Add instructions for upgrading golang and `wireguard-go`

- Remove unused android go patch duplicate
- Add mullvad copyright to `libwg_daita.go`
- Fix daita blog link language

3 files changed, 30 insertions, 178 deletions

diff --git a/wireguard-go-rs/README.md b/wireguard-go-rs/README.md
index 948c1d0390..a4745edc3e 100644
--- a/wireguard-go-rs/README.md
+++ b/wireguard-go-rs/README.md
@@ -1,11 +1,29 @@
 # `wireguard-go-rs`
-This crate is a Rust-friendly wrapper around `wireguard-go`.
-It wraps `libwg`, which in turn wraps [Mullvad VPN's fork of wireguard-go](https://github.com/mullvad/wireguard-go) that extends `wireguard-go` with [DAITA](https://mullvad.net/en/blog/introducing-defense-against-ai-guided-traffic-analysis-daita).
 
-## Known limitation
-To extend `wireguard-go` with DAITA capabilities, `wireguard-go` links against [maybenot](https://github.com/maybenot-io/maybenot/). This is done statically, which at the time of writing will cause issues if `wireguard-go` in turn is statically linked from another Rust crate: https://github.com/rust-lang/rust/issues/104707.
-As such `libwg` is built as a shared object which you can link to dynamically, which circumvents this issue.
-To get rid of this limitation, you can compile `wireguard-go` without DAITA support. See [build-wireguard-go.sh](./build-wireguard-go.sh) for details on how to do that.
+This crate is a Rust-friendly wrapper around `wireguard-go`. It wraps `libwg`, which in turn wraps
+[Mullvad VPN's fork of wireguard-go](https://github.com/mullvad/wireguard-go) with support for
+[DAITA](https://mullvad.net/blog/introducing-defense-against-ai-guided-traffic-analysis-daita).
 
