git: 19cac1122ceb - main - security/teleport: Update to 4.4.12
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 06 Nov 2022 10:48:49 UTC
The branch main has been updated by diizzy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=19cac1122ceb74cb35863a01f17cc2ef0556d227
commit 19cac1122ceb74cb35863a01f17cc2ef0556d227
Author: Michael Reim <kraileth@elderlinux.org>
AuthorDate: 2022-11-06 10:37:31 +0000
Commit: Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2022-11-06 10:46:53 +0000
security/teleport: Update to 4.4.12
Pass maintainership to submitter due to multiple timeouts from current.
Changelog:
https://github.com/gravitational/teleport/releases/tag/v4.4.12
PR: 267052
Approved by: portmgr (maintainer timeout, 3+ weeks)
---
security/teleport/Makefile | 13 +++--
security/teleport/distinfo | 10 ++--
.../files/patch-build.assets_pkg_etc_teleport.yaml | 51 ----------------
.../files/patch-docs_pages_config-reference.mdx | 68 ++++++++++++++++++++++
.../teleport/files/patch-lib_config_fileconf.go | 11 ----
.../teleport/files/patch-lib_defaults_defaults.go | 4 +-
.../teleport/files/patch-lib_events_auditlog.go | 4 +-
security/teleport/files/patch-lib_events_doc.go | 2 +-
.../teleport/files/patch-lib_services_server.go | 4 +-
.../patch-tool_teleport_common_teleport__test.go | 2 +-
...dor_github.com_kr_pty_ztypes__freebsd__arm64.go | 2 +-
security/teleport/files/patch-version.mk | 2 +-
security/teleport/files/pkg-message.in | 23 +++++---
security/teleport/pkg-descr | 23 ++++----
14 files changed, 115 insertions(+), 104 deletions(-)
diff --git a/security/teleport/Makefile b/security/teleport/Makefile
index 6e3442557a4b..68134871f0fd 100644
--- a/security/teleport/Makefile
+++ b/security/teleport/Makefile
@@ -1,12 +1,11 @@
PORTNAME= teleport
DISTVERSIONPREFIX= v
-DISTVERSION= 4.3.9
-PORTREVISION= 6
+DISTVERSION= 4.4.12
CATEGORIES= security
-MAINTAINER= swills@FreeBSD.org
-COMMENT= Gravitational Teleport SSH
-WWW= https://gravitational.com/teleport/
+MAINTAINER= kraileth@elderlinux.org
+COMMENT= Centralized access gateway using the SSH protocol
+WWW= https://goteleport.com/teleport
LICENSE= APACHE20
@@ -15,11 +14,13 @@ NOT_FOR_ARCHS_REASON= Uses 64bit types
BUILD_DEPENDS= zip:archivers/zip
+# If you need the auth service to work, you need to compile this port with
+# Go 1.17 or older. In case tsh is what you're after, Go 1.19 is fine.
USES= compiler gmake go
USE_GITHUB= yes
GH_ACCOUNT= gravitational
-GH_TUPLE= gravitational:webassets:eac734b:webassets/webassets
+GH_TUPLE= gravitational:webassets:2ee76aa:webassets/webassets
GH_COMMIT_SHORT= fabee242d
GH_TAG_COMMIT= ${DISTVERSIONPREFIX}${DISTVERSION}-0-g${GH_COMMIT_SHORT}
diff --git a/security/teleport/distinfo b/security/teleport/distinfo
index 27c4250be5b5..362cf0489a3b 100644
--- a/security/teleport/distinfo
+++ b/security/teleport/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1609025109
-SHA256 (gravitational-teleport-v4.3.9_GH0.tar.gz) = 6b095366cfe788ca72ef7dc2bb052ff258b0e48de82b05b34f935f928b1aa776
-SIZE (gravitational-teleport-v4.3.9_GH0.tar.gz) = 54786284
-SHA256 (gravitational-webassets-eac734b_GH0.tar.gz) = 3f78270f137d690adafd3ec918e51cebc0c2f18c6b3879a57eaa19a267bfc64c
-SIZE (gravitational-webassets-eac734b_GH0.tar.gz) = 4683803
+TIMESTAMP = 1665730213
+SHA256 (gravitational-teleport-v4.4.12_GH0.tar.gz) = 097537273bd0579b3b833870cab74ce1da5432357a14c5501db7a2c525fbcb15
+SIZE (gravitational-teleport-v4.4.12_GH0.tar.gz) = 37824023
+SHA256 (gravitational-webassets-2ee76aa_GH0.tar.gz) = 16c5fbdc43723c392d46163073053c850cae7d355fb97b5ba8fd298246be85c4
+SIZE (gravitational-webassets-2ee76aa_GH0.tar.gz) = 4684443
diff --git a/security/teleport/files/patch-build.assets_pkg_etc_teleport.yaml b/security/teleport/files/patch-build.assets_pkg_etc_teleport.yaml
deleted file mode 100644
index 7a370e692e2e..000000000000
--- a/security/teleport/files/patch-build.assets_pkg_etc_teleport.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
---- build.assets/pkg/etc/teleport.yaml.orig 2020-07-08 18:08:40 UTC
-+++ build.assets/pkg/etc/teleport.yaml
-@@ -9,7 +9,7 @@ teleport:
-
- # Data directory where Teleport daemon keeps its data.
