Date: Fri, 31 Mar 2023 00:02:34 GMT From: Muhammad Moinur Rahman <bofh@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 301d2b57c411 - main - security/teleport: Update version 4.4.12=>5.2.5 Message-ID: <202303310002.32V02Yft018825@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by bofh: URL: https://cgit.FreeBSD.org/ports/commit/?id=301d2b57c411477e53b659039c91bf72557ea765 commit 301d2b57c411477e53b659039c91bf72557ea765 Author: Muhammad Moinur Rahman <bofh@FreeBSD.org> AuthorDate: 2023-03-30 20:06:43 +0000 Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org> CommitDate: 2023-03-30 23:59:59 +0000 security/teleport: Update version 4.4.12=>5.2.5 This port was marked to expire on 2023-03-31 but there was another port security/teleport5 with more recent version from upstream. So move security/teleport5 to security/teleport. Pet portlint/portclippy while I am here. Approved by: portmgr (blanket) --- MOVED | 1 + security/Makefile | 1 - security/teleport/Makefile | 15 +-- security/teleport/distinfo | 10 +- .../files/patch-docs_pages_config-reference.mdx | 68 ------------- security/teleport/files/pkg-message.in | 12 +-- security/teleport/files/teleport.in | 2 +- security/teleport/pkg-descr | 8 +- security/teleport5/Makefile | 78 --------------- security/teleport5/distinfo | 5 - .../teleport5/files/patch-lib_defaults_defaults.go | 11 --- .../teleport5/files/patch-lib_events_auditlog.go | 11 --- security/teleport5/files/patch-lib_events_doc.go | 110 --------------------- .../teleport5/files/patch-lib_services_server.go | 11 --- .../patch-tool_teleport_common_teleport__test.go | 20 ---- ...dor_github.com_kr_pty_ztypes__freebsd__arm64.go | 16 --- security/teleport5/files/patch-version.mk | 8 -- security/teleport5/files/pkg-message.in | 33 ------- security/teleport5/files/teleport.in | 55 ----------- security/teleport5/pkg-descr | 15 --- 20 files changed, 23 insertions(+), 467 deletions(-) diff --git a/MOVED b/MOVED index eb2f108f6be6..a477c5a5b053 100644 --- a/MOVED +++ b/MOVED @@ -17886,3 +17886,4 @@ devel/horde-content||2023-03-31|Has expired: Requires php74 devel/horde-timeobjects||2023-03-31|Has expired: Requires php74 www/horde-base||2023-03-31|Has expired: Requires php74 multimedia/transcode||2023-03-31|Has expired: abandoned by upstream and does not build +security/teleport5|security/teleport|2023-03-31|More recent version than expired teleport port diff --git a/security/Makefile b/security/Makefile index db69d7838389..034e957031c0 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1268,7 +1268,6 @@ SUBDIR += tclsasl SUBDIR += tcpcrypt SUBDIR += teleport - SUBDIR += teleport5 SUBDIR += testssl.sh SUBDIR += tfhe SUBDIR += tfsec diff --git a/security/teleport/Makefile b/security/teleport/Makefile index 8ae972fbd15b..3c4d23f4e9e7 100644 --- a/security/teleport/Makefile +++ b/security/teleport/Makefile @@ -1,7 +1,6 @@ PORTNAME= teleport DISTVERSIONPREFIX= v -DISTVERSION= 4.4.12 -PORTREVISION= 5 +DISTVERSION= 5.2.5 CATEGORIES= security MAINTAINER= kraileth@elderlinux.org @@ -10,9 +9,6 @@ WWW= https://goteleport.com/teleport LICENSE= APACHE20 -DEPRECATED= End of life, users are recommended to use security/teleport5 as an upgrade path -EXPIRATION_DATE=2023-03-31 - NOT_FOR_ARCHS= i386 NOT_FOR_ARCHS_REASON= Uses 64bit types @@ -21,19 +17,16 @@ BUILD_DEPENDS= zip:archivers/zip # If you need the auth service to work, you need to compile this port with # Go 1.17 or older. In case tsh is what you're after, Go 1.19 is fine. USES= compiler gmake go - USE_GITHUB= yes GH_ACCOUNT= gravitational -GH_TUPLE= gravitational:webassets:2ee76aa:webassets/webassets -GH_COMMIT_SHORT= fabee242d +GH_TUPLE= gravitational:webassets:8ace0cf:webassets/webassets +GH_COMMIT_SHORT= f8ba4afd9 GH_TAG_COMMIT= ${DISTVERSIONPREFIX}${DISTVERSION}-0-g${GH_COMMIT_SHORT} - USE_RC_SUBR= teleport # Extra assets are stored in the binary and must not be inadvertently removed STRIP= NOPRECIOUSMAKEVARS= YES - SUB_FILES= pkg-message PLIST_FILES= bin/tctl \ @@ -48,6 +41,8 @@ post-patch: @${MKDIR} ${WRKDIR}/${GO_TELEPORT_SRC_DIR} @${REINPLACE_CMD} -e 's|%%GH_TAG_COMMIT%%|${GH_TAG_COMMIT}|' \ ${WRKSRC}/version.mk + @${FIND} ${WRKSRC}/docs/pages -iname '*.mdx' | ${XARGS} \ + ${REINPLACE_CMD} -i '' -e 's|/var/lib|/var/db|g' @${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/vendor/* ${WRKDIR}/src/ @${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/* ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/ diff --git a/security/teleport/distinfo b/security/teleport/distinfo index 362cf0489a3b..cd05976249ca 100644 --- a/security/teleport/distinfo +++ b/security/teleport/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1665730213 -SHA256 (gravitational-teleport-v4.4.12_GH0.tar.gz) = 097537273bd0579b3b833870cab74ce1da5432357a14c5501db7a2c525fbcb15 -SIZE (gravitational-teleport-v4.4.12_GH0.tar.gz) = 37824023 -SHA256 (gravitational-webassets-2ee76aa_GH0.tar.gz) = 16c5fbdc43723c392d46163073053c850cae7d355fb97b5ba8fd298246be85c4 -SIZE (gravitational-webassets-2ee76aa_GH0.tar.gz) = 4684443 +TIMESTAMP = 1670876102 +SHA256 (gravitational-teleport-v5.2.5_GH0.tar.gz) = 81b48678ead350ca40183ffef70c4afe0ffdcf1e895d04c0bc62eab180b41065 +SIZE (gravitational-teleport-v5.2.5_GH0.tar.gz) = 41856905 +SHA256 (gravitational-webassets-8ace0cf_GH0.tar.gz) = 87b4a3beff4259ff48d30a03cb2e5ac580dc964eac5218518ac89ede450d2220 +SIZE (gravitational-webassets-8ace0cf_GH0.tar.gz) = 4719723 diff --git a/security/teleport/files/patch-docs_pages_config-reference.mdx b/security/teleport/files/patch-docs_pages_config-reference.mdx deleted file mode 100644 index b5a8eabc6bb0..000000000000 --- a/security/teleport/files/patch-docs_pages_config-reference.mdx +++ /dev/null @@ -1,68 +0,0 @@ ---- docs/pages/config-reference.mdx.orig 2022-02-23 04:58:43 UTC -+++ docs/pages/config-reference.mdx -@@ -21,7 +21,7 @@ teleport: - - # Data directory where Teleport daemon keeps its data. - # See "Filesystem Layout" section above for more details. -- data_dir: /var/lib/teleport -+ data_dir: /var/db/teleport - - # Invitation token used to join a cluster. it is not used on - # subsequent starts -@@ -52,11 +52,11 @@ teleport: - max_connections: 1000 - max_users: 250 - -- # Logging configuration. Possible output values to disk via '/var/lib/teleport/teleport.log', -+ # Logging configuration. Possible output values to disk via '/var/db/teleport/teleport.log', - # 'stdout', 'stderr' and 'syslog'. Possible severity values are INFO, WARN - # and ERROR (default). Possible format values include: timestamp, component, caller, and level. - log: -- output: /var/lib/teleport/teleport.log -+ output: /var/db/teleport/teleport.log - severity: ERROR - format: [level, timestamp, component, caller] - # Configuration for the storage back-end used for the cluster state and the -@@ -68,11 +68,11 @@ teleport: - type: dir - - # List of locations where the audit log events will be stored. By default, -- # they are stored in `/var/lib/teleport/log` -+ # they are stored in `/var/db/teleport/log` - # When specifying multiple destinations like this, make sure that any highly-available - # storage methods (like DynamoDB or Firestore) are specified first, as this is what the - # Teleport web UI uses as its source of events to display. -- audit_events_uri: ['dynamodb://events_table_name', 'firestore://events_table_name', 'file:///var/lib/teleport/log', 'stdout://'] -+ audit_events_uri: ['dynamodb://events_table_name', 'firestore://events_table_name', 'file:///var/db/teleport/log', 'stdout://'] - - # Use this setting to configure teleport to store the recorded sessions in - # an AWS S3 bucket or use GCP Storage with 'gs://'. See "Using Amazon S3" -@@ -131,7 +131,7 @@ auth_service: - # By default an automatically generated name is used (not recommended) - # - # IMPORTANT: if you change cluster_name, it will invalidate all generated -- # certificates and keys (may need to wipe out /var/lib/teleport directory) -+ # certificates and keys (may need to wipe out /var/db/teleport directory) - cluster_name: "main" - - authentication: -@@ -223,7 +223,7 @@ auth_service: - # - # If not set, by default Teleport will look for the `license.pem` file in - # the configured `data_dir` . -- license_file: /var/lib/teleport/license.pem -+ license_file: /var/db/teleport/license.pem - - # This section configures the 'node service': - ssh_service: -@@ -320,8 +320,8 @@ proxy_service: - - # TLS certificate for the HTTPS connection. Configuring these properly is - # critical for Teleport security. -- https_key_file: /var/lib/teleport/webproxy_key.pem -- https_cert_file: /var/lib/teleport/webproxy_cert.pem -+ https_key_file: /var/db/teleport/webproxy_key.pem -+ https_cert_file: /var/db/teleport/webproxy_cert.pem - - # This section configures the Kubernetes proxy service - kubernetes: diff --git a/security/teleport/files/pkg-message.in b/security/teleport/files/pkg-message.in index f15cd53d3bfc..6559d0153a15 100644 --- a/security/teleport/files/pkg-message.in +++ b/security/teleport/files/pkg-message.in @@ -3,7 +3,7 @@ message: <<EOM ATTENTION! This version of Teleport is very old and likely to contain unfixed ATTENTION! vulnerabilities. It's only provided to allow for a working upgrade -ATTENTION! path from 4.3. Watch for an upgrade to teleport5 next. +ATTENTION! path from 4.4. Watch for an upgrade to teleport6 next. ATTENTION! New installations are STRONGLY discouraged (wait for version 7). Quick getting started guide: @@ -23,11 +23,11 @@ To add a new node to the cluster, on the auth server: See the docs for additional details: -Quick start: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/quickstart.mdx -Admin Manual: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/admin-guide.mdx -User Manual: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/user-manual.mdx -Architecture: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/architecture/overview.mdx -FAQ: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/faq.mdx +Quick start: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/quickstart.mdx +Admin Manual: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/admin-guide.mdx +User Manual: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/user-manual.mdx +Architecture: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/architecture/overview.mdx +FAQ: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/faq.mdx EOM } ] diff --git a/security/teleport/files/teleport.in b/security/teleport/files/teleport.in index 0f1a39b43e08..248b0d7dc441 100644 --- a/security/teleport/files/teleport.in +++ b/security/teleport/files/teleport.in @@ -16,7 +16,7 @@ # teleport_roles (dir): Set roles to run teleport in. # Default is "node". # Can be any combination of -# "proxy" "node" and "auth", separated by commas +# "node", "app", "proxy" and "auth", separated by commas . /etc/rc.subr diff --git a/security/teleport/pkg-descr b/security/teleport/pkg-descr index e9cb0029b1fa..4485b972f7a7 100644 --- a/security/teleport/pkg-descr +++ b/security/teleport/pkg-descr @@ -8,6 +8,8 @@ used instead for additional functionality. With Teleport it is simple to adopt SSH best practices like using certificate-based access and enabling 2FA via TOTP (e.g. Google Authenticator), U2F or an SSO provider. Cluster nodes can be accessed via -a CLI (tsh) or a Web UI which both allow for session sharing. Teleport -provides centralized user management as well as full session recordings -that can be played back for knowledge sharing or auditing purposes. +a CLI (tsh) or a Web UI which both allow for session sharing. + +Teleport provides centralized user management as well as full session +recordings that can be played back for knowledge sharing or auditing +purposes. It can also be used to protect Web applications like dashboards. diff --git a/security/teleport5/Makefile b/security/teleport5/Makefile deleted file mode 100644 index fcf418b69497..000000000000 --- a/security/teleport5/Makefile +++ /dev/null @@ -1,78 +0,0 @@ -PORTNAME= teleport -DISTVERSIONPREFIX= v -DISTVERSION= 5.2.5 -PORTREVISION= 4 -CATEGORIES= security -PKGNAMESUFFIX= 5 - -MAINTAINER= kraileth@elderlinux.org -COMMENT= Centralized access gateway using the SSH protocol -WWW= https://goteleport.com/teleport - -LICENSE= APACHE20 - -NOT_FOR_ARCHS= i386 -NOT_FOR_ARCHS_REASON= Uses 64bit types - -BUILD_DEPENDS= zip:archivers/zip - -# If you need the auth service to work, you need to compile this port with -# Go 1.17 or older. In case tsh is what you're after, Go 1.19 is fine. -USES= compiler gmake go - -USE_GITHUB= yes -GH_ACCOUNT= gravitational -GH_TUPLE= gravitational:webassets:8ace0cf:webassets/webassets -GH_COMMIT_SHORT= f8ba4afd9 -GH_TAG_COMMIT= ${DISTVERSIONPREFIX}${DISTVERSION}-0-g${GH_COMMIT_SHORT} - -USE_RC_SUBR= teleport - -# Extra assets are stored in the binary and must not be inadvertently removed -STRIP= -NOPRECIOUSMAKEVARS= YES - -SUB_FILES= pkg-message - -PLIST_FILES= bin/tctl \ - bin/teleport \ - bin/tsh \ - "@sample etc/teleport.yaml.sample" - -GO_TELEPORT_SRC_DIR= src/github.com/gravitational/teleport -PRE_GOPATH_DIR= ${PORTNAME}-${DISTVERSION}${DISTVERSIONSUFFIX} - -post-patch: - @${MKDIR} ${WRKDIR}/${GO_TELEPORT_SRC_DIR} - @${REINPLACE_CMD} -e 's|%%GH_TAG_COMMIT%%|${GH_TAG_COMMIT}|' \ - ${WRKSRC}/version.mk - @${FIND} ${WRKSRC}/docs/pages -iname '*.mdx' | ${XARGS} \ - ${REINPLACE_CMD} -i '' -e 's|/var/lib|/var/db|g' - @${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/vendor/* ${WRKDIR}/src/ - @${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/* ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/ - -do-build: - @cd ${WRKDIR}/${GO_TELEPORT_SRC_DIR} && \ - ${SETENV} ${MAKE_ENV} ${BUILD_ENV} ${GO_ENV} \ - CGO_ENABLED=1 GOPATH=${WRKDIR} \ - ${GMAKE} full - -do-install: - ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/teleport configure > ${STAGEDIR}${PREFIX}/etc/teleport.yaml.sample - @${SED} -i '' \ - -e "s|nodename: .