Date: Mon, 3 Aug 2020 00:49:06 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r544006 - in head/security/teleport: . files Message-ID: <202008030049.0730n6J6005322@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Mon Aug 3 00:49:06 2020 New Revision: 544006 URL: https://svnweb.freebsd.org/changeset/ports/544006 Log: security/teleport: update to 4.3.2 While here, take maintainership since I use this, and also clean up a bit, remove REINPLACE_CMD Added: head/security/teleport/files/patch-build.assets_pkg_etc_teleport.yaml (contents, props changed) head/security/teleport/files/patch-lib_config_fileconf.go (contents, props changed) head/security/teleport/files/patch-lib_defaults_defaults.go (contents, props changed) head/security/teleport/files/patch-lib_events_auditlog.go (contents, props changed) head/security/teleport/files/patch-lib_events_doc.go (contents, props changed) head/security/teleport/files/patch-lib_services_server.go (contents, props changed) head/security/teleport/files/patch-tool_teleport_common_teleport__test.go (contents, props changed) head/security/teleport/files/patch-version.mk (contents, props changed) Modified: head/security/teleport/Makefile (contents, props changed) head/security/teleport/distinfo (contents, props changed) head/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go (contents, props changed) head/security/teleport/files/teleport.in Modified: head/security/teleport/Makefile ============================================================================== --- head/security/teleport/Makefile Sun Aug 2 22:44:24 2020 (r544005) +++ head/security/teleport/Makefile Mon Aug 3 00:49:06 2020 (r544006) @@ -2,10 +2,10 @@ PORTNAME= teleport DISTVERSIONPREFIX= v -DISTVERSION= 4.2.11 +DISTVERSION= 4.3.2 CATEGORIES= security -MAINTAINER= ports@FreeBSD.org +MAINTAINER= swills@FreeBSD.org COMMENT= Gravitational Teleport SSH LICENSE= APACHE20 @@ -17,8 +17,11 @@ BUILD_DEPENDS= zip:archivers/zip USES= compiler gmake go -USE_GITHUB= yes -GH_ACCOUNT= gravitational +USE_GITHUB= yes +GH_ACCOUNT= gravitational +GH_TUPLE= gravitational:webassets:e65ae13:webassets/webassets +GH_COMMIT_SHORT= c6d702ad8 +GH_TAG_COMMIT= ${DISTVERSIONPREFIX}${DISTVERSION}-0-g${GH_COMMIT_SHORT} USE_RC_SUBR= teleport @@ -28,25 +31,20 @@ NOPRECIOUSMAKEVARS= YES SUB_FILES= pkg-message -PLIST_FILES= bin/teleport \ - bin/tctl \ +PLIST_FILES= bin/tctl \ + bin/teleport \ bin/tsh \ "@sample etc/teleport.yaml.sample" GO_TELEPORT_SRC_DIR= src/github.com/gravitational/teleport -PRE_GOPATH_DIR= ${PORTNAME}-${DISTVERSION}${DISTVERSIONSUFFIX} +PRE_GOPATH_DIR= ${PORTNAME}-${DISTVERSION}${DISTVERSIONSUFFIX} -post-extract: +post-patch: @${MKDIR} ${WRKDIR}/${GO_TELEPORT_SRC_DIR} + @${REINPLACE_CMD} -e 's|%%GH_TAG_COMMIT%%|${GH_TAG_COMMIT}|' \ + ${WRKSRC}/version.mk @${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/vendor/* ${WRKDIR}/src/ @${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/* ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/ - -post-patch: - @${REINPLACE_CMD} -e 's|^GITREF=.