[Expired for linux (Ubuntu Focal) because there has been no activity for
60 days.]
** Changed in: linux (Ubuntu Focal)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1998902
Title:
focal: merge upstream wireguard
Status in linux package in Ubuntu:
Expired
Status in linux source package in Focal:
Expired
Bug description:
[Impact]
In older kernels, like focal, Wireguard used to be maintained as an
external module (wireguard-dkms). This dkms is not maintained anymore,
but upstream maintainer periodically provides backported patches for
older kernels (like 5.4) in this git repository
https://git.zx2c4.com/wireguard-linux.
In order to properly support Wireguard with all the recent security
updates, fixes, etc. it would be more efficient for us to apply the
backported patch set officially provided by the upstream maintainer,
instead of maintaining these changes in a separate dkms.
[Test case]
We need to figure out a proper test case to verify that wireguard is
applied and it's working correctly.
Right now the best option is to verify the availability of the
wireguard.ko module and run the kernel selftests in
tools/testing/selftests/wireguard/ (specifically
./tools/testing/selftests/wireguard/netns.sh - we can just run it
directly but it requires iperf3 and ncat installed and a `modprobe
nf_conntrack` before starting the test).
[Fix]
Apply the backported wireguard patch set provided by the upstream
maintainer as UBUNTU SAUCE patches (patch set available in
https://git.zx2c4.com/wireguard-linux branch backport-5.4.y).
[Where things could go wrong]
We don't have a precise plan to keep the patches updated after some
SRU patches are applied to our kernel. A quick and dirty solution
could be to revert the wireguard patch set entirely, apply the SRU
patches, then re-apply the latest wireguard patch set on top. But we
probably need to figure out a better workflow.
Also this patch set is probably going to conflict with wireguard-dkms,
but that is the whole point, we want to deprecate this dkms and merge
wireguard into our kernel directly.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1998902/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
