diff options
| -rw-r--r-- | .github/workflows/android-app.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/clippy.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/daemon.yml | 6 | ||||
| -rw-r--r-- | .github/workflows/desktop-e2e.yml | 6 | ||||
| -rw-r--r-- | .github/workflows/ios-rust-ffi.yml | 5 | ||||
| -rw-r--r-- | .github/workflows/osv-scanner-pr.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/osv-scanner-scheduled.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/rust-unused-dependencies.yml | 6 | ||||
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | android/BuildInstructions.md | 4 | ||||
| -rw-r--r-- | android/docker/Dockerfile | 7 | ||||
| -rw-r--r-- | android/docs/BuildInstructions.macos.md | 7 | ||||
| -rwxr-xr-x | ci/buildserver-build-android.sh | 2 | ||||
| -rwxr-xr-x | ci/buildserver-build.sh | 2 | ||||
| -rw-r--r-- | wireguard-go-rs/Cargo.toml | 11 | ||||
| -rw-r--r-- | wireguard-go-rs/build.rs | 11 | ||||
| -rw-r--r-- | wireguard-go-rs/libwg/Android.mk | 5 | ||||
| m--------- | wireguard-go-rs/libwg/wireguard-go | 0 | ||||
| -rw-r--r-- | wireguard-go-rs/src/lib.rs | 3 |
19 files changed, 49 insertions, 44 deletions
diff --git a/.github/workflows/android-app.yml b/.github/workflows/android-app.yml index fab337c71e..cf6ec32518 100644 --- a/.github/workflows/android-app.yml +++ b/.github/workflows/android-app.yml @@ -120,7 +120,7 @@ jobs: - name: Checkout wireguard-go-rs recursively run: | git config --global --add safe.directory '*' - git submodule update --init --recursive --depth=1 wireguard-go-rs + git submodule update --init wireguard-go-rs/libwg/wireguard-go - name: Calculate native lib cache hash id: native-lib-cache-hash diff --git a/.github/workflows/clippy.yml b/.github/workflows/clippy.yml index 218eeeef23..cacb0236cb 100644 --- a/.github/workflows/clippy.yml +++ b/.github/workflows/clippy.yml @@ -48,7 +48,7 @@ jobs: - name: Checkout submodules run: | git submodule update --init --depth=1 dist-assets/binaries - git submodule update --init --recursive --depth=1 wireguard-go-rs + git submodule update --init wireguard-go-rs/libwg/wireguard-go - name: Install build dependencies if: matrix.os == 'ubuntu-latest' @@ -99,7 +99,7 @@ jobs: - name: Checkout wireguard-go submodule run: | git config --global --add safe.directory '*' - git submodule update --init --recursive --depth=1 wireguard-go-rs + git submodule update --init wireguard-go-rs/libwg/wireguard-go - name: Clippy check env: diff --git a/.github/workflows/daemon.yml b/.github/workflows/daemon.yml index 8e22397b9c..7bf893d1ea 100644 --- a/.github/workflows/daemon.yml +++ b/.github/workflows/daemon.yml @@ -77,7 +77,7 @@ jobs: run: | git config --global --add safe.directory '*' git submodule update --init --depth=1 dist-assets/binaries - git submodule update --init --recursive --depth=1 wireguard-go-rs + git submodule update --init wireguard-go-rs/libwg/wireguard-go # The container image already has rustup and the pinned version of Rust - name: Install Rust toolchain @@ -100,7 +100,7 @@ jobs: - name: Checkout wireguard-go submodule run: | git config --global --add safe.directory '*' - git submodule update --init --recursive --depth=1 wireguard-go-rs + git submodule update --init wireguard-go-rs/libwg/wireguard-go - name: Install Protoc uses: arduino/setup-protoc@v3 @@ -131,7 +131,7 @@ jobs: - name: Checkout submodules run: | git submodule update --init --depth=1 - git submodule update --init --recursive --depth=1 wireguard-go-rs + git submodule update --init wireguard-go-rs/libwg/wireguard-go - name: Install Protoc # NOTE: ARM runner already has protoc diff --git a/.github/workflows/desktop-e2e.yml b/.github/workflows/desktop-e2e.yml index a44905e55f..2165308d76 100644 --- a/.github/workflows/desktop-e2e.yml +++ b/.github/workflows/desktop-e2e.yml @@ -124,7 +124,7 @@ jobs: run: | git