diff --git a/.github/workflows/build-go-dependency-wrapper.yml b/.github/workflows/build-go-dependency-wrapper.yml new file mode 100644 index 000000000..d94cf6dc6 --- /dev/null +++ b/.github/workflows/build-go-dependency-wrapper.yml @@ -0,0 +1,128 @@ +# Builds and publishes the wg-go binaries to this repo when run as a GitHub Workflow. +# The binaries in this repo are compiled without modification from upstream (official WireGuard) sources +# However, if you have security requirements beyond my assertion of "trust me bruh", the code/configs/scripts in this +# repo are 100% auditable and you are welcome to fork it and run it yourself to guarantee and grant yourself +# that wonderfully fluttery feeling of diy, security, and privacy. All the scripts should work automagically +# in their own github workflow context, or with a little effort, you can run it yourself offline. + +name: Go Dependency Wrapper + +on: + workflow_dispatch: + inputs: + update_go_deps: + description: 'Update go dependencies with `go get -u ./...' + required: false + type: boolean + defualt: false + go_update_patch_only: + description: '(only used if `update_go_deps` is `true`) When updating, only update the patch version.' + required: false + type: boolean + default: true + tag: + description: 'Releases can only be created from tags, so a unique tag is required. This will probably get updated to a versioning syntax in the future.' + required: true + + +jobs: + wg-build: + name: Wireguard Build and Release + runs-on: macos-15 + + concurrency: + # Only allow a single run of this workflow on each branch, automatically cancelling older runs. + group: wg-${{ github.head_ref }} + cancel-in-progress: true + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Determine Tag + id: tag + run: | + set -x + + RAW_TAG="${{ github.event.inputs.tag }}" + TAG=$(echo "$RAW_TAG" | sed 's/[^a-zA-Z0-9._-]/-/g' | sed 's/[-]+/-/g' ) + + echo "RAW_TAG=${RAW_TAG}" >> "$GITHUB_OUTPUT" + echo "TAG=${TAG}" >> "$GITHUB_OUTPUT" + env: + RAW_TAG: ${{ github.event.inputs.tag }} + GITHUB_EVENT_NAME: ${{ github.event_name }} + GITHUB_BASE_BRANCH: ${{ github.base_ref }} + GITHUB_REF: ${{ github.ref }} + + - name: Select Xcode + run: | + sudo xcode-select -s /Applications/Xcode_16.4.app + + - name: Install Dependencies + run: | + brew install go + + - name: Handle Inputs + run: | + set -xoe + + pushd WireGuardGoFoundationSource + + if [[ "$RUN_UPDATES" == "true" ]]; then + UPDATE_COMMAND=("go") + UPDATE_COMMAND+=("get") + + if [[ "$PATCH_ONLY_UPDATES" == "true" ]]; then + UPDATE_COMMAND+=("-u=patch") + else + UPDATE_COMMAND+=("-u") + fi + + UPDATE_COMMAND+=("./...") + fi + + "${UPDATE_COMMAND[@]}" + + popd + + git add WireGuardGoFoundationSource/. + env: + RUN_UPDATES: ${{ github.event.inputs.update_go_deps }} + PATCH_ONLY_UPDATES: ${{ github.event.inputs.go_update_patch_only }} + + - name: Build XCFramework + run: | + set -xoe + + pushd WireGuardGoFoundationSource + make build-xcframework + + zip -ry WireGuardGoFoundation.xcframework.zip WireGuardGoFoundation.xcframework + popd + mv WireGuardGoFoundationSource/WireGuardGoFoundation.xcframework.zip . + + - name: Update Package + run: | + set -xoe + + CHECKSUM=$(swift package compute-checksum WireGuardGoFoundation.xcframework.zip) + NEW_URL="https://github.com/${{ github.repository }}/releases/download/${TAG}/WireGuardGoFoundation.xcframework.zip" + + sed -i "" "s|let url = \".