all: use buildfeature constants in a few more places

Saves 21 KB. Updates #12614 Change-Id: I0cd3e735937b0f5c0fcc9f09a24476b1c4ac9a15 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-12-16 23:01:31 +01:00 · 2025-10-02 22:04:12 -07:00 · 2025-10-02 22:04:12 -07:00 · f42be719de
commit f42be719de
parent 59a39841c3
5 changed files with 63 additions and 29 deletions
--- a/cmd/stund/depaware.txt
+++ b/cmd/stund/depaware.txt
@ -51,7 +51,7 @@ tailscale.com/cmd/stund dependencies: (generated by github.com/tailscale/depawar
        tailscale.com                                                from tailscale.com/version
        tailscale.com/envknob                                        from tailscale.com/tsweb+
        tailscale.com/feature                                        from tailscale.com/tsweb
-        tailscale.com/feature/buildfeatures                          from tailscale.com/feature
+        tailscale.com/feature/buildfeatures                          from tailscale.com/feature+
        tailscale.com/kube/kubetypes                                 from tailscale.com/envknob
        tailscale.com/metrics                                        from tailscale.com/net/stunserver+
        tailscale.com/net/netaddr                                    from tailscale.com/net/tsaddr
--- a/envknob/envknob.go
+++ b/envknob/envknob.go
@ -32,6 +32,7 @@ import (
 	"sync/atomic"
 	"time"
 	"tailscale.com/feature/buildfeatures"
 	"tailscale.com/kube/kubetypes"
 	"tailscale.com/types/opt"
 	"tailscale.com/version"
@ -463,7 +464,12 @@ var allowRemoteUpdate = RegisterBool("TS_ALLOW_ADMIN_CONSOLE_REMOTE_UPDATE")
 // AllowsRemoteUpdate reports whether this node has opted-in to letting the
 // Tailscale control plane initiate a Tailscale update (e.g. on behalf of an
 // admin on the admin console).
-func AllowsRemoteUpdate() bool { return allowRemoteUpdate() }
+func AllowsRemoteUpdate() bool {
 	if !buildfeatures.HasClientUpdate {
 		return false
 	}
 	return allowRemoteUpdate()
 }
 // SetNoLogsNoSupport enables no-logs-no-support mode.
 func SetNoLogsNoSupport() {
@ -474,6 +480,9 @@ func SetNoLogsNoSupport() {
 var notInInit atomic.Bool
 func assertNotInInit() {
 	if !buildfeatures.HasDebug {
 		return
 	}
 	if notInInit.Load() {
 		return
 	}
@ -533,6 +542,11 @@ func ApplyDiskConfigError() error { return applyDiskConfigErr }
 //     for App Store builds
 //   - /etc/tailscale/tailscaled-env.txt for tailscaled-on-macOS (homebrew, etc)
 func ApplyDiskConfig() (err error) {
 	if runtime.GOOS == "linux" && !(buildfeatures.HasDebug || buildfeatures.HasSynology) {
 		// This function does nothing on Linux, unless you're
 		// using TS_DEBUG_ENV_FILE or are on Synology.
 		return nil
 	}
 	var f *os.File
 	defer func() {
 		if err != nil {
@ -593,7 +607,7 @@ func getPlatformEnvFiles() []string {
 			filepath.Join(os.Getenv("ProgramData"), "Tailscale", "tailscaled-env.txt"),
 		}
 	case "linux":
-		if distro.Get() == distro.Synology {
+		if buildfeatures.HasSynology && distro.Get() == distro.Synology {
 			return []string{"/etc/tailscale/tailscaled-env.txt"}
 		}
 	case "darwin":
--- a/ipn/ipnauth/ipnauth.go
+++ b/ipn/ipnauth/ipnauth.go
@ -15,6 +15,7 @@ import (
 	"strconv"
 	"tailscale.com/envknob"
 	"tailscale.com/feature/buildfeatures"
 	"tailscale.com/ipn"
 	"tailscale.com/safesocket"
 	"tailscale.com/types/logger"
@ -77,6 +78,13 @@ type ConnIdentity struct {
 // It's suitable for passing to LookupUserFromID (os/user.LookupId) on any
 // operating system.