*|nodename: |g" \ - -e "s|cluster-join-token||g" \ - ${STAGEDIR}${PREFIX}/etc/teleport.yaml.sample - ${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/teleport ${STAGEDIR}${PREFIX}/bin - ${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/tsh ${STAGEDIR}${PREFIX}/bin - ${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/tctl ${STAGEDIR}${PREFIX}/bin - -.include <bsd.port.pre.mk> - -# golang assumes that if clang is in use, it is called "clang" and not "cc". If -# it's called "cc", go fails. -.if ${COMPILER_TYPE} == clang -BUILD_ENV= CC=clang -.endif - -.include <bsd.port.post.mk> diff --git a/security/teleport5/distinfo b/security/teleport5/distinfo deleted file mode 100644 index cd05976249ca..000000000000 --- a/security/teleport5/distinfo +++ /dev/null @@ -1,5 +0,0 @@ -TIMESTAMP = 1670876102 -SHA256 (gravitational-teleport-v5.2.5_GH0.tar.gz) = 81b48678ead350ca40183ffef70c4afe0ffdcf1e895d04c0bc62eab180b41065 -SIZE (gravitational-teleport-v5.2.5_GH0.tar.gz) = 41856905 -SHA256 (gravitational-webassets-8ace0cf_GH0.tar.gz) = 87b4a3beff4259ff48d30a03cb2e5ac580dc964eac5218518ac89ede450d2220 -SIZE (gravitational-webassets-8ace0cf_GH0.tar.gz) = 4719723 diff --git a/security/teleport5/files/patch-lib_defaults_defaults.go b/security/teleport5/files/patch-lib_defaults_defaults.go deleted file mode 100644 index a0ec9693613e..000000000000 --- a/security/teleport5/files/patch-lib_defaults_defaults.go +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/defaults/defaults.go.orig 2022-02-23 04:58:43 UTC -+++ lib/defaults/defaults.go -@@ -466,7 +466,7 @@ var ( - - // DataDir is where all mutable data is stored (user keys, recorded sessions, - // registered SSH servers, etc): -- DataDir = "/var/lib/teleport" -+ DataDir = "/var/db/teleport" - - // StartRoles is default roles teleport assumes when started via 'start' command - StartRoles = []string{RoleProxy, RoleNode, RoleAuthService} diff --git a/security/teleport5/files/patch-lib_events_auditlog.go b/security/teleport5/files/patch-lib_events_auditlog.go deleted file mode 100644 index ab0c4e04e7bf..000000000000 --- a/security/teleport5/files/patch-lib_events_auditlog.go +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/events/auditlog.go.orig 2022-02-23 04:58:43 UTC -+++ lib/events/auditlog.go -@@ -45,7 +45,7 @@ import ( - const ( - // SessionLogsDir is a subdirectory inside the eventlog data dir - // where all session-specific logs and streams are stored, like -- // in /var/lib/teleport/logs/sessions -+ // in /var/db/teleport/logs/sessions - SessionLogsDir = "sessions" - - // StreamingLogsDir is a subdirectory of sessions /var/lib/teleport/logs/streaming diff --git a/security/teleport5/files/patch-lib_events_doc.go b/security/teleport5/files/patch-lib_events_doc.go deleted file mode 100644 index 570c0aba3879..000000000000 --- a/security/teleport5/files/patch-lib_events_doc.go +++ /dev/null @@ -1,110 +0,0 @@ ---- lib/events/doc.go.orig 2022-02-23 04:58:43 UTC -+++ lib/events/doc.go -@@ -85,7 +85,7 @@ Main Audit Log Format - - The main log files are saved as: - -- /var/lib/teleport/log/<auth-server-id>/<date>.log -+ /var/db/teleport/log/<auth-server-id>/<date>.log - - The log file is rotated every 24 hours. The old files must be cleaned - up or archived by an external tool. -@@ -111,7 +111,7 @@ Each session has its own session log stored as several - - Index file contains a list of event files and chunks files associated with a session: - -- /var/lib/teleport/log/sessions/<auth-server-id>/<session-id>.index -+ /var/db/teleport/log/sessions/<auth-server-id>/<session-id>.index - - The format of the index file contains of two or more lines with pointers to other files: - -@@ -120,8 +120,8 @@ The format of the index file contains of two or more l - - Files: - -- /var/lib/teleport/log/<auth-server-id>/<session-id>-<first-event-in-file-index>.events -- /var/lib/teleport/log/<auth-server-id>/<session-id>-<first-chunk-in-file-offset>.chunks -+ /var/db/teleport/log/<auth-server-id>/<session-id>-<first-event-in-file-index>.events -+ /var/db/teleport/log/<auth-server-id>/<session-id>-<first-chunk-in-file-offset>.chunks - - Where: - - .events (same events as in the main log, but related to the session) -@@ -135,7 +135,7 @@ Examples - In the simplest case, single auth server a1 log for a single session id s1 - will consist of three files: - --/var/lib/teleport/a1/s1.index -+/var/db/teleport/a1/s1.index - - With contents: - -@@ -146,14 +146,14 @@ This means that all session events are located in s1-0 - the first event with index 0 and all chunks are located in file s1-0.chunks file - with the byte offset from the start - 0. - --File with session events /var/lib/teleport/a1/s1-0.events will contain: -+File with session events /var/db/teleport/a1/s1-0.events will contain: - - {"ei":0,"event":"session.start", ...} - {"ei":1,"event":"resize",...} - {"ei":2,"ci":0, "event":"print","bytes":40,"offset":0} - {"ei":3,"event":"session.end", ...} - --File with recorded session /var/lib/teleport/a1/s1-0.chunks will contain 40 bytes -+File with recorded session /var/db/teleport/a1/s1-0.chunks will contain 40 bytes - emitted by print event with chunk index 0 - - **Multiple Auth Servers** -@@ -164,7 +164,7 @@ In high availability mode scenario, multiple auth serv - Any auth server can go down during session and clients will retry the delivery - to the other auth server. - --Both auth servers have mounted /var/lib/teleport/log as a shared NFS folder. -+Both auth servers have mounted /var/db/teleport/log as a shared NFS folder. - - To make sure that only one auth server writes to a file at a time, - each auth server writes to it's own file in a sub folder named -@@ -176,37 +176,37 @@ and the second batch of event to the second server a2. - - Server a1 will produce the following file: - --/var/lib/teleport/a1/s1.index -+/var/db/teleport/a1/s1.index - - With contents: - - {"file_name":"s1-0.events","type":"events","index":0} - {"file_name":"s1-0.chunks","type":"chunks","offset":0} - --Events file /var/lib/teleport/a1/s1-0.events will contain: -+Events file /var/db/teleport/a1/s1-0.events will contain: - - {"ei":0,"event":"session.start", ...} - {"ei":1,"event":"resize",...} - {"ei":2,"ci":0, "event":"print","bytes":40,"offset":0} - --Events file /var/lib/teleport/a1/s1-0.chunks will contain 40 bytes -+Events file /var/db/teleport/a1/s1-0.chunks will contain 40 bytes - emitted by print event with chunk index. - - Server a2 will produce the following file: - --/var/lib/teleport/a2/s1.index -+/var/db/teleport/a2/s1.index - - With contents: - - {"file_name":"s1-3.events","type":"events","index":3} - {"file_name":"s1-40.chunks","type":"chunks","offset":40} - --Events file /var/lib/teleport/a2/s1-4.events will contain: -+Events file /var/db/teleport/a2/s1-4.events will contain: - - {"ei":3,"ci":1, "event":"print","bytes":15,"ms":713,"offset":40} - {"ei":4,"event":"session.end", ...} - --Events file /var/lib/teleport/a2/s1-40.chunks will contain 15 bytes emitted -+Events file /var/db/teleport/a2/s1-40.chunks will contain 15 bytes emitted - by print event with chunk index 1 and comes after delay of 713 milliseconds. - - Offset 40 indicates that the first chunk stored in the file s1-40.chunks diff --git a/security/teleport5/files/patch-lib_services_server.go b/security/teleport5/files/patch-lib_services_server.go deleted file mode 100644 index a93f72ee384f..000000000000 --- a/security/teleport5/files/patch-lib_services_server.go +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/services/server.go.orig 2022-02-23 04:58:43 UTC -+++ lib/services/server.go -@@ -578,7 +578,7 @@ type CommandLabelV1 struct { - // Period is a time between command runs - Period time.Duration `json:"period"` - // Command is a command to run -- Command []string `json:"command"` //["/usr/bin/hostname", "--long"] -+ Command []string `json:"command"` //["/bin/hostname", "--long"] - // Result captures standard output - Result string `json:"result"` - } diff --git a/security/teleport5/files/patch-tool_teleport_common_teleport__test.go b/security/teleport5/files/patch-tool_teleport_common_teleport__test.go deleted file mode 100644 index cccc072a243f..000000000000 --- a/security/teleport5/files/patch-tool_teleport_common_teleport__test.go +++ /dev/null @@ -1,20 +0,0 @@ ---- tool/teleport/common/teleport_test.go.orig 2022-02-23 04:58:43 UTC -+++ tool/teleport/common/teleport_test.go -@@ -62,7 +62,7 @@ func (s *MainTestSuite) SetUpSuite(c *check.C) { - - // set imprtant defaults to test-mode (non-existing files&locations) - defaults.ConfigFilePath = "/tmp/teleport/etc/teleport.yaml" -- defaults.DataDir = "/tmp/teleport/var/lib/teleport" -+ defaults.DataDir = "/tmp/teleport/var/db/teleport" - } - - func (s *MainTestSuite) TestDefault(c *check.C) { -@@ -72,7 +72,7 @@ func (s *MainTestSuite) TestDefault(c *check.C) { - }) - c.Assert(cmd, check.Equals, "start") - c.Assert(conf.Hostname, check.Equals, s.hostname) -- c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/lib/teleport") -+ c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/db/teleport") - c.Assert(conf.Auth.Enabled, check.Equals, true) - c.Assert(conf.SSH.Enabled, check.Equals, true) - c.Assert(conf.Proxy.Enabled, check.Equals, true) diff --git a/security/teleport5/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go b/security/teleport5/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go deleted file mode 100644 index 3178f17f721b..000000000000 --- a/security/teleport5/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go +++ /dev/null @@ -1,16 +0,0 @@ ---- vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig 2022-10-14 07:07:07 UTC -+++ vendor/github.com/kr/pty/ztypes_freebsd_arm64.go -@@ -0,0 +1,13 @@ -+// Created by cgo -godefs - DO NOT EDIT -+// cgo -godefs types_freebsd.go -+ -+package pty -+ -+const ( -+ _C_SPECNAMELEN = 0x3f -+) -+ -+type fiodgnameArg struct { -+ Len int32 -+ Buf *byte -+} diff --git a/security/teleport5/files/patch-version.mk b/security/teleport5/files/patch-version.mk deleted file mode 100644 index 1457af7a19fc..000000000000 --- a/security/teleport5/files/patch-version.mk +++ /dev/null @@ -1,8 +0,0 @@ ---- version.mk.orig 2022-02-23 04:58:43 UTC -+++ version.mk -@@ -1,4 +1,4 @@ --GITREF=`git describe --dirty --long --tags` -+GITREF=%%GH_TAG_COMMIT%% - - # $(VERSION_GO) will be written to version.go - VERSION_GO="/* DO NOT EDIT THIS FILE. IT IS GENERATED BY 'make setver'*/\n\n\ diff --git a/security/teleport5/files/pkg-message.in b/security/teleport5/files/pkg-message.in deleted file mode 100644 index 6559d0153a15..000000000000 --- a/security/teleport5/files/pkg-message.in +++ /dev/null @@ -1,33 +0,0 @@ -[ -{ type: install - message: <<EOM -ATTENTION! This version of Teleport is very old and likely to contain unfixed -ATTENTION! vulnerabilities. It's only provided to allow for a working upgrade -ATTENTION! path from 4.4. Watch for an upgrade to teleport6 next. -ATTENTION! New installations are STRONGLY discouraged (wait for version 7). - -Quick getting started guide: - -1. Read through the Quick Start Guide (see below). -2. Start teleport: su -c 'sysrc teleport_enable=YES' -3. If not just setting up a node: su -c 'sysrc teleport_roles=auth,proxy,node' -4. Review