*\"|let url = \"$NEW_URL\"|" Package.swift + sed -i "" "s|let checksum = \".*\"|let checksum = \"$CHECKSUM\"|" Package.swift + + git add Package.swift + git commit -m "Release ${TAG}" + git push origin HEAD:master + git tag ${TAG} + git push origin ${TAG} + env: + TAG: ${{ steps.tag.outputs.TAG }} + + - name: Release + uses: softprops/action-gh-release@v2 + with: + files: WireGuardGoFoundation.xcframework.zip + make_latest: true + tag_name: ${{ steps.tag.outputs.TAG }} diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 000000000..571f52944 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,19 @@ +## MIT License + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/Package.swift b/Package.swift index 5d15a1b0d..66d6e75b3 100644 --- a/Package.swift +++ b/Package.swift @@ -1,13 +1,16 @@ -// swift-tools-version:5.3 +// swift-tools-version:5.10 // The swift-tools-version declares the minimum version of Swift required to build this package. import PackageDescription +let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.5/WireGuardGoFoundation.xcframework.zip" +let checksum = "3d63cd7031fbb34ea48ce0dde8bd8c2cbec79695f98c6f0351aecaff1fca51c3" + let package = Package( name: "WireGuardKit", platforms: [ - .macOS(.v12), - .iOS(.v15) + .macOS(.v13), + .iOS(.v16) ], products: [ .library(name: "WireGuardKit", targets: ["WireGuardKit"]) @@ -16,25 +19,13 @@ let package = Package( targets: [ .target( name: "WireGuardKit", - dependencies: ["WireGuardKitGo", "WireGuardKitC"] + dependencies: ["WireGuardGoFoundation", "WireGuardKitC"] ), .target( name: "WireGuardKitC", dependencies: [], publicHeadersPath: "." ), - .target( - name: "WireGuardKitGo", - dependencies: [], - exclude: [ - "goruntime-boottime-over-monotonic.diff", - "go.mod", - "go.sum", - "api-apple.go", - "Makefile" - ], - publicHeadersPath: ".", - linkerSettings: [.linkedLibrary("wg-go")] - ) + .binaryTarget(name: "WireGuardGoFoundation", url: url, checksum: checksum) ] ) diff --git a/README.md b/README.md index 2efc5d459..348819098 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,11 @@ -# [WireGuard](https://www.wireguard.com/) for iOS and macOS +# [WireGuard](https://www.wireguard.com/) for iOS and macOS (with XCFramework universal build) -This project contains an application for iOS and for macOS, as well as many components shared between the two of them. You may toggle between the two platforms by selecting the target from within Xcode. +This project contains an application for iOS and for macOS, as well as many components shared between the two of them. The xcframework library is compatible with iOS, macOS, and should at least link with the simulator (there may be network extension limitations, but minimal simulator dev should be possible). ## Building +(This section has not been updated since the xcframework introduction. These instructions will likely change - the project probably needs updating for pointing to the right spm project version and since the package is pre built, there's no need to install `go`) + - Clone this repo: ``` @@ -34,66 +36,21 @@ $ open WireGuard.xcodeproj ## WireGuardKit integration -1. Open your Xcode project and add the Swift package with the following URL: - - ``` - https://git.zx2c4.com/wireguard-apple - ``` - -2. `WireGuardKit` links against `wireguard-go-bridge` library, but it cannot build it automatically - due to Swift package manager limitations. So it needs a little help from a developer. - Please follow the instructions below to create a build target(s) for `wireguard-go-bridge`. - - - In Xcode, click File -> New -> Target. Switch to "Other" tab and choose "External Build - System". - - Type in `WireGuardGoBridge` under the "Product name", replacing the `` - placeholder with the name of the platform. For example, when targeting macOS use `macOS`, or - when targeting iOS use `iOS`. - Make sure the build tool is set to: `/usr/bin/make` (default). - - In the appeared "Info" tab of a newly created target, type in the "Directory" path under - the "External Build Tool Configuration": - - ``` - ${BUILD_DIR%Build/*}SourcePackages/checkouts/wireguard-apple/Sources/WireGuardKitGo - ``` - - - Switch to "Build Settings" and find `SDKROOT`. - Type in `macosx` if you target macOS, or type in `iphoneos` if you target iOS. - -3. Go to Xcode project settings and locate your network extension target and switch to - "Build Phases" tab. - - - Locate "Dependencies" section and hit "+" to add `WireGuardGoBridge` replacing - the `` placeholder with the name of platform matching the network extension - deployment target (i.e macOS or iOS). - - - Locate the "Link with binary libraries" section and hit "+" to add `WireGuardKit`. - -4. In Xcode project settings, locate your main bundle app and switch to "Build Phases" tab. - Locate the "Link with binary libraries" section and hit "+" to add `WireGuardKit`. - -5. iOS only: Locate Bitcode settings under your application target, Build settings -> Enable Bitcode, - change the corresponding value to "No". - -Note that if you ship your app for both iOS and macOS, make sure to repeat the steps 2-4 twice, -once per platform. - -## MIT License - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. +It should now be as simple as adding this SPM package as a dependency. The magic behind this is that the package is pre-built as an xcframework, now, however. If you cannot trust a third party binary, you're welcome to build it yourself. + +To do so + +(Building with GitHub Actions) +1. Fork this project +1. In your fork, go to Actions +1. Choose the "Go Dependency Wrapper" action +1. On the right side of the screen, you should see `Run workflow` - do that. +1. The option to run `go get -u` as part of the build process is presented (this will update the build to use the latest wireguard go upstream code) +1. Provide a name for the tag. Semantic versioning is suggested, but not required. +1. Press `Run Workflow` +1. In a couple minutes, you'll have a new release on your fork that is freshly built. +1. You can now reference your fork with your release tag version in your own iOS/macOS project. + +While this might not strictly feel quite the same as building locally, you are completely capable of instpecting the code as this entire repo is transparent. + +And if you want to build locally, that's also an option. If you need assistance, the