types/persist: remove Persist.LegacyFrontendPrivateMachineKey

It was a temporary migration over four years ago. It's no longer relevant. Updates #610 Change-Id: I1f00c9485fab13ede6f77603f7d4235222c2a481 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-02-21 12:28:39 +00:00 · 2025-01-24 19:56:33 -08:00 · 2025-01-24 19:56:33 -08:00 · ba1f9a3918
commit ba1f9a3918
parent 2691b9f6be
7 changed files with 21 additions and 80 deletions
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@ -1082,7 +1082,6 @@ func stripKeysFromPrefs(p ipn.PrefsView) ipn.PrefsView {
 	}
 	p2 := p.AsStruct()
 	p2.Persist.LegacyFrontendPrivateMachineKey = key.MachinePrivate{}
 	p2.Persist.PrivateNodeKey = key.NodePrivate{}
 	p2.Persist.OldPrivateNodeKey = key.NodePrivate{}
 	p2.Persist.NetworkLockKey = key.NLPrivate{}
@ -3343,11 +3342,6 @@ func (b *LocalBackend) initMachineKeyLocked() (err error) {
 		return nil
 	}
 	var legacyMachineKey key.MachinePrivate
 	if p := b.pm.CurrentPrefs().Persist(); p.Valid() {
 		legacyMachineKey = p.LegacyFrontendPrivateMachineKey()
 	}
 	keyText, err := b.store.ReadState(ipn.MachineKeyStateKey)
 	if err == nil {
 		if err := b.machinePrivKey.UnmarshalText(keyText); err != nil {
@ -3356,9 +3350,6 @@ func (b *LocalBackend) initMachineKeyLocked() (err error) {
 		if b.machinePrivKey.IsZero() {
 			return fmt.Errorf("invalid zero key stored in %v key of %v", ipn.MachineKeyStateKey, b.store)
 		}
 		if !legacyMachineKey.IsZero() && !legacyMachineKey.Equal(b.machinePrivKey) {
 			b.logf("frontend-provided legacy machine key ignored; used value from server state")
 		}
 		return nil
 	}
 	if err != ipn.ErrStateNotExist {
@ -3368,12 +3359,8 @@ func (b *LocalBackend) initMachineKeyLocked() (err error) {
 	// If we didn't find one already on disk and the prefs already
 	// have a legacy machine key, use that. Otherwise generate a
 	// new one.
-	if !legacyMachineKey.IsZero() {
+	b.logf("generating new machine key")
-		b.machinePrivKey = legacyMachineKey
+	b.machinePrivKey = key.NewMachine()
 	} else {
 		b.logf("generating new machine key")
 		b.machinePrivKey = key.NewMachine()
 	}
 	keyText, _ = b.machinePrivKey.MarshalText()
 	if err := ipn.WriteState(b.store, ipn.MachineKeyStateKey, keyText); err != nil {
--- a/ipn/ipnlocal/state_test.go
+++ b/ipn/ipnlocal/state_test.go
@ -949,8 +949,6 @@ func TestEditPrefsHasNoKeys(t *testing.T) {
 		Persist: &persist.Persist{
 			PrivateNodeKey:    key.NewNode(),
 			OldPrivateNodeKey: key.NewNode(),
 			LegacyFrontendPrivateMachineKey: key.NewMachine(),
 		},
 	}).View(), ipn.NetworkProfile{})
 	if p := b.pm.CurrentPrefs().Persist(); !p.Valid() || p.PrivateNodeKey().IsZero() {
@ -977,10 +975,6 @@ func TestEditPrefsHasNoKeys(t *testing.T) {
 		t.Errorf("OldPrivateNodeKey = %v; want zero", p.Persist().OldPrivateNodeKey())
 	}
 	if !p.Persist().LegacyFrontendPrivateMachineKey().IsZero() {
 		t.Errorf("LegacyFrontendPrivateMachineKey = %v; want zero", p.Persist().LegacyFrontendPrivateMachineKey())
 	}
 	if !p.Persist().NetworkLockKey().IsZero() {
