From 5b3381a2487d0b679568def97e2ff12f3df3d0e6 Mon Sep 17 00:00:00 2001 From: Thomas Kosiewski Date: Tue, 21 Jan 2025 09:45:16 +0100 Subject: [PATCH] chore: remove custom go toolchain Change-Id: Ic5e4198e3cb42225deea908169b91b157c398815 Signed-off-by: Thomas Kosiewski --- .github/workflows/test.yml | 632 ++++++++++++++++--------------- cmd/derper/depaware.txt | 11 +- cmd/tailscale/depaware.txt | 13 +- cmd/tailscaled/depaware.txt | 26 +- flake.lock | 36 +- flake.nix | 4 +- go.mod.sri | 2 +- scripts/check_license_headers.sh | 80 ++-- shell.nix | 2 +- tool/gocross/autoflags.go | 2 +- tool/gocross/autoflags_test.go | 26 +- tool/gocross/gocross-wrapper.sh | 107 ++---- tool/gocross/gocross.go | 43 +-- tool/gocross/goroot.go | 90 ----- tool/gocross/toolchain.go | 189 --------- 15 files changed, 480 insertions(+), 783 deletions(-) delete mode 100644 tool/gocross/goroot.go delete mode 100644 tool/gocross/toolchain.go diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8e6f77a0f3ff14..0ea17f3548e6ad 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -50,116 +50,126 @@ jobs: - goarch: "386" # thanks yaml runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: Restore Cache - uses: actions/cache@v3 - with: - # Note: unlike the other setups, this is only grabbing the mod download - # cache, rather than the whole mod directory, as the download cache - # contains zips that can be unpacked in parallel faster than they can be - # fetched and extracted by tar - path: | - ~/.cache/go-build - ~/go/pkg/mod/cache - ~\AppData\Local\go-build - # The -2- here should be incremented when the scheme of data to be - # cached changes (e.g. path above changes). - key: ${{ github.job }}-${{ runner.os }}-${{ matrix.goarch }}-${{ matrix.buildflags }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} - restore-keys: | - ${{ github.job }}-${{ runner.os }}-${{ matrix.goarch }}-${{ matrix.buildflags }}-go-2-${{ hashFiles('**/go.sum') }} - ${{ github.job }}-${{ runner.os }}-${{ matrix.goarch }}-${{ matrix.buildflags }}-go-2- - - name: build all - run: ./tool/go build ${{matrix.buildflags}} ./... - env: - GOARCH: ${{ matrix.goarch }} - - name: build variant CLIs - run: | - export TS_USE_TOOLCHAIN=1 - ./build_dist.sh --extra-small ./cmd/tailscaled - ./build_dist.sh --box ./cmd/tailscaled - ./build_dist.sh --extra-small --box ./cmd/tailscaled - rm -f tailscaled - env: - GOARCH: ${{ matrix.goarch }} - - name: get qemu # for tstest/archtest - if: matrix.goarch == 'amd64' && matrix.variant == '' - run: | - sudo apt-get -y update - sudo apt-get -y install qemu-user - - name: build test wrapper - run: ./tool/go build -o /tmp/testwrapper ./cmd/testwrapper - - name: test all - run: PATH=$PWD/tool:$PATH /tmp/testwrapper ./... ${{matrix.buildflags}} - env: - GOARCH: ${{ matrix.goarch }} - - name: bench all - run: PATH=$PWD/tool:$PATH /tmp/testwrapper ./... ${{matrix.buildflags}} -bench=. -benchtime=1x -run=^$ - env: - GOARCH: ${{ matrix.goarch }} - - name: check that no tracked files changed - run: git diff --no-ext-diff --name-only --exit-code || (echo "Build/test modified the files above."; exit 1) - - name: check that no new files were added - run: | - # Note: The "error: pathspec..." you see below is normal! - # In the success case in which there are no new untracked files, - # git ls-files complains about the pathspec not matching anything. - # That's OK. It's not worth the effort to suppress. Please ignore it. - if git ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- ':/*' - then - echo "Build/test created untracked files in the repo (file names above)." - exit 1 - fi + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + - name: Restore Cache + uses: actions/cache@v3 + with: + # Note: unlike the other setups, this is only grabbing the mod download + # cache, rather than the whole mod directory, as the download cache + # contains zips that can be unpacked in parallel faster than they can be + # fetched and extracted by tar + path: | + ~/.cache/go-build + ~/go/pkg/mod/cache + ~\AppData\Local\go-build + # The -2- here should be incremented when the scheme of data to be + # cached changes (e.g. path above changes). + key: ${{ github.job }}-${{ runner.os }}-${{ matrix.goarch }}-${{ matrix.buildflags }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} + restore-keys: | + ${{ github.job }}-${{ runner.os }}-${{ matrix.goarch }}-${{ matrix.buildflags }}-go-2-${{ hashFiles('**/go.sum') }} + ${{ github.job }}-${{ runner.os }}-${{ matrix.goarch }}-${{ matrix.buildflags }}-go-2- + - name: build all + run: ./tool/go build ${{matrix.buildflags}} ./... + env: + GOARCH: ${{ matrix.goarch }} + - name: build variant CLIs + run: | + export TS_USE_TOOLCHAIN=1 + ./build_dist.sh --extra-small ./cmd/tailscaled + ./build_dist.sh --box ./cmd/tailscaled + ./build_dist.sh --extra-small --box ./cmd/tailscaled + rm -f tailscaled + env: + GOARCH: ${{ matrix.goarch }} + - name: get qemu # for tstest/archtest + if: matrix.goarch == 'amd64' && matrix.variant == '' + run: | + sudo apt-get -y update + sudo apt-get -y install qemu-user + - name: build test wrapper + run: ./tool/go build -o /tmp/testwrapper ./cmd/testwrapper + - name: test all + run: PATH=$PWD/tool:$PATH /tmp/testwrapper ./... ${{matrix.buildflags}} + env: + GOARCH: ${{ matrix.goarch }} + - name: bench all + run: PATH=$PWD/tool:$PATH /tmp/testwrapper ./... ${{matrix.buildflags}} -bench=. -benchtime=1x -run=^$ + env: + GOARCH: ${{ matrix.goarch }} + - name: check that no tracked files changed + run: git diff --no-ext-diff --name-only --exit-code || (echo "Build/test modified the files above."; exit 1) + - name: check that no new files were added + run: | + # Note: The "error: pathspec..." you see below is normal! + # In the success case in which there are no new untracked files, + # git ls-files complains about the pathspec not matching anything. + # That's OK. It's not worth the effort to suppress. Please ignore it. + if git ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- ':/*' + then + echo "Build/test created untracked files in the repo (file names above)." + exit 1 + fi windows: runs-on: windows-2022 steps: - - name: checkout - uses: actions/checkout@v3 + - name: checkout + uses: actions/checkout@v3 - - name: Install Go - uses: actions/setup-go@v4 - with: - go-version-file: go.mod - cache: false + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false - - name: Restore Cache - uses: actions/cache@v3 - with: - # Note: unlike the other setups, this is only grabbing the mod download - # cache, rather than the whole mod directory, as the download cache - # contains zips that can be unpacked in parallel faster than they can be - # fetched and extracted by tar - path: | - ~/.cache/go-build - ~/go/pkg/mod/cache - ~\AppData\Local\go-build - # The -2- here should be incremented when the scheme of data to be - # cached changes (e.g. path above changes). - key: ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} - restore-keys: | - ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }} - ${{ github.job }}-${{ runner.os }}-go-2- - - name: test - # Don't use -bench=. -benchtime=1x. - # Somewhere in the layers (powershell?) - # the equals signs cause great confusion. - run: go test -bench . -benchtime 1x ./... + - name: Restore Cache + uses: actions/cache@v3 + with: + # Note: unlike the other setups, this is only grabbing the mod download + # cache, rather than the whole mod directory, as the download cache + # contains zips that can be unpacked in parallel faster than they can be + # fetched