From 1f73f05510493c9c6eb3e2e50063dcbe54ba338d Mon Sep 17 00:00:00 2001 From: Thomas Kosiewski Date: Tue, 21 Jan 2025 09:45:16 +0100 Subject: [PATCH] chore: remove custom go toolchain Change-Id: Ic5e4198e3cb42225deea908169b91b157c398815 Signed-off-by: Thomas Kosiewski --- .github/workflows/test.yml | 632 ++++++++++++++------------- Dockerfile | 26 +- cmd/derper/depaware.txt | 11 +- cmd/tailscale/cli/exitnode_test.go | 4 +- cmd/tailscale/depaware.txt | 13 +- cmd/tailscaled/depaware.txt | 26 +- flake.lock | 36 +- flake.nix | 4 +- go.mod | 10 +- go.mod.sri | 2 +- go.sum | 20 +- net/art/table_test.go | 5 +- safesocket/unixsocket.go | 4 - scripts/check_license_headers.sh | 80 ++-- shell.nix | 2 +- ssh/tailssh/tailssh.go | 8 +- ssh/tailssh/tailssh_test.go | 44 +- tool/gocross/autoflags.go | 2 +- tool/gocross/autoflags_test.go | 26 +- tool/gocross/gocross-wrapper.sh | 107 ++--- tool/gocross/gocross.go | 43 +- tool/gocross/goroot.go | 90 ---- tool/gocross/toolchain.go | 189 -------- tstest/integration/vms/distros.go | 3 +- version_test.go | 2 +- wgengine/magicsock/magicsock_test.go | 8 +- 26 files changed, 555 insertions(+), 842 deletions(-) delete mode 100644 tool/gocross/goroot.go delete mode 100644 tool/gocross/toolchain.go diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8e6f77a0f3ff1..2c30fb0d21c2b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -50,116 +50,126 @@ jobs: - goarch: "386" # thanks yaml runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: Restore Cache - uses: actions/cache@v3 - with: - # Note: unlike the other setups, this is only grabbing the mod download - # cache, rather than the whole mod directory, as the download cache - # contains zips that can be unpacked in parallel faster than they can be - # fetched and extracted by tar - path: | - ~/.cache/go-build - ~/go/pkg/mod/cache - ~\AppData\Local\go-build - # The -2- here should be incremented when the scheme of data to be - # cached changes (e.g. path above changes). - key: ${{ github.job }}-${{ runner.os }}-${{ matrix.goarch }}-${{ matrix.buildflags }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} - restore-keys: | - ${{ github.job }}-${{ runner.os }}-${{ matrix.goarch }}-${{ matrix.buildflags }}-go-2-${{ hashFiles('**/go.sum') }} - ${{ github.job }}-${{ runner.os }}-${{ matrix.goarch }}-${{ matrix.buildflags }}-go-2- - - name: build all - run: ./tool/go build ${{matrix.buildflags}} ./... - env: - GOARCH: ${{ matrix.goarch }} - - name: build variant CLIs - run: | - export TS_USE_TOOLCHAIN=1 - ./build_dist.sh --extra-small ./cmd/tailscaled - ./build_dist.sh --box ./cmd/tailscaled - ./build_dist.sh --extra-small --box ./cmd/tailscaled - rm -f tailscaled - env: - GOARCH: ${{ matrix.goarch }} - - name: get qemu # for tstest/archtest - if: matrix.goarch == 'amd64' && matrix.variant == '' - run: | - sudo apt-get -y update - sudo apt-get -y install qemu-user - - name: build test wrapper - run: ./tool/go build -o /tmp/testwrapper ./cmd/testwrapper - - name: test all - run: PATH=$PWD/tool:$PATH /tmp/testwrapper ./... ${{matrix.buildflags}} - env: - GOARCH: ${{ matrix.goarch }} - - name: bench all - run: PATH=$PWD/tool:$PATH /tmp/testwrapper ./... ${{matrix.buildflags}} -bench=. -benchtime=1x -run=^$ - env: - GOARCH: ${{ matrix.goarch }} - - name: check that no tracked files changed - run: git diff --no-ext-diff --name-only --exit-code || (echo "Build/test modified the files above."; exit 1) - - name: check that no new files were added - run: | - # Note: The "error: pathspec..." you see below is normal! - # In the success case in which there are no new untracked files, - # git ls-files complains about the pathspec not matching anything. - # That's OK. It's not worth the effort to suppress. Please ignore it. - if git ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- ':/*' - then - echo "Build/test created untracked files in the repo (file names above)." - exit 1 - fi + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + - name: Restore Cache + uses: actions/cache@v3 + with: + # Note: unlike the other setups, this is only grabbing the mod download + # cache, rather than the whole mod directory, as the download cache + # contains zips that can be unpacked in parallel faster than they can be + # fetched and extracted by tar + path: | + ~/.cache/go-build + ~/go/pkg/mod/cache + ~\AppData\Local\go-build + # The -2- here should be incremented when the scheme of data to be + # cached changes (e.g. path above changes). + key: ${{ github.job }}-${{ runner.os }}-${{ matrix.goarch }}-${{ matrix.buildflags }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} + restore-keys: | + ${{ github.job }}-${{ runner.os }}-${{ matrix.goarch }}-${{ matrix.buildflags }}-go-2-${{ hashFiles('**/go.sum') }} + ${{ github.job }}-${{ runner.os }}-${{ matrix.goarch }}-${{ matrix.buildflags }}-go-2- + - name: build all + run: ./tool/go build ${{matrix.buildflags}} ./... + env: + GOARCH: ${{ matrix.goarch }} + - name: build variant CLIs + run: | + export TS_USE_TOOLCHAIN=1 + ./build_dist.sh --extra-small ./cmd/tailscaled + ./build_dist.sh --box ./cmd/tailscaled + ./build_dist.sh --extra-small --box ./cmd/tailscaled + rm -f tailscaled + env: + GOARCH: ${{ matrix.goarch }} + - name: get qemu # for tstest/archtest + if: matrix.goarch == 'amd64' && matrix.variant == '' + run: | + sudo apt-get -y update + sudo apt-get -y install qemu-user + - name: build test wrapper + run: ./tool/go build -o /tmp/testwrapper ./cmd/testwrapper + - name: test all + run: /tmp/testwrapper ./... ${{matrix.buildflags}} + env: + GOARCH: ${{ matrix.goarch }} + - name: bench all + run: /tmp/testwrapper ./... ${{matrix.buildflags}} -bench=. -benchtime=1x -run=^$ + env: + GOARCH: ${{ matrix.goarch }} + - name: check that no tracked files changed + run: git diff --no-ext-diff --name-only --exit-code || (echo "Build/test modified the files above."; exit 1) + - name: check that no new files were added + run: | + # Note: The "error: pathspec..." you see below is normal! + # In the success case in which there are no new untracked files, + # git ls-files complains about the pathspec not matching anything. + # That's OK. It's not worth the effort to suppress. Please ignore it. + if git ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- ':/*' + then + echo "Build/test created untracked files in the repo (file names above)." + exit 1 + fi windows: runs-on: windows-2022 steps: - - name: checkout - uses: actions/checkout@v3 + - name: checkout + uses: actions/checkout@v3 - - name: Install Go - uses: actions/setup-go@v4 - with: - go-version-file: go.mod - cache: false + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false - - name: Restore Cache - uses: actions/cache@v3 - with: - # Note: unlike the other setups, this is only grabbing the mod download - # cache, rather than the whole mod directory, as the download cache - # contains zips that can be unpacked in parallel faster than they can be - # fetched and extracted by tar - path: | - ~/.cache/go-build - ~/go/pkg/mod/cache - ~\AppData\Local\go-build - # The -2- here should be incremented when the scheme of data to be - # cached changes (e.g. path above changes). - key: ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} - restore-keys: | - ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }} - ${{ github.job }}-${{ runner.os }}-go-2- - - name: test - # Don't use -bench=. -benchtime=1x. - # Somewhere in the layers (powershell?) - # the equals signs cause great confusion. - run: go test -bench . -benchtime 1x ./... + - name: Restore Cache + uses: actions/cache@v3 + with: + # Note: unlike the other setups, this is only grabbing the mod download + # cache, rather than the whole mod directory, as the download cache + # contains zips that can be unpacked in parallel faster than they can be + # fetched and extracted by tar + path: | + ~/.cache/go-build + ~/go/pkg/mod/cache + ~\AppData\Local\go-build + # The -2- here should be incremented when the scheme of data to be + # cached changes (e.g. path above changes). + key: ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} + restore-keys: | + ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }} + ${{ github.job }}-${{ runner.os }}-go-2- + - name: test + # Don't use -bench=. -benchtime=1x. + # Somewhere in the layers (powershell?) + # the equals signs cause great confusion. + run: go test -bench . -benchtime 1x ./... vm: runs-on: ["self-hosted", "linux", "vm"] # VM tests run with some privileges, don't let them run on 3p PRs. if: github.repository == 'tailscale/tailscale' steps: - - name: checkout - uses: actions/checkout@v3 - - name: Run VM tests - run: ./tool/go test ./tstest/integration/vms -v -no-s3 -run-vm-tests -run=TestRunUbuntu2004 - env: - HOME: "/tmp" - TMPDIR: "/tmp" - XDB_CACHE_HOME: "/var/lib/ghrunner/cache" - + - name: checkout + uses: actions/checkout@v3 + + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + + - name: Run VM tests + run: ./tool/go test ./tstest/integration/vms -v -no-s3 -run-vm-tests -run=TestRunUbuntu2004 + env: + HOME: "/tmp" + TMPDIR: "/tmp" + XDB_CACHE_HOME: "/var/lib/ghrunner/cache" + cross: # cross-compile checks, build only. strategy: fail-fast: false # don't abort the entire matrix if one element fails @@ -197,50 +207,56 @@ jobs: runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: Restore Cache - uses: actions/cache@v3 - with: - # Note: unlike the other setups, this is only grabbing the mod download - # cache, rather than the whole mod directory, as the download cache - # contains zips that can be unpacked in parallel faster than they can be - # fetched and extracted by tar - path: | - ~/.cache/go-build - ~/go/pkg/mod/cache - ~\AppData\Local\go-build - # The -2- here should be incremented when the scheme of data to be - # cached changes (e.g. path above changes). - key: ${{ github.job }}-${{ runner.os }}-${{ matrix.goos }}-${{ matrix.goarch }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} - restore-keys: | - ${{ github.job }}-${{ runner.os }}-${{ matrix.goos }}-${{ matrix.goarch }}-go-2-${{ hashFiles('**/go.sum') }} - ${{ github.job }}-${{ runner.os }}-${{ matrix.goos }}-${{ matrix.goarch }}-go-2- - - name: build all - run: ./tool/go build ./cmd/... - env: - GOOS: ${{ matrix.goos }} - GOARCH: ${{ matrix.goarch }} - GOARM: ${{ matrix.goarm }} - CGO_ENABLED: "0" - - name: build tests - run: ./tool/go test -exec=true ./... - env: - GOOS: ${{ matrix.goos }} - GOARCH: ${{ matrix.goarch }} - CGO_ENABLED: "0" + - name: checkout + uses: actions/checkout@v3 + + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + + - name: Restore Cache + uses: actions/cache@v3 + with: + # Note: unlike the other setups, this is only grabbing the mod download + # cache, rather than the whole mod directory, as the download cache + # contains zips that can be unpacked in parallel faster than they can be + # fetched and extracted by tar + path: | + ~/.cache/go-build + ~/go/pkg/mod/cache + ~\AppData\Local\go-build + # The -2- here should be incremented when the scheme of data to be + # cached changes (e.g. path above changes). + key: ${{ github.job }}-${{ runner.os }}-${{ matrix.goos }}-${{ matrix.goarch }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} + restore-keys: | + ${{ github.job }}-${{ runner.os }}-${{ matrix.goos }}-${{ matrix.goarch }}-go-2-${{ hashFiles('**/go.sum') }} + ${{ github.job }}-${{ runner.os }}-${{ matrix.goos }}-${{ matrix.goarch }}-go-2- + - name: build all + run: ./tool/go build ./cmd/... + env: + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.goarch }} + GOARM: ${{ matrix.goarm }} + CGO_ENABLED: "0" + - name: build tests + run: ./tool/go test -exec=true ./... + env: + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.goarch }} + CGO_ENABLED: "0" ios: # similar to cross above, but iOS can't build most of the repo. So, just - #make it build a few smoke packages. + #make it build a few smoke packages. runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: build some - run: ./tool/go build ./ipn/... ./wgengine/ ./types/... ./control/controlclient - env: - GOOS: ios - GOARCH: arm64 + - name: checkout + uses: actions/checkout@v3 + - name: build some + run: ./tool/go build ./ipn/... ./wgengine/ ./types/... ./control/controlclient + env: + GOOS: ios + GOARCH: arm64 android: # similar to cross above, but android fails to build a few pieces of the @@ -248,60 +264,59 @@ jobs: # only test the subset of android that our past smoke test checked. runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - # Super minimal Android build that doesn't even use CGO and doesn't build everything that's needed - # and is only arm64. But it's a smoke build: it's not meant to catch everything. But it'll catch - # some Android breakages early. - # TODO(bradfitz): better; see https://github.com/tailscale/tailscale/issues/4482 - - name: build some - run: ./tool/go install ./net/netns ./ipn/ipnlocal ./wgengine/magicsock/ ./wgengine/ ./wgengine/router/ ./wgengine/netstack ./util/dnsname/ ./ipn/ ./net/interfaces ./wgengine/router/ ./tailcfg/ ./types/logger/ ./net/dns ./hostinfo ./version - env: - GOOS: android - GOARCH: arm64 + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + # Super minimal Android build that doesn't even use CGO and doesn't build everything that's needed + # and is only arm64. But it's a smoke build: it's not meant to catch everything. But it'll catch + # some Android breakages early. + # TODO(bradfitz): better; see https://github.com/tailscale/tailscale/issues/4482 + - name: build some + run: ./tool/go install ./net/netns ./ipn/ipnlocal ./wgengine/magicsock/ ./wgengine/ ./wgengine/router/ ./wgengine/netstack ./util/dnsname/ ./ipn/ ./net/interfaces ./wgengine/router/ ./tailcfg/ ./types/logger/ ./net/dns ./hostinfo ./version + env: + GOOS: android + GOARCH: arm64 wasm: # builds tsconnect, which is the only wasm build we support runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: Restore Cache - uses: actions/cache@v3 - with: - # Note: unlike the other setups, this is only grabbing the mod download - # cache, rather than the whole mod directory, as the download cache - # contains zips that can be unpacked in parallel faster than they can be - # fetched and extracted by tar - path: | - ~/.cache/go-build - ~/go/pkg/mod/cache - ~\AppData\Local\go-build - # The -2- here should be incremented when the scheme of data to be - # cached changes (e.g. path above changes). - key: ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} - restore-keys: | - ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }} - ${{ github.job }}-${{ runner.os }}-go-2- - - name: build tsconnect client - run: ./tool/go build ./cmd/tsconnect/wasm ./cmd/tailscale/cli - env: - GOOS: js - GOARCH: wasm - - name: build tsconnect server - # Note, no GOOS/GOARCH in env on this build step, we're running a build - # tool that handles the build itself. - run: | - ./tool/go run ./cmd/tsconnect --fast-compression build - ./tool/go run ./cmd/tsconnect --fast-compression build-pkg - - tailscale_go: # Subset of tests that depend on our custom Go toolchain. - runs-on: ubuntu-22.04 - steps: - - name: checkout - uses: actions/checkout@v3 - - name: test tailscale_go - run: ./tool/go test -tags=tailscale_go,ts_enable_sockstats ./net/sockstats/... - + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + - name: Restore Cache + uses: actions/cache@v3 + with: + # Note: unlike the other setups, this is only grabbing the mod download + # cache, rather than the whole mod directory, as the download cache + # contains zips that can be unpacked in parallel faster than they can be + # fetched and extracted by tar + path: | + ~/.cache/go-build + ~/go/pkg/mod/cache + ~\AppData\Local\go-build + # The -2- here should be incremented when the scheme of data to be + # cached changes (e.g. path above changes). + key: ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} + restore-keys: | + ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }} + ${{ github.job }}-${{ runner.os }}-go-2- + - name: build tsconnect client + run: ./tool/go build ./cmd/tsconnect/wasm ./cmd/tailscale/cli + env: + GOOS: js + GOARCH: wasm + - name: build tsconnect server + # Note, no GOOS/GOARCH in env on this build step, we're running a build + # tool that handles the build itself. + run: | + ./tool/go run ./cmd/tsconnect --fast-compression build + ./tool/go run ./cmd/tsconnect --fast-compression build-pkg fuzz: # This target periodically breaks (see TS_FUZZ_CURRENTLY_BROKEN at the top @@ -317,93 +332,105 @@ jobs: if: github.event_name == 'pull_request' runs-on: ubuntu-22.04 steps: - - name: build fuzzers - id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master - # continue-on-error makes steps.build.conclusion be 'success' even if - # steps.build.outcome is 'failure'. This means this step does not - # contribute to the job's overall pass/fail evaluation. - continue-on-error: true - with: - oss-fuzz-project-name: 'tailscale' - dry-run: false - language: go - - name: report unexpectedly broken fuzz build - if: steps.build.outcome == 'failure' && env.TS_FUZZ_CURRENTLY_BROKEN != 'true' - run: | - echo "fuzzer build failed, see above for why" - echo "if the failure is due to OSS-Fuzz not being on the latest Go yet," - echo "set TS_FUZZ_CURRENTLY_BROKEN=true in .github/workflows/test.yml" - echo "to temporarily disable fuzzing until OSS-Fuzz works again." - exit 1 - - name: report unexpectedly working fuzz build - if: steps.build.outcome == 'success' && env.TS_FUZZ_CURRENTLY_BROKEN == 'true' - run: | - echo "fuzzer build succeeded, but we expect it to be broken" - echo "please set TS_FUZZ_CURRENTLY_BROKEN=false in .github/workflows/test.yml" - echo "to reenable fuzz testing" - exit 1 - - name: run fuzzers - id: run - # Run the fuzzers whenever they're able to build, even if we're going to - # report a failure because TS_FUZZ_CURRENTLY_BROKEN is set to the wrong - # value. - if: steps.build.outcome == 'success' - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master - with: - oss-fuzz-project-name: 'tailscale' - fuzz-seconds: 300 - dry-run: false - language: go - - name: upload crash - uses: actions/upload-artifact@v3 - if: steps.run.outcome != 'success' && steps.build.outcome == 'success' - with: - name: artifacts - path: ./out/artifacts + - name: build fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + # continue-on-error makes steps.build.conclusion be 'success' even if + # steps.build.outcome is 'failure'. This means this