diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
index 176ee5f02..3ee6287b9 100644
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -33,7 +33,7 @@ jobs:
- name: golangci-lint
uses: golangci/golangci-lint-action@2e788936b09dd82dc280e845628a40d2ba6b204c # v6.3.1
with:
- version: v1.60
+ version: v1.64
# Show only new issues if it's a pull request.
only-new-issues: true
diff --git a/Dockerfile b/Dockerfile
index 4ad3d88d9..32cb92ab0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,7 +27,7 @@
# $ docker exec tailscaled tailscale status
-FROM golang:1.23-alpine AS build-env
+FROM golang:1.24-alpine AS build-env
WORKDIR /go/src/tailscale
diff --git a/cmd/derper/depaware.txt b/cmd/derper/depaware.txt
index e9df49b72..1812a1a8d 100644
--- a/cmd/derper/depaware.txt
+++ b/cmd/derper/depaware.txt
@@ -191,13 +191,11 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
golang.org/x/crypto/cryptobyte from crypto/ecdsa+
golang.org/x/crypto/cryptobyte/asn1 from crypto/ecdsa+
golang.org/x/crypto/curve25519 from golang.org/x/crypto/nacl/box+
- golang.org/x/crypto/hkdf from crypto/tls+
golang.org/x/crypto/internal/alias from golang.org/x/crypto/chacha20+
golang.org/x/crypto/internal/poly1305 from golang.org/x/crypto/chacha20poly1305+
golang.org/x/crypto/nacl/box from tailscale.com/types/key
golang.org/x/crypto/nacl/secretbox from golang.org/x/crypto/nacl/box
golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+
- golang.org/x/crypto/sha3 from crypto/internal/mlkem768+
W golang.org/x/exp/constraints from tailscale.com/util/winutil
golang.org/x/exp/maps from tailscale.com/util/syspolicy/setting+
L golang.org/x/net/bpf from github.com/mdlayher/netlink+
@@ -230,7 +228,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
container/list from crypto/tls+
context from crypto/tls+
crypto from crypto/ecdh+
- crypto/aes from crypto/ecdsa+
+ crypto/aes from crypto/internal/hpke+
crypto/cipher from crypto/aes+
crypto/des from crypto/tls+
crypto/dsa from crypto/x509
@@ -239,31 +237,58 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
crypto/ed25519 from crypto/tls+
crypto/elliptic from crypto/ecdsa+
crypto/hmac from crypto/tls+
- crypto/internal/alias from crypto/aes+
- crypto/internal/bigmod from crypto/ecdsa+
crypto/internal/boring from crypto/aes+
crypto/internal/boring/bbig from crypto/ecdsa+
crypto/internal/boring/sig from crypto/internal/boring
- crypto/internal/edwards25519 from crypto/ed25519
- crypto/internal/edwards25519/field from crypto/ecdh+
+ crypto/internal/entropy from crypto/internal/fips140/drbg
+ crypto/internal/fips140 from crypto/internal/fips140/aes+
+ crypto/internal/fips140/aes from crypto/aes+
+ crypto/internal/fips140/aes/gcm from crypto/cipher+
+ crypto/internal/fips140/alias from crypto/cipher+
+ crypto/internal/fips140/bigmod from crypto/internal/fips140/ecdsa+
+ crypto/internal/fips140/check from crypto/internal/fips140/aes+
+ crypto/internal/fips140/drbg from crypto/internal/fips140/aes/gcm+
+ crypto/internal/fips140/ecdh from crypto/ecdh
+ crypto/internal/fips140/ecdsa from crypto/ecdsa
+ crypto/internal/fips140/ed25519 from crypto/ed25519
+ crypto/internal/fips140/edwards25519 from crypto/internal/fips140/ed25519
+ crypto/internal/fips140/edwards25519/field from crypto/ecdh+
+ crypto/internal/fips140/hkdf from crypto/internal/fips140/tls13+
+ crypto/internal/fips140/hmac from crypto/hmac+
+ crypto/internal/fips140/mlkem from crypto/tls
+ crypto/internal/fips140/nistec from crypto/elliptic+
+ crypto/internal/fips140/nistec/fiat from crypto/internal/fips140/nistec
+ crypto/internal/fips140/rsa from crypto/rsa
+ crypto/internal/fips140/sha256 from crypto/internal/fips140/check+
+ crypto/internal/fips140/sha3 from crypto/internal/fips140/hmac+
+ crypto/internal/fips140/sha512 from crypto/internal/fips140/ecdsa+
+ crypto/internal/fips140/subtle from crypto/internal/fips140/aes+
+ crypto/internal/fips140/tls12 from crypto/tls
+ crypto/internal/fips140/tls13 from crypto/tls
+ crypto/internal/fips140deps/byteorder from crypto/internal/fips140/aes+
+ crypto/internal/fips140deps/cpu from crypto/internal/fips140/aes+
+ crypto/internal/fips140deps/godebug from crypto/internal/fips140+
+ crypto/internal/fips140hash from crypto/ecdsa+
+ crypto/internal/fips140only from crypto/cipher+
crypto/internal/hpke from crypto/tls
- crypto/internal/mlkem768 from crypto/tls
- crypto/internal/nistec from crypto/ecdh+
- crypto/internal/nistec/fiat from crypto/internal/nistec
+ crypto/internal/impl from crypto/internal/fips140/aes+
crypto/internal/randutil from crypto/dsa+
+ crypto/internal/sysrand from crypto/internal/entropy+
crypto/md5 from crypto/tls+
crypto/rand from crypto/ed25519+
crypto/rc4 from crypto/tls
crypto/rsa from crypto/tls+
crypto/sha1 from crypto/tls+
crypto/sha256 from crypto/tls+
+ crypto/sha3 from crypto/internal/fips140hash
crypto/sha512 from crypto/ecdsa+
- crypto/subtle from crypto/aes+
+ crypto/subtle from crypto/cipher+
crypto/tls from golang.org/x/crypto/acme+
+ crypto/tls/internal/fips140tls from crypto/tls
crypto/x509 from crypto/tls+
D crypto/x509/internal/macos from crypto/x509
crypto/x509/pkix from crypto/x509+
- embed from crypto/internal/nistec+
+ embed from google.golang.org/protobuf/internal/editiondefaults+
encoding from encoding/json+
encoding/asn1 from crypto/x509+
encoding/base32 from github.com/fxamacker/cbor/v2+
@@ -284,23 +309,22 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
html from net/http/pprof+
html/template from tailscale.com/cmd/derper
internal/abi from crypto/x509/internal/macos+
- internal/asan from syscall
+ internal/asan from syscall+
internal/bisect from internal/godebug
internal/bytealg from bytes+
- internal/byteorder from crypto/aes+
+ internal/byteorder from crypto/cipher+
internal/chacha8rand from math/rand/v2+
- internal/concurrent from unique
internal/coverage/rtcov from runtime
- internal/cpu from crypto/aes+
+ internal/cpu from crypto/internal/fips140deps/cpu+
internal/filepathlite from os+
internal/fmtsort from fmt+
- internal/goarch from crypto/aes+
+ internal/goarch from crypto/internal/fips140deps/cpu+
internal/godebug from crypto/tls+
internal/godebugs from internal/godebug+
- internal/goexperiment from runtime
