From e12cf59ee36987a1f1f2e8e1ef2257ee4af8a1f8 Mon Sep 17 00:00:00 2001 From: mredig Date: Fri, 11 Jul 2025 15:32:26 -0500 Subject: [PATCH 01/18] build and use xcframework binary target --- .../workflows/build-go-dependency-wrapper.yml | 115 ++++++++++++++ Package.swift | 23 +-- Sources/WireGuardKitGo/Makefile | 60 ------- Sources/WireGuardKitGo/dummy.c | 1 - Sources/WireGuardKitGo/go.mod | 14 -- Sources/WireGuardKitGo/module.modulemap | 5 - Updating WG Dependency.md | 20 +++ .../.gitignore | 0 .../Headers/module.modulemap | 5 + .../Headers}/wireguard.h | 0 WireGuardGoFoundationSource/Makefile | 150 ++++++++++++++++++ .../api-apple.go | 0 WireGuardGoFoundationSource/go.mod | 16 ++ .../go.sum | 14 ++ .../goruntime-boottime-over-monotonic.diff | 0 15 files changed, 327 insertions(+), 96 deletions(-) create mode 100644 .github/workflows/build-go-dependency-wrapper.yml delete mode 100644 Sources/WireGuardKitGo/Makefile delete mode 100644 Sources/WireGuardKitGo/dummy.c delete mode 100644 Sources/WireGuardKitGo/go.mod delete mode 100644 Sources/WireGuardKitGo/module.modulemap create mode 100644 Updating WG Dependency.md rename {Sources/WireGuardKitGo => WireGuardGoFoundationSource}/.gitignore (100%) create mode 100644 WireGuardGoFoundationSource/Headers/module.modulemap rename {Sources/WireGuardKitGo => WireGuardGoFoundationSource/Headers}/wireguard.h (100%) create mode 100644 WireGuardGoFoundationSource/Makefile rename {Sources/WireGuardKitGo => WireGuardGoFoundationSource}/api-apple.go (100%) create mode 100644 WireGuardGoFoundationSource/go.mod rename {Sources/WireGuardKitGo => WireGuardGoFoundationSource}/go.sum (98%) rename {Sources/WireGuardKitGo => WireGuardGoFoundationSource}/goruntime-boottime-over-monotonic.diff (100%) diff --git a/.github/workflows/build-go-dependency-wrapper.yml b/.github/workflows/build-go-dependency-wrapper.yml new file mode 100644 index 000000000..eac01a416 --- /dev/null +++ b/.github/workflows/build-go-dependency-wrapper.yml @@ -0,0 +1,115 @@ +name: Go Dependency Wrapper + +on: + workflow_dispatch: + inputs: + update_go_deps: + description: 'Update go dependencies with `go get -u ./...' + required: false + type: boolean + defualt: false + go_update_patch_only: + description: '(only used if `update_go_deps` is `true`) When updating, only update the patch version.' + required: false + type: boolean + default: true + push: + tags: + - '[0-9]+.[0-9]+.[0-9]+*-build' # Matches 1.0.0-build, 2.1.3-beta-build, etc. + +# Tags must be done on `main` - see step `Update Package` + + +jobs: + wg-build: + name: Wireguard Build and Release + runs-on: macos-15 + + concurrency: + # Only allow a single run of this workflow on each branch, automatically cancelling older runs. + group: wg-${{ github.head_ref }} + cancel-in-progress: true + + steps: + - name: Checkout + uses: actions/checkout@v4 + + # - name: Determine Tag + # id: tag + # run: | + # set -x + + # RAW_TAG=${GITHUB_REF#refs/tags/} + # if [[ "$RAW_TAG" == "$GITHUB_REF" ]]; then + # echo "Must be a tag." + # exit1 + # fi + + # TAG=${RAW_TAG%-build} + + # if [[ "$TAG" == "$RAW_TAG" ]]; then + # echo "Incorrect tag format" + # exit 1 + # fi + + # echo "RAW_TAG=${RAW_TAG}" >> "$GITHUB_OUTPUT" + # echo "TAG=${TAG}" >> "$GITHUB_OUTPUT" + # env: + # GITHUB_EVENT_NAME: ${{ github.event_name }} + # GITHUB_BASE_BRANCH: ${{ github.base_ref }} + # GITHUB_REF: ${{ github.ref }} + + - name: Select Xcode + run: | + sudo xcode-select -s /Applications/Xcode_16.4.app + + # - name: Install Dependencies + # run: | + # brew install go + + - name: Handle Inputs + run: | + set -xoe + echo $RUN_UPDATES + echo $PATCH_ONLY_UPDATES + + exit 1 + env: + RUN_UPDATES: ${{ github.event.inputs.update_go_deps }} + PATCH_ONLY_UPDATES: ${{ github.event.inputs.go_update_patch_only }} + + - name: Build XCFramework + run: | + set -xoe + + pushd WireGuardGoFoundationSource + make build-xcframework + + zip -ry WireGuardGoFoundation.xcframework.zip WireGuardGoFoundation.xcframework + popd + mv WireGuardGoFoundationSource/WireGuardGoFoundation.xcframework.zip . + + - name: Update Package + run: | + set -xoe + + CHECKSUM=$(swift package compute-checksum WireGuardGoFoundation.xcframework.zip) + NEW_URL="https://github.com/${{ github.repository }}/releases/download/${TAG}/WireGuardGoFoundation.xcframework.zip" + + sed -i "" "s|let url = \".*\"|let url = \"$NEW_URL\"|" Package.swift + sed -i "" "s|let checksum = \".*\"|let checksum = \"$CHECKSUM\"|" Package.swift + + git add Package.swift + git commit -m "Release ${TAG}" + git push origin HEAD:main + git tag ${TAG} + git push origin ${TAG} + env: + TAG: ${{ steps.tag.outputs.TAG }} + + - name: Release + uses: softprops/action-gh-release@v2 + with: + files: WireGuardGoFoundation.xcframework.zip + make_latest: true + tag_name: ${{ steps.tag.outputs.TAG }} diff --git a/Package.swift b/Package.swift index 5d15a1b0d..139fda187 100644 --- a/Package.swift +++ b/Package.swift @@ -1,13 +1,16 @@ -// swift-tools-version:5.3 +// swift-tools-version:5.10 // The swift-tools-version declares the minimum version of Swift required to build this package. import PackageDescription +let url = "" +let checksum = "" + let package = Package( name: "WireGuardKit", platforms: [ - .macOS(.v12), - .iOS(.v15) + .macOS(.v13), + .iOS(.v16) ], products: [ .library(name: "WireGuardKit", targets: ["WireGuardKit"]) @@ -23,18 +26,6 @@ let package = Package( dependencies: [], publicHeadersPath: "." ), - .target( - name: "WireGuardKitGo", - dependencies: [], - exclude: [ - "goruntime-boottime-over-monotonic.diff", - "go.mod", - "go.sum", - "api-apple.go", - "Makefile" - ], - publicHeadersPath: ".", - linkerSettings: [.linkedLibrary("wg-go")] - ) + .binaryTarget(name: "WireGuardGoFoundation", url: url, checksum: checksum) ] ) diff --git a/Sources/WireGuardKitGo/Makefile b/Sources/WireGuardKitGo/Makefile deleted file mode 100644 index 16cb2d584..000000000 --- a/Sources/WireGuardKitGo/Makefile +++ /dev/null @@ -1,60 +0,0 @@ -# SPDX-License-Identifier: MIT -# -# Copyright (C) 2018-2019 Jason A. Donenfeld . All Rights Reserved. - -# These are generally passed to us by xcode, but we set working defaults for standalone compilation too. -ARCHS ?