security/teleport: Update version 4.4.12=>5.2.5
This port was marked to expire on 2023-03-31 but there was another port security/teleport5 with more recent version from upstream. So move security/teleport5 to security/teleport. Pet portlint/portclippy while I am here. Approved by: portmgr (blanket)
This commit is contained in:
Muhammad Moinur Rahman
parent
e54484d4d7
commit
301d2b57c4
20 changed files with 23 additions and 467 deletions
1
MOVED
1
MOVED
|
|
@ -17886,3 +17886,4 @@ devel/horde-content||2023-03-31|Has expired: Requires php74
|
|||
devel/horde-timeobjects||2023-03-31|Has expired: Requires php74
|
||||
www/horde-base||2023-03-31|Has expired: Requires php74
|
||||
multimedia/transcode||2023-03-31|Has expired: abandoned by upstream and does not build
|
||||
security/teleport5|security/teleport|2023-03-31|More recent version than expired teleport port
|
||||
|
|
|
|||
|
|
@ -1268,7 +1268,6 @@
|
|||
SUBDIR += tclsasl
|
||||
SUBDIR += tcpcrypt
|
||||
SUBDIR += teleport
|
||||
SUBDIR += teleport5
|
||||
SUBDIR += testssl.sh
|
||||
SUBDIR += tfhe
|
||||
SUBDIR += tfsec
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
PORTNAME= teleport
|
||||
DISTVERSIONPREFIX= v
|
||||
DISTVERSION= 4.4.12
|
||||
PORTREVISION= 5
|
||||
DISTVERSION= 5.2.5
|
||||
CATEGORIES= security
|
||||
|
||||
MAINTAINER= kraileth@elderlinux.org
|
||||
|
|
@ -10,9 +9,6 @@ WWW= https://goteleport.com/teleport
|
|||
|
||||
LICENSE= APACHE20
|
||||
|
||||
DEPRECATED= End of life, users are recommended to use security/teleport5 as an upgrade path
|
||||
EXPIRATION_DATE=2023-03-31
|
||||
|
||||
NOT_FOR_ARCHS= i386
|
||||
NOT_FOR_ARCHS_REASON= Uses 64bit types
|
||||
|
||||
|
|
@ -21,19 +17,16 @@ BUILD_DEPENDS= zip:archivers/zip
|
|||
# If you need the auth service to work, you need to compile this port with
|
||||
# Go 1.17 or older. In case tsh is what you're after, Go 1.19 is fine.
|
||||
USES= compiler gmake go
|
||||
|
||||
USE_GITHUB= yes
|
||||
GH_ACCOUNT= gravitational
|
||||
GH_TUPLE= gravitational:webassets:2ee76aa:webassets/webassets
|
||||
GH_COMMIT_SHORT= fabee242d
|
||||
GH_TUPLE= gravitational:webassets:8ace0cf:webassets/webassets
|
||||
GH_COMMIT_SHORT= f8ba4afd9
|
||||
GH_TAG_COMMIT= ${DISTVERSIONPREFIX}${DISTVERSION}-0-g${GH_COMMIT_SHORT}
|
||||
|
||||
USE_RC_SUBR= teleport
|
||||
|
||||
# Extra assets are stored in the binary and must not be inadvertently removed
|
||||
STRIP=
|
||||
NOPRECIOUSMAKEVARS= YES
|
||||
|
||||
SUB_FILES= pkg-message
|
||||
|
||||
PLIST_FILES= bin/tctl \
|
||||
|
|
@ -48,6 +41,8 @@ post-patch:
|
|||
