diff options
-rw-r--r-- | .SRCINFO | 48 | ||||
-rw-r--r-- | PKGBUILD | 109 | ||||
-rwxr-xr-x | get_latest.sh | 8 | ||||
-rw-r--r-- | teleport.install | 3 | ||||
-rw-r--r-- | teleport.service | 5 | ||||
-rw-r--r-- | teleport.yaml | 281 | ||||
-rw-r--r-- | teleport@.service | 15 |
7 files changed, 96 insertions, 373 deletions
@@ -1,41 +1,29 @@ pkgbase = teleport pkgdesc = Modern SSH server for teams managing distributed infrastructure - pkgver = 6.0.1 + pkgver = 6.0.2 pkgrel = 1 - url = https://gravitational.com/teleport + url = https://github.com/gravitational/teleport install = teleport.install + arch = i386 arch = x86_64 - arch = arm arch = armv7h arch = aarch64 license = Apache - depends = glibc - options = !strip - backup = etc/teleport/teleport.yaml - source_x86_64 = https://get.gravitational.com/teleport-v6.0.1-linux-amd64-bin.tar.gz - source_x86_64 = teleport.service - source_x86_64 = teleport.yaml - sha256sums_x86_64 = d8463472ba2cfe34c77357bf16c02c0f7a381a7610ede81224ee8d064f908177 - sha256sums_x86_64 = a4e7bb81be841bccedc493824d8740f5addc1d8f4cb483e0883f9650c7369f47 - sha256sums_x86_64 = 3b26c48a1ade6feea6658a663fe5db7210df24a191816ce95939dc0eddefa0bc - source_arm = https://get.gravitational.com/teleport-v6.0.1-linux-arm-bin.tar.gz - source_arm = teleport.service - source_arm = teleport.yaml - sha256sums_arm = f5880caa8b48c710c24c5497e7543892e3fc8eae8153ff985f4e9ae57bbcb287 - sha256sums_arm = a4e7bb81be841bccedc493824d8740f5addc1d8f4cb483e0883f9650c7369f47 - sha256sums_arm = 3b26c48a1ade6feea6658a663fe5db7210df24a191816ce95939dc0eddefa0bc - source_armv7h = https://get.gravitational.com/teleport-v6.0.1-linux-arm-bin.tar.gz - source_armv7h = teleport.service - source_armv7h = teleport.yaml - sha256sums_armv7h = f5880caa8b48c710c24c5497e7543892e3fc8eae8153ff985f4e9ae57bbcb287 - sha256sums_armv7h = a4e7bb81be841bccedc493824d8740f5addc1d8f4cb483e0883f9650c7369f47 - sha256sums_armv7h = 3b26c48a1ade6feea6658a663fe5db7210df24a191816ce95939dc0eddefa0bc - source_aarch64 = https://get.gravitational.com/teleport-v6.0.1-linux-arm64-bin.tar.gz - source_aarch64 = teleport.service - source_aarch64 = teleport.yaml - sha256sums_aarch64 = d3c98ddbffb219eaa4a89410ced10c7f6a481cc2e326d03a73e4eda3feac6c9c - sha256sums_aarch64 = a4e7bb81be841bccedc493824d8740f5addc1d8f4cb483e0883f9650c7369f47 - sha256sums_aarch64 = 3b26c48a1ade6feea6658a663fe5db7210df24a191816ce95939dc0eddefa0bc + makedepends = go>=1.14.0 + depends = bash + depends = python + provides = tctl + provides = tsh + source = teleport.tar.gz::https://github.com/gravitational/teleport/archive/refs/tags/v6.0.2.tar.gz + source = teleport-webassets.tar.gz::https://github.com/gravitational/webassets/archive/69750d0b9b8bbc3f0b56dc41f036f6a9e295c62a.tar.gz + source = teleport.service + source = teleport@.service + source = teleport.install + sha256sums = c08eb20ea4dd668c445522ddd96f220aebbd9b5d01209d2f87b4052b06aa36b2 + sha256sums = c2e2d71f95f163c15db42b8ea6811017d5dd7020bb416bbe864e3bdb8d2fdf7c + sha256sums = 10ac25cea1b5c193d7f968ca28a1da0e54b847f29c2a0186b46fd853194be38a + sha256sums = 4bc17fdde981f91c5d9972ae0555ee5e8b63a6b67e007c28f83ada80823980fd + sha256sums = cff4e3c69677210bdde9a781146df06fba3a62cef72ed6854cd1923a05444435 pkgname = teleport @@ -1,62 +1,71 @@ -# Maintainer: Emanuele 'Lele aka eldios' Calo' <xeldiosx@gmail.com> +# Maintainer: Maarten de Boer <maarten@cloudstek.nl> pkgname=teleport -pkgver=6.0.1 +pkgver=6.0.2 