diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index 6a24555de74..424bf92364d 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -1173,6 +1173,16 @@
migration guide for more details.
+
+
+ teleport has been upgraded to major version
+ 9. Please see upstream
+ upgrade
+ instructions and
+ release
+ notes.
+
+
For pkgs.python3.pkgs.ipython, its direct
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 2149427d9d0..5168dada83b 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -490,6 +490,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `autorestic` package has been upgraded from 1.3.0 to 1.5.0 which introduces breaking changes in config file, check [their migration guide](https://autorestic.vercel.app/migration/1.4_1.5) for more details.
+- `teleport` has been upgraded to major version 9. Please see upstream [upgrade instructions](https://goteleport.com/docs/setup/operations/upgrading/) and [release notes](https://goteleport.com/docs/changelog/#900).
+
- For `pkgs.python3.pkgs.ipython`, its direct dependency `pkgs.python3.pkgs.matplotlib-inline`
(which is really an adapter to integrate matplotlib in ipython if it is installed) does
not depend on `pkgs.python3.pkgs.matplotlib` anymore.
diff --git a/pkgs/servers/teleport/default.nix b/pkgs/servers/teleport/default.nix
index 9f1348fff19..8273e810a22 100644
--- a/pkgs/servers/teleport/default.nix
+++ b/pkgs/servers/teleport/default.nix
@@ -3,11 +3,17 @@
, rustPlatform
, fetchFromGitHub
, makeWrapper
+, symlinkJoin
+, CoreFoundation
+, openssl
+, pkg-config
, protobuf
+, Security
, stdenv
, xdg-utils
, nixosTests
+, withRdpClient ? true
, withRoleTester ? true
}:
let
@@ -16,17 +22,38 @@ let
owner = "gravitational";
repo = "teleport";
rev = "v${version}";
- sha256 = "sha256-ir2NMNIjSpv7l6dVNHczARg6b+doFofinsJy1smEC7o=";
+ sha256 = "sha256-KQfdeMuZ9LJHhEJLMl58Yb0+gxgDT7VcVnK1JxjVZaI=";
+ };
+ version = "9.1.2";
+
+ rdpClient = rustPlatform.buildRustPackage rec {
+ name = "teleport-rdpclient";
+ cargoSha256 = "sha256-Jz7bB/f4HRxBhSevmfELSrIm+IXUVlADIgp2qWQd5PY=";
+ inherit version src;
+
+ buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient";
+
+ buildInputs = [ openssl ]
+ ++ lib.optionals stdenv.isDarwin [ CoreFoundation Security ];
+ nativeBuildInputs = [ pkg-config ];
+
+ # https://github.com/NixOS/nixpkgs/issues/161570 ,
+ # buildRustPackage sets strictDeps = true;
+ checkInputs = buildInputs;
+
+ OPENSSL_NO_VENDOR = "1";
+
+ postInstall = ''
+ cp -r target $out
+ '';
};
- version = "8.1.3";
roleTester = rustPlatform.buildRustPackage {
name = "teleport-roletester";
- inherit version;
+ inherit version src;
- src = "${src}/lib/datalog";
- cargoSha256 = "sha256-cpW7kel02t/fB2CvDvVqWlzgS3Vg2qLnemF/bW2Ii1A=";
- sourceRoot = "datalog/roletester";
+ cargoSha256 = "sha256-gCm4ETbXy6tGJQVSzUkoAWUmKD3poYgkw133LtziASI=";
+ buildAndTestSubdir = "lib/datalog/roletester";
PROTOC = "${protobuf}/bin/protoc";
PROTOC_INCLUDE = "${protobuf}/include";
@@ -39,20 +66,23 @@ let
webassets = fetchFromGitHub {
owner = "gravitational";
repo = "webassets";
- rev = "ea3c67c941c56cfb6c228612e88100df09fb6f9c";
- sha256 = "sha256-oKvDXkxA73IJOi+ciBFVLkYcmeRUsTC+3rcYf64vDoY=";
+ rev = "67e608db77300d8a6cb17709be67f12c1d3271c3";
+ sha256 = "sha256-o4qjXGaNi5XDSUQrUuU+G77EdRnvJ1WUPWrryZU1CUE=";
};
in
buildGoModule rec {
pname = "teleport";
inherit src version;
- vendorSha256 = null;
+ vendorSha256 = "sha256-UMgWM7KHag99JR4i4mwVHa6yd9aHQ6Dy+pmUijNL4Ew=";
- subPackages = [ "tool/tctl" "tool/teleport" "tool/tsh" ];
- tags = [ "webassets_embed" ] ++
- lib.optional withRoleTester "roletester";