and extracted by tar + path: | + ~/.cache/go-build + ~/go/pkg/mod/cache + ~\AppData\Local\go-build + # The -2- here should be incremented when the scheme of data to be + # cached changes (e.g. path above changes). + key: ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} + restore-keys: | + ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }} + ${{ github.job }}-${{ runner.os }}-go-2- + - name: test + # Don't use -bench=. -benchtime=1x. + # Somewhere in the layers (powershell?) + # the equals signs cause great confusion. + run: go test -bench . -benchtime 1x ./... vm: runs-on: ["self-hosted", "linux", "vm"] # VM tests run with some privileges, don't let them run on 3p PRs. if: github.repository == 'tailscale/tailscale' steps: - - name: checkout - uses: actions/checkout@v3 - - name: Run VM tests - run: ./tool/go test ./tstest/integration/vms -v -no-s3 -run-vm-tests -run=TestRunUbuntu2004 - env: - HOME: "/tmp" - TMPDIR: "/tmp" - XDB_CACHE_HOME: "/var/lib/ghrunner/cache" - + - name: checkout + uses: actions/checkout@v3 + + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + + - name: Run VM tests + run: ./tool/go test ./tstest/integration/vms -v -no-s3 -run-vm-tests -run=TestRunUbuntu2004 + env: + HOME: "/tmp" + TMPDIR: "/tmp" + XDB_CACHE_HOME: "/var/lib/ghrunner/cache" + cross: # cross-compile checks, build only. strategy: fail-fast: false # don't abort the entire matrix if one element fails @@ -197,50 +207,56 @@ jobs: runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: Restore Cache - uses: actions/cache@v3 - with: - # Note: unlike the other setups, this is only grabbing the mod download - # cache, rather than the whole mod directory, as the download cache - # contains zips that can be unpacked in parallel faster than they can be - # fetched and extracted by tar - path: | - ~/.cache/go-build - ~/go/pkg/mod/cache - ~\AppData\Local\go-build - # The -2- here should be incremented when the scheme of data to be - # cached changes (e.g. path above changes). - key: ${{ github.job }}-${{ runner.os }}-${{ matrix.goos }}-${{ matrix.goarch }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} - restore-keys: | - ${{ github.job }}-${{ runner.os }}-${{ matrix.goos }}-${{ matrix.goarch }}-go-2-${{ hashFiles('**/go.sum') }} - ${{ github.job }}-${{ runner.os }}-${{ matrix.goos }}-${{ matrix.goarch }}-go-2- - - name: build all - run: ./tool/go build ./cmd/... - env: - GOOS: ${{ matrix.goos }} - GOARCH: ${{ matrix.goarch }} - GOARM: ${{ matrix.goarm }} - CGO_ENABLED: "0" - - name: build tests - run: ./tool/go test -exec=true ./... - env: - GOOS: ${{ matrix.goos }} - GOARCH: ${{ matrix.goarch }} - CGO_ENABLED: "0" + - name: checkout + uses: actions/checkout@v3 + + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + + - name: Restore Cache + uses: actions/cache@v3 + with: + # Note: unlike the other setups, this is only grabbing the mod download + # cache, rather than the whole mod directory, as the download cache + # contains zips that can be unpacked in parallel faster than they can be + # fetched and extracted by tar + path: | + ~/.cache/go-build + ~/go/pkg/mod/cache + ~\AppData\Local\go-build + # The -2- here should be incremented when the scheme of data to be + # cached changes (e.g. path above changes). + key: ${{ github.job }}-${{ runner.os }}-${{ matrix.goos }}-${{ matrix.goarch }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} + restore-keys: | + ${{ github.job }}-${{ runner.os }}-${{ matrix.goos }}-${{ matrix.goarch }}-go-2-${{ hashFiles('**/go.sum') }} + ${{ github.job }}-${{ runner.os }}-${{ matrix.goos }}-${{ matrix.goarch }}-go-2- + - name: build all + run: ./tool/go build ./cmd/... + env: + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.goarch }} + GOARM: ${{ matrix.goarm }} + CGO_ENABLED: "0" + - name: build tests + run: ./tool/go test -exec=true ./... + env: + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.goarch }} + CGO_ENABLED: "0" ios: # similar to cross above, but iOS can't build most of the repo. So, just - #make it build a few smoke packages. + #make it build a few smoke packages. runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: build some - run: ./tool/go build ./ipn/... ./wgengine/ ./types/... ./control/controlclient - env: - GOOS: ios - GOARCH: arm64 + - name: checkout + uses: actions/checkout@v3 + - name: build some + run: ./tool/go build ./ipn/... ./wgengine/ ./types/... ./control/controlclient + env: + GOOS: ios + GOARCH: arm64 android: # similar to cross above, but android fails to build a few pieces of the @@ -248,60 +264,59 @@ jobs: # only test the subset of android that our past smoke test checked. runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - # Super minimal Android build that doesn't even use CGO and doesn't build everything that's needed - # and is only arm64. But it's a smoke build: it's not meant to catch everything. But it'll catch - # some Android breakages early. - # TODO(bradfitz): better; see https://github.com/tailscale/tailscale/issues/4482 - - name: build some - run: ./tool/go install ./net/netns ./ipn/ipnlocal ./wgengine/magicsock/ ./wgengine/ ./wgengine/router/ ./wgengine/netstack ./util/dnsname/ ./ipn/ ./net/interfaces ./wgengine/router/ ./tailcfg/ ./types/logger/ ./net/dns ./hostinfo ./version - env: - GOOS: android - GOARCH: arm64 + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + # Super minimal Android build that doesn't even use CGO and doesn't build everything that's needed + # and is only arm64. But it's a smoke build: it's not meant to catch everything. But it'll catch + # some Android breakages early. + # TODO(bradfitz): better; see https://github.com/tailscale/tailscale/issues/4482 + - name: build some + run: ./tool/go install ./net/netns ./ipn/ipnlocal ./wgengine/magicsock/ ./wgengine/ ./wgengine/router/ ./wgengine/netstack ./util/dnsname/ ./ipn/ ./net/interfaces ./wgengine/router/ ./tailcfg/ ./types/logger/ ./net/dns ./hostinfo ./version + env: + GOOS: android + GOARCH: arm64 wasm: # builds tsconnect, which is the only wasm build we support runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: Restore Cache - uses: actions/cache@v3 - with: - # Note: unlike the other setups, this is only grabbing the mod download - # cache, rather than the whole mod directory, as the download cache - # contains zips that can be unpacked in parallel faster than they can be - # fetched and extracted by tar - path: | - ~/.cache/go-build - ~/go/pkg/mod/cache - ~\AppData\Local\go-build - # The -2- here should be incremented when the scheme of data to be - # cached changes (e.g. path above changes). - key: ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} - restore-keys: | - ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }} - ${{ github.job }}-${{ runner.os }}-go-2- - - name: build tsconnect client - run: ./tool/go build ./cmd/tsconnect/wasm ./cmd/tailscale/cli - env: - GOOS: js - GOARCH: wasm - - name: build tsconnect server - # Note, no GOOS/GOARCH in env on this build step, we're running a build - # tool that handles the build itself. - run: | - ./tool/go run ./cmd/tsconnect --fast-compression build - ./tool/go run ./cmd/tsconnect --fast-compression build-pkg - - tailscale_go: # Subset of tests that depend on our custom Go toolchain. - runs-on: ubuntu-22.04 - steps: - - name: checkout - uses: actions/checkout@v3 - - name: test tailscale_go - run: ./tool/go test -tags=tailscale_go,ts_enable_sockstats ./net/sockstats/... - + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + - name: Restore Cache + uses: actions/cache@v3 + with: + # Note: unlike the other setups, this is only grabbing the mod download + # cache, rather than the whole mod directory, as the download cache + # contains zips that can be unpacked in parallel faster than they can be + # fetched and extracted by tar + path: | + ~/.cache/go-build + ~/go/pkg/mod/cache + ~\AppData\Local\go-build + # The -2- here should be incremented when the scheme of data to be + # cached changes (e.g. path above changes). + key: ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} + restore-keys: | + ${{ github.job }}-${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }} + ${{ github.job }}-${{ runner.os }}-go-2- + - name: build tsconnect client + run: ./tool/go build ./cmd/tsconnect/wasm ./cmd/tailscale/cli + env: + GOOS: js + GOARCH: wasm + - name: build tsconnect server + # Note, no GOOS/GOARCH in env on this build step, we're running a build + # tool that handles the build itself. + run: | + ./tool/go run ./cmd/tsconnect --fast-compression build + ./tool/go run ./cmd/tsconnect --fast-compression build-pkg fuzz: # This target periodically breaks (see TS_FUZZ_CURRENTLY_BROKEN at the top @@ -317,93 +332,105 @@ jobs: if: github.event_name == 'pull_request' runs-on: ubuntu-22.04 steps: - - name: build fuzzers - id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master - # continue-on-error makes steps.build.conclusion be 'success' even if - # steps.build.outcome is 'failure'. This means this step does not - # contribute to the job's overall pass/fail evaluation. - continue-on-error: true - with: - oss-fuzz-project-name: 'tailscale' - dry-run: false - language: go - - name: report unexpectedly broken fuzz build - if: steps.build.outcome == 'failure' && env.TS_FUZZ_CURRENTLY_BROKEN != 'true' - run: | - echo "fuzzer build failed, see above for why" - echo "if the failure is due to OSS-Fuzz not being on the latest Go yet," - echo "set TS_FUZZ_CURRENTLY_BROKEN=true in .github/workflows/test.yml" - echo "to temporarily disable fuzzing until OSS-Fuzz works again." - exit 1 - - name: report unexpectedly working fuzz build - if: steps.build.outcome == 'success' && env.TS_FUZZ_CURRENTLY_BROKEN == 'true' - run: | - echo "fuzzer build succeeded, but we expect it to be broken" - echo "please set TS_FUZZ_CURRENTLY_BROKEN=false in .github/workflows/test.yml" - echo "to reenable fuzz testing" - exit 1 - - name: run fuzzers - id: run - # Run the fuzzers whenever they're able to build, even if we're going to - # report a failure because TS_FUZZ_CURRENTLY_BROKEN is set to the wrong - # value. - if: steps.build.outcome == 'success' - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master - with: - oss-fuzz-project-name: 'tailscale' - fuzz-seconds: 300 - dry-run: false - language: go - - name: upload crash - uses: actions/upload-artifact@v3 - if: steps.run.outcome != 'success' && steps.build.outcome == 'success' - with: - name: artifacts - path: ./out/artifacts + - name: build fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + # continue-on-error makes steps.build.conclusion be 'success' even if + # steps.build.outcome is 'failure'. This means this step does not + # contribute to the job's overall pass/fail evaluation. + continue-on-error: true + with: + oss-fuzz-project-name: "tailscale" + dry-run: false + language: go + - name: report unexpectedly broken fuzz build + if: steps.build.outcome == 'failure' && env.TS_FUZZ_CURRENTLY_BROKEN != 'true' + run: | + echo "fuzzer build failed, see above for why" + echo "if the failure is due to OSS-Fuzz not being on the latest Go yet," + echo "set TS_FUZZ_CURRENTLY_BROKEN=true in .github/workflows/test.yml" + echo "to temporarily disable fuzzing until OSS-Fuzz works again." + exit 1 + - name: report unexpectedly working fuzz build + if: steps.build.outcome == 'success' && env.TS_FUZZ_CURRENTLY_BROKEN == 'true' + run: | + echo "fuzzer build succeeded, but we expect it to be broken" + echo "please set TS_FUZZ_CURRENTLY_BROKEN=false in .github/workflows/test.yml" + echo "to reenable fuzz testing" + exit 1 + - name: run fuzzers + id: run + # Run the fuzzers whenever they're able to build, even if we're going to + # report a failure because TS_FUZZ_CURRENTLY_BROKEN is set to the wrong + # value. + if: steps.build.outcome == 'success' + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: "tailscale" + fuzz-seconds: 300 + dry-run: false + language: go + - name: upload crash + uses: actions/upload-artifact@v3 + if: steps.run.outcome != 'success' && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts depaware: runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: check depaware - run: | - export PATH=$(./tool/go env GOROOT)/bin:$PATH - find . -name 'depaware.txt' | xargs -n1 dirname | xargs ./tool/go run github.com/tailscale/depaware --check + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + - name: check depaware + run: | + export PATH=$(./tool/go env GOROOT)/bin:$PATH + find . -name 'depaware.txt' | xargs -n1 dirname | xargs ./tool/go run github.com/tailscale/depaware --check go_generate: runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: check that 'go generate' is clean - run: | - pkgs=$(./tool/go list ./... | grep -v dnsfallback) - ./tool/go generate $pkgs - echo - echo - git diff --name-only --exit-code || (echo "The files above need updating. Please run 'go generate'."; exit 1) + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + - name: check that 'go generate' is clean + run: | + pkgs=$(./tool/go list ./... | grep -v dnsfallback) + ./tool/go generate $pkgs + echo + echo + git diff --name-only --exit-code || (echo "The files above need updating. Please run 'go generate'."; exit 1) go_mod_tidy: runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: check that 'go mod tidy' is clean - run: | - ./tool/go mod tidy - echo - echo - git diff --name-only --exit-code || (echo "Please run 'go mod tidy'."; exit 1) + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + - name: check that 'go mod tidy' is clean + run: | + ./tool/go mod tidy + echo + echo + git diff --name-only --exit-code || (echo "Please run 'go mod tidy'."; exit 1) licenses: runs-on: ubuntu-22.04 steps: - - name: checkout - uses: actions/checkout@v3 - - name: check licenses - run: ./scripts/check_license_headers.sh . + - name: checkout + uses: actions/checkout@v3 + - name: check licenses + run: ./scripts/check_license_headers.sh . staticcheck: runs-on: ubuntu-22.04 @@ -416,23 +443,24 @@ jobs: - goos: "windows" goarch: "386" steps: - - name: checkout - uses: actions/checkout@v3 - - name: install staticcheck - run: GOBIN=~/.local/bin ./tool/go install honnef.co/go/tools/cmd/staticcheck - - name: run staticcheck - run: | - export GOROOT=$(./tool/go env GOROOT) - export PATH=$GOROOT/bin:$PATH - staticcheck -- $(./tool/go list ./... | grep -v tempfork) - env: - GOOS: ${{ matrix.goos }} - GOARCH: ${{ matrix.goarch }} + - name: checkout + uses: actions/checkout@v3 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + - name: install staticcheck + run: go install honnef.co/go/tools/cmd/staticcheck + - name: run staticcheck + run: staticcheck -- $(go list ./... | grep -v tempfork) + env: + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.goarch }} notify_slack: if: always() # Any of these jobs failing causes a slack notification. - needs: + needs: - android - test - windows @@ -440,7 +468,6 @@ jobs: - cross - ios - wasm - - tailscale_go - fuzz - depaware - go_generate @@ -449,30 +476,30 @@ jobs: - staticcheck runs-on: ubuntu-22.04 steps: - - name: notify - # Only notify slack for merged commits, not PR failures. - # - # It may be tempting to move this condition into the job's 'if' block, but - # don't: Github only collapses the test list into "everything is OK" if - # all jobs succeeded. A skipped job results in the list staying expanded. - # By having the job always run, but skipping its only step as needed, we - # let the CI output collapse nicely in PRs. - if: failure() && github.event_name == 'push' - uses: ruby/action-slack@v3.2.1 - with: - payload: | - { - "attachments": [{ - "title": "Failure: ${{ github.workflow }}", - "title_link": "https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks", - "text": "${{ github.repository }}@${{ github.ref_name }}: ", - "fields": [{ "value": ${{ toJson(github.event.head_commit.message) }}, "short": false }], - "footer": "${{ github.event.head_commit.committer.name }} at ${{ github.event.head_commit.timestamp }}", - "color": "danger" - }] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + - name: notify + # Only notify slack for merged commits, not PR failures. + # + # It may be tempting to move this condition into the job's 'if' block, but + # don't: Github only collapses the test list into "everything is OK" if + # all jobs succeeded. A skipped job results in the list staying expanded. + # By having the job always run, but skipping its only step as needed, we + # let the CI output collapse nicely in PRs. + if: failure() && github.event_name == 'push' + uses: ruby/action-slack@v3.2.1 + with: + payload: | + { + "attachments": [{ + "title": "Failure: ${{ github.workflow }}", + "title_link": "https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks", + "text": "${{ github.repository }}@${{ github.ref_name }}: ", + "fields": [{ "value": ${{ toJson(github.event.head_commit.message) }}, "short": false }], + "footer": "${{ github.event.head_commit.committer.name }} at ${{ github.event.head_commit.timestamp }}", + "color": "danger" + }] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} check_mergeability: if: always() @@ -485,7 +512,6 @@ jobs: - cross - ios - wasm - - tailscale_go - fuzz - depaware - go_generate @@ -493,8 +519,8 @@ jobs: - licenses - staticcheck steps: - - name: Decide if change is okay to merge - if: github.event_name != 'push' - uses: re-actors/alls-green@release/v1 - with: - jobs: ${{ toJSON(needs) }} + - name: Decide if change is okay to merge + if: github.event_name != 'push' + uses: re-actors/alls-green@release/v1 + with: + jobs: ${{ toJSON(needs) }} diff --git a/cmd/derper/depaware.txt b/cmd/derper/depaware.txt index 1ee5a47577cc78..8c62b00431d7c1 100644 --- a/cmd/derper/depaware.txt +++ b/cmd/derper/depaware.txt @@ -12,6 +12,10 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa W 💣 github.com/alexbrainman/sspi/negotiate from tailscale.com/net/tshttpproxy github.com/beorn7/perks/quantile from github.com/prometheus/client_golang/prometheus 💣 github.com/cespare/xxhash/v2 from github.com/prometheus/client_golang/prometheus + github.com/coder/websocket from tailscale.com/cmd/derper+ + github.com/coder/websocket/internal/errd from github.com/coder/websocket + github.com/coder/websocket/internal/util from github.com/coder/websocket + github.com/coder/websocket/internal/xsync from github.com/coder/websocket L github.com/coreos/go-iptables/iptables from tailscale.com/util/linuxfw github.com/fxamacker/cbor/v2 from tailscale.com/tka github.com/golang/groupcache/lru from tailscale.com/net/dnscache @@ -26,7 +30,6 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa L github.com/josharian/native from github.com/mdlayher/netlink+ L 💣 github.com/jsimonetti/rtnetlink from tailscale.com/net/interfaces+ L github.com/jsimonetti/rtnetlink/internal/unix from github.com/jsimonetti/rtnetlink - github.com/klauspost/compress/flate from nhooyr.io/websocket github.com/matttproud/golang_protobuf_extensions/pbutil from github.com/prometheus/common/expfmt L 💣 github.com/mdlayher/netlink from github.com/jsimonetti/rtnetlink+ L 💣 github.com/mdlayher/netlink/nlenc from github.com/jsimonetti/rtnetlink+ @@ -77,9 +80,6 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa google.golang.org/protobuf/runtime/protoimpl from github.com/golang/protobuf/proto+ google.golang.org/protobuf/types/descriptorpb from google.golang.org/protobuf/reflect/protodesc google.golang.org/protobuf/types/known/timestamppb from github.com/prometheus/client_golang/prometheus+ - nhooyr.io/websocket from tailscale.com/cmd/derper+ - nhooyr.io/websocket/internal/errd from nhooyr.io/websocket - nhooyr.io/websocket/internal/xsync from nhooyr.io/websocket tailscale.com from tailscale.com/version tailscale.com/atomicfile from tailscale.com/cmd/derper+ tailscale.com/client/tailscale from tailscale.com/derp @@ -108,7 +108,6 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa tailscale.com/net/tlsdial from tailscale.com/derp/derphttp tailscale.com/net/tsaddr from tailscale.com/ipn+ 💣 tailscale.com/net/tshttpproxy from tailscale.com/derp/derphttp+ - tailscale.com/net/wsconn from tailscale.com/cmd/derper+ tailscale.com/paths from tailscale.com/client/tailscale tailscale.com/safesocket from tailscale.com/client/tailscale tailscale.com/syncs from tailscale.com/cmd/derper+ @@ -193,6 +192,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa golang.org/x/time/rate from tailscale.com/cmd/derper+ bufio from compress/flate+ bytes from bufio+ + cmp from net/netip+ compress/flate from compress/gzip+ compress/gzip from internal/profile+ container/list from crypto/tls+ @@ -269,6 +269,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa runtime/metrics from github.com/prometheus/client_golang/prometheus+ runtime/pprof from net/http/pprof runtime/trace from net/http/pprof + slices from encoding/base32+ sort from compress/flate+ strconv from compress/flate+ strings from bufio+ diff --git a/cmd/tailscale/depaware.txt b/cmd/tailscale/depaware.txt index 920342fcc2b917..43ef2ba4e090b4 100644 --- a/cmd/tailscale/depaware.txt +++ b/cmd/tailscale/depaware.txt @@ -10,6 +10,10 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep W 💣 github.com/alexbrainman/sspi from github.com/alexbrainman/sspi/negotiate+ W github.com/alexbrainman/sspi/internal/common from github.com/alexbrainman/sspi/negotiate W 💣 github.com/alexbrainman/sspi/negotiate from tailscale.com/net/tshttpproxy + github.com/coder/websocket from tailscale.com/control/controlhttp+ + github.com/coder/websocket/internal/errd from github.com/coder/websocket + github.com/coder/websocket/internal/util from github.com/coder/websocket + github.com/coder/websocket/internal/xsync from github.com/coder/websocket L github.com/coreos/go-iptables/iptables from tailscale.com/util/linuxfw W 💣 github.com/dblohm7/wingoes from tailscale.com/util/winutil/authenticode W 💣 github.com/dblohm7/wingoes/pe from tailscale.com/util/winutil/authenticode @@ -27,7 +31,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep L 💣 github.com/jsimonetti/rtnetlink from tailscale.com/net/interfaces+ L github.com/jsimonetti/rtnetlink/internal/unix from github.com/jsimonetti/rtnetlink github.com/kballard/go-shellquote from tailscale.com/cmd/tailscale/cli - github.com/klauspost/compress/flate from nhooyr.io/websocket 💣 github.com/mattn/go-colorable from tailscale.com/cmd/tailscale/cli 💣 github.com/mattn/go-isatty from github.com/mattn/go-colorable+ L 💣 github.com/mdlayher/netlink from github.com/jsimonetti/rtnetlink+ @@ -58,9 +61,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep W 💣 golang.zx2c4.com/wireguard/windows/tunnel/winipcfg