Add DAITA on Linux

.github/workflows/android-app.yml

@@ -118,6 +118,8 @@ jobs:
       - name: Checkout repository
         if: steps.cache-relay-list.outputs.cache-hit != 'true'
         uses: actions/checkout@v4
+        with:
+          submodules: true
 
       - name: Generate
         if: steps.cache-relay-list.outputs.cache-hit != 'true'
@@ -164,6 +166,8 @@ jobs:
 
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          submodules: true
 
       - name: Calculate native lib cache hash
         id: native-lib-cache-hash
@@ -195,7 +199,6 @@ jobs:
           UNSTRIPPED_LIB_PATH="$CARGO_TARGET_DIR/${{ matrix.target }}/$BUILD_TYPE/libmullvad_jni.so"
           STRIPPED_LIB_PATH="./android/app/build/extraJni/${{ matrix.abi }}/libmullvad_jni.so"
           NDK_TOOLCHAIN_STRIP_TOOL="$NDK_TOOLCHAIN_DIR/llvm-strip"
-          ./wireguard/build-wireguard-go.sh --android --no-docker
           cargo build --target ${{ matrix.target }} --verbose --package mullvad-jni --features api-override
           $NDK_TOOLCHAIN_STRIP_TOOL --strip-debug --strip-unneeded -o "$STRIPPED_LIB_PATH" "$UNSTRIPPED_LIB_PATH"
 
@@ -235,6 +238,8 @@ jobs:
 
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          submodules: true
 
       - name: Run gradle task
         uses: burrunan/gradle-cache-action@v1
@@ -262,6 +267,8 @@ jobs:
 
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          submodules: true
 
       - uses: actions/download-artifact@v4
         with:
@@ -366,6 +373,8 @@ jobs:
 
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          submodules: true
 
       - uses: actions/download-artifact@v4
         with:

.github/workflows/cargo-vendor.yml

@@ -16,7 +16,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+        with:
+          submodules: true
 
       - name: Install Rust
         uses: actions-rs/[email protected]

.github/workflows/clippy.yml

@@ -43,8 +43,10 @@ jobs:
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Checkout binaries submodule
-        run: git submodule update --init --depth=1 dist-assets/binaries
+      - name: Checkout submodules
+        run: |
+          git submodule update --init --depth=1 dist-assets/binaries
+          git submodule update --init --recursive --depth=1 wireguard-go-rs
 
       - uses: actions-rs/[email protected]
         with:
@@ -58,6 +60,12 @@ jobs:
           sudo apt-get update
           sudo apt-get install libdbus-1-dev
 
+      - name: Install Go
+        if: matrix.os == 'linux-latest' || matrix.os == 'macos-latest'
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.21.3
+
       - name: Clippy check
         shell: bash
         env:
@@ -83,6 +91,11 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
+      - name: Checkout wireguard-go submodule
+        run: |
+          git config --global --add safe.directory '*'
+          git submodule update --init --depth=1 wireguard-go-rs
+
       - name: Clippy check
         env:
           RUSTFLAGS: --deny warnings

.github/workflows/daemon.yml

@@ -68,11 +68,11 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      - name: Checkout binaries submodule
+      - name: Checkout submodules
         run: |
           git config --global --add safe.directory '*'
           git submodule update --init --depth=1 dist-assets/binaries
-
+          git submodule update --init --recursive --depth=1 wireguard-go-rs
       # The container image already has rustup and Rust, but only the stable toolchain
       - name: Install Rust toolchain
         run: rustup default ${{ matrix.rust }}
@@ -86,6 +86,11 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v2
 
+      - name: Checkout wireguard-go submodule
+        run: |
+          git config --global --add safe.directory '*'
+          git submodule update --init --recursive --depth=1 wireguard-go-rs
+
       - name: Install Protoc
         uses: arduino/setup-protoc@v3
         with:

.github/workflows/desktop-e2e.yml

@@ -103,10 +103,11 @@ jobs:
         run: echo "HOME=/root" >> $GITHUB_ENV
       - name: Checkout repository
         uses: actions/checkout@v3
-      - name: Checkout binaries submodule
+      - name: Checkout submodules
         run: |
           git config --global --add safe.directory '*'
           git submodule update --init --depth=1 dist-assets/binaries
+          git submodule update --init --recursive --depth=1 wireguard-go-rs
       - name: Build app
         env:
           USE_MOLD: false
@@ -159,9 +160,9 @@ jobs:
     runs-on: windows-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
-      - name: Checkout submodules
-        run: git submodule update --init --depth=1
+        uses: actions/checkout@v4
+        with:
+          submodules: true
       - name: Install Protoc
         uses: arduino/setup-protoc@v3
         with:
@@ -230,9 +231,9 @@ jobs:
     runs-on: [self-hosted, desktop-test, macOS] # app-test-macos-arm
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
-      - name: Checkout submodules
-        run: git submodule update --init --depth=1
+        uses: actions/checkout@v4
+        with:
+          submodules: true
       - name: Install Go
         uses: actions/setup-go@v3
         with:

