[Backport 25.05] teleport_18: init at 18.1.1; teleport_16: 16.5.13 -> 16.5.15; teleport_17: 17.5.4 -> 17.7.3; teleport_18: 18.1.1 -> 18.2.0 (#441311)

nixos/tests/teleport.nix

@@ -11,6 +11,7 @@ let
   packages = with pkgs; {
     "16" = teleport_16;
     "17" = teleport_17;
+    "18" = teleport_18;
   };
 
   minimal = package: {

pkgs/build-support/teleport/default.nix

@@ -0,0 +1,215 @@
+{
+  lib,
+  rustPlatform,
+  fetchFromGitHub,
+  fetchpatch,
+  makeWrapper,
+  binaryen,
+  cargo,
+  libfido2,
+  nodejs,
+  openssl,
+  pkg-config,
+  pnpm_10,
+  rustc,
+  stdenv,
+  xdg-utils,
+  wasm-pack,
+  nixosTests,
+}:
+
+{
+  version,
+  hash,
+  cargoHash,
+  pnpmHash,
+  vendorHash,
+  wasm-bindgen-cli,
+  buildGoModule,
+
+  withRdpClient ? true,
+  extPatches ? [ ],
+}:
+let
+
+  # This repo has a private submodule "e" which fetchgit cannot handle without failing.
+  src = fetchFromGitHub {
+    owner = "gravitational";
+    repo = "teleport";
+    tag = "v${version}";
+    inherit hash;
+  };
+  pname = "teleport";
+  inherit version;
+
+  rdpClient = rustPlatform.buildRustPackage (finalAttrs: {
+    pname = "teleport-rdpclient";
+    inherit cargoHash;
+    inherit version src;
+
+    buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient";
+
+    buildInputs = [ openssl ];
+    nativeBuildInputs = [ pkg-config ];
+
+    # https://github.com/NixOS/nixpkgs/issues/161570 ,
+    # buildRustPackage sets strictDeps = true;
+    nativeCheckInputs = finalAttrs.buildInputs;
+
+    OPENSSL_NO_VENDOR = "1";
+
+    postInstall = ''
+      mkdir -p $out/include
+      cp ${finalAttrs.buildAndTestSubdir}/librdpclient.h $out/include/
+    '';
+  });
+
+  webassets = stdenv.mkDerivation {
+    pname = "teleport-webassets";
+    inherit src version;
+
+    cargoDeps = rustPlatform.fetchCargoVendor {
+      inherit src;
+      hash = cargoHash;
+    };
+
+    pnpmDeps = pnpm_10.fetchDeps {
+      inherit src pname version;
+      fetcherVersion = 1;
+      hash = pnpmHash;
+    };
+
+    nativeBuildInputs = [
+      binaryen
+      cargo
+      nodejs
+      pnpm_10.configHook
+      rustc
+      rustc.llvmPackages.lld
+      rustPlatform.cargoSetupHook
+      wasm-bindgen-cli
+      wasm-pack
+    ];
+
+    patches = [
+      ./disable-wasm-opt-for-ironrdp.patch
+    ];
+
+    configurePhase = ''
+      runHook preConfigure
+
+      export HOME=$(mktemp -d)
+
+      runHook postConfigure
+    '';
+
+    buildPhase = ''
+      PATH=$PATH:$PWD/node_modules/.bin
+
+      pushd web/packages
+      pushd shared
+      # https://github.com/gravitational/teleport/blob/6b91fe5bbb9e87db4c63d19f94ed4f7d0f9eba43/web/packages/teleport/README.md?plain=1#L18-L20
+      RUST_MIN_STACK=16777216 wasm-pack build ./libs/ironrdp --target web --mode no-install
+      popd
+      pushd teleport
+      vite build
+      popd
+      popd
+    '';
+
+    installPhase = ''
+      mkdir -p $out
+      cp -R webassets/. $out
+    '';
+  };
+in
+buildGoModule (finalAttrs: {
+  inherit pname src version;
+  inherit vendorHash;
+  proxyVendor = true;
+
+  subPackages = [
+    "tool/tbot"
+    "tool/tctl"
+    "tool/teleport"
+    "tool/tsh"
+  ];
+  tags = [
+    "libfido2"
+    "webassets_embed"
+  ]
+  ++ lib.optional withRdpClient "desktop_access_rdp";
+
+  buildInputs = [
+    openssl
+    libfido2
+  ];
+  nativeBuildInputs = [
+    makeWrapper
+    pkg-config
+  ];
+
+  patches = extPatches ++ [
+    ./0001-fix-add-nix-path-to-exec-env.patch
+    ./rdpclient.patch
+    ./tsh.patch
+  ];
+
+  # Reduce closure size for client machines
+  outputs = [
+    "out"
+    "client"
+  ];
+
+  preBuild = ''
+    cp -r ${webassets} webassets
+  ''
+  + lib.optionalString withRdpClient ''
+    ln -s ${rdpClient}/lib/* lib/
+    ln -s ${rdpClient}/include/* lib/srv/desktop/rdp/rdpclient/
+  '';
+
+  # Multiple tests fail in the build sandbox
+  # due to trying to spawn nixbld's shell (/noshell), etc.
+  doCheck = false;
+
+  postInstall = ''
+    mkdir -p $client/bin
+    mv {$out,$client}/bin/tsh
+    # make xdg-open overrideable at runtime
+    wrapProgram $client/bin/tsh --suffix PATH : ${lib.makeBinPath [ xdg-utils ]}
+    ln -s {$client,$out}/bin/tsh
+  '';
+
+  doInstallCheck = true;
+
+  installCheckPhase = ''
+    export HOME=$(mktemp -d)
+    $out/bin/tsh version | grep ${version} > /dev/null
+    $client/bin/tsh version | grep ${version} > /dev/null
+    $out/bin/tbot version | grep ${version} > /dev/null
+    $out/bin/tctl version | grep ${version} > /dev/null
+    $out/bin/teleport version | grep ${version} > /dev/null
+  '';
+
+  passthru.tests = nixosTests.teleport;
+
+  meta = {
+    description = "Certificate authority and access plane for SSH, Kubernetes, web applications, and databases";
+    homepage = "https://goteleport.com/";
+    license = lib.licenses.agpl3Plus;
+    maintainers = with lib.maintainers; [
+      arianvp
+      justinas
+      sigma
+      tomberek
+      freezeboy
+      techknowlogick
+      juliusfreudenberger
+    ];
+    platforms = lib.platforms.unix;
+    # go-libfido2 is broken on platforms with less than 64-bit because it defines an array
+    # which occupies more than 31 bits of address space.
+    broken = stdenv.hostPlatform.parsed.cpu.bits < 64;
+  };
+})

