disable-auto-update.patch

diff -rub tailscale/clientupdate/clientupdate.go tailscale-patched/clientupdate/clientupdate.go
--- tailscale/clientupdate/clientupdate.go	2024-06-16 15:26:31.323022871 +0200
+++ tailscale-patched/clientupdate/clientupdate.go	2024-06-16 15:57:08.732315446 +0200
@@ -205,6 +205,8 @@
 			// The distro.Debian switch case above should catch most apt-based
 			// systems, but add this fallback just in case.
 			return up.updateDebLike, true
+		case haveExecutable("zypper"):
+			return up.updateSUSE, false
 		case haveExecutable("dnf"):
 			return up.updateFedoraLike("dnf"), true
 		case haveExecutable("yum"):
@@ -526,6 +528,12 @@
 you can use "pacman --sync --refresh --sysupgrade" or "pacman -Syu" to upgrade the system, including Tailscale.`)
 }
 
+func (up *Updater) updateSUSE() error {
+	// SUSE-based distros should update manually.
+	// The package can come from official Tailscale repos or not and the system can be transactional or not.
+	return errors.New(`Use Zypper or transactional-update (on applicable systems) to update Tailscale on openSUSE or SUSE Linux Enterprise installations.`)
+}
+
 func (up *Updater) updateNixos() error {
 	// NixOS package updates are managed on a system level and not individually.
 	// Direct users to update their nix channel or nixpkgs flake input to
Accepting request 1173203 from home:rrahl0:upgrades - update to 1.66.1: * Resolved issues with nftables rules for stateful filtering, introduced in v1.66.0. * tailscale set command flags --netfilter-mode, --snat-subnet-routes, and --stateful-filtering are added. - update to 1.66.0: * Implemented client-side quarantining for shared-in exit nodes, as a mitigation for a security vulnerability described in TS-2024-005. * Use the --stateful-filtering flag for the tailscale up to enable stateful filtering for subnet routers and exit nodes, as a mitigation for a security vulnerability described in TS-2024-005. * Added tab completions * Use the tailscale exit-node suggest command to automatically pick an available exit node that is likely to perform best. * Site-to-site networking now also requires --stateful-filtering=false in addition to --snat-subnet-routes=false on new subnet routers. Existing subnet routers with --snat-subnet-routes=false will default to --stateful-filtering=false. - update to 1.64.2: * nothing relevant for linux - update to 1.64.1: * nothing relevant for linux - update to 1.64.0: * New: tailscale configure kubeconfig now respects KUBECONFIG environment variable. * Fixed: tailscale configure kubeconfig now works with partially empty kubeconfig. * Fixed: MSS clamping for Kubernetes operator proxies using nftables. * Fixed: Containers on hosts with partial support for ip6tables no longer crash. - turn of changelog generation - add completions for bash OBS-URL: https://build.opensuse.org/request/show/1173203 OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=24 2024-05-10 15:52:27 +00:00			`diff -rub tailscale/clientupdate/clientupdate.go tailscale-patched/clientupdate/clientupdate.go`
Accepting request 1181176 from home:rrahl0:upgrades - update to 1.68.1: * Fixed: 4via6 subnet router advertisement works as expected. * Fixed: Tailscale SSH access to Security-Enhanced Linux (SELinux) machines works as expected. - update to 1.68.0: * New: Auto-updates are allowed in containers, but ignore the tailnet-wide default * New: Apply auto-updates even if the node is down or disconnected from the coordination server. * New: tailscale lock status now prints the node's signature. OBS-URL: https://build.opensuse.org/request/show/1181176 OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=28 2024-06-16 14:02:30 +00:00			`--- tailscale/clientupdate/clientupdate.go 2024-06-16 15:26:31.323022871 +0200`
			`+++ tailscale-patched/clientupdate/clientupdate.go 2024-06-16 15:57:08.732315446 +0200`
			`@@ -205,6 +205,8 @@`