+ subPackages = [ "tool/tbot" "tool/tctl" "tool/teleport" "tool/tsh" ];
+ tags = [ "webassets_embed" ]
+ ++ lib.optional withRdpClient "desktop_access_rdp"
+ ++ lib.optional withRoleTester "roletester";
+ buildInputs = [ openssl ]
+ ++ lib.optionals (stdenv.isDarwin && withRdpClient) [ CoreFoundation Security ];
nativeBuildInputs = [ makeWrapper ];
patches = [
@@ -61,26 +91,31 @@ buildGoModule rec {
# https://github.com/NixOS/nixpkgs/issues/132652
./test.patch
./0001-fix-add-nix-path-to-exec-env.patch
+ ./rdpclient.patch
];
# Reduce closure size for client machines
outputs = [ "out" "client" ];
- preBuild = ''
- mkdir -p build
- echo "making webassets"
- cp -r ${webassets}/* webassets/
- make lib/web/build/webassets
-
- ${lib.optionalString withRoleTester
- "cp -r ${roleTester}/target lib/datalog/roletester/."}
- '';
-
- doCheck = !stdenv.isDarwin;
+ preBuild =
+ let rustDeps = symlinkJoin {
+ name = "teleport-rust-deps";
+ paths = lib.optional withRdpClient rdpClient
+ ++ lib.optional withRoleTester roleTester;
+ };
+ in
+ ''
+ mkdir -p build
+ echo "making webassets"
+ cp -r ${webassets}/* webassets/
+ make lib/web/build/webassets
+
+ cp -r ${rustDeps}/. .
+ '';
- preCheck = ''
- export HOME=$(mktemp -d)
- '';
+ # Multiple tests fail in the build sandbox
+ # due to trying to spawn nixbld's shell (/noshell), etc.
+ doCheck = false;
postInstall = ''
install -Dm755 -t $client/bin $out/bin/tsh
@@ -93,6 +128,7 @@ buildGoModule rec {
installCheckPhase = ''
$out/bin/tsh version | grep ${version} > /dev/null
$client/bin/tsh version | grep ${version} > /dev/null
+ $out/bin/tbot version | grep ${version} > /dev/null
$out/bin/tctl version | grep ${version} > /dev/null
$out/bin/teleport version | grep ${version} > /dev/null
'';
diff --git a/pkgs/servers/teleport/rdpclient.patch b/pkgs/servers/teleport/rdpclient.patch
new file mode 100644
index 00000000000..141d85ce42c
--- /dev/null
+++ b/pkgs/servers/teleport/rdpclient.patch
@@ -0,0 +1,17 @@
+diff --git a/lib/srv/desktop/rdp/rdpclient/client.go b/lib/srv/desktop/rdp/rdpclient/client.go
+index d191c768f..71117a30d 100644
+--- a/lib/srv/desktop/rdp/rdpclient/client.go
++++ b/lib/srv/desktop/rdp/rdpclient/client.go
+@@ -56,10 +56,10 @@ package rdpclient
+ #cgo linux,amd64 LDFLAGS: -L${SRCDIR}/../../../../../target/x86_64-unknown-linux-gnu/release
+ #cgo linux,arm LDFLAGS: -L${SRCDIR}/../../../../../target/arm-unknown-linux-gnueabihf/release
+ #cgo linux,arm64 LDFLAGS: -L${SRCDIR}/../../../../../target/aarch64-unknown-linux-gnu/release
+-#cgo linux LDFLAGS: -l:librdp_client.a -lpthread -ldl -lm
++#cgo linux LDFLAGS: -l:librdp_client.a -lpthread -ldl -lm -lssl -lcrypto
+ #cgo darwin,amd64 LDFLAGS: -L${SRCDIR}/../../../../../target/x86_64-apple-darwin/release
+ #cgo darwin,arm64 LDFLAGS: -L${SRCDIR}/../../../../../target/aarch64-apple-darwin/release
+-#cgo darwin LDFLAGS: -framework CoreFoundation -framework Security -lrdp_client -lpthread -ldl -lm
++#cgo darwin LDFLAGS: -framework CoreFoundation -framework Security -lrdp_client -lpthread -ldl -lm -lssl -lcrypto
+ #include
+ */
+ import "C"
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 4b7a17a0ffb..f4d3a4be3f6 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -10777,7 +10777,9 @@ with pkgs;
telegraf = callPackage ../servers/monitoring/telegraf { };
- teleport = callPackage ../servers/teleport {};
+ teleport = callPackage ../servers/teleport {
+ inherit (darwin.apple_sdk.frameworks) CoreFoundation Security;
+ };
telepresence = callPackage ../tools/networking/telepresence {
pythonPackages = python3Packages;