+ internal/goexperiment from runtime+
internal/goos from crypto/x509+
internal/itoa from internal/poll+
- internal/msan from syscall
+ internal/msan from syscall+
internal/nettrace from net+
internal/oserror from io/fs+
internal/poll from net+
@@ -310,17 +334,20 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
internal/reflectlite from context+
internal/runtime/atomic from internal/runtime/exithook+
internal/runtime/exithook from runtime
+ internal/runtime/maps from reflect+
+ internal/runtime/math from internal/runtime/maps+
+ internal/runtime/sys from crypto/subtle+
L internal/runtime/syscall from runtime+
internal/singleflight from net
internal/stringslite from embed+
+ internal/sync from sync+
internal/syscall/execenv from os+
- LD internal/syscall/unix from crypto/rand+
- W internal/syscall/windows from crypto/rand+
+ LD internal/syscall/unix from crypto/internal/sysrand+
+ W internal/syscall/windows from crypto/internal/sysrand+
W internal/syscall/windows/registry from mime+
W internal/syscall/windows/sysdll from internal/syscall/windows+
internal/testlog from os
internal/unsafeheader from internal/reflectlite+
- internal/weak from unique
io from bufio+
io/fs from crypto/x509+
L io/ioutil from github.com/mitchellh/go-ps+
@@ -332,7 +359,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
math/big from crypto/dsa+
math/bits from compress/flate+
math/rand from github.com/mdlayher/netlink+
- math/rand/v2 from internal/concurrent+
+ math/rand/v2 from crypto/ecdsa+
mime from github.com/prometheus/common/expfmt+
mime/multipart from net/http
mime/quotedprintable from mime/multipart
@@ -345,7 +372,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
net/netip from go4.org/netipx+
net/textproto from golang.org/x/net/http/httpguts+
net/url from crypto/x509+
- os from crypto/rand+
+ os from crypto/internal/sysrand+
os/exec from github.com/coreos/go-iptables/iptables+
os/signal from tailscale.com/cmd/derper
W os/user from tailscale.com/util/winutil+
@@ -354,10 +381,8 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
reflect from crypto/x509+
regexp from github.com/coreos/go-iptables/iptables+
regexp/syntax from regexp
- runtime from crypto/internal/nistec+
+ runtime from crypto/internal/fips140+
runtime/debug from github.com/prometheus/client_golang/prometheus+
- runtime/internal/math from runtime
- runtime/internal/sys from runtime
runtime/metrics from github.com/prometheus/client_golang/prometheus+
runtime/pprof from net/http/pprof
runtime/trace from net/http/pprof
@@ -367,7 +392,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
strings from bufio+
sync from compress/flate+
sync/atomic from context+
- syscall from crypto/rand+
+ syscall from crypto/internal/sysrand+
text/tabwriter from runtime/pprof
text/template from html/template
text/template/parse from html/template+
@@ -377,3 +402,4 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
unicode/utf8 from bufio+
unique from net/netip
unsafe from bytes+
+ weak from unique
diff --git a/cmd/k8s-operator/depaware.txt b/cmd/k8s-operator/depaware.txt
index 520595bf6..54d9bd248 100644
--- a/cmd/k8s-operator/depaware.txt
+++ b/cmd/k8s-operator/depaware.txt
@@ -997,14 +997,13 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
golang.org/x/crypto/cryptobyte from crypto/ecdsa+
golang.org/x/crypto/cryptobyte/asn1 from crypto/ecdsa+
golang.org/x/crypto/curve25519 from golang.org/x/crypto/ssh+
- golang.org/x/crypto/hkdf from crypto/tls+
+ golang.org/x/crypto/hkdf from tailscale.com/control/controlbase
golang.org/x/crypto/internal/alias from golang.org/x/crypto/chacha20+
golang.org/x/crypto/internal/poly1305 from golang.org/x/crypto/chacha20poly1305+
golang.org/x/crypto/nacl/box from tailscale.com/types/key
golang.org/x/crypto/nacl/secretbox from golang.org/x/crypto/nacl/box
golang.org/x/crypto/poly1305 from github.com/tailscale/wireguard-go/device
golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+
- golang.org/x/crypto/sha3 from crypto/internal/mlkem768+
LD golang.org/x/crypto/ssh from tailscale.com/ipn/ipnlocal
LD golang.org/x/crypto/ssh/internal/bcrypt_pbkdf from golang.org/x/crypto/ssh
golang.org/x/exp/constraints from github.com/dblohm7/wingoes/pe+
@@ -1055,7 +1054,7 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
container/list from crypto/tls+
context from crypto/tls+
crypto from crypto/ecdh+
- crypto/aes from crypto/ecdsa+
+ crypto/aes from crypto/internal/hpke+
crypto/cipher from crypto/aes+
crypto/des from crypto/tls+
crypto/dsa from crypto/x509+
@@ -1064,27 +1063,54 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
crypto/ed25519 from crypto/tls+
crypto/elliptic from crypto/ecdsa+
crypto/hmac from crypto/tls+
- crypto/internal/alias from crypto/aes+
- crypto/internal/bigmod from crypto/ecdsa+
crypto/internal/boring from crypto/aes+
crypto/internal/boring/bbig from crypto/ecdsa+
crypto/internal/boring/sig from crypto/internal/boring
- crypto/internal/edwards25519 from crypto/ed25519
- crypto/internal/edwards25519/field from crypto/ecdh+
+ crypto/internal/entropy from crypto/internal/fips140/drbg
+ crypto/internal/fips140 from crypto/internal/fips140/aes+
+ crypto/internal/fips140/aes from crypto/aes+
+ crypto/internal/fips140/aes/gcm from crypto/cipher+
+ crypto/internal/fips140/alias from crypto/cipher+
+ crypto/internal/fips140/bigmod from crypto/internal/fips140/ecdsa+
+ crypto/internal/fips140/check from crypto/internal/fips140/aes+
+ crypto/internal/fips140/drbg from crypto/internal/fips140/aes/gcm+
+ crypto/internal/fips140/ecdh from crypto/ecdh
+ crypto/internal/fips140/ecdsa from crypto/ecdsa
+ crypto/internal/fips140/ed25519 from crypto/ed25519
+ crypto/internal/fips140/edwards25519 from crypto/internal/fips140/ed25519
+ crypto/internal/fips140/edwards25519/field from crypto/ecdh+
+ crypto/internal/fips140/hkdf from crypto/internal/fips140/tls13+
+ crypto/internal/fips140/hmac from crypto/hmac+
+ crypto/internal/fips140/mlkem from crypto/tls
+ crypto/internal/fips140/nistec from crypto/elliptic+
+ crypto/internal/fips140/nistec/fiat from crypto/internal/fips140/nistec
+ crypto/internal/fips140/rsa from crypto/rsa
+ crypto/internal/fips140/sha256 from crypto/internal/fips140/check+