 		t.Errorf("NetworkLockKey= %v; want zero", p.Persist().NetworkLockKey())
 	}
--- a/ipn/prefs_test.go
+++ b/ipn/prefs_test.go
@ -467,13 +467,6 @@ func TestPrefsPretty(t *testing.T) {
 			"darwin",
 			`Prefs{ra=false dns=false want=true tags=tag:foo,tag:bar url="http://localhost:1234" update=off Persist=nil}`,
 		},
 		{
 			Prefs{
 				Persist: &persist.Persist{},
 			},
 			"linux",
 			`Prefs{ra=false dns=false want=false routes=[] nf=off update=off Persist{lm=, o=, n= u=""}}`,
 		},
 		{
 			Prefs{
 				Persist: &persist.Persist{
@ -481,7 +474,7 @@ func TestPrefsPretty(t *testing.T) {
 				},
 			},
 			"linux",
-			`Prefs{ra=false dns=false want=false routes=[] nf=off update=off Persist{lm=, o=, n=[B1VKl] u=""}}`,
+			`Prefs{ra=false dns=false want=false routes=[] nf=off update=off Persist{o=, n=[B1VKl] u=""}}`,
 		},
 		{
 			Prefs{
--- a/types/persist/persist.go
+++ b/types/persist/persist.go
@ -21,17 +21,6 @@ import (
 type Persist struct {
 	_ structs.Incomparable
 	// LegacyFrontendPrivateMachineKey is here temporarily
 	// (starting 2020-09-28) during migration of Windows users'
 	// machine keys from frontend storage to the backend. On the
 	// first LocalBackend.Start call, the backend will initialize
 	// the real (backend-owned) machine key from the frontend's
 	// provided value (if non-zero), picking a new random one if
 	// needed. This field should be considered read-only from GUI
 	// frontends. The real value should not be written back in
 	// this field, lest the frontend persist it to disk.
 	LegacyFrontendPrivateMachineKey key.MachinePrivate `json:"PrivateMachineKey"`
 	PrivateNodeKey    key.NodePrivate
 	OldPrivateNodeKey key.NodePrivate // needed to request key rotation
 	UserProfile       tailcfg.UserProfile
@ -95,8 +84,7 @@ func (p *Persist) Equals(p2 *Persist) bool {
 		return false
 	}
-	return p.LegacyFrontendPrivateMachineKey.Equal(p2.LegacyFrontendPrivateMachineKey) &&
+	return p.PrivateNodeKey.Equal(p2.PrivateNodeKey) &&
 		p.PrivateNodeKey.Equal(p2.PrivateNodeKey) &&
 		p.OldPrivateNodeKey.Equal(p2.OldPrivateNodeKey) &&
 		p.UserProfile.Equal(&p2.UserProfile) &&
 		p.NetworkLockKey.Equal(p2.NetworkLockKey) &&
@ -106,18 +94,14 @@ func (p *Persist) Equals(p2 *Persist) bool {
 func (p *Persist) Pretty() string {
 	var (
 		mk     key.MachinePublic
 		ok, nk key.NodePublic
 	)
 	if !p.LegacyFrontendPrivateMachineKey.IsZero() {
 		mk = p.LegacyFrontendPrivateMachineKey.Public()
 	}
 	if !p.OldPrivateNodeKey.IsZero() {
 		ok = p.OldPrivateNodeKey.Public()
 	}
 	if !p.PrivateNodeKey.IsZero() {
 		nk = p.PublicNodeKey()
 	}
-	return fmt.Sprintf("Persist{lm=%v, o=%v, n=%v u=%#v}",
+	return fmt.Sprintf("Persist{o=%v, n=%v u=%#v}",
-		mk.ShortString(), ok.ShortString(), nk.ShortString(), p.UserProfile.LoginName)
+		ok.ShortString(), nk.ShortString(), p.UserProfile.LoginName)
 }
--- a/types/persist/persist_clone.go
+++ b/types/persist/persist_clone.go
@ -25,12 +25,11 @@ func (src *Persist) Clone() *Persist {
 // A compilation failure here means this code must be regenerated, with the command at the top of this file.
