Go to file

Tom Proctor a6e19f2881 ipn/ipnlocal: allow cache hits for testing ACME certs (#15023 ) PR #14771 added support for getting certs from alternate ACME servers, but the certStore caching mechanism breaks unless you install the CA in system roots, because we check the validity of the cert before allowing a cache hit, which includes checking for a valid chain back to a trusted CA. For ease of testing, allow cert cache hits when the chain is unknown to avoid re-issuing the cert on every TLS request served. We will still get a cache miss when the cert has expired, as enforced by a test, and this makes it much easier to test against non-prod ACME servers compared to having to manage the installation of non-prod CAs on clients. Updates #14771 Change-Id: I74fe6593fe399bd135cc822195155e99985ec08a Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>		2025-03-11 14:09:46 +00:00
.bencher
.github	.github: Bump golangci/golangci-lint-action from 6.3.1 to 6.5.0 (#15046 )	2025-03-09 13:31:02 -06:00
appc	appc: fix a deadlock in route advertisements (#15031 )	2025-02-18 11:31:14 -08:00
atomicfile	atomicfile: use ReplaceFile on Windows so that attributes and ACLs are preserved	2025-01-15 13:57:37 -05:00
chirp
client	client/web: fix CSRF handler order in web UI (#15143 )	2025-02-27 11:58:45 -08:00
clientupdate	clientupdate: refuse to update in tsnet binaries (#14911 )	2025-02-04 15:51:03 -08:00
cmd	cmd/natc: error and log when IP range is exhausted	2025-03-10 10:20:22 -07:00
control	wgengine/magicsock: use learned DERP route as send path of last resort	2025-03-07 05:37:24 -08:00
derp	cmd/derper, derp/derphttp: support, generate self-signed IP address certs	2025-03-07 05:36:55 -08:00
disco
docs	ipn/ipnlocal,util/syspolicy,docs/windows/policy: implement the ReconnectAfter policy setting	2025-02-24 17:07:19 -06:00
doctor	net/{interfaces,netmon}, all: merge net/interfaces package into net/netmon	2024-04-28 07:34:52 -07:00
drive	cmd/viewer,all: consistently use "read-only" instead of "readonly"	2025-01-14 08:26:56 -08:00
envknob	envknob/featureknob: allow use of exit node on unraid (#14754 )	2025-01-26 15:35:58 +00:00
feature	feature/capture: move packet capture to feature/*, out of iOS + CLI	2025-01-24 17:52:43 -08:00
gokrazy	gokrazy/natlab: update gokrazy, wire up natlab tests to GitHub CI	2025-03-04 18:57:29 -08:00
health	health: relax no-derp-home warnable to not fire if not in map poll	2025-01-27 20:39:37 +00:00
hostinfo	feature/*: make Wake-on-LAN conditional, start supporting modular features	2025-01-22 17:16:15 -08:00
internal	client/tailscale,cmd/k8s-operator,internal/client/tailscale: move VIP service client methods into internal control client	2025-02-18 16:25:17 -06:00
ipn	ipn/ipnlocal: allow cache hits for testing ACME certs (#15023 )	2025-03-11 14:09:46 +00:00
jsondb
k8s-operator	cmd/k8s-operator: reinstate HA Ingress reconciler (#14887 )	2025-02-04 13:09:43 +00:00
kube	ipn/{ipnlocal,store},kube/kubeclient: store TLS cert and key pair to a Secret in a single operation. (#15147 )	2025-02-27 22:41:05 +00:00
licenses	licenses: update license notices	2025-03-05 08:54:00 -08:00
log	log/sockstatlog: don't block for more than 5s on shutdown	2024-07-12 17:50:11 +01:00
logpolicy	logpolicy: expose MaxBufferSize and MaxUploadSize options (#14903 )	2025-02-04 12:51:27 -08:00
logtail	logpolicy: expose MaxBufferSize and MaxUploadSize options (#14903 )	2025-02-04 12:51:27 -08:00
maths	maths: add exponentially weighted moving average type	2025-02-25 11:59:19 -08:00