pkgs/build-support/teleport/rdpclient.patch

@@ -17,6 +17,6 @@ index 4357d7aa1..7e21a0076 100644
 +#cgo LDFLAGS: -L${SRCDIR}/../../../../../lib -lpthread -ldl -lm -lssl -lcrypto
 +#cgo linux LDFLAGS: -l:librdp_client.a
 +#cgo darwin LDFLAGS: -framework CoreFoundation -framework Security -lrdp_client
- #include <librdprs.h>
+ #include <librdpclient.h>
  */
  import "C"

pkgs/by-name/te/teleport/package.nix

@@ -1,212 +1,5 @@
 {
-  lib,
-  buildGo123Module,
-  rustPlatform,
-  fetchFromGitHub,
-  fetchpatch,
-  makeWrapper,
-  binaryen,
-  cargo,
-  libfido2,
-  nodejs,
-  openssl,
-  pkg-config,
-  pnpm_10,
-  rustc,
-  stdenv,
-  xdg-utils,
-  wasm-bindgen-cli_0_2_95,
-  wasm-pack,
-  nixosTests,
-
-  withRdpClient ? true,
-
-  version ? "17.5.4",
-  hash ? "sha256-ojRIyPTrSG3/xuqdaUNrN4s5HP3E8pvzjG8h+qFEYrc=",
-  vendorHash ? "sha256-IHXwCp1MdcEKJhIs9DNf77Vd93Ai2as7ROlh6AJT9+Q=",
-  extPatches ? [ ],
-  cargoHash ? "sha256-qz8gkooQTuBlPWC4lHtvBQpKkd+nEZ0Hl7AVg9JkPqs=",
-  pnpmHash ? "sha256-YwftGEQTEI8NvFTFLMJHhYkvaIIP9+bskCQCp5xuEtY=",
+  teleport_17,
 }:
-let
-  # This repo has a private submodule "e" which fetchgit cannot handle without failing.
-  src = fetchFromGitHub {
-    owner = "gravitational";
-    repo = "teleport";
-    rev = "v${version}";
-    inherit hash;
-  };
-  pname = "teleport";
-  inherit version;
 
