From 469c30c33b52626c59c5ddf2828da0921e4810b6 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Mon, 18 Jul 2022 08:47:37 -0700
Subject: [PATCH] ipn/localapi: define a cert dir for Synology DSM6

Fixes #4060

Change-Id: I5f145d4f56f6edb14825268e858d419c55918673
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 ipn/localapi/cert.go            |  9 +++++++++
 version/distro/distro.go        | 15 +++++++++++++++
 wgengine/router/router_linux.go |  6 +-----
 3 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/ipn/localapi/cert.go b/ipn/localapi/cert.go
index 26eb3650f..a088021ee 100644
--- a/ipn/localapi/cert.go
+++ b/ipn/localapi/cert.go
@@ -29,6 +29,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 	"sync"
 	"time"
@@ -37,6 +38,7 @@ import (
 	"tailscale.com/envknob"
 	"tailscale.com/ipn/ipnstate"
 	"tailscale.com/types/logger"
+	"tailscale.com/version/distro"
 )
 
 // Process-wide cache. (A new *Handler is created per connection,
@@ -53,6 +55,13 @@ var (
 
 func (h *Handler) certDir() (string, error) {
 	d := h.b.TailscaleVarRoot()
+
+	// As a workaround for Synology DSM6 not having a "var" directory, use the
+	// app's "etc" directory (on a small partition) to hold certs at least.
+	// See https://github.com/tailscale/tailscale/issues/4060#issuecomment-1186592251
+	if d == "" && runtime.GOOS == "linux" && distro.Get() == distro.Synology && distro.DSMVersion() == 6 {
+		d = "/var/packages/Tailscale/etc" // base; we append "certs" below
+	}
 	if d == "" {
 		return "", errors.New("no TailscaleVarRoot")
 	}
diff --git a/version/distro/distro.go b/version/distro/distro.go
index d5c9a201f..df97327a4 100644
--- a/version/distro/distro.go
+++ b/version/distro/distro.go
@@ -8,6 +8,7 @@ package distro
 import (
 	"os"
 	"runtime"
+	"strconv"
 	"sync/atomic"
 )
 
@@ -94,3 +95,17 @@ func freebsdDistro() Distro {
 	}
 	return ""
 }
+
+// DSMVersion reports the Synology DSM major version.
+//
+// If not Synology, it reports 0.
+func DSMVersion() int {
+	if runtime.GOOS != "linux" {
+		return 0
+	}
+	if Get() != Synology {
+		return 0
+	}
+	v, _ := strconv.Atoi(os.Getenv("SYNOPKG_DSM_VERSION_MAJOR"))
+	return v
+}
diff --git a/wgengine/router/router_linux.go b/wgengine/router/router_linux.go
index 687cc411b..8925aae16 100644
--- a/wgengine/router/router_linux.go
+++ b/wgengine/router/router_linux.go
@@ -182,11 +182,7 @@ func useAmbientCaps() bool {
 	if distro.Get() != distro.Synology {
 		return false
 	}
-	v, err := strconv.Atoi(os.Getenv("SYNOPKG_DSM_VERSION_MAJOR"))
-	if err != nil {
-		return false
-	}
-	return v >= 7
+	return distro.DSMVersion() >= 7
 }
 
 var forceIPCommand = envknob.Bool("TS_DEBUG_USE_IP_COMMAND")