best path forward would be to inspect the workflow yaml file and replicate the steps on your local Mac. diff --git a/Sources/WireGuardKit/WireGuardAdapter.swift b/Sources/WireGuardKit/WireGuardAdapter.swift index f7be19b15..34719cb86 100644 --- a/Sources/WireGuardKit/WireGuardAdapter.swift +++ b/Sources/WireGuardKit/WireGuardAdapter.swift @@ -5,7 +5,7 @@ import Foundation import NetworkExtension #if SWIFT_PACKAGE -import WireGuardKitGo +import WireGuardGoFoundation import WireGuardKitC #endif diff --git a/Sources/WireGuardKitC/WireGuardKitC.h b/Sources/WireGuardKitC/WireGuardKitC.h index 54e4783d4..53b48cd86 100644 --- a/Sources/WireGuardKitC/WireGuardKitC.h +++ b/Sources/WireGuardKitC/WireGuardKitC.h @@ -3,6 +3,7 @@ #include "key.h" #include "x25519.h" +#include /* From */ #define CTLIOCGINFO 0xc0644e03UL diff --git a/Sources/WireGuardKitGo/Makefile b/Sources/WireGuardKitGo/Makefile deleted file mode 100644 index 16cb2d584..000000000 --- a/Sources/WireGuardKitGo/Makefile +++ /dev/null @@ -1,60 +0,0 @@ -# SPDX-License-Identifier: MIT -# -# Copyright (C) 2018-2019 Jason A. Donenfeld . All Rights Reserved. - -# These are generally passed to us by xcode, but we set working defaults for standalone compilation too. -ARCHS ?= x86_64 arm64 -PLATFORM_NAME ?= macosx -SDKROOT ?= $(shell xcrun --sdk $(PLATFORM_NAME) --show-sdk-path) -CONFIGURATION_BUILD_DIR ?= $(CURDIR)/out -CONFIGURATION_TEMP_DIR ?= $(CURDIR)/.tmp - -export PATH := $(PATH):/usr/local/bin:/opt/homebrew/bin -export CC ?= clang -LIPO ?= lipo -DESTDIR ?= $(CONFIGURATION_BUILD_DIR) -BUILDDIR ?= $(CONFIGURATION_TEMP_DIR)/wireguard-go-bridge - -CFLAGS_PREFIX := $(if $(DEPLOYMENT_TARGET_CLANG_FLAG_NAME),-$(DEPLOYMENT_TARGET_CLANG_FLAG_NAME)=$($(DEPLOYMENT_TARGET_CLANG_ENV_NAME)),) -isysroot $(SDKROOT) -arch -GOARCH_arm64 := arm64 -GOARCH_x86_64 := amd64 -GOOS_macosx := darwin -GOOS_iphoneos := ios - -build: $(DESTDIR)/libwg-go.a -version-header: $(DESTDIR)/wireguard-go-version.h - -REAL_GOROOT := $(shell go env GOROOT 2>/dev/null) -export GOROOT := $(BUILDDIR)/goroot -$(GOROOT)/.prepared: - [ -n "$(REAL_GOROOT)" ] - mkdir -p "$(GOROOT)" - rsync -a --delete --exclude=pkg/obj/go-build "$(REAL_GOROOT)/" "$(GOROOT)/" - cat goruntime-*.diff | patch -p1 -f -N -r- -d "$(GOROOT)" - touch "$@" - -define libwg-go-a -$(BUILDDIR)/libwg-go-$(1).a: export CGO_ENABLED := 1 -$(BUILDDIR)/libwg-go-$(1).a: export CGO_CFLAGS := $(CFLAGS_PREFIX) $(ARCH) -$(BUILDDIR)/libwg-go-$(1).a: export CGO_LDFLAGS := $(CFLAGS_PREFIX) $(ARCH) -$(BUILDDIR)/libwg-go-$(1).a: export GOOS := $(GOOS_$(PLATFORM_NAME)) -$(BUILDDIR)/libwg-go-$(1).a: export GOARCH := $(GOARCH_$(1)) -$(BUILDDIR)/libwg-go-$(1).a: $(GOROOT)/.prepared go.mod - go build -ldflags=-w -trimpath -v -o "$(BUILDDIR)/libwg-go-$(1).a" -buildmode c-archive - rm -f "$(BUILDDIR)/libwg-go-$(1).h" -endef -$(foreach ARCH,$(ARCHS),$(eval $(call libwg-go-a,$(ARCH)))) - -$(DESTDIR)/wireguard-go-version.h: go.mod $(GOROOT)/.prepared - sed -E -n 's/.*golang\.zx2c4\.com\/wireguard +v[0-9.]+-[0-9]+-([0-9a-f]{8})[0-9a-f]{4}.