feat(ci): Bump to upstream 1.90.3 #28
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…laky Updates tailscale#7707 Signed-off-by: Alex Chan <[email protected]>
…eamless Updates tailscale/corp#31478 Signed-off-by: James Sanderson <[email protected]>
This fixes a flaky test which has been occasionally timing out in CI. In particular, this test times out if `watchFile` receives multiple notifications from inotify before we cancel the test context. We block processing the second notification, because we've stopped listening to the `callbackDone` channel. This patch changes the test so we only send on the first notification. Testing this locally with `stress` confirms that the test is no longer flaky. Fixes tailscale#17172 Updates tailscale#14699 Signed-off-by: Alex Chan <[email protected]>
…cale#17146) Extend the Expect method of a Watcher to allow filter functions that report only an error value, and which "pass" when the reported error is nil. Updates tailscale#15160 Change-Id: I582d804554bd1066a9e499c1f3992d068c9e8148 Signed-off-by: M. J. Fromberger <[email protected]>
This makes things work slightly better over the eventbus. Also switches ipnlocal to use the event over the eventbus instead of the direct callback. Updates tailscale#15160 Signed-off-by: Claus Lensbøl <[email protected]>
Updates #words Signed-off-by: Elliot Blackburn <[email protected]>
For a common case of events being simple struct types with some exported fields, add a helper to check (reflectively) for equal values using cmp.Diff so that a failed comparison gives a useful diff in the test output. More complex uses will still want to provide their own comparisons; this (intentionally) does not export diff options or other hooks from the cmp package. Updates tailscale#15160 Change-Id: I86bee1771cad7debd9e3491aa6713afe6fd577a6 Signed-off-by: M. J. Fromberger <[email protected]>
Fixes: tailscale#17170 Signed-off-by: Remy Guercio <[email protected]>
Updates tailscale#15328 Change-Id: Ib33baf8756b648176dce461b25169e079cbd5533 Signed-off-by: Tom Proctor <[email protected]>
Updates tailscale/corp#32168 Updates tailscale/corp#32226 Change-Id: Iddc017b060c76e6eab8f6d0c989a775bcaae3518 Signed-off-by: Brad Fitzpatrick <[email protected]>
It doesn't really pull its weight: it adds 577 KB to the binary and is rarely useful. Also, we now have static IPs and other connectivity paths coming soon enough. Updates tailscale#5853 Updates tailscale#1278 Updates tailscale/corp#32168 Change-Id: If336fed00a9c9ae9745419e6d81f7de6da6f7275 Signed-off-by: Brad Fitzpatrick <[email protected]>
Fixes tailscale#12255 Add a new subcommand to `switch` for removing a profile from the local client. This does not delete the profile from the Tailscale account, but removes it from the local machine. This functionality is available on the GUI's, but not yet on the CLI. Signed-off-by: Esteban-Bermudez <[email protected]>
This makes the `switch` command use the helper `matchProfile` function that was introduced in the `remove` sub command. Signed-off-by: Esteban-Bermudez <[email protected]>
Previously, seamless key renewal was an opt-in feature. Customers had to set a `seamless-key-renewal` node attribute in their policy file. This patch enables seamless key renewal by default for all clients. It includes a `disable-seamless-key-renewal` node attribute we can set in Control, so we can manage the rollout and disable the feature for clients with known bugs. This new attribute makes the feature opt-out. Updates tailscale/corp#31479 Signed-off-by: Alex Chan <[email protected]>
Fixes tailscale#17179 Signed-off-by: Erisa A <[email protected]>
Saves 81KB (20320440 to 20238520 bytes for linux/amd64) Updates tailscale#1278 Change-Id: Id607480c76220c74c8854ef1a2459aee650ad7b6 Signed-off-by: Brad Fitzpatrick <[email protected]>
Updates tailscale/corp#28569 Signed-off-by: Andrew Lytvynov <[email protected]>
When developing (and debugging) tests, it is useful to be able to see all the traffic that transits the event bus during the execution of a test. Updates tailscale#15160 Change-Id: I929aee62ccf13bdd4bd07d786924ce9a74acd17a Signed-off-by: M. J. Fromberger <[email protected]>
This produces the following omitsizes output:
Starting with everything and removing a feature...