-  rdpClient = rustPlatform.buildRustPackage (finalAttrs: {
-    pname = "teleport-rdpclient";
-
-    inherit cargoHash;
-    inherit version src;
-
-    buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient";
-
-    buildInputs = [ openssl ];
-    nativeBuildInputs = [ pkg-config ];
-
-    # https://github.com/NixOS/nixpkgs/issues/161570 ,
-    # buildRustPackage sets strictDeps = true;
-    nativeCheckInputs = finalAttrs.buildInputs;
-
-    OPENSSL_NO_VENDOR = "1";
-
-    postInstall = ''
-      mkdir -p $out/include
-      cp ${finalAttrs.buildAndTestSubdir}/librdprs.h $out/include/
-    '';
-  });
-
-  webassets = stdenv.mkDerivation {
-    pname = "teleport-webassets";
-    inherit src version;
-
-    cargoDeps = rustPlatform.fetchCargoVendor {
-      inherit src;
-      hash = cargoHash;
-    };
-
-    pnpmDeps = pnpm_10.fetchDeps {
-      inherit src pname version;
-      fetcherVersion = 1;
-      hash = pnpmHash;
-    };
-
-    nativeBuildInputs = [
-      binaryen
-      cargo
-      nodejs
-      pnpm_10.configHook
-      rustc
-      rustc.llvmPackages.lld
-      rustPlatform.cargoSetupHook
-      wasm-bindgen-cli_0_2_95
-      wasm-pack
-    ];
-
-    patches = [
-      ./disable-wasm-opt-for-ironrdp.patch
-    ];
-
-    configurePhase = ''
-      runHook preConfigure
-
-      export HOME=$(mktemp -d)
-
-      runHook postConfigure
-    '';
-
-    buildPhase = ''
-      PATH=$PATH:$PWD/node_modules/.bin
-
-      pushd web/packages
-      pushd shared
-      # https://github.com/gravitational/teleport/blob/6b91fe5bbb9e87db4c63d19f94ed4f7d0f9eba43/web/packages/teleport/README.md?plain=1#L18-L20
-      RUST_MIN_STACK=16777216 wasm-pack build ./libs/ironrdp --target web --mode no-install
-      popd
-      pushd teleport
-      vite build
-      popd
-      popd
-    '';
-
-    installPhase = ''
-      mkdir -p $out
-      cp -R webassets/. $out
-    '';
-  };
-in
-buildGo123Module (finalAttrs: {
-  inherit pname src version;
-  inherit vendorHash;
-  proxyVendor = true;
-
-  subPackages = [
-    "tool/tbot"
-    "tool/tctl"
-    "tool/teleport"
-    "tool/tsh"
-  ];
-  tags = [
-    "libfido2"
-    "webassets_embed"
-  ]
-  ++ lib.optional withRdpClient "desktop_access_rdp";
-
-  buildInputs = [
-    openssl
-    libfido2
-  ];
-  nativeBuildInputs = [
-    makeWrapper
-    pkg-config
-  ];
-
-  patches = extPatches ++ [
-    ./0001-fix-add-nix-path-to-exec-env.patch
-    ./rdpclient.patch
-    ./tsh.patch
-  ];
-
-  # Reduce closure size for client machines
-  outputs = [
-    "out"
-    "client"
-  ];
-
-  preBuild = ''
-    cp -r ${webassets} webassets
-  ''
-  + lib.optionalString withRdpClient ''
-    ln -s ${rdpClient}/lib/* lib/
-    ln -s ${rdpClient}/include/* lib/srv/desktop/rdp/rdpclient/
-  '';
-
-  # Multiple tests fail in the build sandbox
-  # due to trying to spawn nixbld's shell (/noshell), etc.
-  doCheck = false;
-
-  postInstall = ''
-    mkdir -p $client/bin
-    mv {$out,$client}/bin/tsh
-    # make xdg-open overrideable at runtime
-    wrapProgram $client/bin/tsh --suffix PATH : ${lib.makeBinPath [ xdg-utils ]}
-    ln -s {$client,$out}/bin/tsh
-  '';
-
-  doInstallCheck = true;
-
-  installCheckPhase = ''
-    $out/bin/tsh version | grep ${version} > /dev/null
-    $client/bin/tsh version | grep ${version} > /dev/null
-    $out/bin/tbot version | grep ${version} > /dev/null
-    $out/bin/tctl version | grep ${version} > /dev/null
-    $out/bin/teleport version | grep ${version} > /dev/null
-  '';
-
-  passthru.tests = nixosTests.teleport;
-
-  meta = {
-    description = "Certificate authority and access plane for SSH, Kubernetes, web applications, and databases";
-    homepage = "https://goteleport.com/";
-    license = lib.licenses.agpl3Plus;
-    maintainers = with lib.maintainers; [
-      arianvp
-      justinas
-      sigma
-      tomberek
-      freezeboy
-      techknowlogick
-      juliusfreudenberger
-    ];
-    platforms = lib.platforms.unix;
-    # go-libfido2 is broken on platforms with less than 64-bit because it defines an array
-    # which occupies more than 31 bits of address space.
-    broken = stdenv.hostPlatform.parsed.cpu.bits < 64;
-  };
-})
+teleport_17