*/#define WIREGUARD_GO_VERSION "\1"/p' "$<" > "$@" - -$(DESTDIR)/libwg-go.a: $(foreach ARCH,$(ARCHS),$(BUILDDIR)/libwg-go-$(ARCH).a) - @mkdir -vp "$(DESTDIR)" - $(LIPO) -create -output "$@" $^ - -clean: - rm -rf "$(BUILDDIR)" "$(DESTDIR)/libwg-go.a" "$(DESTDIR)/wireguard-go-version.h" - -install: build - -.PHONY: clean build version-header install diff --git a/Sources/WireGuardKitGo/dummy.c b/Sources/WireGuardKitGo/dummy.c deleted file mode 100644 index d15abba59..000000000 --- a/Sources/WireGuardKitGo/dummy.c +++ /dev/null @@ -1 +0,0 @@ -// Empty diff --git a/Sources/WireGuardKitGo/go.mod b/Sources/WireGuardKitGo/go.mod deleted file mode 100644 index 789358e64..000000000 --- a/Sources/WireGuardKitGo/go.mod +++ /dev/null @@ -1,14 +0,0 @@ -module golang.zx2c4.com/wireguard/apple - -go 1.17 - -require ( - golang.org/x/sys v0.5.0 - golang.zx2c4.com/wireguard v0.0.0-20230209153558-1e2c3e5a3c14 -) - -require ( - golang.org/x/crypto v0.6.0 // indirect - golang.org/x/net v0.6.0 // indirect - golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect -) diff --git a/Sources/WireGuardKitGo/module.modulemap b/Sources/WireGuardKitGo/module.modulemap deleted file mode 100644 index 2ca39160f..000000000 --- a/Sources/WireGuardKitGo/module.modulemap +++ /dev/null @@ -1,5 +0,0 @@ -module WireGuardKitGo { - umbrella header "wireguard.h" - link "wg-go" - export * -} diff --git a/Updating WG Dependency.md b/Updating WG Dependency.md new file mode 100644 index 000000000..5b9982560 --- /dev/null +++ b/Updating WG Dependency.md @@ -0,0 +1,20 @@ +#### Upgrading the WireGuard Dependency + +WireGuard code is just a copy of files from the [official wg repo](https://git.zx2c4.com/wireguard-apple/about/) with some modifications to the makefile to build a whole xcframework and updating go dependencies. + +Going forward, since the code in `WireGuardGoFoundationSource` is essentially just a shim around the wg go package, it is just a matter of updating go packages. + +1. `cd` to `WireGuardGoFoundationSource` +1. Depending on intent, run one of the following update commands: + + # Update all dependencies to latest minor/patch versions + go get -u ./... + + # Update only patch versions (safer) + go get -u=patch ./... + +1. Use discretion to run `go mod tidy` to cleanup afterwards +1. Confirm building `WireGuardGoFoundationSource` still works + 1. `make clean` + 1. `make build-xcframework` + diff --git a/Sources/WireGuardKitGo/.gitignore b/WireGuardGoFoundationSource/.gitignore similarity index 100% rename from Sources/WireGuardKitGo/.gitignore rename to WireGuardGoFoundationSource/.gitignore diff --git a/WireGuardGoFoundationSource/Headers/module.modulemap b/WireGuardGoFoundationSource/Headers/module.modulemap new file mode 100644 index 000000000..47717efd2 --- /dev/null +++ b/WireGuardGoFoundationSource/Headers/module.modulemap @@ -0,0 +1,5 @@ +module WireGuardGoFoundation { + umbrella header "wireguard.h" + export * + module * { export * } +} diff --git a/Sources/WireGuardKitGo/wireguard.h b/WireGuardGoFoundationSource/Headers/wireguard.h similarity index 100% rename from Sources/WireGuardKitGo/wireguard.h rename to WireGuardGoFoundationSource/Headers/wireguard.h diff --git a/WireGuardGoFoundationSource/Makefile b/WireGuardGoFoundationSource/Makefile new file mode 100644 index 000000000..03a410377 --- /dev/null +++ b/WireGuardGoFoundationSource/Makefile @@ -0,0 +1,153 @@ +# SPDX-License-Identifier: MIT +# +# Copyright (C) 2018-2019 Jason A. Donenfeld . All Rights Reserved. + +# VAR SETUP + +MACOS_PLATFORM_NAME = macosx +MACOS_DEPLOYMENT_TARGET = 12.0 +MACOS_ARCHS = x86_64 arm64 +IOS_PLATFORM_NAME = iphoneos +IOS_DEPLOYMENT_TARGET = 17.6 +IOS_ARCHS = arm64 +IOS_SIM_PLATFORM_NAME = iphonesimulator +IOS_SIM_ARCHS = arm64 x86_64 +MACOS_CONFIGURATION_BUILD_DIR ?