= x86_64 arm64 -PLATFORM_NAME ?= macosx -SDKROOT ?= $(shell xcrun --sdk $(PLATFORM_NAME) --show-sdk-path) -CONFIGURATION_BUILD_DIR ?= $(CURDIR)/out -CONFIGURATION_TEMP_DIR ?= $(CURDIR)/.tmp - -export PATH := $(PATH):/usr/local/bin:/opt/homebrew/bin -export CC ?= clang -LIPO ?= lipo -DESTDIR ?= $(CONFIGURATION_BUILD_DIR) -BUILDDIR ?= $(CONFIGURATION_TEMP_DIR)/wireguard-go-bridge - -CFLAGS_PREFIX := $(if $(DEPLOYMENT_TARGET_CLANG_FLAG_NAME),-$(DEPLOYMENT_TARGET_CLANG_FLAG_NAME)=$($(DEPLOYMENT_TARGET_CLANG_ENV_NAME)),) -isysroot $(SDKROOT) -arch -GOARCH_arm64 := arm64 -GOARCH_x86_64 := amd64 -GOOS_macosx := darwin -GOOS_iphoneos := ios - -build: $(DESTDIR)/libwg-go.a -version-header: $(DESTDIR)/wireguard-go-version.h - -REAL_GOROOT := $(shell go env GOROOT 2>/dev/null) -export GOROOT := $(BUILDDIR)/goroot -$(GOROOT)/.prepared: - [ -n "$(REAL_GOROOT)" ] - mkdir -p "$(GOROOT)" - rsync -a --delete --exclude=pkg/obj/go-build "$(REAL_GOROOT)/" "$(GOROOT)/" - cat goruntime-*.diff | patch -p1 -f -N -r- -d "$(GOROOT)" - touch "$@" - -define libwg-go-a -$(BUILDDIR)/libwg-go-$(1).a: export CGO_ENABLED := 1 -$(BUILDDIR)/libwg-go-$(1).a: export CGO_CFLAGS := $(CFLAGS_PREFIX) $(ARCH) -$(BUILDDIR)/libwg-go-$(1).a: export CGO_LDFLAGS := $(CFLAGS_PREFIX) $(ARCH) -$(BUILDDIR)/libwg-go-$(1).a: export GOOS := $(GOOS_$(PLATFORM_NAME)) -$(BUILDDIR)/libwg-go-$(1).a: export GOARCH := $(GOARCH_$(1)) -$(BUILDDIR)/libwg-go-$(1).a: $(GOROOT)/.prepared go.mod - go build -ldflags=-w -trimpath -v -o "$(BUILDDIR)/libwg-go-$(1).a" -buildmode c-archive - rm -f "$(BUILDDIR)/libwg-go-$(1).h" -endef -$(foreach ARCH,$(ARCHS),$(eval $(call libwg-go-a,$(ARCH)))) - -$(DESTDIR)/wireguard-go-version.h: go.mod $(GOROOT)/.prepared - sed -E -n 's/.*golang\.zx2c4\.com\/wireguard +v[0-9.]+-[0-9]+-([0-9a-f]{8})[0-9a-f]{4}.*/#define WIREGUARD_GO_VERSION "\1"/p' "$<" > "$@" - -$(DESTDIR)/libwg-go.a: $(foreach ARCH,$(ARCHS),$(BUILDDIR)/libwg-go-$(ARCH).a) - @mkdir -vp "$(DESTDIR)" - $(LIPO) -create -output "$@" $^ - -clean: - rm -rf "$(BUILDDIR)" "$(DESTDIR)/libwg-go.a" "$(DESTDIR)/wireguard-go-version.h" - -install: build - -.PHONY: clean build version-header install diff --git a/Sources/WireGuardKitGo/dummy.c b/Sources/WireGuardKitGo/dummy.c deleted file mode 100644 index d15abba59..000000000 --- a/Sources/WireGuardKitGo/dummy.c +++ /dev/null @@ -1 +0,0 @@ -// Empty diff --git a/Sources/WireGuardKitGo/go.mod b/Sources/WireGuardKitGo/go.mod deleted file mode 100644 index 789358e64..000000000 --- a/Sources/WireGuardKitGo/go.mod +++ /dev/null @@ -1,14 +0,0 @@ -module golang.zx2c4.com/wireguard/apple - -go 1.17 - -require ( - golang.org/x/sys v0.5.0 - golang.zx2c4.com/wireguard v0.0.0-20230209153558-1e2c3e5a3c14 -) - -require ( - golang.org/x/crypto v0.6.0 // indirect - golang.org/x/net v0.6.0 // indirect - golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect -) diff --git a/Sources/WireGuardKitGo/module.modulemap b/Sources/WireGuardKitGo/module.modulemap deleted file mode 100644 index 2ca39160f..000000000 --- a/Sources/WireGuardKitGo/module.modulemap +++ /dev/null @@ -1,5 +0,0 @@ -module WireGuardKitGo { - umbrella header "wireguard.h" - link "wg-go" - export * -} diff --git a/Updating WG Dependency.md b/Updating WG Dependency.md new file mode 100644 index 000000000..5b9982560 --- /dev/null +++ b/Updating WG Dependency.md @@ -0,0 +1,20 @@ +#### Upgrading the WireGuard Dependency + +WireGuard code is just a copy of files from the [official wg repo](https://git.zx2c4.com/wireguard-apple/about/) with some modifications to the makefile to build a whole xcframework and updating go dependencies. + +Going forward, since the code in `WireGuardGoFoundationSource` is essentially just a shim around the wg go package, it is just a matter of updating go packages. + +1. `cd` to `WireGuardGoFoundationSource` +1. Depending on intent, run one of the following update commands: + + # Update all dependencies to latest minor/patch versions + go get -u ./... + + # Update only patch versions (safer) + go get -u=patch ./... + +1. Use discretion to run `go mod tidy` to cleanup afterwards +1. Confirm building `WireGuardGoFoundationSource` still works + 1. `make clean` + 1. `make build-xcframework` + diff --git a/Sources/WireGuardKitGo/.gitignore b/WireGuardGoFoundationSource/.gitignore similarity index 100% rename from Sources/WireGuardKitGo/.gitignore rename to WireGuardGoFoundationSource/.gitignore diff --git a/WireGuardGoFoundationSource/Headers/module.modulemap b/WireGuardGoFoundationSource/Headers/module.modulemap new file mode 100644 index 000000000..47717efd2 --- /dev/null +++ b/WireGuardGoFoundationSource/Headers/module.modulemap @@ -0,0 +1,5 @@ +module WireGuardGoFoundation { + umbrella header "wireguard.h" + export * + module * { export * } +} diff --git a/Sources/WireGuardKitGo/wireguard.h b/WireGuardGoFoundationSource/Headers/wireguard.h similarity index 100% rename from Sources/WireGuardKitGo/wireguard.h rename to WireGuardGoFoundationSource/Headers/wireguard.h diff --git a/WireGuardGoFoundationSource/Makefile b/WireGuardGoFoundationSource/Makefile new file mode 100644 index 000000000..68a12bbeb --- /dev/null +++ b/WireGuardGoFoundationSource/Makefile @@ -0,0 +1,150 @@ +# SPDX-License-Identifier: MIT +# +# Copyright (C) 2018-2019 Jason A. Donenfeld . All Rights Reserved. + +# VAR SETUP + +MACOS_PLATFORM_NAME = macosx +MACOS_ARCHS = x86_64 arm64 +IOS_PLATFORM_NAME = iphoneos +IOS_ARCHS = arm64 +IOS_SIM_PLATFORM_NAME = iphonesimulator +IOS_SIM_ARCHS = arm64 x86_64 +MACOS_CONFIGURATION_BUILD_DIR ?