@${MKDIR} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}
|
||||
@${REINPLACE_CMD} -e 's|%%GH_TAG_COMMIT%%|${GH_TAG_COMMIT}|' \
|
||||
${WRKSRC}/version.mk
|
||||
@${FIND} ${WRKSRC}/docs/pages -iname '*.mdx' | ${XARGS} \
|
||||
${REINPLACE_CMD} -i '' -e 's|/var/lib|/var/db|g'
|
||||
@${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/vendor/* ${WRKDIR}/src/
|
||||
@${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/* ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
TIMESTAMP = 1665730213
|
||||
SHA256 (gravitational-teleport-v4.4.12_GH0.tar.gz) = 097537273bd0579b3b833870cab74ce1da5432357a14c5501db7a2c525fbcb15
|
||||
SIZE (gravitational-teleport-v4.4.12_GH0.tar.gz) = 37824023
|
||||
SHA256 (gravitational-webassets-2ee76aa_GH0.tar.gz) = 16c5fbdc43723c392d46163073053c850cae7d355fb97b5ba8fd298246be85c4
|
||||
SIZE (gravitational-webassets-2ee76aa_GH0.tar.gz) = 4684443
|
||||
TIMESTAMP = 1670876102
|
||||
SHA256 (gravitational-teleport-v5.2.5_GH0.tar.gz) = 81b48678ead350ca40183ffef70c4afe0ffdcf1e895d04c0bc62eab180b41065
|
||||
SIZE (gravitational-teleport-v5.2.5_GH0.tar.gz) = 41856905
|
||||
SHA256 (gravitational-webassets-8ace0cf_GH0.tar.gz) = 87b4a3beff4259ff48d30a03cb2e5ac580dc964eac5218518ac89ede450d2220
|
||||
SIZE (gravitational-webassets-8ace0cf_GH0.tar.gz) = 4719723
|
||||
|
|
|
|||
|
|
@ -1,68 +0,0 @@
|
|||
--- docs/pages/config-reference.mdx.orig 2022-02-23 04:58:43 UTC
|
||||
+++ docs/pages/config-reference.mdx
|
||||
@@ -21,7 +21,7 @@ teleport:
|
||||
|
||||
# Data directory where Teleport daemon keeps its data.
|
||||
# See "Filesystem Layout" section above for more details.
|
||||
- data_dir: /var/lib/teleport
|
||||
+ data_dir: /var/db/teleport
|
||||
|
||||
# Invitation token used to join a cluster. it is not used on
|
||||
# subsequent starts
|
||||
@@ -52,11 +52,11 @@ teleport:
|
||||
max_connections: 1000
|
||||
max_users: 250
|
||||
|
||||
- # Logging configuration. Possible output values to disk via '/var/lib/teleport/teleport.log',
|
||||
+ # Logging configuration. Possible output values to disk via '/var/db/teleport/teleport.log',
|
||||
# 'stdout', 'stderr' and 'syslog'. Possible severity values are INFO, WARN
|
||||
# and ERROR (default). Possible format values include: timestamp, component, caller, and level.
|
||||
log:
|
||||
- output: /var/lib/teleport/teleport.log
|
||||
+ output: /var/db/teleport/teleport.log
|
||||
severity: ERROR
|
||||
format: [level, timestamp, component, caller]
|
||||
# Configuration for the storage back-end used for the cluster state and the
|
||||
@@ -68,11 +68,11 @@ teleport:
