Commit Graph

33 Commits

Author SHA1 Message Date
Chris Palmer f66dc8dc0a
clientupdate: check for privileges earlier (#9964)
Fixes #9963

Signed-off-by: Chris Palmer <cpalmer@tailscale.com>
2023-10-27 10:43:50 -07:00
Andrew Lytvynov 8326fdd60f
clientupdate: disable auto-updates on Synology for now (#9965)
Updates #755

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-10-25 16:02:46 -04:00
Andrew Lytvynov d3bc575f35
cmd/tailscale/cli: set Sparkle auto-update on macsys (#9952)
On `tailscale set --auto-update`, set the Sparkle plist option for it.
Also make macsys report not supporting auto-updates over c2n, since they
will be triggered by Sparkle locally.

Updates #755

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-10-24 12:17:55 -06:00
Andrew Lytvynov 593c086866
clientupdate: distinguish when auto-updates are possible (#9896)
clientupdate.Updater will have a non-nil Update func in a few cases
where it doesn't actually perform an update:
* on Arch-like distros, where it prints instructions on how to update
* on macOS app store version, where it opens the app store page

Add a new clientupdate.Arguments field to cause NewUpdater to fail when
we hit one of these cases. This results in c2n updates being "not
supported" and `tailscale set --auto-update` returning an error.

Updates #755

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-10-23 18:21:54 -07:00
Andrew Lytvynov e561f1ce61
clientupdate: manually restart Windows GUI after update (#9906)
When updating via c2n, `tailscale.exe update` runs from `tailscaled.exe`
which runs as SYSTEM. The MSI installer does not start the GUI when
running as SYSTEM. This results in Tailscale just existing on
auto-update, which is ungood.

Instead, always ask the MSI installer to not launch the GUI (via
`TS_NOLAUNCH` argument) and launch it manually with a token from the
current logged in user. The token code was borrowed from
d9081d6ba2/net/dns/wsl_windows.go (L207-L232)

Also, make some logging changes so that these issues are easier to debug
in the future.

Updates #755

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-10-23 10:24:57 -07:00
Andrew Lytvynov 70f9c8a6ed
clientupdate: change Mac App Store support (#9891)
In the sandboxed app from the app store, we cannot check
`/Library/Preferences/com.apple.commerce.plist` or run `softwareupdate`.
We can at most print a helpful message and open the app store page.

Also, reenable macsys update function to mark it as supporting c2n
updates. macsys support in `tailscale update` was fixed.

Updates #755

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-10-20 08:58:41 -07:00
Andrew Lytvynov 77127a2494
clientupdate: fix background install for linux tarballs (#9852)
Two bug fixes:
1. when tailscale update is executed as root, `os.UserCacheDir` may
   return an error because `$XDG_CACHE_HOME` and `$HOME` are not set;
   fallback to `os.TempDir` in those cases
2. on some weird distros (like my EndeavourOS), `/usr/sbin` is just a
   symlink to `/usr/bin`; when we resolve `tailscale` binary path from
   `tailscaled`, allow `tailscaled` to be in either directory

Updates #755

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-10-17 14:24:06 -07:00
Andrew Lytvynov 8a5b02133d
clientupdate: return ErrUnsupported for macSys clients (#9793)
The Sparkle-based update is not quite working yet. Make `NewUpdater`
return `ErrUnsupported` for it to avoid the proliferation of exceptions
up the stack.

Updates #755

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-10-16 09:14:14 -07:00
David Anderson 9f05018419 clientupdate/distsign: add new prod root signing key to keychain
Updates tailscale/corp#15179

Signed-off-by: David Anderson <danderson@tailscale.com>
2023-10-11 09:20:17 -07:00
Andrew Lytvynov 677d486830
clientupdate: abort if current version is newer than latest (#9733)
This is only relevant for unstable releases and local builds. When local
version is newer than upstream, abort release.

Also, re-add missing newlines in output that were missed in
https://github.com/tailscale/tailscale/pull/9694.

Updates #cleanup

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-10-10 17:01:44 -07:00
Andrew Lytvynov e6aa7b815d
clientupdate,cmd/tailscale/cli: use cli.Stdout/Stderr (#9694)
In case cli.Stdout/Stderr get overriden, all CLI output should use them
instead of os.Stdout/Stderr. Update the `update` command to follow this
pattern.

