ipn{,/localapi,ipnlocal}: infer cert dir from state file location

This fixes "tailscale cert" on Synology where the var directory is typically like /volume2/@appdata/Tailscale, or any other tailscaled user who specifies a non-standard state file location. This is a interim fix on the way to #2932. Fixes #2927 Updates #2932 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2021-09-27 13:31:40 -07:00
parent 29fa8c17d2
commit 3b3994f0db
3 changed files with 25 additions and 8 deletions
--- a/ipn/localapi/cert.go
+++ b/ipn/localapi/cert.go
@@ -36,7 +36,6 @@ import (

 	"golang.org/x/crypto/acme"
 	"tailscale.com/ipn/ipnstate"
-	"tailscale.com/paths"
 	"tailscale.com/types/logger"
 )

@@ -53,11 +52,11 @@ var (
 )

 func (h *Handler) certDir() (string, error) {
-	base := paths.DefaultTailscaledStateFile()
-	if base == "" {
-		return "", errors.New("no default DefaultTailscaledStateFile")
+	d := h.b.TailscaleVarRoot()
+	if d == "" {
+		return "", errors.New("no TailscaleVarRoot")
 	}
-	full := filepath.Join(filepath.Dir(base), "certs")
+	full := filepath.Join(d, "certs")
 	if err := os.MkdirAll(full, 0700); err != nil {
 		return "", err
 	}