metrics	metrics,syncs: add ShardedInt support to metrics.LabelMap	2024-12-23 13:10:18 -08:00
net	tailcfg: add DERPRegion.NoMeasureNoHome, deprecate+document Avoid [cap 115]	2025-03-07 23:15:38 -07:00
omit	cmd/tailscaled, ipn/conffile: support ec2 user-data config file	2024-05-30 09:49:18 -07:00
packages/deb
paths	all: illumos/solaris userspace only support	2025-01-09 14:46:23 -08:00
portlist
posture	control/controlclient,posture,util/syspolicy: use predefined syspolicy keys instead of string literals	2024-09-04 15:25:19 -05:00
prober	all: use new LocalAPI client package location	2025-02-05 14:41:42 -08:00
proxymap	ipnlocal,proxymap,wgengine/netstack: add optional WhoIs/proxymap debug	2024-09-10 14:23:33 -07:00
release	release/dist: clamp min / max version for synology package centre (#13857 )	2024-10-18 14:20:40 -06:00
safesocket	safesocket: add isMacSysExt Check (#15192 )	2025-03-03 18:28:26 -05:00
safeweb	go.mod: bump gorilla/csrf for security fix (#14822 )	2025-01-29 12:44:01 -08:00
scripts	scripts/installer.sh: explicitly chmod 0644 installed files (#15171 )	2025-03-02 18:22:15 +00:00
sessionrecording	sessionrecording: implement v2 recording endpoint support (#14105 )	2024-11-18 09:55:54 -08:00
smallzstd
ssh/tailssh	ssh/tailssh: fix typo in forwardedEnviron method, add docs	2025-03-10 20:28:36 -07:00
syncs	syncs: add ShardedInt expvar.Var type	2024-12-19 14:58:28 -08:00
tailcfg	tailcfg: add DERPRegion.NoMeasureNoHome, deprecate+document Avoid [cap 115]	2025-03-07 23:15:38 -07:00
taildrop	taildrop: fix defer in loop (#13757 )	2024-10-09 14:09:58 -07:00
tempfork	tempfork/acme: pull in latest changes for Go 1.24 (#15062 )	2025-02-19 10:42:06 -08:00
tka	tka: truncate long rotation signature chains	2024-09-04 22:17:21 +01:00
tool	tool/gocross: remove trimpath from test builds	2024-10-28 16:10:55 -07:00
tsconst	cmd/tailscale/cli: support passing network lock keys via files	2024-08-14 09:18:34 -07:00
tsd	various: keep tailscale connected when Always On mode is enabled on Windows	2025-02-14 16:40:54 -06:00
tsnet	tsnet: require I_Acknowledge_This_API_Is_Experimental to use AuthenticatedAPITransport()	2025-02-18 10:23:04 -06:00
tstest	wgengine/magicsock: use learned DERP route as send path of last resort	2025-03-07 05:37:24 -08:00
tstime	all: use math/rand/v2 more	2024-06-05 15:24:04 -07:00
tsweb	tsweb: add missing debug pprof endpoints	2025-01-22 06:34:59 -08:00
types	all: statically enforce json/v2 interface satisfaction (#15154 )	2025-02-27 12:33:31 -08:00
util	util/eventbus: add debugger methods to list pub/sub types	2025-03-07 14:28:04 -08:00
version	util/uniq,types/lazy,*: delete code that's now in Go std	2025-01-12 19:49:02 -08:00
wf	wf/firewall: allow link-local multicast for permitted local routes when the killswitch is on on Windows	2024-10-02 18:36:01 -05:00
wgengine	wgengine/magicsock: use learned DERP route as send path of last resort	2025-03-07 05:37:24 -08:00
words	words: Add scoville to scales.txt (#14084 )	2024-11-13 09:25:12 -08:00
.gitattributes
.gitignore	tstest/tailmac: add customized macOS virtualization tooling (#13146 )	2024-08-19 15:01:19 -04:00
.golangci.yml	.github: Bump golangci/golangci-lint-action from 6.3.1 to 6.5.0 (#15046 )	2025-03-09 13:31:02 -06:00
ALPINE.txt	Revert "Dockerfile: bump base alpine image (#14604 )" (#14620 )	2025-01-13 10:02:26 -08:00
api.md	{api.md,publicapi}: remove old API docs (#13468 )	2024-09-13 14:10:33 -06:00