+ crypto/internal/fips140/sha3 from crypto/internal/fips140/hmac+
+ crypto/internal/fips140/sha512 from crypto/internal/fips140/ecdsa+
+ crypto/internal/fips140/subtle from crypto/internal/fips140/aes+
+ crypto/internal/fips140/tls12 from crypto/tls
+ crypto/internal/fips140/tls13 from crypto/tls
+ crypto/internal/fips140deps/byteorder from crypto/internal/fips140/aes+
+ crypto/internal/fips140deps/cpu from crypto/internal/fips140/aes+
+ crypto/internal/fips140deps/godebug from crypto/internal/fips140+
+ crypto/internal/fips140hash from crypto/ecdsa+
+ crypto/internal/fips140only from crypto/cipher+
crypto/internal/hpke from crypto/tls
- crypto/internal/mlkem768 from crypto/tls
- crypto/internal/nistec from crypto/ecdh+
- crypto/internal/nistec/fiat from crypto/internal/nistec
+ crypto/internal/impl from crypto/internal/fips140/aes+
crypto/internal/randutil from crypto/dsa+
+ crypto/internal/sysrand from crypto/internal/entropy+
crypto/md5 from crypto/tls+
crypto/rand from crypto/ed25519+
crypto/rc4 from crypto/tls+
crypto/rsa from crypto/tls+
crypto/sha1 from crypto/tls+
crypto/sha256 from crypto/tls+
+ crypto/sha3 from crypto/internal/fips140hash
crypto/sha512 from crypto/ecdsa+
- crypto/subtle from crypto/aes+
+ crypto/subtle from crypto/cipher+
crypto/tls from github.com/aws/aws-sdk-go-v2/aws/transport/http+
+ crypto/tls/internal/fips140tls from crypto/tls
crypto/x509 from crypto/tls+
D crypto/x509/internal/macos from crypto/x509
crypto/x509/pkix from crypto/x509+
@@ -1092,7 +1118,7 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
database/sql/driver from database/sql+
W debug/dwarf from debug/pe
W debug/pe from github.com/dblohm7/wingoes/pe
- embed from crypto/internal/nistec+
+ embed from github.com/tailscale/web-client-prebuilt+
encoding from encoding/gob+
encoding/asn1 from crypto/x509+
encoding/base32 from github.com/fxamacker/cbor/v2+
@@ -1112,7 +1138,6 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
go/build/constraint from go/parser
go/doc from k8s.io/apimachinery/pkg/runtime
go/doc/comment from go/doc
- go/internal/typeparams from go/parser
go/parser from k8s.io/apimachinery/pkg/runtime
go/scanner from go/ast+
go/token from go/ast+
@@ -1124,24 +1149,23 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
html from html/template+
html/template from github.com/gorilla/csrf
internal/abi from crypto/x509/internal/macos+
- internal/asan from syscall
+ internal/asan from syscall+
internal/bisect from internal/godebug
internal/bytealg from bytes+
- internal/byteorder from crypto/aes+
+ internal/byteorder from crypto/cipher+
internal/chacha8rand from math/rand/v2+
- internal/concurrent from unique
internal/coverage/rtcov from runtime
- internal/cpu from crypto/aes+
+ internal/cpu from crypto/internal/fips140deps/cpu+
internal/filepathlite from os+
internal/fmtsort from fmt+
- internal/goarch from crypto/aes+
+ internal/goarch from crypto/internal/fips140deps/cpu+
internal/godebug from archive/tar+
internal/godebugs from internal/godebug+
- internal/goexperiment from runtime
+ internal/goexperiment from runtime+
internal/goos from crypto/x509+
internal/itoa from internal/poll+
internal/lazyregexp from go/doc
- internal/msan from syscall
+ internal/msan from syscall+
internal/nettrace from net+
internal/oserror from io/fs+
internal/poll from net+
@@ -1151,18 +1175,21 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
internal/reflectlite from context+
internal/runtime/atomic from internal/runtime/exithook+
internal/runtime/exithook from runtime
+ internal/runtime/maps from reflect+
+ internal/runtime/math from internal/runtime/maps+
+ internal/runtime/sys from crypto/subtle+
L internal/runtime/syscall from runtime+
internal/saferio from debug/pe+
internal/singleflight from net
internal/stringslite from embed+
+ internal/sync from sync+
internal/syscall/execenv from os+
- LD internal/syscall/unix from crypto/rand+
- W internal/syscall/windows from crypto/rand+
+ LD internal/syscall/unix from crypto/internal/sysrand+
+ W internal/syscall/windows from crypto/internal/sysrand+
W internal/syscall/windows/registry from mime+
W internal/syscall/windows/sysdll from internal/syscall/windows+
internal/testlog from os
internal/unsafeheader from internal/reflectlite+
- internal/weak from unique
io from archive/tar+
io/fs from archive/tar+
io/ioutil from github.com/aws/aws-sdk-go-v2/aws/protocol/query+
@@ -1191,7 +1218,7 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
net/netip from github.com/gaissmai/bart+
net/textproto from github.com/aws/aws-sdk-go-v2/aws/signer/v4+
net/url from crypto/x509+
- os from crypto/rand+
+ os from crypto/internal/sysrand+
os/exec from github.com/aws/aws-sdk-go-v2/credentials/processcreds+
os/signal from sigs.k8s.io/controller-runtime/pkg/manager/signals
os/user from archive/tar+
@@ -1202,8 +1229,6 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
regexp/syntax from regexp
runtime from archive/tar+
runtime/debug from github.com/aws/aws-sdk-go-v2/internal/sync/singleflight+
- runtime/internal/math from runtime
- runtime/internal/sys from runtime
runtime/metrics from github.com/prometheus/client_golang/prometheus+
runtime/pprof from net/http/pprof+
runtime/trace from net/http/pprof
@@ -1223,3 +1248,4 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
unicode/utf8 from bufio+
unique from net/netip
unsafe from bytes+
+ weak from unique
diff --git a/cmd/stund/depaware.txt b/cmd/stund/depaware.txt
index c553b9be5..1d0a093c4 100644
--- a/cmd/stund/depaware.txt
+++ b/cmd/stund/depaware.txt
@@ -88,13 +88,11 @@ tailscale.com/cmd/stund dependencies: (generated by github.com/tailscale/depawar
golang.org/x/crypto/cryptobyte from crypto/ecdsa+
golang.org/x/crypto/cryptobyte/asn1 from crypto/ecdsa+
golang.org/x/crypto/curve25519 from golang.org/x/crypto/nacl/box+
- golang.org/x/crypto/hkdf from crypto/tls+
golang.org/x/crypto/internal/alias from golang.org/x/crypto/chacha20+
golang.org/x/crypto/internal/poly1305 from golang.org/x/crypto/chacha20poly1305+
golang.org/x/crypto/nacl/box from tailscale.com/types/key
golang.org/x/crypto/nacl/secretbox from golang.org/x/crypto/nacl/box
golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+