|
||||
type: dir
|
||||
|
||||
# List of locations where the audit log events will be stored. By default,
|
||||
- # they are stored in `/var/lib/teleport/log`
|
||||
+ # they are stored in `/var/db/teleport/log`
|
||||
# When specifying multiple destinations like this, make sure that any highly-available
|
||||
# storage methods (like DynamoDB or Firestore) are specified first, as this is what the
|
||||
# Teleport web UI uses as its source of events to display.
|
||||
- audit_events_uri: ['dynamodb://events_table_name', 'firestore://events_table_name', 'file:///var/lib/teleport/log', 'stdout://']
|
||||
+ audit_events_uri: ['dynamodb://events_table_name', 'firestore://events_table_name', 'file:///var/db/teleport/log', 'stdout://']
|
||||
|
||||
# Use this setting to configure teleport to store the recorded sessions in
|
||||
# an AWS S3 bucket or use GCP Storage with 'gs://'. See "Using Amazon S3"
|
||||
@@ -131,7 +131,7 @@ auth_service:
|
||||
# By default an automatically generated name is used (not recommended)
|
||||
#
|
||||
# IMPORTANT: if you change cluster_name, it will invalidate all generated
|
||||
- # certificates and keys (may need to wipe out /var/lib/teleport directory)
|
||||
+ # certificates and keys (may need to wipe out /var/db/teleport directory)
|
||||
cluster_name: "main"
|
||||
|
||||
authentication:
|
||||
@@ -223,7 +223,7 @@ auth_service:
|
||||
#
|
||||
# If not set, by default Teleport will look for the `license.pem` file in
|
||||
# the configured `data_dir` .
|
||||
- license_file: /var/lib/teleport/license.pem
|
||||
+ license_file: /var/db/teleport/license.pem
|
||||
|
||||
# This section configures the 'node service':
|
||||
ssh_service:
|
||||
@@ -320,8 +320,8 @@ proxy_service:
|
||||
|
||||
# TLS certificate for the HTTPS connection. Configuring these properly is
|
||||
# critical for Teleport security.
|
||||
- https_key_file: /var/lib/teleport/webproxy_key.pem
|
||||
- https_cert_file: /var/lib/teleport/webproxy_cert.pem
|
||||
+ https_key_file: /var/db/teleport/webproxy_key.pem
|
||||
+ https_cert_file: /var/db/teleport/webproxy_cert.pem
|
||||
|
||||
# This section configures the Kubernetes proxy service
|
||||
kubernetes:
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
message: <<EOM
|
||||
ATTENTION! This version of Teleport is very old and likely to contain unfixed
|
||||
ATTENTION! vulnerabilities. It's only provided to allow for a working upgrade
|
||||
ATTENTION! path from 4.3. Watch for an upgrade to teleport5 next.
|
||||
ATTENTION! path from 4.4. Watch for an upgrade to teleport6 next.
|
||||
ATTENTION! New installations are STRONGLY discouraged (wait for version 7).
|
||||
|
||||
Quick getting started guide:
|
||||
|
|
@ -23,11 +23,11 @@ To add a new node to the cluster, on the auth server:
|
|||
|
||||
See the docs for additional details:
|
||||
|
||||
Quick start: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/quickstart.mdx
|
||||
Admin Manual: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/admin-guide.mdx
|
||||
User Manual: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/user-manual.mdx
|
||||
Architecture: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/architecture/overview.mdx
|
||||
FAQ: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/faq.mdx
|
||||
Quick start: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/quickstart.mdx
|
||||
Admin Manual: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/admin-guide.mdx
|
||||
User Manual: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/user-manual.mdx
|
||||
Architecture: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/architecture/overview.mdx
|
||||
FAQ: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/faq.mdx
|
||||
EOM
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
# teleport_roles (dir): Set roles to run teleport in.
|
||||
# Default is "node".
|
||||
# Can be any combination of
|
||||
# "proxy" "node" and "auth", separated by commas
|
||||
# "node", "app", "proxy" and "auth", separated by commas
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@ used instead for additional functionality.
|
|||
With Teleport it is simple to adopt SSH best practices like using
|
||||
certificate-based access and enabling 2FA via TOTP (e.g. Google
|
||||
Authenticator), U2F or an SSO provider. Cluster nodes can be accessed via
|
||||
a CLI (tsh) or a Web UI which both allow for session sharing. Teleport
|
||||
provides centralized user management as well as full session recordings
|
||||
that can be played back for knowledge sharing or auditing purposes.
|
||||
a CLI (tsh) or a Web UI which both allow for session sharing.
|
||||
|
||||
Teleport provides centralized user management as well as full session
|
||||
recordings that can be played back for knowledge sharing or auditing
|
||||
purposes. It can also be used to protect Web applications like dashboards.
