From e19c01f5b3e9760a010872b0ffa2075b897b9ad4 Mon Sep 17 00:00:00 2001
From: Andrew Lytvynov <awly@tailscale.com>
Date: Tue, 4 Feb 2025 15:51:03 -0800
Subject: [PATCH] clientupdate: refuse to update in tsnet binaries (#14911)

When running via tsnet, c2n will be hooked up so requests to update can
reach the node. But it will then apply whatever OS-specific update
function, upgrading the local tailscaled instead.

We can't update tsnet automatically, so refuse it.

Fixes #14892

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
---
 clientupdate/clientupdate.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/clientupdate/clientupdate.go b/clientupdate/clientupdate.go
index 7fa84d67f..c5baeb8e9 100644
--- a/clientupdate/clientupdate.go
+++ b/clientupdate/clientupdate.go
@@ -27,6 +27,7 @@ import (
 	"strconv"
 	"strings"
 
+	"tailscale.com/hostinfo"
 	"tailscale.com/types/logger"
 	"tailscale.com/util/cmpver"
 	"tailscale.com/version"
@@ -169,6 +170,12 @@ func NewUpdater(args Arguments) (*Updater, error) {
 type updateFunction func() error
 
 func (up *Updater) getUpdateFunction() (fn updateFunction, canAutoUpdate bool) {
+	hi := hostinfo.New()
+	// We don't know how to update custom tsnet binaries, it's up to the user.
+	if hi.Package == "tsnet" {
+		return nil, false
+	}
+
 	switch runtime.GOOS {
 	case "windows":
 		return up.updateWindows, true