= $(CURDIR)/out-macos +IOS_CONFIGURATION_BUILD_DIR ?= $(CURDIR)/out-ios +IOS_SIM_CONFIGURATION_BUILD_DIR ?= $(CURDIR)/out-ios-sim +CONFIGURATION_TEMP_DIR ?= $(CURDIR)/.tmp +XCFRAMEWORK_BASENAME = WireGuardGoFoundation +XCFRAMEWORK_NAME = $(XCFRAMEWORK_BASENAME).xcframework +USER := $(shell whoami) + +define get_sdkroot +$(shell xcrun --sdk $(1) --show-sdk-path) +endef + +MACOS_SDKROOT = $(call get_sdkroot,$(MACOS_PLATFORM_NAME)) +IOS_SDKROOT = $(call get_sdkroot,$(IOS_PLATFORM_NAME)) +IOS_SIM_SDKROOT = $(call get_sdkroot,$(IOS_SIM_PLATFORM_NAME)) + +export PATH := $(PATH):/usr/local/bin:/opt/homebrew/bin +export CC ?= clang +LIPO ?= lipo +MACOS_DESTDIR ?= $(MACOS_CONFIGURATION_BUILD_DIR) +IOS_DESTDIR ?= $(IOS_CONFIGURATION_BUILD_DIR) +IOS_SIM_DESTDIR ?= $(IOS_SIM_CONFIGURATION_BUILD_DIR) +BUILDDIR ?= $(CONFIGURATION_TEMP_DIR)/wireguard-go-bridge + +MACOS_CFLAGS_PREFIX := $(if $(DEPLOYMENT_TARGET_CLANG_FLAG_NAME),-$(DEPLOYMENT_TARGET_CLANG_FLAG_NAME)=$($(DEPLOYMENT_TARGET_CLANG_ENV_NAME)),) -isysroot $(MACOS_SDKROOT) -arch +IOS_CFLAGS_PREFIX := $(if $(DEPLOYMENT_TARGET_CLANG_FLAG_NAME),-$(DEPLOYMENT_TARGET_CLANG_FLAG_NAME)=$($(DEPLOYMENT_TARGET_CLANG_ENV_NAME)),) -isysroot $(IOS_SDKROOT) -arch +IOS_SIM_CFLAGS_PREFIX := $(if $(DEPLOYMENT_TARGET_CLANG_FLAG_NAME),-$(DEPLOYMENT_TARGET_CLANG_FLAG_NAME)=$($(DEPLOYMENT_TARGET_CLANG_ENV_NAME)),) -isysroot $(IOS_SIM_SDKROOT) -arch +GOARCH_arm64 := arm64 +GOARCH_x86_64 := amd64 +GOOS_macosx := darwin +GOOS_iphoneos := ios +# There's no GOOS_iphonesimulator value here. I don't know what it would be, but I also don't know if it's needed? + +# -- CONVENIENCE + +macos-version-header: $(MACOS_DESTDIR)/wireguard-go-version.h +ios-version-header: $(IOS_DESTDIR)/wireguard-go-version.h $(IOS_SIM_DESTDIR)/wireguard-go-version.h +macos-build: $(MACOS_DESTDIR)/libwg-go.a macos-version-header +ios-build: $(IOS_DESTDIR)/libwg-go.a $(IOS_SIM_DESTDIR)/libwg-go.a ios-version-header +build: macos-build ios-build +build-xcframework: $(XCFRAMEWORK_NAME) + +REAL_GOROOT := $(shell go env GOROOT 2>/dev/null) +export GOROOT := $(BUILDDIR)/goroot +$(GOROOT)/.prepared: + [ -n "$(REAL_GOROOT)" ] + @echo "BUILDDIR: $(BUILDDIR)" + @echo "GOROOT: $(GOROOT)" + @echo "CURDIR: $(CURDIR)" + @echo "PWD: $(PWD)" + mkdir -p "$(GOROOT)" + rsync -Dlprth --delete --exclude=pkg/obj/go-build "$(REAL_GOROOT)/" "$(GOROOT)/" + chmod -R u+w "$(GOROOT)" + cd "$(GOROOT)" && git apply --reject --ignore-space-change --ignore-whitespace "$(CURDIR)/goruntime-boottime-over-monotonic.diff" + touch "$@" + + +# -- COMPILING + +# ARCH-$(1) CFLAGS_PREFIX-$(2) PLATFORM_NAME-$(3) +define libwg-go-a +$(BUILDDIR)/libwg-go-$(3)-$(1).a: export CGO_ENABLED := 1 +$(BUILDDIR)/libwg-go-$(3)-$(1).a: export CGO_CFLAGS := $(2) $(1) +$(BUILDDIR)/libwg-go-$(3)-$(1).a: export CGO_LDFLAGS := $(2) $(1) +$(BUILDDIR)/libwg-go-$(3)-$(1).a: export GOOS := $(GOOS_$(3)) +$(BUILDDIR)/libwg-go-$(3)-$(1).a: export GOARCH := $(GOARCH_$(1)) +$(BUILDDIR)/libwg-go-$(3)-$(1).a: $(GOROOT)/.prepared go.mod + @echo "🟨🟨🟨🟨🟨 building $(3) $(1) 🟨🟨🟨🟨🟨" + $(info 'target 🎯: $(3) $(1)') + go build -ldflags=-w -trimpath -v -o "$(BUILDDIR)/libwg-go-$(3)-$(1).a" -buildmode c-archive + rm -f "$(BUILDDIR)/libwg-go-$(1).h" +endef + +$(foreach ARCH,$(MACOS_ARCHS),$(eval $(call libwg-go-a,$(ARCH),$(MACOS_CFLAGS_PREFIX),$(MACOS_PLATFORM_NAME)))) +$(foreach ARCH,$(IOS_ARCHS),$(eval $(call libwg-go-a,$(ARCH),$(IOS_CFLAGS_PREFIX),$(IOS_PLATFORM_NAME)))) +$(foreach ARCH,$(IOS_SIM_ARCHS),$(eval $(call libwg-go-a,$(ARCH),$(IOS_SIM_CFLAGS_PREFIX),$(IOS_SIM_PLATFORM_NAME)))) + + +# -- HEADERS STUFF + +# DESTDIR: $(1) +$(MACOS_DESTDIR)/wireguard-go-version.h: go.mod $(GOROOT)/.prepared + sed -E -n 's/.*golang\.zx2c4\.com\/wireguard +v[0-9.]+-([0-9]+-[0-9a-f]{8})[0-9a-f]{4}.*/#define WIREGUARD_GO_VERSION "\1"/p' "$<" > "$@" +$(IOS_DESTDIR)/wireguard-go-version.h: go.mod $(GOROOT)/.prepared + sed -E -n 's/.*golang\.zx2c4\.com\/wireguard +v[0-9.]+-([0-9]+-[0-9a-f]{8})[0-9a-f]{4}.*/#define WIREGUARD_GO_VERSION "\1"/p' "$<" > "$@" +$(IOS_SIM_DESTDIR)/wireguard-go-version.h: go.mod $(GOROOT)/.prepared + sed -E -n 's/.*golang\.zx2c4\.com\/wireguard +v[0-9.]+-([0-9]+-[0-9a-f]{8})[0-9a-f]{4}.