- # See "Filesystem Layout" section above for more details.
-- # data_dir: /var/lib/teleport
-+ # data_dir: /var/db/teleport
-
- # Invitation token used to join a cluster. it is not used on
- # subsequent starts
-@@ -54,8 +54,8 @@ teleport:
- type: dir
-
- # Array of locations where the audit log events will be stored. by
-- # default they are stored in `/var/lib/teleport/log`
-- # audit_events_uri: ['file:///var/lib/teleport/log', 'dynamodb://events_table_name', 'stdout://']
-+ # default they are stored in `/var/db/teleport/log`
-+ # audit_events_uri: ['file:///var/db/teleport/log', 'dynamodb://events_table_name', 'stdout://']
-
- # Use this setting to configure teleport to store the recorded sessions in
- # an AWS S3 bucket. see "Using Amazon S3" chapter for more information.
-@@ -111,7 +111,7 @@ auth_service:
- # By default an automatically generated name is used (not recommended)
- #
- # IMPORTANT: if you change cluster_name, it will invalidate all generated
-- # certificates and keys (may need to wipe out /var/lib/teleport directory)
-+ # certificates and keys (may need to wipe out /var/db/teleport directory)
- # cluster_name: "main"
-
- authentication:
-@@ -185,7 +185,7 @@ auth_service:
- #
- # If not set, by default Teleport will look for the `license.pem` file in
- # the configured `data_dir`.
-- # license_file: /var/lib/teleport/license.pem
-+ # license_file: /var/db/teleport/license.pem
-
- # DEPRECATED in Teleport 3.2 (moved to proxy_service section)
- # kubeconfig_file: /path/to/kubeconfig
-@@ -258,8 +258,8 @@ proxy_service:
-
- # TLS certificate for the HTTPS connection. Configuring these properly is
- # critical for Teleport security.
-- # https_key_file: /var/lib/teleport/webproxy_key.pem
-- # https_cert_file: /var/lib/teleport/webproxy_cert.pem
-+ # https_key_file: /var/db/teleport/webproxy_key.pem
-+ # https_cert_file: /var/db/teleport/webproxy_cert.pem
-
- # This section configures the Kubernetes proxy service
- # kubernetes:
diff --git a/security/teleport/files/patch-docs_pages_config-reference.mdx b/security/teleport/files/patch-docs_pages_config-reference.mdx
new file mode 100644
index 000000000000..b5a8eabc6bb0
--- /dev/null
+++ b/security/teleport/files/patch-docs_pages_config-reference.mdx
@@ -0,0 +1,68 @@
+--- docs/pages/config-reference.mdx.orig 2022-02-23 04:58:43 UTC
++++ docs/pages/config-reference.mdx
+@@ -21,7 +21,7 @@ teleport:
+
+ # Data directory where Teleport daemon keeps its data.
+ # See "Filesystem Layout" section above for more details.