*|GITREF=${GH_TAG_COMMIT}|' \ - ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/version.mk - @${FIND} ${WRKDIR} -type f -exec ${SED} -i '' \ - -e 's|\/var\/lib|/var/db|g' \ - -e 's|\/usr\/bin\/hostname|/bin/hostname|g' {} + do-build: @cd ${WRKDIR}/${GO_TELEPORT_SRC_DIR} && \ Modified: head/security/teleport/distinfo ============================================================================== --- head/security/teleport/distinfo Sun Aug 2 22:44:24 2020 (r544005) +++ head/security/teleport/distinfo Mon Aug 3 00:49:06 2020 (r544006) @@ -1,3 +1,5 @@ -TIMESTAMP = 1593594956 -SHA256 (gravitational-teleport-v4.2.11_GH0.tar.gz) = e0c8f0123fd2c87fccd5464abc1079a82f0097999efeed32059a01f6fab19616 -SIZE (gravitational-teleport-v4.2.11_GH0.tar.gz) = 55839443 +TIMESTAMP = 1596370038 +SHA256 (gravitational-teleport-v4.3.2_GH0.tar.gz) = 25e1865e12672302bb854bdda9f7d9a7bfe5adc2c59e32bd904214fea4d0d1d6 +SIZE (gravitational-teleport-v4.3.2_GH0.tar.gz) = 54645625 +SHA256 (gravitational-webassets-e65ae13_GH0.tar.gz) = 0157db26b46741e0aa1483b47b1d6f643f01bdb6a626c51f77e2c36ba15834f6 +SIZE (gravitational-webassets-e65ae13_GH0.tar.gz) = 4684366 Added: head/security/teleport/files/patch-build.assets_pkg_etc_teleport.yaml ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/files/patch-build.assets_pkg_etc_teleport.yaml Mon Aug 3 00:49:06 2020 (r544006) @@ -0,0 +1,51 @@ +--- build.assets/pkg/etc/teleport.yaml.orig 2020-07-08 18:08:40 UTC ++++ build.assets/pkg/etc/teleport.yaml +@@ -9,7 +9,7 @@ teleport: + + # Data directory where Teleport daemon keeps its data. + # See "Filesystem Layout" section above for more details. +- # data_dir: /var/lib/teleport ++ # data_dir: /var/db/teleport + + # Invitation token used to join a cluster. it is not used on + # subsequent starts +@@ -54,8 +54,8 @@ teleport: + type: dir + + # Array of locations where the audit log events will be stored. by +- # default they are stored in `/var/lib/teleport/log` +- # audit_events_uri: ['file:///var/lib/teleport/log', 'dynamodb://events_table_name', 'stdout://'] ++ # default they are stored in `/var/db/teleport/log` ++ # audit_events_uri: ['file:///var/db/teleport/log', 'dynamodb://events_table_name', 'stdout://'] + + # Use this setting to configure teleport to store the recorded sessions in + # an AWS S3 bucket. see "Using Amazon S3" chapter for more information. +@@ -111,7 +111,7 @@ auth_service: + # By default an automatically generated name is used (not recommended) + # + # IMPORTANT: if you change cluster_name, it will invalidate all generated +- # certificates and keys (may need to wipe out /var/lib/teleport directory) ++ # certificates and keys (may need to wipe out /var/db/teleport directory) + # cluster_name: "main" + + authentication: +@@ -185,7 +185,7 @@ auth_service: + # + # If not set, by default Teleport will look for the `license.pem` file in + # the configured `data_dir`. +- # license_file: /var/lib/teleport/license.pem ++ # license_file: /var/db/teleport/license.pem + + # DEPRECATED in Teleport 3.2 (moved to proxy_service section) + # kubeconfig_file: /path/to/kubeconfig +@@ -258,8 +258,8 @@ proxy_service: + + # TLS certificate for the HTTPS connection. Configuring these properly is + # critical for Teleport security. +- # https_key_file: /var/lib/teleport/webproxy_key.pem +- # https_cert_file: /var/lib/teleport/webproxy_cert.pem ++ # https_key_file: /var/db/teleport/webproxy_key.pem ++ # https_cert_file: /var/db/teleport/webproxy_cert.pem + + # This section configures the Kubernetes proxy service + # kubernetes: Added: head/security/teleport/files/patch-lib_config_fileconf.