- golang.org/x/crypto/sha3 from crypto/internal/mlkem768+
golang.org/x/net/dns/dnsmessage from net+
golang.org/x/net/http/httpguts from net/http
golang.org/x/net/http/httpproxy from net/http
@@ -116,7 +114,7 @@ tailscale.com/cmd/stund dependencies: (generated by github.com/tailscale/depawar
container/list from crypto/tls+
context from crypto/tls+
crypto from crypto/ecdh+
- crypto/aes from crypto/ecdsa+
+ crypto/aes from crypto/internal/hpke+
crypto/cipher from crypto/aes+
crypto/des from crypto/tls+
crypto/dsa from crypto/x509
@@ -124,32 +122,59 @@ tailscale.com/cmd/stund dependencies: (generated by github.com/tailscale/depawar
crypto/ecdsa from crypto/tls+
crypto/ed25519 from crypto/tls+
crypto/elliptic from crypto/ecdsa+
- crypto/hmac from crypto/tls+
- crypto/internal/alias from crypto/aes+
- crypto/internal/bigmod from crypto/ecdsa+
+ crypto/hmac from crypto/tls
crypto/internal/boring from crypto/aes+
crypto/internal/boring/bbig from crypto/ecdsa+
crypto/internal/boring/sig from crypto/internal/boring
- crypto/internal/edwards25519 from crypto/ed25519
- crypto/internal/edwards25519/field from crypto/ecdh+
+ crypto/internal/entropy from crypto/internal/fips140/drbg
+ crypto/internal/fips140 from crypto/internal/fips140/aes+
+ crypto/internal/fips140/aes from crypto/aes+
+ crypto/internal/fips140/aes/gcm from crypto/cipher+
+ crypto/internal/fips140/alias from crypto/cipher+
+ crypto/internal/fips140/bigmod from crypto/internal/fips140/ecdsa+
+ crypto/internal/fips140/check from crypto/internal/fips140/aes+
+ crypto/internal/fips140/drbg from crypto/internal/fips140/aes/gcm+
+ crypto/internal/fips140/ecdh from crypto/ecdh
+ crypto/internal/fips140/ecdsa from crypto/ecdsa
+ crypto/internal/fips140/ed25519 from crypto/ed25519
+ crypto/internal/fips140/edwards25519 from crypto/internal/fips140/ed25519
+ crypto/internal/fips140/edwards25519/field from crypto/ecdh+
+ crypto/internal/fips140/hkdf from crypto/internal/fips140/tls13+
+ crypto/internal/fips140/hmac from crypto/hmac+
+ crypto/internal/fips140/mlkem from crypto/tls
+ crypto/internal/fips140/nistec from crypto/elliptic+
+ crypto/internal/fips140/nistec/fiat from crypto/internal/fips140/nistec
+ crypto/internal/fips140/rsa from crypto/rsa
+ crypto/internal/fips140/sha256 from crypto/internal/fips140/check+
+ crypto/internal/fips140/sha3 from crypto/internal/fips140/hmac+
+ crypto/internal/fips140/sha512 from crypto/internal/fips140/ecdsa+
+ crypto/internal/fips140/subtle from crypto/internal/fips140/aes+
+ crypto/internal/fips140/tls12 from crypto/tls
+ crypto/internal/fips140/tls13 from crypto/tls
+ crypto/internal/fips140deps/byteorder from crypto/internal/fips140/aes+
+ crypto/internal/fips140deps/cpu from crypto/internal/fips140/aes+
+ crypto/internal/fips140deps/godebug from crypto/internal/fips140+
+ crypto/internal/fips140hash from crypto/ecdsa+
+ crypto/internal/fips140only from crypto/cipher+
crypto/internal/hpke from crypto/tls
- crypto/internal/mlkem768 from crypto/tls
- crypto/internal/nistec from crypto/ecdh+
- crypto/internal/nistec/fiat from crypto/internal/nistec
+ crypto/internal/impl from crypto/internal/fips140/aes+
crypto/internal/randutil from crypto/dsa+
+ crypto/internal/sysrand from crypto/internal/entropy+
crypto/md5 from crypto/tls+
crypto/rand from crypto/ed25519+
crypto/rc4 from crypto/tls
crypto/rsa from crypto/tls+
crypto/sha1 from crypto/tls+
crypto/sha256 from crypto/tls+
+ crypto/sha3 from crypto/internal/fips140hash
crypto/sha512 from crypto/ecdsa+
- crypto/subtle from crypto/aes+
+ crypto/subtle from crypto/cipher+
crypto/tls from net/http+
+ crypto/tls/internal/fips140tls from crypto/tls
crypto/x509 from crypto/tls
D crypto/x509/internal/macos from crypto/x509
crypto/x509/pkix from crypto/x509
- embed from crypto/internal/nistec+
+ embed from google.golang.org/protobuf/internal/editiondefaults+
encoding from encoding/json+
encoding/asn1 from crypto/x509+
encoding/base32 from github.com/go-json-experiment/json
@@ -169,23 +194,22 @@ tailscale.com/cmd/stund dependencies: (generated by github.com/tailscale/depawar
hash/maphash from go4.org/mem
html from net/http/pprof+
internal/abi from crypto/x509/internal/macos+
- internal/asan from syscall
+ internal/asan from syscall+
internal/bisect from internal/godebug
internal/bytealg from bytes+
- internal/byteorder from crypto/aes+
+ internal/byteorder from crypto/cipher+
internal/chacha8rand from math/rand/v2+
- internal/concurrent from unique
internal/coverage/rtcov from runtime
- internal/cpu from crypto/aes+
+ internal/cpu from crypto/internal/fips140deps/cpu+
internal/filepathlite from os+
internal/fmtsort from fmt
- internal/goarch from crypto/aes+
+ internal/goarch from crypto/internal/fips140deps/cpu+
internal/godebug from crypto/tls+
internal/godebugs from internal/godebug+
- internal/goexperiment from runtime
+ internal/goexperiment from runtime+
internal/goos from crypto/x509+
internal/itoa from internal/poll+
- internal/msan from syscall
+ internal/msan from syscall+
internal/nettrace from net+
internal/oserror from io/fs+
internal/poll from net+
@@ -195,17 +219,20 @@ tailscale.com/cmd/stund dependencies: (generated by github.com/tailscale/depawar
internal/reflectlite from context+
internal/runtime/atomic from internal/runtime/exithook+
internal/runtime/exithook from runtime
+ internal/runtime/maps from reflect+
+ internal/runtime/math from internal/runtime/maps+
+ internal/runtime/sys from crypto/subtle+
L internal/runtime/syscall from runtime+
internal/singleflight from net
internal/stringslite from embed+
+ internal/sync from sync+
internal/syscall/execenv from os
- LD internal/syscall/unix from crypto/rand+
- W internal/syscall/windows from crypto/rand+
+ LD internal/syscall/unix from crypto/internal/sysrand+
+ W internal/syscall/windows from crypto/internal/sysrand+
W internal/syscall/windows/registry from mime+
W internal/syscall/windows/sysdll from internal/syscall/windows+
internal/testlog from os
internal/unsafeheader from internal/reflectlite+
- internal/weak from unique
io from bufio+
io/fs from crypto/x509+
iter from maps+
@@ -216,7 +243,7 @@ tailscale.com/cmd/stund dependencies: (generated by github.com/tailscale/depawar
math/big from crypto/dsa+