 var _PersistCloneNeedsRegeneration = Persist(struct {
-	_                               structs.Incomparable
+	_                     structs.Incomparable
-	LegacyFrontendPrivateMachineKey key.MachinePrivate
+	PrivateNodeKey        key.NodePrivate
-	PrivateNodeKey                  key.NodePrivate
+	OldPrivateNodeKey     key.NodePrivate
-	OldPrivateNodeKey               key.NodePrivate
+	UserProfile           tailcfg.UserProfile
-	UserProfile                     tailcfg.UserProfile
+	NetworkLockKey        key.NLPrivate
-	NetworkLockKey                  key.NLPrivate
+	NodeID                tailcfg.StableNodeID
-	NodeID                          tailcfg.StableNodeID
+	DisallowedTKAStateIDs []string
 	DisallowedTKAStateIDs           []string
 }{})
--- a/types/persist/persist_test.go
+++ b/types/persist/persist_test.go
@ -21,13 +21,12 @@ func fieldsOf(t reflect.Type) (fields []string) {
 }
 func TestPersistEqual(t *testing.T) {
-	persistHandles := []string{"LegacyFrontendPrivateMachineKey", "PrivateNodeKey", "OldPrivateNodeKey", "UserProfile", "NetworkLockKey", "NodeID", "DisallowedTKAStateIDs"}
+	persistHandles := []string{"PrivateNodeKey", "OldPrivateNodeKey", "UserProfile", "NetworkLockKey", "NodeID", "DisallowedTKAStateIDs"}
 	if have := fieldsOf(reflect.TypeFor[Persist]()); !reflect.DeepEqual(have, persistHandles) {
 		t.Errorf("Persist.Equal check might be out of sync\nfields: %q\nhandled: %q\n",
 			have, persistHandles)
 	}
 	m1 := key.NewMachine()
 	k1 := key.NewNode()
 	nl1 := key.NewNLPrivate()
 	tests := []struct {
@ -39,17 +38,6 @@ func TestPersistEqual(t *testing.T) {
 		{&Persist{}, nil, false},
 		{&Persist{}, &Persist{}, true},
 		{
 			&Persist{LegacyFrontendPrivateMachineKey: m1},
 			&Persist{LegacyFrontendPrivateMachineKey: key.NewMachine()},
 			false,
 		},
 		{
 			&Persist{LegacyFrontendPrivateMachineKey: m1},
 			&Persist{LegacyFrontendPrivateMachineKey: m1},
 			true,
 		},
 		{
 			&Persist{PrivateNodeKey: k1},
 			&Persist{PrivateNodeKey: key.NewNode()},
--- a/types/persist/persist_view.go
+++ b/types/persist/persist_view.go
@ -62,9 +62,6 @@ func (v *PersistView) UnmarshalJSON(b []byte) error {
 	return nil
 }
 func (v PersistView) LegacyFrontendPrivateMachineKey() key.MachinePrivate {
 	return v.ж.LegacyFrontendPrivateMachineKey
 }
 func (v PersistView) PrivateNodeKey() key.NodePrivate    { return v.ж.PrivateNodeKey }
 func (v PersistView) OldPrivateNodeKey() key.NodePrivate { return v.ж.OldPrivateNodeKey }
 func (v PersistView) UserProfile() tailcfg.UserProfile   { return v.ж.UserProfile }
@ -76,12 +73,11 @@ func (v PersistView) DisallowedTKAStateIDs() views.Slice[string] {
 // A compilation failure here means this code must be regenerated, with the command at the top of this file.
 var _PersistViewNeedsRegeneration = Persist(struct {
-	_                               structs.Incomparable
+	_                     structs.Incomparable
-	LegacyFrontendPrivateMachineKey key.MachinePrivate
+	PrivateNodeKey        key.NodePrivate
-	PrivateNodeKey                  key.NodePrivate
+	OldPrivateNodeKey     key.NodePrivate
-	OldPrivateNodeKey               key.NodePrivate
+	UserProfile           tailcfg.UserProfile
-	UserProfile                     tailcfg.UserProfile
+	NetworkLockKey        key.NLPrivate
-	NetworkLockKey                  key.NLPrivate
+	NodeID                tailcfg.StableNodeID
-	NodeID                          tailcfg.StableNodeID
+	DisallowedTKAStateIDs []string
 	DisallowedTKAStateIDs           []string
 }{})