+- data_dir: /var/lib/teleport
++ data_dir: /var/db/teleport
+
+ # Invitation token used to join a cluster. it is not used on
+ # subsequent starts
+@@ -52,11 +52,11 @@ teleport:
+ max_connections: 1000
+ max_users: 250
+
+- # Logging configuration. Possible output values to disk via '/var/lib/teleport/teleport.log',
++ # Logging configuration. Possible output values to disk via '/var/db/teleport/teleport.log',
+ # 'stdout', 'stderr' and 'syslog'. Possible severity values are INFO, WARN
+ # and ERROR (default). Possible format values include: timestamp, component, caller, and level.
+ log:
+- output: /var/lib/teleport/teleport.log
++ output: /var/db/teleport/teleport.log
+ severity: ERROR
+ format: [level, timestamp, component, caller]
+ # Configuration for the storage back-end used for the cluster state and the
+@@ -68,11 +68,11 @@ teleport:
+ type: dir
+
+ # List of locations where the audit log events will be stored. By default,
+- # they are stored in `/var/lib/teleport/log`
++ # they are stored in `/var/db/teleport/log`
+ # When specifying multiple destinations like this, make sure that any highly-available
+ # storage methods (like DynamoDB or Firestore) are specified first, as this is what the
+ # Teleport web UI uses as its source of events to display.
+- audit_events_uri: ['dynamodb://events_table_name', 'firestore://events_table_name', 'file:///var/lib/teleport/log', 'stdout://']
++ audit_events_uri: ['dynamodb://events_table_name', 'firestore://events_table_name', 'file:///var/db/teleport/log', 'stdout://']
+
+ # Use this setting to configure teleport to store the recorded sessions in
+ # an AWS S3 bucket or use GCP Storage with 'gs://'. See "Using Amazon S3"
+@@ -131,7 +131,7 @@ auth_service:
+ # By default an automatically generated name is used (not recommended)
+ #
+ # IMPORTANT: if you change cluster_name, it will invalidate all generated
+- # certificates and keys (may need to wipe out /var/lib/teleport directory)
++ # certificates and keys (may need to wipe out /var/db/teleport directory)
+ cluster_name: "main"
+
+ authentication:
+@@ -223,7 +223,7 @@ auth_service:
+ #
+ # If not set, by default Teleport will look for the `license.pem` file in
+ # the configured `data_dir` .
+- license_file: /var/lib/teleport/license.pem
++ license_file: /var/db/teleport/license.pem
+
+ # This section configures the 'node service':
+ ssh_service:
+@@ -320,8 +320,8 @@ proxy_service:
+
+ # TLS certificate for the HTTPS connection. Configuring these properly is
+ # critical for Teleport security.
+- https_key_file: /var/lib/teleport/webproxy_key.pem
+- https_cert_file: /var/lib/teleport/webproxy_cert.pem
++ https_key_file: /var/db/teleport/webproxy_key.pem
++ https_cert_file: /var/db/teleport/webproxy_cert.pem
+
+ # This section configures the Kubernetes proxy service
+ kubernetes:
diff --git a/security/teleport/files/patch-lib_config_fileconf.go b/security/teleport/files/patch-lib_config_fileconf.go
deleted file mode 100644
index 5f8e7c1374a6..000000000000
--- a/security/teleport/files/patch-lib_config_fileconf.go
+++ /dev/null
@@ -1,11 +0,0 @@
---- lib/config/fileconf.go.orig 2020-07-08 18:08:40 UTC
-+++ lib/config/fileconf.go
-@@ -281,7 +281,7 @@ func MakeSampleFileConfig() (fc *FileConfig, err error
- s.Commands = []CommandLabel{
- {
- Name: "hostname",
-- Command: []string{"/usr/bin/hostname"},
-+ Command: []string{"/bin/hostname"},
- Period: time.Minute,
- },
- {
diff --git a/security/teleport/files/patch-lib_defaults_defaults.go b/security/teleport/files/patch-lib_defaults_defaults.go
index 7fbb9101de4f..a0ec9693613e 100644
--- a/security/teleport/files/patch-lib_defaults_defaults.go
+++ b/security/teleport/files/patch-lib_defaults_defaults.go
@@ -1,6 +1,6 @@
---- lib/defaults/defaults.go.orig 2020-07-08 18:08:40 UTC
+--- lib/defaults/defaults.go.orig 2022-02-23 04:58:43 UTC
+++ lib/defaults/defaults.go
-@@ -436,7 +436,7 @@ var (
+@@ -466,7 +466,7 @@ var (