config --global --add safe.directory '*' git submodule update --init --depth=1 dist-assets/binaries - git submodule update --init --recursive --depth=1 wireguard-go-rs + git submodule update --init wireguard-go-rs/libwg/wireguard-go - name: Build app env: USE_MOLD: false @@ -187,7 +187,7 @@ jobs: submodules: true - name: Checkout submodules run: | - git submodule update --init --recursive --depth=1 wireguard-go-rs + git submodule update --init wireguard-go-rs/libwg/wireguard-go - name: Install Protoc uses: arduino/setup-protoc@v3 with: @@ -274,7 +274,7 @@ jobs: - name: Checkout submodules run: | git config --global --add safe.directory '*' - git submodule update --init --recursive --depth=1 wireguard-go-rs + git submodule update --init wireguard-go-rs/libwg/wireguard-go - name: Install Go uses: actions/setup-go@v3 with: diff --git a/.github/workflows/ios-rust-ffi.yml b/.github/workflows/ios-rust-ffi.yml index 6d1457d4f1..bc289a03f9 100644 --- a/.github/workflows/ios-rust-ffi.yml +++ b/.github/workflows/ios-rust-ffi.yml @@ -20,6 +20,11 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Checkout wireguard-go-rs + run: | + git config --global --add safe.directory '*' + git submodule update --init wireguard-go-rs + - name: Install Protoc uses: arduino/setup-protoc@v3 with: diff --git a/.github/workflows/osv-scanner-pr.yml b/.github/workflows/osv-scanner-pr.yml index c65bf14504..084896fda4 100644 --- a/.github/workflows/osv-scanner-pr.yml +++ b/.github/workflows/osv-scanner-pr.yml @@ -17,4 +17,6 @@ jobs: actions: read # yamllint disable rule:line-length - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 + uses: "mullvad/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@ab8175fc65a74d8c0308f623b1c617a39bdc34fe" # v1.9.0 + with: + checkout-submodules: true diff --git a/.github/workflows/osv-scanner-scheduled.yml b/.github/workflows/osv-scanner-scheduled.yml index 58b982a107..a42305db84 100644 --- a/.github/workflows/osv-scanner-scheduled.yml +++ b/.github/workflows/osv-scanner-scheduled.yml @@ -18,4 +18,6 @@ jobs: actions: read # yamllint disable rule:line-length - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 + uses: "mullvad/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@ab8175fc65a74d8c0308f623b1c617a39bdc34fe" # v1.9.0 + with: + checkout-submodules: true diff --git a/.github/workflows/rust-unused-dependencies.yml b/.github/workflows/rust-unused-dependencies.yml index aed6d4ea22..47c58bcca2 100644 --- a/.github/workflows/rust-unused-dependencies.yml +++ b/.github/workflows/rust-unused-dependencies.yml @@ -48,7 +48,7 @@ jobs: run: | git config --global --add safe.directory '*' git submodule update --init --depth=1 dist-assets/binaries - git submodule update --init --recursive --depth=1 wireguard-go-rs + git submodule update --init wireguard-go-rs/libwg/wireguard-go - name: Install nightly Rust toolchain run: rustup override set $RUST_NIGHTLY_TOOLCHAIN @@ -79,7 +79,7 @@ jobs: - name: Checkout wireguard-go submodule run: | git config --global --add safe.directory '*' - git submodule update --init --recursive --depth=1 wireguard-go-rs + git submodule update --init wireguard-go-rs/libwg/wireguard-go - name: Install nightly Rust run: | @@ -106,7 +106,7 @@ jobs: run: | git config --global --add safe.directory '*' git submodule update --init --depth=1 - git submodule update --init --recursive --depth=1 wireguard-go-rs + git submodule update --init wireguard-go-rs/libwg/wireguard-go - name: Install msbuild if: matrix.os == 'windows-latest' @@ -92,9 +92,9 @@ cd mullvadvpn-app git submodule update --init ``` -On Android, Linux and macOS you also want to checkout the wireguard-go submodule recursively: +On Android, Windows, Linux and macOS you also want to checkout the wireguard-go submodule: ```bash -git submodule update --init --recursive --depth=1 wireguard-go-rs +git submodule update --init wireguard-go-rs/libwg/wireguard-go ``` Further details on why this is necessary can be found in the [wireguard-go-rs crate](./wireguard-go-rs/README.md). diff --git a/android/BuildInstructions.md b/android/BuildInstructions.md index cfff1b3d73..5755737df8 100644 --- a/android/BuildInstructions.md +++ b/android/BuildInstructions.md @@ -128,8 +128,6 @@ Linux distro: #### 5. Install and configure Rust toolchain - Get the latest **stable** Rust toolchain via [rustup.rs](https://rustup.rs/). - Also install `cbindgen` which is required to build `wireguard-go-rs`: - `cargo install --force cbindgen` - Configure Android cross-compilation targets and set up linker and archiver. This can be done by setting the following environment variables: @@ -157,7 +155,7 @@ environment variables: ``` #### 6. Download wireguard-go-rs submodule -Run the following command to download wireguard-go-rs submodule: `git submodule update --init --recursive --depth=1 wireguard-go-rs` +Run the following command to download wireguard-go-rs submodule: `git submodule update --init wireguard-go-rs/libwg/wireguard-go` ### Debug build Run the following command to build a debug build: diff --git a/android/docker/Dockerfile b/android/docker/Dockerfile index 3635fc55c0..705c0d1ed0 100644 --- a/android/docker/Dockerfile +++ b/android/docker/Dockerfile @@ -117,11 +117,4 @@ RUN patch -p1 -f -N -r- -d /usr/local/go < /tmp/goruntime-boottime-over-monotoni # Add rust targets RUN rustup target add x86_64-linux-android i686-linux-android aarch64-linux-android armv7-linux-androideabi -# Install cbindgen to address maybenot.h (checked in) sometimes needing to be -# re-generated due to how `make` looks at last-modifications while git neither -# stores nor consistently sets modification metadata on file checkout. -# This is an intermediate solution that will be further improved as part of -# issue: DROID-1328. -RUN cargo install --force cbindgen --version "0.26.0" && rm -rf ~/.cargo/registry - WORKDIR /build diff --git a/android/docs/BuildInstructions.macos.md b/android/docs/BuildInstructions.macos.md index 0368c1e917..4ef004d595 100644 --- a/android/docs/BuildInstructions.macos.md +++ b/android/docs/BuildInstructions.macos.md @@ -28,11 +28,6 @@ Finish the install of `rustup`: rustup-init ``` -Install `cbindgen` which is required to build `wireguard-go-rs`: -```bash -cargo install --force cbindgen -``` - ## 2. Install SDK Tools and Android NDK Toolchain Open Android Studio -> Tools -> SDK Manager, and install `Android SDK Command-line Tools (latest)`. @@ -70,7 +65,7 @@ export CARGO_TARGET_X86_64_LINUX_ANDROID_LINKER="$NDK_TOOLCHAIN_DIR/x86_64-linux wireguard-go-rs submodule need to be downloaded: ```bash -git submodule update --init --recursive --depth=1 wireguard-go-rs +git submodule update --init wireguard-go-rs/libwg/wireguard-go ``` ## 4. Debug build diff --git a/ci/buildserver-build-android.sh b/ci/buildserver-build-android.sh index 0010161ead..a2eb39a112 100755 --- a/ci/buildserver-build-android.sh +++ b/ci/buildserver-build-android.sh @@ -65,7 +65,7 @@ function checkout_ref { git reset --hard git checkout "$ref" git submodule update - git submodule update --init --recursive --depth=1 wireguard-go-rs || true + git submodule update --init wireguard-go-rs/libwg/wireguard-go || true git clean -df } diff --git a/ci/buildserver-build.sh b/ci/buildserver-build.sh index b68bd79e77..d932f6825d 100755 --- a/ci/buildserver-build.sh +++ b/ci/buildserver-build.sh @@ -159,7 +159,7 @@ function checkout_ref { git reset --hard git checkout "$ref" git submodule update - git submodule update --init --recursive --depth=1 wireguard-go-rs || true + git submodule update --init wireguard-go-rs/libwg/wireguard-go || true git clean -df } diff --git a/wireguard-go-rs/Cargo.toml b/wireguard-go-rs/Cargo.toml index b00444b7fb..d86cb61535 