Updates #cleanup

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-10-06 12:00:15 -07:00
Brad Fitzpatrick b775a3799e util/httpm, all: add a test to make sure httpm is used consistently
Updates #cleanup

Change-Id: I7dbf8a02de22fc6b317ab5e29cc97792dd75352c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-10-03 09:26:13 -07:00
David Crawshaw 47ffbffa97
clientupdate: add root key (#9364)
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2023-09-12 15:24:01 -05:00
Andrew Lytvynov c0ade132e6
clientupdate: restart tailscale after install on DSM6 (#9363)
DSM6 does not automatically restart packages on install, we have to do
it explicitly.

Also, DSM6 has a filter for publishers in Package Center. Make the error
message more helpful when update fails because of this filter not
allowing our package.

Fixes #9361

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-09-12 13:08:00 -05:00
Andrew Lytvynov 1073b56e18
ipn/ipnlocal: add logging and locking to c2n /update (#9290)
Log some progress info to make updates more debuggable. Also, track
whether an active update is already started and return an error if
a concurrent update is attempted.

Some planned future PRs:
* add JSON output to `tailscale update`
* use JSON output from `tailscale update` to provide a more detailed
  status of in-progress update (stage, download progress, etc)

Updates #6907

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-09-08 14:26:55 -07:00
Aaron Klotz 7686ff6c46 Update clientupdate/distsign/distsign_test.go
Co-authored-by: Andrew Lytvynov <awly@tailscale.com>
Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2023-09-05 15:43:36 -06:00
Aaron Klotz 7d60c19d7d clientupdate/distsign: add ability to validate a binary that is already located on disk
Our build system caches files locally and only updates them when something
changes. Since I need to integrate some distsign stuff into the build system
to validate our Windows 7 MSIs, I want to be able to check the cached copy
of a package before downloading a fresh copy from pkgs.

If the signature changes, then obviously the local copy is outdated and we
return an error, at which point we call Download to refresh the package.

Updates https://github.com/tailscale/corp/issues/14334

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2023-09-05 15:43:36 -06:00
Craig Rodrigues 8683ce78c2 client/web, clientupdate, util/linuxfw, wgengine/magicsock: Use %v verb for errors
Replace %w verb with %v verb when logging errors.
Use %w only for wrapping errors with fmt.Errorf()

Fixes: #9213

Signed-off-by: Craig Rodrigues <rodrigc@crodrigues.org>
2023-09-02 14:06:48 -07:00
Andrew Lytvynov 4e72992900
clientupdate: add linux tarball updates (#9144)
As a fallback to package managers, allow updating tailscale that was
self-installed in some way. There are some tricky bits around updating
the systemd unit (should we stick to local binary paths or to the ones
in tailscaled.service?), so leaving that out for now.

Updates #6995

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-30 17:25:06 -06:00
Chris Palmer ce1e02096a
ipn/ipnlocal: support most Linuxes in handleC2NUpdate (#9114)
* ipn/ipnlocal: support most Linuxes in handleC2NUpdate

Updates #6995

Signed-off-by: Chris Palmer <cpalmer@tailscale.com>
2023-08-30 14:50:03 -07:00
Andrew Lytvynov abfe5d3879
clientupdate: detect when tailscale is installed without package manager (#9137)
On linux users can install Tailscale via package managers or direct
tarball downloads. Detect when Tailscale is not installed via a package
manager so we can pick the correct update mechanism. Leave the tarball
update function unimplemented for now (coming in next PR!).

Updates #6995
Updates #8760

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-29 17:36:05 -07:00
Andrew Lytvynov 67e48d9285
clientupdate: use SPKsVersion instead of Version (#9118)
Top-level Version in pkgs response is not always in sync with SPK
versions, especially on unstable track. It's very confusing when the
confirmation prompt asks you "update to 1.49.x?" and you end up updating
to 1.49.y.
Instead, grab the SPK-specific version field.

Updates #cleanup.

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-28 14:26:19 -07:00
Andrew Lytvynov 8d2eaa1956
clientupdate: download SPK and MSI packages with distsign (#9115)
Reimplement `downloadURLToFile` using `distsign.Download` and move all
of the progress reporting logic over there.

Updates #6995
Updates #755

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-28 13:48:33 -07:00
Andrew Lytvynov 18d9c92342
release/dist/cli: add verify-package-signature command (#9110)
Helper command to verify package signatures, mainly for debugging.
Also fix a copy-paste mistake in error message in distsign.