math/bits from compress/flate+
math/rand from math/big+
- math/rand/v2 from internal/concurrent+
+ math/rand/v2 from crypto/ecdsa+
mime from github.com/prometheus/common/expfmt+
mime/multipart from net/http
mime/quotedprintable from mime/multipart
@@ -229,17 +256,15 @@ tailscale.com/cmd/stund dependencies: (generated by github.com/tailscale/depawar
net/netip from go4.org/netipx+
net/textproto from golang.org/x/net/http/httpguts+
net/url from crypto/x509+
- os from crypto/rand+
+ os from crypto/internal/sysrand+
os/signal from tailscale.com/cmd/stund
path from github.com/prometheus/client_golang/prometheus/internal+
path/filepath from crypto/x509+
reflect from crypto/x509+
regexp from github.com/prometheus/client_golang/prometheus/internal+
regexp/syntax from regexp
- runtime from crypto/internal/nistec+
+ runtime from crypto/internal/fips140+
runtime/debug from github.com/prometheus/client_golang/prometheus+
- runtime/internal/math from runtime
- runtime/internal/sys from runtime
runtime/metrics from github.com/prometheus/client_golang/prometheus+
runtime/pprof from net/http/pprof
runtime/trace from net/http/pprof
@@ -249,7 +274,7 @@ tailscale.com/cmd/stund dependencies: (generated by github.com/tailscale/depawar
strings from bufio+
sync from compress/flate+
sync/atomic from context+
- syscall from crypto/rand+
+ syscall from crypto/internal/sysrand+
text/tabwriter from runtime/pprof
time from compress/gzip+
unicode from bytes+
@@ -257,3 +282,4 @@ tailscale.com/cmd/stund dependencies: (generated by github.com/tailscale/depawar
unicode/utf8 from bufio+
unique from net/netip
unsafe from bytes+
+ weak from unique
diff --git a/cmd/tailscale/depaware.txt b/cmd/tailscale/depaware.txt
index 8c972aa69..afe62165c 100644
--- a/cmd/tailscale/depaware.txt
+++ b/cmd/tailscale/depaware.txt
@@ -195,14 +195,13 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
golang.org/x/crypto/cryptobyte from crypto/ecdsa+
golang.org/x/crypto/cryptobyte/asn1 from crypto/ecdsa+
golang.org/x/crypto/curve25519 from golang.org/x/crypto/nacl/box+
- golang.org/x/crypto/hkdf from crypto/tls+
+ golang.org/x/crypto/hkdf from tailscale.com/control/controlbase
golang.org/x/crypto/internal/alias from golang.org/x/crypto/chacha20+
golang.org/x/crypto/internal/poly1305 from golang.org/x/crypto/chacha20poly1305+
golang.org/x/crypto/nacl/box from tailscale.com/types/key
golang.org/x/crypto/nacl/secretbox from golang.org/x/crypto/nacl/box
golang.org/x/crypto/pbkdf2 from software.sslmate.com/src/go-pkcs12
golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+
- golang.org/x/crypto/sha3 from crypto/internal/mlkem768+
W golang.org/x/exp/constraints from github.com/dblohm7/wingoes/pe+
golang.org/x/exp/maps from tailscale.com/util/syspolicy/internal/metrics+
golang.org/x/net/bpf from github.com/mdlayher/netlink+
@@ -246,7 +245,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
container/list from crypto/tls+
context from crypto/tls+
crypto from crypto/ecdh+
- crypto/aes from crypto/ecdsa+
+ crypto/aes from crypto/internal/hpke+
crypto/cipher from crypto/aes+
crypto/des from crypto/tls+
crypto/dsa from crypto/x509
@@ -255,34 +254,61 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
crypto/ed25519 from crypto/tls+
crypto/elliptic from crypto/ecdsa+
crypto/hmac from crypto/tls+
- crypto/internal/alias from crypto/aes+
- crypto/internal/bigmod from crypto/ecdsa+
crypto/internal/boring from crypto/aes+
crypto/internal/boring/bbig from crypto/ecdsa+
crypto/internal/boring/sig from crypto/internal/boring
- crypto/internal/edwards25519 from crypto/ed25519
- crypto/internal/edwards25519/field from crypto/ecdh+
+ crypto/internal/entropy from crypto/internal/fips140/drbg
+ crypto/internal/fips140 from crypto/internal/fips140/aes+
+ crypto/internal/fips140/aes from crypto/aes+
+ crypto/internal/fips140/aes/gcm from crypto/cipher+
+ crypto/internal/fips140/alias from crypto/cipher+
+ crypto/internal/fips140/bigmod from crypto/internal/fips140/ecdsa+
+ crypto/internal/fips140/check from crypto/internal/fips140/aes+
+ crypto/internal/fips140/drbg from crypto/internal/fips140/aes/gcm+
+ crypto/internal/fips140/ecdh from crypto/ecdh
+ crypto/internal/fips140/ecdsa from crypto/ecdsa
+ crypto/internal/fips140/ed25519 from crypto/ed25519
+ crypto/internal/fips140/edwards25519 from crypto/internal/fips140/ed25519
+ crypto/internal/fips140/edwards25519/field from crypto/ecdh+
+ crypto/internal/fips140/hkdf from crypto/internal/fips140/tls13+
+ crypto/internal/fips140/hmac from crypto/hmac+
+ crypto/internal/fips140/mlkem from crypto/tls
+ crypto/internal/fips140/nistec from crypto/elliptic+
+ crypto/internal/fips140/nistec/fiat from crypto/internal/fips140/nistec
+ crypto/internal/fips140/rsa from crypto/rsa
+ crypto/internal/fips140/sha256 from crypto/internal/fips140/check+
+ crypto/internal/fips140/sha3 from crypto/internal/fips140/hmac+
+ crypto/internal/fips140/sha512 from crypto/internal/fips140/ecdsa+
+ crypto/internal/fips140/subtle from crypto/internal/fips140/aes+
+ crypto/internal/fips140/tls12 from crypto/tls
+ crypto/internal/fips140/tls13 from crypto/tls
+ crypto/internal/fips140deps/byteorder from crypto/internal/fips140/aes+
+ crypto/internal/fips140deps/cpu from crypto/internal/fips140/aes+
+ crypto/internal/fips140deps/godebug from crypto/internal/fips140+
+ crypto/internal/fips140hash from crypto/ecdsa+
+ crypto/internal/fips140only from crypto/cipher+
crypto/internal/hpke from crypto/tls
- crypto/internal/mlkem768 from crypto/tls
- crypto/internal/nistec from crypto/ecdh+
- crypto/internal/nistec/fiat from crypto/internal/nistec
+ crypto/internal/impl from crypto/internal/fips140/aes+
crypto/internal/randutil from crypto/dsa+
+ crypto/internal/sysrand from crypto/internal/entropy+
crypto/md5 from crypto/tls+
crypto/rand from crypto/ed25519+
crypto/rc4 from crypto/tls
crypto/rsa from crypto/tls+
crypto/sha1 from crypto/tls+
crypto/sha256 from crypto/tls+
+ crypto/sha3 from crypto/internal/fips140hash
crypto/sha512 from crypto/ecdsa+
- crypto/subtle from crypto/aes+
+ crypto/subtle from crypto/cipher+
crypto/tls from github.com/miekg/dns+
+ crypto/tls/internal/fips140tls from crypto/tls
crypto/x509 from crypto/tls+
