From 1f583a895e7a9278005fd77e7e092852d94901a1 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Wed, 31 Mar 2021 15:48:27 -0700
Subject: [PATCH] ipn/ipnlocal: stop sending machine key to frontends

We were going to remove this in Tailscale 1.3 but forgot.

This means Tailscale 1.8 users won't be able to downgrade to Tailscale
1.0, but that's fine.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 ipn/ipnlocal/local.go | 39 ---------------------------------------
 1 file changed, 39 deletions(-)

diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go
index fedd48bd3..351bf6aaa 100644
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -396,11 +396,6 @@ func (b *LocalBackend) setClientStatus(st controlclient.Status) {
 			b.prefs.Persist = st.Persist.Clone()
 		}
 	}
-	if temporarilySetMachineKeyInPersist() && b.prefs.Persist != nil &&
-		b.prefs.Persist.LegacyFrontendPrivateMachineKey.IsZero() {
-		b.prefs.Persist.LegacyFrontendPrivateMachineKey = b.machinePrivKey
-		prefsChanged = true
-	}
 	if st.NetMap != nil {
 		if b.findExitNodeIDLocked(st.NetMap) {
 			prefsChanged = true
@@ -665,12 +660,6 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
 
 	b.mu.Lock()
 	prefs := b.prefs.Clone()
-
-	if temporarilySetMachineKeyInPersist() && prefs.Persist != nil &&
-		prefs.Persist.LegacyFrontendPrivateMachineKey.IsZero() {
-		prefs.Persist.LegacyFrontendPrivateMachineKey = b.machinePrivKey
-	}
-
 	b.mu.Unlock()
 
 	blid := b.backendLogID
@@ -970,17 +959,6 @@ func (b *LocalBackend) popBrowserAuthNow() {
 // b.stateKey should be set too, but just for nicer log messages.
 // b.mu must be held.
 func (b *LocalBackend) initMachineKeyLocked() (err error) {
-	if temporarilySetMachineKeyInPersist() {
-		defer func() {
-			if err != nil {
-				return
-			}
-			if b.prefs != nil && b.prefs.Persist != nil {
-				b.prefs.Persist.LegacyFrontendPrivateMachineKey = b.machinePrivKey
-			}
-		}()
-	}
-
 	if !b.machinePrivKey.IsZero() {
 		// Already set.
 		return nil
@@ -1991,23 +1969,6 @@ func (b *LocalBackend) TestOnlyPublicKeys() (machineKey tailcfg.MachineKey, node
 	return tailcfg.MachineKey(mk), tailcfg.NodeKey(nk)
 }
 
-// temporarilySetMachineKeyInPersist reports whether we should set
-// the machine key in Prefs.Persist.LegacyFrontendPrivateMachineKey
-// for the frontend to write out to its preferences for use later.
-//
-// TODO: remove this in Tailscale 1.3.x (so it effectively always
-// returns false). It just exists so users can downgrade from 1.2.x to
-// 1.0.x.  But eventually we want to stop sending the machine key to
-// clients. We can't do that until 1.0.x is no longer supported.
-func temporarilySetMachineKeyInPersist() bool {
-	switch runtime.GOOS {
-	case "darwin", "ios", "android":
-		// iOS, macOS, Android users can't downgrade anyway.
-		return false
-	}
-	return true
-}
-
 func (b *LocalBackend) WaitingFiles() ([]WaitingFile, error) {
 	b.mu.Lock()
 	apiSrv := b.peerAPIServer