step does not + # contribute to the job's overall pass/fail evaluation. + continue-on-error: true + with: + oss-fuzz-project-name: "tailscale" + dry-run: false + language: go + - name: report unexpectedly broken fuzz build + if: steps.build.outcome == 'failure' && env.TS_FUZZ_CURRENTLY_BROKEN != 'true' + run: | + echo "fuzzer build failed, see above for why" + echo "if the failure is due to OSS-Fuzz not being on the latest Go yet," + echo "set TS_FUZZ_CURRENTLY_BROKEN=true in .github/workflows/test.yml" + echo "to temporarily disable fuzzing until OSS-Fuzz works again." + exit 1 + - name: report unexpectedly working fuzz build + if: steps.build.outcome == 'success' && env.TS_FUZZ_CURRENTLY_BROKEN == 'true' + run: | + echo "fuzzer build succeeded, but we expect it to be broken" + echo "please set TS_FUZZ_CURRENTLY_BROKEN=false in .github/workflows/test.yml" + echo "to reenable fuzz testing" + exit 1 + - name: run fuzzers + id: run + # Run the fuzzers whenever they're able to build, even if we're going to + # report a failure because TS_FUZZ_CURRENTLY_BROKEN is set to the wrong + # value. + if: steps.build.outcome == 'success' + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: "tailscale" + fuzz-seconds: 300 + dry-run: false + language: go + - name: upload crash + uses: actions/upload-artifact@v3 + if: steps.run.outcome != 'success' && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts depaware: runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: check depaware - run: | - export PATH=$(./tool/go env GOROOT)/bin:$PATH - find . -name 'depaware.txt' | xargs -n1 dirname | xargs ./tool/go run github.com/tailscale/depaware --check + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + - name: check depaware + run: | + export PATH=$(./tool/go env GOROOT)/bin:$PATH + find . -name 'depaware.txt' | xargs -n1 dirname | xargs ./tool/go run github.com/tailscale/depaware --check go_generate: runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: check that 'go generate' is clean - run: | - pkgs=$(./tool/go list ./... | grep -v dnsfallback) - ./tool/go generate $pkgs - echo - echo - git diff --name-only --exit-code || (echo "The files above need updating. Please run 'go generate'."; exit 1) + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + - name: check that 'go generate' is clean + run: | + pkgs=$(./tool/go list ./... | grep -v dnsfallback) + ./tool/go generate $pkgs + echo + echo + git diff --name-only --exit-code || (echo "The files above need updating. Please run 'go generate'."; exit 1) go_mod_tidy: runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: check that 'go mod tidy' is clean - run: | - ./tool/go mod tidy - echo - echo - git diff --name-only --exit-code || (echo "Please run 'go mod tidy'."; exit 1) + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + - name: check that 'go mod tidy' is clean + run: | + ./tool/go mod tidy + echo + echo + git diff --name-only --exit-code || (echo "Please run 'go mod tidy'."; exit 1) licenses: runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: check licenses - run: ./scripts/check_license_headers.sh . + - name: checkout + uses: actions/checkout@v3 + - name: check licenses + run: ./scripts/check_license_headers.sh . staticcheck: runs-on: ubuntu-22.04 @@ -416,23 +443,24 @@ jobs: - goos: "windows" goarch: "386" steps: - - name: checkout - uses: actions/checkout@v3 - - name: install staticcheck - run: GOBIN=~/.local/bin ./tool/go install honnef.co/go/tools/cmd/staticcheck - - name: run staticcheck - run: | - export GOROOT=$(./tool/go env GOROOT) - export PATH=$GOROOT/bin:$PATH - staticcheck -- $(./tool/go list ./... | grep -v tempfork) - env: - GOOS: ${{ matrix.goos }} - GOARCH: ${{ matrix.goarch }} + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + - name: install staticcheck + run: go install honnef.co/go/tools/cmd/staticcheck + - name: run staticcheck + run: staticcheck -- $(./tool/go list ./... | grep -v tempfork) + env: + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.goarch }} notify_slack: if: always() # Any of these jobs failing causes a slack notification. - needs: + needs: - android - test - windows @@ -440,7 +468,6 @@ jobs: - cross - ios - wasm - - tailscale_go - fuzz - depaware - go_generate @@ -449,30 +476,30 @@ jobs: - staticcheck runs-on: ubuntu-22.04 steps: - - name: notify - # Only notify slack for merged commits, not PR failures. - # - # It may be tempting to move this condition into the job's 'if' block, but - # don't: Github only collapses the test list into "everything is OK" if - # all jobs succeeded. A skipped job results in the list staying expanded. - # By having the job always run, but skipping its only step as needed, we - # let the CI output collapse nicely in PRs. - if: failure() && github.event_name == 'push' - uses: ruby/action-slack@v3.2.1 - with: - payload: | - { - "attachments": [{ - "title": "Failure: ${{ github.workflow }}", - "title_link": "https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks", - "text": "${{ github.repository }}@${{ github.ref_name }}: ", - "fields": [{ "value": ${{ toJson(github.event.head_commit.message) }}, "short": false }], - "footer": "${{ github.event.head_commit.committer.name }} at ${{ github.event.head_commit.timestamp }}", - "color": "danger" - }] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + - name: notify + # Only notify slack for merged commits, not PR failures. + # + # It may be tempting to move this condition into the job's 'if' block, but + # don't: Github only collapses the test list into "everything is OK" if + # all jobs succeeded. A skipped job results in the list staying expanded. + # By having the job always run, but skipping its only step as needed, we + # let the CI output collapse nicely in PRs. + if: failure() && github.event_name == 'push' + uses: ruby/action-slack@v3.2.1 + with: + payload: | + { + "attachments": [{ + "title": "Failure: ${{ github.workflow }}", + "title_link": "https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks", + "text": "${{ github.repository }}@${{ github.ref_name }}: ", + "fields": [{ "value": ${{ toJson(github.event.head_commit.message) }}, "short": false }], + "footer": "${{ github.event.head_commit.committer.name }} at ${{ github.event.head_commit.timestamp }}", + "color": "danger" + }] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} check_mergeability: if: always() @@ -485,7 +512,6 @@ jobs: - cross - ios - wasm - - tailscale_go - fuzz - depaware - go_generate @@ -493,8 +519,8 @@ jobs: - licenses - staticcheck steps: - - name: Decide if change is okay to merge - if: github.event_name != 'push' - uses: re-actors/alls-green@release/v1 - with: - jobs: ${{ toJSON(needs) }} + - name: Decide if change is okay to merge + if: github.event_name != 'push' + uses: re-actors/alls-green@release/v1 + with: + jobs: ${{ toJSON(needs) }} diff --git a/Dockerfile b/Dockerfile index 80412f4c66b48..74f811352d3e0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ # $ docker exec tailscaled tailscale status -FROM golang:1.20-alpine AS build-env +FROM golang:1.22-alpine AS build-env WORKDIR /go/src/tailscale @@ -40,14 +40,14 @@ RUN go mod download # Pre-build some stuff before the following COPY line invalidates the Docker cache. RUN go install \ - github.com/aws/aws-sdk-go-v2/aws \ - github.com/aws/aws-sdk-go-v2/config \ - gvisor.dev/gvisor/pkg/tcpip/adapters/gonet \ - gvisor.dev/gvisor/pkg/tcpip/stack \ - golang.org/x/crypto/ssh \ - golang.org/x/crypto/acme \ - github.com/coder/websocket \ - github.com/mdlayher/netlink + github.com/aws/aws-sdk-go-v2/aws \ + github.com/aws/aws-sdk-go-v2/config \ + gvisor.dev/gvisor/pkg/tcpip/adapters/gonet \ + gvisor.dev/gvisor/pkg/tcpip/stack \ + golang.org/x/crypto/ssh \ + golang.org/x/crypto/acme \ + github.com/coder/websocket \ + github.com/mdlayher/netlink COPY . . @@ -61,10 +61,10 @@ ENV VERSION_GIT_HASH=$VERSION_GIT_HASH ARG TARGETARCH RUN GOARCH=$TARGETARCH go install -ldflags="\ - -X tailscale.com/version.longStamp=$VERSION_LONG \ - -X tailscale.com/version.shortStamp=$VERSION_SHORT \ - -X tailscale.com/version.gitCommitStamp=$VERSION_GIT_HASH" \ - -v ./cmd/tailscale ./cmd/tailscaled ./cmd/containerboot + -X tailscale.com/version.longStamp=$VERSION_LONG \ + -X tailscale.com/version.shortStamp=$VERSION_SHORT \ + -X tailscale.com/version.gitCommitStamp=$VERSION_GIT_HASH" \ + -v ./cmd/tailscale ./cmd/tailscaled ./cmd/containerboot FROM alpine:3.16 RUN apk add --no-cache ca-certificates iptables iproute2 ip6tables diff --git a/cmd/derper/depaware.txt b/cmd/derper/depaware.txt index 1ee5a47577cc7..8c62b00431d7c 100644 --- a/cmd/derper/depaware.txt +++ b/cmd/derper/depaware.txt @@ -12,6 +12,10 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa W 💣 github.com/alexbrainman/sspi/negotiate from tailscale.com/net/tshttpproxy github.com/beorn7/perks/quantile from github.com/prometheus/client_golang/prometheus 💣 github.com/cespare/xxhash/v2 from github.com/prometheus/client_golang/prometheus + github.com/coder/websocket from tailscale.com/cmd/derper+ + github.com/coder/websocket/internal/errd from github.com/coder/websocket + github.com/coder/websocket/internal/util from github.com/coder/websocket + github.com/coder/websocket/internal/xsync from