and edit /usr/local/etc/teleport.yaml -5. Start teleport: su -c 'service teleport start' -6. Add yourself as a user on the auth server: su -c "tctl users add $USER" -7. Create a password and 2FA code using the URL emitted during - the previous step. - -To add a new node to the cluster, on the auth server: - - $ tctl nodes add --ttl=5m --roles=node,proxy - -See the docs for additional details: - -Quick start: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/quickstart.mdx -Admin Manual: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/admin-guide.mdx -User Manual: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/user-manual.mdx -Architecture: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/architecture/overview.mdx -FAQ: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/faq.mdx -EOM -} -] diff --git a/security/teleport5/files/teleport.in b/security/teleport5/files/teleport.in deleted file mode 100644 index 248b0d7dc441..000000000000 --- a/security/teleport5/files/teleport.in +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh - -# PROVIDE: teleport -# REQUIRE: NETWORKING SERVERS DAEMON -# KEYWORD: shutdown -# -# Add the following lines to /etc/rc.conf.local or /etc/rc.conf -# to enable this service: -# -# teleport_enable (bool): Set to NO by default. -# Set it to YES to enable teleport. -# teleport_config (str): Configuration file. -# Default is "${LOCALBASE}/etc/teleport.yaml" -# teleport_dir (dir): Set dir to run teleport in. -# Default is "/var/db/teleport". -# teleport_roles (dir): Set roles to run teleport in. -# Default is "node". -# Can be any combination of -# "node", "app", "proxy" and "auth", separated by commas - -. /etc/rc.subr - -name=teleport -rcvar=teleport_enable - -load_rc_config $name - -: ${teleport_enable:="NO"} -: ${teleport_config:="%%PREFIX%%/etc/teleport.yaml"} -: ${teleport_args:="--config=${teleport_config}"} -: ${teleport_dir:="/var/db/teleport"} -: ${teleport_roles:="node"} - -pidfile=/var/run/teleport.pid -required_files="${teleport_config}" -procname="%%PREFIX%%/bin/teleport" -command="/usr/sbin/daemon" - -DAEMON=$(daemon 2>&1 | grep -q syslog ; echo $?) -if [ ${DAEMON} -eq 0 ]; then - DAEMON_SYSLOG_FLAGS="-S -T teleport -s info -m 3" -else - DAEMON_SYSLOG_FLAGS="" -fi - -command_args="${DAEMON_SYSLOG_FLAGS} -f -p ${pidfile} /usr/bin/env ${teleport_env} ${procname} start --roles=${teleport_roles} ${teleport_args}" - -start_precmd="teleport_prestart" - -teleport_prestart() -{ - mkdir -p ${teleport_dir} -} - -run_rc_command "$1" diff --git a/security/teleport5/pkg-descr b/security/teleport5/pkg-descr deleted file mode 100644 index 4485b972f7a7..000000000000 --- a/security/teleport5/pkg-descr +++ /dev/null @@ -1,15 +0,0 @@ -What is Teleport? -================= -Teleport is a gateway for managing access to clusters of *nix servers via -SSH or the Kubernetes API. While it does also support connecting to -servers running traditional OpenSSH, its own node deamon is intended to be -used instead for additional functionality. - -With Teleport it is simple to adopt SSH best practices like using -certificate-based access and enabling 2FA via TOTP (e.g. Google -Authenticator), U2F or an SSO provider. Cluster nodes can be accessed via -a CLI (tsh) or a Web UI which both allow for session sharing. - -Teleport provides centralized user management as well as full session -recordings that can be played back for knowledge sharing or auditing -purposes. It can also be used to protect Web applications like dashboards.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202303310002.32V02Yft018825>