From e3a4076faadb2476710f7712e7ad3579f4056441 Mon Sep 17 00:00:00 2001
From: Justinas Stankevicius <justinas@justinas.org>
Date: Mon, 25 Apr 2022 19:30:13 +0300
Subject: [PATCH] teleport: add rdpclient

---
 pkgs/servers/teleport/default.nix     | 60 ++++++++++++++++++++++-----
 pkgs/servers/teleport/rdpclient.patch | 17 ++++++++
 pkgs/top-level/all-packages.nix       |  4 +-
 3 files changed, 69 insertions(+), 12 deletions(-)
 create mode 100644 pkgs/servers/teleport/rdpclient.patch

diff --git a/pkgs/servers/teleport/default.nix b/pkgs/servers/teleport/default.nix
index d343da7c32e..8273e810a22 100644
--- a/pkgs/servers/teleport/default.nix
+++ b/pkgs/servers/teleport/default.nix
@@ -3,11 +3,17 @@
 , rustPlatform
 , fetchFromGitHub
 , makeWrapper
+, symlinkJoin
+, CoreFoundation
+, openssl
+, pkg-config
 , protobuf
+, Security
 , stdenv
 , xdg-utils
 , nixosTests
 
+, withRdpClient ? true
 , withRoleTester ? true
 }:
 let
@@ -20,6 +26,28 @@ let
   };
   version = "9.1.2";
 
+  rdpClient = rustPlatform.buildRustPackage rec {
+    name = "teleport-rdpclient";
+    cargoSha256 = "sha256-Jz7bB/f4HRxBhSevmfELSrIm+IXUVlADIgp2qWQd5PY=";
+    inherit version src;
+
+    buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient";
+
+    buildInputs = [ openssl ]
+      ++ lib.optionals stdenv.isDarwin [ CoreFoundation Security ];
+    nativeBuildInputs = [ pkg-config ];
+
+    # https://github.com/NixOS/nixpkgs/issues/161570 ,
+    # buildRustPackage sets strictDeps = true;
+    checkInputs = buildInputs;
+
+    OPENSSL_NO_VENDOR = "1";
+
+    postInstall = ''
+      cp -r target $out
+    '';
+  };
+
   roleTester = rustPlatform.buildRustPackage {
     name = "teleport-roletester";
     inherit version src;
@@ -49,9 +77,12 @@ buildGoModule rec {
   vendorSha256 = "sha256-UMgWM7KHag99JR4i4mwVHa6yd9aHQ6Dy+pmUijNL4Ew=";
 
   subPackages = [ "tool/tbot" "tool/tctl" "tool/teleport" "tool/tsh" ];
-  tags = [ "webassets_embed" ] ++
-    lib.optional withRoleTester "roletester";
+  tags = [ "webassets_embed" ]
+    ++ lib.optional withRdpClient "desktop_access_rdp"
+    ++ lib.optional withRoleTester "roletester";
 
+  buildInputs = [ openssl ]
+    ++ lib.optionals (stdenv.isDarwin && withRdpClient) [ CoreFoundation Security ];
   nativeBuildInputs = [ makeWrapper ];
 
   patches = [
@@ -60,20 +91,27 @@ buildGoModule rec {
     # https://github.com/NixOS/nixpkgs/issues/132652
     ./test.patch
     ./0001-fix-add-nix-path-to-exec-env.patch
+    ./rdpclient.patch
   ];
 
   # Reduce closure size for client machines
   outputs = [ "out" "client" ];
 
-  preBuild = ''
-    mkdir -p build
-    echo "making webassets"
-    cp -r ${webassets}/* webassets/
-    make lib/web/build/webassets
-
-    ${lib.optionalString withRoleTester
-      "cp -r ${roleTester}/target ."}
-  '';
+  preBuild =
+    let rustDeps = symlinkJoin {
+      name = "teleport-rust-deps";
+      paths = lib.optional withRdpClient rdpClient
+        ++ lib.optional withRoleTester roleTester;
+    };
+    in
+    ''
+      mkdir -p build
+      echo "making webassets"
+      cp -r ${webassets}/* webassets/
+      make lib/web/build/webassets
+
+      cp -r ${rustDeps}/. .
+    '';
 
   # Multiple tests fail in the build sandbox
   # due to trying to spawn nixbld's shell (/noshell), etc.
diff --git a/pkgs/servers/teleport/rdpclient.patch b/pkgs/servers/teleport/rdpclient.patch
new file mode 100644
index 00000000000..141d85ce42c
--- /dev/null
+++ b/pkgs/servers/teleport/rdpclient.patch
@@ -0,0 +1,17 @@
+diff --git a/lib/srv/desktop/rdp/rdpclient/client.go b/lib/srv/desktop/rdp/rdpclient/client.go
+index d191c768f..71117a30d 100644
+--- a/lib/srv/desktop/rdp/rdpclient/client.go
++++ b/lib/srv/desktop/rdp/rdpclient/client.go
+@@ -56,10 +56,10 @@ package rdpclient
+ #cgo linux,amd64 LDFLAGS: -L${SRCDIR}/../../../../../target/x86_64-unknown-linux-gnu/release
+ #cgo linux,arm LDFLAGS: -L${SRCDIR}/../../../../../target/arm-unknown-linux-gnueabihf/release
+ #cgo linux,arm64 LDFLAGS: -L${SRCDIR}/../../../../../target/aarch64-unknown-linux-gnu/release
+-#cgo linux LDFLAGS: -l:librdp_client.a -lpthread -ldl -lm
++#cgo linux LDFLAGS: -l:librdp_client.a -lpthread -ldl -lm -lssl -lcrypto
+ #cgo darwin,amd64 LDFLAGS: -L${SRCDIR}/../../../../../target/x86_64-apple-darwin/release
+ #cgo darwin,arm64 LDFLAGS: -L${SRCDIR}/../../../../../target/aarch64-apple-darwin/release
+-#cgo darwin LDFLAGS: -framework CoreFoundation -framework Security -lrdp_client -lpthread -ldl -lm
++#cgo darwin LDFLAGS: -framework CoreFoundation -framework Security -lrdp_client -lpthread -ldl -lm -lssl -lcrypto
+ #include <librdprs.h>
+ */
+ import "C"
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index a9c3f173478..383e721d815 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -10773,7 +10773,9 @@ with pkgs;
 
   telegraf = callPackage ../servers/monitoring/telegraf { };
 
-  teleport = callPackage ../servers/teleport {};
+  teleport = callPackage ../servers/teleport {
+    inherit (darwin.apple_sdk.frameworks) CoreFoundation Security;
+  };
 
   telepresence = callPackage ../tools/networking/telepresence {
     pythonPackages = python3Packages;