| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Windows
In this PR, we update the Windows client updater to:
- Run msiexec with logging enabled and preserve the log file in %ProgramData%\Tailscale\Logs;
- Preserve the updater's own log file in the same location;
- Properly handle ERROR_SUCCESS_REBOOT_REQUIRED, ERROR_SUCCESS_REBOOT_INITIATED, and ERROR_INSTALL_ALREADY_RUNNING exit codes. The first two values indicate that installation
completed successfully and no further retries are needed. The last one means the Windows Installer
service is busy. Retrying immediately is likely to fail and may be risky; it could uninstall the current version
without successfully installing the new one, potentially leaving the user without Tailscale.
Updates tailscale/corp#27496
Updates tailscale#15554
Signed-off-by: Nick Khyl <nickk@tailscale.com>
|
|
I noticed logs on one of my machines where it can't auto-update with
scary log spam about "failed to apply tailnet-wide default for
auto-updates".
This avoids trying to do the EditPrefs if we know it's just going to
fail anyway.
Updates #282
Change-Id: Ib7db3b122185faa70efe08b60ebd05a6094eed8c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
When running via tsnet, c2n will be hooked up so requests to update can
reach the node. But it will then apply whatever OS-specific update
function, upgrading the local tailscaled instead.
We can't update tsnet automatically, so refuse it.
Fixes #14892
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Updates tailscale/corp#20099
Change-Id: Ie3b782379b19d5f7890a8d3a378096b4f3e8a612
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
We were using google/uuid in two places and that brought in database/sql/driver.
We didn't need it in either place.
Updates #13760
Updates tailscale/corp#20099
Change-Id: Ieed32f1bebe35d35f47ec5a2a429268f24f11f1f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
While `clientupdate.Updater` won't be able to apply updates on macsys,
we use `clientupdate.CanAutoUpdate` to gate the EditPrefs endpoint in
localAPI. We should allow the GUI client to set AutoUpdate.Apply on
macsys for it to properly get reported to the control plane. This also
allows the tailnet-wide default for auto-updates to propagate to macsys
clients.
Updates https://github.com/tailscale/corp/issues/21339
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Previously, we would only compare the current version to resolved latest
version for track. When running `tailscale update --track=stable` from
an unstable build, it would almost always fail because the stable
version is "older". But we should support explicitly switching tracks
like that.
Fixes #12347
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
We assume most containers are immutable and don't expect tailscale
running in them to auto-update. But there's no reason to prohibit it
outright.
Ignore the tailnet-wide default auto-update setting in containers, but
allow local users to turn on auto-updates via the CLI.
RELNOTE=Auto-updates are allowed in containers, but ignore the tailnet-wide default.
Fixes #12292
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Alpine APK repos are versioned, and contain different package sets.
Older APK releases and repos don't have the latest tailscale package.
When we report "no update available", check whether pkgs.tailscale.com
has a newer tarball release. If it does, it's possible that the system
is on an older Alpine release. Print additional messages to suggest the
user to upgrade their OS.
Fixes #11309
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Shell out to "systemctl", which lets us drop an extra dependency.
Updates https://github.com/tailscale/corp/issues/18935
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Containers are typically immutable and should be updated as a whole (and
not individual packages within). Deny enablement of auto-updates in
containers.
Also, add the missing check in EditPrefs in LocalAPI, to catch cases
like tailnet default auto-updates getting enabled for nodes that don't
support it.
Updates #11544
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
We don't always have the same latest version for all platforms (like
with 1.64.2 is only Synology+Windows), so we should use the OS-specific
result from pkgs JSON response instead of the main Version field.
Updates #11795
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Updates #11058
Change-Id: I35e7ef9b90e83cac04ca93fd964ad00ed5b48430
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #cleanup
Change-Id: I982175e74b0c8c5b3e01a573e5785e6596b7ac39
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
According to
https://learn.microsoft.com/en-us/windows/win32/msi/standard-installer-command-line-options#promptrestart,
`/promptrestart` is ignored with `/quiet` is set, so msiexec.exe can
sometimes silently trigger a reboot. The best we can do to reduce
unexpected disruption is to just prevent restarts, until the user
chooses to do it. Restarts aren't normally needed for Tailscale updates,
but there seem to be some situations where it's triggered.