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/files/patch-lib_config_fileconf.go Mon Aug 3 00:49:06 2020 (r544006) @@ -0,0 +1,11 @@ +--- lib/config/fileconf.go.orig 2020-07-08 18:08:40 UTC ++++ lib/config/fileconf.go +@@ -281,7 +281,7 @@ func MakeSampleFileConfig() (fc *FileConfig, err error + s.Commands = []CommandLabel{ + { + Name: "hostname", +- Command: []string{"/usr/bin/hostname"}, ++ Command: []string{"/bin/hostname"}, + Period: time.Minute, + }, + { Added: head/security/teleport/files/patch-lib_defaults_defaults.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/files/patch-lib_defaults_defaults.go Mon Aug 3 00:49:06 2020 (r544006) @@ -0,0 +1,11 @@ +--- lib/defaults/defaults.go.orig 2020-07-08 18:08:40 UTC ++++ lib/defaults/defaults.go +@@ -436,7 +436,7 @@ var ( + + // DataDir is where all mutable data is stored (user keys, recorded sessions, + // registered SSH servers, etc): +- DataDir = "/var/lib/teleport" ++ DataDir = "/var/db/teleport" + + // StartRoles is default roles teleport assumes when started via 'start' command + StartRoles = []string{RoleProxy, RoleNode, RoleAuthService} Added: head/security/teleport/files/patch-lib_events_auditlog.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/files/patch-lib_events_auditlog.go Mon Aug 3 00:49:06 2020 (r544006) @@ -0,0 +1,11 @@ +--- lib/events/auditlog.go.orig 2020-07-08 18:08:40 UTC ++++ lib/events/auditlog.go +@@ -45,7 +45,7 @@ import ( + const ( + // SessionLogsDir is a subdirectory inside the eventlog data dir + // where all session-specific logs and streams are stored, like +- // in /var/lib/teleport/logs/sessions ++ // in /var/db/teleport/logs/sessions + SessionLogsDir = "sessions" + + // PlaybacksDir is a directory for playbacks Added: head/security/teleport/files/patch-lib_events_doc.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/files/patch-lib_events_doc.go Mon Aug 3 00:49:06 2020 (r544006) @@ -0,0 +1,110 @@ +--- lib/events/doc.go.orig 2020-07-08 18:08:40 UTC ++++ lib/events/doc.go +@@ -85,7 +85,7 @@ Main Audit Log Format + + The main log files are saved as: + +- /var/lib/teleport/log/<auth-server-id>/<date>.log ++ /var/db/teleport/log/<auth-server-id>/<date>.log + + The log file is rotated every 24 hours. The old files must be cleaned + up or archived by an external tool. +@@ -111,7 +111,7 @@ Each session has its own session log stored as several + + Index file contains a list of event files and chunks files associated with a session: + +- /var/lib/teleport/log/sessions/<auth-server-id>/<session-id>.index ++ /var/db/teleport/log/sessions/<auth-server-id>/<session-id>.index + + The format of the index file contains of two or more lines with pointers to other files: + +@@ -120,8 +120,8 @@ The format of the index file contains of two or more l + + Files: + +- /var/lib/teleport/log/<auth-server-id>/<session-id>-<first-event-in-file-index>.events +- /var/lib/teleport/log/<auth-server-id>/<session-id>-<first-chunk-in-file-offset>.chunks ++ /var/db/teleport/log/<auth-server-id>/<session-id>-<first-event-in-file-index>.events ++ /var/db/teleport/log/<auth-server-id>/<session-id>-<first-chunk-in-file-offset>.chunks + + Where: + - .events (same events as in the main log, but related to the session) +@@ -135,7 +135,7 @@ Examples + In the simplest case, single auth server a1 log for a single session id s1 + will consist of three files: + +-/var/lib/teleport/a1/s1.index ++/var/db/teleport/a1/s1.index + + With contents: + +@@ -146,14 +146,14 @@ This means that all session events are located in s1-0 + the first event with index 0 and all chunks are located in file s1-0.chunks file + with the byte offset from the start - 0. + +-File with session events /var/lib/teleport/a1/s1-0.events will contain: ++File with session events /var/db/teleport/a1/s1-0.events will contain: + + {"ei":0,"event":"session.start", ...