switch to boringtun

.drone.yml

@@ -19,15 +19,15 @@ steps:
    image: alpine/git
    commands:
     - git submodule update --recursive --remote --init    
- - name: wireguard-go
+ - name: boringtun
    image: plugins/docker
    settings:
     repo: repo.shimun.net/shimun/wireguard-user
-    tag: build-wireguard-go
+    tag: build-boringtun
     registry: repo.shimun.net
-    cache_from: ["repo.shimun.net/shimun/wireguard-user:build-wireguard-go", "repo.shimun.net/shimun/wireguard-user:build-event-gen"]
+    cache_from: ["repo.shimun.net/shimun/wireguard-user:build-boringtun", "repo.shimun.net/shimun/wireguard-user:build-event-gen"]
     storage_path: "/drone/docker"
-    target: build
+    target: boringbuild
     username:
      from_secret: docker_username
     password:
@@ -37,7 +37,7 @@ steps:
    settings:
     repo: repo.shimun.net/shimun/wireguard-user
     registry: repo.shimun.net
-    cache_from: ["repo.shimun.net/shimun/wireguard-user:build-wireguard-go", "repo.shimun.net/shimun/wireguard-user:build-event-gen", "repo.shimun.net/shimun/wireguard-user"]
+    cache_from: ["repo.shimun.net/shimun/wireguard-user:build-boringtun", "repo.shimun.net/shimun/wireguard-user:build-event-gen", "repo.shimun.net/shimun/wireguard-user"]
     storage_path: "/drone/docker"
     username:
      from_secret: docker_username

.gitmodules

@@ -1,3 +1,3 @@
-[submodule "wireguard-go"]
+[submodule "boringtun"]
-	path = wireguard-go
+	path = boringtun
-	url = https://git.zx2c4.com/wireguard-go
+	url = https://github.com/cloudflare/boringtun.git

Dockerfile

@@ -1,11 +1,13 @@
-FROM rust:1.32-slim AS eventbuild
+FROM rust:1.33-slim AS rustbuild
+
+FROM rustbuild AS eventbuild
 
 WORKDIR /build
 
-COPY wg-event-gen/Cargo.* /build/
-
 RUN rustup target add x86_64-unknown-linux-musl
 
+COPY wg-event-gen/Cargo.* /build/
+
 RUN mkdir -p src && echo "fn main() {}" > src/main.rs && cargo build --release --target x86_64-unknown-linux-musl
 
 COPY wg-event-gen/ /build
@@ -18,15 +20,20 @@ COPY --from=eventbuild /build/target/x86_64-unknown-linux-musl/debug/wg-event-ge
 
 RUN echo "d41d8cd98f00b204e9800998ecf8427e  -" > test.md5 && wg-event-gen | md5sum -c test.md5
 
-FROM golang AS build
+FROM rustbuild AS boringbuild
 
-COPY wireguard-go /go/src/wireguard
+WORKDIR /build
 
-WORKDIR /go/src/wireguard
+RUN rustup target add x86_64-unknown-linux-musl
 
-RUN echo "package main" > ./donotuseon_linux.go && go get
+COPY boringtun/Cargo.* /build/
+
+RUN mkdir -p src && echo "fn main() {}" > src/main.rs && touch src/lib.rs && cargo build --release #--target x86_64-unknown-linux-musl #Ring won't compile https://github.com/briansmith/ring/issues/713
+
+COPY boringtun/ /build
+
+RUN cargo build --release #--target x86_64-unknown-linux-musl
 
-RUN go build
 
 FROM frolvlad/alpine-glibc
 
@@ -34,10 +41,10 @@ RUN echo http://nl.alpinelinux.org/alpine/edge/testing >> /etc/apk/repositories
 
 ENV WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1
 
-COPY --from=build /go/bin/wireguard /usr/bin/wireguard-go
-
 COPY --from=eventbuild /build/target/x86_64-unknown-linux-musl/debug/wg-event-gen /usr/bin/
 
+COPY --from=boringbuild /build/target/release/boringtun /usr/bin/
+
 COPY init.sh /init.sh
 
 RUN chmod +x /init.sh && echo 'alias nload="nload ${WG_INTERFACE:-wg0}"' >> /root/.bashrc

boringtun

@@ -0,0 +1 @@
+Subproject commit cabd96987454add6785c6363e4846ef1ff09101e

init.sh

@@ -27,7 +27,7 @@ function setup_iptables() {
  iptables -t nat -$1 POSTROUTING -s $ADDRESS -o $PHY_IF -j MASQUERADE;
 }
 
-/usr/bin/wireguard-go $WG_IF
+/usr/bin/boringtun $WG_IF
 
 if [ ! -f "/etc/wireguard/$WG_IF.conf" ]; then
  mkdir -p /etc/wireguard/keys

wireguard-go

@@ -1 +0,0 @@
-Subproject commit f49da8b7ad99b479b9221426eec865cd5ee09a30