// DataDir is where all mutable data is stored (user keys, recorded sessions,
// registered SSH servers, etc):
diff --git a/security/teleport/files/patch-lib_events_auditlog.go b/security/teleport/files/patch-lib_events_auditlog.go
index 5d4bf68432a4..ab0c4e04e7bf 100644
--- a/security/teleport/files/patch-lib_events_auditlog.go
+++ b/security/teleport/files/patch-lib_events_auditlog.go
@@ -1,4 +1,4 @@
---- lib/events/auditlog.go.orig 2020-07-08 18:08:40 UTC
+--- lib/events/auditlog.go.orig 2022-02-23 04:58:43 UTC
+++ lib/events/auditlog.go
@@ -45,7 +45,7 @@ import (
const (
@@ -8,4 +8,4 @@
+ // in /var/db/teleport/logs/sessions
SessionLogsDir = "sessions"
- // PlaybacksDir is a directory for playbacks
+ // StreamingLogsDir is a subdirectory of sessions /var/lib/teleport/logs/streaming
diff --git a/security/teleport/files/patch-lib_events_doc.go b/security/teleport/files/patch-lib_events_doc.go
index bc308eaeec0e..570c0aba3879 100644
--- a/security/teleport/files/patch-lib_events_doc.go
+++ b/security/teleport/files/patch-lib_events_doc.go
@@ -1,4 +1,4 @@
---- lib/events/doc.go.orig 2020-07-08 18:08:40 UTC
+--- lib/events/doc.go.orig 2022-02-23 04:58:43 UTC
+++ lib/events/doc.go
@@ -85,7 +85,7 @@ Main Audit Log Format
diff --git a/security/teleport/files/patch-lib_services_server.go b/security/teleport/files/patch-lib_services_server.go
index f763c90a51db..a93f72ee384f 100644
--- a/security/teleport/files/patch-lib_services_server.go
+++ b/security/teleport/files/patch-lib_services_server.go
@@ -1,6 +1,6 @@
---- lib/services/server.go.orig 2020-07-08 18:08:40 UTC
+--- lib/services/server.go.orig 2022-02-23 04:58:43 UTC
+++ lib/services/server.go
-@@ -546,7 +546,7 @@ type CommandLabelV1 struct {
+@@ -578,7 +578,7 @@ type CommandLabelV1 struct {
// Period is a time between command runs
Period time.Duration `json:"period"`
// Command is a command to run
diff --git a/security/teleport/files/patch-tool_teleport_common_teleport__test.go b/security/teleport/files/patch-tool_teleport_common_teleport__test.go
index d2f64d5757d3..cccc072a243f 100644
--- a/security/teleport/files/patch-tool_teleport_common_teleport__test.go
+++ b/security/teleport/files/patch-tool_teleport_common_teleport__test.go
@@ -1,4 +1,4 @@
---- tool/teleport/common/teleport_test.go.orig 2020-07-08 18:08:40 UTC
+--- tool/teleport/common/teleport_test.go.orig 2022-02-23 04:58:43 UTC
+++ tool/teleport/common/teleport_test.go
@@ -62,7 +62,7 @@ func (s *MainTestSuite) SetUpSuite(c *check.C) {
diff --git a/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go b/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go
index 1362356deb92..3178f17f721b 100644
--- a/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go
+++ b/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go
@@ -1,4 +1,4 @@
---- vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig 2020-07-24 04:36:27 UTC
+--- vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig 2022-10-14 07:07:07 UTC
+++ vendor/github.com/kr/pty/ztypes_freebsd_arm64.go
@@ -0,0 +1,13 @@
+// Created by cgo -godefs - DO NOT EDIT
diff --git a/security/teleport/files/patch-version.mk b/security/teleport/files/patch-version.mk
index ee12c2c4fbe7..1457af7a19fc 100644
--- a/security/teleport/files/patch-version.mk
+++ b/security/teleport/files/patch-version.mk
@@ -1,4 +1,4 @@
---- version.mk.orig 2020-07-08 18:08:40 UTC
+--- version.mk.orig 2022-02-23 04:58:43 UTC
+++ version.mk
@@ -1,4 +1,4 @@
-GITREF=`git describe --dirty --long --tags`
diff --git a/security/teleport/files/pkg-message.in b/security/teleport/files/pkg-message.in
index 2a874bdc7840..f15cd53d3bfc 100644
--- a/security/teleport/files/pkg-message.in
+++ b/security/teleport/files/pkg-message.in
@@ -1,13 +1,20 @@
[
{ type: install
message: <<EOM
+ATTENTION! This version of Teleport is very old and likely to contain unfixed
+ATTENTION! vulnerabilities. It's only provided to allow for a working upgrade
+ATTENTION! path from 4.3. Watch for an upgrade to teleport5 next.
