Package: src:linux Severity: wishlist Control: affects -1 src:wireguard-linux-compat src:wireguard Hi Debian kernel folks-- Please cherry-pick the wireguard patches from Linux's 5.6 development branch into future debian builds of 5.5 (and 5.4?) builds of the Linux kernel. The Wireguard VPN mechanism is due to be released in upstream kernel 5.6. Debian unstable and testing currently have all the tooling needed to configure and control wireguard interfaces as long as the kernel module is available. In particular, systemd-networkd is capable of configuring wireguard interfaces in some standard configurations, and the "wireguard-tools" source package offers fine-grained control via /usr/bin/wg and a "wg-quick@" systemd unit template. The kernel module itself has been available for a few years now for people with machines that can afford to compile source code via wireguard-dkms, but the dkms fooptprint and failure modes make it more heavyweight than just having the module available directly. I was looking into how to simplify this, and part of it involved packaging a kernel module, but i've been dissuaded by folks on the #debian-kernel IRC channel from trying to keep such a thing in debian. bwh suggested cherry-picking the wireguard patches into src:linux 5.5, which would be great. the wireguard metapackage currently has: Depends: wireguard-dkms (>= 0.0.20200121-2) | wireguard-modules (>= 0.0.20191219) so it would be nice if you could add the following metadata to any generated binary packages: Provides: wireguard-modules (= 0.0.20200121-2) (you can replace the version number with whatever version info is present in the upstream series that you cherry-pick, of course) I understand from some folks on #debian-kernel that they don't think this sort of dependency resolution mechanism is good to do, but it doesn't appear to hurt anything, and it should smooth out the default use case, so it seems like a win to me. Thanks for considering this, --dkg
Attachment:
signature.asc
Description: PGP signature