= $(CURDIR)/out-macos +IOS_CONFIGURATION_BUILD_DIR ?= $(CURDIR)/out-ios +IOS_SIM_CONFIGURATION_BUILD_DIR ?= $(CURDIR)/out-ios-sim +CONFIGURATION_TEMP_DIR ?= $(CURDIR)/.tmp +XCFRAMEWORK_BASENAME = WireGuardGoFoundation +XCFRAMEWORK_NAME = $(XCFRAMEWORK_BASENAME).xcframework +USER := $(shell whoami) + +define get_sdkroot +$(shell xcrun --sdk $(1) --show-sdk-path) +endef + +MACOS_SDKROOT = $(call get_sdkroot,$(MACOS_PLATFORM_NAME)) +IOS_SDKROOT = $(call get_sdkroot,$(IOS_PLATFORM_NAME)) +IOS_SIM_SDKROOT = $(call get_sdkroot,$(IOS_SIM_PLATFORM_NAME)) + +export PATH := $(PATH):/usr/local/bin:/opt/homebrew/bin +export CC ?= clang +LIPO ?= lipo +MACOS_DESTDIR ?= $(MACOS_CONFIGURATION_BUILD_DIR) +IOS_DESTDIR ?= $(IOS_CONFIGURATION_BUILD_DIR) +IOS_SIM_DESTDIR ?= $(IOS_SIM_CONFIGURATION_BUILD_DIR) +BUILDDIR ?= $(CONFIGURATION_TEMP_DIR)/wireguard-go-bridge + +MACOS_CFLAGS_PREFIX := -mmacosx-version-min=$(MACOS_DEPLOYMENT_TARGET) -isysroot $(MACOS_SDKROOT) -arch +IOS_CFLAGS_PREFIX := -miphoneos-version-min=$(IOS_DEPLOYMENT_TARGET) -isysroot $(IOS_SDKROOT) -arch +IOS_SIM_CFLAGS_PREFIX := -mios-simulator-version-min=$(IOS_DEPLOYMENT_TARGET) -isysroot $(IOS_SIM_SDKROOT) -arch +GOARCH_arm64 := arm64 +GOARCH_x86_64 := amd64 +GOOS_macosx := darwin +GOOS_iphoneos := ios +GOOS_iphonesimulator := ios + +# -- CONVENIENCE + +macos-version-header: $(MACOS_DESTDIR)/wireguard-go-version.h +ios-version-header: $(IOS_DESTDIR)/wireguard-go-version.h $(IOS_SIM_DESTDIR)/wireguard-go-version.h +macos-build: $(MACOS_DESTDIR)/libwg-go.a macos-version-header +ios-build: $(IOS_DESTDIR)/libwg-go.a $(IOS_SIM_DESTDIR)/libwg-go.a ios-version-header +build: macos-build ios-build +build-xcframework: $(XCFRAMEWORK_NAME) + +REAL_GOROOT := $(shell go env GOROOT 2>/dev/null) +export GOROOT := $(BUILDDIR)/goroot +$(GOROOT)/.prepared: + [ -n "$(REAL_GOROOT)" ] + @echo "BUILDDIR: $(BUILDDIR)" + @echo "GOROOT: $(GOROOT)" + @echo "CURDIR: $(CURDIR)" + @echo "PWD: $(PWD)" + mkdir -p "$(GOROOT)" + mkdir -p "$(BUILDDIR)/tmp" + rsync -Dlprth --delete --exclude=pkg/obj/go-build "$(REAL_GOROOT)/" "$(GOROOT)/" + chmod -R u+w "$(BUILDDIR)" + cd "$(GOROOT)" && TMPDIR="$(BUILDDIR)/tmp" patch -p1 -f -N -r- < "$(CURDIR)/goruntime-boottime-over-monotonic.diff" + touch "$@" + + +# -- COMPILING + +# ARCH-$(1) CFLAGS_PREFIX-$(2) PLATFORM_NAME-$(3) +define libwg-go-a +$(BUILDDIR)/libwg-go-$(3)-$(1).a: export CGO_ENABLED := 1 +$(BUILDDIR)/libwg-go-$(3)-$(1).a: export CGO_CFLAGS := $(2) $(1) +$(BUILDDIR)/libwg-go-$(3)-$(1).a: export CGO_LDFLAGS := $(2) $(1) +$(BUILDDIR)/libwg-go-$(3)-$(1).a: export GOOS := $(GOOS_$(3)) +$(BUILDDIR)/libwg-go-$(3)-$(1).a: export GOARCH := $(GOARCH_$(1)) +$(BUILDDIR)/libwg-go-$(3)-$(1).a: $(GOROOT)/.prepared go.mod + @echo "🟨🟨🟨🟨🟨 building $(3) $(1) 🟨🟨🟨🟨🟨" + $(info 'target 🎯: $(3) $(1)') + go build -ldflags=-w -trimpath -v -o "$(BUILDDIR)/libwg-go-$(3)-$(1).a" -buildmode c-archive + rm -f "$(BUILDDIR)/libwg-go-$(1).h" +endef + +$(foreach ARCH,$(MACOS_ARCHS),$(eval $(call libwg-go-a,$(ARCH),$(MACOS_CFLAGS_PREFIX),$(MACOS_PLATFORM_NAME)))) +$(foreach ARCH,$(IOS_ARCHS),$(eval $(call libwg-go-a,$(ARCH),$(IOS_CFLAGS_PREFIX),$(IOS_PLATFORM_NAME)))) +$(foreach ARCH,$(IOS_SIM_ARCHS),$(eval $(call libwg-go-a,$(ARCH),$(IOS_SIM_CFLAGS_PREFIX),$(IOS_SIM_PLATFORM_NAME)))) + + +# -- HEADERS STUFF + +# DESTDIR: $(1) +$(MACOS_DESTDIR)/wireguard-go-version.h: go.mod $(GOROOT)/.prepared + sed -E -n 's/.