TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-06-30 12:08:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/tailscale: warn user about nllock key removal without resigning

Browse Source 
Fixes #19445

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2025-06-19 11:32:54 +02:00 committed by Kristoffer Dalby
parent 9309760263
commit 0198255266
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cmd/tailscale/cli/network-lock.go
View File

@ -17,12 +17,14 @@ import (
"strings" "strings"
"time" "time"
"github.com/mattn/go-isatty"
"github.com/peterbourgon/ff/v3/ffcli" "github.com/peterbourgon/ff/v3/ffcli"
"tailscale.com/ipn/ipnstate" "tailscale.com/ipn/ipnstate"
"tailscale.com/tka" "tailscale.com/tka"
"tailscale.com/tsconst" "tailscale.com/tsconst"
"tailscale.com/types/key" "tailscale.com/types/key"
"tailscale.com/types/tkatype" "tailscale.com/types/tkatype"
"tailscale.com/util/prompt"
) )
var netlockCmd = &ffcli.Command{ var netlockCmd = &ffcli.Command{
@ -369,6 +371,18 @@ func runNetworkLockRemove(ctx context.Context, args []string) error {
} }
} }
} }
} else {
if isatty.IsTerminal(os.Stdout.Fd()) {
fmt.Printf(`Warning
Removal of a signing key(s) without resigning nodes (--re-sign=false)
will cause any nodes signed by the the given key(s) to be locked out
of the Tailscale network. Proceed with caution.
`)
if !prompt.YesNo("Are you sure you want to remove the signing key(s)?") {
fmt.Printf("aborting removal of signing key(s)\n")
os.Exit(0)
}
}
} }
return localClient.NetworkLockModify(ctx, nil, removeKeys) return localClient.NetworkLockModify(ctx, nil, removeKeys)