tailscale, branch knyar/netmapdiff2 The easiest, most secure way to use WireGuard and 2FA http://git.waynecole.info/tailscale/atom?h=knyar%2Fnetmapdiff2 2025-09-08T14:30:24Z getting confused by cmp.diff 2025-09-08T14:30:24Z Anton Tolchanov anton@tailscale.com 2025-09-08T14:30:24Z urn:sha1:12ee752d963c94ea18c1a28bccf82695acbd9b6c Add to tailcfg 2025-09-08T13:59:42Z Anton Tolchanov anton@tailscale.com 2025-09-04T18:44:48Z urn:sha1:275345f498a3ca949c79042fdc73874e27feb43e ipn/ipnlocal: add a C2N endpoint to diff current netmap and a new one 2025-09-08T13:59:42Z Anton Tolchanov anton@tailscale.com 2025-08-13T14:00:35Z urn:sha1:d16b635023af6622c6981f55f0232b11ce1274d9 Signed-off-by: Anton Tolchanov <anton@tailscale.com> prober: include current probe results in run-probe text response 2025-09-07T07:40:53Z Anton Tolchanov anton@tailscale.com 2025-09-06T08:28:07Z urn:sha1:ed6aa50bd549bdc5e79dcf0326c358f40e9aced2 It was a bit confusing that provided history did not include the current probe results. Updates tailscale/corp#20583 Signed-off-by: Anton Tolchanov <anton@tailscale.com> wgengine/magicsock: log the peer failing disco writes are intended for 2025-09-06T02:02:17Z James Tucker james@tailscale.com 2025-09-06T00:58:36Z urn:sha1:a29545e9cc6a71439741836ea9ba0e8cbfbc7134 Updates tailscale/corp#31762 Signed-off-by: James Tucker <james@tailscale.com> cmd/tailscale/cli: add new line for set --webclient (#17043) 2025-09-05T19:56:23Z Mike O'Driscoll mikeo@tailscale.com 2025-09-05T19:56:23Z urn:sha1:23297da10d180a4b30b1a6db9e131e463b447813 Fixes #17042 Signed-off-by: Mike O'Driscoll <mikeo@tailscale.com> ipn/ipnlocal: add state change test for key expiry 2025-09-05T14:14:45Z James Sanderson jsanderson@tailscale.com 2025-09-05T13:52:44Z urn:sha1:046b8830c76b29f04fc95f3880e6abe41eeb16e7 Updates tailscale/corp#31478 Signed-off-by: James Sanderson <jsanderson@tailscale.com> util/syspolicy/policyclient: always use no-op policyclient in tests by default 2025-09-04T22:14:15Z Brad Fitzpatrick bradfitz@tailscale.com 2025-09-03T04:41:06Z urn:sha1:46369f06af2729b2e553433aef16c821670c2455 We should never use the real syspolicy implementation in tests by default. (the machine's configuration shouldn't affect tests) You either specify a test policy, or you get a no-op one. Updates #16998 Change-Id: I3350d392aad11573a5ad7caab919bb3bbaecb225 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> ipn/ipnlocal, util/syspolicy: convert last RegisterWellKnownSettingsForTest caller, remove 2025-09-04T19:45:44Z Brad Fitzpatrick bradfitz@tailscale.com 2025-09-03T23:06:39Z urn:sha1:b034f7cca95476c89394b3419b8fb7b9d7e3534c Updates #16998 Change-Id: I735d75129a97a929092e9075107e41cdade18944 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> cmd/containerboot: do not reset state on non-existant secret (#17021) 2025-09-04T11:40:55Z David Bond davidsbond@users.noreply.github.com 2025-09-04T11:40:55Z urn:sha1:624cdd2961ac88ac2c187072dc2cb322d05a653b This commit modifies containerboot's state reset process to handle the state secret not existing. During other parts of the boot process we gracefully handle the state secret not being created yet, but missed that check within `resetContainerbootState` Fixes https://github.com/tailscale/tailscale/issues/16804 Signed-off-by: David Bond <davidsbond93@gmail.com>