tailscale

Commit Graph

Author	SHA1	Message	Date
Percy Wegmann	3088c6105e	go.mod: pull in latest github.com/tailscale/xnet This picks up https://github.com/tailscale/xnet/pull/1 so that clients can move files even when holding only a lock for the source file. Updates #12941 Signed-off-by: Percy Wegmann <percy@tailscale.com>	1 year ago
Irbe Krumina	c5623e0471	go.{mod,sum},tstest/tools,k8s-operator,cmd/k8s-operator: autogenerate CRD API docs (#12884 ) Re-instates the functionality that generates CRD API docs, but using a different library as the one we were using earlier seemed to have some issues with its Git history. Also regenerates the docs (make kube-generate-all). Updates tailscale/tailscale#12859 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Irbe Krumina	0f57b9340b	cmd/k8s-operator,tstest,go.{mod,sum}: remove fybrik.io/crdoc dependency (#12862 ) Remove fybrik.io/crdoc dependency as it is causing issues for folks attempting to vendor tailscale using GOPROXY=direct. This means that the CRD API docs in ./k8s-operator/api.md will no longer be generated- I am going to look at replacing it with another tool in a follow-up. Updates tailscale/tailscale#12859 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Brad Fitzpatrick	c6af5bbfe8	all: add test for package comments, fix, add comments as needed Updates #cleanup Change-Id: Ic4304e909d2131a95a38b26911f49e7b1729aaef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	2238ca8a05	go.mod: bump bart Updates #bart Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	c4b20c5411	go.mod: bump github.com/tailscale/wireguard-go Updates tailscale/corp#20732 Change-Id: Ic0272fe9a226afef4e23dfca5da8cd1d550c1cd6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Tom Proctor	d15250aae9	go.{mod,sum}: bump mkctr (#12654 ) go get github.com/tailscale/mkctr@main Pulls in changes to support a local target that only pushes a single-platform image to the machine's local image store. Fixes tailscale/mkctr#18 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>	1 year ago
Jordan Whited	0bb82561ba	go.mod: update wireguard-go (#12645 ) This pulls in device.WaitPool fixes from tailscale/wireguard-go@1e08883 and tailscale/wireguard-go@cfa4567. Updates tailscale/corp#21095 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
dependabot[bot]	94defc4056	build(deps): bump golang.org/x/image from 0.15.0 to 0.18.0 Bumps [golang.org/x/image](https://github.com/golang/image) from 0.15.0 to 0.18.0. - [Commits](https://github.com/golang/image/compare/v0.15.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/image dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
Jordan Whited	94415e8029	cmd/stunstamp: remove sqlite DB and API (#12604 ) stunstamp now sends data to Prometheus via remote write, and Prometheus can serve the same data. Retaining and cleaning up old data in sqlite leads to long probing pauses, and it's not worth investing more effort to optimize the schema and/or concurrency model. Updates tailscale/corp#20344 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Tom Proctor	3099323976	cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463 ) Adds a new TailscaleProxyReady condition type for use in corev1.Service conditions. Also switch our CRDs to use metav1.Condition instead of ConnectorCondition. The Go structs are seralized identically, but it updates some descriptions and validation rules. Update k8s controller-tools and controller-runtime deps to fix the documentation generation for metav1.Condition so that it excludes comments and TODOs. Stop expecting the fake client to populate TypeMeta in tests. See kubernetes-sigs/controller-runtime#2633 for details of the change. Finally, make some minor improvements to validation for service hostnames. Fixes #12216 Co-authored-by: Irbe Krumina <irbe@tailscale.com> Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>	1 year ago
Jordan Whited	65888d95c9	derp/xdp,cmd/xdpderper: initial skeleton (#12390 ) This commit introduces a userspace program for managing an experimental eBPF XDP STUN server program. derp/xdp contains the eBPF pseudo-C along with a Go pkg for loading it and exporting its metrics. cmd/xdpderper is a package main user of derp/xdp. Updates tailscale/corp#20689 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Irbe Krumina	3a6d3f1a5b	cmd/k8s-operator,k8s-operator,go.{mod,sum}: make individual proxy images/image pull policies configurable (#11928 ) cmd/k8s-operator,k8s-operator,go.{mod,sum}: make individual proxy images/image pull policies configurable Allow to configure images and image pull policies for individual proxies via ProxyClass.Spec.StatefulSet.Pod.{TailscaleContainer,TailscaleInitContainer}.Image, and ProxyClass.Spec.StatefulSet.Pod.{TailscaleContainer,TailscaleInitContainer}.ImagePullPolicy fields. Document that we have images in ghcr.io on the relevant Helm chart fields. Updates tailscale/tailscale#11675 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
