├── fetch.sh ├── Android.mk ├── README.md └── patch-kernel.sh /fetch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | USER_AGENT="WireGuard-AndroidROMBuild/0.3 ($(uname -a))" 4 | 5 | exec 9>.wireguard-fetch-lock 6 | flock -n 9 || exit 0 7 | 8 | [[ $(( $(date +%s) - $(stat -c %Y "net/wireguard/.check" 2>/dev/null || echo 0) )) -gt 86400 ]] || exit 0 9 | 10 | while read -r distro package version _; do 11 | if [[ $distro == upstream && $package == linuxcompat ]]; then 12 | VERSION="$version" 13 | break 14 | fi 15 | done < <(curl -A "$USER_AGENT" -LSs --connect-timeout 30 https://build.wireguard.com/distros.txt) 16 | 17 | [[ -n $VERSION ]] 18 | 19 | if [[ -f net/wireguard/version.h && $(< net/wireguard/version.h) == *$VERSION* ]]; then 20 | touch net/wireguard/.check 21 | exit 0 22 | fi 23 | 24 | rm -rf net/wireguard 25 | mkdir -p net/wireguard 26 | curl -A "$USER_AGENT" -LsS --connect-timeout 30 "https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-$VERSION.tar.xz" | tar -C "net/wireguard" -xJf - --strip-components=2 "wireguard-linux-compat-$VERSION/src" 27 | sed -i 's/tristate/bool/;s/default m/default y/;' net/wireguard/Kconfig 28 | touch net/wireguard/.check 29 | -------------------------------------------------------------------------------- /Android.mk: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-2.0 2 | # 3 | # Copyright (C) 2015-2017 Jason A. Donenfeld . All Rights Reserved. 4 | 5 | WIREGUARD_PATH := $(call my-dir) 6 | 7 | TARGET_KERNEL_BINARIES: patch-wireguard 8 | patch-wireguard: 9 | @$(WIREGUARD_PATH)/patch-kernel.sh "$(TARGET_KERNEL_SOURCE)"; \ 10 | ret=$$?; [ $$ret -eq 0 ] && exit 0; [ $$ret -ne 77 ] && exit $$ret; \ 11 | echo -e "" \ 12 | "\e[1;37;41m=================================================\e[0m\n" \ 13 | "\e[1;37;41m+ WARNING WARNING WARNING +\e[0m\n" \ 14 | "\e[1;37;41m+ +\e[0m\n" \ 15 | "\e[1;37;41m+ You are trying to build WireGuard into a +\e[0m\n" \ 16 | "\e[1;37;41m+ kernel that is too old to run it. Please use +\e[0m\n" \ 17 | "\e[1;37;41m+ kernel >=3.10. This build will NOT have +\e[0m\n" \ 18 | "\e[1;37;41m+ WireGuard. You likely added this to your +\e[0m\n" \ 19 | "\e[1;37;41m+ local_manifest.xml without understanding this +\e[0m\n" \ 20 | "\e[1;37;41m+ requirement. Sorry for the inconvenience. +\e[0m\n" \ 21 | "\e[1;37;41m=================================================\e[0m" >&2 \ 22 | exit 0 23 | 24 | .PHONY: patch-wireguard 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # [WireGuard](https://www.wireguard.com/) for Android ROMs and Kernels 2 | 3 | This repository contains various ways of integrating [WireGuard](https://www.wireguard.com/) into Android systems. The result may be used with [the WireGuard Android GUI app](https://play.google.com/apps/testing/com.wireguard.android). This is currently tested on Android 6, 7, and 8 and kernels ≥3.10. 4 | 5 | Choose between **Method A** and **Method B**, below. Do not choose both methods at the same time. 6 | 7 | ## Method A: Adding to Kernel Trees 8 | 9 | If you maintain your own kernel, you may easily patch your kernel tree to support WireGuard with the following command: 10 | 11 | ``` 12 | $ ./patch-kernel.sh path/to/kerneltree 13 | ``` 14 | 15 | This will patch your kernel and create a commit for you. 16 | 17 | ## Method B: Integrating into ROMs 18 | 19 | If you do not maintain your own kernel, but rather maintain a `local_manifest.xml` file, and would like to add WireGuard to your ROM, you can simply add these two lines to your `local_manifest.xml`: 20 | 21 | ``` 22 | 23 | 24 | ``` 25 | 26 | Then, run `repo sync`. The kernel used by your ROM will automatically gain WireGuard support. 27 | -------------------------------------------------------------------------------- /patch-kernel.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | FETCH_SCRIPT="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")/fetch.sh" 4 | if ! cd "$1"; then 5 | echo "$1 does not exist." >&2 6 | exit 1 7 | fi 8 | 9 | if [[ ! -e net/Kconfig ]]; then 10 | echo "You must specify the location of kernel sources as the first argument." >&2 11 | exit 1 12 | fi 13 | 14 | if ! [[ $(< Makefile) =~ VERSION[[:space:]]*=[[:space:]]*([0-9]+).*PATCHLEVEL[[:space:]]*=[[:space:]]*([0-9]+).*SUBLEVEL[[:space:]]*=[[:space:]]*([0-9]+) ]]; then 15 | echo "Unable to parse kernel Makefile." >&2 16 | exit 1 17 | fi 18 | if (( ((${BASH_REMATCH[1]} * 65536) + (${BASH_REMATCH[2]} * 256) + ${BASH_REMATCH[3]}) < ((3 * 65536) + (10 * 256) + 0) )); then 19 | echo "WireGuard requires kernels >= 3.10. This is kernel ${BASH_REMATCH[1]}.${BASH_REMATCH[2]}.${BASH_REMATCH[3]}." 20 | exit 77 21 | fi 22 | 23 | [[ $(< net/Makefile) == *wireguard* ]] || sed -i "/^obj-\\\$(CONFIG_NETFILTER).*+=/a obj-\$(CONFIG_WIREGUARD) += wireguard/" net/Makefile 24 | [[ $(< net/Kconfig) == *wireguard* ]] || sed -i "/^if INET\$/a source \"net/wireguard/Kconfig\"" net/Kconfig 25 | [[ -f net/.gitignore && $(< net/.gitignore) == *wireguard* ]] || echo "wireguard/" >> net/.gitignore 26 | 27 | cp "$FETCH_SCRIPT" scripts/fetch-latest-wireguard.sh 28 | chmod +x scripts/fetch-latest-wireguard.sh 29 | 30 | [[ $(< scripts/Kbuild.include) == *fetch-latest-wireguard.sh* ]] || echo '$(shell cd "$(srctree)" && ./scripts/fetch-latest-wireguard.sh)' >> scripts/Kbuild.include 31 | 32 | MODIFIED_FILES=( scripts/Kbuild.include scripts/fetch-latest-wireguard.sh net/.gitignore net/Kconfig net/Makefile ) 33 | if [[ -d .git && -n $(git status --porcelain "${MODIFIED_FILES[@]}") ]]; then 34 | git add "${MODIFIED_FILES[@]}" 35 | git commit -s -m "net/wireguard: add wireguard importer" "${MODIFIED_FILES[@]}" 36 | fi 37 | --------------------------------------------------------------------------------