} + {"ei":1,"event":"resize",...} + {"ei":2,"ci":0, "event":"print","bytes":40,"offset":0} + {"ei":3,"event":"session.end", ...} + +-File with recorded session /var/lib/teleport/a1/s1-0.chunks will contain 40 bytes ++File with recorded session /var/db/teleport/a1/s1-0.chunks will contain 40 bytes + emitted by print event with chunk index 0 + + **Multiple Auth Servers** +@@ -164,7 +164,7 @@ In high availability mode scenario, multiple auth serv + Any auth server can go down during session and clients will retry the delivery + to the other auth server. + +-Both auth servers have mounted /var/lib/teleport/log as a shared NFS folder. ++Both auth servers have mounted /var/db/teleport/log as a shared NFS folder. + + To make sure that only one auth server writes to a file at a time, + each auth server writes to it's own file in a sub folder named +@@ -176,37 +176,37 @@ and the second batch of event to the second server a2. + + Server a1 will produce the following file: + +-/var/lib/teleport/a1/s1.index ++/var/db/teleport/a1/s1.index + + With contents: + + {"file_name":"s1-0.events","type":"events","index":0} + {"file_name":"s1-0.chunks","type":"chunks","offset":0} + +-Events file /var/lib/teleport/a1/s1-0.events will contain: ++Events file /var/db/teleport/a1/s1-0.events will contain: + + {"ei":0,"event":"session.start", ...} + {"ei":1,"event":"resize",...} + {"ei":2,"ci":0, "event":"print","bytes":40,"offset":0} + +-Events file /var/lib/teleport/a1/s1-0.chunks will contain 40 bytes ++Events file /var/db/teleport/a1/s1-0.chunks will contain 40 bytes + emitted by print event with chunk index. + + Server a2 will produce the following file: + +-/var/lib/teleport/a2/s1.index ++/var/db/teleport/a2/s1.index + + With contents: + + {"file_name":"s1-3.events","type":"events","index":3} + {"file_name":"s1-40.chunks","type":"chunks","offset":40} + +-Events file /var/lib/teleport/a2/s1-4.events will contain: ++Events file /var/db/teleport/a2/s1-4.events will contain: + + {"ei":3,"ci":1, "event":"print","bytes":15,"ms":713,"offset":40} + {"ei":4,"event":"session.end", ...} + +-Events file /var/lib/teleport/a2/s1-40.chunks will contain 15 bytes emitted ++Events file /var/db/teleport/a2/s1-40.chunks will contain 15 bytes emitted + by print event with chunk index 1 and comes after delay of 713 milliseconds. + + Offset 40 indicates that the first chunk stored in the file s1-40.chunks Added: head/security/teleport/files/patch-lib_services_server.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/files/patch-lib_services_server.go Mon Aug 3 00:49:06 2020 (r544006) @@ -0,0 +1,11 @@ +--- lib/services/server.go.orig 2020-07-08 18:08:40 UTC ++++ lib/services/server.go +@@ -546,7 +546,7 @@ type CommandLabelV1 struct { + // Period is a time between command runs + Period time.Duration `json:"period"` + // Command is a command to run +- Command []string `json:"command"` //["/usr/bin/hostname", "--long"] ++ Command []string `json:"command"` //["/bin/hostname", "--long"] + // Result captures standard output + Result string `json:"result"` + } Added: head/security/teleport/files/patch-tool_teleport_common_teleport__test.