Accepting request 1148797 from home:avicenzi:branches:network:vpn Disable auto update OBS-URL: https://build.opensuse.org/request/show/1148797 OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=18 2024-02-21 16:28:28 +00:00			`// The distro.Debian switch case above should catch most apt-based`
			`// systems, but add this fallback just in case.`
Accepting request 1181176 from home:rrahl0:upgrades - update to 1.68.1: * Fixed: 4via6 subnet router advertisement works as expected. * Fixed: Tailscale SSH access to Security-Enhanced Linux (SELinux) machines works as expected. - update to 1.68.0: * New: Auto-updates are allowed in containers, but ignore the tailnet-wide default * New: Apply auto-updates even if the node is down or disconnected from the coordination server. * New: tailscale lock status now prints the node's signature. OBS-URL: https://build.opensuse.org/request/show/1181176 OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=28 2024-06-16 14:02:30 +00:00			`return up.updateDebLike, true`
Accepting request 1148797 from home:avicenzi:branches:network:vpn Disable auto update OBS-URL: https://build.opensuse.org/request/show/1148797 OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=18 2024-02-21 16:28:28 +00:00			`+ case haveExecutable("zypper"):`
			`+ return up.updateSUSE, false`
			`case haveExecutable("dnf"):`
Accepting request 1181176 from home:rrahl0:upgrades - update to 1.68.1: * Fixed: 4via6 subnet router advertisement works as expected. * Fixed: Tailscale SSH access to Security-Enhanced Linux (SELinux) machines works as expected. - update to 1.68.0: * New: Auto-updates are allowed in containers, but ignore the tailnet-wide default * New: Apply auto-updates even if the node is down or disconnected from the coordination server. * New: tailscale lock status now prints the node's signature. OBS-URL: https://build.opensuse.org/request/show/1181176 OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=28 2024-06-16 14:02:30 +00:00			`return up.updateFedoraLike("dnf"), true`
Accepting request 1148797 from home:avicenzi:branches:network:vpn Disable auto update OBS-URL: https://build.opensuse.org/request/show/1148797 OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=18 2024-02-21 16:28:28 +00:00			`case haveExecutable("yum"):`
Accepting request 1181176 from home:rrahl0:upgrades - update to 1.68.1: * Fixed: 4via6 subnet router advertisement works as expected. * Fixed: Tailscale SSH access to Security-Enhanced Linux (SELinux) machines works as expected. - update to 1.68.0: * New: Auto-updates are allowed in containers, but ignore the tailnet-wide default * New: Apply auto-updates even if the node is down or disconnected from the coordination server. * New: tailscale lock status now prints the node's signature. OBS-URL: https://build.opensuse.org/request/show/1181176 OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=28 2024-06-16 14:02:30 +00:00			`@@ -526,6 +528,12 @@`
Accepting request 1148797 from home:avicenzi:branches:network:vpn Disable auto update OBS-URL: https://build.opensuse.org/request/show/1148797 OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=18 2024-02-21 16:28:28 +00:00			you can use "pacman --sync --refresh --sysupgrade" or "pacman -Syu" to upgrade the system, including Tailscale.`)
			`}`

			`+func (up *Updater) updateSUSE() error {`
			`+ // SUSE-based distros should update manually.`
			`+ // The package can come from official Tailscale repos or not and the system can be transactional or not.`
			+ return errors.New(`Use Zypper or transactional-update (on applicable systems) to update Tailscale on openSUSE or SUSE Linux Enterprise installations.`)
			`+}`
			`+`
Accepting request 1157798 from home:rrahl0:branches:network:vpn update to 1.62.0 OBS-URL: https://build.opensuse.org/request/show/1157798 OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=20 2024-03-14 05:33:47 +00:00			`func (up *Updater) updateNixos() error {`
			`// NixOS package updates are managed on a system level and not individually.`
			`// Direct users to update their nix channel or nixpkgs flake input to`