Tailscale update fails to take into account immutable rpm-ostree based operating systems

martijk commented 3 months ago

What is the issue?

Tailscale fails to detect immutable rpm-ostree based operating systems, like Fedora Silverblue. Instead, it falls back to tarball updates and fails to extract the new binary to /usr/sbin/. To be honest, it feels a bit weird anyway to fall back to tarballs when it's perfectly possible that the installation is managed by an unsupported package manager, but that's out of scope for this bug report.

Steps to reproduce

$ sudo tailscale update --track=unstable
This will update Tailscale from 1.60.1 to 1.61.69. Continue? [y/n] y
Downloading "https://pkgs.tailscale.com/unstable/tailscale_1.61.69_amd64.tgz"
Download size: 27099345
Downloaded 11440/27099345 (0.0%)
Downloaded 27099345/27099345 (100.0%)
Downloading "https://pkgs.tailscale.com/unstable/tailscale_1.61.69_amd64.tgz.sig"
Signature OK
Extracting "/root/.cache/tailscale-update/tailscale_1.61.69_amd64.tgz"
failed extracting the new tailscaled binary from "/root/.cache/tailscale-update/tailscale_1.61.69_amd64.tgz": failed to remove existing file at "/usr/sbin/tailscaled.new": remove /usr/sbin/tailscaled.new: read-only file system

Are there any recent changes that introduced the issue?

You can see here that this situation is not properly detected:

https://github.com/tailscale/tailscale/blob/65255b060be8d2655ccf2f5561400f5aea77e5f8/clientupdate/clientupdate.go#L168-L218

One way to detect it would be to look for the rpm-ostree command. It's up to Tailscale to decide whether to mark the OS as unsupported, or to call rpm-ostree to update the package, but keep in mind that many commands will trigger rpm-ostree to update additional packages, so this should be carefully tested. Also, it's possible that Tailscale has already been removed in the staged deployment, and this should also be properly handled to avoid it being reinstalled.

OS

Linux

OS version

Fedora Silverblue 39

Tailscale version

1.60.1

Other software

No response

Bug report

No response

awly commented 2 months ago

Thanks for the report, I'll dig into Fedora Silverblue to see how things work there. It's unfortunate that they don't support the same rpm CLI interface, but I'm sure there was a good reason for it.

To be honest, it feels a bit weird anyway to fall back to tarballs when it's perfectly possible that the installation is managed by an unsupported package manager

Yeah, the fallback mechanism is not perfect. The reasons we have it are:

there are so many Linux distributions and package managers that it would be infeasible to support all of them; we support some of the more common ones, and fall back to tarballs to cover the long tail
some distributions are slow to update Tailscale in their repos, so users can opt to install and update via a tarball to get a newer version and faster security patches, even when there's a well-known package manager on the system

OpCoreEngine commented 4 weeks ago

I get the same error as a Bazitte user. (Bazzite is a custom image built upon Fedora Atomic Desktops)

Tailscale works fine, but the update process is not successful.

Installation step:

op@fedora:~$ curl -fsSL https://tailscale.com/install.sh | sh
Installing Tailscale for fedora, using method dnf
+ sudo dnf install -y 'dnf-command(config-manager)'
[sudo] password for op: 
Note: This system is image (rpm-ostree) based.
Checking out tree 593a622... done
Enabled rpm-md repositories: copr:copr.fedorainfracloud.org:matte-schwartz:sunshine copr:copr.fedorainfracloud.org:rodoma92:kde-cdemu-manager copr:copr.fedorainfracloud.org:rok:cdemu updates fedora rpmfusion-free-updates-testing rpmfusion-free-updates rpmfusion-free updates-archive
Updating metadata for 'copr:copr.fedorainfracloud.org:matte-schwartz:sunshine'... done
Updating metadata for 'copr:copr.fedorainfracloud.org:rodoma92:kde-cdemu-manager'... done
Updating metadata for 'copr:copr.fedorainfracloud.org:rok:cdemu'... done
⠙ Updating metadata for 'updates'  95% [███████████████████░] (0s)              

Updating metadata for 'updates'... done
Updating metadata for 'fedora'... done
Updating metadata for 'rpmfusion-free-updates-testing'... done
Updating metadata for 'rpmfusion-free-updates'... done
Updating metadata for 'rpmfusion-free'... done
Updating metadata for 'updates-archive'... done
Importing rpm-md... done
rpm-md repo 'copr:copr.fedorainfracloud.org:matte-schwartz:sunshine'; generated: 2024-05-16T09:38:07Z solvables: 2
rpm-md repo 'copr:copr.fedorainfracloud.org:rodoma92:kde-cdemu-manager'; generated: 2024-04-20T12:39:00Z solvables: 12
rpm-md repo 'copr:copr.fedorainfracloud.org:rok:cdemu'; generated: 2024-02-20T12:07:53Z solvables: 23
rpm-md repo 'updates'; generated: 2024-05-16T01:43:28Z solvables: 13500
rpm-md repo 'fedora'; generated: 2024-04-14T18:51:11Z solvables: 74881
rpm-md repo 'rpmfusion-free-updates-testing'; generated: 2024-05-08T11:59:01Z solvables: 15
rpm-md repo 'rpmfusion-free-updates'; generated: 2024-05-08T11:58:16Z solvables: 72
rpm-md repo 'rpmfusion-free'; generated: 2024-04-20T12:11:51Z solvables: 422
rpm-md repo 'updates-archive'; generated: 2024-05-16T02:07:34Z solvables: 12100
Resolving dependencies... done
Will download: 2 packages (363.6 kB)
Downloading from 'updates'... done
Importing packages... done
Checking out packages... done
Running pre scripts... done
Running post scripts... done
Running posttrans scripts... done
Writing rpmdb... done
Writing OSTree commit... done
Staging deployment... done
error: packages would be changed: 284, allow replacement to override

Tailscale Status:

op@fedora:~$ tailscale status
xxxxxxxxxxx   device     OpCoreEngine@ linux   -
xxxxxxxxxxx   device     OpCoreEngine@ windows offline
xxxxxxxxxxx   device     OpCoreEngine@ linux   idle; offers exit node, tx 1900 rx 30260
xxxxxxxxxxx   device     OpCoreEngine@ linux   offline
xxxxxxxxxxx   device     OpCoreEngine@ macOS   -
xxxxxxxxxxx   device     OpCoreEngine@ android offline

# Health check:
#     - Update available: 1.66.0 -> 1.66.3, run `tailscale update` or `tailscale set --auto-update` to update

Update step:

op@fedora:~$ sudo tailscale update
This will update Tailscale from 1.66.0 to 1.66.3. Continue? [y/n] y
Downloading "https://pkgs.tailscale.com/stable/tailscale_1.66.3_amd64.tgz"
Download size: 27329426
Downloaded 512/27329426 (0.0%)
Downloaded 27329426/27329426 (100.0%)
Downloading "https://pkgs.tailscale.com/stable/tailscale_1.66.3_amd64.tgz.sig"
Signature OK
Extracting "/root/.cache/tailscale-update/tailscale_1.66.3_amd64.tgz"
failed extracting the new tailscaled binary from "/root/.cache/tailscale-update/tailscale_1.66.3_amd64.tgz": failed to remove existing file at "/usr/sbin/tailscaled.new": remove /usr/sbin/tailscaled.new: read-only file system

tailscale / tailscale