*/#define WIREGUARD_GO_VERSION "\1"/p' "$<" > "$@" + +# -- LINKING + +# DESTDIR: $(1) ARCHS: $(2) PLATFORM_NAME: $(3) +define linkinator +$(1)/libwg-go.a: $(foreach ARCH,$(2),$(BUILDDIR)/libwg-go-$(3)-$(ARCH).a) + @mkdir -vp "$(1)" + $(LIPO) -create -output "$$@" $$^ +endef + +$(eval $(call linkinator,$(MACOS_DESTDIR),$(MACOS_ARCHS),$(MACOS_PLATFORM_NAME))) +$(eval $(call linkinator,$(IOS_DESTDIR),$(IOS_ARCHS),$(IOS_PLATFORM_NAME))) +$(eval $(call linkinator,$(IOS_SIM_DESTDIR),$(IOS_SIM_ARCHS),$(IOS_SIM_PLATFORM_NAME))) + + +# -- XCFRAMEWORK COMPILING + +$(XCFRAMEWORK_NAME): build ios-version-header macos-version-header + git checkout Headers/wireguard.h + cat "$(IOS_DESTDIR)/wireguard-go-version.h" >> Headers/wireguard.h + + xcrun xcodebuild -create-xcframework \ + -library $(IOS_DESTDIR)/libwg-go.a \ + -headers Headers/ \ + -library $(IOS_SIM_DESTDIR)/libwg-go.a \ + -headers Headers/ \ + -library $(MACOS_DESTDIR)/libwg-go.a \ + -headers Headers/ \ + -output "$(XCFRAMEWORK_NAME)" + + git checkout Headers/wireguard.h + + +# -- CLEANING + +# BUILDDIR: $(1) DESTDIR: $(2) +define clean-output +rm -rf "$(1)" "$(2)" +endef + +clean: + $(call clean-output,$(BUILDDIR),$(MACOS_DESTDIR)) + $(call clean-output,$(BUILDDIR),$(IOS_DESTDIR)) + $(call clean-output,$(BUILDDIR),$(IOS_SIM_DESTDIR)) + rm -rf "$(XCFRAMEWORK_NAME)" + +install-macos: macos-build +install-ios: ios-build +install: build + +.PHONY: clean macos-build ios-build version-header install-macos install-ios debug build install diff --git a/Sources/WireGuardKitGo/api-apple.go b/WireGuardGoFoundationSource/api-apple.go similarity index 100% rename from Sources/WireGuardKitGo/api-apple.go rename to WireGuardGoFoundationSource/api-apple.go diff --git a/WireGuardGoFoundationSource/go.mod b/WireGuardGoFoundationSource/go.mod new file mode 100644 index 000000000..f3d8c6d72 --- /dev/null +++ b/WireGuardGoFoundationSource/go.mod @@ -0,0 +1,16 @@ +module golang.zx2c4.com/wireguard/apple + +go 1.23.1 + +toolchain go1.24.5 + +require ( + golang.org/x/sys v0.34.0 + golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb +) + +require ( + golang.org/x/crypto v0.39.0 // indirect + golang.org/x/net v0.41.0 // indirect + golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect +) diff --git a/Sources/WireGuardKitGo/go.sum b/WireGuardGoFoundationSource/go.sum similarity index 98% rename from Sources/WireGuardKitGo/go.sum rename to WireGuardGoFoundationSource/go.sum index 278aef8f1..a79696aa9 100644 --- a/Sources/WireGuardKitGo/go.sum +++ b/WireGuardGoFoundationSource/go.sum @@ -353,6 +353,10 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE= +golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc= +golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= +golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -430,6 +434,10 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY= +golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E= +golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= +golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -506,6 +514,10 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20= +golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= +golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= @@ -580,6 +592,8 @@ golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeu golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI= golang.zx2c4.com/wireguard v0.0.0-20230209153558-1e2c3e5a3c14 h1:HVTnb30bngAvlUMb5VRy4jELMvWL5VIapumjqzFXMZc= golang.zx2c4.com/wireguard v0.0.0-20230209153558-1e2c3e5a3c14/go.mod h1:whfbyDBt09xhCYQWtO2+3UVjlaq6/9hDZrjg2ZE6SyA= +golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb h1:whnFRlWMcXI9d+ZbWg+4sHnLp52d5yiIPUxMBSt4X9A= +golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb/go.mod h1:rpwXGsirqLqN2L0JDJQlwOboGHmptD5ZD6T2VmcqhTw= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= diff --git a/Sources/WireGuardKitGo/goruntime-boottime-over-monotonic.diff b/WireGuardGoFoundationSource/goruntime-boottime-over-monotonic.diff similarity index 100% rename from Sources/WireGuardKitGo/goruntime-boottime-over-monotonic.diff rename to WireGuardGoFoundationSource/goruntime-boottime-over-monotonic.diff From 3c80774848e254448ad189527bf0c1fc8f670e80 Mon Sep 17 00:00:00 2001 From: mredig Date: Fri, 11 Jul 2025 16:14:47 -0500 Subject: [PATCH 02/18] (fix) workflow --- .../workflows/build-go-dependency-wrapper.yml | 81 +++++++++++-------- 1 file changed, 47 insertions(+), 34 deletions(-) diff --git a/.github/workflows/build-go-dependency-wrapper.yml b/.github/workflows/build-go-dependency-wrapper.yml index eac01a416..d94cf6dc6 100644 --- a/.github/workflows/build-go-dependency-wrapper.yml +++ b/.github/workflows/build-go-dependency-wrapper.yml @@ -1,3 +1,10 @@ +# Builds and publishes the wg-go binaries to this repo when run as a GitHub Workflow. +# The binaries in this repo are compiled without modification from upstream (official WireGuard) sources +# However, if you have security requirements beyond my assertion of "trust me bruh", the code/configs/scripts in this +# repo are 100% auditable and you are welcome to fork it and run it yourself to guarantee and grant yourself +# that wonderfully fluttery feeling of diy, security, and privacy. All the scripts should work automagically +# in their own github workflow context, or with a little effort, you can run it yourself offline. + name: Go Dependency Wrapper on: @@ -13,11 +20,9 @@ on: required: false type: boolean default: true - push: - tags: - - '[0-9]+.[0-9]+.