100644 --- a/wireguard-go-rs/Cargo.toml +++ b/wireguard-go-rs/Cargo.toml @@ -12,10 +12,13 @@ thiserror.workspace = true log.workspace = true zeroize = "1.8.1" -# The app does not depend on maybenot-ffi itself, but adds it as a dependency to expose FFI symbols to wireguard-go. -# This is done, instead of using the makefile in wireguard-go to build maybenot-ffi into its archive, to prevent -# name clashes induced by link-time optimization. -# NOTE: the version of maybenot-ffi below must be the same as the version checked into the wireguard-go submodule +# On platforms where maybenot and wireguard-go can be built statically (Linux and macOS) we use +# this hack to include it. The hack is that we depend on this crate here even if neither +# wireguard-go-rs nor its upstream dependants use it. +# This is only here so that maybenot-ffi is built and its symbols are available to wireguard-go +# at link time. +# NOTE: for other platforms, maybenot-ffi is NOT declared here, but instead built directly from +# wireguard-go-rs/libwg/wireguard-go/maybenot-ffi [target.'cfg(any(target_os = "linux", target_os = "macos"))'.dependencies] maybenot-ffi = "2.0.1" diff --git a/wireguard-go-rs/build.rs b/wireguard-go-rs/build.rs index f13f034116..a544e4e161 100644 --- a/wireguard-go-rs/build.rs +++ b/wireguard-go-rs/build.rs @@ -268,11 +268,16 @@ fn build_shared_maybenot_lib(out_dir: impl AsRef<Path>) -> anyhow::Result<()> { tmp_build_dir = tmp_build_dir.join("target"); build_command - .current_dir("./libwg/wireguard-go/maybenot/crates/maybenot-ffi") + .current_dir("./libwg/wireguard-go/maybenot-ffi") .env("RUSTFLAGS", "-C metadata=maybenot-ffi -Ctarget-feature=+crt-static") - // Set temporary target dir to prevent deadlock + // Set temporary target dir to prevent deadlock, since we are invoking cargo from within + // another cargo process. .env("CARGO_TARGET_DIR", &tmp_build_dir) - .arg("build") + .arg("rustc") + // Build a shared library to consume from another language (go) + .arg("--crate-type=cdylib") + // Always respect lockfiles + .args(["--locked"]) .args(["--profile", profile]) .args(["--target", &target_triple]); diff --git a/wireguard-go-rs/libwg/Android.mk b/wireguard-go-rs/libwg/Android.mk index 23b32cd81f..9833c9b6a1 100644 --- a/wireguard-go-rs/libwg/Android.mk +++ b/wireguard-go-rs/libwg/Android.mk @@ -3,7 +3,8 @@ # Copyright © 2017-2019 WireGuard LLC. All Rights Reserved. DESTDIR ?= $(OUT_DIR) -CARGO_TARGET_DIR ?= +# Default to the workspace root if not set +CARGO_TARGET_DIR ?= $(CURDIR)/../../target TARGET ?= NDK_GO_ARCH_MAP_x86 := 386 @@ -25,7 +26,7 @@ default: $(DESTDIR)/libwg.so $(DESTDIR)/libwg.so: mkdir -p $(DESTDIR) # Build libmaybenot - make --directory wireguard-go libmaybenot.a LIBDEST="$(DESTDIR)" TARGET="$(TARGET)" CARGO_TARGET_DIR="$(CARGO_TARGET_DIR)" + make --directory wireguard-go/maybenot-ffi $(DESTDIR)/libmaybenot.a TARGET="$(TARGET)" CARGO_TARGET_DIR="$(CARGO_TARGET_DIR)" # Build wireguard-go go get -tags "linux android daita" chmod -fR +w "$(GOPATH)/pkg/mod" diff --git a/wireguard-go-rs/libwg/wireguard-go b/wireguard-go-rs/libwg/wireguard-go -Subproject 209814b584985679d7602387e6402b3a30b0301 +Subproject 0b750ea8445a378b6f314fa6135c889e9d171b1 diff --git a/wireguard-go-rs/src/lib.rs b/wireguard-go-rs/src/lib.rs index a98c9e056a..f49c4d4e52 100644 --- a/wireguard-go-rs/src/lib.rs +++ b/wireguard-go-rs/src/lib.rs @@ -29,7 +29,8 @@ pub type LoggingContext = u64; pub type LoggingCallback = unsafe extern "system" fn(level: WgLogLevel, msg: *const c_char, context: LoggingContext); -// Make symbols from maybenot-ffi visible to wireguard-go +// Make symbols from maybenot-ffi visible to wireguard-go, on the platforms where +// wireguard-go is statically linked into this crate. #[cfg(all(daita, any(target_os = "linux", target_os = "macos")))] use maybenot_ffi as _; |