Current Port Status

.github/workflows/cross-illumos.yaml

@@ -0,0 +1,32 @@
+name: illumos-Cross
+
+on:
+  push:
+    branches:
+      - main
+      - 'illumos-*'
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    if: "!contains(github.event.head_commit.message, '[ci skip]')"
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
+        id: go
+
+      - name: SunOS build script
+        run: bash -x build.sh

.github/workflows/nshalman-sunos-releases.yml

@@ -0,0 +1,45 @@
+---
+name: "tagged-release"
+
+on:
+  push:
+    tags:
+      - "v*-sunos"
+
+jobs:
+  tagged-release:
+    name: "SunOS Tagged Release"
+    runs-on: "ubuntu-latest"
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
+        id: go
+
+      - name: SunOS build script
+        run: bash -x build.sh
+
+      - name: Create Release
+        uses: "marvinpinto/action-automatic-releases@latest"
+        with:
+          repo_token: "${{ secrets.GITHUB_TOKEN }}"
+          prerelease: false
+          files: |
+            cmd/tailscaled/smf/install
+            cmd/tailscaled/smf/tailscale.xml
+            cmd/tailscaled/smf/vpn-tailscale
+            sha256sums
+            tailscale-illumos
+            tailscale-solaris
+            tailscaled-illumos
+            tailscaled-solaris
+            tailscaled-plain-illumos
+            tailscaled-plain-solaris

AUTHORS

@@ -15,3 +15,4 @@
 # company that owns the rights to your contribution.
 
 Tailscale Inc.
+Nahum Shalman <nahamu@gmail.com>

build.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+set -o xtrace
+set -o errexit
+
+export TS_USE_TOOLCHAIN=true
+
+# feature tags to use in our version of the "box" build
+BOX_TAGS="$(go run ./cmd/featuretags --min --add=osrouter,unixsocketidentity),ts_include_cli"
+
+# This prevents illumos libc from leaking into Solaris binaries when built on illumos
+export CGO_ENABLED=0
+
+fix_osabi () {
+	if [[ $(uname -s) == SunOS ]]; then
+		/usr/bin/elfedit \
+			-e "ehdr:ei_osabi ELFOSABI_SOLARIS" \
+			-e "ehdr:ei_abiversion EAV_SUNW_CURRENT" \
+			"${1?}"
+	else
+		elfedit --output-osabi "Solaris" --output-abiversion "1" "${1?}"
+	fi
+}
+
+for GOOS in illumos solaris; do
+	export GOOS
+	TAGS=ts_include_cli bash -x ./build_dist.sh ./cmd/tailscaled
+	fix_osabi tailscaled
+	mv tailscaled{,-${GOOS}}
+	TAGS=${BOX_TAGS} bash -x ./build_dist.sh ./cmd/tailscaled
+	fix_osabi tailscaled
+	mv tailscaled{,-minimal-${GOOS}}
+	# Build plain daemon binary
+	bash -x ./build_dist.sh ./cmd/tailscaled
+	fix_osabi tailscaled
+	mv tailscaled{,-plain-${GOOS}}
+	# Build plain client binary
+	bash -x ./build_dist.sh ./cmd/tailscale
+	fix_osabi tailscale
+	mv tailscale{,-${GOOS}}
+done
+
+ln cmd/tailscaled/smf/tailscale.xml .
+ln cmd/tailscaled/smf/vpn-tailscale .
+ln cmd/tailscaled/smf/install .
+shasum -a 256 install tailscaled-* tailscale-* tailscale.xml vpn-tailscale>sha256sums
+rm ./tailscale.xml ./vpn-tailscale ./install