*golang\.zx2c4\.com\/wireguard +v[0-9.]+-([0-9]+-[0-9a-f]{8})[0-9a-f]{4}.*/#define WIREGUARD_GO_VERSION "\1"/p' "$<" > "$@" +$(IOS_DESTDIR)/wireguard-go-version.h: go.mod $(GOROOT)/.prepared + sed -E -n 's/.*golang\.zx2c4\.com\/wireguard +v[0-9.]+-([0-9]+-[0-9a-f]{8})[0-9a-f]{4}.*/#define WIREGUARD_GO_VERSION "\1"/p' "$<" > "$@" +$(IOS_SIM_DESTDIR)/wireguard-go-version.h: go.mod $(GOROOT)/.prepared + sed -E -n 's/.*golang\.zx2c4\.com\/wireguard +v[0-9.]+-([0-9]+-[0-9a-f]{8})[0-9a-f]{4}.*/#define WIREGUARD_GO_VERSION "\1"/p' "$<" > "$@" + +# -- LINKING + +# DESTDIR: $(1) ARCHS: $(2) PLATFORM_NAME: $(3) +define linkinator +$(1)/libwg-go.a: $(foreach ARCH,$(2),$(BUILDDIR)/libwg-go-$(3)-$(ARCH).a) + @mkdir -vp "$(1)" + $(LIPO) -create -output "$$@" $$^ +endef + +$(eval $(call linkinator,$(MACOS_DESTDIR),$(MACOS_ARCHS),$(MACOS_PLATFORM_NAME))) +$(eval $(call linkinator,$(IOS_DESTDIR),$(IOS_ARCHS),$(IOS_PLATFORM_NAME))) +$(eval $(call linkinator,$(IOS_SIM_DESTDIR),$(IOS_SIM_ARCHS),$(IOS_SIM_PLATFORM_NAME))) + + +# -- XCFRAMEWORK COMPILING + +$(XCFRAMEWORK_NAME): build ios-version-header macos-version-header + git checkout Headers/wireguard.h + cat "$(IOS_DESTDIR)/wireguard-go-version.h" >> Headers/wireguard.h + + xcrun xcodebuild -create-xcframework \ + -library $(IOS_DESTDIR)/libwg-go.a \ + -headers Headers/ \ + -library $(IOS_SIM_DESTDIR)/libwg-go.a \ + -headers Headers/ \ + -library $(MACOS_DESTDIR)/libwg-go.a \ + -headers Headers/ \ + -output "$(XCFRAMEWORK_NAME)" + + git checkout Headers/wireguard.h + + +# -- CLEANING + +# BUILDDIR: $(1) DESTDIR: $(2) +define clean-output +rm -rf "$(1)" "$(2)" +endef + +clean: + $(call clean-output,$(BUILDDIR),$(MACOS_DESTDIR)) + $(call clean-output,$(BUILDDIR),$(IOS_DESTDIR)) + $(call clean-output,$(BUILDDIR),$(IOS_SIM_DESTDIR)) + rm -rf "$(XCFRAMEWORK_NAME)" + +install-macos: macos-build +install-ios: ios-build +install: build + +.PHONY: clean macos-build ios-build version-header install-macos install-ios debug build install diff --git a/WireGuardGoFoundationSource/Upgrading the WireGuard Dependency.md b/WireGuardGoFoundationSource/Upgrading the WireGuard Dependency.md new file mode 100644 index 000000000..6136f6ba1 --- /dev/null +++ b/WireGuardGoFoundationSource/Upgrading the WireGuard Dependency.md @@ -0,0 +1,19 @@ +#### Upgrading the WireGuard Dependency + +WireGuard code is just a copy of files from the [official wg repo](https://git.zx2c4.com/wireguard-apple/about/) with some modifications to the makefile to build a whole xcframework and updating go dependencies. + +Going forward, since the code in `WireGuardGoFoundationSource` is essentially just a shim around the wg go package, it is just a matter of updating go packages. + +1. `cd` to `WireGuardGoFoundationSource` +1. Depending on intent, run one of the following update