 ## Upgrading `wireguard-go`
-Upgrading `wireguard-go` involves updating the git submodule found in `libwg/wireguard-go`. This module uses [Mullvad VPN's fork of wireguard-go](https://github.com/mullvad/wireguard-go).
+
+Upgrading `wireguard-go` involves updating the git submodule found in `libwg/wireguard-go`,
+which points to [Mullvad VPN's fork of wireguard-go](https://github.com/mullvad/wireguard-go).
+To update the fork, find the desired release of `wireguard-go` at
+<https://github.com/WireGuard/wireguard-go/tags> and rebase the fork on the corresponding commit.
+Change directory to `libwg` and run `go mod tidy` to update indirect dependencies.
+
+To upgrade the version of `Go` run `go mod edit -go=XX`. You will also need to update the
+`ARG GOLANG_VERSION` version in `building/Dockerfile` and build and distribute new container images,
+see the corresponding [instructions](../building/README.md).
+
+### Caution: Go runtime patch
+
+Before upgrading the version of `Go` or `wireguard-go`, be aware that we depend on a patch for the
+internal clocks of the go runtime on android,
+see <https://git.zx2c4.com/wireguard-android/tree/tunnel/tools/libwg-go>. Upgrading the versions of
+`wireguard-go` or `Go` beyond what the patch is built for should be done with caution. Note, however,
+that the patch states that "In Linux 4.17, the kernel will actually make MONOTONIC act like BOOTTIME
+anyway, so this switch will additionally unify the timer behavior across kernels." According to
+<https://source.android.com/docs/core/architecture/kernel/android-common>, Android version 11 and
+newer seem to use sufficiently new versions of the linux kernel to not need this patch. When we no
+longer support older versions of android, we may be able to drop this compatibility requirement.
diff --git a/wireguard-go-rs/libwg/goruntime-boottime-over-monotonic.diff b/wireguard-go-rs/libwg/goruntime-boottime-over-monotonic.diff
deleted file mode 100644
index 5d78242b13..0000000000
--- a/wireguard-go-rs/libwg/goruntime-boottime-over-monotonic.diff
+++ /dev/null
@@ -1,171 +0,0 @@
-From 61f3ae8298d1c503cbc31539e0f3a73446c7db9d Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Tue, 21 Mar 2023 15:33:56 +0100
-Subject: [PATCH] [release-branch.go1.20] runtime: use CLOCK_BOOTTIME in
- nanotime on Linux
-
-This makes timers account for having expired while a computer was
-asleep, which is quite common on mobile devices. Note that BOOTTIME is
-identical to MONOTONIC, except that it takes into account time spent
-in suspend. In Linux 4.17, the kernel will actually make MONOTONIC act
-like BOOTTIME anyway, so this switch will additionally unify the
-timer behavior across kernels.
-
-BOOTTIME was introduced into Linux 2.6.39-rc1 with 70a08cca1227d in
-2011.
-
-Fixes #24595
-
-Change-Id: I7b2a6ca0c5bc5fce57ec0eeafe7b68270b429321
----
- src/runtime/sys_linux_386.s     | 4 ++--
- src/runtime/sys_linux_amd64.s   | 2 +-
- src/runtime/sys_linux_arm.s     | 4 ++--
- src/runtime/sys_linux_arm64.s   | 4 ++--
- src/runtime/sys_linux_mips64x.s | 4 ++--
- src/runtime/sys_linux_mipsx.s   | 2 +-
- src/runtime/sys_linux_ppc64x.s  | 2 +-
- src/runtime/sys_linux_s390x.s   | 2 +-
- 8 files changed, 12 insertions(+), 12 deletions(-)
-
-diff --git a/src/runtime/sys_linux_386.s b/src/runtime/sys_linux_386.s
-index 12a294153d..17e3524b40 100644
---- a/src/runtime/sys_linux_386.s
-+++ b/src/runtime/sys_linux_386.s
-@@ -352,13 +352,13 @@ noswitch:
- 
- 	LEAL	8(SP), BX	// &ts (struct timespec)
- 	MOVL	BX, 4(SP)
--	MOVL	$1, 0(SP)	// CLOCK_MONOTONIC
-+	MOVL	$7, 0(SP)	// CLOCK_BOOTTIME
- 	CALL	AX
- 	JMP finish
- 
- fallback:
- 	MOVL	$SYS_clock_gettime, AX
--	MOVL	$1, BX		// CLOCK_MONOTONIC
-+	MOVL	$7, BX		// CLOCK_BOOTTIME
- 	LEAL	8(SP), CX
- 	INVOKE_SYSCALL
- 
-diff --git a/src/runtime/sys_linux_amd64.s b/src/runtime/sys_linux_amd64.s