.github/workflows/frontend.yml

@@ -19,6 +19,9 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
+      - name: Checkout wireguard-go submodule
+        run: git submodule update --init --depth=1 wireguard-go-rs
+
       - name: Install Rust
         uses: actions-rs/[email protected]
         with:

.github/workflows/rust-supply-chain.yml

@@ -16,6 +16,9 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
+      - name: Checkout wireguard-go submodule
+        run: git submodule update --init --depth=1 wireguard-go-rs
+
       - name: Run cargo deny
         uses: EmbarkStudios/cargo-deny-action@v1
         with:

.github/workflows/rust-unused-dependencies.yml

@@ -10,7 +10,7 @@ on:
   workflow_dispatch:
 env:
   # Pinning nightly just to avoid random breakage. It's fine to bump this at any time
-  RUST_NIGHTLY_TOOLCHAIN: nightly-2024-02-06
+  RUST_NIGHTLY_TOOLCHAIN: nightly-2024-06-06
 jobs:
   prepare-containers:
     runs-on: ubuntu-latest
@@ -41,17 +41,18 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      - name: Checkout binaries submodule
+      - name: Checkout submodules
         run: |
           git config --global --add safe.directory '*'
           git submodule update --init --depth=1 dist-assets/binaries
+          git submodule update --init --recursive --depth=1 wireguard-go-rs
 
       - name: Install nightly Rust toolchain
         run: rustup default $RUST_NIGHTLY_TOOLCHAIN
 
       - uses: taiki-e/install-action@v2
         with:
-          tool: cargo-udeps
+          tool: cargo-udeps@0.1.48
 
       - name: Check for unused dependencies
         shell: bash
@@ -72,27 +73,33 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
+      - name: Checkout wireguard-go submodule
+        run: |
+          git config --global --add safe.directory '*'
+          git submodule update --init --depth=1 wireguard-go-rs
+
       - name: Install nightly Rust toolchain
         run: |
           rustup default $RUST_NIGHTLY_TOOLCHAIN
           rustup target add aarch64-linux-android
 
       - uses: taiki-e/install-action@v2
         with:
-          tool: cargo-udeps
+          tool: cargo-udeps@0.1.48
 
       - name: Check for unused dependencies
         run: cargo udeps --target aarch64-linux-android --package mullvad-jni
 
   cargo-udeps:
     strategy:
       matrix:
-        os: [macos-latest, windows-latest]
+        os: [windows-latest, macos-latest]
     runs-on: ${{ matrix.os }}
-
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+        with:
+          submodules: true
 
       - name: Install Protoc
         uses: arduino/setup-protoc@v3
@@ -108,7 +115,13 @@ jobs:
 
       - uses: taiki-e/install-action@v2
         with:
-          tool: cargo-udeps
+          tool: [email protected]
+
+      - name: Install Go
+        if: matrix.os == 'macos-latest'
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.21.3
 
       - name: Check for unused dependencies
         shell: bash

.github/workflows/rustfmt.yml

@@ -14,6 +14,9 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
+      - name: Checkout wireguard-go submodule
+        run: git submodule update --init --depth=1 wireguard-go-rs
+
       - name: Install nightly Rust
         uses: actions-rs/[email protected]
         with:

.github/workflows/unicode-check.yml

@@ -9,7 +9,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Checkout submodules
-        run: git submodule update --init
+        run: git submodule update --init --depth=1 dist-assets/binaries wireguard-go-rs
 
       - name: Scan for code points
         run: ./ci/check-trojan-source.sh .

.github/workflows/verify-locked-down-signatures.yml

@@ -11,7 +11,7 @@ on:
       - deny.toml
       - test/deny.toml
       - gui/package-lock.json
-      - wireguard/libwg/go.sum
+      - wireguard-go-rs/libwg/go.sum
       - ci/keys/**
       - ci/verify-locked-down-signatures.sh
       - ios/MullvadVPN.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved

.gitignore

@@ -26,7 +26,6 @@
 /android/keystore.properties
 /android/local.properties
 /android/play-api-key.json
-/wireguard/libwg/libwg.h
 /wireguard/libwg/libwg.exp
 /wireguard/libwg/exports.def
 **/.vs/

.gitmodules

@@ -7,3 +7,6 @@
 [submodule "windows/windows-libraries"]
 	path = windows/windows-libraries
 	url = https://github.com/mullvad/windows-libraries
+[submodule "wireguard-go-rs/libwg/wireguard-go"]
+	path = wireguard-go-rs/libwg/wireguard-go
+	url = https://github.com/mullvad/wireguard-go/

CHANGELOG.md

@@ -29,6 +29,9 @@ Line wrap the file at 100 chars.                                              Th
 #### macOS
 - Add support for split tunneling (beta).
 
+#### Linux
+- Add DAITA (Defence against AI-guided Traffic Analysis) setting.
+
 ### Changed
 - Update Electron from 28.1.3 to 30.0.4.