commands: + + # Update all dependencies to latest minor/patch versions + go get -u ./... + + # Update only patch versions (safer) + go get -u=patch ./... + +1. Use discretion to run `go mod tidy` to cleanup afterwards +1. Confirm building `WireGuardGoFoundationSource` still works + 1. `make clean` + 1. `make build-xcframework` diff --git a/Sources/WireGuardKitGo/api-apple.go b/WireGuardGoFoundationSource/api-apple.go similarity index 100% rename from Sources/WireGuardKitGo/api-apple.go rename to WireGuardGoFoundationSource/api-apple.go diff --git a/WireGuardGoFoundationSource/go.mod b/WireGuardGoFoundationSource/go.mod new file mode 100644 index 000000000..e29b27a4b --- /dev/null +++ b/WireGuardGoFoundationSource/go.mod @@ -0,0 +1,16 @@ +module golang.zx2c4.com/wireguard/apple + +go 1.23.1 + +toolchain go1.24.5 + +require ( + golang.org/x/sys v0.34.0 + golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb +) + +require ( + golang.org/x/crypto v0.40.0 // indirect + golang.org/x/net v0.42.0 // indirect + golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect +) diff --git a/Sources/WireGuardKitGo/go.sum b/WireGuardGoFoundationSource/go.sum similarity index 97% rename from Sources/WireGuardKitGo/go.sum rename to WireGuardGoFoundationSource/go.sum index 278aef8f1..39edbae43 100644 --- a/Sources/WireGuardKitGo/go.sum +++ b/WireGuardGoFoundationSource/go.sum @@ -353,6 +353,12 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE= +golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc= +golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= +golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= +golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= +golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -430,6 +436,12 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY= +golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E= +golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= +golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= +golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= +golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -506,6 +518,10 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20= +golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= +golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= @@ -580,6 +596,8 @@ golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeu golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI= golang.zx2c4.com/wireguard v0.0.0-20230209153558-1e2c3e5a3c14 h1:HVTnb30bngAvlUMb5VRy4jELMvWL5VIapumjqzFXMZc= golang.zx2c4.com/wireguard v0.0.0-20230209153558-1e2c3e5a3c14/go.mod h1:whfbyDBt09xhCYQWtO2+3UVjlaq6/9hDZrjg2ZE6SyA= +golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb h1:whnFRlWMcXI9d+ZbWg+4sHnLp52d5yiIPUxMBSt4X9A= +golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb/go.mod h1:rpwXGsirqLqN2L0JDJQlwOboGHmptD5ZD6T2VmcqhTw= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= diff --git a/Sources/WireGuardKitGo/goruntime-boottime-over-monotonic.diff b/WireGuardGoFoundationSource/goruntime-boottime-over-monotonic.diff similarity index 100% rename from Sources/WireGuardKitGo/goruntime-boottime-over-monotonic.diff rename to WireGuardGoFoundationSource/goruntime-boottime-over-monotonic.diff