D crypto/x509/internal/macos from crypto/x509
crypto/x509/pkix from crypto/x509+
DW database/sql/driver from github.com/google/uuid
W debug/dwarf from debug/pe
W debug/pe from github.com/dblohm7/wingoes/pe
- embed from crypto/internal/nistec+
+ embed from github.com/peterbourgon/ff/v3+
encoding from encoding/gob+
encoding/asn1 from crypto/x509+
encoding/base32 from github.com/fxamacker/cbor/v2+
@@ -307,23 +333,22 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
image/color from github.com/skip2/go-qrcode+
image/png from github.com/skip2/go-qrcode
internal/abi from crypto/x509/internal/macos+
- internal/asan from syscall
+ internal/asan from syscall+
internal/bisect from internal/godebug
internal/bytealg from bytes+
- internal/byteorder from crypto/aes+
+ internal/byteorder from crypto/cipher+
internal/chacha8rand from math/rand/v2+
- internal/concurrent from unique
internal/coverage/rtcov from runtime
- internal/cpu from crypto/aes+
+ internal/cpu from crypto/internal/fips140deps/cpu+
internal/filepathlite from os+
internal/fmtsort from fmt+
- internal/goarch from crypto/aes+
+ internal/goarch from crypto/internal/fips140deps/cpu+
internal/godebug from archive/tar+
internal/godebugs from internal/godebug+
- internal/goexperiment from runtime
+ internal/goexperiment from runtime+
internal/goos from crypto/x509+
internal/itoa from internal/poll+
- internal/msan from syscall
+ internal/msan from syscall+
internal/nettrace from net+
internal/oserror from io/fs+
internal/poll from net+
@@ -332,18 +357,21 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
internal/reflectlite from context+
internal/runtime/atomic from internal/runtime/exithook+
internal/runtime/exithook from runtime
+ internal/runtime/maps from reflect+
+ internal/runtime/math from internal/runtime/maps+
+ internal/runtime/sys from crypto/subtle+
L internal/runtime/syscall from runtime+
internal/saferio from debug/pe+
internal/singleflight from net
internal/stringslite from embed+
+ internal/sync from sync+
internal/syscall/execenv from os+
- LD internal/syscall/unix from crypto/rand+
- W internal/syscall/windows from crypto/rand+
+ LD internal/syscall/unix from crypto/internal/sysrand+
+ W internal/syscall/windows from crypto/internal/sysrand+
W internal/syscall/windows/registry from mime+
W internal/syscall/windows/sysdll from internal/syscall/windows+
internal/testlog from os
internal/unsafeheader from internal/reflectlite+
- internal/weak from unique
io from archive/tar+
io/fs from archive/tar+
io/ioutil from github.com/mitchellh/go-ps+
@@ -369,7 +397,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
net/netip from go4.org/netipx+
net/textproto from golang.org/x/net/http/httpguts+
net/url from crypto/x509+
- os from crypto/rand+
+ os from crypto/internal/sysrand+
os/exec from github.com/coreos/go-iptables/iptables+
os/signal from tailscale.com/cmd/tailscale/cli
os/user from archive/tar+
@@ -380,8 +408,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
regexp/syntax from regexp
runtime from archive/tar+
runtime/debug from tailscale.com+
- runtime/internal/math from runtime
- runtime/internal/sys from runtime
slices from tailscale.com/client/web+
sort from compress/flate+
strconv from archive/tar+
@@ -398,3 +424,4 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
unicode/utf8 from bufio+
unique from net/netip
unsafe from bytes+
+ weak from unique
diff --git a/cmd/tailscaled/depaware.txt b/cmd/tailscaled/depaware.txt
index 594ebeb17..c0f592ea1 100644
--- a/cmd/tailscaled/depaware.txt
+++ b/cmd/tailscaled/depaware.txt
@@ -449,14 +449,13 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
golang.org/x/crypto/cryptobyte from crypto/ecdsa+
golang.org/x/crypto/cryptobyte/asn1 from crypto/ecdsa+
golang.org/x/crypto/curve25519 from golang.org/x/crypto/ssh+
- golang.org/x/crypto/hkdf from crypto/tls+
+ golang.org/x/crypto/hkdf from tailscale.com/control/controlbase
golang.org/x/crypto/internal/alias from golang.org/x/crypto/chacha20+
golang.org/x/crypto/internal/poly1305 from golang.org/x/crypto/chacha20poly1305+
golang.org/x/crypto/nacl/box from tailscale.com/types/key
golang.org/x/crypto/nacl/secretbox from golang.org/x/crypto/nacl/box
golang.org/x/crypto/poly1305 from github.com/tailscale/wireguard-go/device
golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+
- golang.org/x/crypto/sha3 from crypto/internal/mlkem768+
LD golang.org/x/crypto/ssh from github.com/pkg/sftp+
LD golang.org/x/crypto/ssh/internal/bcrypt_pbkdf from golang.org/x/crypto/ssh
golang.org/x/exp/constraints from github.com/dblohm7/wingoes/pe+
@@ -504,7 +503,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
container/list from crypto/tls+
context from crypto/tls+
crypto from crypto/ecdh+
- crypto/aes from crypto/ecdsa+
+ crypto/aes from crypto/internal/hpke+
crypto/cipher from crypto/aes+
crypto/des from crypto/tls+
crypto/dsa from crypto/x509+
@@ -513,34 +512,61 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
crypto/ed25519 from crypto/tls+
crypto/elliptic from crypto/ecdsa+
crypto/hmac from crypto/tls+
- crypto/internal/alias from crypto/aes+
- crypto/internal/bigmod from crypto/ecdsa+
crypto/internal/boring from crypto/aes+
crypto/internal/boring/bbig from crypto/ecdsa+
crypto/internal/boring/sig from crypto/internal/boring
- crypto/internal/edwards25519 from crypto/ed25519
- crypto/internal/edwards25519/field from crypto/ecdh+
+ crypto/internal/entropy from crypto/internal/fips140/drbg
+ crypto/internal/fips140 from crypto/internal/fips140/aes+
+ crypto/internal/fips140/aes from crypto/aes+
+ crypto/internal/fips140/aes/gcm from crypto/cipher+
+ crypto/internal/fips140/alias from crypto/cipher+
+ crypto/internal/fips140/bigmod from crypto/internal/fips140/ecdsa+
+ crypto/internal/fips140/check from crypto/internal/fips140/aes+
+ crypto/internal/fips140/drbg from crypto/internal/fips140/aes/gcm+
+ crypto/internal/fips140/ecdh from crypto/ecdh
+ crypto/internal/fips140/ecdsa from crypto/ecdsa
+ crypto/internal/fips140/ed25519 from crypto/ed25519
+ crypto/internal/fips140/edwards25519 from crypto/internal/fips140/ed25519
+ crypto/internal/fips140/edwards25519/field from crypto/ecdh+
+ crypto/internal/fips140/hkdf from crypto/internal/fips140/tls13+
