Discussion:
Bug#993985: wireguard should not depend on wireguard-dkms now that wireguard is in mainline
Add Reply
Attila Kinali
2021-09-09 10:40:01 UTC
Reply
Permalink
Source: wireguard
Severity: important

Hi,

wireguard depends on wireguard-dkms as it needs kernel modules.
But as of 5.6. wireguard has been part of mainline and people
who use newer kernels are now forced to continue to use
the dkms package and can't simply switch to the in-tree modules.

I would suggest to set wireguard-dkms to suggested.
Additionally it might be worthwhile to enable wireguard in
the debian shipped kernel package.


Attila Kinali

-- System Information:
Debian Release: 10.10
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.11.8 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Unit 193
2022-02-06 05:00:03 UTC
Reply
Permalink
Howdy,

The 'wireguard' package is a metapackage that depends on wireguard-tools and
'wireguard-modules | wireguard-dkms', and the current Debian kernels provide the
former. This means that if you install the metapackage and have a current
kernel, then only the wireguard-tools package is installed. If you for some
reason don't have a Debian kernel installed, or on a much older release, then
-dkms is pulled in.

This seems to be working as expected, and isn't pulling in -dkms on current
systems. Is there a bug in this somewhere?


Thanks,

~Unit 193
Unit193 @ Libera
Unit193 @ OFTC
Kevin P. Fleming
2023-05-02 20:40:01 UTC
Reply
Permalink
Package: wireguard-tools
Followup-For: Bug #993985

Dear Maintainer,

In Debian 11 (currently 'testing'), there are no packages which provide
'wireguard-dkms', and 'wireguard-modules' is provided by the standard 'linux-
image-<arch>' packages. As a result there is no apparent value in having
'wireguard-tools' recommend either of those.

In fact on a system which intentionally does *not* have the 'linux-
image-<arch>' package installed, installing 'wireguard-tools' will pull it in
unless the user tells it not to, and may pull it in in the future when the
'wireguard-tools' package is upgraded and 'apt upgrade' is run... unless the
user once again remember to tell 'apt' to not install recommended packages.


-- System Information:
Debian Release: 12.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-7-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages wireguard-tools depends on:
ii libc6 2.36-9

Versions of packages wireguard-tools recommends:
ii iptables 1.8.9-2
ii linux-image-amd64 [wireguard-modules] 6.1.20-2
ii nftables 1.0.6-2

Versions of packages wireguard-tools suggests:
pn openresolv | resolvconf <none>

-- no debconf information
Ben Hutchings
2024-10-18 00:30:01 UTC
Reply
Permalink
Given that Wireguard has been upstream since Linux 5.5 (more than 4
years ago), I think it really is time to assume that every kernel has
it and to stop depending (or even recommending) wireguard-modules |
wireguard-dkms.

This is continuing to cause surprising behaviour for users with custom
kernel packages that don't have that magic Provides, as seen in bug
#1085239.

Ben.
--
Ben Hutchings
The generation of random numbers is too important to be left to chance.
- Robert Coveyou
Loading...