[0-9]+*-build' # Matches 1.0.0-build, 2.1.3-beta-build, etc. - -# Tags must be done on `main` - see step `Update Package` + tag: + description: 'Releases can only be created from tags, so a unique tag is required. This will probably get updated to a versioning syntax in the future.' + required: true jobs: @@ -34,46 +39,54 @@ jobs: - name: Checkout uses: actions/checkout@v4 - # - name: Determine Tag - # id: tag - # run: | - # set -x - - # RAW_TAG=${GITHUB_REF#refs/tags/} - # if [[ "$RAW_TAG" == "$GITHUB_REF" ]]; then - # echo "Must be a tag." - # exit1 - # fi - - # TAG=${RAW_TAG%-build} + - name: Determine Tag + id: tag + run: | + set -x - # if [[ "$TAG" == "$RAW_TAG" ]]; then - # echo "Incorrect tag format" - # exit 1 - # fi + RAW_TAG="${{ github.event.inputs.tag }}" + TAG=$(echo "$RAW_TAG" | sed 's/[^a-zA-Z0-9._-]/-/g' | sed 's/[-]+/-/g' ) - # echo "RAW_TAG=${RAW_TAG}" >> "$GITHUB_OUTPUT" - # echo "TAG=${TAG}" >> "$GITHUB_OUTPUT" - # env: - # GITHUB_EVENT_NAME: ${{ github.event_name }} - # GITHUB_BASE_BRANCH: ${{ github.base_ref }} - # GITHUB_REF: ${{ github.ref }} + echo "RAW_TAG=${RAW_TAG}" >> "$GITHUB_OUTPUT" + echo "TAG=${TAG}" >> "$GITHUB_OUTPUT" + env: + RAW_TAG: ${{ github.event.inputs.tag }} + GITHUB_EVENT_NAME: ${{ github.event_name }} + GITHUB_BASE_BRANCH: ${{ github.base_ref }} + GITHUB_REF: ${{ github.ref }} - name: Select Xcode run: | sudo xcode-select -s /Applications/Xcode_16.4.app - # - name: Install Dependencies - # run: | - # brew install go + - name: Install Dependencies + run: | + brew install go - name: Handle Inputs run: | set -xoe - echo $RUN_UPDATES - echo $PATCH_ONLY_UPDATES - exit 1 + pushd WireGuardGoFoundationSource + + if [[ "$RUN_UPDATES" == "true" ]]; then + UPDATE_COMMAND=("go") + UPDATE_COMMAND+=("get") + + if [[ "$PATCH_ONLY_UPDATES" == "true" ]]; then + UPDATE_COMMAND+=("-u=patch") + else + UPDATE_COMMAND+=("-u") + fi + + UPDATE_COMMAND+=("./...") + fi + + "${UPDATE_COMMAND[@]}" + + popd + + git add WireGuardGoFoundationSource/. env: RUN_UPDATES: ${{ github.event.inputs.update_go_deps }} PATCH_ONLY_UPDATES: ${{ github.event.inputs.go_update_patch_only }} @@ -101,7 +114,7 @@ jobs: git add Package.swift git commit -m "Release ${TAG}" - git push origin HEAD:main + git push origin HEAD:master git tag ${TAG} git push origin ${TAG} env: From 72170a611889718d7f83aa489fa93f42e55b7198 Mon Sep 17 00:00:00 2001 From: Anka Date: Fri, 11 Jul 2025 21:21:27 +0000 Subject: [PATCH 03/18] Release 0.0.0 --- Package.swift | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Package.swift b/Package.swift index 139fda187..098c96108 100644 --- a/Package.swift +++ b/Package.swift @@ -3,8 +3,8 @@ import PackageDescription -let url = "" -let checksum = "" +let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.0/WireGuardGoFoundation.xcframework.zip" +let checksum = "6249e8a497832025100e74b11357d6d6ff7b2dc8c2d9111b27e21a4680e44066" let package = Package( name: "WireGuardKit", From 4922e1bf7543876768229dc7cb14390bbd01a593 Mon Sep 17 00:00:00 2001 From: mredig Date: Fri, 11 Jul 2025 16:30:13 -0500 Subject: [PATCH 04/18] (fix) small build issues --- Package.swift | 2 +- Sources/WireGuardKit/WireGuardAdapter.swift | 2 +- Sources/WireGuardKitC/WireGuardKitC.h | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Package.swift b/Package.swift index 098c96108..955a2deed 100644 --- a/Package.swift +++ b/Package.swift @@ -19,7 +19,7 @@ let package = Package( targets: [ .target( name: "WireGuardKit", - dependencies: ["WireGuardKitGo", "WireGuardKitC"] + dependencies: ["WireGuardGoFoundation", "WireGuardKitC"] ), .target( name: "WireGuardKitC", diff --git a/Sources/WireGuardKit/WireGuardAdapter.swift b/Sources/WireGuardKit/WireGuardAdapter.swift index f7be19b15..34719cb86 100644 --- a/Sources/WireGuardKit/WireGuardAdapter.swift +++ b/Sources/WireGuardKit/WireGuardAdapter.swift @@ -5,7 +5,7 @@ import Foundation import NetworkExtension #if SWIFT_PACKAGE -import WireGuardKitGo +import WireGuardGoFoundation import WireGuardKitC #endif diff --git a/Sources/WireGuardKitC/WireGuardKitC.h b/Sources/WireGuardKitC/WireGuardKitC.h index 54e4783d4..53b48cd86 100644 --- a/Sources/WireGuardKitC/WireGuardKitC.h +++ b/Sources/WireGuardKitC/WireGuardKitC.h @@ -3,6 +3,7 @@ #include "key.h" #include "x25519.h" +#include /* From */ #define CTLIOCGINFO 0xc0644e03UL From 50aba8dd579afa890a4d0f877e3cd1878ee105c7 Mon Sep 17 00:00:00 2001 From: Anka Date: Fri, 11 Jul 2025 21:31:29 +0000 Subject: [PATCH 05/18] Release 0.0.1 --- Package.swift | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Package.swift b/Package.swift index 955a2deed..cff9ab6ea 100644 --- a/Package.swift +++ b/Package.swift @@ -3,8 +3,8 @@ import PackageDescription -let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.0/WireGuardGoFoundation.xcframework.zip" -let checksum = "6249e8a497832025100e74b11357d6d6ff7b2dc8c2d9111b27e21a4680e44066" +let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.1/WireGuardGoFoundation.xcframework.zip" +let checksum = "3d9faeaacf8908a7e2d18bd4a314b89192e0afa974522379436d2edf7cf0c80f" let package = Package( name: "WireGuardKit", From 641a46abd2c1dbfd35e16d7f75712dd63da5019c Mon Sep 17 00:00:00 2001 From: mredig Date: Mon, 14 Jul 2025 23:33:40 -0500 Subject: [PATCH 06/18] (fix) re-include stdlib patch --- WireGuardGoFoundationSource/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/WireGuardGoFoundationSource/Makefile b/WireGuardGoFoundationSource/Makefile index 68a12bbeb..0e731953d 100644 --- a/WireGuardGoFoundationSource/Makefile +++ b/WireGuardGoFoundationSource/Makefile @@ -61,9 +61,10 @@ $(GOROOT)/.prepared: @echo "CURDIR: $(CURDIR)" @echo "PWD: $(PWD)" mkdir -p "$(GOROOT)" + mkdir -p "$(BUILDDIR)/tmp" rsync -Dlprth --delete --exclude=pkg/obj/go-build "$(REAL_GOROOT)/" "$(GOROOT)/" - chmod -R u+w "$(GOROOT)" - cd "$(GOROOT)" && git apply --reject --ignore-space-change --ignore-whitespace "$(CURDIR)/goruntime-boottime-over-monotonic.diff" + chmod -R u+w "$(BUILDDIR)" + cd "$(GOROOT)" && TMPDIR="$(BUILDDIR)/tmp" patch -p1 -f -N -r- < "$(CURDIR)/goruntime-boottime-over-monotonic.diff" touch "$@" From bceff74edd7d855d13fa5f8520f776747b5e28a5 Mon Sep 17 00:00:00 2001 From: Anka Date: Tue, 15 Jul 2025 04:37:17 +0000 Subject: [PATCH 07/18] Release 0.0.2 --- Package.swift | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Package.swift b/Package.swift index cff9ab6ea..4d0683746 100644 --- a/Package.swift +++ b/Package.swift @@ -3,8 +3,8 @@ import PackageDescription -let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.1/WireGuardGoFoundation.xcframework.zip" -let checksum = "3d9faeaacf8908a7e2d18bd4a314b89192e0afa974522379436d2edf7cf0c80f" +let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.2/WireGuardGoFoundation.xcframework.zip" +let checksum = "f38defab96c3f2a5381f7a6cde3b4635c5da8378a254c65801b99fa3a6288020" let package = Package( name: "WireGuardKit", From e956de3e49da5a004c4146743d73b789a7388495 Mon Sep 17 00:00:00 2001 From: mredig Date: Mon, 14 Jul 2025 23:48:17 -0500 Subject: [PATCH 08/18] (refactor) update readme and license --- LICENSE.md | 19 ++++++++++++ README.md | 87 ++++++++++++++---------------------------------------- 2 files changed, 41 insertions(+), 65 deletions(-) create mode 100644 LICENSE.md diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 000000000..571f52944 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,19 @@ +## MIT License + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 2efc5d459..348819098 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,11 @@ -# [WireGuard](https://www.wireguard.com/) for iOS and macOS +# [WireGuard](https://www.wireguard.com/) for iOS and macOS (with XCFramework universal build) -This project contains an application for iOS and for macOS, as well as many components shared between the two of them. You may toggle between the two platforms by selecting the target from within Xcode. +This project contains an application for iOS and for macOS, as well as many components shared between the two of them. The xcframework library is compatible with iOS, macOS, and should at least link with the simulator (there may be network extension limitations, but minimal simulator dev should be possible). ## Building +(This section has not been updated since the xcframework introduction. These instructions will likely change - the project probably needs updating for pointing to the right spm project version and since the package is pre built, there's no need to install `go`) + - Clone this repo: ``` @@ -34,66 +36,21 @@ $ open WireGuard.xcodeproj ## WireGuardKit integration -1. Open your Xcode project and add the Swift package with the following URL: - - ``` - https://git.zx2c4.com/wireguard-apple - ``` - -2. `WireGuardKit` links against `wireguard-go-bridge` library, but it cannot build it automatically - due to Swift package manager limitations. So it needs a little help from a developer. - Please follow the instructions below to create a build target(s) for `wireguard-go-bridge`. - - - In Xcode, click File -> New -> Target. Switch to "Other" tab and choose "External Build - System". - - Type in `WireGuardGoBridge` under the "Product name", replacing the `` - placeholder with the name of the platform. For example, when targeting macOS use `macOS`, or - when targeting iOS use `iOS`. - Make sure the build tool is set to: `/usr/bin/make` (default). - - In the appeared "Info" tab of a newly created target, type in the "Directory" path under - the "External Build Tool Configuration": - - ``` - ${BUILD_DIR%Build/*}SourcePackages/checkouts/wireguard-apple/Sources/WireGuardKitGo - ``` - - - Switch to "Build Settings" and find `SDKROOT`. - Type in `macosx` if you target macOS, or type in `iphoneos` if you target iOS. - -3. Go to Xcode project settings and locate your network extension target and switch to - "Build Phases" tab. - - - Locate "Dependencies" section and hit "+" to add `WireGuardGoBridge` replacing - the `` placeholder with the name of platform matching the network extension - deployment target (i.e macOS or iOS). - - - Locate the "Link with binary libraries" section and hit "+" to add `WireGuardKit`. - -4. In Xcode project settings, locate your main bundle app and switch to "Build Phases" tab. - Locate the "Link with binary libraries" section and hit "+" to add `WireGuardKit`. - -5. iOS only: Locate Bitcode settings under your application target, Build settings -> Enable Bitcode, - change the corresponding value to "No". - -Note that if you ship your app for both iOS and macOS, make sure to repeat the steps 2-4 twice, -once per platform. - -## MIT License - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. +It should now be as simple as adding this SPM package as a dependency. The magic behind this is that the package is pre-built as an xcframework, now, however. If you cannot trust a third party binary, you're welcome to build it yourself. + +To do so + +(Building with GitHub Actions) +1. Fork this project +1. In your fork, go to Actions +1. Choose the "Go Dependency Wrapper" action +1. On the right side of the screen, you should see `Run workflow` - do that. +1. The option to run `go get -u` as part of the build process is presented (this will update the build to use the latest wireguard go upstream code) +1. Provide a name for the tag. Semantic versioning is suggested, but not required. +1. Press `Run Workflow` +1. In a couple minutes, you'll have a new release on your fork that is freshly built. +1. You can now reference your fork with your release tag version in your own iOS/macOS project. + +While this might not strictly feel quite the same as building locally, you are completely capable of instpecting the code as this entire repo is transparent. + +And if you want to build locally, that's also an option. If you need assistance, the best path forward would be to inspect the workflow yaml file and replicate the steps on your local Mac. From 4cb1327bbbe1410beb93e753e427d334895426c6 Mon Sep 17 00:00:00 2001 From: mredig Date: Mon, 14 Jul 2025 23:50:59 -0500 Subject: [PATCH 09/18] (feat) add wg dep update directions --- .../Upgrading the WireGuard Dependency.