feature/featuretags, all: add build features, use existing ones in more places

Saves 270 KB. Updates #12614 Change-Id: I4c3fe06d32c49edb3a4bb0758a8617d83f291cf5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-09-30 14:47:40 -07:00
parent aa5b2ce83b
commit c45f8813b4
35 changed files with 407 additions and 166 deletions
@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build ts_omit_bakedroots
+
+package buildfeatures
+
+// HasBakedRoots is whether the binary was built with support for modular feature "Embed CA (LetsEncrypt) x509 roots to use as fallback".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_bakedroots" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasBakedRoots = false
@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build !ts_omit_bakedroots
+
+package buildfeatures
+
+// HasBakedRoots is whether the binary was built with support for modular feature "Embed CA (LetsEncrypt) x509 roots to use as fallback".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_bakedroots" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasBakedRoots = true
@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build ts_omit_cloud
+
+package buildfeatures
+
+// HasCloud is whether the binary was built with support for modular feature "detect cloud environment to learn instances IPs and DNS servers".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_cloud" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasCloud = false
@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build !ts_omit_cloud
+
+package buildfeatures
+
+// HasCloud is whether the binary was built with support for modular feature "detect cloud environment to learn instances IPs and DNS servers".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_cloud" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasCloud = true
@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build ts_omit_listenrawdisco
+
+package buildfeatures
+
+// HasListenRawDisco is whether the binary was built with support for modular feature "Use raw sockets for more robust disco (NAT traversal) message receiving (Linux only)".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_listenrawdisco" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasListenRawDisco = false
@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build !ts_omit_listenrawdisco
+
+package buildfeatures
+
+// HasListenRawDisco is whether the binary was built with support for modular feature "Use raw sockets for more robust disco (NAT traversal) message receiving (Linux only)".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_listenrawdisco" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasListenRawDisco = true
@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build ts_omit_unixsocketidentity
+
+package buildfeatures
+
+// HasUnixSocketIdentity is whether the binary was built with support for modular feature "differentiate between users accessing the LocalAPI over unix sockets (if omitted, all users have full access)".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_unixsocketidentity" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasUnixSocketIdentity = false
@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build !ts_omit_unixsocketidentity
+
+package buildfeatures
+
+// HasUnixSocketIdentity is whether the binary was built with support for modular feature "differentiate between users accessing the LocalAPI over unix sockets (if omitted, all users have full access)".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_unixsocketidentity" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasUnixSocketIdentity = true
@@ -87,41 +87,47 @@ type FeatureMeta struct {
 // Features are the known Tailscale features that can be selectively included or
 // excluded via build tags, and a description of each.
 var Features = map[FeatureTag]FeatureMeta{
-	"acme":          {"ACME", "ACME TLS certificate management", nil},
-	"appconnectors": {"AppConnectors", "App Connectors support", nil},
-	"aws":           {"AWS", "AWS integration", nil},
-	"bird":          {"Bird", "Bird BGP integration", nil},
-	"captiveportal": {"CaptivePortal", "Captive portal detection", nil},
-	"capture":       {"Capture", "Packet capture", nil},
-	"cli":           {"CLI", "embed the CLI into the tailscaled binary", nil},
-	"cliconndiag":   {"CLIConnDiag", "CLI connection error diagnostics", nil},
-	"clientupdate":  {"ClientUpdate", "Client auto-update support", nil},
-	"completion":    {"Completion", "CLI shell completion", nil},
-	"dbus":          {"DBus", "Linux DBus support", nil},
-	"debug":         {"Debug", "various debug support, for things that don't have or need their own more specific feature", nil},
-	"debugeventbus": {"DebugEventBus", "eventbus debug support", nil},
+	"acme":          {Sym: "ACME", Desc: "ACME TLS certificate management"},
+	"appconnectors": {Sym: "AppConnectors", Desc: "App Connectors support"},
+	"aws":           {Sym: "AWS", Desc: "AWS integration"},
+	"bakedroots":    {Sym: "BakedRoots", Desc: "Embed CA (LetsEncrypt) x509 roots to use as fallback"},
+	"bird":          {Sym: "Bird", Desc: "Bird BGP integration"},
+	"captiveportal": {Sym: "CaptivePortal", Desc: "Captive portal detection"},
+	"capture":       {Sym: "Capture", Desc: "Packet capture"},
+	"cloud":         {Sym: "Cloud", Desc: "detect cloud environment to learn instances IPs and DNS servers"},
+	"cli":           {Sym: "CLI", Desc: "embed the CLI into the tailscaled binary"},