cmd/tailscaled/smf/install

@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+
+set -o xtrace
+set -o errexit
+
+fail () {
+	echo "$@"
+	exit 1
+}
+
+PREFIX=usr
+
+# On a SmartOS GZ, use /opt
+if [[ $(zonename) == "global" ]] && uname -v | grep -q joyent
+then
+	PREFIX=opt
+fi
+
+svcadm disable -t vpn/tailscale || true
+
+# See https://github.com/nshalman/tailscale/issues/90
+# On hosts currently running taildrive
+# disable is kind of broken
+# clean up manually
+svccfg -s tailscale listprop startd/duration | grep -q contract || \
+	echo "Cleaning up after broken SMF manifest"
+sleep 1
+pkill tailscaled || true
+svcadm disable -st vpn/tailscale || true
+svccfg delete -f vpn/tailscale || true
+
+TMPDIR="$(mktemp -d)"
+pushd "${TMPDIR?}"
+
+DOWNLOAD=https://github.com/nshalman/tailscale/releases/latest/download
+# TODO: Would this work for Solaris?? what is Solaris "uname -o"?
+OS="$(uname -o)"
+
+curl -fLO "${DOWNLOAD}/sha256sums"
+curl -fLO "${DOWNLOAD}/tailscaled-${OS?}"
+curl -fLO "${DOWNLOAD}/tailscale.xml"
+curl -fLO "${DOWNLOAD}/vpn-tailscale"
+
+sha256sum --ignore-missing -c sha256sums
+rm sha256sums
+
+chmod +x "tailscaled-${OS?}"
+mkdir -p "/${PREFIX?}/local/lib/svc/method/"
+chmod +x vpn-tailscale
+mv vpn-tailscale "/${PREFIX?}/local/lib/svc/method/"
+mv "tailscaled-${OS?}" "/${PREFIX?}/local/sbin/tailscaled"
+rm -f "/${PREFIX?}/local/sbin/tailscale"
+ln -s tailscaled "/${PREFIX?}/local/sbin/tailscale"
+<tailscale.xml sed "s/@@PREFIX@@/${PREFIX?}/" > import.xml
+svccfg import import.xml
+svccfg -s vpn/tailscale setprop application/binary="/${PREFIX?}/local/sbin/tailscaled"
+svccfg -s vpn/tailscale setprop application/tun_driver="tun"
+svcadm enable -st vpn/tailscale
+rm tailscale.xml import.xml
+
+popd
+rm -rf "${TMPDIR}"
+
+sleep 2
+tailscale status
+
+echo "To switch to non-tun userspace networking you can run:"
+echo 'svccfg -s vpn/tailscale setprop application/tun_driver="userspace-networking"'
+echo "and then restart tailscale"

cmd/tailscaled/smf/tailscale.xml

@@ -0,0 +1,29 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<service_bundle type='manifest' name='export'>
+  <service name='vpn/tailscale' type='service' version='0'>
+    <create_default_instance enabled='true'/>
+    <single_instance/>
+    <dependency name='network' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/milestone/network:default'/>
+    </dependency>
+    <dependency name='filesystem' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/system/filesystem/local'/>
+    </dependency>
+    <method_context>
+      <method_credential group='root' user='root'/>
+    </method_context>
+    <exec_method name='start' type='method' exec='/@@PREFIX@@/local/lib/svc/method/vpn-tailscale %m' timeout_seconds='5'/>
+    <exec_method name='stop' type='method' exec='/@@PREFIX@@/local/lib/svc/method/vpn-tailscale %m %{restarter/contract}' timeout_seconds='5'/>
+    <property_group name='application' type='application'>
+      <propval name='binary' type='astring' value='/@@PREFIX@@/local/sbin/tailscaled'/>
+      <propval name='tun_driver' type='astring' value='tun'/>
+    </property_group>
+    <stability value='Evolving'/>
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>Tailscale</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>

cmd/tailscaled/smf/vpn-tailscale

@@ -0,0 +1,23 @@
+#!/sbin/sh
+# Init script for tailscaled.
+
+. /lib/svc/share/smf_include.sh
+
+TAILSCALED=$(svcprop -c -p application/binary "$SMF_FMRI")
+TUN_DRIVER=$(svcprop -c -p application/tun_driver "$SMF_FMRI")
+case "$1" in
+start)
+	smf_clear_env
+	"${TAILSCALED?}" -tun "${TUN_DRIVER?}" &
+	;;
+stop)
+	smf_kill_contract "$2" TERM 60
+	"${TAILSCALED?}" --cleanup
+	;;
+*)
+	echo "Usage: $0 {start|stop}" >&2
+	exit 1
+	;;
+esac
+
+exit "$SMF_EXIT_OK"

cmd/tailscaled/tailscaled.go

@@ -67,7 +67,7 @@ import (
 // defaultTunName returns the default tun device name for the platform.
 func defaultTunName() string {
 	switch runtime.GOOS {
-	case "openbsd":
+	case "openbsd", "illumos", "solaris":
 		return "tun"
 	case "windows":
 		return "Tailscale"
@@ -77,7 +77,7 @@ func defaultTunName() string {
 		return "utun"
 	case "plan9":
 		return "auto"
-	case "aix", "solaris", "illumos":
+	case "aix":
 		return "userspace-networking"
 	case "linux":
 		if buildfeatures.HasSynology && buildfeatures.HasNetstack && distro.Get() == distro.Synology {

go.mod

@@ -428,3 +428,5 @@ require (
 )
 
 tool github.com/stacklok/frizbee
+
+replace github.com/tailscale/wireguard-go => github.com/nshalman/wireguard-go v0.0.20200321-0.20250731001858-998473505459