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/files/patch-tool_teleport_common_teleport__test.go Mon Aug 3 00:49:06 2020 (r544006) @@ -0,0 +1,20 @@ +--- tool/teleport/common/teleport_test.go.orig 2020-07-08 18:08:40 UTC ++++ tool/teleport/common/teleport_test.go +@@ -62,7 +62,7 @@ func (s *MainTestSuite) SetUpSuite(c *check.C) { + + // set imprtant defaults to test-mode (non-existing files&locations) + defaults.ConfigFilePath = "/tmp/teleport/etc/teleport.yaml" +- defaults.DataDir = "/tmp/teleport/var/lib/teleport" ++ defaults.DataDir = "/tmp/teleport/var/db/teleport" + } + + func (s *MainTestSuite) TestDefault(c *check.C) { +@@ -72,7 +72,7 @@ func (s *MainTestSuite) TestDefault(c *check.C) { + }) + c.Assert(cmd, check.Equals, "start") + c.Assert(conf.Hostname, check.Equals, s.hostname) +- c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/lib/teleport") ++ c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/db/teleport") + c.Assert(conf.Auth.Enabled, check.Equals, true) + c.Assert(conf.SSH.Enabled, check.Equals, true) + c.Assert(conf.Proxy.Enabled, check.Equals, true) Modified: head/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go ============================================================================== --- head/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go Sun Aug 2 22:44:24 2020 (r544005) +++ head/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go Mon Aug 3 00:49:06 2020 (r544006) @@ -1,40 +1,5 @@ ---- vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig 2019-12-23 19:57:30 UTC +--- vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig 2020-07-24 04:36:27 UTC +++ vendor/github.com/kr/pty/ztypes_freebsd_arm64.go -@@ -0,0 +1,13 @@ -+// Created by cgo -godefs - DO NOT EDIT -+// cgo -godefs types_freebsd.go -+ -+package pty -+ -+const ( -+ _C_SPECNAMELEN = 0x3f -+) -+ -+type fiodgnameArg struct { -+ Len int32 -+ Buf *byte -+} - - ---- ../src/github.com/gravitational/teleport/vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig 2019-12-23 19:57:30 UTC -+++ ../src/github.com/gravitational/teleport/vendor/github.com/kr/pty/ztypes_freebsd_arm64.go -@@ -0,0 +1,13 @@ -+// Created by cgo -godefs - DO NOT EDIT -+// cgo -godefs types_freebsd.go -+ -+package pty -+ -+const ( -+ _C_SPECNAMELEN = 0x3f -+) -+ -+type fiodgnameArg struct { -+ Len int32 -+ Buf *byte -+} - ---- ../src/golang.org/x/sys/unix/ztypes_freebsd_arm64.go.orig 2019-12-23 19:57:30 UTC -+++ ../src/golang.org/x/sys/unix/ztypes_freebsd_arm64.go @@ -0,0 +1,13 @@ +// Created by cgo -godefs - DO NOT EDIT +// cgo -godefs types_freebsd.go Added: head/security/teleport/files/patch-version.mk ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/teleport/files/patch-version.mk Mon Aug 3 00:49:06 2020 (r544006) @@ -0,0 +1,8 @@ +--- version.mk.orig 2020-07-08 18:08:40 UTC ++++ version.mk +@@ -1,4 +1,4 @@ +-GITREF=`git describe --dirty --long --tags` ++GITREF=%%GH_TAG_COMMIT%% + + # $(VERSION_GO) will be written to version.go + VERSION_GO="/* DO NOT EDIT THIS FILE. IT IS GENERATED BY 'make setver'*/\n\n\ Modified: head/security/teleport/files/teleport.in ============================================================================== --- head/security/teleport/files/teleport.in Sun Aug 2 22:44:24 2020 (r544005) +++ head/security/teleport/files/teleport.in Mon Aug 3 00:49:06 2020 (r544006) @@ -3,7 +3,7 @@ # $FreeBSD$ # # PROVIDE: teleport -# REQUIRE: LOGIN +# REQUIRE: NETWORKING SERVERS DAEMON # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202008030049.0730n6J6005322>