Andrew Lytvynov	347e3f3d9a	go.mod,ipn/ipnlocal: update the ACME fork (#12343 ) Update our fork of golang.org/x/crypto to pick up a fix for ACME ARI: `3fde5e568a` Fixes #12278 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Jordan Whited	d21c00205d	cmd/stunstamp: implement service to measure DERP STUN RTT (#12241 ) stunstamp timestamping includes userspace and SO_TIMESTAMPING kernel timestamping where available. Measurements are written locally to a sqlite DB, exposed over an HTTP API, and written to prometheus via remote-write protocol. Updates tailscale/corp#20344 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Percy Wegmann	08a9551a73	ssh/tailssh: fall back to using su when no TTY available on Linux This allows pam authentication to run for ssh sessions, triggering automation like pam_mkhomedir. Updates #11854 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Andrea Gottardo	e5f67f90a2	xcode: allow ICMP ping relay on macOS + iOS platforms (#12048 ) Fixes tailscale/tailscale#10393 Fixes tailscale/corp#15412 Fixes tailscale/corp#19808 On Apple platforms, exit nodes and subnet routers have been unable to relay pings from Tailscale devices to non-Tailscale devices due to sandbox restrictions imposed on our network extensions by Apple. The sandbox prevented the code in netstack.go from spawning the `ping` process which we were using. Replace that exec call with logic to send an ICMP echo request directly, which appears to work in userspace, and not trigger a sandbox violation in the syslog. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	2 years ago
Jordan Whited	a47ce618bd	net/tstun: implement env var for disabling UDP GRO on Linux (#11924 ) Certain device drivers (e.g. vxlan, geneve) do not properly handle coalesced UDP packets later in the stack, resulting in packet loss. Updates #11026 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Andrew Lytvynov	ce5c80d0fe	clientupdate: exec systemctl instead of using dbus to restart (#11923 ) Shell out to "systemctl", which lets us drop an extra dependency. Updates https://github.com/tailscale/corp/issues/18935 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Irbe Krumina	add62af7c6	util/linuxfw,go.{mod,sum}: don't log errors when deleting non-existant chains and rules (#11852 ) This PR bumps iptables to a newer version that has a function to detect 'NotExists' errors and uses that function to determine whether errors received on iptables rule and chain clean up are because the rule/chain does not exist- if so don't log the error. Updates corp#19336 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
Andrew Lytvynov	e775de3c63	go.mod: bump golang.org/x/net (#11775 ) One more place to pick up a fix for https://pkg.go.dev/vuln/GO-2024-2687. Updates https://github.com/tailscale/corp/issues/18893 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
dependabot[bot]	449be38e03	build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#11410 ) * build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * cmd/{derper,stund}: update depaware.txt Signed-off-by: Andrew Lytvynov <awly@tailscale.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Andrew Lytvynov <awly@tailscale.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Irbe Krumina	3ef7f895c8	go.{mod,sum}: bump nftables to the latest commit (#11772 ) Updates#deps Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
Brad Fitzpatrick	a1abd12f35	cmd/tailscaled, net/tstun: build for aix/ppc64 At least in userspace-networking mode. Fixes #11361 Change-Id: I78d33f0f7e05fe9e9ee95b97c99b593f8fe498f2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	0d8cd1645a	go.mod: bump github.com/gaissmai/bart To pick up https://github.com/gaissmai/bart/pull/17. Updates #deps Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Percy Wegmann	8b8b315258	net/tstun: use gaissmai/bart instead of tempfork/device This implementation uses less memory than tempfork/device, which helps avoid OOM conditions in the iOS VPN extension when switching to a Tailnet with ExitNode routing enabled. Updates tailscale/corp#18514 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Andrew Lytvynov	1e7050e73a	go.mod: bump github.com/docker/docker (#11515 ) There's a vulnerability https://pkg.go.dev/vuln/GO-2024-2659 that govulncheck flags, even though it's only reachable from tests and cmd/sync-containers and cannot be exploited there. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Dunham	62cf83eb92	go.mod: bump gvisor The `stack.PacketBufferPtr` type no longer exists; replace it with `*stack.PacketBuffer` instead. Updates #8043 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ib56ceff09166a042aa3d9b80f50b2aa2d34b3683	2 years ago