+ crypto/internal/fips140/hmac from crypto/hmac+
+ crypto/internal/fips140/mlkem from crypto/tls
+ crypto/internal/fips140/nistec from crypto/elliptic+
+ crypto/internal/fips140/nistec/fiat from crypto/internal/fips140/nistec
+ crypto/internal/fips140/rsa from crypto/rsa
+ crypto/internal/fips140/sha256 from crypto/internal/fips140/check+
+ crypto/internal/fips140/sha3 from crypto/internal/fips140/hmac+
+ crypto/internal/fips140/sha512 from crypto/internal/fips140/ecdsa+
+ crypto/internal/fips140/subtle from crypto/internal/fips140/aes+
+ crypto/internal/fips140/tls12 from crypto/tls
+ crypto/internal/fips140/tls13 from crypto/tls
+ crypto/internal/fips140deps/byteorder from crypto/internal/fips140/aes+
+ crypto/internal/fips140deps/cpu from crypto/internal/fips140/aes+
+ crypto/internal/fips140deps/godebug from crypto/internal/fips140+
+ crypto/internal/fips140hash from crypto/ecdsa+
+ crypto/internal/fips140only from crypto/cipher+
crypto/internal/hpke from crypto/tls
- crypto/internal/mlkem768 from crypto/tls
- crypto/internal/nistec from crypto/ecdh+
- crypto/internal/nistec/fiat from crypto/internal/nistec
+ crypto/internal/impl from crypto/internal/fips140/aes+
crypto/internal/randutil from crypto/dsa+
+ crypto/internal/sysrand from crypto/internal/entropy+
crypto/md5 from crypto/tls+
crypto/rand from crypto/ed25519+
crypto/rc4 from crypto/tls+
crypto/rsa from crypto/tls+
crypto/sha1 from crypto/tls+
crypto/sha256 from crypto/tls+
+ crypto/sha3 from crypto/internal/fips140hash
crypto/sha512 from crypto/ecdsa+
- crypto/subtle from crypto/aes+
+ crypto/subtle from crypto/cipher+
crypto/tls from github.com/aws/aws-sdk-go-v2/aws/transport/http+
+ crypto/tls/internal/fips140tls from crypto/tls
crypto/x509 from crypto/tls+
D crypto/x509/internal/macos from crypto/x509
crypto/x509/pkix from crypto/x509+
DW database/sql/driver from github.com/google/uuid
W debug/dwarf from debug/pe
W debug/pe from github.com/dblohm7/wingoes/pe
- embed from crypto/internal/nistec+
+ embed from github.com/tailscale/web-client-prebuilt+
encoding from encoding/gob+
encoding/asn1 from crypto/x509+
encoding/base32 from github.com/fxamacker/cbor/v2+
@@ -562,23 +588,22 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
html from html/template+
html/template from github.com/gorilla/csrf
internal/abi from crypto/x509/internal/macos+
- internal/asan from syscall
+ internal/asan from syscall+
internal/bisect from internal/godebug
internal/bytealg from bytes+
- internal/byteorder from crypto/aes+
+ internal/byteorder from crypto/cipher+
internal/chacha8rand from math/rand/v2+
- internal/concurrent from unique
internal/coverage/rtcov from runtime
- internal/cpu from crypto/aes+
+ internal/cpu from crypto/internal/fips140deps/cpu+
internal/filepathlite from os+
internal/fmtsort from fmt+
- internal/goarch from crypto/aes+
+ internal/goarch from crypto/internal/fips140deps/cpu+
internal/godebug from archive/tar+
internal/godebugs from internal/godebug+
- internal/goexperiment from runtime
+ internal/goexperiment from runtime+
internal/goos from crypto/x509+
internal/itoa from internal/poll+
- internal/msan from syscall
+ internal/msan from syscall+
internal/nettrace from net+
internal/oserror from io/fs+
internal/poll from net+
@@ -588,18 +613,21 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
internal/reflectlite from context+
internal/runtime/atomic from internal/runtime/exithook+
internal/runtime/exithook from runtime
+ internal/runtime/maps from reflect+
+ internal/runtime/math from internal/runtime/maps+
+ internal/runtime/sys from crypto/subtle+
L internal/runtime/syscall from runtime+
internal/saferio from debug/pe+
internal/singleflight from net
internal/stringslite from embed+
+ internal/sync from sync+
internal/syscall/execenv from os+
- LD internal/syscall/unix from crypto/rand+
- W internal/syscall/windows from crypto/rand+
+ LD internal/syscall/unix from crypto/internal/sysrand+
+ W internal/syscall/windows from crypto/internal/sysrand+
W internal/syscall/windows/registry from mime+
W internal/syscall/windows/sysdll from internal/syscall/windows+
internal/testlog from os
internal/unsafeheader from internal/reflectlite+
- internal/weak from unique
io from archive/tar+
io/fs from archive/tar+
io/ioutil from github.com/aws/aws-sdk-go-v2/aws/protocol/query+
@@ -626,7 +654,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
net/netip from github.com/tailscale/wireguard-go/conn+
net/textproto from github.com/aws/aws-sdk-go-v2/aws/signer/v4+
net/url from crypto/x509+
- os from crypto/rand+
+ os from crypto/internal/sysrand+
os/exec from github.com/aws/aws-sdk-go-v2/credentials/processcreds+
os/signal from tailscale.com/cmd/tailscaled
os/user from archive/tar+
@@ -637,8 +665,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
regexp/syntax from regexp
runtime from archive/tar+
runtime/debug from github.com/aws/aws-sdk-go-v2/internal/sync/singleflight+
- runtime/internal/math from runtime
- runtime/internal/sys from runtime
runtime/pprof from net/http/pprof+
runtime/trace from net/http/pprof
slices from tailscale.com/appc+
@@ -657,3 +683,4 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
unicode/utf8 from bufio+
unique from net/netip
unsafe from bytes+
+ weak from unique
diff --git a/cmd/testwrapper/testwrapper.go b/cmd/testwrapper/testwrapper.go
index 67b8a1483..1df1ef11f 100644
--- a/cmd/testwrapper/testwrapper.go
+++ b/cmd/testwrapper/testwrapper.go
@@ -10,6 +10,7 @@ package main
import (
"bufio"
"bytes"
+ "cmp"
"context"
"encoding/json"
"errors"
@@ -59,11 +60,12 @@ type packageTests struct {
}
type goTestOutput struct {
- Time time.Time
- Action string
- Package string
- Test string
- Output string
+ Time time.Time
+ Action string
+ ImportPath string
+ Package string
+ Test string
+ Output string
}
var debug = os.Getenv("TS_TESTWRAPPER_DEBUG") != ""
@@ -111,42 +113,43 @@ func runTests(ctx context.Context, attempt int, pt *packageTests, goTestArgs, te
for s.Scan() {
var goOutput goTestOutput
if err := json.Unmarshal(s.Bytes(), &goOutput); err != nil {
- if errors.Is(err, io.EOF) || errors.Is(err, os.ErrClosed) {
- break
- }
-
- // `go test -json` outputs invalid JSON when a build fails.