from tailscale.com/net/interfaces+ gopkg.in/yaml.v2 from sigs.k8s.io/yaml k8s.io/client-go/util/homedir from tailscale.com/cmd/tailscale/cli - nhooyr.io/websocket from tailscale.com/derp/derphttp+ - nhooyr.io/websocket/internal/errd from nhooyr.io/websocket - nhooyr.io/websocket/internal/xsync from nhooyr.io/websocket sigs.k8s.io/yaml from tailscale.com/cmd/tailscale/cli software.sslmate.com/src/go-pkcs12 from tailscale.com/cmd/tailscale/cli software.sslmate.com/src/go-pkcs12/internal/rc2 from software.sslmate.com/src/go-pkcs12 @@ -103,7 +103,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep tailscale.com/net/tlsdial from tailscale.com/derp/derphttp+ tailscale.com/net/tsaddr from tailscale.com/net/interfaces+ 💣 tailscale.com/net/tshttpproxy from tailscale.com/derp/derphttp+ - tailscale.com/net/wsconn from tailscale.com/control/controlhttp+ tailscale.com/paths from tailscale.com/cmd/tailscale/cli+ tailscale.com/safesocket from tailscale.com/cmd/tailscale/cli+ tailscale.com/syncs from tailscale.com/net/netcheck+ @@ -195,6 +194,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep golang.org/x/time/rate from tailscale.com/cmd/tailscale/cli+ bufio from compress/flate+ bytes from bufio+ + cmp from net/netip+ compress/flate from compress/gzip+ compress/gzip from net/http compress/zlib from image/png+ @@ -249,7 +249,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep image/png from github.com/skip2/go-qrcode io from bufio+ io/fs from crypto/x509+ - io/ioutil from golang.org/x/sys/cpu+ + io/ioutil from github.com/mitchellh/go-ps+ log from expvar+ log/internal from log math from compress/flate+ @@ -278,6 +278,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep regexp from github.com/tailscale/goupnp/httpu+ regexp/syntax from regexp runtime/debug from tailscale.com/util/singleflight+ + slices from encoding/base32+ sort from compress/flate+ strconv from compress/flate+ strings from bufio+ diff --git a/cmd/tailscaled/depaware.txt b/cmd/tailscaled/depaware.txt index c5b6f7da7e60eb..44cca8d96671ee 100644 --- a/cmd/tailscaled/depaware.txt +++ b/cmd/tailscaled/depaware.txt @@ -75,6 +75,10 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de L github.com/aws/smithy-go/transport/http from github.com/aws/aws-sdk-go-v2/aws/middleware+ L github.com/aws/smithy-go/transport/http/internal/io from github.com/aws/smithy-go/transport/http L github.com/aws/smithy-go/waiter from github.com/aws/aws-sdk-go-v2/service/ssm + github.com/coder/websocket from tailscale.com/control/controlhttp+ + github.com/coder/websocket/internal/errd from github.com/coder/websocket + github.com/coder/websocket/internal/util from github.com/coder/websocket + github.com/coder/websocket/internal/xsync from github.com/coder/websocket L github.com/coreos/go-iptables/iptables from tailscale.com/util/linuxfw LD 💣 github.com/creack/pty from tailscale.com/ssh/tailssh W 💣 github.com/dblohm7/wingoes from github.com/dblohm7/wingoes/com+ @@ -104,7 +108,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de L 💣 github.com/jsimonetti/rtnetlink from tailscale.com/net/interfaces+ L github.com/jsimonetti/rtnetlink/internal/unix from github.com/jsimonetti/rtnetlink github.com/klauspost/compress from github.com/klauspost/compress/zstd - github.com/klauspost/compress/flate from nhooyr.io/websocket github.com/klauspost/compress/fse from github.com/klauspost/compress/huff0 github.com/klauspost/compress/huff0 from github.com/klauspost/compress/zstd github.com/klauspost/compress/internal/cpuinfo from github.com/klauspost/compress/zstd+ @@ -164,14 +167,14 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de W 💣 golang.zx2c4.com/wintun from github.com/tailscale/wireguard-go/tun+ W 💣 golang.zx2c4.com/wireguard/windows/tunnel/winipcfg from tailscale.com/net/dns+ gvisor.dev/gvisor/pkg/atomicbitops from gvisor.dev/gvisor/pkg/tcpip+ - gvisor.dev/gvisor/pkg/bits from gvisor.dev/gvisor/pkg/bufferv2 - 💣 gvisor.dev/gvisor/pkg/bufferv2 from gvisor.dev/gvisor/pkg/tcpip+ + gvisor.dev/gvisor/pkg/bits from gvisor.dev/gvisor/pkg/buffer + 💣 gvisor.dev/gvisor/pkg/buffer from gvisor.dev/gvisor/pkg/tcpip+ gvisor.dev/gvisor/pkg/context from gvisor.dev/gvisor/pkg/refs 💣 gvisor.dev/gvisor/pkg/gohacks from gvisor.dev/gvisor/pkg/state/wire+ gvisor.dev/gvisor/pkg/linewriter from gvisor.dev/gvisor/pkg/log gvisor.dev/gvisor/pkg/log from gvisor.dev/gvisor/pkg/context+ gvisor.dev/gvisor/pkg/rand from gvisor.dev/gvisor/pkg/tcpip/network/hash+ - gvisor.dev/gvisor/pkg/refs from gvisor.dev/gvisor/pkg/bufferv2+ + gvisor.dev/gvisor/pkg/refs from gvisor.dev/gvisor/pkg/buffer+ 💣 gvisor.dev/gvisor/pkg/sleep from gvisor.dev/gvisor/pkg/tcpip/transport/tcp 💣 gvisor.dev/gvisor/pkg/state from gvisor.dev/gvisor/pkg/atomicbitops+ gvisor.dev/gvisor/pkg/state/wire from gvisor.dev/gvisor/pkg/state @@ -179,13 +182,12 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de 💣 gvisor.dev/gvisor/pkg/sync/locking from gvisor.dev/gvisor/pkg/tcpip/stack gvisor.dev/gvisor/pkg/tcpip from gvisor.dev/gvisor/pkg/tcpip/header+ gvisor.dev/gvisor/pkg/tcpip/adapters/gonet from tailscale.com/wgengine/netstack - gvisor.dev/gvisor/pkg/tcpip/checksum from gvisor.dev/gvisor/pkg/bufferv2+ + 💣 gvisor.dev/gvisor/pkg/tcpip/checksum from gvisor.dev/gvisor/pkg/buffer+ gvisor.dev/gvisor/pkg/tcpip/hash/jenkins from gvisor.dev/gvisor/pkg/tcpip/stack+ gvisor.dev/gvisor/pkg/tcpip/header from gvisor.dev/gvisor/pkg/tcpip/header/parse+ gvisor.dev/gvisor/pkg/tcpip/header/parse from gvisor.dev/gvisor/pkg/tcpip/network/ipv4+ gvisor.dev/gvisor/pkg/tcpip/internal/tcp from gvisor.dev/gvisor/pkg/tcpip/stack+ - gvisor.dev/gvisor/pkg/tcpip/link/channel from tailscale.com/wgengine/netstack - gvisor.dev/gvisor/pkg/tcpip/network/hash from gvisor.dev/gvisor/pkg/tcpip/network/ipv4+ + gvisor.dev/gvisor/pkg/tcpip/network/hash from gvisor.dev/gvisor/pkg/tcpip/network/ipv4 gvisor.dev/gvisor/pkg/tcpip/network/internal/fragmentation from gvisor.dev/gvisor/pkg/tcpip/network/ipv4+ gvisor.dev/gvisor/pkg/tcpip/network/internal/ip from gvisor.dev/gvisor/pkg/tcpip/network/ipv4+ gvisor.dev/gvisor/pkg/tcpip/network/internal/multicast from gvisor.dev/gvisor/pkg/tcpip/network/ipv4+ @@ -206,9 +208,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de gvisor.dev/gvisor/pkg/waiter from gvisor.dev/gvisor/pkg/context+ inet.af/peercred from tailscale.com/ipn/ipnauth W 💣 inet.af/wf from tailscale.com/wf - nhooyr.io/websocket from tailscale.com/derp/derphttp+ - nhooyr.io/websocket/internal/errd from nhooyr.io/websocket - nhooyr.io/websocket/internal/xsync from nhooyr.io/websocket tailscale.com from tailscale.com/version tailscale.com/atomicfile from tailscale.com/ipn+ LD tailscale.com/chirp from tailscale.com/cmd/tailscaled @@ -282,7 +281,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de 💣 tailscale.com/net/tshttpproxy from tailscale.com/control/controlclient+ tailscale.com/net/tstun from tailscale.com/cmd/tailscaled+ tailscale.com/net/tstun/table from tailscale.com/net/tstun - tailscale.com/net/wsconn from tailscale.com/control/controlhttp+ tailscale.com/paths from tailscale.com/ipn/ipnlocal+ 💣 tailscale.com/portlist from tailscale.com/ipn/ipnlocal tailscale.com/safesocket from tailscale.com/client/tailscale+ @@ -371,7 +369,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de golang.org/x/crypto/cryptobyte from crypto/ecdsa+ golang.org/x/crypto/cryptobyte/asn1 from crypto/ecdsa+ golang.org/x/crypto/curve25519 from github.com/tailscale/golang-x-crypto/ssh+ - LD golang.org/x/crypto/ed25519 from golang.org/x/crypto/ssh+ + LD golang.org/x/crypto/ed25519 from