pkgrel=1 pkgdesc="Modern SSH server for teams managing distributed infrastructure" -arch=('x86_64' 'arm' 'armv7h' 'aarch64') -url="https://gravitational.com/teleport" +arch=('i386' 'x86_64' 'armv7h' 'aarch64') +url="https://github.com/gravitational/teleport" license=('Apache') -depends=('glibc') +depends=('bash' 'python') +makedepends=('go>=1.14.0') +provides=('tctl' 'tsh') install=teleport.install -source_x86_64=( - "https://get.gravitational.com/teleport-v${pkgver}-linux-amd64-bin.tar.gz" - "teleport.service" - "teleport.yaml" - ) -sha256sums_x86_64=( - 'd8463472ba2cfe34c77357bf16c02c0f7a381a7610ede81224ee8d064f908177' - 'a4e7bb81be841bccedc493824d8740f5addc1d8f4cb483e0883f9650c7369f47' - '3b26c48a1ade6feea6658a663fe5db7210df24a191816ce95939dc0eddefa0bc' - ) -source_arm=( - "https://get.gravitational.com/teleport-v${pkgver}-linux-arm-bin.tar.gz" - "teleport.service" - "teleport.yaml" - ) - -sha256sums_arm=( - 'f5880caa8b48c710c24c5497e7543892e3fc8eae8153ff985f4e9ae57bbcb287' - 'a4e7bb81be841bccedc493824d8740f5addc1d8f4cb483e0883f9650c7369f47' - '3b26c48a1ade6feea6658a663fe5db7210df24a191816ce95939dc0eddefa0bc' - ) -source_armv7h=("${source_arm[@]}") -sha256sums_armv7h=("${sha256sums_arm[@]}") -source_aarch64=( - "https://get.gravitational.com/teleport-v${pkgver}-linux-arm64-bin.tar.gz" - "teleport.service" - "teleport.yaml" - ) - -sha256sums_aarch64=( - 'd3c98ddbffb219eaa4a89410ced10c7f6a481cc2e326d03a73e4eda3feac6c9c' - 'a4e7bb81be841bccedc493824d8740f5addc1d8f4cb483e0883f9650c7369f47' - '3b26c48a1ade6feea6658a663fe5db7210df24a191816ce95939dc0eddefa0bc' - ) -options=(!strip) - -backup=('etc/teleport/teleport.yaml') -package() { - mkdir -p "${pkgdir}/usr/lib/systemd/system" "${pkgdir}/usr/bin" - mkdir -p "${pkgdir}/etc/teleport" +_webassets_ref=69750d0b9b8bbc3f0b56dc41f036f6a9e295c62a + +source=("${pkgname}.tar.gz::https://github.com/gravitational/teleport/archive/refs/tags/v${pkgver}.tar.gz" + "${pkgname}-webassets.tar.gz::https://github.com/gravitational/webassets/archive/${_webassets_ref}.tar.gz" + "teleport.service" + "teleport@.service" + "teleport.install") - install -m644 teleport.yaml "${pkgdir}/etc/teleport/teleport.yaml" +sha256sums=('c08eb20ea4dd668c445522ddd96f220aebbd9b5d01209d2f87b4052b06aa36b2' + 'c2e2d71f95f163c15db42b8ea6811017d5dd7020bb416bbe864e3bdb8d2fdf7c' + '10ac25cea1b5c193d7f968ca28a1da0e54b847f29c2a0186b46fd853194be38a' + '4bc17fdde981f91c5d9972ae0555ee5e8b63a6b67e007c28f83ada80823980fd' + 'cff4e3c69677210bdde9a781146df06fba3a62cef72ed6854cd1923a05444435') - install -m644 teleport.service "${pkgdir}/usr/lib/systemd/system/teleport.service" +prepare() { + mv "${srcdir}/${pkgname}-${pkgver}" "${srcdir}/${pkgname}" + rm -Rf "${srcdir}/${pkgname}/webassets" + mv "${srcdir}/webassets-${_webassets_ref}" "${srcdir}/${pkgname}/webassets" - cd "${srcdir}/teleport" - install -m755 -t "${pkgdir}/usr/bin/" teleport tctl tsh - # no man pages, docs or web assets in release tarball + install -m755 -d "${srcdir}/go/src/github.com/gravitational" + ln -sf "${srcdir}/${pkgname}" "${srcdir}/go/src/github.com/gravitational/teleport" } +build() { + export GOPATH="${srcdir}/go" + + # See: https://wiki.archlinux.org/index.php/Go_package_guidelines + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" + export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" + + cd "${GOPATH}/src/github.com/gravitational/teleport" + + make + + rm -Rf "${srcdir}/go" + unset GOPATH +} + +package() { + cd "${srcdir}/${pkgname}" + + # Install binaries + install -Dm755 build/teleport "${pkgdir}/usr/bin/teleport" + install -Dm755 build/tctl "${pkgdir}/usr/bin/tctl" + install -Dm755 build/tsh "${pkgdir}/usr/bin/tsh" + + # Install services + install -Dm644 ${srcdir}/teleport.service "${pkgdir}/usr/lib/systemd/system/teleport.service" + install -Dm644 ${srcdir}/teleport@.service "${pkgdir}/usr/lib/systemd/system/teleport@.service" + + # Copy example files + install -dm755 "${pkgdir}/usr/share/teleport" + cp -r examples "${pkgdir}/usr/share/teleport/" +} diff --git a/get_latest.sh b/get_latest.sh deleted file mode 100755 index 5902159038ad..000000000000 --- a/get_latest.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -pkgver="$1" -wget "https://get.gravitational.com/teleport-v${pkgver}-linux-amd64-bin.tar.gz" -wget "https://get.gravitational.com/teleport-v${pkgver}-linux-arm-bin.tar.gz" -wget "https://get.gravitational.com/teleport-v${pkgver}-linux-arm64-bin.tar.gz" - -sha256sum teleport-v*-linux-*-bin.tar.gz diff --git a/teleport.install b/teleport.install index b2af6197a961..9dd32af138b4 100644 --- a/teleport.install +++ b/teleport.install @@ -1,6 +1,5 @@ post_install() { - echo 'Please follow the instructions in `/usr/share/doc/teleport/quickstart.md`' - echo 'or on https://gravitational.com/teleport/docs/quickstart/ to set things up.' + echo 'Please follow the instructions on https://gravitational.com/teleport/docs/quickstart/ to set things up.' } post_remove() { diff --git a/teleport.service b/teleport.service index 697eb02c927a..8f119e181f6e 100644 --- a/teleport.service +++ b/teleport.service @@ -6,9 +6,10 @@ After=network.target Type=simple Restart=on-failure EnvironmentFile=-/etc/default/teleport -ExecStart=/usr/bin/teleport start --config=/etc/teleport/teleport.yaml --pid-file=/var/run/teleport.pid +ExecStart=/usr/bin/teleport start --pid-file=/run/teleport.pid --config=/etc/teleport.yaml ExecReload=/bin/kill -HUP $MAINPID -PIDFile=/var/run/teleport.pid +PIDFile=/run/teleport.pid +LimitNOFILE=8192 [Install] WantedBy=multi-user.target diff --git a/teleport.yaml b/teleport.yaml deleted file mode 100644 index fcad5fcbac4a..000000000000 --- a/teleport.yaml +++ /dev/null @@ -1,281 +0,0 @@ -# By default, this file should be stored in /etc/teleport.yaml - -# This section of the configuration file applies to all teleport -# services. -teleport: - # nodename allows to assign an alternative name this node can be reached by. - # by default it's equal to hostname - # nodename: graviton - - # Data directory where Teleport daemon keeps its data. - # See "Filesystem Layout" section above for more details. - # data_dir: /var/lib/teleport - - # Invitation token used to join a cluster. it is not used on - # subsequent starts - # auth_token: xxxx-token-xxxx - - # Optional CA pin of the auth server. This enables more secure way of adding new - # nodes to a cluster. See "Adding Nodes" section above. - # ca_pin: "sha256:7e12c17c20d9cb504bbcb3f0236be3f446861f1396dcbb44425fe28ec1c108f1" - - # When running in multi-homed or NATed environments Teleport nodes need - # to know which IP it will be reachable at by other nodes - # - # This value can be specified as FQDN e.g. host.example.com - # advertise_ip: 10.1.0.5 - - # list of auth servers in a cluster. you will have more than one auth server - # if you configure teleport auth to run in HA configuration. - # If adding a node located