|
||||
|
|
|
|||
|
|
@ -1,78 +0,0 @@
|
|||
PORTNAME= teleport
|
||||
DISTVERSIONPREFIX= v
|
||||
DISTVERSION= 5.2.5
|
||||
PORTREVISION= 4
|
||||
CATEGORIES= security
|
||||
PKGNAMESUFFIX= 5
|
||||
|
||||
MAINTAINER= kraileth@elderlinux.org
|
||||
COMMENT= Centralized access gateway using the SSH protocol
|
||||
WWW= https://goteleport.com/teleport
|
||||
|
||||
LICENSE= APACHE20
|
||||
|
||||
NOT_FOR_ARCHS= i386
|
||||
NOT_FOR_ARCHS_REASON= Uses 64bit types
|
||||
|
||||
BUILD_DEPENDS= zip:archivers/zip
|
||||
|
||||
# If you need the auth service to work, you need to compile this port with
|
||||
# Go 1.17 or older. In case tsh is what you're after, Go 1.19 is fine.
|
||||
USES= compiler gmake go
|
||||
|
||||
USE_GITHUB= yes
|
||||
GH_ACCOUNT= gravitational
|
||||
GH_TUPLE= gravitational:webassets:8ace0cf:webassets/webassets
|
||||
GH_COMMIT_SHORT= f8ba4afd9
|
||||
GH_TAG_COMMIT= ${DISTVERSIONPREFIX}${DISTVERSION}-0-g${GH_COMMIT_SHORT}
|
||||
|
||||
USE_RC_SUBR= teleport
|
||||
|
||||
# Extra assets are stored in the binary and must not be inadvertently removed
|
||||
STRIP=
|
||||
NOPRECIOUSMAKEVARS= YES
|
||||
|
||||
SUB_FILES= pkg-message
|
||||
|
||||
PLIST_FILES= bin/tctl \
|
||||
bin/teleport \
|
||||
bin/tsh \
|
||||
"@sample etc/teleport.yaml.sample"
|
||||
|
||||
GO_TELEPORT_SRC_DIR= src/github.com/gravitational/teleport
|
||||
PRE_GOPATH_DIR= ${PORTNAME}-${DISTVERSION}${DISTVERSIONSUFFIX}
|
||||
|
||||
post-patch:
|
||||
@${MKDIR} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}
|
||||
@${REINPLACE_CMD} -e 's|%%GH_TAG_COMMIT%%|${GH_TAG_COMMIT}|' \
|
||||
${WRKSRC}/version.mk
|
||||
@${FIND} ${WRKSRC}/docs/pages -iname '*.mdx' | ${XARGS} \
|
||||
${REINPLACE_CMD} -i '' -e 's|/var/lib|/var/db|g'
|
||||
@${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/vendor/* ${WRKDIR}/src/
|
||||
@${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/* ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/
|
||||
|
||||
do-build:
|
||||
@cd ${WRKDIR}/${GO_TELEPORT_SRC_DIR} && \
|
||||
${SETENV} ${MAKE_ENV} ${BUILD_ENV} ${GO_ENV} \
|
||||
CGO_ENABLED=1 GOPATH=${WRKDIR} \
|
||||
${GMAKE} full
|
||||
|
||||
do-install:
|
||||
${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/teleport configure > ${STAGEDIR}${PREFIX}/etc/teleport.yaml.sample
|
||||
@${SED} -i '' \
|
||||
-e "s|nodename: .*|nodename: |g" \
|
||||
-e "s|cluster-join-token||g" \
|
||||
${STAGEDIR}${PREFIX}/etc/teleport.yaml.sample
|
||||
${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/teleport ${STAGEDIR}${PREFIX}/bin
|
||||
${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/tsh ${STAGEDIR}${PREFIX}/bin
|
||||
${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/tctl ${STAGEDIR}${PREFIX}/bin