github.com/tailscale/golang-x-crypto/ssh golang.org/x/crypto/hkdf from crypto/tls+ golang.org/x/crypto/nacl/box from tailscale.com/types/key golang.org/x/crypto/nacl/secretbox from golang.org/x/crypto/nacl/box @@ -410,6 +408,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de golang.org/x/time/rate from gvisor.dev/gvisor/pkg/tcpip/stack+ bufio from compress/flate+ bytes from bufio+ + cmp from net/netip+ compress/flate from compress/gzip+ compress/gzip from golang.org/x/net/http2+ W compress/zlib from debug/pe @@ -456,7 +455,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de hash from crypto+ hash/adler32 from tailscale.com/ipn/ipnlocal+ hash/crc32 from compress/gzip+ - hash/fnv from tailscale.com/wgengine/magicsock+ + hash/fnv from tailscale.com/wgengine/magicsock hash/maphash from go4.org/mem html from tailscale.com/ipn/ipnlocal+ io from bufio+ @@ -494,6 +493,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de runtime/debug from github.com/klauspost/compress/zstd+ runtime/pprof from tailscale.com/log/logheap+ runtime/trace from net/http/pprof + slices from encoding/base32+ sort from compress/flate+ strconv from compress/flate+ strings from bufio+ diff --git a/flake.lock b/flake.lock index 434501ed46a969..4c7ff4b1aa464c 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -17,12 +17,15 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -33,11 +36,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1675153841, - "narHash": "sha256-EWvU3DLq+4dbJiukfhS7r6sWZyJikgXn6kNl7eHljW8=", + "lastModified": 1737370608, + "narHash": "sha256-hFA6SmioeqvGW/XvZa9bxniAeulksCOcj3kokdNT/YE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ea692c2ad1afd6384e171eabef4f0887d2b882d3", + "rev": "300081d0cc72df578b02d914df941b8ec62240e6", "type": "github" }, "original": { @@ -53,6 +56,21 @@ "flake-utils": "flake-utils", "nixpkgs": "nixpkgs" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 23ebe5b05b442c..b1dcfef3e46731 100644 --- a/flake.nix +++ b/flake.nix @@ -107,7 +107,7 @@ gotools graphviz perl - go_1_20 + go_1_22 yarn ]; }; @@ -115,4 +115,4 @@ in flake-utils.lib.eachDefaultSystem (system: flakeForSystem nixpkgs system); } -# nix-direnv cache busting line: sha256-hWfdcvm2ief313JMgzDIispAnwi+D1iWsm0UHWOomxg= +# nix-direnv cache busting line: sha256-Yxx1iLyfQAma6d7AYS8hZf07tYnsU3x6fSWWxh1GjoM= diff --git a/go.mod.sri b/go.mod.sri index ee1b34af2674db..341729f92554ac 100644 --- a/go.mod.sri +++ b/go.mod.sri @@ -1 +1 @@ -sha256-hWfdcvm2ief313JMgzDIispAnwi+D1iWsm0UHWOomxg= +sha256-Yxx1iLyfQAma6d7AYS8hZf07tYnsU3x6fSWWxh1GjoM= diff --git a/scripts/check_license_headers.sh b/scripts/check_license_headers.sh index 89a243b6332bf7..c02d1d07f40c83 100755 --- a/scripts/check_license_headers.sh +++ b/scripts/check_license_headers.sh @@ -7,56 +7,60 @@ # directory tree have a correct-looking Tailscale license header. check_file() { - got=$1 + got=$1 - want=$(cat <&2 - exit 1 + echo "Usage: $0 rootdir" >&2 + exit 1 fi fail=0 for file in $(find $1 -name '*.go' -not -path '*/.git/*'); do - case $file in - $1/tempfork/*) - # Skip, tempfork of third-party code - ;; - $1/wgengine/router/ifconfig_windows.go) - # WireGuard copyright. - ;; - $1/cmd/tailscale/cli/authenticode_windows.go) - # WireGuard copyright. - ;; - *_string.go) - # Generated file from go:generate stringer - ;; - $1/control/controlbase/noiseexplorer_test.go) - # Noiseexplorer.com copyright. - ;; - */zsyscall_windows.go) - # Generated syscall wrappers - ;; - *) - header="$(head -2 $file)" - if ! check_file "$header"; then - fail=1 - echo "${file#$1/} doesn't have the right copyright header:" - echo "$header" | sed -e 's/^/ /g' - fi - ;; - esac + case $file in + $1/tempfork/*) + # Skip, tempfork of third-party code + ;; + $1/wgengine/router/ifconfig_windows.go) + # WireGuard copyright. + ;; + $1/cmd/tailscale/cli/authenticode_windows.go) + # WireGuard copyright. + ;; + *_string.go) + # Generated file from go:generate stringer + ;; + $1/control/controlbase/noiseexplorer_test.go) + # Noiseexplorer.com copyright. + ;; + */zsyscall_windows.go) + # Generated syscall wrappers + ;; + $1/wgengine/netstack/endpoint.go) + # gVisor copyright + ;; + *) + header="$(head -2 $file)" + if ! check_file "$header"; then + fail=1 + echo "${file#$1/} doesn't have the right copyright header:" + echo "$header" | sed -e 's/^/ /g' + fi + ;; + esac done if [ $fail -ne 0 ]; then - exit 1 + exit 1 fi diff --git a/shell.nix b/shell.nix index 288775ca086f5c..d5c78e08c5dc43 100644 --- a/shell.nix +++ b/shell.nix @@ -16,4 +16,4 @@ ) { src = ./.; }).shellNix -# nix-direnv cache busting line: sha256-hWfdcvm2ief313JMgzDIispAnwi+D1iWsm0UHWOomxg= +# nix-direnv cache busting line: sha256-Yxx1iLyfQAma6d7AYS8hZf07tYnsU3x6fSWWxh1GjoM= diff --git a/tool/gocross/autoflags.go b/tool/gocross/autoflags.go index b914759fb7d615..edc0481bc7fcc9 100644 --- a/tool/gocross/autoflags.go +++ b/tool/gocross/autoflags.go @@ -37,7 +37,7 @@ func autoflagsForTest(argv []string, env *Environment, goroot, nativeGOOS, nativ cgoCflags = []string{"-O3", "-std=gnu11"} cgoLdflags []string ldflags []string - tags = []string{"tailscale_go"} + tags = []string{} cgo = false failReflect = false ) diff --git a/tool/gocross/autoflags_test.go b/tool/gocross/autoflags_test.go index c8007c40df20b5..2002888697ade9 100644 --- a/tool/gocross/autoflags_test.go +++ b/tool/gocross/autoflags_test.go @@ -53,7 +53,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static'", "./cmd/tailcontrol", }, @@ -78,7 +78,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "install", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static'", "./cmd/tailcontrol", }, @@ -106,7 +106,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static'", "./cmd/tailcontrol", }, @@ -134,7 +134,6 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg", "./cmd/tailcontrol", }, @@ -159,7 +158,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "test", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static'", "-race", "./cmd/tailcontrol", @@ -188,7 +187,6 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg -H windows -s", "./cmd/tailcontrol", }, @@ -213,7 +211,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,omitidna,omitpemdecrypt", + "-tags=omitidna,omitpemdecrypt", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg", "./cmd/tailcontrol", }, @@ -241,7 +239,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,omitidna,omitpemdecrypt", + "-tags=omitidna,omitpemdecrypt", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg", "./cmd/tailcontrol", }, @@ -269,7 +267,7 @@ TS_LINK_FAIL_REFLECT=1 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,omitidna,omitpemdecrypt", + "-tags=omitidna,omitpemdecrypt", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg", "./cmd/tailcontrol", }, @@ -301,7 +299,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,omitidna,omitpemdecrypt,ts_macext", + "-tags=omitidna,omitpemdecrypt,ts_macext", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg -w", "./cmd/tailcontrol", }, @@ -333,7 +331,7 @@ TS_LINK_FAIL_REFLECT=1 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,omitidna,omitpemdecrypt,ts_macext", + "-tags=omitidna,omitpemdecrypt,ts_macext", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg -w", "./cmd/tailcontrol", }, @@ -358,7 +356,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "go", "build", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static'", "./cmd/tailcontrol", }, @@ -383,7 +381,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "list", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static'", "./cmd/tailcontrol", }, @@ -411,7 +409,7 @@ TS_LINK_FAIL_REFLECT=0 (was )`, wantArgv: []string{ "gocross", "build", "-trimpath", - "-tags=tailscale_go,osusergo,netgo", + "-tags=osusergo,netgo", "-ldflags", "-X tailscale.com/version.longStamp=1.2.3-long -X tailscale.com/version.shortStamp=1.2.3 -X tailscale.com/version.gitCommitStamp=abcd -X tailscale.com/version.extraGitCommitStamp=defg '-extldflags=-static -L /my/glibc/path'", "./cmd/tailcontrol", }, diff --git a/tool/gocross/gocross-wrapper.sh b/tool/gocross/gocross-wrapper.sh index fc4a942252b6c4..37a1afca78fa0c 100755 --- a/tool/gocross/gocross-wrapper.sh +++ b/tool/gocross/gocross-wrapper.sh @@ -9,7 +9,7 @@ set -euo pipefail if [[ "${CI:-}" == "true" ]]; then - set -x + set -x fi # Locate a bootstrap toolchain and (re)build gocross if necessary. We run all of @@ -17,91 +17,38 @@ fi # accidentally mutate the input environment that will get passed to gocross at # the bottom of this script. ( -repo_root="${BASH_SOURCE%/*}/../.." - -# Figuring out if gocross needs a rebuild, as well as the rebuild itself, need -# to happen with CWD inside this repo. Since we're in a subshell entirely -# dedicated to wrangling gocross and toolchains, cd over now before doing -# anything further so that the rest of this logic works the same if gocross is -# being invoked from somewhere else. -cd "$repo_root" - -toolchain="$HOME/.cache/tailscale-go" - -if [[ -d "$toolchain" ]]; then - # A toolchain exists, but is it recent enough to compile gocross? If not, - # wipe it out so that the next if block fetches a usable one. - want_go_minor=$(grep -E '^go ' "go.mod" | cut -f2 -d'.') - have_go_minor=$(head -1 "$toolchain/VERSION" | cut -f2 -d'.') - # Shortly before stable releases, we run release candidate - # toolchains, which have a non-numeric suffix on the version - # number. Remove the rc qualifier, we just care about the minor - # version. - have_go_minor="${have_go_minor%rc*}" - if [[ -z "$have_go_minor" || "$have_go_minor" -lt "$want_go_minor" ]]; then - rm -rf "$toolchain" "$toolchain.extracted" + repo_root="${BASH_SOURCE%/*}/../.." + + # Figuring out if gocross needs a rebuild, as well as the rebuild itself, need + # to happen with CWD inside this repo. Since we're in a subshell entirely + # dedicated to wrangling gocross and toolchains, cd over now before doing + # anything further so that the rest of this logic works the same if gocross is + # being invoked from somewhere else. + cd "$repo_root" + + # Binaries run with `gocross run` can reinvoke gocross, resulting in a + # potentially fancy build that invokes external linkers, might be + # cross-building for other targets, and so forth. In one hilarious + # case, cmd/cloner invokes go with GO111MODULE=off at some stage. + # + # Anyway, build gocross in a stripped down universe. + gocross_path="gocross" + gocross_ok=0 + wantver="$(git rev-parse HEAD)" + if [[ -x "$gocross_path" ]]; then + gotver="$($gocross_path gocross-version 2>/dev/null || echo '')" + if [[ "$gotver" == "$wantver" ]]; then + gocross_ok=1 fi -fi -if [[ ! -d "$toolchain" ]]; then - mkdir -p "$HOME/.cache" - - # We need any Go toolchain to build gocross, but the toolchain also has to - # be reasonably recent because we upgrade eagerly and gocross might not - # build with Go N-1. So, if we have no cached tailscale toolchain at all, - # fetch the initial one in shell. Once gocross is built, it'll manage - # updates. - read -r REV "$toolchain.extracted" - rm -f "$toolchain.tar.gz" - ;; - esac -fi - -# Binaries run with `gocross run` can reinvoke gocross, resulting in a -# potentially fancy build that invokes external linkers, might be -# cross-building for other targets, and so forth. In one hilarious -# case, cmd/cloner invokes go with GO111MODULE=off at some stage. -# -# Anyway, build gocross in a stripped down universe. -gocross_path="gocross" -gocross_ok=0 -wantver="$(git rev-parse HEAD)" -if [[ -x "$gocross_path" ]]; then - gotver="$($gocross_path gocross-version 2>/dev/null || echo '')" - if [[ "$gotver" == "$wantver" ]]; then - gocross_ok=1 - fi -fi -if [[ "$gocross_ok" == "0" ]]; then + fi + if [[ "$gocross_ok" == "0" ]]; then unset GOOS unset GOARCH unset GO111MODULE unset GOROOT export CGO_ENABLED=0 - "$toolchain/bin/go" build -o "$gocross_path" -ldflags "-X tailscale.com/version.gitCommitStamp=$wantver" tailscale.com/tool/gocross -fi + go build -o "$gocross_path" -ldflags "-X tailscale.com/version.gitCommitStamp=$wantver" tailscale.com/tool/gocross + fi ) # End of the subshell execution. exec "${BASH_SOURCE%/*}/../../gocross" "$@" diff --git a/tool/gocross/gocross.go b/tool/gocross/gocross.go index f9f271fcf12e3e..63cb6ff03b158c 100644 --- a/tool/gocross/gocross.go +++ b/tool/gocross/gocross.go @@ -15,7 +15,9 @@ import ( _ "embed" "fmt" "os" + "os/exec" "path/filepath" + "runtime" "tailscale.com/atomicfile" "tailscale.com/version" @@ -36,23 +38,6 @@ func main() { // regular go binary, so it can be used to detect when `go` is // actually gocross. os.Exit(0) - case "make-goroot": - _, gorootDir, err := getToolchain() - if err != nil { - fmt.Fprintf(os.Stderr, "getting toolchain: %v\n", err) - os.Exit(1) - } - - fmt.Println(gorootDir) - os.Exit(0) - case "gocross-get-toolchain-go": - toolchain, _, err := getToolchain() - if err != nil { - fmt.Fprintf(os.Stderr, "getting toolchain: %v\n", err) - os.Exit(1) - } - fmt.Println(filepath.Join(toolchain, "bin/go")) - os.Exit(0) case "gocross-write-wrapper-script": if len(os.Args) != 3 { fmt.Fprintf(os.Stderr, "usage: gocross write-wrapper-script \n") @@ -66,26 +51,14 @@ func main() { } } - toolchain, goroot, err := getToolchain() - if err != nil { - fmt.Fprintf(os.Stderr, "getting toolchain: %v\n", err) - os.Exit(1) - } - args := os.Args if os.Getenv("GOCROSS_BYPASS") == "" { - newArgv, env, err := Autoflags(os.Args, goroot) + newArgv, env, err := Autoflags(os.Args, runtime.GOROOT()) if err != nil { fmt.Fprintf(os.Stderr, "computing flags: %v\n", err) os.Exit(1) } - // Make sure the right version of cmd/go is the first thing in the PATH - // for tests that execute `go build` or `go test`. - // TODO: if we really need to do this, do it inside Autoflags, not here. - path := filepath.Join(toolchain, "bin") + string(os.PathListSeparator) + os.Getenv("PATH") - env.Set("PATH", path) - debug("Input: %s\n", formatArgv(os.Args)) debug("Command: %s\n", formatArgv(newArgv)) debug("Set the following flags/envvars:\n%s\n", env.Diff()) @@ -95,10 +68,18 @@ func main() { fmt.Fprintf(os.Stderr, "modifying environment: %v\n", err) os.Exit(1) } + } + cmd, err := exec.LookPath("go") + if err == nil { + cmd, err = filepath.Abs(cmd) + } + if err != nil { + fmt.Fprintf(os.Stderr, "looking up Go binary path: %v\n", err) + os.Exit(1) } - doExec(filepath.Join(toolchain, "bin/go"), args, os.Environ()) + doExec(cmd, args, os.Environ()) } //go:embed gocross-wrapper.sh diff --git a/tool/gocross/goroot.go b/tool/gocross/goroot.go deleted file mode 100644 index 58d025da562dc5..00000000000000 --- a/tool/gocross/goroot.go +++ /dev/null @@ -1,90 +0,0 @@ -// Copyright (c) Tailscale Inc & AUTHORS -// SPDX-License-Identifier: BSD-3-Clause - -package main - -import ( - "errors" - "fmt" - "io" - "io/fs" - "os" - "path/filepath" -) - -// makeGoroot constructs a GOROOT-like file structure in outPath, -// which consists of toolchainRoot except for the `go` binary, which -// points to gocross. -// -// It's useful for integrating with tooling that expects to be handed -// a GOROOT, like the Goland IDE or depaware. -func