mirrors
/
tailscale
mirror of https://github.com/tailscale/tailscale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ipn{,/localapi,ipnlocal}: infer cert dir from state file location 

This fixes "tailscale cert" on Synology where the var directory is
typically like /volume2/@appdata/Tailscale, or any other tailscaled
user who specifies a non-standard state file location.

This is a interim fix on the way to #2932.

Fixes #2927
Updates #2932

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2021-09-27 13:31:40 -07:00 committed by Brad Fitzpatrick
parent 29fa8c17d2
commit 3b3994f0db
3 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
ipn/ipnlocal/local.go
View File

@ -1935,14 +1935,29 @@ func normalizeResolver(cfg dnstype.Resolver) dnstype.Resolver {
return cfg return cfg
} }
// tailscaleVarRoot returns the root directory of Tailscale's writable // TailscaleVarRoot returns the root directory of Tailscale's writable
// storage area. (e.g. "/var/lib/tailscale") // storage area. (e.g. "/var/lib/tailscale")
func tailscaleVarRoot() string { //
// It returns an empty string if there's no configured or discovered
// location.
func (b *LocalBackend) TailscaleVarRoot() string {
switch runtime.GOOS { switch runtime.GOOS {
case "ios", "android": case "ios", "android":
dir, _ := paths.AppSharedDir.Load().(string) dir, _ := paths.AppSharedDir.Load().(string)
return dir return dir
} }
// Temporary (2021-09-27) transitional fix for #2927 (Synology
// cert dir) on the way towards a more complete fix
// (#2932). It fixes any case where the state file is provided
// to tailscaled explicitly when it's not in the default
// location.
if fs, ok := b.store.(*ipn.FileStore); ok {
if fp := fs.Path(); fp != "" {
if dir := filepath.Dir(fp); strings.EqualFold(filepath.Base(dir), "tailscale") {
return dir
}
}
}
stateFile := paths.DefaultTailscaledStateFile() stateFile := paths.DefaultTailscaledStateFile()
if stateFile == "" { if stateFile == "" {
return "" return ""
@ -1954,7 +1969,7 @@ func (b *LocalBackend) fileRootLocked(uid tailcfg.UserID) string {
if v := b.directFileRoot; v != "" { if v := b.directFileRoot; v != "" {
return v return v
} }
varRoot := tailscaleVarRoot() varRoot := b.TailscaleVarRoot()
if varRoot == "" { if varRoot == "" {
b.logf("peerapi disabled; no state directory") b.logf("peerapi disabled; no state directory")
return "" return ""

9
ipn/localapi/cert.go
View File

@ -36,7 +36,6 @@ import (
"golang.org/x/crypto/acme" "golang.org/x/crypto/acme"
"tailscale.com/ipn/ipnstate" "tailscale.com/ipn/ipnstate"
"tailscale.com/paths"
"tailscale.com/types/logger" "tailscale.com/types/logger"
) )
@ -53,11 +52,11 @@ var (
) )
func (h *Handler) certDir() (string, error) { func (h *Handler) certDir() (string, error) {
base := paths.DefaultTailscaledStateFile() d := h.b.TailscaleVarRoot()
if base == "" { if d == "" {
return "", errors.New("no default DefaultTailscaledStateFile") return "", errors.New("no TailscaleVarRoot")
} }
full := filepath.Join(filepath.Dir(base), "certs") full := filepath.Join(d, "certs")
if err := os.MkdirAll(full, 0700); err != nil { if err := os.MkdirAll(full, 0700); err != nil {
return "", err return "", err
} }

3
ipn/store.go
View File

@ -166,6 +166,9 @@ type FileStore struct {
cache map[StateKey][]byte cache map[StateKey][]byte
} }
// Path returns the path that NewFileStore was called with.
func (s *FileStore) Path() string { return s.path }
func (s *FileStore) String() string { return fmt.Sprintf("FileStore(%q)", s.path) } func (s *FileStore) String() string { return fmt.Sprintf("FileStore(%q)", s.path) }
// NewFileStore returns a new file store that persists to path. // NewFileStore returns a new file store that persists to path.