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
# golang assumes that if clang is in use, it is called "clang" and not "cc". If
|
||||
# it's called "cc", go fails.
|
||||
.if ${COMPILER_TYPE} == clang
|
||||
BUILD_ENV= CC=clang
|
||||
.endif
|
||||
|
||||
.include <bsd.port.post.mk>
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
TIMESTAMP = 1670876102
|
||||
SHA256 (gravitational-teleport-v5.2.5_GH0.tar.gz) = 81b48678ead350ca40183ffef70c4afe0ffdcf1e895d04c0bc62eab180b41065
|
||||
SIZE (gravitational-teleport-v5.2.5_GH0.tar.gz) = 41856905
|
||||
SHA256 (gravitational-webassets-8ace0cf_GH0.tar.gz) = 87b4a3beff4259ff48d30a03cb2e5ac580dc964eac5218518ac89ede450d2220
|
||||
SIZE (gravitational-webassets-8ace0cf_GH0.tar.gz) = 4719723
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
--- lib/defaults/defaults.go.orig 2022-02-23 04:58:43 UTC
|
||||
+++ lib/defaults/defaults.go
|
||||
@@ -466,7 +466,7 @@ var (
|
||||
|
||||
// DataDir is where all mutable data is stored (user keys, recorded sessions,
|
||||
// registered SSH servers, etc):
|
||||
- DataDir = "/var/lib/teleport"
|
||||
+ DataDir = "/var/db/teleport"
|
||||
|
||||
// StartRoles is default roles teleport assumes when started via 'start' command
|
||||
StartRoles = []string{RoleProxy, RoleNode, RoleAuthService}
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
--- lib/events/auditlog.go.orig 2022-02-23 04:58:43 UTC
|
||||
+++ lib/events/auditlog.go
|
||||
@@ -45,7 +45,7 @@ import (
|
||||
const (
|
||||
// SessionLogsDir is a subdirectory inside the eventlog data dir
|
||||
// where all session-specific logs and streams are stored, like
|
||||
- // in /var/lib/teleport/logs/sessions
|
||||
+ // in /var/db/teleport/logs/sessions
|
||||
SessionLogsDir = "sessions"
|
||||
|
||||
// StreamingLogsDir is a subdirectory of sessions /var/lib/teleport/logs/streaming
|
||||
|
|
@ -1,110 +0,0 @@
|
|||
--- lib/events/doc.go.orig 2022-02-23 04:58:43 UTC
|
||||
+++ lib/events/doc.go
|
||||
@@ -85,7 +85,7 @@ Main Audit Log Format
|
||||
|
||||
The main log files are saved as:
|
||||
|
||||
- /var/lib/teleport/log/<auth-server-id>/<date>.log
|
||||
+ /var/db/teleport/log/<auth-server-id>/<date>.log
|
||||
|
||||
The log file is rotated every 24 hours. The old files must be cleaned
|
||||
up or archived by an external tool.
|
||||
@@ -111,7 +111,7 @@ Each session has its own session log stored as several
|
||||
|
||||
Index file contains a list of event files and chunks files associated with a session:
|
||||
|
||||
- /var/lib/teleport/log/sessions/<auth-server-id>/<session-id>.index
|
||||
+ /var/db/teleport/log/sessions/<auth-server-id>/<session-id>.index
|
||||
|
||||
The format of the index file contains of two or more lines with pointers to other files:
|
||||
|
||||
@@ -120,8 +120,8 @@ The format of the index file contains of two or more l
|
||||
|
||||
Files:
|
||||
|
||||
- /var/lib/teleport/log/<auth-server-id>/<session-id>-<first-event-in-file-index>.events
|
||||
- /var/lib/teleport/log/<auth-server-id>/<session-id>-<first-chunk-in-file-offset>.chunks
|
||||
+ /var/db/teleport/log/<auth-server-id>/<session-id>-<first-event-in-file-index>.events
|
||||
+ /var/db/teleport/log/<auth-server-id>/<session-id>-<first-chunk-in-file-offset>.chunks
|
||||
|
||||
Where:
|
||||
- .events (same events as in the main log, but related to the session)
|
||||
@@ -135,7 +135,7 @@ Examples
|
||||
In the simplest case, single auth server a1 log for a single session id s1
|
||||
will consist of three files:
|
||||
|
||||
-/var/lib/teleport/a1/s1.index
|
||||
+/var/db/teleport/a1/s1.index
|
||||
|
||||
With contents:
|
||||
|
||||
@@ -146,14 +146,14 @@ This means that all session events are located in s1-0
|
||||
the first event with index 0 and all chunks are located in file s1-0.chunks file
|
||||
with the byte offset from the start - 0.