makeGoroot(toolchainRoot, outPath string) error { - self, err := os.Executable() - if err != nil { - return fmt.Errorf("getting gocross's path: %v", err) - } - - os.RemoveAll(outPath) - if err := os.MkdirAll(filepath.Join(outPath, "bin"), 0750); err != nil { - return fmt.Errorf("making %q: %v", outPath, err) - } - if err := os.Symlink(self, filepath.Join(outPath, "bin/go")); err != nil { - return fmt.Errorf("linking gocross into outpath: %v", err) - } - - if err := linkFarm(toolchainRoot, outPath); err != nil { - return fmt.Errorf("creating GOROOT link farm: %v", err) - } - if err := linkFarm(filepath.Join(toolchainRoot, "bin"), filepath.Join(outPath, "bin")); err != nil { - return fmt.Errorf("creating GOROOT/bin link farm: %v", err) - } - - return nil -} - -func copyFile(src, dst string) error { - s, err := os.Open(src) - if err != nil { - return fmt.Errorf("opening %q: %v", src, err) - } - defer s.Close() - - d, err := os.OpenFile(dst, os.O_RDWR|os.O_CREATE, 0755) - if err != nil { - return fmt.Errorf("opening %q: %v", dst, err) - } - - if _, err := io.Copy(d, s); err != nil { - d.Close() - return fmt.Errorf("copying %q to %q: %v", src, dst, err) - } - - if err := d.Close(); err != nil { - return fmt.Errorf("closing %q: %v", dst, err) - } - - return nil -} - -// linkFarm symlinks every entry in srcDir into outDir, unless that -// directory entry already exists. -func linkFarm(srcDir, outDir string) error { - ents, err := os.ReadDir(srcDir) - if err != nil { - return fmt.Errorf("reading %q: %v", srcDir, err) - } - - for _, ent := range ents { - dst := filepath.Join(outDir, ent.Name()) - _, err := os.Lstat(dst) - if errors.Is(err, fs.ErrNotExist) { - if err := os.Symlink(filepath.Join(srcDir, ent.Name()), dst); err != nil { - return fmt.Errorf("symlinking %q to %q: %v", ent.Name(), outDir, err) - } - } else if err != nil { - return fmt.Errorf("stat-ing %q: %v", dst, err) - } - } - - return nil -} diff --git a/tool/gocross/toolchain.go b/tool/gocross/toolchain.go deleted file mode 100644 index 5980dff0462687..00000000000000 --- a/tool/gocross/toolchain.go +++ /dev/null @@ -1,189 +0,0 @@ -// Copyright (c) Tailscale Inc & AUTHORS -// SPDX-License-Identifier: BSD-3-Clause - -package main - -import ( - "bytes" - "fmt" - "io" - "net/http" - "os" - "os/exec" - "path/filepath" - "runtime" -) - -func toolchainRev() (string, error) { - // gocross gets built in the root of the repo that has toolchain - // information, so we can use os.Args[0] to locate toolchain info. - // - // We might be getting invoked via the synthetic goroot that we create, so - // walk symlinks to find the true location of gocross. - start, err := os.Executable() - if err != nil { - return "", err - } - start, err = filepath.EvalSymlinks(start) - if err != nil { - return "", fmt.Errorf("evaluating symlinks in %q: %v", os.Args[0], err) - } - start = filepath.Dir(start) - d := start -findTopLevel: - for { - if _, err := os.Lstat(filepath.Join(d, ".git")); err == nil { - break findTopLevel - } else if !os.IsNotExist(err) { - return "", fmt.Errorf("finding .git: %v", err) - } - d = filepath.Dir(d) - if d == "/" { - return "", fmt.Errorf("couldn't find .git starting from %q, cannot manage toolchain", start) - } - } - - return readRevFile(filepath.Join(d, "go.toolchain.rev")) -} - -func readRevFile(path string) (string, error) { - bs, err := os.ReadFile(path) - if err != nil { - return "", err - } - return string(bytes.TrimSpace(bs)), nil -} - -func getToolchain() (toolchainDir, gorootDir string, err error) { - cache := filepath.Join(os.Getenv("HOME"), ".cache") - toolchainDir = filepath.Join(cache, "tailscale-go") - gorootDir = filepath.Join(toolchainDir, "gocross-goroot") - - // You might wonder why getting the toolchain also provisions and returns a - // path suitable for use as GOROOT. Wonder no longer! - // - // A bunch of our tests and build processes involve re-invoking 'go build' - // or other build-ish commands (install, run, ...). These typically use - // runtime.GOROOT + "bin/go" to get at the Go binary. Even more edge case-y, - // tailscale.com/cmd/tsconnect needs to fish a javascript glue file out of - // GOROOT in order to build the javascript bundle for serving. - // - // Gocross always does a -trimpath on builds for reproducibility, which - // wipes out the burned-in runtime.GOROOT value from the binary. This means - // that using gocross on these various test and build processes ends up - // breaking with mysterious path errors. - // - // We don't want to stop using -trimpath, or otherwise make GOROOT work in - // "normal" builds, because that is a footgun that lets people accidentally - // create assumptions that the build toolchain is still around at runtime. - // Instead, we want to make 'go test' and 'go run' have access to GOROOT, - // while still removing it from standalone binaries. - // - // So, construct and pass a GOROOT to the actual 'go' invocation, which lets - // tests and build processes locate and use GOROOT. For consistency, the - // GOROOT that's passed in is a symlink farm that mostly points to the - // toolchain's underlying GOROOT, but 'bin/go' points back to gocross. This - // means that if you invoke 'go test' via gocross, and that test tries to - // build code, that build will also end up using gocross. - - if err := ensureToolchain(cache, toolchainDir); err != nil { - return "", "", err - } - if err := ensureGoroot(toolchainDir, gorootDir); err != nil { - return "", "", err - } - - return toolchainDir, gorootDir, nil -} - -func ensureToolchain(cacheDir, toolchainDir string) error { - stampFile := toolchainDir + ".extracted" - - wantRev, err := toolchainRev() - if err != nil { - return err - } - gotRev, err := readRevFile(stampFile) - if err != nil { - return fmt.Errorf("reading stamp file %q: %v", stampFile, err) - } - if gotRev == wantRev { - // Toolchain already good. - return nil - } - - if err := os.RemoveAll(toolchainDir); err != nil { - return err - } - if err := os.RemoveAll(stampFile); err != nil { - return err - } - - if filepath.IsAbs(wantRev) { - // Local dev toolchain. - if err := os.Symlink(wantRev, toolchainDir); err != nil { - return err - } - return nil - } else { - if err := downloadCachedgo(toolchainDir, wantRev); err != nil { - return err - } - } - - if err := os.WriteFile(stampFile, []byte(wantRev), 0644); err != nil { - return err - } - - return nil -} - -func ensureGoroot(toolchainDir, gorootDir string) error { - if _, err := os.Stat(gorootDir); err == nil { - return nil - } else if !os.IsNotExist(err) { - return err - } - return makeGoroot(toolchainDir, gorootDir) - -} - -func downloadCachedgo(toolchainDir, toolchainRev string) error { - url := fmt.Sprintf("https://github.com/tailscale/go/releases/download/build-%s/%s-%s.tar.gz", toolchainRev, runtime.GOOS, runtime.GOARCH) - - archivePath := toolchainDir + ".tar.gz" - f, err := os.Create(archivePath) - if err != nil { - return err - } - - resp, err := http.Get(url) - if err != nil { - return err - } - defer resp.Body.Close() - if resp.StatusCode != 200 { - return fmt.Errorf("failed to get %q: %v", url, resp.Status) - } - if _, err := io.Copy(f, resp.Body); err != nil { - return err - } - if err := f.Close(); err != nil { - return err - } - - if err := os.MkdirAll(toolchainDir, 0755); err != nil { - return err - } - cmd := exec.Command("tar", "--strip-components=1", "-xf", archivePath) - cmd.Dir = toolchainDir - if err := cmd.Run(); err != nil { - return err - } - - if err := os.RemoveAll(archivePath); err != nil { - return err - } - - return nil -}