Irbe Krumina	45d27fafd6	cmd/k8s-operator,k8s-operator,go.{mod,sum},tstest/tools: add Tailscale Kubernetes operator API docs (#11246 ) Add logic to autogenerate CRD docs. .github/workflows/kubemanifests.yaml CI workflow will fail if the doc is out of date with regard to the current CRDs. Docs can be refreshed by running make kube-generate-all. Updates tailscale/tailscale#11023 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
OSS Updater	82c569a83a	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Percy Wegmann	50fb8b9123	tailfs: replace webdavfs with reverse proxies Instead of modeling remote WebDAV servers as actual webdav.FS instances, we now just proxy traffic to them. This not only simplifies the code, but it also allows WebDAV locking to work correctly by making sure locks are handled by the servers that need to (i.e. the ones actually serving the files). Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Brad Fitzpatrick	61a1644c2a	go.mod, all: move away from inet.af domain seized by Taliban Updates inetaf/tcpproxy#39 Change-Id: I7fee276b116bd08397347c6c949011d76a2842cf Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Percy Wegmann	993acf4475	tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
OSS Updater	664b861cd4	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
James Tucker	7e3bcd297e	go.mod,wgengine/netstack: bump gvisor Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	457102d070	go.mod: bump most deps for start of cycle Plan9 CI is disabled. 3p dependencies do not build for the target. Contributor enthusiasm appears to have ceased again, and no usage has been made. Skipped gvisor, nfpm, and k8s. Updates #5794 Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
OSS Updater	d841ddcb13	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Andrew Lytvynov	4ec6a78551	go.mod: update golang-x-crypto fork (#10786 ) Pick up a bunch of recent upstream commits. Updates #8593 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
OSS Updater	e7d52eb2f8	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Irbe Krumina	e72f2b7791	go.{mod,sum}: bump mkctr (#10722 ) go get github.com/tailscale/mkctr@bf50773ba7349ced8de812c3d5437e8618bd4fa7 Updates tailscale/tailscale#9902 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
Irbe Krumina	1a08ea5990	cmd/k8s-operator: operator can create subnetrouter (#9505 ) * k8s-operator,cmd/k8s-operator,Makefile,scripts,.github/workflows: add Connector kube CRD. Connector CRD allows users to configure the Tailscale Kubernetes operator to deploy a subnet router to expose cluster CIDRs or other CIDRs available from within the cluster to their tailnet. Also adds various CRD related machinery to generate CRD YAML, deep copy implementations etc. Engineers will now have to run 'make kube-generate-all` after changing kube files to ensure that all generated files are up to date. * cmd/k8s-operator,k8s-operator: reconcile Connector resources Reconcile Connector resources, create/delete subnetrouter resources in response to changes to Connector(s). Connector reconciler will not be started unless ENABLE_CONNECTOR env var is set to true. This means that users who don't want to use the alpha Connector custom resource don't have to install the Connector CRD to their cluster. For users who do want to use it the flow is: - install the CRD - install the operator (via Helm chart or using static manifests). For Helm users set .values.enableConnector to true, for static manifest users, set ENABLE_CONNECTOR to true in the static manifest. Updates tailscale/tailscale#502 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
OSS Updater	e78cb9aeb3	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	be19262cc5	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	afe138f18d	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	552b1ad094	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	501478dcdc	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	6389322619	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Adrian Dewhurst	2003d1139f	go.mod: update certstore Updates tailscale/coral#118 Change-Id: Ie535ab890f95d13d050b2acc7d4ad1e3f8316877 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