behind NAT, use the Proxy URL. e.g. - # auth_servers: - # - teleport-proxy.example.com:3080 - # auth_servers: - # - 10.1.0.5:3025 - # - 10.1.0.6:3025 - - # Teleport throttles all connections to avoid abuse. These settings allow - # you to adjust the default limits - # connection_limits: - # max_connections: 1000 - # max_users: 250 - - # Logging configuration. Possible output values are 'stdout', 'stderr' and - # 'syslog'. Possible severity values are INFO, WARN and ERROR (default). - # log: - # output: stderr - # severity: ERROR - - # Configuration for the storage back-end used for the cluster state and the - # audit log. Several back-end types are supported. See "High Availability" - # section of this Admin Manual below to learn how to configure DynamoDB, - # S3, etcd and other highly available back-ends. - # storage: - # By default teleport uses the `data_dir` directory on a local filesystem - # type: dir - - # Array of locations where the audit log events will be stored. by - # default they are stored in `/var/lib/teleport/log` - # audit_events_uri: ['file:///var/lib/teleport/log'] - - # Use this setting to configure teleport to store the recorded sessions in - # an AWS S3 bucket. see "Using Amazon S3" chapter for more information. - # audit_sessions_uri: 's3://example.com/path/to/bucket?region=us-east-1' - - # Cipher algorithms that the server supports. This section only needs to be - # set if you want to override the defaults. - # ciphers: - # - aes128-ctr - # - aes192-ctr - # - aes256-ctr - # - aes128-gcm@openssh.com - # - chacha20-poly1305@openssh.com - - # Key exchange algorithms that the server supports. This section only needs - # to be set if you want to override the defaults. - # kex_algos: - # - curve25519-sha256@libssh.org - # - ecdh-sha2-nistp256 - # - ecdh-sha2-nistp384 - # - ecdh-sha2-nistp521 - - # Message authentication code (MAC) algorithms that the server supports. - # This section only needs to be set if you want to override the defaults. - # mac_algos: - # - hmac-sha2-256-etm@openssh.com - # - hmac-sha2-256 - - # List of the supported ciphersuites. If this section is not specified, - # only the default ciphersuites are enabled. - # ciphersuites: - # - tls-rsa-with-aes-128-gcm-sha256 - # - tls-rsa-with-aes-256-gcm-sha384 - # - tls-ecdhe-rsa-with-aes-128-gcm-sha256 - # - tls-ecdhe-ecdsa-with-aes-128-gcm-sha256 - # - tls-ecdhe-rsa-with-aes-256-gcm-sha384 - # - tls-ecdhe-ecdsa-with-aes-256-gcm-sha384 - # - tls-ecdhe-rsa-with-chacha20-poly1305 - # - tls-ecdhe-ecdsa-with-chacha20-poly1305 - - -# This section configures the 'auth service': -auth_service: - # Turns 'auth' role on. Default is 'yes' - # enabled: yes - - # A cluster name is used as part of a signature in certificates - # generated by this CA. - # - # We strongly recommend to explicitly set it to something meaningful as it - # becomes important when configuring trust between multiple clusters. - # - # By default an automatically generated name is used (not recommended) - # - # IMPORTANT: if you change cluster_name, it will invalidate all generated - # certificates and keys (may need to wipe out /var/lib/teleport directory) - # cluster_name: "main" - - # authentication: - # default authentication type. possible values are 'local', 'oidc' and 'saml' - # only local authentication (Teleport's own user DB) is supported in the open - # source version - # type: local - # second_factor can be off, otp, or