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 WireGuardGoFoundationSource/Upgrading the WireGuard Dependency.md diff --git a/WireGuardGoFoundationSource/Upgrading the WireGuard Dependency.md b/WireGuardGoFoundationSource/Upgrading the WireGuard Dependency.md new file mode 100644 index 000000000..6136f6ba1 --- /dev/null +++ b/WireGuardGoFoundationSource/Upgrading the WireGuard Dependency.md @@ -0,0 +1,19 @@ +#### Upgrading the WireGuard Dependency + +WireGuard code is just a copy of files from the [official wg repo](https://git.zx2c4.com/wireguard-apple/about/) with some modifications to the makefile to build a whole xcframework and updating go dependencies. + +Going forward, since the code in `WireGuardGoFoundationSource` is essentially just a shim around the wg go package, it is just a matter of updating go packages. + +1. `cd` to `WireGuardGoFoundationSource` +1. Depending on intent, run one of the following update commands: + + # Update all dependencies to latest minor/patch versions + go get -u ./... + + # Update only patch versions (safer) + go get -u=patch ./... + +1. Use discretion to run `go mod tidy` to cleanup afterwards +1. Confirm building `WireGuardGoFoundationSource` still works + 1. `make clean` + 1. `make build-xcframework` From 0344f718b128c53a3ab1c3e737dbc410a8a8e44b Mon Sep 17 00:00:00 2001 From: mredig Date: Mon, 21 Jul 2025 14:35:47 -0500 Subject: [PATCH 10/18] (fix) link against older os versions --- WireGuardGoFoundationSource/Makefile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/WireGuardGoFoundationSource/Makefile b/WireGuardGoFoundationSource/Makefile index 0e731953d..9b7064850 100644 --- a/WireGuardGoFoundationSource/Makefile +++ b/WireGuardGoFoundationSource/Makefile @@ -5,8 +5,10 @@ # VAR SETUP MACOS_PLATFORM_NAME = macosx +MACOS_DEPLOYMENT_TARGET = 12.0 MACOS_ARCHS = x86_64 arm64 IOS_PLATFORM_NAME = iphoneos +IOS_DEPLOYMENT_TARGET = 17.6 IOS_ARCHS = arm64 IOS_SIM_PLATFORM_NAME = iphonesimulator IOS_SIM_ARCHS = arm64 x86_64 @@ -34,9 +36,9 @@ IOS_DESTDIR ?= $(IOS_CONFIGURATION_BUILD_DIR) IOS_SIM_DESTDIR ?= $(IOS_SIM_CONFIGURATION_BUILD_DIR) BUILDDIR ?= $(CONFIGURATION_TEMP_DIR)/wireguard-go-bridge -MACOS_CFLAGS_PREFIX := $(if $(DEPLOYMENT_TARGET_CLANG_FLAG_NAME),-$(DEPLOYMENT_TARGET_CLANG_FLAG_NAME)=$($(DEPLOYMENT_TARGET_CLANG_ENV_NAME)),) -isysroot $(MACOS_SDKROOT) -arch -IOS_CFLAGS_PREFIX := $(if $(DEPLOYMENT_TARGET_CLANG_FLAG_NAME),-$(DEPLOYMENT_TARGET_CLANG_FLAG_NAME)=$($(DEPLOYMENT_TARGET_CLANG_ENV_NAME)),) -isysroot $(IOS_SDKROOT) -arch -IOS_SIM_CFLAGS_PREFIX := $(if $(DEPLOYMENT_TARGET_CLANG_FLAG_NAME),-$(DEPLOYMENT_TARGET_CLANG_FLAG_NAME)=$($(DEPLOYMENT_TARGET_CLANG_ENV_NAME)),) -isysroot $(IOS_SIM_SDKROOT) -arch +MACOS_CFLAGS_PREFIX := -mmacosx-version-min=$(MACOS_DEPLOYMENT_TARGET) -isysroot $(MACOS_SDKROOT) -arch +IOS_CFLAGS_PREFIX := -miphoneos-version-min=$(IOS_DEPLOYMENT_TARGET) -isysroot $(IOS_SDKROOT) -arch +IOS_SIM_CFLAGS_PREFIX := -mios-simulator-version-min=$(IOS_DEPLOYMENT_TARGET) -isysroot $(IOS_SIM_SDKROOT) -arch GOARCH_arm64 := arm64 GOARCH_x86_64 := amd64 GOOS_macosx := darwin From a82c44853449fbc03f5465a036e29ee6a83b5dc8 Mon Sep 17 00:00:00 2001 From: mredig Date: Mon, 21 Jul 2025 14:46:16 -0500 Subject: [PATCH 11/18] (bump) deps --- WireGuardGoFoundationSource/go.mod | 4 ++-- WireGuardGoFoundationSource/go.sum | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/WireGuardGoFoundationSource/go.mod b/WireGuardGoFoundationSource/go.mod index f3d8c6d72..e29b27a4b 100644 --- a/WireGuardGoFoundationSource/go.mod +++ b/WireGuardGoFoundationSource/go.mod @@ -10,7 +10,7 @@ require ( ) require ( - golang.org/x/crypto v0.39.0 // indirect - golang.org/x/net v0.41.0 // indirect + golang.org/x/crypto v0.40.0 // indirect + golang.org/x/net v0.42.0 // indirect golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect ) diff --git a/WireGuardGoFoundationSource/go.sum b/WireGuardGoFoundationSource/go.sum index a79696aa9..39edbae43 100644 --- a/WireGuardGoFoundationSource/go.sum +++ b/WireGuardGoFoundationSource/go.sum @@ -357,6 +357,8 @@ golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE= golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc= golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= +golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= +golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -438,6 +440,8 @@ golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY= golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E= golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= +golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= +golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= From b3904af36ec851056cb03025ffb133bdd151a79c Mon Sep 17 00:00:00 2001 From: Anka Date: Mon, 21 