+	"cliconndiag":   {Sym: "CLIConnDiag", Desc: "CLI connection error diagnostics"},
+	"clientupdate":  {Sym: "ClientUpdate", Desc: "Client auto-update support"},
+	"completion":    {Sym: "Completion", Desc: "CLI shell completion"},
+	"dbus":          {Sym: "DBus", Desc: "Linux DBus support"},
+	"debug":         {Sym: "Debug", Desc: "various debug support, for things that don't have or need their own more specific feature"},
+	"debugeventbus": {Sym: "DebugEventBus", Desc: "eventbus debug support"},
 	"debugportmapper": {
 		Sym:  "DebugPortMapper",
 		Desc: "portmapper debug support",
 		Deps: []FeatureTag{"portmapper"},
 	},
-	"desktop_sessions": {"DesktopSessions", "Desktop sessions support", nil},
-	"doctor":           {"Doctor", "Diagnose possible issues with Tailscale and its host environment", nil},
-	"drive":            {"Drive", "Tailscale Drive (file server) support", nil},
+	"desktop_sessions": {Sym: "DesktopSessions", Desc: "Desktop sessions support"},
+	"doctor":           {Sym: "Doctor", Desc: "Diagnose possible issues with Tailscale and its host environment"},
+	"drive":            {Sym: "Drive", Desc: "Tailscale Drive (file server) support"},
 	"gro": {
 		Sym:  "GRO",
 		Desc: "Generic Receive Offload support (performance)",
 		Deps: []FeatureTag{"netstack"},
 	},
-	"hujsonconf":    {"HuJSONConf", "HuJSON config file support", nil},
-	"iptables":      {"IPTables", "Linux iptables support", nil},
-	"kube":          {"Kube", "Kubernetes integration", nil},
-	"linuxdnsfight": {"LinuxDNSFight", "Linux support for detecting DNS fights (inotify watching of /etc/resolv.conf)", nil},
+	"hujsonconf":    {Sym: "HuJSONConf", Desc: "HuJSON config file support"},
+	"iptables":      {Sym: "IPTables", Desc: "Linux iptables support"},
+	"kube":          {Sym: "Kube", Desc: "Kubernetes integration"},
+	"linuxdnsfight": {Sym: "LinuxDNSFight", Desc: "Linux support for detecting DNS fights (inotify watching of /etc/resolv.conf)"},
+	"listenrawdisco": {
+		Sym:  "ListenRawDisco",
+		Desc: "Use raw sockets for more robust disco (NAT traversal) message receiving (Linux only)",
+	},
 	"logtail": {
 		Sym:  "LogTail",
 		Desc: "upload logs to log.tailscale.com (debug logs for bug reports and also by network flow logs if enabled)",
 	},
-	"oauthkey": {"OAuthKey", "OAuth secret-to-authkey resolution support", nil},
+	"oauthkey": {Sym: "OAuthKey", Desc: "OAuth secret-to-authkey resolution support"},
 	"outboundproxy": {
 		Sym:  "OutboundProxy",
 		Desc: "Support running an outbound localhost HTTP/SOCK5 proxy support that sends traffic over Tailscale",
@@ -137,9 +143,9 @@ var Features = map[FeatureTag]FeatureMeta{
 		// by some other feature are missing, then it's an error by default unless you accept
 		// that it's okay to proceed without that meta feature.
 	},
-	"portlist":   {"PortList", "Optionally advertise listening service ports", nil},
-	"portmapper": {"PortMapper", "NAT-PMP/PCP/UPnP port mapping support", nil},
-	"posture":    {"Posture", "Device posture checking support", nil},
+	"portlist":   {Sym: "PortList", Desc: "Optionally advertise listening service ports"},
+	"portmapper": {Sym: "PortMapper", Desc: "NAT-PMP/PCP/UPnP port mapping support"},
+	"posture":    {Sym: "Posture", Desc: "Device posture checking support"},
 	"dns": {
 		Sym:  "DNS",
 		Desc: "MagicDNS and system DNS configuration support",
@@ -149,13 +155,13 @@ var Features = map[FeatureTag]FeatureMeta{
 		Desc: "Network flow logging support",
 		Deps: []FeatureTag{"logtail"},
 	},
-	"netstack": {"Netstack", "gVisor netstack (userspace networking) support", nil},
+	"netstack": {Sym: "Netstack", Desc: "gVisor netstack (userspace networking) support"},
 	"networkmanager": {
 		Sym:  "NetworkManager",
 		Desc: "Linux NetworkManager integration",
 		Deps: []FeatureTag{"dbus"},
 	},
-	"relayserver": {"RelayServer", "Relay server", nil},
+	"relayserver": {Sym: "RelayServer", Desc: "Relay server"},
 	"resolved": {
 		Sym:  "Resolved",
 		Desc: "Linux systemd-resolved integration",
@@ -179,21 +185,25 @@ var Features = map[FeatureTag]FeatureMeta{
 		Sym:  "Synology",
 		Desc: "Synology NAS integration (applies to Linux builds only)",
 	},
-	"syspolicy": {"SystemPolicy", "System policy configuration (MDM) support", nil},
+	"syspolicy": {Sym: "SystemPolicy", Desc: "System policy configuration (MDM) support"},
 	"systray": {
 		Sym:  "SysTray",
 		Desc: "Linux system tray",
 		Deps: []FeatureTag{"dbus"},
 	},
-	"taildrop":    {"Taildrop", "Taildrop (file sending) support", nil},
-	"tailnetlock": {"TailnetLock", "Tailnet Lock support", nil},
-	"tap":         {"Tap", "Experimental Layer 2 (ethernet) support", nil},
-	"tpm":         {"TPM", "TPM support", nil},
+	"taildrop":    {Sym: "Taildrop", Desc: "Taildrop (file sending) support"},
+	"tailnetlock": {Sym: "TailnetLock", Desc: "Tailnet Lock support"},
+	"tap":         {Sym: "Tap", Desc: "Experimental Layer 2 (ethernet) support"},
+	"tpm":         {Sym: "TPM", Desc: "TPM support"},
+	"unixsocketidentity": {
+		Sym:  "UnixSocketIdentity",
+		Desc: "differentiate between users accessing the LocalAPI over unix sockets (if omitted, all users have full access)",
+	},
 	"useproxy": {
 		Sym:  "UseProxy",
 		Desc: "Support using system proxies as specified by env vars or the system configuration to reach Tailscale servers.",
 	},
-	"wakeonlan": {"WakeOnLAN", "Wake-on-LAN support", nil},
+	"wakeonlan": {Sym: "WakeOnLAN", Desc: "Wake-on-LAN support"},
 	"webclient": {
 		Sym: "WebClient", Desc: "Web client support",
 		Deps: []FeatureTag{"serve"},