Creates new QNAP builder target, which builds go binaries then uses
docker to build into QNAP packages. Much of the docker/script code
here is pulled over from https://github.com/tailscale/tailscale-qpkg,
with adaptation into our builder structures.
The qnap/Tailscale folder contains static resources needed to build
Tailscale qpkg packages, and is an exact copy of the existing folder
in the tailscale-qpkg repo.
Builds can be run with:
```
sudo ./tool/go run ./cmd/dist build qnap
```
Updates tailscale/tailscale-qpkg#135
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Update logs for synology builds to more clearly callout which variant
is being built. The two existing variants are:
1. Sideloaded (can be manual installed on a device by anyone)
2. Package center distribution (by the tailscale team)
Updates #cleanup
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Add `dist.Signer` hook which can arbitrarily sign linux/synology
artifacts. Plumb it through in `cmd/dist` and remove existing tarball
signing key. Distsign signing will happen on a remote machine, not using
a local key.
Updates #755
Updates #8760
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
Plumb a signing callback function to `unixpkgs.rpmTarget` to allow
signing RPMs. This callback is optional and RPMs will build unsigned if
not set, just as before.
Updates https://github.com/tailscale/tailscale/issues/1882
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
Pass an optional PEM-encoded ECDSA key to `cmd/dist` to sign all built
tarballs. The signature is stored next to the tarball with a `.sig`
extension.
Tested this with an `openssl`-generated key pair and verified the
resulting signature.
Updates #8760
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