 func (ci *ConnIdentity) WindowsUserID() ipn.WindowsUserID {
 	if !buildfeatures.HasDebug && runtime.GOOS != "windows" {
 		// This function is only implemented on non-Windows for simulating
 		// Windows in tests. But that test (per comments below) is broken
 		// anyway. So disable this testing path in non-debug builds
 		// and just do the thing that optimizes away.
 		return ""
 	}
 	if envknob.GOOS() != "windows" {
 		return ""
 	}
--- a/ipn/ipnauth/policy.go
+++ b/ipn/ipnauth/policy.go
@ -8,6 +8,7 @@ import (
 	"fmt"
 	"tailscale.com/client/tailscale/apitype"
 	"tailscale.com/feature/buildfeatures"
 	"tailscale.com/ipn"
 	"tailscale.com/tailcfg"
 	"tailscale.com/util/syspolicy/pkey"
@ -51,6 +52,9 @@ func (a actorWithPolicyChecks) CheckProfileAccess(profile ipn.LoginProfileView,
 // TODO(nickkhyl): unexport it when we move [ipn.Actor] implementations from [ipnserver]
 // and corp to this package.
 func CheckDisconnectPolicy(actor Actor, profile ipn.LoginProfileView, reason string, auditFn AuditLogFunc) error {
 	if !buildfeatures.HasSystemPolicy {
 		return nil
 	}
 	if alwaysOn, _ := policyclient.Get().GetBoolean(pkey.AlwaysOn, false); !alwaysOn {
 		return nil
 	}
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@ -1135,7 +1135,7 @@ func (b *LocalBackend) Shutdown() {
 }
 func (b *LocalBackend) awaitNoGoroutinesInTest() {
-	if !testenv.InTest() {
+	if !buildfeatures.HasDebug || !testenv.InTest() {
 		return
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), 8*time.Second)
@ -1836,6 +1836,9 @@ var preferencePolicies = []preferencePolicyInfo{
 //
 // b.mu must be held.
 func (b *LocalBackend) applySysPolicyLocked(prefs *ipn.Prefs) (anyChange bool) {
 	if !buildfeatures.HasSystemPolicy {
 		return false
 	}
 	if controlURL, err := b.polc.GetString(pkey.ControlURL, prefs.ControlURL); err == nil && prefs.ControlURL != controlURL {
 		prefs.ControlURL = controlURL
 		anyChange = true
@ -5328,7 +5331,7 @@ func (b *LocalBackend) routerConfig(cfg *wgcfg.Config, prefs ipn.PrefsView, oneC
 		NetfilterKind:     netfilterKind,
 	}
-	if distro.Get() == distro.Synology {
+	if buildfeatures.HasSynology && distro.Get() == distro.Synology {
 		// Issue 1995: we don't use iptables on Synology.
 		rs.NetfilterMode = preftype.NetfilterOff
 	}
@ -5339,7 +5342,7 @@ func (b *LocalBackend) routerConfig(cfg *wgcfg.Config, prefs ipn.PrefsView, oneC
 	// likely to break some functionality, but if the user expressed a
 	// preference for routing remotely, we want to avoid leaking
 	// traffic at the expense of functionality.
