diff --git a/nixos/tests/teleport.nix b/nixos/tests/teleport.nix index e9b3193448d3..6b8acb332c43 100644 --- a/nixos/tests/teleport.nix +++ b/nixos/tests/teleport.nix @@ -11,6 +11,7 @@ let packages = with pkgs; { "16" = teleport_16; "17" = teleport_17; + "18" = teleport_18; }; minimal = package: { diff --git a/pkgs/by-name/te/teleport/0001-fix-add-nix-path-to-exec-env.patch b/pkgs/build-support/teleport/0001-fix-add-nix-path-to-exec-env.patch similarity index 100% rename from pkgs/by-name/te/teleport/0001-fix-add-nix-path-to-exec-env.patch rename to pkgs/build-support/teleport/0001-fix-add-nix-path-to-exec-env.patch diff --git a/pkgs/build-support/teleport/default.nix b/pkgs/build-support/teleport/default.nix new file mode 100644 index 000000000000..afe2af40f91a --- /dev/null +++ b/pkgs/build-support/teleport/default.nix @@ -0,0 +1,215 @@ +{ + lib, + rustPlatform, + fetchFromGitHub, + fetchpatch, + makeWrapper, + binaryen, + cargo, + libfido2, + nodejs, + openssl, + pkg-config, + pnpm_10, + rustc, + stdenv, + xdg-utils, + wasm-pack, + nixosTests, +}: + +{ + version, + hash, + cargoHash, + pnpmHash, + vendorHash, + wasm-bindgen-cli, + buildGoModule, + + withRdpClient ? true, + extPatches ? [ ], +}: +let + + # This repo has a private submodule "e" which fetchgit cannot handle without failing. + src = fetchFromGitHub { + owner = "gravitational"; + repo = "teleport"; + tag = "v${version}"; + inherit hash; + }; + pname = "teleport"; + inherit version; + + rdpClient = rustPlatform.buildRustPackage (finalAttrs: { + pname = "teleport-rdpclient"; + inherit cargoHash; + inherit version src; + + buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient"; + + buildInputs = [ openssl ]; + nativeBuildInputs = [ pkg-config ]; + + # https://github.com/NixOS/nixpkgs/issues/161570 , + # buildRustPackage sets strictDeps = true; + nativeCheckInputs = finalAttrs.buildInputs; + + OPENSSL_NO_VENDOR = "1"; + + postInstall = '' + mkdir -p $out/include + cp ${finalAttrs.buildAndTestSubdir}/librdpclient.h $out/include/ + ''; + }); + + webassets = stdenv.mkDerivation { + pname = "teleport-webassets"; + inherit src version; + + cargoDeps = rustPlatform.fetchCargoVendor { + inherit src; + hash = cargoHash; + }; + + pnpmDeps = pnpm_10.fetchDeps { + inherit src pname version; + fetcherVersion = 1; + hash = pnpmHash; + }; + + nativeBuildInputs = [ + binaryen + cargo + nodejs + pnpm_10.configHook + rustc + rustc.llvmPackages.lld + rustPlatform.cargoSetupHook + wasm-bindgen-cli + wasm-pack + ]; + + patches = [ + ./disable-wasm-opt-for-ironrdp.patch + ]; + + configurePhase = '' + runHook preConfigure + + export HOME=$(mktemp -d) + + runHook postConfigure + ''; + + buildPhase = '' + PATH=$PATH:$PWD/node_modules/.bin + + pushd web/packages + pushd shared + # https://github.com/gravitational/teleport/blob/6b91fe5bbb9e87db4c63d19f94ed4f7d0f9eba43/web/packages/teleport/README.md?plain=1#L18-L20 + RUST_MIN_STACK=16777216 wasm-pack build ./libs/ironrdp --target web --mode no-install + popd + pushd teleport + vite build + popd + popd + ''; + + installPhase = '' + mkdir -p $out + cp -R webassets/. $out + ''; + }; +in +buildGoModule (finalAttrs: { + inherit pname src version; + inherit vendorHash; + proxyVendor = true; + + subPackages = [ + "tool/tbot" + "tool/tctl" + "tool/teleport" + "tool/tsh" + ]; + tags = [ + "libfido2" + "webassets_embed" + ] + ++ lib.optional withRdpClient "desktop_access_rdp"; + + buildInputs = [ + openssl + libfido2 + ]; + nativeBuildInputs = [ + makeWrapper + pkg-config + ]; + + patches = extPatches ++ [ + ./0001-fix-add-nix-path-to-exec-env.patch + ./rdpclient.patch + ./tsh.patch + ]; + + # Reduce closure size for client machines + outputs = [ + "out" + "client" + ]; + + preBuild = '' + cp -r ${webassets} webassets + '' + + lib.optionalString withRdpClient '' + ln -s ${rdpClient}/lib/* lib/ + ln -s ${rdpClient}/include/* lib/srv/desktop/rdp/rdpclient/ + ''; + + # Multiple tests fail in the build sandbox + # due to trying to spawn nixbld's shell (/noshell), etc. + doCheck = false; + + postInstall = '' + mkdir -p $client/bin + mv {$out,$client}/bin/tsh + # make xdg-open overrideable at runtime + wrapProgram $client/bin/tsh --suffix PATH : ${lib.makeBinPath [ xdg-utils ]} + ln -s {$client,$out}/bin/tsh + ''; + + doInstallCheck = true; + + installCheckPhase = '' + export HOME=$(mktemp -d) + $out/bin/tsh version | grep ${version} > /dev/null + $client/bin/tsh version | grep ${version} > /dev/null + $out/bin/tbot version | grep ${version} > /dev/null + $out/bin/tctl version | grep ${version} > /dev/null + $out/bin/teleport version | grep ${version} > /dev/null + ''; + + passthru.tests = nixosTests.teleport; + + meta = { + description = "Certificate authority and access plane for SSH, Kubernetes, web applications, and databases"; + homepage = "https://goteleport.com/"; + license = lib.licenses.agpl3Plus; + maintainers = with lib.maintainers; [ + arianvp + justinas + sigma + tomberek + freezeboy + techknowlogick + juliusfreudenberger + ]; + platforms = lib.platforms.unix; + # go-libfido2 is broken on platforms with less than 64-bit because it defines an array + # which occupies more than 31 bits of address space. + broken = stdenv.hostPlatform.parsed.cpu.bits < 64; + }; +}) diff --git a/pkgs/by-name/te/teleport/disable-wasm-opt-for-ironrdp.patch b/pkgs/build-support/teleport/disable-wasm-opt-for-ironrdp.patch similarity index 100% rename from pkgs/by-name/te/teleport/disable-wasm-opt-for-ironrdp.patch rename to pkgs/build-support/teleport/disable-wasm-opt-for-ironrdp.patch diff --git a/pkgs/by-name/te/teleport/rdpclient.patch b/pkgs/build-support/teleport/rdpclient.patch similarity index 97% rename from pkgs/by-name/te/teleport/rdpclient.patch rename to pkgs/build-support/teleport/rdpclient.patch index 4f35cd184ab5..ad97288acec5 100644 --- a/pkgs/by-name/te/teleport/rdpclient.patch +++ b/pkgs/build-support/teleport/rdpclient.patch @@ -17,6 +17,6 @@ index 4357d7aa1..7e21a0076 100644 +#cgo LDFLAGS: -L${SRCDIR}/../../../../../lib -lpthread -ldl -lm -lssl -lcrypto +#cgo linux LDFLAGS: -l:librdp_client.a +#cgo darwin LDFLAGS: -framework CoreFoundation -framework Security -lrdp_client - #include + #include */ import "C" diff --git a/pkgs/by-name/te/teleport/tsh.patch b/pkgs/build-support/teleport/tsh.patch similarity index 100% rename from pkgs/by-name/te/teleport/tsh.patch rename to pkgs/build-support/teleport/tsh.patch diff --git a/pkgs/by-name/te/teleport/package.nix b/pkgs/by-name/te/teleport/package.nix index e6f772045d2a..93697b54bc97 100644 --- a/pkgs/by-name/te/teleport/package.nix +++ b/pkgs/by-name/te/teleport/package.nix @@ -1,212 +1,5 @@ { - lib, - buildGo123Module, - rustPlatform, - fetchFromGitHub, - fetchpatch, - makeWrapper, - binaryen, - cargo, - libfido2, - nodejs, - openssl, - pkg-config, - pnpm_10, - rustc, - stdenv, - xdg-utils, - wasm-bindgen-cli_0_2_95, - wasm-pack, - nixosTests, - - withRdpClient ? true, - - version ? "17.5.4", - hash ? "sha256-ojRIyPTrSG3/xuqdaUNrN4s5HP3E8pvzjG8h+qFEYrc=", - vendorHash ? "sha256-IHXwCp1MdcEKJhIs9DNf77Vd93Ai2as7ROlh6AJT9+Q=", - extPatches ? [ ], - cargoHash ? "sha256-qz8gkooQTuBlPWC4lHtvBQpKkd+nEZ0Hl7AVg9JkPqs=", - pnpmHash ? "sha256-YwftGEQTEI8NvFTFLMJHhYkvaIIP9+bskCQCp5xuEtY=", + teleport_17, }: -let - # This repo has a private submodule "e" which fetchgit cannot handle without failing. - src = fetchFromGitHub { - owner = "gravitational"; - repo = "teleport"; - rev = "v${version}"; - inherit hash; - }; - pname = "teleport"; - inherit version; - rdpClient = rustPlatform.buildRustPackage (finalAttrs: { - pname = "teleport-rdpclient"; - - inherit cargoHash; - inherit version src; - - buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient"; - - buildInputs = [ openssl ]; - nativeBuildInputs = [ pkg-config ]; - - # https://github.com/NixOS/nixpkgs/issues/161570 , - # buildRustPackage sets strictDeps = true; - nativeCheckInputs = finalAttrs.buildInputs; - - OPENSSL_NO_VENDOR = "1"; - - postInstall = '' - mkdir -p $out/include - cp ${finalAttrs.buildAndTestSubdir}/librdprs.h $out/include/ - ''; - }); - - webassets = stdenv.mkDerivation { - pname = "teleport-webassets"; - inherit src version; - - cargoDeps = rustPlatform.fetchCargoVendor { - inherit src; - hash = cargoHash; - }; - - pnpmDeps = pnpm_10.fetchDeps { - inherit src pname version; - fetcherVersion = 1; - hash = pnpmHash; - }; - - nativeBuildInputs = [ - binaryen - cargo - nodejs - pnpm_10.configHook - rustc - rustc.llvmPackages.lld - rustPlatform.cargoSetupHook - wasm-bindgen-cli_0_2_95 - wasm-pack - ]; - - patches = [ - ./disable-wasm-opt-for-ironrdp.patch - ]; - - configurePhase = '' - runHook preConfigure - - export HOME=$(mktemp -d) - - runHook postConfigure - ''; - - buildPhase = '' - PATH=$PATH:$PWD/node_modules/.bin - - pushd web/packages - pushd shared - # https://github.com/gravitational/teleport/blob/6b91fe5bbb9e87db4c63d19f94ed4f7d0f9eba43/web/packages/teleport/README.md?plain=1#L18-L20 - RUST_MIN_STACK=16777216 wasm-pack build ./libs/ironrdp --target web --mode no-install - popd - pushd teleport - vite build - popd - popd - ''; - - installPhase = '' - mkdir -p $out - cp -R webassets/. $out - ''; - }; -in -buildGo123Module (finalAttrs: { - inherit pname src version; - inherit vendorHash; - proxyVendor = true; - - subPackages = [ - "tool/tbot" - "tool/tctl" - "tool/teleport" - "tool/tsh" - ]; - tags = [ - "libfido2" - "webassets_embed" - ] - ++ lib.optional withRdpClient "desktop_access_rdp"; - - buildInputs = [ - openssl - libfido2 - ]; - nativeBuildInputs = [ - makeWrapper - pkg-config - ]; - - patches = extPatches ++ [ - ./0001-fix-add-nix-path-to-exec-env.patch - ./rdpclient.patch - ./tsh.patch - ]; - - # Reduce closure size for client machines - outputs = [ - "out" - "client" - ]; - - preBuild = '' - cp -r ${webassets} webassets - '' - + lib.optionalString withRdpClient '' - ln -s ${rdpClient}/lib/* lib/ - ln -s ${rdpClient}/include/* lib/srv/desktop/rdp/rdpclient/ - ''; - - # Multiple tests fail in the build sandbox - # due to trying to spawn nixbld's shell (/noshell), etc. - doCheck = false; - - postInstall = '' - mkdir -p $client/bin - mv {$out,$client}/bin/tsh - # make xdg-open overrideable at runtime - wrapProgram $client/bin/tsh --suffix PATH : ${lib.makeBinPath [ xdg-utils ]} - ln -s {$client,$out}/bin/tsh - ''; - - doInstallCheck = true; - - installCheckPhase = '' - $out/bin/tsh version | grep ${version} > /dev/null - $client/bin/tsh version | grep ${version} > /dev/null - $out/bin/tbot version | grep ${version} > /dev/null - $out/bin/tctl version | grep ${version} > /dev/null - $out/bin/teleport version | grep ${version} > /dev/null - ''; - - passthru.tests = nixosTests.teleport; - - meta = { - description = "Certificate authority and access plane for SSH, Kubernetes, web applications, and databases"; - homepage = "https://goteleport.com/"; - license = lib.licenses.agpl3Plus; - maintainers = with lib.maintainers; [ - arianvp - justinas - sigma - tomberek - freezeboy - techknowlogick - juliusfreudenberger - ]; - platforms = lib.platforms.unix; - # go-libfido2 is broken on platforms with less than 64-bit because it defines an array - # which occupies more than 31 bits of address space. - broken = stdenv.hostPlatform.parsed.cpu.bits < 64; - }; -}) +teleport_17 diff --git a/pkgs/by-name/te/teleport_16/package.nix b/pkgs/by-name/te/teleport_16/package.nix index 62921b92b311..c8e14a52137b 100644 --- a/pkgs/by-name/te/teleport_16/package.nix +++ b/pkgs/by-name/te/teleport_16/package.nix @@ -1,10 +1,15 @@ { - teleport, + buildTeleport, + buildGo124Module, + wasm-bindgen-cli_0_2_95, }: -teleport.override { - version = "16.5.13"; - hash = "sha256-X9Ujgvp+2dFCoku0tjGW4W05X8QrnExFE+H1kMhf91A="; - vendorHash = "sha256-0+7xbIONnZs7dPpfpHPmep+k4XxQE8TS/eKz4F5a3V0="; - pnpmHash = "sha256-waBzmNs20wbuoBDObVFnJjEYs3NJ/bzQksVz7ltMD7M="; +buildTeleport rec { + version = "16.5.15"; + hash = "sha256-DqNG6gl+KdjSbkE9Bwum8az8cLCSOmZwo9xpuWafHCA="; + vendorHash = "sha256-sZvRKLF2iZ3UpgGNUPuWMT7VTpnDa2uU0d1XjDKSmdo="; + pnpmHash = "sha256-8xnH9PkKz77whtq/LVYUjyG1Z1reRtW03Gv8sZ/1vww="; cargoHash = "sha256-04zykCcVTptEPGy35MIWG+tROKFzEepLBmn04mSbt7I="; + + wasm-bindgen-cli = wasm-bindgen-cli_0_2_95; + buildGoModule = buildGo124Module; } diff --git a/pkgs/by-name/te/teleport_17/package.nix b/pkgs/by-name/te/teleport_17/package.nix index 9e9d580d4c33..35bd56a07432 100644 --- a/pkgs/by-name/te/teleport_17/package.nix +++ b/pkgs/by-name/te/teleport_17/package.nix @@ -1,4 +1,16 @@ { - teleport, + buildTeleport, + buildGo124Module, + wasm-bindgen-cli_0_2_95, }: -teleport + +buildTeleport rec { + version = "17.7.3"; + hash = "sha256-YSYkJRAeu7iPOs/gFnozZbks0Fx5srNH0VjrKvFmHZo="; + vendorHash = "sha256-7Rb94ERtp3H1Jwyh9d7AFT06d4xXdnfe5tpdvJQrbUQ="; + cargoHash = "sha256-qz8gkooQTuBlPWC4lHtvBQpKkd+nEZ0Hl7AVg9JkPqs="; + pnpmHash = "sha256-ZONs8z8mgBBQBmqaDGJKqhmtUKBrxE8BGYppbAqpQmg="; + + wasm-bindgen-cli = wasm-bindgen-cli_0_2_95; + buildGoModule = buildGo124Module; +} diff --git a/pkgs/by-name/te/teleport_18/package.nix b/pkgs/by-name/te/teleport_18/package.nix new file mode 100644 index 000000000000..f0c459886425 --- /dev/null +++ b/pkgs/by-name/te/teleport_18/package.nix @@ -0,0 +1,16 @@ +{ + buildTeleport, + buildGo124Module, + wasm-bindgen-cli_0_2_99, +}: + +buildTeleport rec { + version = "18.2.0"; + hash = "sha256-JWgGRv9pK76u7IxwqnBcuAI93XIKfIVvme7l+a/3J7c="; + vendorHash = "sha256-oPi/rIuwze2ZlyHfZ2MdDHHvdIaF2IZ2aklEVNRgoLo="; + pnpmHash = "sha256-wW4RT1uqOTpy8wKIsAOfIlxoOamTzPqEbFQRAub+sn4="; + cargoHash = "sha256-ia4We4IfIkqz82aFMVvXdzjDXw0w+OJSPVdutfau6PA="; + + wasm-bindgen-cli = wasm-bindgen-cli_0_2_99; + buildGoModule = buildGo124Module; +} diff --git a/pkgs/by-name/wa/wasm-bindgen-cli_0_2_99/package.nix b/pkgs/by-name/wa/wasm-bindgen-cli_0_2_99/package.nix new file mode 100644 index 000000000000..59a40d35f557 --- /dev/null +++ b/pkgs/by-name/wa/wasm-bindgen-cli_0_2_99/package.nix @@ -0,0 +1,19 @@ +{ + buildWasmBindgenCli, + fetchCrate, + rustPlatform, +}: + +buildWasmBindgenCli rec { + src = fetchCrate { + pname = "wasm-bindgen-cli"; + version = "0.2.99"; + hash = "sha256-1AN2E9t/lZhbXdVznhTcniy+7ZzlaEp/gwLEAucs6EA="; + }; + + cargoDeps = rustPlatform.fetchCargoVendor { + inherit src; + inherit (src) pname version; + hash = "sha256-HGcqXb2vt6nAvPXBZOJn7nogjIoAgXno2OJBE1trHpc="; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 595b99d9b61e..4c1bced9ad4e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4534,6 +4534,8 @@ with pkgs; teamviewer = libsForQt5.callPackage ../applications/networking/remote/teamviewer { }; + buildTeleport = callPackage ../build-support/teleport { }; + telepresence = callPackage ../tools/networking/telepresence { pythonPackages = python3Packages; };