-index c7a89ba536..01f0a6a26e 100644
---- a/src/runtime/sys_linux_amd64.s
-+++ b/src/runtime/sys_linux_amd64.s
-@@ -255,7 +255,7 @@ noswitch:
- 	SUBQ	$16, SP		// Space for results
- 	ANDQ	$~15, SP	// Align for C code
- 
--	MOVL	$1, DI // CLOCK_MONOTONIC
-+	MOVL	$7, DI // CLOCK_BOOTTIME
- 	LEAQ	0(SP), SI
- 	MOVQ	runtime·vdsoClockgettimeSym(SB), AX
- 	CMPQ	AX, $0
-diff --git a/src/runtime/sys_linux_arm.s b/src/runtime/sys_linux_arm.s
-index 7b8c4f0e04..9798a1334e 100644
---- a/src/runtime/sys_linux_arm.s
-+++ b/src/runtime/sys_linux_arm.s
-@@ -11,7 +11,7 @@
- #include "textflag.h"
- 
- #define CLOCK_REALTIME	0
--#define CLOCK_MONOTONIC	1
-+#define CLOCK_BOOTTIME	7
- 
- // for EABI, as we don't support OABI
- #define SYS_BASE 0x0
-@@ -374,7 +374,7 @@ finish:
- 
- // func nanotime1() int64
- TEXT runtime·nanotime1(SB),NOSPLIT,$12-8
--	MOVW	$CLOCK_MONOTONIC, R0
-+	MOVW	$CLOCK_BOOTTIME, R0
- 	MOVW	$spec-12(SP), R1	// timespec
- 
- 	MOVW	runtime·vdsoClockgettimeSym(SB), R4
-diff --git a/src/runtime/sys_linux_arm64.s b/src/runtime/sys_linux_arm64.s
-index 38ff6ac330..6b819c5441 100644
---- a/src/runtime/sys_linux_arm64.s
-+++ b/src/runtime/sys_linux_arm64.s
-@@ -14,7 +14,7 @@
- #define AT_FDCWD -100
- 
- #define CLOCK_REALTIME 0
--#define CLOCK_MONOTONIC 1
-+#define CLOCK_BOOTTIME 7
- 
- #define SYS_exit		93
- #define SYS_read		63
-@@ -338,7 +338,7 @@ noswitch:
- 	BIC	$15, R1
- 	MOVD	R1, RSP
- 
--	MOVW	$CLOCK_MONOTONIC, R0
-+	MOVW	$CLOCK_BOOTTIME, R0
- 	MOVD	runtime·vdsoClockgettimeSym(SB), R2
- 	CBZ	R2, fallback
- 
-diff --git a/src/runtime/sys_linux_mips64x.s b/src/runtime/sys_linux_mips64x.s
-index 47f2da524d..a8b387f193 100644
---- a/src/runtime/sys_linux_mips64x.s
-+++ b/src/runtime/sys_linux_mips64x.s
-@@ -326,7 +326,7 @@ noswitch:
- 	AND	$~15, R1	// Align for C code
- 	MOVV	R1, R29
- 
--	MOVW	$1, R4 // CLOCK_MONOTONIC
-+	MOVW	$7, R4 // CLOCK_BOOTTIME
- 	MOVV	$0(R29), R5
- 
- 	MOVV	runtime·vdsoClockgettimeSym(SB), R25
-@@ -336,7 +336,7 @@ noswitch:
- 	// see walltime for detail
- 	BEQ	R2, R0, finish
- 	MOVV	R0, runtime·vdsoClockgettimeSym(SB)
--	MOVW	$1, R4 // CLOCK_MONOTONIC
-+	MOVW	$7, R4 // CLOCK_BOOTTIME
- 	MOVV	$0(R29), R5
- 	JMP	fallback
- 
-diff --git a/src/runtime/sys_linux_mipsx.s b/src/runtime/sys_linux_mipsx.s
-index 5e6b6c1504..7f5fd2a80e 100644
---- a/src/runtime/sys_linux_mipsx.s
-+++ b/src/runtime/sys_linux_mipsx.s
-@@ -243,7 +243,7 @@ TEXT runtime·walltime(SB),NOSPLIT,$8-12
- 	RET
- 
- TEXT runtime·nanotime1(SB),NOSPLIT,$8-8
--	MOVW	$1, R4	// CLOCK_MONOTONIC
-+	MOVW	$7, R4	// CLOCK_BOOTTIME
- 	MOVW	$4(R29), R5
- 	MOVW	$SYS_clock_gettime, R2
- 	SYSCALL
-diff --git a/src/runtime/sys_linux_ppc64x.s b/src/runtime/sys_linux_ppc64x.s
-index d0427a4807..05ee9fede9 100644
---- a/src/runtime/sys_linux_ppc64x.s
-+++ b/src/runtime/sys_linux_ppc64x.s
-@@ -298,7 +298,7 @@ fallback:
- 	JMP	return
- 
- TEXT runtime·nanotime1(SB),NOSPLIT,$16-8
--	MOVD	$1, R3		// CLOCK_MONOTONIC
-+	MOVD	$7, R3		// CLOCK_BOOTTIME
- 
- 	MOVD	R1, R15		// R15 is unchanged by C code
- 	MOVD	g_m(g), R21	// R21 = m
-diff --git a/src/runtime/sys_linux_s390x.s b/src/runtime/sys_linux_s390x.s
-index 1448670b91..7d2ee3231c 100644
---- a/src/runtime/sys_linux_s390x.s
-+++ b/src/runtime/sys_linux_s390x.s
-@@ -296,7 +296,7 @@ fallback:
- 	RET
- 
- TEXT runtime·nanotime1(SB),NOSPLIT,$32-8
--	MOVW	$1, R2			// CLOCK_MONOTONIC
-+	MOVW	$7, R2			// CLOCK_BOOTTIME
- 
- 	MOVD	R15, R7			// Backup stack pointer
- 
--- 
-2.17.1
-
diff --git a/wireguard-go-rs/libwg/libwg_daita.go b/wireguard-go-rs/libwg/libwg_daita.go
index e33de84e49..d5f8f132ed 100644
--- a/wireguard-go-rs/libwg/libwg_daita.go
+++ b/wireguard-go-rs/libwg/libwg_daita.go
@@ -1,6 +1,11 @@
 //go:build daita
 // +build daita
 
+/* SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright (C) 2024 Mullvad VPN AB. All Rights Reserved.
+ */
+
 package main
 
 // #include <stdio.h>