ipn/ipnlocal, tka: compact TKA state after every sync

Previously a TKA compaction would only run when a node starts, which means a long-running node could use unbounded storage as it accumulates ever-increasing amounts of TKA state. This patch changes TKA so it runs a compaction after every sync. Updates https://github.com/tailscale/corp/issues/33537 Change-Id: I91df887ea0c5a5b00cb6caced85aeffa2a4b24ee Signed-off-by: Alex Chan <alexc@tailscale.com>
2025-12-23 17:16:29 +00:00 · 2025-11-17 16:38:57 +00:00
parent 38ccdbe35c
commit e1dd9222d4
10 changed files with 276 additions and 31 deletions
--- a/tka/key_test.go
+++ b/tka/key_test.go
@@ -72,7 +72,7 @@ func TestNLPrivate(t *testing.T) {
 	// Test that key.NLPrivate implements Signer by making a new
 	// authority.
 	k := Key{Kind: Key25519, Public: pub.Verifier(), Votes: 1}
-	_, aum, err := Create(&Mem{}, State{
+	_, aum, err := Create(ChonkMem(), State{
 		Keys:               []Key{k},
 		DisablementSecrets: [][]byte{bytes.Repeat([]byte{1}, 32)},
 	}, p)