tailscaled tailscale combined (linux/amd64)
27005112 18153656 39727288
- 7696384 - 7282688 -19607552 .. remove *
- 167936 - 110592 - 245760 .. remove acme
- 1925120 - 0 - 7340032 .. remove aws
- 4096 - 0 - 8192 .. remove bird
- 20480 - 12288 - 32768 .. remove capture
- 0 - 57344 - 61440 .. remove completion
- 249856 - 696320 - 692224 .. remove debugeventbus
- 12288 - 4096 - 24576 .. remove debugportmapper
- 0 - 0 - 0 .. remove desktop_sessions
- 815104 - 8192 - 544768 .. remove drive
- 65536 - 356352 - 425984 .. remove kube
- 233472 - 286720 - 311296 .. remove portmapper (and debugportmapper)
- 90112 - 0 - 110592 .. remove relayserver
- 655360 - 712704 - 598016 .. remove serve (and webclient)
- 937984 - 0 - 950272 .. remove ssh
- 708608 - 401408 - 344064 .. remove syspolicy
- 0 - 4071424 -11132928 .. remove systray
- 159744 - 61440 - 225280 .. remove taildrop
- 618496 - 454656 - 757760 .. remove tailnetlock
- 122880 - 0 - 131072 .. remove tap
- 442368 - 0 - 483328 .. remove tpm
- 16384 - 0 - 20480 .. remove wakeonlan
- 278528 - 368640 - 286720 .. remove webclient
Starting at a minimal binary and adding one feature back...
tailscaled tailscale combined (linux/amd64)
19308728 10870968 20119736 omitting everything
+ 352256 + 454656 + 643072 .. add acme
+ 2035712 + 0 + 2035712 .. add aws
+ 8192 + 0 + 8192 .. add bird
+ 20480 + 12288 + 36864 .. add capture
+ 0 + 57344 + 61440 .. add completion
+ 262144 + 274432 + 266240 .. add debugeventbus
+ 344064 + 118784 + 360448 .. add debugportmapper (and portmapper)
+ 0 + 0 + 0 .. add desktop_sessions
+ 978944 + 8192 + 991232 .. add drive
+ 61440 + 364544 + 425984 .. add kube
+ 331776 + 110592 + 335872 .. add portmapper
+ 122880 + 0 + 102400 .. add relayserver
+ 598016 + 155648 + 737280 .. add serve
+ 1142784 + 0 + 1142784 .. add ssh
+ 708608 + 860160 + 720896 .. add syspolicy
+ 0 + 4079616 + 6221824 .. add systray
+ 180224 + 65536 + 237568 .. add taildrop
+ 647168 + 393216 + 720896 .. add tailnetlock
+ 122880 + 0 + 126976 .. add tap
+ 446464 + 0 + 454656 .. add tpm
+ 20480 + 0 + 24576 .. add wakeonlan
+ 1011712 + 1011712 + 1138688 .. add webclient (and serve)
Fixes tailscale#17139
Change-Id: Ia91be2da00de8481a893243d577d20e988a0920a
Signed-off-by: Brad Fitzpatrick <[email protected]>
When tests run in parallel, events from multiple tests on the same bus can intercede with each other. This is working as intended, but for the test cases we want to control exactly what goes through the bus. To fix that, allocate a fresh bus for each subtest. Fixes tailscale#17197 Change-Id: I53f285ebed8da82e72a2ed136a61884667ef9a5e Signed-off-by: M. J. Fromberger <[email protected]>
Instead of a single hard-coded C2N handler, add support for calling arbitrary C2N endpoints via a node roundtripper. Updates tailscale/corp#32095 Signed-off-by: Anton Tolchanov <[email protected]>
For debugging purposes, add a new C2N endpoint returning the current netmap. Optionally, coordination server can send a new "candidate" map response, which the client will generate a separate netmap for. Coordination server can later compare two netmaps, detecting unexpected changes to the client state. Updates tailscale/corp#32095 Signed-off-by: Anton Tolchanov <[email protected]>
Expand TestRedactNetmapPrivateKeys to cover all sub-structs of NetworkMap and confirm that a) all fields are annotated as private or public, and b) all private fields are getting redacted. Updates tailscale/corp#32095 Signed-off-by: Anton Tolchanov <[email protected]>
…tailscale#17191) * tsnet,internal/client/tailscale: resolve OAuth into authkeys in tsnet Updates tailscale#8403. * internal/client/tailscale: omit OAuth library via build tag Updates tailscale#12614. Signed-off-by: Naman Sood <[email protected]>
Updates tailscale/corp#32227 Change-Id: I38afc668f99eb1d6f7632e82554b82922f3ebb9f Signed-off-by: Brad Fitzpatrick <[email protected]>
Updates tailscale#12614 Change-Id: Icba6f1c0838dce6ee13aa2dc662fb551813262e4 Signed-off-by: Brad Fitzpatrick <[email protected]>
And another case of the same typo in a comment elsewhere. Updates #cleanup Change-Id: Iaa9d865a1cf83318d4a30263c691451b5d708c9c Signed-off-by: Brad Fitzpatrick <[email protected]>