|
||||
|
||||
-File with session events /var/lib/teleport/a1/s1-0.events will contain:
|
||||
+File with session events /var/db/teleport/a1/s1-0.events will contain:
|
||||
|
||||
{"ei":0,"event":"session.start", ...}
|
||||
{"ei":1,"event":"resize",...}
|
||||
{"ei":2,"ci":0, "event":"print","bytes":40,"offset":0}
|
||||
{"ei":3,"event":"session.end", ...}
|
||||
|
||||
-File with recorded session /var/lib/teleport/a1/s1-0.chunks will contain 40 bytes
|
||||
+File with recorded session /var/db/teleport/a1/s1-0.chunks will contain 40 bytes
|
||||
emitted by print event with chunk index 0
|
||||
|
||||
**Multiple Auth Servers**
|
||||
@@ -164,7 +164,7 @@ In high availability mode scenario, multiple auth serv
|
||||
Any auth server can go down during session and clients will retry the delivery
|
||||
to the other auth server.
|
||||
|
||||
-Both auth servers have mounted /var/lib/teleport/log as a shared NFS folder.
|
||||
+Both auth servers have mounted /var/db/teleport/log as a shared NFS folder.
|
||||
|
||||
To make sure that only one auth server writes to a file at a time,
|
||||
each auth server writes to it's own file in a sub folder named
|
||||
@@ -176,37 +176,37 @@ and the second batch of event to the second server a2.
|
||||
|
||||
Server a1 will produce the following file:
|
||||
|
||||
-/var/lib/teleport/a1/s1.index
|
||||
+/var/db/teleport/a1/s1.index
|
||||
|
||||
With contents:
|
||||
|
||||
{"file_name":"s1-0.events","type":"events","index":0}
|
||||
{"file_name":"s1-0.chunks","type":"chunks","offset":0}
|
||||
|
||||
-Events file /var/lib/teleport/a1/s1-0.events will contain:
|
||||
+Events file /var/db/teleport/a1/s1-0.events will contain:
|
||||
|
||||
{"ei":0,"event":"session.start", ...}
|
||||
{"ei":1,"event":"resize",...}
|
||||
{"ei":2,"ci":0, "event":"print","bytes":40,"offset":0}
|
||||
|
||||
-Events file /var/lib/teleport/a1/s1-0.chunks will contain 40 bytes
|
||||
+Events file /var/db/teleport/a1/s1-0.chunks will contain 40 bytes
|
||||
emitted by print event with chunk index.
|
||||
|
||||
Server a2 will produce the following file:
|
||||
|
||||
-/var/lib/teleport/a2/s1.index
|
||||
+/var/db/teleport/a2/s1.index
|
||||
|
||||
With contents:
|
||||
|
||||
{"file_name":"s1-3.events","type":"events","index":3}
|
||||
{"file_name":"s1-40.chunks","type":"chunks","offset":40}
|
||||
|
||||
-Events file /var/lib/teleport/a2/s1-4.events will contain:
|
||||
+Events file /var/db/teleport/a2/s1-4.events will contain:
|
||||
|
||||
{"ei":3,"ci":1, "event":"print","bytes":15,"ms":713,"offset":40}
|
||||
{"ei":4,"event":"session.end", ...}
|
||||
|
||||
-Events file /var/lib/teleport/a2/s1-40.chunks will contain 15 bytes emitted
|
||||
+Events file /var/db/teleport/a2/s1-40.chunks will contain 15 bytes emitted
|
||||
by print event with chunk index 1 and comes after delay of 713 milliseconds.
