From 939e217d34d58c624843f8b40734e034b970222c Mon Sep 17 00:00:00 2001
From: Maxime Puys <drakes00@gmail.com>
Date: Fri, 22 Mar 2024 08:24:26 +0100
Subject: [PATCH] Updated: Vagrantfile for automatic kernel build
---
Vagrantfile | 72 +++++++++++++----------------
{linux => src}/APKBUILD | 7 +++
{linux => src}/noise.c | 0
{linux => src}/noise.c.original | 0
{linux => src}/wireguard-leak.patch | 4 +-
5 files changed, 42 insertions(+), 41 deletions(-)
rename {linux => src}/APKBUILD (98%)
rename {linux => src}/noise.c (100%)
rename {linux => src}/noise.c.original (100%)
rename {linux => src}/wireguard-leak.patch (98%)
diff --git a/Vagrantfile b/Vagrantfile
index bda0f17..c4e55ba 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -1,6 +1,6 @@
Vagrant.configure("2") do |config|
# Using latest Debian amd64 image
- config.vm.box = "debian/bookworm64"
+ config.vm.box = "generic/alpine318"
# Define three virtual machines with specific names and IP addresses
vm_configurations = [
@@ -28,9 +28,9 @@ Vagrant.configure("2") do |config|
# Mount local directories on VMs
if vm_config[:name] == "wireguard-client1"
- node.vm.box = "generic/alpine318"
node.vm.synced_folder "./wireguard-client1", "/etc/wireguard"
- node.vm.synced_folder "./linux", "/linux"
+ # node.vm.synced_folder "./linux", "/linux"
+
node.vm.provider "virtualbox" do |vb|
vb.memory = "4096"
vb.cpus = 8
@@ -48,6 +48,7 @@ Vagrant.configure("2") do |config|
# Allow Promiscuous Mode on attacker machine
if vm_config[:name] == "wireguard-attacker"
+ node.vm.box = "debian/bookworm64"
node.vm.provider "virtualbox" do |vb|
vb.customize ['modifyvm', :id, '--nicpromisc2', 'allow-all']
end
@@ -59,36 +60,17 @@ Vagrant.configure("2") do |config|
#!/bin/bash
echo "Hello from #{vm_config[:name]} with IP: #{vm_config[:ip]}!"
- # Install docker if not already done
- if ! docker ps > /dev/null; then
- # Add Docker's official GPG key:
- sudo apt-get -y update
- sudo apt-get -y install ca-certificates curl gnupg
- sudo install -m 0755 -d /etc/apt/keyrings
- [[ -f /etc/apt/keyrings/docker.gpg ]] || curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --batch --dearmor -o /etc/apt/keyrings/docker.gpg
- sudo chmod a+r /etc/apt/keyrings/docker.gpg
-
- # Add the repository to Apt sources:
- echo \
- "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
- $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
- sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
- sudo apt-get -y update
-
- sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-
- # Add vagrant user to docker group
- sudo adduser vagrant docker
- else
- echo "Docker already installed"
- fi
+ # Update repository
+ sudo apk update
+
+ # Install wireguard along with
+ sudo apk add wireguard-tools-wg-quick iptables
# Some customizations
- sudo apt-get -y install vim
- sed -ri 's/^( *)#alias (.*)/\\1alias \\2/' /home/vagrant/.bashrc
+ sudo apk add vim
- # Start Wireguard Server
- cd /srv/wireguard-server && docker compose up -d
+ # Boot server
+ sudo wg-quick up wg0
SHELL
end
@@ -105,7 +87,23 @@ Vagrant.configure("2") do |config|
# Some customizations
sudo apk add vim
- #sed -ri 's/^( *)#alias (.*)/\\1alias \\2/' /home/vagrant/.bashrc
+ sudo apk add git alpine-sdk
+ sudo addgroup vagrant abuild
+ SHELL
+ node.vm.provision :reload
+ node.vm.provision "shell", privileged: false, inline: <<-SHELL
+ #!/bin/bash
+
+ # Clone kernel sources
+ test -d ~/aports || git clone https://github.com/alpinelinux/aports --branch 3.18-stable
+ SHELL
+ node.vm.provision "file", source: "./linux/wireguard-leak.patch", destination: "~/aports/main/linux-lts/wireguard-leak.patch"
+ node.vm.provision "file", source: "./linux/APKBUILD", destination: "~/aports/main/linux-lts/APKBUILD"
+ node.vm.provision "shell", privileged: false, inline: <<-SHELL
+ #!/bin/bash
+ # Reinstall kernel with customized wireguard module
+ abuild-keygen -a -i -n
+ cd aports/main/linux-lts && abuild checksum && abuild -r -k && sudo apk add ~/packages/main/x86_64/linux-virt-6.1.77-r0.apk && sudo reboot
SHELL
end
@@ -115,17 +113,13 @@ Vagrant.configure("2") do |config|
echo "Hello from #{vm_config[:name]} with IP: #{vm_config[:ip]}!"
# Update repository
- sudo apt-get -y update
+ sudo apk update
- # Install wireguard along with
- sudo apt-get -y install wireguard
+ # Install wireguard along with
+ sudo apk add wireguard-tools-wg-quick iptables
# Some customizations
- sudo apt-get -y install vim
- sed -ri 's/^( *)#alias (.*)/\\1alias \\2/' /home/vagrant/.bashrc
-
- # Install resolvconf for Wireguard to work
- sudo apt-get -y install resolvconf
+ sudo apk add vim
SHELL
end
diff --git a/linux/APKBUILD b/src/APKBUILD
similarity index 98%
rename from linux/APKBUILD
rename to src/APKBUILD
index 416625d..a7fb72e 100644
--- a/linux/APKBUILD
+++ b/src/APKBUILD
@@ -27,6 +27,13 @@ source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver
0002-tty-Allow-TIOCSTI-to-be-disabled.patch
0003-tty-Move-TIOCSTI-toggle-variable-before-kerndoc.patch
+ lts.aarch64.config
+ lts.armv7.config
+ lts.x86.config
+ lts.x86_64.config
+ lts.ppc64le.config
+ lts.s390x.config
+
virt.aarch64.config
virt.armv7.config
virt.ppc64le.config
diff --git a/linux/noise.c b/src/noise.c
similarity index 100%
rename from linux/noise.c
rename to src/noise.c
diff --git a/linux/noise.c.original b/src/noise.c.original
similarity index 100%
rename from linux/noise.c.original
rename to src/noise.c.original
diff --git a/linux/wireguard-leak.patch b/src/wireguard-leak.patch
similarity index 98%
rename from linux/wireguard-leak.patch
rename to src/wireguard-leak.patch
index b5f05f0..55fda5b 100644
--- a/linux/wireguard-leak.patch
+++ b/src/wireguard-leak.patch
@@ -230,8 +230,8 @@
derive_keys(&new_keypair->receiving, &new_keypair->sending,
handshake->chaining_key);
-+ printHex("new_keypair->sending", new_keypair->sending.key, NOISE_SYMMETRIC_KEY_LEN);
-+ printHex("new_keypair->receiving", new_keypair->receiving.key, NOISE_SYMMETRIC_KEY_LEN);
++ // printHex("new_keypair->sending", new_keypair->sending.key, NOISE_SYMMETRIC_KEY_LEN);
++ // printHex("new_keypair->receiving", new_keypair->receiving.key, NOISE_SYMMETRIC_KEY_LEN);
+
handshake_zero(handshake);
rcu_read_lock_bh();
--
GitLab