Merge pull request #171165 from justinas/teleport-9

teleport: 8.1.3 -> 9.1.2, add rdpclient

nixos/doc/manual/from_md/release-notes/rl-2205.section.xml

@@ -1173,6 +1173,16 @@
           migration guide</link> for more details.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <literal>teleport</literal> has been upgraded to major version
+          9. Please see upstream
+          <link xlink:href="https://goteleport.com/docs/setup/operations/upgrading/">upgrade
+          instructions</link> and
+          <link xlink:href="https://goteleport.com/docs/changelog/#900">release
+          notes</link>.
+        </para>
+      </listitem>
       <listitem>
         <para>
           For <literal>pkgs.python3.pkgs.ipython</literal>, its direct

nixos/doc/manual/release-notes/rl-2205.section.md

@@ -490,6 +490,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - The `autorestic` package has been upgraded from 1.3.0 to 1.5.0 which introduces breaking changes in config file, check [their migration guide](https://autorestic.vercel.app/migration/1.4_1.5) for more details.
 
+- `teleport` has been upgraded to major version 9. Please see upstream [upgrade instructions](https://goteleport.com/docs/setup/operations/upgrading/) and [release notes](https://goteleport.com/docs/changelog/#900).
+
 - For `pkgs.python3.pkgs.ipython`, its direct dependency `pkgs.python3.pkgs.matplotlib-inline`
   (which is really an adapter to integrate matplotlib in ipython if it is installed) does
   not depend on `pkgs.python3.pkgs.matplotlib` anymore.

pkgs/servers/teleport/default.nix

@@ -3,11 +3,17 @@
 , rustPlatform
 , fetchFromGitHub
 , makeWrapper
+, symlinkJoin
+, CoreFoundation
+, openssl
+, pkg-config
 , protobuf
+, Security
 , stdenv
 , xdg-utils
 , nixosTests
 
+, withRdpClient ? true
 , withRoleTester ? true
 }:
 let
@@ -16,17 +22,38 @@ let
     owner = "gravitational";
     repo = "teleport";
     rev = "v${version}";
-    sha256 = "sha256-ir2NMNIjSpv7l6dVNHczARg6b+doFofinsJy1smEC7o=";
+    sha256 = "sha256-KQfdeMuZ9LJHhEJLMl58Yb0+gxgDT7VcVnK1JxjVZaI=";
+  };
+  version = "9.1.2";
+
+  rdpClient = rustPlatform.buildRustPackage rec {
+    name = "teleport-rdpclient";
+    cargoSha256 = "sha256-Jz7bB/f4HRxBhSevmfELSrIm+IXUVlADIgp2qWQd5PY=";
+    inherit version src;
+
+    buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient";
+
+    buildInputs = [ openssl ]
+      ++ lib.optionals stdenv.isDarwin [ CoreFoundation Security ];
+    nativeBuildInputs = [ pkg-config ];
+
+    # https://github.com/NixOS/nixpkgs/issues/161570 ,
+    # buildRustPackage sets strictDeps = true;
+    checkInputs = buildInputs;
+
+    OPENSSL_NO_VENDOR = "1";
+
+    postInstall = ''
+      cp -r target $out
+    '';
   };
-  version = "8.1.3";
 
   roleTester = rustPlatform.buildRustPackage {
     name = "teleport-roletester";
-    inherit version;
+    inherit version src;
 
-    src = "${src}/lib/datalog";
-    cargoSha256 = "sha256-cpW7kel02t/fB2CvDvVqWlzgS3Vg2qLnemF/bW2Ii1A=";
-    sourceRoot = "datalog/roletester";
+    cargoSha256 = "sha256-gCm4ETbXy6tGJQVSzUkoAWUmKD3poYgkw133LtziASI=";
+    buildAndTestSubdir = "lib/datalog/roletester";
 
     PROTOC = "${protobuf}/bin/protoc";
     PROTOC_INCLUDE = "${protobuf}/include";
@@ -39,20 +66,23 @@ let
   webassets = fetchFromGitHub {
     owner = "gravitational";
     repo = "webassets";
-    rev = "ea3c67c941c56cfb6c228612e88100df09fb6f9c";
-    sha256 = "sha256-oKvDXkxA73IJOi+ciBFVLkYcmeRUsTC+3rcYf64vDoY=";
+    rev = "67e608db77300d8a6cb17709be67f12c1d3271c3";
+    sha256 = "sha256-o4qjXGaNi5XDSUQrUuU+G77EdRnvJ1WUPWrryZU1CUE=";
   };
 in
 buildGoModule rec {
   pname = "teleport";
 
   inherit src version;
-  vendorSha256 = null;
+  vendorSha256 = "sha256-UMgWM7KHag99JR4i4mwVHa6yd9aHQ6Dy+pmUijNL4Ew=";
 