|
||||
|
||||
Offset 40 indicates that the first chunk stored in the file s1-40.chunks
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
--- lib/services/server.go.orig 2022-02-23 04:58:43 UTC
|
||||
+++ lib/services/server.go
|
||||
@@ -578,7 +578,7 @@ type CommandLabelV1 struct {
|
||||
// Period is a time between command runs
|
||||
Period time.Duration `json:"period"`
|
||||
// Command is a command to run
|
||||
- Command []string `json:"command"` //["/usr/bin/hostname", "--long"]
|
||||
+ Command []string `json:"command"` //["/bin/hostname", "--long"]
|
||||
// Result captures standard output
|
||||
Result string `json:"result"`
|
||||
}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
--- tool/teleport/common/teleport_test.go.orig 2022-02-23 04:58:43 UTC
|
||||
+++ tool/teleport/common/teleport_test.go
|
||||
@@ -62,7 +62,7 @@ func (s *MainTestSuite) SetUpSuite(c *check.C) {
|
||||
|
||||
// set imprtant defaults to test-mode (non-existing files&locations)
|
||||
defaults.ConfigFilePath = "/tmp/teleport/etc/teleport.yaml"
|
||||
- defaults.DataDir = "/tmp/teleport/var/lib/teleport"
|
||||
+ defaults.DataDir = "/tmp/teleport/var/db/teleport"
|
||||
}
|
||||
|
||||
func (s *MainTestSuite) TestDefault(c *check.C) {
|
||||
@@ -72,7 +72,7 @@ func (s *MainTestSuite) TestDefault(c *check.C) {
|
||||
})
|
||||
c.Assert(cmd, check.Equals, "start")
|
||||
c.Assert(conf.Hostname, check.Equals, s.hostname)
|
||||
- c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/lib/teleport")
|
||||
+ c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/db/teleport")
|
||||
c.Assert(conf.Auth.Enabled, check.Equals, true)
|
||||
c.Assert(conf.SSH.Enabled, check.Equals, true)
|
||||
c.Assert(conf.Proxy.Enabled, check.Equals, true)
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
--- vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig 2022-10-14 07:07:07 UTC
|
||||
+++ vendor/github.com/kr/pty/ztypes_freebsd_arm64.go
|
||||
@@ -0,0 +1,13 @@
|
||||
+// Created by cgo -godefs - DO NOT EDIT
|
||||
+// cgo -godefs types_freebsd.go
|
||||
+
|
||||
+package pty
|
||||
+
|
||||
+const (
|
||||
+ _C_SPECNAMELEN = 0x3f
|
||||
+)
|
||||
+
|
||||
+type fiodgnameArg struct {
|
||||
+ Len int32
|
||||
+ Buf *byte
|
||||
+}
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
--- version.mk.orig 2022-02-23 04:58:43 UTC
|
||||
+++ version.mk
|
||||
@@ -1,4 +1,4 @@
|
||||
-GITREF=`git describe --dirty --long --tags`
|
||||
+GITREF=%%GH_TAG_COMMIT%%
|
||||
|
||||
# $(VERSION_GO) will be written to version.go
|
||||
VERSION_GO="/* DO NOT EDIT THIS FILE. IT IS GENERATED BY 'make setver'*/\n\n\
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
[
|
||||
{ type: install
|
||||
message: <<EOM
|
||||
ATTENTION! This version of Teleport is very old and likely to contain unfixed
|
||||
ATTENTION! vulnerabilities. It's only provided to allow for a working upgrade
|
||||
ATTENTION! path from 4.4. Watch for an upgrade to teleport6 next.
|
||||
ATTENTION! New installations are STRONGLY discouraged (wait for version 7).
|
||||
|
||||
Quick getting started guide:
|
||||
|
||||
1. Read through the Quick Start Guide (see below).
|
||||
2. Start teleport: su -c 'sysrc teleport_enable=YES'
|
||||
3. If not just setting up a node: su -c 'sysrc teleport_roles=auth,proxy,node'
|
||||
4. Review and edit /usr/local/etc/teleport.yaml
|
||||
5. Start teleport: su -c 'service teleport start'
|
||||
6. Add yourself as a user on the auth server: su -c "tctl users add $USER"
|
||||
7. Create a password and 2FA code using the URL emitted during
|
||||
the previous step.