Updates #18254
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
The package info output can list multiple package versions, and not in
descending order. Find the newest version in the output, instead of the
first one.
Fixes #11309
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Updates #cleanup
NixOS packages are immutable and attempts to update via our tarball
mechanism will always fail as a result. Instead we now direct users to
update their nix channel or nixpkgs flake input to receive the latest
Tailscale release.
Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
|
|
Instead of overloading the Version field, add an explicit Track field.
This fixes a bug where passing a track name in `args.Version` would keep
the track name in `updater.Version` and pass it down the code path to
commands like `apt-get install`. Now, `updater.Version` should always be
a version (or empty string).
Updates #cleanup
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
We've fixed the underlying issue in github.com/tailscale/corp/issues/13998.
Fixes #10513
Signed-off-by: Aaron Klotz <aaron@tailscale.com>
|
|
Hiding/disabling UI features when not available on the running
client.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
|
|
When updating on Windows, we make a copy of the tailscale.exe file in a
temp directory to perform the update, because the original tailscale.exe
gets deleted during the update.
This can eat up disk space if a machine is stuck doing repeated failed
update attempts. Clean up old copies explicitly before making a new one,
same as we do with MSIs.
Updates #10082
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Use the [`plugin`
CLI](https://forums.unraid.net/topic/72240-solved-is-there-a-way-to-installuninstall-plugins-from-script/#comment-676870)
to fetch and apply the update.
Updates https://github.com/tailscale/tailscale/issues/10184
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
`winutil.WTSGetActiveConsoleSessionId` only works for physical desktop
logins and does not return the session ID for RDP logins. We need to
`windows.WTSEnumerateSessions` and find the active session.
Fixes https://github.com/tailscale/corp/issues/15772
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
When we run tailscled under systemd, restarting the unit kills all child
processes, including "tailscale update". And during update, the package
manager will restart the tailscaled unit. Specifically on Debian-based
distros, interrupting `apt-get install` can get the system into a wedged
state which requires the user to manually run `dpkg --configure` to
recover.
To avoid all this, use `systemd-run` where available to run the
`tailscale update` process. This launches it in a separate temporary
unit and doesn't kill it when parent unit is restarted.
Also, detect when `apt-get install` complains about aborted update and
try to restore the system by running `dpkg --configure tailscale`. This
could help if the system unexpectedly shuts down during our auto-update.
Fixes https://github.com/tailscale/corp/issues/15771
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Use the `qpkg_cli` to check for updates and install them. There are a
couple special things about this compare to other updaters:
* qpkg_cli can tell you when upgrade is available, but not what the
version is
* qpkg_cli --add Tailscale works for new installs, upgrades and
reinstalling existing version; even reinstall of existing version
takes a while
Updates #10178
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
The c2n part was broken because we were not looking up the tailscale
binary for that GOOS. The rest of the update was failing at the `pkg
upgrade` confirmation prompt. We also need to manually restart
tailscaled after update.
Updates #cleanup
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Check for root early, before we fetch the pkgs index. This avoids
several seconds delay for the command to tell you to sudo.
Updates #cleanup
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
In case there's a wild symlink in one of the target paths, we don't want
to accidentally delete too much. Limit `cleanupOldDownloads` to deleting
individual files only.
Updates https://github.com/tailscale/tailscale/issues/10082
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
After we're done installing, clean up the temp files. This prevents temp
volumes from filling up on hosts that don't reboot often.
Fixes https://github.com/tailscale/tailscale/issues/10082
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Make the error message a bit more helpful for users.
Updates #9456
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
* clientupdate: disable on Unraid
Updates dkaser/unraid-tailscale#94
Signed-off-by: Derek Kaser <derek.kaser@gmail.com>
* Update clientupdate/clientupdate.go
Signed-off-by: Andrew Lytvynov <andrew@awly.dev>
---------
Signed-off-by: Derek Kaser <derek.kaser@gmail.com>
Signed-off-by: Andrew Lytvynov <andrew@awly.dev>
Co-authored-by: Andrew Lytvynov <andrew@awly.dev>
|
|
Not all users know about our tracks and versioning scheme. They can be
confused when e.g. 1.52.0 is out but 1.53.0 is available. Or when 1.52.0
is our but 1.53 has not been built yet and user is on 1.51.x.
