tailscale

Commit Graph

Author	SHA1	Message	Date
Will Norris	3ec5be3f51	all: remove AUTHORS file and references to it This file was never truly necessary and has never actually been used in the history of Tailscale's open source releases. A Brief History of AUTHORS files --- The AUTHORS file was a pattern developed at Google, originally for Chromium, then adopted by Go and a bunch of other projects. The problem was that Chromium originally had a copyright line only recognizing Google as the copyright holder. Because Google (and most open source projects) do not require copyright assignemnt for contributions, each contributor maintains their copyright. Some large corporate contributors then tried to add their own name to the copyright line in the LICENSE file or in file headers. This quickly becomes unwieldy, and puts a tremendous burden on anyone building on top of Chromium, since the license requires that they keep all copyright lines intact. The compromise was to create an AUTHORS file that would list all of the copyright holders. The LICENSE file and source file headers would then include that list by reference, listing the copyright holder as "The Chromium Authors". This also become cumbersome to simply keep the file up to date with a high rate of new contributors. Plus it's not always obvious who the copyright holder is. Sometimes it is the individual making the contribution, but many times it may be their employer. There is no way for the proejct maintainer to know. Eventually, Google changed their policy to no longer recommend trying to keep the AUTHORS file up to date proactively, and instead to only add to it when requested: https://opensource.google/docs/releasing/authors. They are also clear that: > Adding contributors to the AUTHORS file is entirely within the > project's discretion and has no implications for copyright ownership. It was primarily added to appease a small number of large contributors that insisted that they be recognized as copyright holders (which was entirely their right to do). But it's not truly necessary, and not even the most accurate way of identifying contributors and/or copyright holders. In practice, we've never added anyone to our AUTHORS file. It only lists Tailscale, so it's not really serving any purpose. It also causes confusion because Tailscalars put the "Tailscale Inc & AUTHORS" header in other open source repos which don't actually have an AUTHORS file, so it's ambiguous what that means. Instead, we just acknowledge that the contributors to Tailscale (whoever they are) are copyright holders for their individual contributions. We also have the benefit of using the DCO (developercertificate.org) which provides some additional certification of their right to make the contribution. The source file changes were purely mechanical with: git ls-files \| xargs sed -i -e 's/$Tailscale Inc &$ AUTHORS/\1 contributors/g' Updates #cleanup Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	1 week ago
Brad Fitzpatrick	0ff474ff37	all: fix new lint warnings from bumping staticcheck In prep for updating to new staticcheck required for Go 1.23. Updates #12912 Change-Id: If77892a023b79c6fa798f936fc80428fd4ce0673 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	4b6a0c42c8	safesocket: add ConnectContext This adds a variant for Connect that takes in a context.Context which allows passing through cancellation etc by the caller. Updates tailscale/corp#18266 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Andrew Lytvynov	2e956713de	safesocket: remove ConnectionStrategy (#10662 ) This type seems to be a migration shim for TCP tailscaled sockets (instead of unix/windows pipes). The `port` field was never set, so it was effectively used as a string (`path` field). Remove the whole type and simplify call sites to pass the socket path directly to `safesocket.Connect`. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Skip Tavakkolian	6fd1961cd7	safesocket, paths: add Plan 9 support Updates #5794 Change-Id: I69150ec18d101f55baabb38613512cde858447cb Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Skip Tavakkolian <skip.tavakkolian@gmail.com>	2 years ago
Maisem Ali	4441609d8f	safesocket: remove the now unused WindowsLocalPort Also drop the port param from safesocket.Listen. #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Will Norris	71029cea2d	all: update copyright and license headers This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com>	3 years ago
Brad Fitzpatrick	0cb2ccce7f	safesocket: remove the IPN protocol support Updates #6417 Change-Id: I78908633de842d83b2cc8b10a864a0f88ab1b113 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	da8def8e13	all: remove old +build tags The //go:build syntax was introduced in Go 1.17: https://go.dev/doc/go1.17#build-lines gofmt has kept the +build and go:build lines in sync since then, but enough time has passed. Time to remove them. Done with: perl -i -npe 's,^// \+build.