The existing ebuild seems to work fine once simply renamed. From wireguard mailing list: Hello, A new snapshot, `0.0.20190227`, has been tagged in the git repository. Please note that this snapshot is, like the rest of the project at this point in time, experimental, and does not constitute a real release that would be considered secure and bug-free. WireGuard is generally thought to be fairly stable, and most likely will not crash your computer (though it may). However, as this is a pre-release snapshot, it comes with no guarantees, and its security is not yet to be depended on; it is not applicable for CVEs. With all that said, if you'd like to test this snapshot out, there are a few relevant changes. == Changes == * wg-quick: freebsd: allow loopback to work FreeBSD adds a route for point-to-point destination addresses. We don't really want to specify any destination address, but unfortunately we have to. Before we tried to cheat by giving our own address as the destination, but this had the unfortunate effect of preventing loopback from working on our local ip address. We work around this with yet another kludge: we set the destination address to 127.0.0.1. Since 127.0.0.1 is already assigned to an interface, this has the same effect of not specifying a destination address, and therefore we accomplish the intended behavior. Note that the bad behavior is still present in Darwin, where such workaround does not exist. * tools: remove unused check phony declaration * highlighter: when subtracting char, cast to unsigned * chacha20: name enums * tools: fight compiler slightly harder * tools: c_acc doesn't need to be initialized * queueing: more reasonable allocator function convention Usual nits. * systemd: wg-quick should depend on nss-lookup.target Since wg-quick(8) calls wg(8) which does hostname lookups, we should probably only run this after we're allowed to look up hostnames. * compat: backport ALIGN_DOWN * noise: whiten the nanoseconds portion of the timestamp This mitigates unrelated sidechannel attacks that think they can turn WireGuard into a useful time oracle. * hashtables: decouple hashtable allocations from the main device allocation The hashtable allocations are quite large, and cause the device allocation in the net framework to stall sometimes while it tries to find a contiguous region that can fit the device struct. To fix the allocation stalls, decouple the hashtable allocations from the device allocation and allocate the hashtables with kvmalloc's implicit __GFP_NORETRY so that the allocations fall back to vmalloc with little resistance. * chacha20poly1305: permit unaligned strides on certain platforms The map allocations required to fix this are mostly slower than unaligned paths. * noise: store clamped key instead of raw key This causes `wg show` to now show the right thing. Useful for doing comparisons. * compat: ipv6_stub is sometimes null On ancient kernels, ipv6_stub is sometimes null in cases where IPv6 has been disabled with a command line flag or other failures. * Makefile: don't duplicate code in install and modules-install * Makefile: make the depmod path configurable * queueing: net-next has changed signature of skb_probe_transport_header A 5.1 change. This could change again, but for now it allows us to keep this snapshot aligned with our upstream submissions. * netlink: don't remove allowed ips for new peers * peer: only synchronize_rcu_bh and traverse trie once when removing all peers * allowedips: maintain per-peer list of allowedips This is a rather big and important change that makes it much much faster to do operations involving thousands of peers. Batch peer/allowedip addition and clearing is several orders of magnitude faster now. This snapshot contains commits from: Jason A. Donenfeld, Luis Ressel, and Sultan Alsawaf. As always, the source is available at https://git.zx2c4.com/WireGuard/ and information about the project is available at https://www.wireguard.com/ . This snapshot is available in compressed tarball form here: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190227.tar.xz SHA2-256: fcdb26fd2692d9e1dee54d14418603c38fbb973a06ce89d08fbe45292ff37f79 BLAKE2b-256: ec2f0667b8439f8a168f2e78571a10a5dc16ffb8d887c8bd80f07653f8ab9a21 A PGP signature of that file decompressed is available here: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190227.tar.asc Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE If you're a snapshot package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest snapshot.
commit ab8879515256310b7b32d17bdd3d8cdb3677f88d Author: Jason A. Donenfeld <zx2c4@gentoo.org> Date: Wed Feb 27 22:24:52 2019 +0100 net-vpn/wireguard: bump Package-Manager: Portage-2.3.54, Repoman-2.3.12 Signed-off-by: Jason A. Donenfeld <zx2c4@gentoo.org> diff --git a/net-vpn/wireguard/Manifest b/net-vpn/wireguard/Manifest index d49f99a6994..7fb589c1448 100644 --- a/net-vpn/wireguard/Manifest +++ b/net-vpn/wireguard/Manifest @@ -1 +1 @@ -DIST WireGuard-0.0.20190123.tar.xz 323052 BLAKE2B f4ea04e72a276c495602da3d9c2feaf5e932ccf10e98503073650d1b7a1d5af3fad573959275e61b7c4b1f34937c0d0ac21d3e55ff0fa1a13345a6a311eca16b SHA512 8be40cebabca2a40f98ee10d6fa93708b12b17c6b0eab9aa8b7fab353d78fbd5b280b7b90cb2973cf74a1b9d47c3d250bf3ede6d1318129a45d57e21329b7f59 +DIST WireGuard-0.0.20190227.tar.xz 323788 BLAKE2B ec302b0ded5aa1afe477134a5d9ffc4354bfe70e10594a786d1fc74e75375fafa75be5efb300f0d18aa7d14c8bf07432c54bf66b30c83d19fcdbba0c23519798 SHA512 0c27353f27d7ae758cab84a02f63863681baa5eab2b64aa494be30c411b4dccc3af030b410dbfb72342fb5ea34be04f2d3b36ad0bb6a418d9f389ac34384eca3 diff --git a/net-vpn/wireguard/wireguard-0.0.20190123.ebuild b/net-vpn/wireguard/wireguard-0.0.20190227.ebuild similarity index 100% rename from net-vpn/wireguard/wireguard-0.0.20190123.ebuild rename to net-vpn/wireguard/wireguard-0.0.20190227.ebuild