ipn/ipnlocal: stop sending machine key to frontends

We were going to remove this in Tailscale 1.3 but forgot. This means Tailscale 1.8 users won't be able to downgrade to Tailscale 1.0, but that's fine. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-03-14 01:11:01 +00:00 · 2021-03-31 15:48:27 -07:00 · 2021-03-31 15:48:27 -07:00 · 1f583a895e
commit 1f583a895e
parent 1c98c5f103
1 changed files with 0 additions and 39 deletions
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@ -396,11 +396,6 @@ func (b *LocalBackend) setClientStatus(st controlclient.Status) {
 			b.prefs.Persist = st.Persist.Clone()
 		}
 	}
-	if temporarilySetMachineKeyInPersist() && b.prefs.Persist != nil &&
-		b.prefs.Persist.LegacyFrontendPrivateMachineKey.IsZero() {
-		b.prefs.Persist.LegacyFrontendPrivateMachineKey = b.machinePrivKey
-		prefsChanged = true
-	}
 	if st.NetMap != nil {
 		if b.findExitNodeIDLocked(st.NetMap) {
 			prefsChanged = true
@ -665,12 +660,6 @@ func (b *LocalBackend) Start(opts ipn.Options) error {

 	b.mu.Lock()
 	prefs := b.prefs.Clone()
-
-	if temporarilySetMachineKeyInPersist() && prefs.Persist != nil &&
-		prefs.Persist.LegacyFrontendPrivateMachineKey.IsZero() {
-		prefs.Persist.LegacyFrontendPrivateMachineKey = b.machinePrivKey
-	}
-
 	b.mu.Unlock()

 	blid := b.backendLogID
@ -970,17 +959,6 @@ func (b *LocalBackend) popBrowserAuthNow() {
 // b.stateKey should be set too, but just for nicer log messages.
 // b.mu must be held.
 func (b *LocalBackend) initMachineKeyLocked() (err error) {
-	if temporarilySetMachineKeyInPersist() {
-		defer func() {
-			if err != nil {
-				return
-			}
-			if b.prefs != nil && b.prefs.Persist != nil {
-				b.prefs.Persist.LegacyFrontendPrivateMachineKey = b.machinePrivKey
-			}
-		}()
-	}
-
 	if !b.machinePrivKey.IsZero() {
 		// Already set.
 		return nil
@ -1991,23 +1969,6 @@ func (b *LocalBackend) TestOnlyPublicKeys() (machineKey tailcfg.MachineKey, node
 	return tailcfg.MachineKey(mk), tailcfg.NodeKey(nk)
 }

-// temporarilySetMachineKeyInPersist reports whether we should set
-// the machine key in Prefs.Persist.LegacyFrontendPrivateMachineKey
-// for the frontend to write out to its preferences for use later.
-//
-// TODO: remove this in Tailscale 1.3.x (so it effectively always
-// returns false). It just exists so users can downgrade from 1.2.x to
-// 1.0.x.  But eventually we want to stop sending the machine key to
-// clients. We can't do that until 1.0.x is no longer supported.
-func temporarilySetMachineKeyInPersist() bool {
-	switch runtime.GOOS {
-	case "darwin", "ios", "android":
-		// iOS, macOS, Android users can't downgrade anyway.
-		return false
-	}
-	return true
-}
-
 func (b *LocalBackend) WaitingFiles() ([]WaitingFile, error) {
 	b.mu.Lock()
 	apiSrv := b.peerAPIServer