From 75b965f6393608da471b0a577adc2e31c2e4cb4e Mon Sep 17 00:00:00 2001 From: James Hilliard Date: Sun, 28 Dec 2025 14:37:08 -0700 Subject: [PATCH 1/3] package/pkg-golang.mk: use golang toolchain default GOPROXY This change sets the default GOPROXY value to match Go's built-in default of "https://proxy.golang.org,direct" which provides several benefits: - Avoid package breakages due to missing module sources - Better alignment with upstream Go toolchain defaults - Faster downloads via the proxy compared to direct Git clones - Maintains reproducible builds through Go's module checksum validation The default value from the toolchain can be read with "go env GOPROXY" Signed-off-by: James Hilliard --- package/pkg-golang.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/pkg-golang.mk b/package/pkg-golang.mk index ffd50adecce..26da7be71b7 100644 --- a/package/pkg-golang.mk +++ b/package/pkg-golang.mk @@ -101,7 +101,7 @@ $(2)_POST_PATCH_HOOKS += $(2)_GEN_GOMOD $(2)_DOWNLOAD_POST_PROCESS = go $(2)_DL_ENV += \ $$(HOST_GO_COMMON_ENV) \ - GOPROXY=direct \ + GOPROXY="https://proxy.golang.org,direct" \ $$($(2)_GO_ENV) # If building in a sub directory, do the vendoring in there From 5f49cad67e17a5bef7c625a0abddfd7f974c16ef Mon Sep 17 00:00:00 2001 From: James Hilliard Date: Sun, 28 Dec 2025 14:37:09 -0700 Subject: [PATCH 2/3] package/pkg-golang.mk: make GOPROXY configurable BR2_GOPROXY now configures the Go module proxy URL used to download Go modules specified in project go.mod and go.sum files. By default, it uses Google's official Go module mirror at proxy.golang.org, falling back to direct downloads if the module is not found in the mirror. The default value from the toolchain can be read with "go env GOPROXY" We rely on package developers to audit their dependencies in go.mod and go.sum. The value can be configured to: - A comma-separated list of proxy URLs - "off" to disable all downloads - "direct" to download directly from source repositories For more details on Go module proxies: https://go.dev/ref/mod#module-proxy Discussion: https://lore.kernel.org/all/CADvTj4pXO2rwJ8oCzzGNY+OxLuo3uJnDT2PAxbyquw0L6dhfiA@mail.gmail.com/T/#t Signed-off-by: James Hilliard Signed-off-by: Christian Stewart Signed-off-by: Christian Stewart --- Config.in | 16 ++++++++++++++++ package/pkg-golang.mk | 2 +- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/Config.in b/Config.in index d730f2034b2..23717f3f977 100644 --- a/Config.in +++ b/Config.in @@ -335,6 +335,22 @@ config BR2_LUAROCKS_MIRROR See http://luarocks.org +config BR2_GOPROXY + string "Go module proxy" + default "https://proxy.golang.org,direct" + depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS + help + The Go module proxy URL used to download Go modules. By + default, it uses the official Go module mirror, falling back + to direct downloads if the module is not found in the mirror. + + The value can be one of: + - Comma-separated list of proxy URLs + - "off" to disable all downloads + - "direct" to download directly from source repositories + + See https://go.dev/ref/mod#module-proxy + config BR2_CPAN_MIRROR string "CPAN mirror (Perl packages)" default "https://cpan.metacpan.org" diff --git a/package/pkg-golang.mk b/package/pkg-golang.mk index 26da7be71b7..3e388cb2573 100644 --- a/package/pkg-golang.mk +++ b/package/pkg-golang.mk @@ -101,7 +101,7 @@ $(2)_POST_PATCH_HOOKS += $(2)_GEN_GOMOD $(2)_DOWNLOAD_POST_PROCESS = go $(2)_DL_ENV += \ $$(HOST_GO_COMMON_ENV) \ - GOPROXY="https://proxy.golang.org,direct" \ + GOPROXY=$$(call qstrip,$$(BR2_GOPROXY)) \ $$($(2)_GO_ENV) # If building in a sub directory, do the vendoring in there From e6e421437f120da76e773e0570c5ae21720ba303 Mon Sep 17 00:00:00 2001 From: James Hilliard Date: Sun, 28 Dec 2025 14:37:10 -0700 Subject: [PATCH 3/3] package/tailscale: bump to version 1.92.3 Fixes: https://tailscale.com/security-bulletins#ts-2025-008 Signed-off-by: James Hilliard --- package/tailscale/tailscale.hash | 2 +- package/tailscale/tailscale.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/tailscale/tailscale.hash b/package/tailscale/tailscale.hash index e2d600f03e9..51f81b65d71 100644 --- a/package/tailscale/tailscale.hash +++ b/package/tailscale/tailscale.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 4830cd822a838d5d44fd5eeebd07a2aacaf0255fb3fb7d3852d57659f54e51bc tailscale-1.78.1-go2.tar.gz +sha256 24783770ce8332ea81178c5ae0f1339f0aad80adbaae5a1c53abb3e44fd8b322 tailscale-1.92.3-go2.tar.gz sha256 d1ee1c7947d4b2c1963ea214d5324f1d4c89f2f1d0f0224889b4dfb868dad725 LICENSE diff --git a/package/tailscale/tailscale.mk b/package/tailscale/tailscale.mk index 86039fd4b1f..6bbfa8ac682 100644 --- a/package/tailscale/tailscale.mk +++ b/package/tailscale/tailscale.mk @@ -4,7 +4,7 @@ # ################################################################################ -TAILSCALE_VERSION = 1.78.1 +TAILSCALE_VERSION = 1.92.3 TAILSCALE_SITE = $(call github,tailscale,tailscale,v$(TAILSCALE_VERSION)) TAILSCALE_LICENSE = BSD-3-Clause TAILSCALE_LICENSE_FILES = LICENSE