Updates #cleanup
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Fixes #9963
Signed-off-by: Chris Palmer <cpalmer@tailscale.com>
|
|
Updates #755
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
On `tailscale set --auto-update`, set the Sparkle plist option for it.
Also make macsys report not supporting auto-updates over c2n, since they
will be triggered by Sparkle locally.
Updates #755
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
clientupdate.Updater will have a non-nil Update func in a few cases
where it doesn't actually perform an update:
* on Arch-like distros, where it prints instructions on how to update
* on macOS app store version, where it opens the app store page
Add a new clientupdate.Arguments field to cause NewUpdater to fail when
we hit one of these cases. This results in c2n updates being "not
supported" and `tailscale set --auto-update` returning an error.
Updates #755
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
When updating via c2n, `tailscale.exe update` runs from `tailscaled.exe`
which runs as SYSTEM. The MSI installer does not start the GUI when
running as SYSTEM. This results in Tailscale just existing on
auto-update, which is ungood.
Instead, always ask the MSI installer to not launch the GUI (via
`TS_NOLAUNCH` argument) and launch it manually with a token from the
current logged in user. The token code was borrowed from
https://github.com/tailscale/tailscale/blob/d9081d6ba201e19a4f9fc341511a6e105bdbb85f/net/dns/wsl_windows.go#L207-L232
Also, make some logging changes so that these issues are easier to debug
in the future.
Updates #755
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
In the sandboxed app from the app store, we cannot check
`/Library/Preferences/com.apple.commerce.plist` or run `softwareupdate`.
We can at most print a helpful message and open the app store page.
Also, reenable macsys update function to mark it as supporting c2n
updates. macsys support in `tailscale update` was fixed.
Updates #755
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Two bug fixes:
1. when tailscale update is executed as root, `os.UserCacheDir` may
return an error because `$XDG_CACHE_HOME` and `$HOME` are not set;
fallback to `os.TempDir` in those cases
2. on some weird distros (like my EndeavourOS), `/usr/sbin` is just a
symlink to `/usr/bin`; when we resolve `tailscale` binary path from
`tailscaled`, allow `tailscaled` to be in either directory
Updates #755
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
The Sparkle-based update is not quite working yet. Make `NewUpdater`
return `ErrUnsupported` for it to avoid the proliferation of exceptions
up the stack.
Updates #755
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Updates tailscale/corp#15179
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
This is only relevant for unstable releases and local builds. When local
version is newer than upstream, abort release.
Also, re-add missing newlines in output that were missed in
https://github.com/tailscale/tailscale/pull/9694.
Updates #cleanup
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
In case cli.Stdout/Stderr get overriden, all CLI output should use them
instead of os.Stdout/Stderr. Update the `update` command to follow this
pattern.
Updates #cleanup
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Updates #cleanup
Change-Id: I7dbf8a02de22fc6b317ab5e29cc97792dd75352c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
|
|
DSM6 does not automatically restart packages on install, we have to do
it explicitly.
Also, DSM6 has a filter for publishers in Package Center. Make the error
message more helpful when update fails because of this filter not
allowing our package.
Fixes #9361
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Log some progress info to make updates more debuggable. Also, track
whether an active update is already started and return an error if
a concurrent update is attempted.
Some planned future PRs:
* add JSON output to `tailscale update`
* use JSON output from `tailscale update` to provide a more detailed
status of in-progress update (stage, download progress, etc)
Updates #6907
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Co-authored-by: Andrew Lytvynov <awly@tailscale.com>
Signed-off-by: Aaron Klotz <aaron@tailscale.com>
|
|
located on disk
Our build system caches files locally and only updates them when something
changes. Since I need to integrate some distsign stuff into the build system
to validate our Windows 7 MSIs, I want to be able to check the cached copy
of a package before downloading a fresh copy from pkgs.
If the signature changes, then obviously the local copy is outdated and we
return an error, at which point we call Download to refresh the package.
Updates https://github.com/tailscale/corp/issues/14334
Signed-off-by: Aaron Klotz <aaron@tailscale.com>
|
|
errors
Replace %w verb with %v verb when logging errors.
Use %w only for wrapping errors with fmt.Errorf()
Fixes: #9213
Signed-off-by: Craig Rodrigues <rodrigc@crodrigues.org>
|