*\n,,' $(git grep -l -F '+build') Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	116f55ff66	all: gofmt for Go 1.19 Updates #5210 Change-Id: Ib02cd5e43d0a8db60c1f09755a8ac7b140b670be Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	21413392cf	safesocket: fix CLI on standalone mac GUI build Tested three macOS Tailscale daemons: - App Store (Network Extension) - Standalone (macsys) - tailscaled And two types of local IPC each: - IPN - HTTP And two CLI modes: - sandboxed (running the GUI binary as the CLI; normal way) - open source CLI hitting GUI (with #4525) Bonus: simplifies the code. Fixes tailscale/corp#4559 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	63cd581c3f	safesocket: add ConnectionStrategy, provide control over fallbacks `fee2d9fad` added support for cmd/tailscale to connect to IPNExtension. It came in two parts: If no socket was provided, dial IPNExtension first, and also, if dialing the socket failed, fall back to IPNExtension. The second half of that support caused the integration tests to fail when run on a machine that was also running IPNExtension. The integration tests want to wait until the tailscaled instances that they spun up are listening. They do that by dialing the new instance. But when that dial failed, it was falling back to IPNExtension, so it appeared (incorrectly) that tailscaled was running. Hilarity predictably ensued. If a user (or a test) explicitly provides a socket to dial, it is a reasonable assumption that they have a specific tailscaled in mind and don't want to fall back to IPNExtension. It is certainly true of the integration tests. Instead of adding a bool to Connect, split out the notion of a connection strategy. For now, the implementation remains the same, but with the details hidden a bit. Later, we can improve that. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	0edd2d1cd5	safesocket: add js/wasm implementation with in-memory net.Conn Updates #3157 Change-Id: Ia35b1e259011fb86f8c4e01f62146f9fd4c9b7c6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	2ce5fc7b0a	safesocket: fail early on js/wasm Updates #3157 Change-Id: Ib78efb3b1ba34ca4fb34296033b95327188774a7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
slowy07	ac0353e982	fix: typo spelling grammar Signed-off-by: slowy07 <slowy.arfy@gmail.com>	5 years ago
Josh Bleecher Snyder	a5da4ed981	all: gofmt with Go 1.17 This adds "//go:build" lines and tidies up existing "// +build" lines. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	5 years ago
Josh Bleecher Snyder	130c5e727b	safesocket: reduce log spam while running integration tests Instead of logging lsof execution failures to stdout, incorporate them into the returned error. While we're here, make it clear that the file success case always returns a nil error. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	5 years ago
Brad Fitzpatrick	be779b3587	safesocket, ipn/ipnserver: unify peercred info, fix bug on FreeBSD etc FreeBSD wasn't able to run "tailscale up" since the recent peercred refactoring. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 years ago
Brad Fitzpatrick	d3efe8caf6	safesocket, ipn/ipnserver: look up peer creds on Darwin And open up socket permissions like Linux, now that we know who connections are from. This uses the new inet.af/peercred that supports Linux and Darwin at the moment. Fixes #1347 Fixes #1348 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 years ago
Brad Fitzpatrick	bbb4631e04	safesocket, wgengine: add some darwin failure diagnostic hints	5 years ago
Brad Fitzpatrick	914a486af6	safesocket: refactor macOS auth code, pull out separate LocalTCPPortAndToken	5 years ago
Brad Fitzpatrick	54d0d83b67	safesocket: on Linux, make /var/run/tailscale be 0755 Continuation of earlier two umask changes, `5611f290eb` and `d6e9fb1df0`. This change mostly affects us, running tailscaled as root by hand (wit a umask of 0077), not under systemd. End users running tailscaled under systemd won't have a umask. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 years ago
Brad Fitzpatrick	5611f290eb	ipn, ipnserver: only require sudo on Linux for mutable CLI actions This partially reverts `d6e9fb1df0`, which modified the permissions on the tailscaled Unix socket and thus required "sudo tailscale" even for "tailscale status". Instead, open the permissions back up (on Linux only) but have the server look at the peer creds and only permit read-only actions unless you're root. In the future we'll also have a group that can do mutable actions. On OpenBSD and FreeBSD, the permissions on the socket remain locked down to 0600 from `d6e9fb1df0`. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 years ago
Brad Fitzpatrick	d6e9fb1df0	all: adjust Unix permissions for those without umasks Fixes tailscale/corp#1165 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 years ago
Brad Fitzpatrick	d8e67ca2ab	safesocket: gofmt gofmt differences between versions :(	6 years ago
Brad Fitzpatrick	f562c35c0d	safesocket: support connecting to Mac TCP server from within App Sandbox	6 years ago
Brad Fitzpatrick	5362e952e1	safesocket: gofmt Was developed on a random machine without my normal environment.	6 years ago
Brad Fitzpatrick	fee2d9fad4	safesocket: connect to the macOS network extension on darwin (as last resort) (For cmd/tailscale CLI support on macOS) Signed-off-by: Brad Fitzpatrick <brad@danga.com>	6 years ago
Brad Fitzpatrick	b3d9eab1fe	safesocket: make some effort to create parent directory of sock	6 years ago
Brad Fitzpatrick	29f7d64091	safesocket: document Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	6 years ago
David Anderson	4460bd638b	safesocket: simplify API. On unix, we want to provide a full path to the desired unix socket. On windows, currently we want to provide a TCP port, but someday we'll also provide a "path-ish" object for a named pipe. For now, simplify the API down to exactly a path and a TCP port. Signed-off-by: David Anderson <dave@natulte.net>	6 years ago
Earl Lee	a8d8b8719a	Move Linux client & common packages into a public repo.	6 years ago

32 Commits (dadf15036aba56cbe9cbf2c4f831799a07972ffd)