+ATTENTION! New installations are STRONGLY discouraged (wait for version 7).
+
Quick getting started guide:
1. Read through the Quick Start Guide (see below).
2. Start teleport: su -c 'sysrc teleport_enable=YES'
-3. Start teleport: su -c 'service teleport start'
-3. Add yourself as a user: su -c "tctl users add $USER"
-4. Create a password and 2FA code using the URL emitted during
+3. If not just setting up a node: su -c 'sysrc teleport_roles=auth,proxy,node'
+4. Review and edit /usr/local/etc/teleport.yaml
+5. Start teleport: su -c 'service teleport start'
+6. Add yourself as a user on the auth server: su -c "tctl users add $USER"
+7. Create a password and 2FA code using the URL emitted during
the previous step.
To add a new node to the cluster, on the auth server:
@@ -16,11 +23,11 @@ To add a new node to the cluster, on the auth server:
See the docs for additional details:
-Quick start: https://gravitational.com/teleport/docs/quickstart/
-Admin Manual: https://gravitational.com/teleport/docs/admin-guide/
-User Manual: https://gravitational.com/teleport/docs/user-manual/
-Architecture: https://gravitational.com/teleport/docs/architecture/
-FAQ: https://gravitational.com/teleport/docs/faq/
+Quick start: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/quickstart.mdx
+Admin Manual: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/admin-guide.mdx
+User Manual: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/user-manual.mdx
+Architecture: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/architecture/overview.mdx
+FAQ: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/faq.mdx
EOM
}
]
diff --git a/security/teleport/pkg-descr b/security/teleport/pkg-descr
index d74249c8a8f9..e9cb0029b1fa 100644
--- a/security/teleport/pkg-descr
+++ b/security/teleport/pkg-descr
@@ -1,16 +1,13 @@
What is Teleport?
=================
-Gravitational Teleport ("Teleport") is a modern SSH server for remotely
-accessing clusters of servers via SSH or HTTPS. It is intended to be used
-instead of sshd. Teleport enables teams to easily adopt the best SSH practices
-like:
+Teleport is a gateway for managing access to clusters of *nix servers via
+SSH or the Kubernetes API. While it does also support connecting to
+servers running traditional OpenSSH, its own node deamon is intended to be
+used instead for additional functionality.
-Integrated SSH credentials with your organization Google Apps identities or
-other OAuth identitiy providers. No need to distribute keys: Teleport uses
-certificate-based access with automatic expiration time. Enforcement of 2nd
-factor authentication. Cluster introspection: every Teleport node becomes a part
-of a cluster and is visible on the Web UI. Record and replay SSH sessions for
-knowledge sharing and auditing purposes. Collaboratively troubleshoot issues
-through session sharing. Connect to clusters located behind firewalls without
-direct Internet access via SSH bastions. Teleport is built on top of the
-high-quality Golang SSH implementation and it is compatible with OpenSSH.
+With Teleport it is simple to adopt SSH best practices like using
+certificate-based access and enabling 2FA via TOTP (e.g. Google
+Authenticator), U2F or an SSO provider. Cluster nodes can be accessed via
+a CLI (tsh) or a Web UI which both allow for session sharing. Teleport
+provides centralized user management as well as full session recordings
+that can be played back for knowledge sharing or auditing purposes.