|
||||
|
||||
To add a new node to the cluster, on the auth server:
|
||||
|
||||
$ tctl nodes add --ttl=5m --roles=node,proxy
|
||||
|
||||
See the docs for additional details:
|
||||
|
||||
Quick start: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/quickstart.mdx
|
||||
Admin Manual: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/admin-guide.mdx
|
||||
User Manual: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/user-manual.mdx
|
||||
Architecture: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/architecture/overview.mdx
|
||||
FAQ: https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/faq.mdx
|
||||
EOM
|
||||
}
|
||||
]
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# PROVIDE: teleport
|
||||
# REQUIRE: NETWORKING SERVERS DAEMON
|
||||
# KEYWORD: shutdown
|
||||
#
|
||||
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
|
||||
# to enable this service:
|
||||
#
|
||||
# teleport_enable (bool): Set to NO by default.
|
||||
# Set it to YES to enable teleport.
|
||||
# teleport_config (str): Configuration file.
|
||||
# Default is "${LOCALBASE}/etc/teleport.yaml"
|
||||
# teleport_dir (dir): Set dir to run teleport in.
|
||||
# Default is "/var/db/teleport".
|
||||
# teleport_roles (dir): Set roles to run teleport in.
|
||||
# Default is "node".
|
||||
# Can be any combination of
|
||||
# "node", "app", "proxy" and "auth", separated by commas
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name=teleport
|
||||
rcvar=teleport_enable
|
||||
|
||||
load_rc_config $name
|
||||
|
||||
: ${teleport_enable:="NO"}
|
||||
: ${teleport_config:="%%PREFIX%%/etc/teleport.yaml"}
|
||||
: ${teleport_args:="--config=${teleport_config}"}
|
||||
: ${teleport_dir:="/var/db/teleport"}
|
||||
: ${teleport_roles:="node"}
|
||||
|
||||
pidfile=/var/run/teleport.pid
|
||||
required_files="${teleport_config}"
|
||||
procname="%%PREFIX%%/bin/teleport"
|
||||
command="/usr/sbin/daemon"
|
||||
|
||||
DAEMON=$(daemon 2>&1 | grep -q syslog ; echo $?)
|
||||
if [ ${DAEMON} -eq 0 ]; then
|
||||
DAEMON_SYSLOG_FLAGS="-S -T teleport -s info -m 3"
|
||||
else
|
||||
DAEMON_SYSLOG_FLAGS=""
|
||||
fi
|
||||
|
||||
command_args="${DAEMON_SYSLOG_FLAGS} -f -p ${pidfile} /usr/bin/env ${teleport_env} ${procname} start --roles=${teleport_roles} ${teleport_args}"
|
||||
|
||||
start_precmd="teleport_prestart"
|
||||
|
||||
teleport_prestart()
|
||||
{
|
||||
mkdir -p ${teleport_dir}
|
||||
}
|
||||
|
||||
run_rc_command "$1"
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
What is Teleport?
|
||||
=================
|
||||
Teleport is a gateway for managing access to clusters of *nix servers via
|
||||
SSH or the Kubernetes API. While it does also support connecting to
|
||||
servers running traditional OpenSSH, its own node deamon is intended to be
|
||||
used instead for additional functionality.
|
||||
|
||||
With Teleport it is simple to adopt SSH best practices like using
|
||||
certificate-based access and enabling 2FA via TOTP (e.g. Google
|
||||
Authenticator), U2F or an SSO provider. Cluster nodes can be accessed via
|
||||
a CLI (tsh) or a Web UI which both allow for session sharing.
|
||||
|
||||
Teleport provides centralized user management as well as full session
|
||||
recordings that can be played back for knowledge sharing or auditing
|
||||
purposes. It can also be used to protect Web applications like dashboards.
|
||||
Loading…
Reference in a new issue