OSS Updater	f13255d54d	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Jordan Whited	e1d0d26686	go.mod: bump wireguard-go (#10352 ) This pulls in tailscale/wireguard-go@8cc8b8b and tailscale/wireguard-go@cc193a0, which improve throughput and latency under load. Updates tailscale/corp#11061 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Percy Wegmann	17501ea31a	ci: report test coverage to coveralls.io This records test coverage for the amd64 no race tests and uploads the results to coveralls.io. Updates #cleanup Signed-off-by: Ox Cart <ox.to.a.cart@gmail.com>	2 years ago
Irbe Krumina	66471710f8	cmd/k8s-operator: truncate long StatefulSet name prefixes (#10343 ) Kubernetes can generate StatefulSet names that are too long and result in invalid Pod revision hash label values. Calculate whether a StatefulSet name generated for a Service or Ingress will be too long and if so, truncate it. Updates tailscale/tailscale#10284 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
OSS Updater	fc8488fac0	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	3402998c1c	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	146c4bacde	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Maisem Ali	7d4221c295	cmd/tsidp: add start of OIDC Tailscale IdP Updates #10263 Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> Change-Id: I240bc9b5ecf2df6f92c45929d105fde66c06a860 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
OSS Updater	063657c65f	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Tom DNetto	ce46d92ed2	go.{mod,sum}: update inet.af/tcpproxy to fix flaking test ``` [nix-shell:~/tailscale]$ ./tool/go test ./cmd/sniproxy --failfast --count 80 ok tailscale.com/cmd/sniproxy 127.085s [nix-shell:~/tailscale]$ ./tool/go test ./cmd/sniproxy --failfast --count 80 ok tailscale.com/cmd/sniproxy 127.030s ``` Fixes: #10056 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Jordan Whited	12d5c99b04	client/tailscale,ipn/{ipnlocal,localapi}: check UDP GRO config (#10071 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Will Norris	fc2d63bb8c	go.mod: updates web-client-prebuilt Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Will Norris	d530153d2f	go.mod: bump web-client-prebuilt Updates #cleanup Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Will Norris	cb07ed54c6	go.mod: update web-client-prebuilt Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
dependabot[bot]	535cb6c3f5	build(deps): bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.6+incompatible to 24.0.7+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.7) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2 years ago
Jordan Whited	bd488e4ff8	go.mod: update wireguard-go (#10046 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Jordan Whited	dd842d4d37	go.mod: update wireguard-go to enable TUN UDP GSO/GRO (#10029 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Aaron Klotz	95671b71a6	ipn, safesocket: use Windows token in LocalAPI On Windows, the idiomatic way to check access on a named pipe is for the server to impersonate the client on its current OS thread, perform access checks using the client's access token, and then revert the OS thread's access token back to its true self. The access token is a better representation of the client's rights than just a username/userid check, as it represents the client's effective rights at connection time, which might differ from their normal rights. This patch updates safesocket to do the aforementioned impersonation, extract the token handle, and then revert the impersonation. We retain the token handle for the remaining duration of the connection (the token continues to be valid even after we have reverted back to self). Since the token is a property of the connection, I changed ipnauth to wrap the concrete net.Conn to include the token. I then plumbed that change through ipnlocal, ipnserver, and localapi as necessary. I also added a PermitLocalAdmin flag to the localapi Handler which I intend to use for controlling access to a few new localapi endpoints intended for configuring auto-update. Updates https://github.com/tailscale/tailscale/issues/755 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Adrian Dewhurst	5347e6a292	control/controlclient: support certstore without cgo We no longer build Windows releases with cgo enabled, which automatically turned off certstore support. Rather than re-enabling cgo, we updated our fork of the certstore package to no longer require cgo. This updates the package, cleans up how the feature is configured, and removes the cgo build tag requirement. Fixes