Updates #8760

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-28 10:52:05 -07:00
Andrew Lytvynov de9ba1c621
clientupdate/distsign/roots: add temporary dev root key (#9080)
Adding a root key that signs the current signing key on
pkgs.tailscale.com. This key is here purely for development and should
be replaced before 1.50 release.

Updates #8760

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-24 15:24:26 -07:00
Andrew Lytvynov 3b7ebeba2e
clientupdate: remove Arch support (#9081)
An Arch Linux maintainer asked us to not implement "tailscale update" on
Arch-based distros:
https://github.com/tailscale/tailscale/issues/6995#issuecomment-1687080106

Return an error to the user if they try to run "tailscale update".

Updates #6995

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-24 15:23:13 -07:00
Andrew Lytvynov d45af7c66f
release/dist/cli: add sign-key and verify-key-signature commands (#9041)
Now we have all the commands to generate the key hierarchy and verify
that signing keys were signed correctly:
```
$ ./tool/go run ./cmd/dist gen-key --priv-path root-priv.pem --pub-path root-pub.pem --root
wrote private key to root-priv.pem
wrote public key to root-pub.pem

$ ./tool/go run ./cmd/dist gen-key --priv-path signing-priv.pem --pub-path signing-pub.pem --signing
wrote private key to signing-priv.pem
wrote public key to signing-pub.pem

$ ./tool/go run ./cmd/dist sign-key --root-priv-path root-priv.pem --sign-pub-path signing-pub.pem
wrote signature to signature.bin

$ ./tool/go run ./cmd/dist verify-key-signature --root-pub-path root-pub.pem --sign-pub-path signing-pub.pem --sig-path signature.bin
signature ok
```

Updates #8760

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-24 10:54:42 -07:00
Andrew Lytvynov f61dd12f05
clientupdate/distsign: use distinct PEM types for root/signing keys (#9045)
To make key management less error-prone, use different PEM block types
for root and signing keys. As a result, separate out most of the Go code
between root/signing keys too.

Updates #8760

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-23 16:13:03 -07:00
Andrew Lytvynov 7364c6beec
clientupdate/distsign: add new library for package signing/verification (#8943)
This library is intended for use during release to sign packages which
are then served from pkgs.tailscale.com.
The library is also then used by clients downloading packages for
`tailscale update` where OS package managers / app stores aren't used.

Updates https://github.com/tailscale/tailscale/issues/8760
Updates https://github.com/tailscale/tailscale/issues/6995

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-22 13:35:30 -07:00
Andrew Lytvynov 86ad1ea60e
clientupdate: parse /etc/synoinfo.conf to get CPU arch (#8940)
The hardware version in `/proc/sys/kernel/syno_hw_version` does not map
exactly to versions in
https://github.com/SynoCommunity/spksrc/wiki/Synology-and-SynoCommunity-Package-Architectures.
It contains some slightly different version formats.

Instead, `/etc/synoinfo.conf` exists and contains a `unique` line with
the CPU architecture encoded. Parse that out and filter through the list
of architectures that we have SPKs for.

Tested on DS218 and DS413j.

Updates #8927

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-17 16:45:50 -07:00
Chris Palmer 37c0b9be63
clientupdate: return NOTREACHED for macsys (#8898)
* clientupdate: return NOTREACHED for macsys

The work is done in Swift; this is now a documentation placeholder.

Updates #6995

Signed-off-by: Chris Palmer <cpalmer@tailscale.com>
2023-08-16 14:01:10 -07:00
Andrew Lytvynov c40d095c35
clientupdate: implement updates for Synology (#8858)
Implement naive update for Synology packages, using latest versions from
pkgs.tailscale.com. This is naive because we completely trust
pkgs.tailscale.com to give us a safe package. We should switch this to
some better signing mechanism later.

I've only tested this on one DS218 box, so all the CPU architecture
munging is purely based on docs.

Updates #6995

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-11 14:55:07 -07:00
Andrew Lytvynov 215480a022
cmd/tailscale/cli,clientupdate: extract new clientupdate package (#8827)
Extract the self-update logic from cmd/tailscale/cli into a standalone
package that could be used from tailscaled later.

Updates #6995

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-08-10 17:01:22 -07:00