feat(ci): Bump to upstream 1.92.5 #30
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Nick Khyl <nickk@tailscale.com>
…7524) This does not change which subscriptions are made, it only swaps them to use the SubscribeFunc API instead of Subscribe. Updates tailscale#15160 Updates tailscale#17487 Change-Id: Id56027836c96942206200567a118f8bcf9c07f64 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>
…cale#17595) If users start the application with sudo, DBUS is likely not available or will not have the correct endpoints. We want to warn users when doing this. Closes tailscale#17593 Signed-off-by: Claus Lensbøl <claus@tailscale.com>
…node (tailscale#17577) Service hosts must be tagged nodes, meaning it is only valid to advertise a Service from a machine which has at least one ACL tag. Fixes tailscale/corp#33197 Signed-off-by: Harry Harpham <harry@tailscale.com>
Updates tailscale/corp#31017 Signed-off-by: Alex Chan <alexc@tailscale.com>
* When we do the TKA sync, log whether TKA is enabled and whether
we want it to be enabled. This would help us see if a node is
making bootstrap errors.
* When we fail to look up an AUM locally, log the ID of the AUM
rather than a generic "file does not exist" error.
These AUM IDs are cryptographic hashes of the TKA state, which
itself just contains public keys and signatures. These IDs aren't
sensitive and logging them is safe.
Signed-off-by: Alex Chan <alexc@tailscale.com>
Updates tailscale/corp#33594
Fixes tailscale#17600 Signed-off-by: Alex Chan <alexc@tailscale.com>
Updates tailscale#15627 Signed-off-by: Alex Chan <alexc@tailscale.com>
This reformats the existing text to have line breaks at sentences. This commit contains no textual changes to the code of conduct, but is done to make any subsequent changes easier to review. (sembr.org) Also apply prettier formatting for consistency. Updates #cleanup Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>
Updates #cleanup Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>
Check that the TPM we have opened is advertised as a 2.0 family device before using it for state sealing / hardware attestation. Updates tailscale#17622 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
On some platforms e.g. ChromeOS the owner hierarchy might not always be available to us. To avoid stale sealing exceptions later we probe to confirm it's working rather than rely solely on family indicator status. Updates tailscale#17622 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
This fixes a regression from dd615c8 that moved the newIPTablesRunner constructor from a any-Linux-GOARCH file to one that was only amd64 and arm64, thus breaking iptables on other platforms (notably 32-bit "arm", as seen on older Pis running Buster with iptables) Tested by hand on a Raspberry Pi 2 w/ Buster + iptables for now, for lack of automated 32-bit arm tests at the moment. But filed tailscale#17629. Fixes tailscale#17623 Updates tailscale#17629 Change-Id: Iac1a3d78f35d8428821b46f0fed3f3717891c1bd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
If you run tailscaled without passing a `--statedir`, Tailnet Lock is
unavailable -- we don't have a folder to store the AUMs in.
This causes a lot of unnecessary requests to bootstrap TKA, because
every time the node receives a NetMap with some TKA state, it tries to
bootstrap, fetches the bootstrap TKA state from the control plane, then
fails with the error:
TKA sync error: bootstrap: network-lock is not supported in this
configuration, try setting --statedir
We can't prevent the error, but we can skip the control plane request
that immediately gets dropped on the floor.
In local testing, a new node joining a tailnet caused *three* control
plane requests which were unused.
Updates tailscale/corp#19441
Signed-off-by: Alex Chan <alexc@tailscale.com>
…lscale#17637) This compares the warnings we actually care about and skips the unstable warnings and the changes with no warnings. Fixes tailscale#17635 Signed-off-by: Claus Lensbøl <claus@tailscale.com>
…e#17640) Updates tailscale#17638 Signed-off-by: Claus Lensbøl <claus@tailscale.com>
…#17639) When the eventbus is enabled, set up the subscription for change deltas at the beginning when the client is created, rather than waiting for the first awaitInternetUp check. Otherwise, it is possible for a check to race with the client close in Shutdown, which triggers a panic. Updates tailscale#17638 Change-Id: I461c07939eca46699072b14b1814ecf28eec750c Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>
Temporarily back out the TPM-based hw attestation code while we debug Windows exceptions. Updates tailscale/corp#31269 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
…#17666) Updates tailscale#9192 Signed-off-by: mcoulombe <max@tailscale.com>
…tence (tailscale#17610) Updates tailscale#16524 Updates jetkvm/rv1106-system#34 Signed-off-by: srwareham <ebriouscoding@gmail.com>
Updates tailscale/corp/#28372 Signed-off-by: Gesa Stupperich <gesa@tailscale.com>