…7199) Pulls out the last callback logic and ensures timers are still running. The eventbustest package is updated support the absence of events. Updates tailscale#15160 Signed-off-by: Claus Lensbøl <[email protected]>
…ilscale#17127) A common pattern in event bus usage is to run a goroutine to service a collection of subscribers on a single bus client. To have an orderly shutdown, however, we need a way to wait for such a goroutine to be finished. This commit adds a Monitor type that makes this pattern easier to wire up: rather than having to track all the subscribers and an extra channel, the component need only track the client and the monitor. For example: cli := bus.Client("example") m := cli.Monitor(func(c *eventbus.Client) { s1 := eventbus.Subscribe[T](cli) s2 := eventbus.Subscribe[U](cli) for { select { case <-c.Done(): return case t := <-s1.Events(): processT(t) case u := <-s2.Events(): processU(u) } } }) To shut down the client and wait for the goroutine, the caller can write: m.Close() which closes cli and waits for the goroutine to finish. Or, separately: cli.Close() // do other stuff m.Wait() While the goroutine management is not explicitly tied to subscriptions, it is a common enough pattern that this seems like a useful simplification in use. Updates tailscale#15160 Change-Id: I657afda1cfaf03465a9dce1336e9fd518a968bca Signed-off-by: M. J. Fromberger <[email protected]>
…nce (tailscale#17203) This commit does not change the order or meaning of any eventbus activity, it only updates the way the plumbing is set up. Updates tailscale#15160 Change-Id: I40c23b183c2a6a6ea3feec7767c8e5417019fc07 Signed-off-by: M. J. Fromberger <[email protected]>
Fixes tailscale/corp#31186 Signed-off-by: Jordan Whited <[email protected]>
Remove CBOR representation since it was never used. We should support CBOR in the future, but for remove it for now so that it is less work to add more fields. Also, rely on just omitzero for JSON now that it is supported in Go 1.24. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <[email protected]>
The connstats package was an unnecessary layer of indirection. It was seperated out of wgengine/netlog so that net/tstun and wgengine/magicsock wouldn't need a depenedency on the concrete implementation of network flow logging. Instead, we simply register a callback for counting connections. This PR does the bare minimum work to prepare tstun and magicsock to only care about that callback. A future PR will delete connstats and merge it into netlog. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <[email protected]>
Merge the connstats package into the netlog package and unexport all of its declarations. Remove the buildfeatures.HasConnStats and use HasNetLog instead. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <[email protected]>
… variable (tailscale#17550) This commit modifies the k8s-operator's api proxy implementation to only enable forwarding of api requests to tsrecorder when an environment variable is set. This new environment variable is named `TS_EXPERIMENTAL_KUBE_API_EVENTS`. Updates tailscale/corp#32448 Signed-off-by: David Bond <[email protected]>
Updates tailscale/corp#13108 Signed-off-by: Alex Chan <[email protected]>
This method was added in cca25f6 in the initial in-memory implementation of Chonk, but it's not part of the Chonk interface and isn't implemented or used anywhere else. Let's get rid of it. Updates tailscale/corp#33465 Signed-off-by: Alex Chan <[email protected]>
We soft-delete AUMs when they're purged, but when we call `ChildAUMs()`, we look up soft-deleted AUMs to find the `Children` field. This patch changes the behaviour of `ChildAUMs()` so it only looks at not-deleted AUMs. This means we don't need to record child information on AUMs any more, which is a minor space saving for any newly-recorded AUMs. Updates tailscale#17566 Updates tailscale/corp#27166 Signed-off-by: Alex Chan <[email protected]>