Jul 2025 19:58:55 +0000 Subject: [PATCH 12/18] Release 0.0.3 --- Package.swift | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Package.swift b/Package.swift index 4d0683746..c62ba5a7a 100644 --- a/Package.swift +++ b/Package.swift @@ -3,8 +3,8 @@ import PackageDescription -let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.2/WireGuardGoFoundation.xcframework.zip" -let checksum = "f38defab96c3f2a5381f7a6cde3b4635c5da8378a254c65801b99fa3a6288020" +let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.3/WireGuardGoFoundation.xcframework.zip" +let checksum = "362d73517fd8d97081dda73351fb949482afdf046350f1126407bd088aecde03" let package = Package( name: "WireGuardKit", From 8eac68d1a115570cc0a95546ba610061641c12e6 Mon Sep 17 00:00:00 2001 From: Daniel Anderson Date: Thu, 24 Jul 2025 10:37:11 -0600 Subject: [PATCH 13/18] Add GOOS_iphonesimulator to Makefile to build a simulator compatible slice --- WireGuardGoFoundationSource/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/WireGuardGoFoundationSource/Makefile b/WireGuardGoFoundationSource/Makefile index 9b7064850..03a410377 100644 --- a/WireGuardGoFoundationSource/Makefile +++ b/WireGuardGoFoundationSource/Makefile @@ -43,7 +43,7 @@ GOARCH_arm64 := arm64 GOARCH_x86_64 := amd64 GOOS_macosx := darwin GOOS_iphoneos := ios -# There's no GOOS_iphonesimulator value here. I don't know what it would be, but I also don't know if it's needed? +GOOS_iphonesimulator := ios # -- CONVENIENCE From a35a1d8d93e2f06636504ca81efb1a96f116e406 Mon Sep 17 00:00:00 2001 From: Anka Date: Thu, 24 Jul 2025 16:40:58 +0000 Subject: [PATCH 14/18] Release 0.0.4-test --- Package.swift | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Package.swift b/Package.swift index c62ba5a7a..418a25364 100644 --- a/Package.swift +++ b/Package.swift @@ -3,8 +3,8 @@ import PackageDescription -let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.3/WireGuardGoFoundation.xcframework.zip" -let checksum = "362d73517fd8d97081dda73351fb949482afdf046350f1126407bd088aecde03" +let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.4-test/WireGuardGoFoundation.xcframework.zip" +let checksum = "71a98ca9807756b007f7c8a31bce2618a7f5ff1c43569c8106cfb365a8d5582b" let package = Package( name: "WireGuardKit", From e4d9ec63cfc998cd1a970f83c1a23a6e390e4657 Mon Sep 17 00:00:00 2001 From: Anka Date: Thu, 24 Jul 2025 16:43:39 +0000 Subject: [PATCH 15/18] Release 0.0.4 --- Package.swift | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Package.swift b/Package.swift index 418a25364..581f8774d 100644 --- a/Package.swift +++ b/Package.swift @@ -3,8 +3,8 @@ import PackageDescription -let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.4-test/WireGuardGoFoundation.xcframework.zip" -let checksum = "71a98ca9807756b007f7c8a31bce2618a7f5ff1c43569c8106cfb365a8d5582b" +let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.4/WireGuardGoFoundation.xcframework.zip" +let checksum = "167f19a1584e25cd64e2b8cb23d44c6dc7d890435db78da0da50120503ffa492" let package = Package( name: "WireGuardKit", From adf8a964035a98fe331418b4eada84d0ca64bcf7 Mon Sep 17 00:00:00 2001 From: Daniel Anderson Date: Mon, 8 Sep 2025 11:25:32 -0600 Subject: [PATCH 16/18] (fix) allow the backendVersion to be accessed for logging --- Sources/WireGuardKit/WireGuardAdapter.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/WireGuardKit/WireGuardAdapter.swift b/Sources/WireGuardKit/WireGuardAdapter.swift index 34719cb86..c30bb05b6 100644 --- a/Sources/WireGuardKit/WireGuardAdapter.swift +++ b/Sources/WireGuardKit/WireGuardAdapter.swift @@ -90,7 +90,7 @@ public class WireGuardAdapter { } /// Returns a WireGuard version. - class var backendVersion: String { + public var backendVersion: String { guard let ver = wgVersion() else { return "unknown" } let str = String(cString: ver) free(UnsafeMutableRawPointer(mutating: ver)) From 80d3b9ffaf6cc920e4ef1de38d24777d1bb32f32 Mon Sep 17 00:00:00 2001 From: Anka Date: Mon, 8 Sep 2025 17:29:46 +0000 Subject: [PATCH 17/18] Release 0.0.5 --- Package.swift | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Package.swift b/Package.swift index 581f8774d..66d6e75b3 100644 --- a/Package.swift +++ b/Package.swift @@ -3,8 +3,8 @@ import PackageDescription -let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.4/WireGuardGoFoundation.xcframework.zip" -let checksum = "167f19a1584e25cd64e2b8cb23d44c6dc7d890435db78da0da50120503ffa492" +let url = "https://github.com/ridgelineinternational/wireguard-apple-xcframework/releases/download/0.0.5/WireGuardGoFoundation.xcframework.zip" +let checksum = "3d63cd7031fbb34ea48ce0dde8bd8c2cbec79695f98c6f0351aecaff1fca51c3" let package = Package( name: "WireGuardKit", From c4a6c32d47924df4442a662c0f5146488dc63ab7 Mon Sep 17 00:00:00 2001 From: Daniel Anderson Date: Mon, 8 Sep 2025 11:38:27 -0600 Subject: [PATCH 18/18] (fix) rolling back unused change --- Sources/WireGuardKit/WireGuardAdapter.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/WireGuardKit/WireGuardAdapter.swift b/Sources/WireGuardKit/WireGuardAdapter.swift index c30bb05b6..34719cb86 100644 --- a/Sources/WireGuardKit/WireGuardAdapter.swift +++ b/Sources/WireGuardKit/WireGuardAdapter.swift @@ -90,7 +90,7 @@ public class WireGuardAdapter { } /// Returns a WireGuard version. - public var backendVersion: String { + class var backendVersion: String { guard let ver = wgVersion() else { return "unknown" } let str = String(cString: ver) free(UnsafeMutableRawPointer(mutating: ver))