Given that we filter based on the usercaps argument now, truncation should not be necessary anymore. Updates tailscale/corp/#28372 Signed-off-by: Gesa Stupperich <gesa@tailscale.com>
Also consolidates variable and header naming and amends the CLI behavior * multiple app-caps have to be specified as comma-separated list * simple regex-based validation of app capability names is carried out during flag parsing Signed-off-by: Gesa Stupperich <gesa@tailscale.com>
…ilscale#17682) Drop usage of the branches filter with a single asterisk as this matches against zero or more characters but not a forward slash, resulting in PRs to branch names with forwards slashes in them not having these workflow run against them as expected. Updates tailscale/corp#33523 Signed-off-by: Mario Minardi <mario@tailscale.com>
…ailscale#17639)" (tailscale#17684) This reverts commit 4346615. We averted the shutdown race, but will need to service the subscriber even when we are not waiting for a change so that we do not delay the bus as a whole. Updates tailscale#17638 Change-Id: I5488466ed83f5ad1141c95267f5ae54878a24657 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>
Updates #cleanup Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>
… portmapper Thanks for the report, @Need-an-AwP! Fixes tailscale#17681 Updates tailscale#9394 Change-Id: I2e0b722ef9b460bd7e79499192d1a315504ca84c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Found by staticcheck, the test was calling derphttp.NewClient but not checking its error result before doing other things to it. Updates #cleanup Change-Id: I4ade35a7de7c473571f176e747866bc0ab5774db Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>
…ailscale#17669) This migrates an internal tool to open source so that we can run it on the tailscale.com module as well. We add the "util/safediff" also as a dependency of the tool. This PR does not yet set up a CI to run this analyzer. Updates tailscale/corp#791 Signed-off-by: Joe Tsai <joetsai@digital-static.net>
…le#17668) This rewrites the netlog package to support embedding node information in network flow logs. Some bit of complexity comes in trying to pre-compute the expected size of the log message after JSON serialization to ensure that we can respect maximum body limits in log uploading. We also fix a bug in tstun, where we were recording the IP address after SNAT, which was resulting in non-sensible connection flows being logged. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <joetsai@digital-static.net>
…pdate to a nodeattr And fix up the TestAutoUpdateDefaults integration tests as they weren't testing reality: the DefaultAutoUpdate is supposed to only be relevant on the first MapResponse in the stream, but the tests weren't testing that. They were instead injecting a 2nd+ MapResponse. This changes the test control server to add a hook to modify the first map response, and then makes the test control when the node goes up and down to make new map responses. Also, the test now runs on macOS where the auto-update feature being disabled would've previously t.Skipped the whole test. Updates tailscale#11502 Change-Id: If2319bd1f71e108b57d79fe500b2acedbc76e1a6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
There is an issue to add non-integration tests: tailscale#18022 Fixes tailscale#15627 tailscale#16340 Signed-off-by: Fran Bull <fran@tailscale.com>
In suggestExitNodeLocked, if no exit node candidates have a home DERP or
valid location info, `bestCandidates` is an empty slice. This slice is
passed to `selectNode` (`randomNode` in prod):
```go func randomNode(nodes views.Slice[tailcfg.NodeView], …) tailcfg.NodeView {
…
return nodes.At(rand.IntN(nodes.Len()))
}
```
An empty slice becomes a call to `rand.IntN(0)`, which panics.
This patch changes the behaviour, so if we've filtered out all the
candidates before calling `selectNode`, reset the list and then pick
from any of the available candidates.
This patch also updates our tests to give us more coverage of `randomNode`,
so we can spot other potential issues.
Updates tailscale#17661
Change-Id: I63eb5e4494d45a1df5b1f4b1b5c6d5576322aa72
Signed-off-by: Alex Chan <alexc@tailscale.com>
Adds a new types of TSMP messages for advertising disco keys keys to/from a peer, and implements the advertising triggered by a TSMP ping. Needed as part of the effort to cache the netmap and still let clients connect without control being reachable. Updates tailscale#12639 Signed-off-by: Claus Lensbøl <claus@tailscale.com> Co-authored-by: James Tucker <james@tailscale.com>
Fixes tailscale#17839 Signed-off-by: Sachin Iyer <siyer@detail.dev>
In preparation for exposing its configuration via ipn.ConfigVAlpha,
change {Masked}Prefs.RelayServerPort from *int to *uint16. This takes a
defensive stance against invalid inputs at JSON decode time.
'tailscale set --relay-server-port' is currently the only input to this
pref, and has always sanitized input to fit within a uint16.