-  subPackages = [ "tool/tctl" "tool/teleport" "tool/tsh" ];
-  tags = [ "webassets_embed" ] ++
-    lib.optional withRoleTester "roletester";
+  subPackages = [ "tool/tbot" "tool/tctl" "tool/teleport" "tool/tsh" ];
+  tags = [ "webassets_embed" ]
+    ++ lib.optional withRdpClient "desktop_access_rdp"
+    ++ lib.optional withRoleTester "roletester";
 
+  buildInputs = [ openssl ]
+    ++ lib.optionals (stdenv.isDarwin && withRdpClient) [ CoreFoundation Security ];
   nativeBuildInputs = [ makeWrapper ];
 
   patches = [
@@ -61,26 +91,31 @@ buildGoModule rec {
     # https://github.com/NixOS/nixpkgs/issues/132652
     ./test.patch
     ./0001-fix-add-nix-path-to-exec-env.patch
+    ./rdpclient.patch
   ];
 
   # Reduce closure size for client machines
   outputs = [ "out" "client" ];
 
-  preBuild = ''
-    mkdir -p build
-    echo "making webassets"
-    cp -r ${webassets}/* webassets/
-    make lib/web/build/webassets
-
-    ${lib.optionalString withRoleTester
-      "cp -r ${roleTester}/target lib/datalog/roletester/."}
-  '';
-
-  doCheck = !stdenv.isDarwin;
+  preBuild =
+    let rustDeps = symlinkJoin {
+      name = "teleport-rust-deps";
+      paths = lib.optional withRdpClient rdpClient
+        ++ lib.optional withRoleTester roleTester;
+    };
+    in
+    ''
+      mkdir -p build
+      echo "making webassets"
+      cp -r ${webassets}/* webassets/
+      make lib/web/build/webassets
+
+      cp -r ${rustDeps}/. .
+    '';
 
-  preCheck = ''
-    export HOME=$(mktemp -d)
-  '';
+  # Multiple tests fail in the build sandbox
+  # due to trying to spawn nixbld's shell (/noshell), etc.
+  doCheck = false;
 
   postInstall = ''
     install -Dm755 -t $client/bin $out/bin/tsh
@@ -93,6 +128,7 @@ buildGoModule rec {
   installCheckPhase = ''
     $out/bin/tsh version | grep ${version} > /dev/null
     $client/bin/tsh version | grep ${version} > /dev/null
+    $out/bin/tbot version | grep ${version} > /dev/null
     $out/bin/tctl version | grep ${version} > /dev/null
     $out/bin/teleport version | grep ${version} > /dev/null
   '';

pkgs/servers/teleport/rdpclient.patch

@@ -0,0 +1,17 @@
+diff --git a/lib/srv/desktop/rdp/rdpclient/client.go b/lib/srv/desktop/rdp/rdpclient/client.go
+index d191c768f..71117a30d 100644
+--- a/lib/srv/desktop/rdp/rdpclient/client.go
++++ b/lib/srv/desktop/rdp/rdpclient/client.go
+@@ -56,10 +56,10 @@ package rdpclient
+ #cgo linux,amd64 LDFLAGS: -L${SRCDIR}/../../../../../target/x86_64-unknown-linux-gnu/release
+ #cgo linux,arm LDFLAGS: -L${SRCDIR}/../../../../../target/arm-unknown-linux-gnueabihf/release
+ #cgo linux,arm64 LDFLAGS: -L${SRCDIR}/../../../../../target/aarch64-unknown-linux-gnu/release
+-#cgo linux LDFLAGS: -l:librdp_client.a -lpthread -ldl -lm
++#cgo linux LDFLAGS: -l:librdp_client.a -lpthread -ldl -lm -lssl -lcrypto
+ #cgo darwin,amd64 LDFLAGS: -L${SRCDIR}/../../../../../target/x86_64-apple-darwin/release
+ #cgo darwin,arm64 LDFLAGS: -L${SRCDIR}/../../../../../target/aarch64-apple-darwin/release
+-#cgo darwin LDFLAGS: -framework CoreFoundation -framework Security -lrdp_client -lpthread -ldl -lm
++#cgo darwin LDFLAGS: -framework CoreFoundation -framework Security -lrdp_client -lpthread -ldl -lm -lssl -lcrypto
+ #include <librdprs.h>
+ */
+ import "C"

pkgs/top-level/all-packages.nix

@@ -10777,7 +10777,9 @@ with pkgs;
 
   telegraf = callPackage ../servers/monitoring/telegraf { };
 
-  teleport = callPackage ../servers/teleport {};
+  teleport = callPackage ../servers/teleport {
+    inherit (darwin.apple_sdk.frameworks) CoreFoundation Security;
+  };
 
   telepresence = callPackage ../tools/networking/telepresence {
     pythonPackages = python3Packages;