github.com/coder/websocket L github.com/coreos/go-iptables/iptables from tailscale.com/util/linuxfw github.com/fxamacker/cbor/v2 from tailscale.com/tka github.com/golang/groupcache/lru from tailscale.com/net/dnscache @@ -26,7 +30,6 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa L github.com/josharian/native from github.com/mdlayher/netlink+ L 💣 github.com/jsimonetti/rtnetlink from tailscale.com/net/interfaces+ L github.com/jsimonetti/rtnetlink/internal/unix from github.com/jsimonetti/rtnetlink - github.com/klauspost/compress/flate from nhooyr.io/websocket github.com/matttproud/golang_protobuf_extensions/pbutil from github.com/prometheus/common/expfmt L 💣 github.com/mdlayher/netlink from github.com/jsimonetti/rtnetlink+ L 💣 github.com/mdlayher/netlink/nlenc from github.com/jsimonetti/rtnetlink+ @@ -77,9 +80,6 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa google.golang.org/protobuf/runtime/protoimpl from github.com/golang/protobuf/proto+ google.golang.org/protobuf/types/descriptorpb from google.golang.org/protobuf/reflect/protodesc google.golang.org/protobuf/types/known/timestamppb from github.com/prometheus/client_golang/prometheus+ - nhooyr.io/websocket from tailscale.com/cmd/derper+ - nhooyr.io/websocket/internal/errd from nhooyr.io/websocket - nhooyr.io/websocket/internal/xsync from nhooyr.io/websocket tailscale.com from tailscale.com/version tailscale.com/atomicfile from tailscale.com/cmd/derper+ tailscale.com/client/tailscale from tailscale.com/derp @@ -108,7 +108,6 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa tailscale.com/net/tlsdial from tailscale.com/derp/derphttp tailscale.com/net/tsaddr from tailscale.com/ipn+ 💣 tailscale.com/net/tshttpproxy from tailscale.com/derp/derphttp+ - tailscale.com/net/wsconn from tailscale.com/cmd/derper+ tailscale.com/paths from tailscale.com/client/tailscale tailscale.com/safesocket from tailscale.com/client/tailscale tailscale.com/syncs from tailscale.com/cmd/derper+ @@ -193,6 +192,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa golang.org/x/time/rate from tailscale.com/cmd/derper+ bufio from compress/flate+ bytes from bufio+ + cmp from net/netip+ compress/flate from compress/gzip+ compress/gzip from internal/profile+ container/list from crypto/tls+ @@ -269,6 +269,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa runtime/metrics from github.com/prometheus/client_golang/prometheus+ runtime/pprof from net/http/pprof runtime/trace from net/http/pprof + slices from encoding/base32+ sort from compress/flate+ strconv from compress/flate+ strings from bufio+ diff --git a/cmd/tailscale/cli/exitnode_test.go b/cmd/tailscale/cli/exitnode_test.go index d2329bda403a1..b89e1a6d37c5d 100644 --- a/cmd/tailscale/cli/exitnode_test.go +++ b/cmd/tailscale/cli/exitnode_test.go @@ -135,7 +135,7 @@ func TestFilterFormatAndSortExitNodes(t *testing.T) { result := filterFormatAndSortExitNodes(ps, "") if res := cmp.Diff(result.Countries, want.Countries, cmpopts.IgnoreUnexported(key.NodePublic{})); res != "" { - t.Fatalf(res) + t.Fatal(res) } }) @@ -230,7 +230,7 @@ func TestFilterFormatAndSortExitNodes(t *testing.T) { result := filterFormatAndSortExitNodes(ps, "Pacific") if res := cmp.Diff(result.Countries, want.Countries, cmpopts.IgnoreUnexported(key.NodePublic{})); res != "" { - t.Fatalf(res) + t.Fatal(res) } }) } diff --git a/cmd/tailscale/depaware.txt b/cmd/tailscale/depaware.txt index 920342fcc2b91..43ef2ba4e090b 100644 --- a/cmd/tailscale/depaware.txt +++ b/cmd/tailscale/depaware.txt @@ -10,6 +10,10 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep W 💣 github.com/alexbrainman/sspi from github.com/alexbrainman/sspi/negotiate+ W github.com/alexbrainman/sspi/internal/common from github.com/alexbrainman/sspi/negotiate W 💣 github.com/alexbrainman/sspi/negotiate from tailscale.com/net/tshttpproxy + github.com/coder/websocket from tailscale.com/control/controlhttp+ + github.com/coder/websocket/internal/errd from github.com/coder/websocket + github.com/coder/websocket/internal/util from github.com/coder/websocket + github.com/coder/websocket/internal/xsync from github.com/coder/websocket L github.com/coreos/go-iptables/iptables from tailscale.com/util/linuxfw W 💣 github.com/dblohm7/wingoes from tailscale.com/util/winutil/authenticode W 💣 github.com/dblohm7/wingoes/pe from tailscale.com/util/winutil/authenticode @@ -27,7 +31,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep L 💣 github.com/jsimonetti/rtnetlink from tailscale.com/net/interfaces+ L github.com/jsimonetti/rtnetlink/internal/unix from github.com/jsimonetti/rtnetlink github.com/kballard/go-shellquote from tailscale.com/cmd/tailscale/cli - github.com/klauspost/compress/flate from nhooyr.io/websocket 💣 github.com/mattn/go-colorable from tailscale.com/cmd/tailscale/cli 💣 github.com/mattn/go-isatty from github.com/mattn/go-colorable+ L 💣 github.com/mdlayher/netlink from github.com/jsimonetti/rtnetlink+ @@ -58,9 +61,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep W 💣 golang.zx2c4.com/wireguard/windows/tunnel/winipcfg from tailscale.com/net/interfaces+ gopkg.in/yaml.v2 from sigs.k8s.io/yaml k8s.io/client-go/util/homedir from tailscale.com/cmd/tailscale/cli - nhooyr.io/websocket from tailscale.com/derp/derphttp+ - nhooyr.io/websocket/internal/errd from nhooyr.io/websocket - nhooyr.io/websocket/internal/xsync from nhooyr.io/websocket sigs.k8s.io/yaml from tailscale.com/cmd/tailscale/cli software.sslmate.com/src/go-pkcs12 from tailscale.com/cmd/tailscale/cli software.sslmate.com/src/go-pkcs12/internal/rc2 from software.sslmate.com/src/go-pkcs12 @@ -103,7 +103,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep tailscale.com/net/tlsdial from tailscale.com/derp/derphttp+ tailscale.com/net/tsaddr from tailscale.com/net/interfaces+ 💣 tailscale.com/net/tshttpproxy from tailscale.com/derp/derphttp+ - tailscale.com/net/wsconn from tailscale.com/control/controlhttp+ tailscale.com/paths from tailscale.com/cmd/tailscale/cli+ tailscale.com/safesocket from tailscale.com/cmd/tailscale/cli+ tailscale.com/syncs from tailscale.com/net/netcheck+ @@ -195,6 +194,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep golang.org/x/time/rate from tailscale.com/cmd/tailscale/cli+ bufio from compress/flate+ bytes from bufio+ + cmp from net/netip+ compress/flate from compress/gzip+ compress/gzip from net/http compress/zlib from image/png+ @@ -249,7 +249,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep image/png from github.com/skip2/go-qrcode io from bufio+ io/fs from crypto/x509+ - io/ioutil from golang.org/x/sys/cpu+ + io/ioutil from github.com/mitchellh/go-ps+ log from expvar+ log/internal from log math from compress/flate+ @@ -278,6 +278,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep regexp from github.com/tailscale/goupnp/httpu+ regexp/syntax from regexp runtime/debug from tailscale.com/util/singleflight+ + slices from encoding/base32+ sort from compress/flate+ strconv from compress/flate+ strings from bufio+ diff --git a/cmd/tailscaled/depaware.txt b/cmd/tailscaled/depaware.txt index c5b6f7da7e60e..44cca8d96671e 100644 --- a/cmd/tailscaled/depaware.txt +++ b/cmd/tailscaled/depaware.txt @@ -75,6 +75,10 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de L github.com/aws/smithy-go/transport/http from github.com/aws/aws-sdk-go-v2/aws/middleware+ L github.com/aws/smithy-go/transport/http/internal/io from github.com/aws/smithy-go/transport/http L github.com/aws/smithy-go/waiter from github.com/aws/aws-sdk-go-v2/service/ssm + github.com/coder/websocket from tailscale.com/control/controlhttp+ + github.com/coder/websocket/internal/errd from github.com/coder/websocket + github.com/coder/websocket/internal/util from github.com/coder/websocket + github.com/coder/websocket/internal/xsync from github.com/coder/websocket L github.com/coreos/go-iptables/iptables from tailscale.com/util/linuxfw LD 💣 github.com/creack/pty from tailscale.com/ssh/tailssh W 💣 github.com/dblohm7/wingoes from github.com/dblohm7/wingoes/com+ @@ -104,7 +108,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de L 💣 github.com/jsimonetti/rtnetlink from tailscale.com/net/interfaces+ L github.com/jsimonetti/rtnetlink/internal/unix from github.com/jsimonetti/rtnetlink github.com/klauspost/compress from github.com/klauspost/compress/zstd - github.com/klauspost/compress/flate from nhooyr.io/websocket github.com/klauspost/compress/fse from github.com/klauspost/compress/huff0 github.com/klauspost/compress/huff0 from github.com/klauspost/compress/zstd github.com/klauspost/compress/internal/cpuinfo from github.com/klauspost/compress/zstd+ @@ -164,14 +167,14 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de W 💣 golang.zx2c4.com/wintun from github.com/tailscale/wireguard-go/tun+ W 💣 golang.zx2c4.com/wireguard/windows/tunnel/winipcfg from tailscale.com/net/dns+ gvisor.dev/gvisor/pkg/atomicbitops from gvisor.dev/gvisor/pkg/tcpip+ - gvisor.dev/gvisor/pkg/bits from gvisor.dev/gvisor/pkg/bufferv2 - 💣 gvisor.dev/gvisor/pkg/bufferv2 from gvisor.dev/gvisor/pkg/tcpip+ + gvisor.dev/gvisor/pkg/bits from gvisor.dev/gvisor/pkg/buffer + 💣 gvisor.dev/gvisor/pkg/buffer from gvisor.dev/gvisor/pkg/tcpip+ gvisor.dev/gvisor/pkg/context from gvisor.dev/gvisor/pkg/refs 💣 gvisor.dev/gvisor/pkg/gohacks from