-	if prefs.ExitNodeID() != "" || prefs.ExitNodeIP().IsValid() {
+	if buildfeatures.HasUseExitNode && (prefs.ExitNodeID() != "" || prefs.ExitNodeIP().IsValid()) {
 		var default4, default6 bool
 		for _, route := range rs.Routes {
 			switch route {
@ -5411,7 +5414,7 @@ func (b *LocalBackend) applyPrefsToHostinfoLocked(hi *tailcfg.Hostinfo, prefs ip
 	hi.RoutableIPs = prefs.AdvertiseRoutes().AsSlice()
 	hi.RequestTags = prefs.AdvertiseTags().AsSlice()
 	hi.ShieldsUp = prefs.ShieldsUp()
-	hi.AllowsUpdate = envknob.AllowsRemoteUpdate() || prefs.AutoUpdate().Apply.EqualBool(true)
+	hi.AllowsUpdate = buildfeatures.HasClientUpdate && (envknob.AllowsRemoteUpdate() || prefs.AutoUpdate().Apply.EqualBool(true))
 	b.metrics.advertisedRoutes.Set(float64(tsaddr.WithoutExitRoute(prefs.AdvertiseRoutes()).Len()))
@ -6076,18 +6079,22 @@ func (b *LocalBackend) setNetMapLocked(nm *netmap.NetworkMap) {
 		b.health.SetControlHealth(nil)
 	}
-	if nm.HasCap(tailcfg.NodeAttrLinuxMustUseIPTables) {
+	if runtime.GOOS == "linux" && buildfeatures.HasOSRouter {
-		b.capForcedNetfilter = "iptables"
+		if nm.HasCap(tailcfg.NodeAttrLinuxMustUseIPTables) {
-	} else if nm.HasCap(tailcfg.NodeAttrLinuxMustUseNfTables) {
+			b.capForcedNetfilter = "iptables"
-		b.capForcedNetfilter = "nftables"
+		} else if nm.HasCap(tailcfg.NodeAttrLinuxMustUseNfTables) {
-	} else {
+			b.capForcedNetfilter = "nftables"
-		b.capForcedNetfilter = "" // empty string means client can auto-detect
+		} else {
 			b.capForcedNetfilter = "" // empty string means client can auto-detect
 		}
 	}
 	b.MagicConn().SetSilentDisco(b.ControlKnobs().SilentDisco.Load())
 	b.MagicConn().SetProbeUDPLifetime(b.ControlKnobs().ProbeUDPLifetime.Load())
-	b.setDebugLogsByCapabilityLocked(nm)
+	if buildfeatures.HasDebug {
 		b.setDebugLogsByCapabilityLocked(nm)
 	}
 	// See the netns package for documentation on what this capability does.
 	netns.SetBindToInterfaceByRoute(nm.HasCap(tailcfg.CapabilityBindToInterfaceByRoute))
@ -6104,25 +6111,26 @@ func (b *LocalBackend) setNetMapLocked(nm *netmap.NetworkMap) {
 		}
 	}
-	if nm == nil {
+	if buildfeatures.HasAdvertiseRoutes {
-		// If there is no netmap, the client is going into a "turned off"
+		if nm == nil {
-		// state so reset the metrics.
+			// If there is no netmap, the client is going into a "turned off"
-		b.metrics.approvedRoutes.Set(0)
+			// state so reset the metrics.
-		return
+			b.metrics.approvedRoutes.Set(0)
-	}
+		} else if nm.SelfNode.Valid() {
-
+			var approved float64
-	if nm.SelfNode.Valid() {
+			for _, route := range nm.SelfNode.AllowedIPs().All() {
-		var approved float64
+				if !views.SliceContains(nm.SelfNode.Addresses(), route) && !tsaddr.IsExitRoute(route) {
-		for _, route := range nm.SelfNode.AllowedIPs().All() {
+					approved++
-			if !views.SliceContains(nm.SelfNode.Addresses(), route) && !tsaddr.IsExitRoute(route) {
+				}
 				approved++
 			}
 			b.metrics.approvedRoutes.Set(approved)
 		}
 		b.metrics.approvedRoutes.Set(approved)
 	}
-	if f, ok := hookSetNetMapLockedDrive.GetOk(); ok {
+	if buildfeatures.HasDrive && nm != nil {
-		f(b, nm)
+		if f, ok := hookSetNetMapLockedDrive.GetOk(); ok {
 			f(b, nm)
 		}
 	}
 }