Updates tailscale/corp#34591
Signed-off-by: Jordan Whited <jordan@tailscale.com>
This patch adds an integration test for Tailnet Lock, checking that a node can't talk to peers in the tailnet until it becomes signed. This patch also introduces a new package `tstest/tkatest`, which has some helpers for constructing a mock control server that responds to TKA requests. This allows us to reduce boilerplate in the IPN tests. Updates tailscale/corp#33599 Signed-off-by: Alex Chan <alexc@tailscale.com>
We don't hold q.mu while running normal ExecQueue.Add funcs, so we shouldn't in RunSync either. Otherwise code it calls can't shut down the queue, as seen in tailscale#18502. Updates tailscale#18052 Co-authored-by: Nick Khyl <nickk@tailscale.com> Change-Id: Ic5e53440411eca5e9fabac7f4a68a9f6ef026de1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
tailscale#18071) This might help users diagnose why TPM access is failing for tpmrm0. Fixes tailscale#18026 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>
…ofile switch (tailscale#18126) If a packet arrives while WireGuard is being reconfigured with b.mu held, such as during a profile switch, calling back into (*LocalBackend).GetPeerAPIPort from (*Wrapper).filterPacketInboundFromWireGuard may deadlock when it tries to acquire b.mu. This occurs because a peer cannot be removed while an inbound packet is being processed. The reconfig and profile switch wait for (*Peer).RoutineSequentialReceiver to return, but it never finishes because GetPeerAPIPort needs b.mu, which the waiting goroutine already holds. In this PR, we make peerAPIPorts a new syncs.AtomicValue field that is written with b.mu held but can be read by GetPeerAPIPort without holding the mutex, which fixes the deadlock. There might be other long-term ways to address the issue, such as moving peer API listeners from LocalBackend to nodeBackend so they can be accessed without holding b.mu, but these changes are too large and risky at this stage in the v1.92 release cycle. Updates tailscale#18124 Signed-off-by: Nick Khyl <nickk@tailscale.com> (cherry picked from commit 557457f)
Fixes tailscale#18112 Change-Id: I85d5c482b01673799d51faeb6cb0579903597502 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit b8c58ca)
) Updates tailscale#18122 (cherry picked from commit 7bc25f7) Signed-off-by: Andrew Lytvynov <awly@tailscale.com> Co-authored-by: Andrew Lytvynov <awly@tailscale.com>
Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>
Add --certmode=gcp for using Google Cloud Certificate Manager's public CA instead of Let's Encrypt. GCP requires External Account Binding (EAB) credentials for ACME registration, so this adds --acme-eab-kid and --acme-eab-key flags. The EAB key accepts both base64url and standard base64 encoding to support both ACME spec format and gcloud output. Fixes tailscale/corp#34881 Signed-off-by: Raj Singh <raj@tailscale.com> Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit 8eda947)
Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>
Updates tailscale#18187 Change-Id: If7375efb7df0452a5e85b742fc4c4eecbbd62717 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit 0df4631)
Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>
…ailscale#18230) (tailscale#18234) Fixes tailscale#18228 (cherry picked from commit b21cba0) Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
…#18241) (tailscale#18242) IsZero is required by the interface, so we should use that before trying to serialize the key. Updates #35412 (cherry picked from commit ce7e1de) Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
… extension (tailscale#18252) (tailscale#18343) In dynamically changing environments where ACME account keys and certs are stored separately, it can happen that the account key would get deleted (and recreated) between issuances. If that is the case, we currently fail renewals and the only way to recover is for users to delete certs. This adds a config knob to allow opting out of the replaces extension and utilizes it in the Kubernetes operator where there are known user workflows that could end up with this edge case. Updates tailscale#18251 (cherry picked from commit 90b4358) Signed-off-by: Irbe Krumina <irbe@tailscale.com>
…ation by default, don't use it with non-file system state stores (tailscale#18342) * ipn/ipnlocal: don't fail profile unmarshal due to attestation keys (tailscale#18335) Soft-fail on initial unmarshal and try again, ignoring the AttestationKey. This helps in cases where something about the attestation key storage (usually a TPM) is messed up. The old key will be lost, but at least the node can start again. Updates tailscale#18302 Updates tailscale#15830 Signed-off-by: Andrew Lytvynov <awly@tailscale.com> (cherry picked from commit 2e77b75) * cmd/tailscaled: disable state encryption / attestation by default (tailscale#18336) TPM-based features have been incredibly painful due to the heterogeneous devices in the wild, and many situations in which the TPM "changes" (is reset or replaced). All of this leads to a lot of customer issues. We hoped to iron out all the kinks and get all users to benefit from state encryption and hardware attestation without manually opting in, but the long tail of kinks is just too long. This change disables TPM-based features on Windows and Linux by default. Node state should get auto-decrypted on update, and old attestation keys will be removed. There's also tailscaled-on-macOS, but it won't have a TPM or Keychain bindings anyway. Updates tailscale#18302 Updates tailscale#15830 Signed-off-by: Andrew Lytvynov <awly@tailscale.com> (cherry picked from commit 68617bb) * cmd/tailscaled,ipn/{ipnlocal,store/kubestore}: don't create attestation keys for stores that are not bound to a node (tailscale#18322) Ensure that hardware attestation keys are not added to tailscaled state stores that are Kubernetes Secrets or AWS SSM as those Tailscale devices should be able to be recreated on different nodes, for example, when moving Pods between nodes. Updates tailscale#18302 Signed-off-by: Irbe Krumina <irbekrm@gmail.com> (cherry picked from commit 8ea90ba) --------- Signed-off-by: Andrew Lytvynov <awly@tailscale.com> Signed-off-by: Irbe Krumina <irbekrm@gmail.com> Co-authored-by: Andrew Lytvynov <awly@tailscale.com>
Signed-off-by: Irbe Krumina <irbekrm@gmail.com>
Release 1.91.0
…#17664)" (tailscale#17732) This reverts commit a760cbe. Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
Release 1.92.5
anthr76
approved these changes
Jan 12, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://tailscale.com/changelog#2026-01-06
This takes this repo from 1.90.3 > 1.92.5