From owner-svn-ports-all@freebsd.org Thu Apr 26 17:32:29 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA210FB3890; Thu, 26 Apr 2018 17:32:29 +0000 (UTC) (envelope-from seanc@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 52C637CB6C; Thu, 26 Apr 2018 17:32:29 +0000 (UTC) (envelope-from seanc@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4DC5E1B2F1; Thu, 26 Apr 2018 17:32:29 +0000 (UTC) (envelope-from seanc@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3QHWT7m099625; Thu, 26 Apr 2018 17:32:29 GMT (envelope-from seanc@FreeBSD.org) Received: (from seanc@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3QHWSaQ099619; Thu, 26 Apr 2018 17:32:28 GMT (envelope-from seanc@FreeBSD.org) Message-Id: <201804261732.w3QHWSaQ099619@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: seanc set sender to seanc@FreeBSD.org using -f From: Sean Chittenden Date: Thu, 26 Apr 2018 17:32:28 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r468360 - in head/security: . teleport teleport/files X-SVN-Group: ports-head X-SVN-Commit-Author: seanc X-SVN-Commit-Paths: in head/security: . teleport teleport/files X-SVN-Commit-Revision: 468360 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 17:32:30 -0000 Author: seanc Date: Thu Apr 26 17:32:28 2018 New Revision: 468360 URL: https://svnweb.freebsd.org/changeset/ports/468360 Log: Add new port: security/teleport Gravitational Teleport ("Teleport") is a modern SSH server for remotely accessing clusters of FreeBSD or Linux servers via SSH or HTTPS. It is intended to be used instead of sshd. Teleport enables teams to easily adopt the best SSH practices like: - Integrated SSH credentials with your organization Google Apps identities or other OAuth identitiy providers. - Teleport uses certificate-based access with automatic expiration time - Enforcement of 2nd factor authentication - Cluster introspection: every Teleport node becomes a part of a cluster and is visible on the Web UI - Record and replay SSH sessions for knowledge sharing and auditing purposes - Collaboratively troubleshoot issues through session sharing - Connect to clusters located behind firewalls without direct Internet access via SSH bastions Teleport is built on top of the high-quality Golang SSH implementation and it is compatible with OpenSSH. Initially submitted by: staticwizard@hotmail.com in ports/219332 PR: ports/219332 Approved by: swills (mentor) Reviewed by: yuri, swills, pi Differential Revision: https://reviews.freebsd.org/D14576 Added: head/security/teleport/ head/security/teleport/Makefile (contents, props changed) head/security/teleport/distinfo (contents, props changed) head/security/teleport/files/ head/security/teleport/files/pkg-message.in (contents, props changed) head/security/teleport/files/teleport.in (contents, props changed) head/security/teleport/pkg-descr (contents, props changed) Modified: head/security/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Thu Apr 26 16:41:23 2018 (r468359) +++ head/security/Makefile Thu Apr 26 17:32:28 2018 (r468360) @@ -1269,6 +1269,7 @@ SUBDIR += symbion-sslproxy SUBDIR += tclsasl SUBDIR += tcpcrypt + SUBDIR += teleport SUBDIR += testssl.sh SUBDIR += tinc SUBDIR += tinc-devel Added: head/security/teleport/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/Makefile Thu Apr 26 17:32:28 2018 (r468360) @@ -0,0 +1,61 @@ +# $FreeBSD$ + +PORTNAME= teleport +DISTVERSIONPREFIX= v +DISTVERSION= 2.5.6 +CATEGORIES= security + +MAINTAINER= seanc@FreeBSD.org +COMMENT= Gravitational Telport SSH + +LICENSE= APACHE20 + +BUILD_DEPENDS= ${LOCALBASE}/bin/go:lang/go \ + ${LOCALBASE}/bin/zip:archivers/zip + +USES= compiler gmake + +USE_GITHUB= yes +GH_ACCOUNT= gravitational +GH_TAGNAME= v${DISTVERSION}${DISTVERSIONSUFFIX} + +USE_RC_SUBR= teleport + +SUB_FILES= pkg-message + +PLIST_FILES= bin/teleport \ + bin/tctl \ + bin/tsh \ + etc/teleport.yaml.sample + +STRIP= + +GO_TELEPORT_SRC_DIR= src/github.com/gravitational/teleport +PRE_GOPATH_DIR= ${PORTNAME}-${DISTVERSION}${DISTVERSIONSUFFIX} + +post-extract: + @${MKDIR} ${WRKDIR}/${GO_TELEPORT_SRC_DIR} + @${CP} -rp ${WRKDIR}/${PRE_GOPATH_DIR}/vendor/* ${WRKDIR}/src/ + @${CP} -rp ${WRKDIR}/${PRE_GOPATH_DIR}/* ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/ + +do-build: + @cd ${WRKDIR}/${GO_TELEPORT_SRC_DIR} && \ + ${SETENV} ${MAKE_ENV} ${BUILD_ENV} \ + CGO_ENABLED=1 GOPATH=${WRKDIR} \ + ${GMAKE} full + +do-install: + ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/teleport configure > ${STAGEDIR}${PREFIX}/etc/teleport.yaml.sample + ${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/teleport ${STAGEDIR}${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/tsh ${STAGEDIR}${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/tctl ${STAGEDIR}${PREFIX}/bin + +.include + +# golang assumes that if clang is in use, it is called "clang" and not "cc". If +# it's called "cc", go fails. +.if ${COMPILER_TYPE} == clang +BUILD_ENV= CC=clang +.endif + +.include Added: head/security/teleport/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/distinfo Thu Apr 26 17:32:28 2018 (r468360) @@ -0,0 +1,3 @@ +TIMESTAMP = 1524207284 +SHA256 (gravitational-teleport-v2.5.6_GH0.tar.gz) = 7a7168df106b1d4ea3b81b5078eaf6ea8f6063b11c7171202d2e2b9bfbdcfe2c +SIZE (gravitational-teleport-v2.5.6_GH0.tar.gz) = 16216649 Added: head/security/teleport/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/files/pkg-message.in Thu Apr 26 17:32:28 2018 (r468360) @@ -0,0 +1,22 @@ +==== +Quick getting started guide: + +1. Read through the Quick Start Guide (see below). +2. Start teleport: su -c 'sysrc teleport_enable=YES' +3. Start teleport: su -c 'service teleport start' +3. Add yourself as a user: su -c "tctl users add $USER" +4. Create a password and 2FA code using the URL emitted during + the previous step. + +To add a new node to the cluster, on the auth server: + + $ tctl nodes add --ttl=5m --roles=node,proxy + +See the docs for additional details: + +Quick start: https://gravitational.com/teleport/docs/quickstart/ +Admin Manual: https://gravitational.com/teleport/docs/admin-guide/ +User Manual: https://gravitational.com/teleport/docs/user-manual/ +Architecture: https://gravitational.com/teleport/docs/architecture/ +FAQ: https://gravitational.com/teleport/docs/faq/ +==== Added: head/security/teleport/files/teleport.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/files/teleport.in Thu Apr 26 17:32:28 2018 (r468360) @@ -0,0 +1,40 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: teleport +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# teleport_enable (bool): Set to NO by default. +# Set it to YES to enable teleport. +# teleport_config (str): Configuration file. +# Default is "${LOCALBASE}/etc/teleport.yaml" +# teleport_dir (dir): Set dir to run teleport in. +# Default is "/var/lib/teleport". +# teleport_roles (dir): Set roles to run teleport in. +# Default is "node". + +. /etc/rc.subr + +name=teleport +rcvar=teleport_enable + +load_rc_config $name + +: ${teleport_enable:="NO"} +: ${teleport_config:="%%PREFIX%%/etc/teleport.yaml"} +: ${teleport_args:="--config=${teleport_config}" +: ${teleport_dir:="/var/lib/teleport"} +: ${teleport_roles:="node"} + +pidfile=/var/run/teleport.pid +required_files="${teleport_config}" +procname="%%PREFIX%%/bin/teleport" +command="/usr/sbin/daemon" +command_args="-S -T teleport -s info -m 3 -p ${pidfile} /usr/bin/env ${teleport_env} ${procname} start --roles=${teleport_roles} ${teleport_args}" + +run_rc_command "$1" Added: head/security/teleport/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/pkg-descr Thu Apr 26 17:32:28 2018 (r468360) @@ -0,0 +1,18 @@ +What is Teleport? +================= +Gravitational Teleport ("Teleport") is a modern SSH server for remotely +accessing clusters of Linux servers via SSH or HTTPS. It is intended to be used +instead of sshd. Teleport enables teams to easily adopt the best SSH practices +like: + +Integrated SSH credentials with your organization Google Apps identities or +other OAuth identitiy providers. No need to distribute keys: Teleport uses +certificate-based access with automatic expiration time. Enforcement of 2nd +factor authentication. Cluster introspection: every Teleport node becomes a part +of a cluster and is visible on the Web UI. Record and replay SSH sessions for +knowledge sharing and auditing purposes. Collaboratively troubleshoot issues +through session sharing. Connect to clusters located behind firewalls without +direct Internet access via SSH bastions. Teleport is built on top of the +high-quality Golang SSH implementation and it is compatible with OpenSSH. + +WWW: http://gravitational.com/teleport/