diff options
| author | Sandro <sandro.jaeckel@gmail.com> | 2022-10-06 15:36:47 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-06 15:36:47 +0200 |
| commit | 2fca262fa01813589c5f32b83764791d2a82485b (patch) | |
| tree | 05391a1919cbb79f214e2ed6f6727d33580cc9d3 | |
| parent | cd98042266455c674c908691f37c22550a28a72f (diff) | |
| parent | dba3a8a632b715f1608bb72e88b9c833ce84c0c4 (diff) | |
Merge pull request #194271 from andersk/teleport-10
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2211.section.xml | 10 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2211.section.md | 2 | ||||
| -rw-r--r-- | pkgs/servers/teleport/default.nix | 73 | ||||
| -rw-r--r-- | pkgs/servers/teleport/rdpclient.patch | 23 |
4 files changed, 53 insertions, 55 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 0b59f19a934e2..78bd6c6a22d84 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -538,6 +538,16 @@ </listitem> <listitem> <para> + <literal>teleport</literal> has been upgraded to major version + 10. Please see upstream + <link xlink:href="https://goteleport.com/docs/ver/10.0/management/operations/upgrading/">upgrade + instructions</link> and + <link xlink:href="https://goteleport.com/docs/ver/10.0/changelog/#1000">release + notes</link>. + </para> + </listitem> + <listitem> + <para> lemmy module option <literal>services.lemmy.settings.database.createLocally</literal> moved to diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 7201b0e1cc09e..37b0db8a8ce10 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -180,6 +180,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). - dd-agent package removed along with the `services.dd-agent` module, due to the project being deprecated in favor of `datadog-agent`, which is available via the `services.datadog-agent` module. +- `teleport` has been upgraded to major version 10. Please see upstream [upgrade instructions](https://goteleport.com/docs/ver/10.0/management/operations/upgrading/) and [release notes](https://goteleport.com/docs/ver/10.0/changelog/#1000). + - lemmy module option `services.lemmy.settings.database.createLocally` moved to `services.lemmy.database.createLocally`. diff --git a/pkgs/servers/teleport/default.nix b/pkgs/servers/teleport/default.nix index a7a9b5c8fe515..cf6701fba687b 100644 --- a/pkgs/servers/teleport/default.nix +++ b/pkgs/servers/teleport/default.nix @@ -5,6 +5,7 @@ , makeWrapper , symlinkJoin , CoreFoundation +, libfido2 , openssl , pkg-config , protobuf @@ -14,7 +15,6 @@ , nixosTests , withRdpClient ? true -, withRoleTester ? true }: let # This repo has a private submodule "e" which fetchgit cannot handle without failing. @@ -22,13 +22,13 @@ let owner = "gravitational"; repo = "teleport"; rev = "v${version}"; - sha256 = "sha256-KQfdeMuZ9LJHhEJLMl58Yb0+gxgDT7VcVnK1JxjVZaI="; + hash = "sha256-F5v3/eKPLhSxW7FImTbE+QMtfn8w5WVTrxMWhgNr3YA="; }; - version = "9.1.2"; + version = "10.3.1"; rdpClient = rustPlatform.buildRustPackage rec { - name = "teleport-rdpclient"; - cargoSha256 = "sha256-Jz7bB/f4HRxBhSevmfELSrIm+IXUVlADIgp2qWQd5PY="; + pname = "teleport-rdpclient"; + cargoHash = "sha256-Xmabjoq1NXxXemeR06Gg8R/HwdSE+rsxxX645pQ3SuI="; inherit version src; buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient"; @@ -44,46 +44,32 @@ let OPENSSL_NO_VENDOR = "1"; postInstall = '' - cp -r target $out - ''; - }; - - roleTester = rustPlatform.buildRustPackage { - name = "teleport-roletester"; - inherit version src; - - cargoSha256 = "sha256-gCm4ETbXy6tGJQVSzUkoAWUmKD3poYgkw133LtziASI="; - buildAndTestSubdir = "lib/datalog/roletester"; - - PROTOC = "${protobuf}/bin/protoc"; - PROTOC_INCLUDE = "${protobuf}/include"; - - postInstall = '' - cp -r target $out + mkdir -p $out/include + cp ${buildAndTestSubdir}/librdprs.h $out/include/ ''; }; webassets = fetchFromGitHub { owner = "gravitational"; repo = "webassets"; - rev = "67e608db77300d8a6cb17709be67f12c1d3271c3"; - sha256 = "sha256-o4qjXGaNi5XDSUQrUuU+G77EdRnvJ1WUPWrryZU1CUE="; + # Submodule rev from https://github.com/gravitational/teleport/tree/v10.3.1 + rev = "6710dcd0dc19ad101bac3259c463ef940f2ab1f3"; + hash = "sha256-A13FSpgJODmhugAwy4kqiDw4Rihr//DhQX/bjwaeo2A="; }; in buildGoModule rec { pname = "teleport"; inherit src version; - vendorSha256 = "sha256-UMgWM7KHag99JR4i4mwVHa6yd9aHQ6Dy+pmUijNL4Ew="; + vendorHash = "sha256-2Zrd3CbZvxns9lNVtwaaor1mi97IhPc+MRJhj3rU760="; subPackages = [ "tool/tbot" "tool/tctl" "tool/teleport" "tool/tsh" ]; - tags = [ "webassets_embed" ] - ++ lib.optional withRdpClient "desktop_access_rdp" - ++ lib.optional withRoleTester "roletester"; + tags = [ "libfido2" "webassets_embed" ] + ++ lib.optional withRdpClient "desktop_access_rdp"; - buildInputs = [ openssl ] + buildInputs = [ openssl libfido2 ] ++ lib.optionals (stdenv.isDarwin && withRdpClient) [ CoreFoundation Security ]; - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [ makeWrapper pkg-config ]; patches = [ # https://github.com/NixOS/nixpkgs/issues/120738 @@ -97,31 +83,26 @@ buildGoModule rec { # Reduce closure size for client machines outputs = [ "out" "client" ]; - preBuild = - let rustDeps = symlinkJoin { - name = "teleport-rust-deps"; - paths = lib.optional withRdpClient rdpClient - ++ lib.optional withRoleTester roleTester; - }; - in - '' - mkdir -p build - echo "making webassets" - cp -r ${webassets}/* webassets/ - make lib/web/build/webassets - - cp -r ${rustDeps}/. . - ''; + preBuild = '' + mkdir -p build + echo "making webassets" + cp -r ${webassets}/* webassets/ + make -j$NIX_BUILD_CORES lib/web/build/webassets + '' + lib.optionalString withRdpClient '' + ln -s ${rdpClient}/lib/* lib/ + ln -s ${rdpClient}/include/* lib/srv/desktop/rdp/rdpclient/ + ''; # Multiple tests fail in the build sandbox # due to trying to spawn nixbld's shell (/noshell), etc. doCheck = false; postInstall = '' - install -Dm755 -t $client/bin $out/bin/tsh + mkdir -p $client/bin + mv {$out,$client}/bin/tsh # make xdg-open overrideable at runtime wrapProgram $client/bin/tsh --suffix PATH : ${lib.makeBinPath [ xdg-utils ]} - wrapProgram $out/bin/tsh --suffix PATH : ${lib.makeBinPath [ xdg-utils ]} + ln -s {$client,$out}/bin/tsh ''; doInstallCheck = true; diff --git a/pkgs/servers/teleport/rdpclient.patch b/pkgs/servers/teleport/rdpclient.patch index 141d85ce42c6e..4f35cd184ab5e 100644 --- a/pkgs/servers/teleport/rdpclient.patch +++ b/pkgs/servers/teleport/rdpclient.patch @@ -1,17 +1,22 @@ diff --git a/lib/srv/desktop/rdp/rdpclient/client.go b/lib/srv/desktop/rdp/rdpclient/client.go -index d191c768f..71117a30d 100644 +index 4357d7aa1..7e21a0076 100644 --- a/lib/srv/desktop/rdp/rdpclient/client.go +++ b/lib/srv/desktop/rdp/rdpclient/client.go -@@ -56,10 +56,10 @@ package rdpclient - #cgo linux,amd64 LDFLAGS: -L${SRCDIR}/../../../../../target/x86_64-unknown-linux-gnu/release - #cgo linux,arm LDFLAGS: -L${SRCDIR}/../../../../../target/arm-unknown-linux-gnueabihf/release - #cgo linux,arm64 LDFLAGS: -L${SRCDIR}/../../../../../target/aarch64-unknown-linux-gnu/release +@@ -52,14 +52,9 @@ package rdpclient + + /* + // Flags to include the static Rust library. +-#cgo linux,386 LDFLAGS: -L${SRCDIR}/../../../../../target/i686-unknown-linux-gnu/release +-#cgo linux,amd64 LDFLAGS: -L${SRCDIR}/../../../../../target/x86_64-unknown-linux-gnu/release +-#cgo linux,arm LDFLAGS: -L${SRCDIR}/../../../../../target/arm-unknown-linux-gnueabihf/release +-#cgo linux,arm64 LDFLAGS: -L${SRCDIR}/../../../../../target/aarch64-unknown-linux-gnu/release -#cgo linux LDFLAGS: -l:librdp_client.a -lpthread -ldl -lm -+#cgo linux LDFLAGS: -l:librdp_client.a -lpthread -ldl -lm -lssl -lcrypto - #cgo darwin,amd64 LDFLAGS: -L${SRCDIR}/../../../../../target/x86_64-apple-darwin/release - #cgo darwin,arm64 LDFLAGS: -L${SRCDIR}/../../../../../target/aarch64-apple-darwin/release +-#cgo darwin,amd64 LDFLAGS: -L${SRCDIR}/../../../../../target/x86_64-apple-darwin/release +-#cgo darwin,arm64 LDFLAGS: -L${SRCDIR}/../../../../../target/aarch64-apple-darwin/release -#cgo darwin LDFLAGS: -framework CoreFoundation -framework Security -lrdp_client -lpthread -ldl -lm -+#cgo darwin LDFLAGS: -framework CoreFoundation -framework Security -lrdp_client -lpthread -ldl -lm -lssl -lcrypto ++#cgo LDFLAGS: -L${SRCDIR}/../../../../../lib -lpthread -ldl -lm -lssl -lcrypto ++#cgo linux LDFLAGS: -l:librdp_client.a ++#cgo darwin LDFLAGS: -framework CoreFoundation -framework Security -lrdp_client #include <librdprs.h> */ import "C" |