 无法安装,官方仓库也有这个问题的issue,那我基本可以确定了,想要在欧拉上装wireguard,只有自己动手了。
参考wireguard官方编译文档
在这里,这没什么好说的,按照文档来先:
yum install elfutils-libelf-devel kernel-devel pkgconfig "@Development Tools" -y
git clone https://git.zx2c4.com/wireguard-linux-compat
yum install kernel-headers.x86_64
make -C wireguard-linux-compat/src -j$(nproc)
sudo make -C wireguard-linux-compat/src install
基本步骤是这些,我可没说执行这些命令,wireguard就能在不讲武德的OpenEuler上装好了。
编译wiregaurd内核模块
编译的时候会有几个问题,下面是博主的解决方案。
dst_cache_reset_now符号冲突
In file included from <command-line>:
/opt/wireguard-linux-compat/src/compat/compat.h:1132:20: error: static declaration of ‘dst_cache_reset_now’ follows non-static declaration
1132 | static inline void dst_cache_reset_now(struct dst_cache *dst_cache)
| ^~~~~~~~~~~~~~~~~~~
In file included from /opt/wireguard-linux-compat/src/compat/compat.h:1121,
from <command-line>:
./include/net/dst_cache.h:91:6: note: previous declaration of ‘dst_cache_reset_now’ was here
91 | void dst_cache_reset_now(struct dst_cache *dst_cache);
| ^~~~~~~~~~~~~~~~~~~
In file included from <command-line>:
/opt/wireguard-linux-compat/src/compat/compat.h:1132:20: error: static declaration of ‘dst_cache_reset_now’ follows non-static declaration
1132 | static inline void dst_cache_reset_now(struct dst_cache *dst_cache)
基本意思就是说,你他娘的声明了两个名字一样、却签名不一样的函数dst_cache_reset_now
,难道官方这么坑爹吗?应该不会吧,然后我查找这个函数
[root@localhost wireguard-linux-compat]# grep -r 'dst_cache_reset_now'
src/socket.c: dst_cache_reset_now(&peer->endpoint_cache);
grep: src/socket.o: binary file matches
grep: src/wireguard.ko: binary file matches
grep: src/wireguard.o: binary file matches
src/compat/compat.h:static inline void dst_cache_reset_now(struct dst_cache *dst_cache)
结果没有发现什么相同的函数名啊?难道内核版本不匹配吗?看起来也不是这个问题,因为如果内核不匹配的话,一般不会是这个错误,应该是一些undefine才对,然后最奇怪的是上面的报错说dst_cache.h这个文件91行重复声明了,看来不是空穴来风,经过我一番查找,发现是OpenEuler官方内核将这个函数签名前面的static
关键字给去掉了,真是够恶心的。
/**
* dst_cache_reset_now - invalidate the cache contents immediately
* @dst_cache: the cache
*
* The caller must be sure there are no concurrent users, as this frees
* all dst_cache users immediately, rather than waiting for the next
* per-cpu usage like dst_cache_reset does. Most callers should use the
* higher speed lazily-freed dst_cache_reset function instead.
*/
void dst_cache_reset_now(struct dst_cache *dst_cache);
把static加回去,我先不管为什么他去掉了static。
内核模块版本校验失败LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0)
这个错误其实是因为在`linux内核5.6`以后,已经默认加上了`wireguard`的模块,官方警告我们不需要自己再构建了。
然而我们是在其他开源版本linux修改后的欧拉上编译,所以这个警告我们需要给他去掉。
这个文件就是`wireguard-linux-compat/src/compat/compat.h`
把里面这些内容删掉就ok了
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0)
-#error "WireGuard has been merged into Linux >= 5.6 and therefore this compatibility module is no longer required."
-#endif
丢失bss_file.c文件
At main.c:160:
SSL error:02001002:system library:fopen:No such file or directory: …/crypto/bio/bss_file.c:69
cd /lib/modules/$(uname -r)/build/certs
解决方法:依次执行下面的脚本
cd /lib/modules/$(uname -r)/build/certs
sudo tee x509.genkey > /dev/null << EOF
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
[ req_distinguished_name ]
CN = Modules
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
EOF
sudo openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER -out signing_key.x509 -keyout signing_key.pem
找不到符号
直接说结论吧,这个是因为wireguard依赖的内核模块没有挂在上,如下:
[root@localhost src]# modinfo wireguard.ko
filename: /opt/wireguard-linux-compat/src/wireguard.ko
intree: Y
alias: net-pf-16-proto-16-family-wireguard
alias: rtnl-link-wireguard
version: 1.0.20220627-2-g3d3c92b-dirty
author: Jason A. Donenfeld <Jason@zx2c4.com>
description: WireGuard secure network tunnel
license: GPL v2
srcversion: A0B3B6F9C168F6EBBF08ED2
depends: udp_tunnel,ip6_udp_tunnel
retpoline: Y
name: wireguard
vermagic: 5.10.0-106.18.0.68.oe2209.x86_64 SMP mod_unload modversions
可以看到wireguard.ko依赖udp_tunnel,ip6_udp_tunnel
这两个内核模块,先挂载他俩,在挂载wireguard就可以了。
modprobe udp_tunnel
modprobe ip6_udp_tunnel
modprobe wireguard
到这里wireguard就安装成功了!