1. 52

I’d like to do a kernel implementation for OpenBSD sometime down the line, but for now we at least have some functional userspace code that’s working quite well on OpenBSD 6.3. Hopefully somebody will put it into ports.

The brave of you can install it now with this flamebait curl|sh invocation:

# curl https://xn--4db.cc/IKuBc62Z | sh
  1.  

  2. 5

    As exciting as this is, I’m wary about dependency in GNU tools, even though I understand providing an opembsd-culture-friendly implementation would require extra work and could be a nightmare maintainance, with two different codebases for shell scripts, but perhaps gmake could be replaced with something portable.

    1. 12

      This version of Wireguard was written in go, which means it can run on exactly 2 (amd64, i386) of the 13 platforms supported by OpenBSD.

      The original Wireguard implementation written in C is a Linux kernel module.

      A dependency on gmake is the least of all portability worries in this situation.

      1. 18

        While it’s unfortunate that Go on OpenBSD only supports 386 and amd64, Go does support more architectures that are also supported by OpenBSD, specifically arm64 (I wrote the port), arm, mips, power, mips. I have also implemented Go support for sparc64, but for various reasons this wasn’t integrated upstream.

        Go also supports power, and it used to run on the power machines supported by OpenBSD, but sadly now it only runs on more modern power machines, which I believe are not supported by OpenBSD. However, it would be easy to revert the changes that require more modern power machines. There’s nothing fundamental about them, just that the IBM maintainer refused to support such old machines.

        Since Go support both OpenBSD and the architectures mentioned, adding support in Go for OpenBSD+$GOARCH is about a few hours of work, so if there is interest there would not be any problem implementing this.

        I can help and offer advice if anyone is willing to do the work.

        1. 3

          Thanks for your response! I didn’t know that go supports so many platforms.

          Go support for sparc64, but for various reasons this wasn’t integrated

          Let me guess: Nobody wanted to pay the steep electricity bill required to keep a beefy sparc64 machine running?

          1. 23

            No, that wasn’t the problem. The problem was that my contract with Oracle (who paid me for the port) had simply run out of time before we had a chance to integrate.

            Development took longer then expected (because SPARC is like that). In fact it took about three times longer than developing the arm64 port. The lower level bits of the Go implementation have been under a constant churn which prevented us from merging the port because we were never quite synced up with upstream. We were playing a whack’a’mole game with upstream. As soon as we merged the latest changes, upstream had diverged again. In the end my contract with Oracle had finished before we were able to merge.

            This could all have been preventable if Google had let us have a dev.sparc64 branch, but because Google is Google, only Google is allowed to have upstream branches. All other development must happen at tip (impossible for big projects like this, also disallowed by internal Go rules), or in forks that then have to keep up.

            The Go team uses automated refactoring tools, or sometimes even basic scripts to do large scale refactoring. As we didn’t have access to any of these tools, we had to do the equivalent changes on our side manually, which took a lot of time and effort. If we had an upstream branch, whoever did these refactorings could have simply used the same tools on our code and we would have been good.

            I estimate we spent more effort trying to keep up with upstream than actually developing the sparc support.

            As for paying for electricity, Oracle donated one of the first production SPARC S7-2 machines (serial number less than 100) to the Go project. Google refused to pay for hosting this machine (that’s why it’s still sitting next to me as I type this).

            In my opinion after being involved with Go since the day of the public release, I’d say the Go team at Google is unfortunately very unsympathetic to large scale work done by non-Google people. Not actively hostile. They thanked me for the arm64 port, and I’m sure they are happy somebody did that work, but indirectly hostile in the sense that the way the Go team operates is not compatible with large scale outside contributions.

            1. 1

              Having to manually follow automated tools has to suck. I’d be overwhelmed by the tedium or get side-tracked trying to develop my own or something. Has anyone attempted a Go-to-C compiler developed to attempt to side-step all these problems? I originally thought something like that would be useful just to accelerate all the networking stuff being done in Go.

              1. 2

                There is gccgo, which is a frontend for gcc. Not quite a transpiler but it does support more architectures than the official compiler.

                1. 1

                  Yeah, that sounds good. It might have a chance of performing better, too. The thing working against that is the Go compiler is designed for optimizing that language with the gccgo just being coopted. Might be interesting to see if any of the servers or whatever perform better with gccgo. I’d lean toward LLVM, though, given it seems more optimization research goes into it.

                2. 2

                  The Go team wrote such a (limited) transpiler to convert the Go compiler itself from C to Go.

                  edit: sorry, I misread your comment - you asked for Go 2 C, not the other way around.

                  1. 1

                    Hey, that’s really cool, too! Things like that might be a solution to security of legacy code whose language isn’t that important.

              2. 1

                But these people are probably more than comfortable with cryptocurrency mining 🙃

              3. 3

                Go also supports power, and it used to run on the power machines supported by OpenBSD, but sadly now it only runs on more modern power machines, which I believe are not supported by OpenBSD. However, it would be easy to revert the changes that require more modern power machines. There’s nothing fundamental about them, just that the IBM maintainer refused to support such old machines.

                The really stupid part is that Go since 1.9 requires POWER8…. even on big endian systems, which is very pointless because most running big endian PPC is doing it on pre-POWER8 systems (there’s still a lot!) or a big endian only OS. (AIX and OS/400) You tell upstream, but they just shrug at you.

                1. 3

                  I fought against that change, but lost.

                2. 2

                  However, it would be easy to revert the changes that require more modern power machines.

                  Do you have a link to a revision number or source tree which has the code to revert? I still use a macppc (32 bit) that I’d love to use Go on.

                  1. 3

                    See issue #19074. Apparently someone from Debian already maintains a POWER5 branch.

                    Unfortunately that won’t help you though. Sorry for speaking too soon. We only ever supported 64 bit power. If macppc is a 32-bit port, this won’t work for you, sorry.

                    1. 3

                      OpenBSD/macppc is indeed 32-bit.

                      I kinda wonder if say, an OpenBSD/power port is feasible; fast-ish POWER6 hardware is getting cheap (like 200$) used and not hard to find. (and again, all pre-P8 POWER HW in 64-bit mode is big endian only) It all depends on developer interest…

                      1. 3

                        Not to mention that one Talos board was closer to two grand than eight or ten. Someone could even sponsor the OpenBSD port by buying some dev’s the base model.

                        1. 3

                          Yeah, thankfully you can still run ppc64be stuff on >=P8 :)

                3. 2

                  This version of Wireguard was written in go, which means it can run on exactly 2 (amd64, i386)

                  That and syspatch make me regret of buying EdgeRouter Lite instead of saving up for an apu2.

                4. 2

                  I’m a bit off with the dependency of bash on all platforms. Can’t this be achieved with a more portable script instead (POSIX-sh)?

                  1. 3

                    You don’t have to use wg-quick(8) – the thing that uses bash. You can instead set things up manually (which is really easy; wireguard is very simple after all), and just use wg(8) which only depends on libc.

                    1. 2

                      I think the same as you, I’m sure it is possibe to achieve same results using portable scripts. I’m aware of the conviniences bash offers, but it is big, slow, and prompt to bugs.