go.sum

@@ -778,6 +778,8 @@ github.com/nishanths/exhaustive v0.12.0 h1:vIY9sALmw6T/yxiASewa4TQcFsVYZQQRUQJhK
 github.com/nishanths/exhaustive v0.12.0/go.mod h1:mEZ95wPIZW+x8kC4TgC+9YCUgiST7ecevsVDTgc2obs=
 github.com/nishanths/predeclared v0.2.2 h1:V2EPdZPliZymNAn79T8RkNApBjMmVKh5XRpLm/w98Vk=
 github.com/nishanths/predeclared v0.2.2/go.mod h1:RROzoN6TnGQupbC+lqggsOlcgysk3LMK/HI84Mp280c=
+github.com/nshalman/wireguard-go v0.0.20200321-0.20250731001858-998473505459 h1:g7boEoqgzfIkRvh/a/pRDNANjCvqk+8GI3CeLJB0kwU=
+github.com/nshalman/wireguard-go v0.0.20200321-0.20250731001858-998473505459/go.mod h1:BOm5fXUBFM+m9woLNBoxI9TaBXXhGNP50LX/TGIvGb4=
 github.com/nunnatsa/ginkgolinter v0.16.1 h1:uDIPSxgVHZ7PgbJElRDGzymkXH+JaF7mjew+Thjnt6Q=
 github.com/nunnatsa/ginkgolinter v0.16.1/go.mod h1:4tWRinDN1FeJgU+iJANW/kz7xKN5nYRAOfJDQUS9dOQ=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
@@ -1000,8 +1002,6 @@ github.com/tailscale/web-client-prebuilt v0.0.0-20250124233751-d4cd19a26976 h1:U
 github.com/tailscale/web-client-prebuilt v0.0.0-20250124233751-d4cd19a26976/go.mod h1:agQPE6y6ldqCOui2gkIh7ZMztTkIQKH049tv8siLuNQ=
 github.com/tailscale/wf v0.0.0-20240214030419-6fbb0a674ee6 h1:l10Gi6w9jxvinoiq15g8OToDdASBni4CyJOdHY1Hr8M=
 github.com/tailscale/wf v0.0.0-20240214030419-6fbb0a674ee6/go.mod h1:ZXRML051h7o4OcI0d3AaILDIad/Xw0IkXaHM17dic1Y=
-github.com/tailscale/wireguard-go v0.0.0-20250716170648-1d0488a3d7da h1:jVRUZPRs9sqyKlYHHzHjAqKN+6e/Vog6NpHYeNPJqOw=
-github.com/tailscale/wireguard-go v0.0.0-20250716170648-1d0488a3d7da/go.mod h1:BOm5fXUBFM+m9woLNBoxI9TaBXXhGNP50LX/TGIvGb4=
 github.com/tailscale/xnet v0.0.0-20240729143630-8497ac4dab2e h1:zOGKqN5D5hHhiYUp091JqK7DPCqSARyUfduhGUY8Bek=
 github.com/tailscale/xnet v0.0.0-20240729143630-8497ac4dab2e/go.mod h1:orPd6JZXXRyuDusYilywte7k094d7dycXXU5YnWsrwg=
 github.com/tc-hib/winres v0.2.1 h1:YDE0FiP0VmtRaDn7+aaChp1KiF4owBiJa5l964l5ujA=

ipn/ipnserver/actor.go

@@ -237,7 +237,7 @@ func connIsLocalAdmin(logf logger.Logf, ci *ipnauth.ConnIdentity, operatorUID st
 		// This is a standalone tailscaled setup, use the same logic as on
 		// Linux.
 		fallthrough
-	case "linux":
+	case "linux", "solaris", "illumos":
 		if !buildfeatures.HasUnixSocketIdentity {
 			// Everybody is an admin if support for unix socket identities
 			// is omitted for the build.

net/tstun/tstun_stub.go

@@ -1,7 +1,7 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 
-//go:build aix || solaris || illumos
+//go:build aix
 
 package tstun
 

net/tstun/tun.go

@@ -1,7 +1,7 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 
-//go:build !wasm && !tamago && !aix && !solaris && !illumos
+//go:build !wasm && !tamago && !aix
 
 // Package tun creates a tuntap device, working around OS-specific
 // quirks if necessary.

safesocket/safesocket.go

@@ -120,7 +120,7 @@ func PlatformUsesPeerCreds() bool {
 // runtime.GOOS value instead of using the current one.
 func GOOSUsesPeerCreds(goos string) bool {
 	switch goos {
-	case "linux", "darwin", "freebsd":
+	case "linux", "darwin", "freebsd", "solaris", "illumos":
 		return true
 	}
 	return false

tool/go

@@ -4,4 +4,10 @@
 # currently-desired version from https://github.com/tailscale/go,
 # downloading it first if necessary.
 
+case $(uname -s) in
+	SunOS)
+		exec go "$@"
+		;;
+esac
+
 exec "$(dirname "$0")/../tool/gocross/gocross-wrapper.sh" "$@"