- // In that case, discard the the output and start reading again.
- // The build error will be printed to stderr.
- // See: https://github.com/golang/go/issues/35169
- if _, ok := err.(*json.SyntaxError); ok {
- fmt.Println(s.Text())
- continue
- }
- panic(err)
+ return fmt.Errorf("failed to parse go test output %q: %w", s.Bytes(), err)
}
- pkg := goOutput.Package
+ pkg := cmp.Or(
+ goOutput.Package,
+ "build:"+goOutput.ImportPath, // can be "./cmd" while Package is "tailscale.com/cmd" so use separate namespace
+ )
pkgTests := resultMap[pkg]
if pkgTests == nil {
- pkgTests = make(map[string]*testAttempt)
+ pkgTests = map[string]*testAttempt{
+ "": {}, // Used for start time and build logs.
+ }
resultMap[pkg] = pkgTests
}
if goOutput.Test == "" {
switch goOutput.Action {
case "start":
- pkgTests[""] = &testAttempt{start: goOutput.Time}
- case "fail", "pass", "skip":
+ pkgTests[""].start = goOutput.Time
+ case "build-output":
+ pkgTests[""].logs.WriteString(goOutput.Output)
+ case "build-fail", "fail", "pass", "skip":
for _, test := range pkgTests {
if test.testName != "" && test.outcome == "" {
test.outcome = "fail"
ch <- test
}
}
+ outcome := goOutput.Action
+ if outcome == "build-fail" {
+ outcome = "FAIL"
+ }
+ pkgTests[""].logs.WriteString(goOutput.Output)
ch <- &testAttempt{
pkg: goOutput.Package,
- outcome: goOutput.Action,
+ outcome: outcome,
start: pkgTests[""].start,
end: goOutput.Time,
+ logs: pkgTests[""].logs,
pkgFinished: true,
}
}
@@ -215,6 +218,9 @@ func main() {
}
toRun := []*nextRun{firstRun}
printPkgOutcome := func(pkg, outcome string, attempt int, runtime time.Duration) {
+ if pkg == "" {
+ return // We reach this path on a build error.
+ }
if outcome == "skip" {
fmt.Printf("?\t%s [skipped/no tests] \n", pkg)
return
@@ -270,6 +276,7 @@ func main() {
// when a package times out.
failed = true
}
+ os.Stdout.ReadFrom(&tr.logs)
printPkgOutcome(tr.pkg, tr.outcome, thisRun.attempt, tr.end.Sub(tr.start))
continue
}
diff --git a/cmd/testwrapper/testwrapper_test.go b/cmd/testwrapper/testwrapper_test.go
index fb2ed2c52..ace53ccd0 100644
--- a/cmd/testwrapper/testwrapper_test.go
+++ b/cmd/testwrapper/testwrapper_test.go
@@ -11,6 +11,7 @@ import (
"os/exec"
"path/filepath"
"regexp"
+ "strings"
"sync"
"testing"
)
@@ -154,24 +155,24 @@ func TestBuildError(t *testing.T) {
t.Fatalf("writing package: %s", err)
}
- buildErr := []byte("builderror_test.go:3:1: expected declaration, found derp\nFAIL command-line-arguments [setup failed]")
+ wantErr := "builderror_test.go:3:1: expected declaration, found derp\nFAIL"
// Confirm `go test` exits with code 1.
goOut, err := exec.Command("go", "test", testfile).CombinedOutput()
if code, ok := errExitCode(err); !ok || code != 1 {
- t.Fatalf("go test %s: expected error with exit code 0 but got: %v", testfile, err)
+ t.Fatalf("go test %s: got exit code %d, want 1 (err: %v)", testfile, code, err)
}
- if !bytes.Contains(goOut, buildErr) {
- t.Fatalf("go test %s: expected build error containing %q but got:\n%s", testfile, buildErr, goOut)
+ if !strings.Contains(string(goOut), wantErr) {
+ t.Fatalf("go test %s: got output %q, want output containing %q", testfile, goOut, wantErr)
}
// Confirm `testwrapper` exits with code 1.
twOut, err := cmdTestwrapper(t, testfile).CombinedOutput()
if code, ok := errExitCode(err); !ok || code != 1 {
- t.Fatalf("testwrapper %s: expected error with exit code 0 but got: %v", testfile, err)
+ t.Fatalf("testwrapper %s: got exit code %d, want 1 (err: %v)", testfile, code, err)
}
- if !bytes.Contains(twOut, buildErr) {
- t.Fatalf("testwrapper %s: expected build error containing %q but got:\n%s", testfile, buildErr, twOut)
+ if !strings.Contains(string(twOut), wantErr) {
+ t.Fatalf("testwrapper %s: got output %q, want output containing %q", testfile, twOut, wantErr)
}
if testing.Verbose() {
diff --git a/cmd/tsconnect/common.go b/cmd/tsconnect/common.go
index 0b0813226..ff10e4efb 100644
--- a/cmd/tsconnect/common.go
+++ b/cmd/tsconnect/common.go
@@ -176,6 +176,10 @@ func runEsbuild(buildOptions esbuild.BuildOptions) esbuild.BuildResult {
// wasm_exec.js runtime helper library from the Go toolchain.
func setupEsbuildWasmExecJS(build esbuild.PluginBuild) {
wasmExecSrcPath := filepath.Join(runtime.GOROOT(), "misc", "wasm", "wasm_exec.js")
+ if _, err := os.Stat(wasmExecSrcPath); os.IsNotExist(err) {
+ // Go 1.24+ location:
+ wasmExecSrcPath = filepath.Join(runtime.GOROOT(), "lib", "wasm", "wasm_exec.js")
+ }
build.OnResolve(esbuild.OnResolveOptions{
Filter: "./wasm_exec$",
}, func(args esbuild.OnResolveArgs) (esbuild.OnResolveResult, error) {
diff --git a/go.mod b/go.mod
index c926e8428..5aeefc9c9 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
module tailscale.com
-go 1.23.6
+go 1.24.0
require (
filippo.io/mkcert v1.4.4
diff --git a/go.toolchain.branch b/go.toolchain.branch
index 47469a20a..5e1cd0620 100644
--- a/go.toolchain.branch
+++ b/go.toolchain.branch
@@ -1 +1 @@
-tailscale.go1.23
+tailscale.go1.24
diff --git a/go.toolchain.rev b/go.toolchain.rev
index 963e8a28e..aa4153ac4 100644
--- a/go.toolchain.rev
+++ b/go.toolchain.rev
@@ -1 +1 @@
-65c3f5f3fc9d96f56a37a79cad4ebbd7ff985801
+a529f1c329a97596448310cd52ab64047294b9d5