gvisor.dev/gvisor/pkg/state/wire+ gvisor.dev/gvisor/pkg/linewriter from gvisor.dev/gvisor/pkg/log gvisor.dev/gvisor/pkg/log from gvisor.dev/gvisor/pkg/context+ gvisor.dev/gvisor/pkg/rand from gvisor.dev/gvisor/pkg/tcpip/network/hash+ - gvisor.dev/gvisor/pkg/refs from gvisor.dev/gvisor/pkg/bufferv2+ + gvisor.dev/gvisor/pkg/refs from gvisor.dev/gvisor/pkg/buffer+ 💣 gvisor.dev/gvisor/pkg/sleep from gvisor.dev/gvisor/pkg/tcpip/transport/tcp 💣 gvisor.dev/gvisor/pkg/state from gvisor.dev/gvisor/pkg/atomicbitops+ gvisor.dev/gvisor/pkg/state/wire from gvisor.dev/gvisor/pkg/state @@ -179,13 +182,12 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de 💣 gvisor.dev/gvisor/pkg/sync/locking from gvisor.dev/gvisor/pkg/tcpip/stack gvisor.dev/gvisor/pkg/tcpip from gvisor.dev/gvisor/pkg/tcpip/header+ gvisor.dev/gvisor/pkg/tcpip/adapters/gonet from tailscale.com/wgengine/netstack - gvisor.dev/gvisor/pkg/tcpip/checksum from gvisor.dev/gvisor/pkg/bufferv2+ + 💣 gvisor.dev/gvisor/pkg/tcpip/checksum from gvisor.dev/gvisor/pkg/buffer+ gvisor.dev/gvisor/pkg/tcpip/hash/jenkins from gvisor.dev/gvisor/pkg/tcpip/stack+ gvisor.dev/gvisor/pkg/tcpip/header from gvisor.dev/gvisor/pkg/tcpip/header/parse+ gvisor.dev/gvisor/pkg/tcpip/header/parse from gvisor.dev/gvisor/pkg/tcpip/network/ipv4+ gvisor.dev/gvisor/pkg/tcpip/internal/tcp from gvisor.dev/gvisor/pkg/tcpip/stack+ - gvisor.dev/gvisor/pkg/tcpip/link/channel from tailscale.com/wgengine/netstack - gvisor.dev/gvisor/pkg/tcpip/network/hash from gvisor.dev/gvisor/pkg/tcpip/network/ipv4+ + gvisor.dev/gvisor/pkg/tcpip/network/hash from gvisor.dev/gvisor/pkg/tcpip/network/ipv4 gvisor.dev/gvisor/pkg/tcpip/network/internal/fragmentation from gvisor.dev/gvisor/pkg/tcpip/network/ipv4+ gvisor.dev/gvisor/pkg/tcpip/network/internal/ip from gvisor.dev/gvisor/pkg/tcpip/network/ipv4+ gvisor.dev/gvisor/pkg/tcpip/network/internal/multicast from gvisor.dev/gvisor/pkg/tcpip/network/ipv4+ @@ -206,9 +208,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de gvisor.dev/gvisor/pkg/waiter from gvisor.dev/gvisor/pkg/context+ inet.af/peercred from tailscale.com/ipn/ipnauth W 💣 inet.af/wf from tailscale.com/wf - nhooyr.io/websocket from tailscale.com/derp/derphttp+ - nhooyr.io/websocket/internal/errd from nhooyr.io/websocket - nhooyr.io/websocket/internal/xsync from nhooyr.io/websocket tailscale.com from tailscale.com/version tailscale.com/atomicfile from tailscale.com/ipn+ LD tailscale.com/chirp from tailscale.com/cmd/tailscaled @@ -282,7 +281,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de 💣 tailscale.com/net/tshttpproxy from tailscale.com/control/controlclient+ tailscale.com/net/tstun from tailscale.com/cmd/tailscaled+ tailscale.com/net/tstun/table from tailscale.com/net/tstun - tailscale.com/net/wsconn from tailscale.com/control/controlhttp+ tailscale.com/paths from tailscale.com/ipn/ipnlocal+ 💣 tailscale.com/portlist from tailscale.com/ipn/ipnlocal tailscale.com/safesocket from tailscale.com/client/tailscale+ @@ -371,7 +369,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de golang.org/x/crypto/cryptobyte from crypto/ecdsa+ golang.org/x/crypto/cryptobyte/asn1 from crypto/ecdsa+ golang.org/x/crypto/curve25519 from github.com/tailscale/golang-x-crypto/ssh+ - LD golang.org/x/crypto/ed25519 from golang.org/x/crypto/ssh+ + LD golang.org/x/crypto/ed25519 from github.com/tailscale/golang-x-crypto/ssh golang.org/x/crypto/hkdf from crypto/tls+ golang.org/x/crypto/nacl/box from tailscale.com/types/key golang.org/x/crypto/nacl/secretbox from golang.org/x/crypto/nacl/box @@ -410,6 +408,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de golang.org/x/time/rate from gvisor.dev/gvisor/pkg/tcpip/stack+ bufio from compress/flate+ bytes from bufio+ + cmp from net/netip+ compress/flate from compress/gzip+ compress/gzip from golang.org/x/net/http2+ W compress/zlib from debug/pe @@ -456,7 +455,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de hash from crypto+ hash/adler32 from tailscale.com/ipn/ipnlocal+ hash/crc32 from compress/gzip+ - hash/fnv from tailscale.com/wgengine/magicsock+ + hash/fnv from tailscale.com/wgengine/magicsock hash/maphash from go4.org/mem html from tailscale.com/ipn/ipnlocal+ io from bufio+ @@ -494,6 +493,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de runtime/debug from github.com/klauspost/compress/zstd+ runtime/pprof from tailscale.com/log/logheap+ runtime/trace from net/http/pprof + slices from encoding/base32+ sort from compress/flate+ strconv from compress/flate+ strings from bufio+ diff --git a/flake.lock b/flake.lock index 434501ed46a96..4c7ff4b1aa464 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -17,12 +17,15 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -33,11 +36,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1675153841, - "narHash": "sha256-EWvU3DLq+4dbJiukfhS7r6sWZyJikgXn6kNl7eHljW8=", + "lastModified": 1737370608, + "narHash": "sha256-hFA6SmioeqvGW/XvZa9bxniAeulksCOcj3kokdNT/YE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ea692c2ad1afd6384e171eabef4f0887d2b882d3", + "rev": "300081d0cc72df578b02d914df941b8ec62240e6", "type": "github" }, "original": { @@ -53,6 +56,21 @@ "flake-utils": "flake-utils", "nixpkgs": "nixpkgs" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 23ebe5b05b442..b1dcfef3e4673 100644 --- a/flake.nix +++ b/flake.nix @@ -107,7 +107,7 @@ gotools graphviz perl - go_1_20 + go_1_22 yarn ]; }; @@ -115,4 +115,4 @@ in flake-utils.lib.eachDefaultSystem (system: flakeForSystem nixpkgs system); } -# nix-direnv cache busting line: sha256-hWfdcvm2ief313JMgzDIispAnwi+D1iWsm0UHWOomxg= +# nix-direnv cache busting line: sha256-Yxx1iLyfQAma6d7AYS8hZf07tYnsU3x6fSWWxh1GjoM= diff --git a/go.mod b/go.mod index 07a0db673a3e8..74470d01ca4e3 100644 --- a/go.mod +++ b/go.mod @@ -76,7 +76,7 @@ require ( go4.org/mem v0.0.0-20220726221520-4f986261bf13 go4.org/netipx v0.0.0-20230728180743-ad4cb58a6516 golang.org/x/crypto v0.31.0 - golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 + golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa golang.org/x/mod v0.17.0 golang.org/x/net v0.32.0 golang.org/x/oauth2 v0.7.0 @@ -84,11 +84,11 @@ require ( golang.org/x/sys v0.28.0 golang.org/x/term v0.27.0 golang.org/x/time v0.5.0 - golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d + golang.org/x/tools v0.21.1-0.20240531212143-b6235391adb3 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 golang.zx2c4.com/wireguard/windows v0.5.3 gvisor.dev/gvisor v0.0.0-20240509041132-65b30f7869dc - honnef.co/go/tools v0.4.3 + honnef.co/go/tools v0.5.1 inet.af/peercred v0.0.0-20210906144145-0893ea02156a inet.af/tcpproxy v0.0.0-20221017015627-91f861402626 inet.af/wf v0.0.0-20221017222439-36129f591884 @@ -107,7 +107,7 @@ require ( github.com/Abirdcfly/dupword v0.0.11 // indirect github.com/Antonboom/errname v0.1.9 // indirect github.com/Antonboom/nilnil v0.1.4 // indirect - github.com/BurntSushi/toml v1.2.1 // indirect + github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c // indirect github.com/Djarvur/go-err113 v0.1.0 // indirect github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect @@ -331,7 +331,7 @@ require ( gitlab.com/digitalxero/go-conventional-commit v1.0.7 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp/typeparams v0.0.0-20230425010034-47ecfdc1ba53 // indirect + golang.org/x/exp/typeparams v0.0.0-20231108232855-2478ac86f678 // indirect golang.org/x/image v0.7.0 // indirect golang.org/x/text v0.21.0 // indirect gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect diff --git a/go.mod.sri b/go.mod.sri index ee1b34af2674d..341729f92554a 100644 --- a/go.mod.sri +++ b/go.mod.sri @@ -1 +1 @@ -sha256-hWfdcvm2ief313JMgzDIispAnwi+D1iWsm0UHWOomxg= +sha256-Yxx1iLyfQAma6d7AYS8hZf07tYnsU3x6fSWWxh1GjoM= diff --git a/go.sum b/go.sum index 9343c7d169173..0d3721c19c056 100644 --- a/go.sum +++ b/go.sum @@ -53,8 +53,8 @@ github.com/Antonboom/errname v0.1.9/go.mod h1:nLTcJzevREuAsgTbG85UsuiWpMpAqbKD1H github.com/Antonboom/nilnil v0.1.4 h1:yWIfwbCRDpJiJvs7Quz55dzeXCgORQyAG29N9/J5H2Q= github.com/Antonboom/nilnil v0.1.4/go.mod h1:iOov/7gRcXkeEU+EMGpBu2ORih3iyVEiWjeste1SJm8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c h1:pxW6RcqyfI9/kWtOwnv/G+AzdKuy2ZrqINhenH4HyNs= +github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ= github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= @@ -1209,12 +1209,12 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 h1:Di6/M8l0O2lCLc6VVRWhgCiApHV8MnQurBnFSHsQtNY= -golang.org/x/exp v0.0.0-20230725093048-515e97ebf090/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= -golang.org/x/exp/typeparams v0.0.0-20230425010034-47ecfdc1ba53 h1:w/MOPdQ1IoYoDou3L55ZbTx2Nhn7JAhX1BBZor8qChU= -golang.org/x/exp/typeparams v0.0.0-20230425010034-47ecfdc1ba53/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= +golang.org/x/exp/typeparams v0.0.0-20231108232855-2478ac86f678 h1:1P7xPZEwZMoBoz0Yze5Nx2/4pxj6nw9ZqHWXqP0iRgQ= +golang.org/x/exp/typeparams v0.0.0-20231108232855-2478ac86f678/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/image v0.1.0/go.mod h1:iyPr49SD/G/TBxYVB/9RRtGUT5eNbo2u4NamWeQcD5c= @@ -1554,8 +1554,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240531212143-b6235391adb3 h1:SHq4Rl+B7WvyM4XODon1LXtP7gcG49+7Jubt1gWWswY= +golang.org/x/tools