assert_ts_toolchain_match.go	tailscaleroot: panic if tailscale_go build tag but Go toolchain mismatch	2024-10-06 15:22:04 -07:00
AUTHORS
build_dist.sh	feature/capture: move packet capture to feature/*, out of iOS + CLI	2025-01-24 17:52:43 -08:00
build_docker.sh	Makefile,./build_docker.sh: update kube operator image build target name (#14251 )	2024-11-29 15:32:18 +00:00
CODE_OF_CONDUCT.md
CODEOWNERS
Dockerfile	go.toolchain.branch: update to Go 1.24 (#15016 )	2025-02-19 10:55:49 -08:00
Dockerfile.base	Revert "Dockerfile: bump base alpine image (#14604 )" (#14620 )	2025-01-13 10:02:26 -08:00
flake.lock	nix: update nix and use go 1.23	2024-08-29 17:25:13 +02:00
flake.nix	gokrazy, various: use point versions of Go and update Nix deps	2024-09-16 16:06:43 -04:00
go.mod	util/eventbus: initial implementation of an in-process event bus	2025-02-28 13:45:43 -08:00
go.mod.sri	go.mod.sri: update SRI hash for go.mod changes	2024-09-05 10:06:02 -07:00
go.sum	util/eventbus: initial implementation of an in-process event bus	2025-02-28 13:45:43 -08:00
go.toolchain.branch	go.toolchain.branch: update to Go 1.24 (#15016 )	2025-02-19 10:55:49 -08:00
go.toolchain.rev	go.toolchain.rev: bump to go1.24.1 (#15209 )	2025-03-04 16:17:57 -08:00
gomod_test.go
header.txt
LICENSE
Makefile	go.mod: bump depaware, add --internal flag to stop hiding internal packages	2025-01-26 21:12:34 +00:00
PATENTS
pkgdoc_test.go	all: add test for package comments, fix, add comments as needed	2024-07-10 09:57:00 -07:00
pull-toolchain.sh
README.md	Update README to reference correct Commit Style URL	2025-01-04 15:11:10 -08:00
SECURITY.md
shell.nix	go.mod.sri: update SRI hash for go.mod changes	2024-09-05 10:06:02 -07:00
staticcheck.conf
update-flake.sh
version_tailscale_test.go	tailscaleroot: panic if tailscale_go build tag but Go toolchain mismatch	2024-10-06 15:22:04 -07:00
version_test.go
version-embed.go	Fix various linting, vet & static check issues	2025-01-04 15:11:10 -08:00
VERSION.txt	VERSION.txt: this is v1.81.0 (#14838 )	2025-01-30 13:04:29 -08:00

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains the majority of Tailscale's open source code. Notably, it includes the tailscaled daemon and the tailscale CLI tool. The tailscaled daemon runs on Linux, Windows, macOS, and to varying degrees on FreeBSD and OpenBSD. The Tailscale iOS and Android apps use this repo's code, but this repo doesn't contain the mobile GUI code.

Other Tailscale repos of note:

the Android app is at https://github.com/tailscale/tailscale-android
the Synology package is at https://github.com/tailscale/tailscale-synology
the QNAP package is at https://github.com/tailscale/tailscale-qpkg
the Chocolatey packaging is at https://github.com/tailscale/tailscale-chocolatey

For background on which parts of Tailscale are open source and why, see https://tailscale.com/opensource/.

Using

We serve packages for a variety of distros and platforms at https://pkgs.tailscale.com.

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers. The GUI wrappers on non-open source platforms are themselves not open source.

Building

We always require the latest Go release, currently Go 1.23. (While we build releases with our Go fork, its use is not required.)

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

See git log for our commit message style. It's basically the same as Go's style.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

Legal

WireGuard is a registered trademark of Jason A. Donenfeld.