u2f - # second_factor: otp - # this section is used if second_factor is set to 'u2f' - # u2f: - # app_id must point to the URL of the Teleport Web UI (proxy) accessible - # by the end users - # app_id: https://localhost:3080 - # facets must list all proxy servers if there are more than one deployed - # facets: - # - https://localhost:3080 - - # IP and the port to bind to. Other Teleport nodes will be connecting to - # this port (AKA "Auth API" or "Cluster API") to validate client - # certificates - # listen_addr: 0.0.0.0:3025 - - # The optional DNS name the auth server if located behind a load balancer. - # (see public_addr section below) - # public_addr: auth.example.com:3025 - - # Pre-defined tokens for adding new nodes to a cluster. Each token specifies - # the role a new node will be allowed to assume. The more secure way to - # add nodes is to use `ttl node add --ttl` command to generate auto-expiring - # tokens. - # - # We recommend to use tools like `pwgen` to generate sufficiently random - # tokens of 32+ byte length. - # tokens: - # - "proxy,node:xxxxx" - # - "auth:yyyy" - - # Optional setting for configuring session recording. Possible values are: - # "node" : sessions will be recorded on the node level (the default) - # "proxy" : recording on the proxy level, see "recording proxy mode" section. - # "off" : session recording is turned off - # session_recording: "node" - - # This setting determines if a Teleport proxy performs strict host key checks. - # Only applicable if session_recording=proxy, see "recording proxy mode" for details. - # proxy_checks_host_keys: yes - - # Determines if SSH sessions to cluster nodes are forcefully terminated - # after no activity from a client (idle client). - # Examples: "30m", "1h" or "1h30m" - # client_idle_timeout: never - - # Determines if the clients will be forcefully disconnected when their - # certificates expire in the middle of an active SSH session. (default is 'no') - # disconnect_expired_cert: no - - # Determines the interval at which Teleport will send keep-alive messages. The - # default value mirrors sshd at 15 minutes. keep_alive_count_max is the number - # of missed keep-alive messages before the server tears down the connection to the - # client. - # keep_alive_interval: 15 - # keep_alive_count_max: 3 - - # License file to start auth server with. Note that this setting is ignored - # in open-source Teleport and is required only for Teleport Pro, Business - # and Enterprise subscription plans. - # - # The path can be either absolute or relative to the configured `data_dir` - # and should point to the license file obtained from Teleport Download Portal. - # - # If not set, by default Teleport will look for the `license.pem` file in - # the configured `data_dir`. - # license_file: /var/lib/teleport/license.pem - - # DEPRECATED in Teleport 3.2 (moved to proxy_service section) - # kubeconfig_file: /path/to/kubeconfig - -# This section configures the 'node service': -ssh_service: - # Turns 'ssh' role on. Default is 'yes' - # enabled: yes - - # IP and the port for SSH service to bind to. - # listen_addr: 0.0.0.0:3022 - - # The optional public address the SSH service. This is useful if administrators - # want to allow users to connect to nodes directly, bypassing a Teleport proxy - # (see public_addr section below) - # public_addr: node.example.com:3022 - - # See explanation of labels in "Labeling Nodes" section below - # labels: - # role: master - # type: postgres - - # List of the commands to periodically execute. Their output will be used as node labels. - # See "Labeling Nodes" section below for more information and more examples. - # commands: - # this command will add a label 'arch=x86_64' to a node - # - name: arch - # command: ['/bin/uname', '-p'] - # period: 1h0m0s - - # enables reading ~/.tsh/environment before creating a session. by default - # set to false, can be set true here or as a command line flag. - # permit_user_env: false - - # configures PAM integration. see below for more details. - # pam: - # enabled: no - # service_name: teleport - -# This section configures the 'proxy service' -proxy_service: - # Turns 'proxy' role on. Default is 'yes' - # enabled: yes - - # SSH forwarding/proxy address. Command line (CLI) clients always begin their - # SSH sessions by connecting to this port - # listen_addr: 0.0.0.0:3023 - - # Reverse tunnel listening address. An auth server (CA) can establish an - # outbound (from behind the firewall) connection to this address. - # This will allow users of the outside CA to connect to behind-the-firewall - # nodes. - # tunnel_listen_addr: 0.0.0.0:3024 - - # The HTTPS listen address to serve the Web UI and also to authenticate the - # command line (CLI) users via password+HOTP - # web_listen_addr: 0.0.0.0:3080 - - # The DNS name the proxy HTTPS endpoint as accessible by cluster users. - # Defaults to the proxy's hostname if not specified. If running multiple - # proxies behind a load balancer, this name must point to the load balancer - # (see public_addr section below) - # public_addr: proxy.example.com:3080 - - # The DNS name of the proxy SSH endpoint as accessible by cluster clients. - # Defaults to the proxy's hostname if not specified. If running multiple proxies - # behind a load balancer, this name must point to the load balancer. - # Use a TCP load balancer because this port uses SSH protocol. - # ssh_public_addr: proxy.example.com:3023 - - # TLS certificate for the HTTPS connection. Configuring these properly is - # critical for Teleport security. - # https_key_file: /var/lib/teleport/webproxy_key.pem - # https_cert_file: /var/lib/teleport/webproxy_cert.pem - - # This section configures the Kubernetes proxy service - # kubernetes: - # Turns 'kubernetes' proxy on. Default is 'no' - # enabled: yes - - # Kubernetes proxy listen address. - # listen_addr: 0.0.0.0:3026 - - # The DNS name of the Kubernetes proxy server that is accessible by cluster clients. - # If running multiple proxies behind a load balancer, this name must point to the - # load balancer. - # public_addr: ['kube.example.com:3026'] - - # This setting is not required if the Teleport proxy service is - # deployed inside a Kubernetes cluster. Otherwise, Teleport proxy - # will use the credentials from this file: - # kubeconfig_file: /path/to/kube/config diff --git a/teleport@.service b/teleport@.service new file mode 100644 index 000000000000..3bdb3c846dfa --- /dev/null +++ b/teleport@.service @@ -0,0 +1,15 @@ +[Unit] +Description=Teleport SSH Service +After=network.target + +[Service] +Type=simple +Restart=on-failure +EnvironmentFile=-/etc/default/teleport-%i +ExecStart=/usr/bin/teleport start --pid-file=/run/teleport-%i.pid --config=/etc/teleport.d/%i.yaml +ExecReload=/bin/kill -HUP $MAINPID +PIDFile=/run/teleport-%i.pid +LimitNOFILE=8192 + +[Install] +WantedBy=multi-user.target |