search

infinet / xt_wgobfs

Iptables WireGuard obfuscation extension
GNU General Public License v2.0
223 stars 24 forks source link

unable to install module on Manjaro Kernel 6.1.55-1-MANJARO x86_64 #24

Closed varnie closed 5 months ago

varnie commented 11 months ago

Recently, I've discovered that I'm no longer able to 'make install' it properly. I suspect it may be related to the latest Linux update. I'm running on Kernel Kernel: 6.1.55-1-MANJARO x86_64.

Logs:

[varnie@heimdal xt_wgobfs]$ ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of gcc... none
checking for ar... ar
checking the archiver (ar) interface... ar
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for file... file
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
checking for mt... no
checking if : is a manifest tool... no
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
checking for linux/netfilter/x_tables.h... yes
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for libxtables... yes
checking Xtables module directory... /usr/lib/xtables
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating Makefile.libxt
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands
[varnie@heimdal xt_wgobfs]$ make
make -C /lib/modules/6.1.55-1-MANJARO/build M=/home/varnie/thrash/xt_wgobfs/src modules
  CC [M]  /home/varnie/thrash/xt_wgobfs/src/xt_WGOBFS_main.o
  CC [M]  /home/varnie/thrash/xt_wgobfs/src/chacha.o
  LD [M]  /home/varnie/thrash/xt_wgobfs/src/xt_WGOBFS.o
  MODPOST /home/varnie/thrash/xt_wgobfs/src/Module.symvers
  CC [M]  /home/varnie/thrash/xt_wgobfs/src/xt_WGOBFS.mod.o
  LD [M]  /home/varnie/thrash/xt_wgobfs/src/xt_WGOBFS.ko
  BTF [M] /home/varnie/thrash/xt_wgobfs/src/xt_WGOBFS.ko
make -C /home/varnie/thrash/xt_wgobfs/src -f ./../Makefile.libxt all
make[1]: Entering directory '/home/varnie/thrash/xt_wgobfs/src'
gcc -Wp,-MMD,./.libxt_WGOBFS.oo.d,-MT,libxt_WGOBFS.oo   -DPIC -fPIC  -g -O2 -o libxt_WGOBFS.oo -c libxt_WGOBFS.c 
gcc  -shared  -o libxt_WGOBFS.so libxt_WGOBFS.oo -lxtables  
make[1]: Leaving directory '/home/varnie/thrash/xt_wgobfs/src'
make  all-am
make[1]: Entering directory '/home/varnie/thrash/xt_wgobfs'
make[1]: Leaving directory '/home/varnie/thrash/xt_wgobfs'
[varnie@heimdal xt_wgobfs]$ sudo make install
[sudo] password for varnie: 
make -C /lib/modules/6.1.55-1-MANJARO/build M=/home/varnie/thrash/xt_wgobfs/src INSTALL_MOD_PATH= ext-mod-dir='${INSTALL_MOD_DIR}' modules_install
  INSTALL /lib/modules/6.1.55-1-MANJARO/extra/xt_WGOBFS.ko
  SIGN    /lib/modules/6.1.55-1-MANJARO/extra/xt_WGOBFS.ko
At main.c:167:
- SSL error:FFFFFFFF80000002:system library::No such file or directory: crypto/bio/bss_file.c:67
- SSL error:10000080:BIO routines::no such file: crypto/bio/bss_file.c:75
sign-file: ./certs/signing_key.pem
  ZSTD    /lib/modules/6.1.55-1-MANJARO/extra/xt_WGOBFS.ko.zst
  DEPMOD  /lib/modules/6.1.55-1-MANJARO
make -C /home/varnie/thrash/xt_wgobfs/src -f ./../Makefile.libxt install
make[1]: Entering directory '/home/varnie/thrash/xt_wgobfs/src'
install -pm0755 libxt_WGOBFS.so "//usr/lib/xtables"
make[1]: Leaving directory '/home/varnie/thrash/xt_wgobfs/src'
[varnie@heimdal xt_wgobfs]$

Let me know if you need any details and I will be happy to provide them. Thank you.

infinet commented 11 months ago

Looks like it requires a signing key to sign the module. You need find out how to do it on manjaro.

BrainSlayer commented 11 months ago

like with all new distributions (opensuse too) you need to disabled module signing. this means. you need to recompile the kernel and to remove all this unwanted stuff since the distribution does not provide the signing key for you

varnie commented 11 months ago

The following has solved the issue: https://github.com/NVIDIA/open-gpu-kernel-modules/pull/324/commits/9cf9ac3543f3c025e1131aa5bd0c6374fbb6d9d0 Let me quote it here:

Example how to create the certificate

mkdir -p /usr/src/$(uname -r)/certs cd /usr/src/$(uname -r)/certs echo "[ req ] default_bits = 4096 distinguished_name = req_distinguished_name prompt = no string_mask = utf8only x509_extensions = myexts

[ req_distinguished_name ] CN = Modules

[ myexts ] basicConstraints=critical,CA:FALSE keyUsage=digitalSignature subjectKeyIdentifier=hash authorityKeyIdentifier=keyid" > x509.genkey openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER -out signing_key.x509 -keyout signing_key.pem chmod a+xr . chmod a+r -R . mkdir -p /usr/lib/modules/$(uname -r)/build/certs cp -arf /usr/src/$(uname -r)/certs/* /usr/lib/modules/$(uname -r)/build/certs

No need to "recompile the kernel" mentioned above.