tailscale/corp#14797 Fixes tailscale/coral#118 Change-Id: Iaea34340761c0431d759370532c16a48c0913374 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Brad Fitzpatrick	7fd6cc3caa	go.mod: bump alexbrainman/sspi For https://github.com/alexbrainman/sspi/pull/13 Fixes #9131 (hopefully) Change-Id: I27bb00bbf5e03850f65f18c45f15c4441cc54b23 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6b1ed732df	go.mod: bump x/net to 0.17 for CVE-2023-39325 https://go.googlesource.com/net/+/b225e7ca6dde1ef5a5ae5ce922861bda011cfabd Updates tailscale/corp#15165 Change-Id: Ia8b5e16b1acfe1b2400d321034b41370396f70e2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Kristoffer Dalby	9eedf86563	posture: add get serial support for Windows/Linux This commit adds support for getting serial numbers from SMBIOS on Windows/Linux (and BSD) using go-smbios. Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2 years ago
James Tucker	41b05e6910	go.mod: bump wireguard-go Updates #9555 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	0c8c374a41	go.mod: bump all dependencies except go-billy go-billy is held back at v5.4.1 in order to avoid a newly introduced subdependency that is not compatible with plan9. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	84acf83019	go.mod,net/dnsfallback: bump go4.org/netipx Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	87bc831730	go.mod,cmd/tsconnect: bump esbuild Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	71f2c67c6b	go.mod: bump wingoes for cross-platform HRESULT definition Updates #9579 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Andrea Barisani	b5b4298325	go.mod,*: bump gvisor Updates #9253 Signed-off-by: Andrea Barisani <andrea@inversepath.com> Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Joe Tsai	36242904f1	go.mod: update github.com/go-json-experiment/json (#9508 ) Update github.com/go-json-experiment/json to the latest version and fix the build in light of some breaking API changes. Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Will Norris	652f77d236	client/web: switch to using prebuilt web client assets Updates tailscale/corp#13775 Co-authored-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Andrew Lytvynov	4e72992900	clientupdate: add linux tarball updates (#9144 ) As a fallback to package managers, allow updating tailscale that was self-installed in some way. There are some tricky bits around updating the systemd unit (should we stick to local binary paths or to the ones in tailscaled.service?), so leaving that out for now. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Brad Fitzpatrick	98a5116434	all: adjust some build tags for plan9 I'm not saying it works, but it compiles. Updates #5794 Change-Id: I2f3c99732e67fe57a05edb25b758d083417f083e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Aaron Klotz	ea693eacb6	util/winutil: add RegisterForRestart, allowing programs to indicate their preferences to the Windows restart manager In order for the installer to restart the GUI correctly post-upgrade, we need the GUI to be able to register its restart preferences. This PR adds API support for doing so. I'm adding it to OSS so that it is available should we need to do any such registrations on OSS binaries in the future. Updates https://github.com/tailscale/corp/issues/13998 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Maisem Ali	4b13e6e087	go.mod: bump golang.org/x/net Theory is that our long lived http2 connection to control would get tainted by _something_ (unclear what) and would get closed. This picks up the fix for golang/go#60818. Updates tailscale/corp#5761 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Sonia Appasamy	077bbb8403	client/web: add csrf protection to web client api Adds csrf protection and hooks up an initial POST request from the React web client. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Brad Fitzpatrick	66f27c4beb	all: require Go 1.21 Updates #8419 Change-Id: I809b6a4d59d92a2ab6ec587ccbb9053376bf02c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Lytvynov	eb6883bb5a	go.mod: upgrade nfpm to v2 (#8786 ) Upgrade the nfpm package to the latest version to pick up `24a43c5ad7`. The upgrade is from v0 to v2, so there was some breakage to fix. Generated packages should have the same contents as before. Updates https://github.com/tailscale/tailscale/issues/1882 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Aaron Klotz	37925b3e7a	go.mod, cmd/tailscaled, ipn/localapi, util/osdiag, util/winutil, util/winutil/authenticode: add Windows module list to OS-specific logs that are written upon bugreport * We update wingoes to pick