v0.21.1-0.20240531212143-b6235391adb3/go.mod h1:bqv7PJ/TtlrzgJKhOAGdDUkUltQapRik/UEHubLVBWo= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1712,8 +1712,8 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.6/go.mod h1:pyyisuGw24ruLjrr1ddx39WE0y9OooInRzEYLhQB2YY= -honnef.co/go/tools v0.4.3 h1:o/n5/K5gXqk8Gozvs2cnL0F2S1/g1vcGCAx2vETjITw= -honnef.co/go/tools v0.4.3/go.mod h1:36ZgoUOrqOk1GxwHhyryEkq8FQWkUO2xGuSMhUCcdvA= +honnef.co/go/tools v0.5.1 h1:4bH5o3b5ZULQ4UrBmP+63W9r7qIkqJClEA9ko5YKx+I= +honnef.co/go/tools v0.5.1/go.mod h1:e9irvo83WDG9/irijV44wr3tbhcFeRnfpVlRqVwpzMs= howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM= howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g= inet.af/peercred v0.0.0-20210906144145-0893ea02156a h1:qdkS8Q5/i10xU2ArJMKYhVa1DORzBfYS/qA2UK2jheg= diff --git a/net/art/table_test.go b/net/art/table_test.go index 0885b3c02396d..c7003cb2f32c4 100644 --- a/net/art/table_test.go +++ b/net/art/table_test.go @@ -71,7 +71,7 @@ func TestComputePrefixSplit(t *testing.T) { // subtle, and all the test cases listed below come from // hard-earned debugging of malformed route tables. - var tests = []struct { + tests := []struct { // prefixA can be a /8, /16 or /24 (v4). // prefixB can be anything /9 or more specific. prefixA, prefixB string @@ -592,7 +592,7 @@ func TestInsertCompare(t *testing.T) { } if debugInsert { - t.Logf(fast.debugSummary()) + t.Log(fast.debugSummary()) } seenVals4 := map[*int]bool{} @@ -1019,7 +1019,6 @@ func BenchmarkTableGet(b *testing.B) { b.ReportMetric(lookups/elapsedSec, "addrs/s") b.ReportMetric(allocs/lookups, "allocs/op") b.ReportMetric(bytes/lookups, "B/op") - }) } diff --git a/safesocket/unixsocket.go b/safesocket/unixsocket.go index a915927428f3b..6c7a92eaf7b15 100644 --- a/safesocket/unixsocket.go +++ b/safesocket/unixsocket.go @@ -6,7 +6,6 @@ package safesocket import ( - "errors" "fmt" "log" "net" @@ -17,9 +16,6 @@ import ( ) func connect(s *ConnectionStrategy) (net.Conn, error) { - if runtime.GOOS == "js" { - return nil, errors.New("safesocket.Connect not yet implemented on js/wasm") - } return net.Dial("unix", s.path) } diff --git a/scripts/check_license_headers.sh b/scripts/check_license_headers.sh index 89a243b6332bf..c02d1d07f40c8 100755 --- a/scripts/check_license_headers.sh +++ b/scripts/check_license_headers.sh @@ -7,56 +7,60 @@ # directory tree have a correct-looking Tailscale license header. check_file() { - got=$1 + got=$1 - want=$(cat <&2 - exit 1 + echo "Usage: $0 rootdir" >&2 + exit 1 fi fail=0 for file in $(find $1 -name '*.go' -not -path '*/.git/*'); do - case $file in - $1/tempfork/*) - # Skip, tempfork of third-party code - ;; - $1/wgengine/router/ifconfig_windows.go) - # WireGuard copyright. - ;; - $1/cmd/tailscale/cli/authenticode_windows.go) - # WireGuard copyright. - ;; - *_string.go) - # Generated file from go:generate stringer - ;; - $1/control/controlbase/noiseexplorer_test.go) - # Noiseexplorer.com copyright. - ;; - */zsyscall_windows.go) - # Generated syscall wrappers - ;; - *) - header="$(head -2 $file)" - if ! check_file "$header"; then - fail=1 - echo "${file#$1/} doesn't have the right copyright header:" - echo "$header" | sed -e 's/^/ /g' - fi - ;; - esac + case $file in + $1/tempfork/*) + # Skip, tempfork of third-party code + ;; + $1/wgengine/router/ifconfig_windows.go) + # WireGuard copyright. + ;; + $1/cmd/tailscale/cli/authenticode_windows.go) + # WireGuard copyright. + ;; + *_string.go) + # Generated file from go:generate stringer + ;; + $1/control/controlbase/noiseexplorer_test.go) + # Noiseexplorer.com copyright. + ;; + */zsyscall_windows.go) + # Generated syscall wrappers + ;; + $1/wgengine/netstack/endpoint.go) + # gVisor copyright + ;; + *) + header="$(head -2 $file)" + if ! check_file "$header"; then + fail=1 + echo "${file#$1/} doesn't have the right copyright header:" + echo "$header" | sed -e 's/^/ /g' + fi + ;; + esac done if [ $fail -ne 0 ]; then - exit 1 + exit 1 fi diff --git a/shell.nix b/shell.nix index 288775ca086f5..d5c78e08c5dc4 100644 --- a/shell.nix +++ b/shell.nix @@ -16,4 +16,4 @@ ) { src = ./.; }).shellNix -# nix-direnv cache busting line: sha256-hWfdcvm2ief313JMgzDIispAnwi+D1iWsm0UHWOomxg= +# nix-direnv cache busting line: sha256-Yxx1iLyfQAma6d7AYS8hZf07tYnsU3x6fSWWxh1GjoM= diff --git a/ssh/tailssh/tailssh.go b/ssh/tailssh/tailssh.go index 274f8cc709fa6..028f4e9048d45 100644 --- a/ssh/tailssh/tailssh.go +++ b/ssh/tailssh/tailssh.go @@ -23,7 +23,6 @@ import ( "os" "os/exec" "path/filepath" - "runtime" "strconv" "strings" "sync" @@ -47,9 +46,7 @@ import ( "tailscale.com/util/multierr" ) -var ( - sshVerboseLogging = envknob.RegisterBool("TS_DEBUG_SSH_VLOG") -) +var sshVerboseLogging = envknob.RegisterBool("TS_DEBUG_SSH_VLOG") const ( // forcePasswordSuffix is the suffix at the end of a username that forces @@ -1870,9 +1867,6 @@ func envValFromList(env []string, wantKey string) (v string) { // envEq reports whether environment variable a == b for the current // operating system. func envEq(a, b string) bool { - if runtime.GOOS == "windows" { - return strings.EqualFold(a, b) - } return a == b } diff --git a/ssh/tailssh/tailssh_test.go b/ssh/tailssh/tailssh_test.go index fac2c70e68b2c..f281e31bd20a9 100644 --- a/ssh/tailssh/tailssh_test.go +++ b/ssh/tailssh/tailssh_test.go @@ -99,7 +99,8 @@ func TestMatchRule(t *testing.T) { Action: someAction, SSHUsers: map[string]string{ "*": "ubuntu", - }}, + }, + }, ci: &sshConnInfo{}, wantErr: errPrincipalMatch, }, @@ -290,7 +291,6 @@ func (ts *localState) WhoIs(ipp netip.AddrPort) (n *tailcfg.Node, u tailcfg.User }, tailcfg.UserProfile{ LoginName: "peer", }, true - } func (ts *localState) DoNoiseRequest(req *http.Request) (*http.Response, error) { @@ -1049,7 +1049,6 @@ func TestPublicKeyFetching(t *testing.T) { if got, want := atomic.LoadInt32(&reqsIfNoneMatchMiss), int32(0); got != want { t.Errorf("got %d etag misses; want %d", got, want) } - } func TestExpandPublicKeyURL(t *testing.T) { @@ -1102,10 +1101,14 @@ func TestPathFromPAMEnvLine(t *testing.T) { want string }{ {"", u, ""}, - {`PATH DEFAULT="/run/wrappers/bin:@{HOME}/.nix-profile/bin:/etc/profiles/per-user/@{PAM_USER}/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"`, - u, "/run/wrappers/bin:/Homes/Foo/.nix-profile/bin:/etc/profiles/per-user/foo/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"}, - {`PATH DEFAULT="@{SOMETHING_ELSE}:nope:@{HOME}"`, - u, ""}, + { + `PATH DEFAULT="/run/wrappers/bin:@{HOME}/.nix-profile/bin:/etc/profiles/per-user/@{PAM_USER}/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"`, + u, "/run/wrappers/bin:/Homes/Foo/.nix-profile/bin:/etc/profiles/per-user/foo/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin", + }, + { + `PATH DEFAULT="@{SOMETHING_ELSE}:nope:@{HOME}"`, + u, "", + }, } for i, tt := range tests { got := pathFromPAMEnvLine([]byte(tt.line), tt.u) @@ -1123,8 +1126,10 @@ func TestExpandDefaultPathTmpl(t *testing.T) { want string }{ {"", u, ""}, - {`/run/wrappers/bin:@{HOME}/.nix-profile/bin:/etc/profiles/per-user/@{PAM_USER}/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin`, - u, "/run/wrappers/bin:/Homes/Foo/.nix-profile/bin:/etc/profiles/per-user/foo/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"}, + { + `/run/wrappers/bin:@{HOME}/.nix-profile/bin:/etc/profiles/per-user/@{PAM_USER}/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin`, + u, "/run/wrappers/bin:/Homes/Foo/.nix-profile/bin:/etc/profiles/per-user/foo/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin", + }, {`@{SOMETHING_ELSE}:nope:@{HOME}`, u, ""}, } for i, tt := range tests { @@ -1160,3 +1165,24 @@ func TestStdOsUserUserAssumptions(t *testing.T) { t.Errorf("os/user.User has %v fields; this package assumes %v", got, want) } } + +func Test_envEq(t *testing.T) { + tests := []struct { + name string // description of this test case + // Named input parameters for target function. + a string + b string + want bool + }{ + // TODO: Add test cases. + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := envEq(tt.a, tt.b) + // TODO: update the condition below to compare got with tt.want. + if true { + t.Errorf("envEq() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/tool/gocross/autoflags.go b/tool/gocross/autoflags.go index b914759fb7d61..edc0481bc7fcc 100644 --- a/tool/gocross/autoflags.go +++ b/tool/gocross/autoflags.go @@ -37,7 +37,7 @@ func autoflagsForTest(argv []string, env *Environment, goroot, nativeGOOS, nativ cgoCflags = []string{"-O3", "-std=gnu11"} cgoLdflags []string ldflags []string - tags = []string{"tailscale_go"} + tags = []string{} cgo = false failReflect = false ) diff --git a/tool/gocross/autoflags_test.go b/tool/gocross/autoflags_test.go index c8007c40df20b..2002888697ade 100644 --- a/tool/gocross/autoflags_test.go +++ b/tool/gocross/autoflags_test.go @@ -53,7 +53,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static'", "./cmd/tailcontrol", }, @@ -78,7 +78,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "install", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static'", "./cmd/tailcontrol", }, @@ -106,7 +106,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static'", "./cmd/tailcontrol", }, @@ -134,7 +134,6 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg", "./cmd/tailcontrol", }, @@ -159,7 +158,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "test", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static'", "-race", "./cmd/tailcontrol", @@ -188,7 +187,6 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg -H windows -s", "./cmd/tailcontrol", }, @@ -213,7 +211,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,omitidna,omitpemdecrypt", + "-tags=omitidna,omitpemdecrypt", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg", "./cmd/tailcontrol", }, @@ -241,7 +239,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,omitidna,omitpemdecrypt", + "-tags=omitidna,omitpemdecrypt", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg", "./cmd/tailcontrol", }, @@ -269,7 +267,7 @@ TS_LINK_FAIL_REFLECT=1 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,omitidna,omitpemdecrypt", + "-tags=omitidna,omitpemdecrypt", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg", "./cmd/tailcontrol", }, @@ -301,7 +299,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,omitidna,omitpemdecrypt,ts_macext", + "-tags=omitidna,omitpemdecrypt,ts_macext", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg -w", "./cmd/tailcontrol", }, @@ -333,7 +331,7 @@ TS_LINK_FAIL_REFLECT=1 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,omitidna,omitpemdecrypt,ts_macext", + "-tags=omitidna,omitpemdecrypt,ts_macext", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg -w", "./cmd/tailcontrol", }, @@ -358,7 +356,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "go", "build", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static'", "./cmd/tailcontrol", }, @@ -383,7 +381,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "list", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static'", "./cmd/tailcontrol", }, @@ -411,7 +409,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static -L /my/glibc/path'", "./cmd/tailcontrol", }, diff --git a/tool/gocross/gocross-wrapper.sh b/tool/gocross/gocross-wrapper.sh index fc4a942252b6c..37a1afca78fa0 100755 --- a/tool/gocross/gocross-wrapper.sh +++ b/tool/gocross/gocross-wrapper.sh @@ -9,7 +9,7 @@ set -euo pipefail if [[ "${CI:-}" == "true" ]]; then - set -x + set -x fi # Locate a bootstrap toolchain and (re)build gocross if necessary. We run all of @@ -17,91 +17,38 @@ fi # accidentally mutate the input environment that will get passed to gocross at # the bottom of this script. ( -repo_root="${BASH_SOURCE%/*}/../.." - -# Figuring out if gocross needs a rebuild, as well as the rebuild itself, need -# to happen with CWD inside this repo. Since we're in a subshell entirely -# dedicated to wrangling gocross and toolchains, cd over now before doing -# anything further so that the rest of this logic works the same if gocross is -# being invoked from somewhere else. -cd "$repo_root" - -toolchain="$HOME/.cache/tailscale-go" - -if [[ -d "$toolchain" ]]; then - # A toolchain exists, but is it recent enough to compile gocross? If not, - # wipe it out so that the next if block fetches a usable one. - want_go_minor=$(grep -E '^go ' "go.mod" | cut -f2 -d'.') - have_go_minor=$(head -1 "$toolchain/VERSION" | cut -f2 -d'.') - # Shortly before stable releases, we run release candidate - # toolchains, which have a non-numeric suffix on the version - # number. Remove the rc qualifier, we just care about the minor - # version. - have_go_minor="${have_go_minor%rc*}" - if [[ -z "$have_go_minor" || "$have_go_minor" -lt "$want_go_minor" ]]; then - rm -rf "$toolchain" "$toolchain.extracted" + repo_root="${BASH_SOURCE%/*}/../.." + + # Figuring out if gocross needs a rebuild, as well as the rebuild itself, need + # to happen with CWD inside this repo. Since we're in a subshell entirely + # dedicated to wrangling gocross and toolchains, cd over now before doing + # anything further so that the rest of this logic works the same if gocross is + # being invoked from somewhere else. + cd "$repo_root" + + # Binaries run with `gocross run` can reinvoke gocross, resulting in a + # potentially fancy build that invokes external linkers, might be + # cross-building for other targets, and so forth. In one hilarious + # case, cmd/cloner invokes go with GO111MODULE=off at some stage. + # + # Anyway, build gocross in a stripped down universe. + gocross_path="gocross" + gocross_ok=0 + wantver="$(git rev-parse HEAD)" + if [[ -x "$gocross_path" ]]; then + gotver="$($gocross_path gocross-version 2>/dev/null || echo '')" + if [[ "$gotver" == "$wantver" ]]; then + gocross_ok=1 fi -fi -if [[ ! -d "$toolchain" ]]; then - mkdir -p "$HOME/.cache" - - # We need any Go toolchain to build gocross, but the toolchain also has to - # be reasonably recent because we upgrade eagerly and gocross might not - # build with Go N-1. So, if we have no cached tailscale toolchain at all, - # fetch the initial one in shell. Once gocross is built, it'll manage - # updates. - read -r REV "$toolchain.extracted" - rm -f "$toolchain.tar.gz" - ;; - esac -fi - -# Binaries run with `gocross run` can reinvoke gocross, resulting in a -# potentially fancy build that invokes external linkers, might be -# cross-building for other targets, and so forth. In one hilarious -# case, cmd/cloner invokes go with GO111MODULE=off at some stage. -# -# Anyway, build gocross in a stripped down universe. -gocross_path="gocross" -gocross_ok=0 -wantver="$(git rev-parse HEAD)" -if [[ -x "$gocross_path" ]]; then - gotver="$($gocross_path gocross-version 2>/dev/null || echo '')" - if [[ "$gotver" == "$wantver" ]]; then - gocross_ok=1 - fi -fi -if [[ "$gocross_ok" == "0" ]]; then + fi + if [[ "$gocross_ok" == "0" ]]; then unset GOOS unset GOARCH unset GO111MODULE unset GOROOT export CGO_ENABLED=0 - "$toolchain/bin/go" build -o "$gocross_path" -ldflags "-X tailscale.com/version.gitCommitStamp=$wantver" tailscale.com/tool/gocross -fi + go build -o "$gocross_path" -ldflags "-X tailscale.com/version.gitCommitStamp=$wantver" tailscale.com/tool/gocross + fi ) # End of the subshell execution. exec "${BASH_SOURCE%/*}/../../gocross" "$@" diff --git a/tool/gocross/gocross.go b/tool/gocross/gocross.go index f9f271fcf12e3..63cb6ff03b158 100644 --- a/tool/gocross/gocross.go +++ b/tool/gocross/gocross.go @@ -15,7 +15,9 @@ import ( _ "embed" "fmt" "os" + "os/exec" "path/filepath" + "runtime" "tailscale.com/atomicfile" "tailscale.com/version" @@ -36,23 +38,6 @@ func main() { // regular go binary, so it can be used to detect when `go` is // actually gocross. os.Exit(0) - case "make-goroot": - _, gorootDir, err := getToolchain() - if err != nil { - fmt.Fprintf(os.Stderr, "getting toolchain: %v\n", err) - os.Exit(1) - } - - fmt.Println(gorootDir) - os.Exit(0) - case "gocross-get-toolchain-go": - toolchain, _, err := getToolchain() - if err != nil { - fmt.Fprintf(os.Stderr, "getting toolchain: %v\n", err) - os.Exit(1) - } - fmt.Println(filepath.Join(toolchain, "bin/go")) - os.Exit(0) case "gocross-write-wrapper-script": if len(os.Args) != 3 { fmt.Fprintf(os.Stderr, "usage: gocross write-wrapper-script \n") @@ -66,26 +51,14 @@ func main() { } } - toolchain, goroot, err := getToolchain() - if err != nil { - fmt.Fprintf(os.Stderr, "getting toolchain: %v\n", err) - os.Exit(1) - } - args := os.Args if os.Getenv("GOCROSS_BYPASS") == "" { - newArgv, env, err := Autoflags(os.Args, goroot) + newArgv, env, err := Autoflags(os.Args, runtime.GOROOT()) if err != nil { fmt.Fprintf(os.Stderr, "computing flags: %v\n", err) os.Exit(1) } - // Make sure the right version of cmd/go is the first thing in the PATH - // for tests that execute `go build` or `go test`. - // TODO: if we really need to do this, do it inside Autoflags, not here. - path := filepath.Join(toolchain, "bin") + string(os.PathListSeparator) + os.Getenv("PATH") - env.Set("PATH", path) - debug("Input: %s\n", formatArgv(os.Args)) debug("Command: %s\n", formatArgv(newArgv)) debug("Set the following flags/envvars:\n%s\n", env.Diff()) @@ -95,10 +68,18 @@ func main() { fmt.Fprintf(os.Stderr, "modifying environment: %v\n", err) os.Exit(1) } + } + cmd, err := exec.LookPath("go") + if err == nil { + cmd, err = filepath.Abs(cmd) + } + if err != nil { + fmt.Fprintf(os.Stderr, "looking up Go binary path: %v\n", err) + os.Exit(1) } - doExec(filepath.Join(toolchain, "bin/go"), args, os.Environ()) + doExec(cmd, args, os.Environ()) } //go:embed gocross-wrapper.sh diff --git a/tool/gocross/goroot.go b/tool/gocross/goroot.go deleted file mode 100644 index 58d025da562dc..0000000000000 --- a/tool/gocross/goroot.go +++ /dev/null @@ -1,90 +0,0 @@ -// Copyright (c) Tailscale Inc & AUTHORS -// SPDX-License-Identifier: BSD-3-Clause - -package main - -import ( - "errors" - "fmt" - "io" - "io/fs" - "os" - "path/filepath" -) - -// makeGoroot constructs a GOROOT-like file structure in outPath, -// which consists of toolchainRoot except for the `go` binary, which -// points to gocross. -// -// It's useful for integrating with tooling that expects to be handed -// a GOROOT, like the Goland IDE or depaware. -func makeGoroot(toolchainRoot, outPath string) error { - self, err := os.Executable() - if err != nil { - return fmt.Errorf("getting gocross's path: %v", err) - } - - os.RemoveAll(outPath) - if err := os.MkdirAll(filepath.Join(outPath, "bin"), 0750); err != nil { - return fmt.Errorf("making %q: %v", outPath, err) - } - if err := os.Symlink(self, filepath.Join(outPath, "bin/go")); err != nil { - return fmt.Errorf("linking gocross into outpath: %v", err) - } - - if err := linkFarm(toolchainRoot, outPath); err != nil { - return fmt.Errorf("creating GOROOT link farm: %v", err) - } - if err := linkFarm(filepath.Join(toolchainRoot, "bin"), filepath.Join(outPath, "bin")); err != nil { - return fmt.Errorf("creating GOROOT/bin link farm: %v", err) - } - - return nil -} - -func copyFile(src, dst string) error { - s, err := os.Open(src) - if err != nil { - return fmt.Errorf("opening %q: %v", src, err) - } - defer s.Close() - - d, err := os.OpenFile(dst, os.O_RDWR|os.O_CREATE, 0755) - if err != nil { - return fmt.Errorf("opening %q: %v", dst, err) - } - - if _, err := io.Copy(d, s); err != nil { - d.Close() - return fmt.Errorf("copying %q to %q: %v", src, dst, err) - } - - if err := d.Close(); err != nil { - return fmt.Errorf("closing %q: %v", dst, err) - } - - return nil -} - -// linkFarm symlinks every entry in srcDir into outDir, unless that -// directory entry already exists. -func linkFarm(srcDir, outDir string) error { - ents, err := os.ReadDir(srcDir) - if err != nil { - return fmt.Errorf("reading %q: %v", srcDir, err) - } - - for _, ent := range ents { - dst := filepath.Join(outDir, ent.Name()) - _, err := os.Lstat(dst) - if errors.Is(err, fs.ErrNotExist) { - if err := os.Symlink(filepath.Join(srcDir, ent.Name()), dst); err != nil { - return fmt.Errorf("symlinking %q to %q: %v", ent.Name(), outDir, err) - } - } else if err != nil { - return fmt.Errorf("stat-ing %q: %v", dst, err) - } - } - - return nil -} diff --git a/tool/gocross/toolchain.go b/tool/gocross/toolchain.go deleted file mode 100644 index 5980dff046268..0000000000000 --- a/tool/gocross/toolchain.go +++ /dev/null @@ -1,189 +0,0 @@ -// Copyright (c) Tailscale Inc & AUTHORS -// SPDX-License-Identifier: BSD-3-Clause - -package main - -import ( - "bytes" - "fmt" - "io" - "net/http" - "os" - "os/exec" - "path/filepath" - "runtime" -) - -func toolchainRev() (string, error) { - // gocross gets built in the root of the repo that has toolchain - // information, so we can use os.Args[0] to locate toolchain info. - // - // We might be getting invoked via the synthetic goroot that we create, so - // walk symlinks to find the true location of gocross. - start, err := os.Executable() - if err != nil { - return "", err - } - start, err = filepath.EvalSymlinks(start) - if err != nil { - return "", fmt.Errorf("evaluating symlinks in %q: %v", os.Args[0], err) - } - start = filepath.Dir(start) - d := start -findTopLevel: - for { - if _, err := os.Lstat(filepath.Join(d, ".git")); err == nil { - break findTopLevel - } else if !os.IsNotExist(err) { - return "", fmt.Errorf("finding .git: %v", err) - } - d = filepath.Dir(d) - if d == "/" { - return "", fmt.Errorf("couldn't find .git starting from %q, cannot manage toolchain", start) - } - } - - return readRevFile(filepath.Join(d, "go.toolchain.rev")) -} - -func readRevFile(path string) (string, error) { - bs, err := os.ReadFile(path) - if err != nil { - return "", err - } - return string(bytes.TrimSpace(bs)), nil -} - -func getToolchain() (toolchainDir, gorootDir string, err error) { - cache := filepath.Join(os.Getenv("HOME"), ".cache") - toolchainDir = filepath.Join(cache, "tailscale-go") - gorootDir = filepath.Join(toolchainDir, "gocross-goroot") - - // You might wonder why getting the toolchain also provisions and returns a - // path suitable for use as GOROOT. Wonder no longer! - // - // A bunch of our tests and build processes involve re-invoking 'go build' - // or other build-ish commands (install, run, ...). These typically use - // runtime.GOROOT + "bin/go" to get at the Go binary. Even more edge case-y, - // tailscale.com/cmd/tsconnect needs to fish a javascript glue file out of - // GOROOT in order to build the javascript bundle for serving. - // - // Gocross always does a -trimpath on builds for reproducibility, which - // wipes out the burned-in runtime.GOROOT value from the binary. This means - // that using gocross on these various test and build processes ends up - // breaking with mysterious path errors. - // - // We don't want to stop using -trimpath, or otherwise make GOROOT work in - // "normal" builds, because that is a footgun that lets people accidentally - // create assumptions that the build toolchain is still around at runtime. - // Instead, we want to make 'go test' and 'go run' have access to GOROOT, - // while still removing it from standalone binaries. - // - // So, construct and pass a GOROOT to the actual 'go' invocation, which lets - // tests and build processes locate and use GOROOT. For consistency, the - // GOROOT that's passed in is a symlink farm that mostly points to the - // toolchain's underlying GOROOT, but 'bin/go' points back to gocross. This - // means that if you invoke 'go test' via gocross, and that test tries to - // build code, that build will also end up using gocross. - - if err := ensureToolchain(cache, toolchainDir); err != nil { - return "", "", err - } - if err := ensureGoroot(toolchainDir, gorootDir); err != nil { - return "", "", err - } - - return toolchainDir, gorootDir, nil -} - -func ensureToolchain(cacheDir, toolchainDir string) error { - stampFile := toolchainDir + ".extracted" - - wantRev, err := toolchainRev() - if err != nil { - return err - } - gotRev, err := readRevFile(stampFile) - if err != nil { - return fmt.Errorf("reading stamp file %q: %v", stampFile, err) - } - if gotRev == wantRev { - // Toolchain already good. - return nil - } - - if err := os.RemoveAll(toolchainDir); err != nil { - return err - } - if err := os.RemoveAll(stampFile); err != nil { - return err - } - - if filepath.IsAbs(wantRev) { - // Local dev toolchain. - if err := os.Symlink(wantRev, toolchainDir); err != nil { - return err - } - return nil - } else { - if err := downloadCachedgo(toolchainDir, wantRev); err != nil { - return err - } - } - - if err := os.WriteFile(stampFile, []byte(wantRev), 0644); err != nil { - return err - } - - return nil -} - -func ensureGoroot(toolchainDir, gorootDir string) error { - if _, err := os.Stat(gorootDir); err == nil { - return nil - } else if !os.IsNotExist(err) { - return err - } - return makeGoroot(toolchainDir, gorootDir) - -} - -func downloadCachedgo(toolchainDir, toolchainRev string) error { - url := fmt.Sprintf("https://github.com/tailscale/go/releases/download/build-%s/%s-%s.tar.gz", toolchainRev, runtime.GOOS, runtime.GOARCH) - - archivePath := toolchainDir + ".tar.gz" - f, err := os.Create(archivePath) - if err != nil { - return err - } - - resp, err := http.Get(url) - if err != nil { - return err - } - defer resp.Body.Close() - if resp.StatusCode != 200 { - return fmt.Errorf("failed to get %q: %v", url, resp.Status) - } - if _, err := io.Copy(f, resp.Body); err != nil { - return err - } - if err := f.Close(); err != nil { - return err - } - - if err := os.MkdirAll(toolchainDir, 0755); err != nil { - return err - } - cmd := exec.Command("tar", "--strip-components=1", "-xf", archivePath) - cmd.Dir = toolchainDir - if err := cmd.Run(); err != nil { - return err - } - - if err := os.RemoveAll(archivePath); err != nil { - return err - } - - return nil -} diff --git a/tstest/integration/vms/distros.go b/tstest/integration/vms/distros.go index ea43e271b5448..c227ad761b326 100644 --- a/tstest/integration/vms/distros.go +++ b/tstest/integration/vms/distros.go @@ -11,7 +11,8 @@ import ( "github.com/tailscale/hujson" ) -// go:generate go run ./gen +// Commenting out the following line so that staticcheck does not complain +// // go:generate go run ./gen type Distro struct { Name string // amazon-linux diff --git a/version_test.go b/version_test.go index 33c22dd79f4fb..1f434e682f1d6 100644 --- a/version_test.go +++ b/version_test.go @@ -16,7 +16,7 @@ func TestDockerfileVersion(t *testing.T) { if err != nil { t.Fatal(err) } - m := regexp.MustCompile(`(?m)^go (\d\.\d+)\r?$`).FindStringSubmatch(string(goMod)) + m := regexp.MustCompile(`(?m)^go (\d\.\d+)\r?($|\.)`).FindStringSubmatch(string(goMod)) if m == nil { t.Fatalf("didn't find go version in go.mod") } diff --git a/wgengine/magicsock/magicsock_test.go b/wgengine/magicsock/magicsock_test.go index c753a7266b916..ee5a390f47110 100644 --- a/wgengine/magicsock/magicsock_test.go +++ b/wgengine/magicsock/magicsock_test.go @@ -1640,7 +1640,6 @@ func TestEndpointSetsEqual(t *testing.T) { t.Errorf("%q vs %q = %v; want %v", tt.a, tt.b, got, tt.want) } } - } func TestBetterAddr(t *testing.T) { @@ -1746,7 +1745,6 @@ func TestBetterAddr(t *testing.T) { t.Errorf("[%d] betterAddr(%+v, %+v) and betterAddr(%+v, %+v) both unexpectedly true", i, tt.a, tt.b, tt.b, tt.a) } } - } func epStrings(eps []tailcfg.Endpoint) (ret []string) { @@ -3017,12 +3015,14 @@ func TestBlockEndpoints(t *testing.T) { // have a DERP connection due to newMagicStackFunc. ms.conn.mu.Lock() haveEndpoint := false - for _, ep := range ms.conn.lastEndpoints { + + if len(ms.conn.lastEndpoints) > 0 { + ep := ms.conn.lastEndpoints[0] if ep.Addr.Addr() == tailcfg.DerpMagicIPAddr { t.Fatal("DERP IP in endpoints list?", ep.Addr) } + haveEndpoint = true - break } ms.conn.mu.Unlock() if !haveEndpoint {