control/keyfallback: add baked-in fallback for control keyandrew/keyfallback

Similar to how we bake in the DERPMap to ensure that we can reach the
DERP servers if DNS isn't working, also bake in the control key for the
default control server that we use if the control server is down.

Updates #13890

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I18ef0381e266bd3db10063685993bc3cb76b2f42

1 files changed, 47 insertions, 0 deletions

diff --git a/control/keyfallback/update.go b/control/keyfallback/update.go
new file mode 100644
index 000000000..27bee37ad
--- /dev/null
+++ b/control/keyfallback/update.go
@@ -0,0 +1,47 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+//go:build ignore
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"os"
+
+	"tailscale.com/ipn"
+	"tailscale.com/tailcfg"
+)
+
+func main() {
+	keyURL := fmt.Sprintf("%v/key?v=%d", ipn.DefaultControlURL, tailcfg.CurrentCapabilityVersion)
+	res, err := http.Get(keyURL)
+	if err != nil {
+		log.Fatalf("fetch control key: %v", err)
+	}
+	defer res.Body.Close()
+	b, err := io.ReadAll(io.LimitReader(res.Body, 64<<10))
+	if err != nil {
+		log.Fatalf("read control key: %v", err)
+	}
+	if res.StatusCode != 200 {
+		log.Fatalf("fetch control key: bad status; got %v, want 200", res.Status)
+	}
+
+	// Unmarshal to make sure it's valid.
+	var out tailcfg.OverTLSPublicKeyResponse
+	if err := json.Unmarshal(b, &out); err != nil {
+		log.Fatalf("unmarshal control key: %v", err)
+	}
+	if out.PublicKey.IsZero() {
+		log.Fatalf("control key is zero")
+	}
+
+	if err := os.WriteFile("control-key.json", b, 0644); err != nil {
+		log.Fatalf("write control key: %v", err)
+	}
+}