On Tue, May 12, 2020 at 12:37 AM Theo de Raadt <dera...@openbsd.org> wrote: > > Jason A. Donenfeld <ja...@zx2c4.com> wrote: > > > On Mon, May 11, 2020 at 11:03:45PM -0600, Jason A. Donenfeld wrote: > > > I plan to publish some easy one-click > > > scripts for users to mess around with the kernel support while we're > > > working through it here on the list. > > > > While tailing my opensmtpd log waiting for the mailing list server to > > release it's graylist, aforementioned script came to be. As root on the > > latest snapshot, run: > > > > ftp -o - https://git.zx2c4.com/wireguard-openbsd/plain/quickbuilder.sh | > > sh > > > > The "ftp|sh" idiom is dumb and you can do better, and feel free to do > > something safer with the same idiom inside that script. But anyway, if > > you get past that, reboot, and then you can use wg(8), wg-quick(8), and > > `ifconfig wg0 create` like normal. > > > > This should allow for some quick and dirty testing of this, if folks > > here are curious or eager to play around. > > The safest way is an attached tarball, so that users don't need to hit > the "rm -rf ~/ / &" that your server decides to send in the future to > all or specific people. It isn't a matter of trust, it is simply that > '|sh' is the new "shar", we are no longer living in that safer time.
Fair enough. Piping the internet to sh is rarely a good idea indeed. Matt's got a full build hosted that can be sysupgrade(8)'d to and verified with his signify key like usual. That might be a good idea. Jason