…meLocked * Remove a couple of single-letter `l` variables * Use named struct parameters in the test cases for readability * Delete `wantAfterInactivityForFn` parameter when it returns the default zero Updates #cleanup Signed-off-by: Alex Chan <[email protected]>
Updates #cleanup Signed-off-by: Andrew Lytvynov <[email protected]>
This commit modifies the `DNSConfig` custom resource to allow specifying [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) on the nameserver pods. This will allow users to dictate where their nameserver pods are located within their clusters. Fixes: tailscale#17092 Signed-off-by: David Bond <[email protected]>
Updates tailscale/go#140 Updates tailscale/go#142 Updates tailscale/go#138 Change-Id: Id25b6fa4e31eee243fec17667f14cdc48243c59e Signed-off-by: Brad Fitzpatrick <[email protected]>
…cale#17529) Add new arguments to `tailscale up` so authkeys can be generated dynamically via identity federation. Updates tailscale#9192 Signed-off-by: mcoulombe <[email protected]>
Previously, running `tailscale lock log` in a tailnet without Tailnet
Lock enabled would return a potentially confusing error:
$ tailscale lock log
2025/10/20 11:07:09 failed to connect to local Tailscale service; is Tailscale running?
It would return this error even if Tailscale was running.
This patch fixes the error to be:
$ tailscale lock log
Tailnet Lock is not enabled
Fixes tailscale#17586
Signed-off-by: Alex Chan <[email protected]>
This patch creates a set of tests that should be true for all implementations of Chonk and CompactableChonk, which we can share with the SQLite implementation in corp. It includes all the existing tests, plus a test for LastActiveAncestor which was in corp but not in oss. Updates tailscale/corp#33465 Signed-off-by: Alex Chan <[email protected]>
Signed-off-by: License Updater <[email protected]>
Signed-off-by: Nick Khyl <[email protected]>
Signed-off-by: Nick Khyl <[email protected]>
Check that the TPM we have opened is advertised as a 2.0 family device before using it for state sealing / hardware attestation. Updates tailscale#17622 Signed-off-by: Patrick O'Doherty <[email protected]> (cherry picked from commit 36ad24b)
On some platforms e.g. ChromeOS the owner hierarchy might not always be available to us. To avoid stale sealing exceptions later we probe to confirm it's working rather than rely solely on family indicator status. Updates tailscale#17622 Signed-off-by: Patrick O'Doherty <[email protected]> (cherry picked from commit 672b1f0)
This fixes a regression from dd615c8 that moved the newIPTablesRunner constructor from a any-Linux-GOARCH file to one that was only amd64 and arm64, thus breaking iptables on other platforms (notably 32-bit "arm", as seen on older Pis running Buster with iptables) Tested by hand on a Raspberry Pi 2 w/ Buster + iptables for now, for lack of automated 32-bit arm tests at the moment. But filed tailscale#17629. Fixes tailscale#17623 Updates tailscale#17629 Change-Id: Iac1a3d78f35d8428821b46f0fed3f3717891c1bd Signed-off-by: Brad Fitzpatrick <[email protected]> (cherry picked from commit 8576a80)
…lscale#17637) This compares the warnings we actually care about and skips the unstable warnings and the changes with no warnings. Fixes tailscale#17635 Signed-off-by: Claus Lensbøl <[email protected]> (cherry picked from commit 7418583)
Signed-off-by: Nick Khyl <[email protected]>
…e#17640) Updates tailscale#17638 Signed-off-by: Claus Lensbøl <[email protected]> (cherry picked from commit fd0e541)
…#17639) When the eventbus is enabled, set up the subscription for change deltas at the beginning when the client is created, rather than waiting for the first awaitInternetUp check. Otherwise, it is possible for a check to race with the client close in Shutdown, which triggers a panic. Updates tailscale#17638 Change-Id: I461c07939eca46699072b14b1814ecf28eec750c Signed-off-by: M. J. Fromberger <[email protected]> (cherry picked from commit 4346615)
Signed-off-by: Nick Khyl <[email protected]>
anthr76
approved these changes
Oct 27, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The changelog has not been published yet for 1.90.3, but https://tailscale.com/changelog#2025-10-24
This takes this repo from 1.88.1 > 1.90.3