up new version information functionality (See pe/version.go in the https://github.com/dblohm7/wingoes repo); * We move the existing LogSupportInfo code (including necessary syscall stubs) out of util/winutil into a new package, util/osdiag, and implement the public LogSupportInfo function may be implemented for other platforms as needed; * We add a new reason argument to LogSupportInfo and wire that into localapi's bugreport implementation; * We add module information to the Windows implementation of LogSupportInfo when reason indicates a bugreport. We enumerate all loaded modules in our process, and for each one we gather debug, authenticode signature, and version information. Fixes #7802 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Aaron Klotz	7adf15f90e	cmd/tailscale/cli, util/winutil/authenticode: flesh out authenticode support Previously, tailscale upgrade was doing the bare minimum for checking authenticode signatures via `WinVerifyTrustEx`. This is fine, but we can do better: * WinVerifyTrustEx verifies that the binary's signature is valid, but it doesn't determine whose signature is valid; tailscale upgrade should also ensure that the binary is actually signed by us. * I added the ability to check the signatures of MSI files. * In future PRs I will be adding diagnostic logging that lists details about every module (ie, DLL) loaded into our process. As part of that metadata, I want to be able to extract information about who signed the binaries. This code is modelled on some C++ I wrote for Firefox back in the day. See https://searchfox.org/mozilla-central/rev/27e4816536c891d85d63695025f2549fd7976392/toolkit/xre/dllservices/mozglue/Authenticode.cpp for reference. Fixes #8284 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
David Anderson	52212f4323	all: update exp/slices and fix call sites slices.SortFunc suffered a late-in-cycle API breakage. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
dependabot[bot]	8bdc03913c	go.mod: bump github.com/docker/distribution (#8121 ) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
Andrew Lytvynov	7a82fd8dbe	ipn/ipnlocal: add optional support for ACME Renewal Info (ARI) (#8599 )	2 years ago
Adrian Dewhurst	8c0572e088	go.mod: bump wireguard-go This pulls in IP checksum optimization on amd64, see tailscale/wireguard-go@bb2c8f2. Updates tailscale/corp#9755 Change-Id: I60e932fc4031703b56eb86a676465c5d02d99236 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Andrew Dunham	b6d20e6f8f	go.mod, net/dns/recursive: update github.com/miekg/dns Updates #cleanup Change-Id: If4de6a84448a17dd81cc2a8af788bd18c3d0bbe3 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago
Brad Fitzpatrick	67e912824a	all: adjust some build tags for wasi A start. Updates #8320 Change-Id: I64057f977be51ba63ce635c56d67de7ecec415d1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Vince Prignano	1a691ec5b2	cmd/k8s-operator: update controller-runtime to v0.15 Fixes #8170 Signed-off-by: Vince Prignano <vince@prigna.com>	3 years ago
James Tucker	5def4f4a1c	go.mod: bump goreleaser deps Periodic update for start of cycle. goreleaser is not updated to v2 yet, but indirects updated. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	3 years ago
James Tucker	48605226dd	go.mod: bump gvisor Periodic update for start of cycle. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	3 years ago
Maisem Ali	f46c1aede0	go.mod: bump k8s libs The key is to update sigs.k8s.io/controller-runtime and let it update others. Updates #8043 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Brad Fitzpatrick	9e9ea6e974	go.mod: bump all deps possible that don't break the build This holds back gvisor, kubernetes, goreleaser, and esbuild, which all had breaking API changes. Updates #8043 Updates #7381 Updates #8042 (updates u-root which adds deps) Change-Id: I889759bea057cd3963037d41f608c99eb7466a5b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
dependabot[bot]	270942094f	build(deps): bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.16+incompatible to 20.10.24+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v20.10.16...v20.10.24) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
Andrew Dunham	280255acae	various: add golangci-lint, fix issues (#7905 ) This adds an initial and intentionally minimal configuration for golang-ci, fixes the issues reported, and adds a GitHub Action to check new pull requests against this linter configuration. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8f38fbc315836a19a094d0d3e986758b9313f163	3 years ago

1 2 3 4 5 ...

475 Commits (26f31f73f4919b77e72cbe9dd62a91b5f6e36e43)