all: store NL keys per profile

This moves the NetworkLock key from a dedicated StateKey to be part of the persist.Persist struct. This struct is stored as part for ipn.Prefs and is also the place where we store the NodeKey. It also moves the ChonkDir from "/tka" to "/tka-profile/<profile-id>". The rename was intentional to be able to delete the "/tka" dir if it exists. This means that we will have a unique key per profile, and a unique directory per profile. Note: `tailscale logout` will delete the entire profile, including any keys. It currently does not delete the ChonkDir. Signed-off-by: Maisem Ali <maisem@tailscale.com>
2025-08-14 23:17:29 +00:00 · 2022-11-14 17:29:49 +05:00
parent 751f866f01
commit 235309adc4
13 changed files with 198 additions and 167 deletions
--- a/cmd/tailscale/cli/network-lock.go
+++ b/cmd/tailscale/cli/network-lock.go
@@ -93,12 +93,14 @@ func runNetworkLockStatus(ctx context.Context, args []string) error {
 		fmt.Println()
 	}

-	p, err := st.PublicKey.MarshalText()
-	if err != nil {
-		return err
+	if !st.PublicKey.IsZero() {
+		p, err := st.PublicKey.MarshalText()
+		if err != nil {
+			return err
+		}
+		fmt.Printf("This node's public-key: %s\n", p)
+		fmt.Println()
 	}
-	fmt.Printf("This node's public-key: %s\n", p)
-	fmt.Println()

 	if st.Enabled && len(st.TrustedKeys) > 0 {
 		fmt.Println("Keys trusted to make changes to network-lock:")