pkgs/by-name/te/teleport_16/package.nix

@@ -1,10 +1,15 @@
 {
-  teleport,
+  buildTeleport,
+  buildGo124Module,
+  wasm-bindgen-cli_0_2_95,
 }:
-teleport.override {
-  version = "16.5.13";
-  hash = "sha256-X9Ujgvp+2dFCoku0tjGW4W05X8QrnExFE+H1kMhf91A=";
-  vendorHash = "sha256-0+7xbIONnZs7dPpfpHPmep+k4XxQE8TS/eKz4F5a3V0=";
-  pnpmHash = "sha256-waBzmNs20wbuoBDObVFnJjEYs3NJ/bzQksVz7ltMD7M=";
+buildTeleport rec {
+  version = "16.5.15";
+  hash = "sha256-DqNG6gl+KdjSbkE9Bwum8az8cLCSOmZwo9xpuWafHCA=";
+  vendorHash = "sha256-sZvRKLF2iZ3UpgGNUPuWMT7VTpnDa2uU0d1XjDKSmdo=";
+  pnpmHash = "sha256-8xnH9PkKz77whtq/LVYUjyG1Z1reRtW03Gv8sZ/1vww=";
   cargoHash = "sha256-04zykCcVTptEPGy35MIWG+tROKFzEepLBmn04mSbt7I=";
+
+  wasm-bindgen-cli = wasm-bindgen-cli_0_2_95;
+  buildGoModule = buildGo124Module;
 }

pkgs/by-name/te/teleport_17/package.nix

@@ -1,4 +1,16 @@
 {
-  teleport,
+  buildTeleport,
+  buildGo124Module,
+  wasm-bindgen-cli_0_2_95,
 }:
-teleport
+
+buildTeleport rec {
+  version = "17.7.3";
+  hash = "sha256-YSYkJRAeu7iPOs/gFnozZbks0Fx5srNH0VjrKvFmHZo=";
+  vendorHash = "sha256-7Rb94ERtp3H1Jwyh9d7AFT06d4xXdnfe5tpdvJQrbUQ=";
+  cargoHash = "sha256-qz8gkooQTuBlPWC4lHtvBQpKkd+nEZ0Hl7AVg9JkPqs=";
+  pnpmHash = "sha256-ZONs8z8mgBBQBmqaDGJKqhmtUKBrxE8BGYppbAqpQmg=";
+
+  wasm-bindgen-cli = wasm-bindgen-cli_0_2_95;
+  buildGoModule = buildGo124Module;
+}

pkgs/by-name/te/teleport_18/package.nix

@@ -0,0 +1,16 @@
+{
+  buildTeleport,
+  buildGo124Module,
+  wasm-bindgen-cli_0_2_99,
+}:
+
+buildTeleport rec {
+  version = "18.2.0";
+  hash = "sha256-JWgGRv9pK76u7IxwqnBcuAI93XIKfIVvme7l+a/3J7c=";
+  vendorHash = "sha256-oPi/rIuwze2ZlyHfZ2MdDHHvdIaF2IZ2aklEVNRgoLo=";
+  pnpmHash = "sha256-wW4RT1uqOTpy8wKIsAOfIlxoOamTzPqEbFQRAub+sn4=";
+  cargoHash = "sha256-ia4We4IfIkqz82aFMVvXdzjDXw0w+OJSPVdutfau6PA=";
+
+  wasm-bindgen-cli = wasm-bindgen-cli_0_2_99;
+  buildGoModule = buildGo124Module;
+}

pkgs/by-name/wa/wasm-bindgen-cli_0_2_99/package.nix

@@ -0,0 +1,19 @@
+{
+  buildWasmBindgenCli,
+  fetchCrate,
+  rustPlatform,
+}:
+
+buildWasmBindgenCli rec {
+  src = fetchCrate {
+    pname = "wasm-bindgen-cli";
+    version = "0.2.99";
+    hash = "sha256-1AN2E9t/lZhbXdVznhTcniy+7ZzlaEp/gwLEAucs6EA=";
+  };
+
+  cargoDeps = rustPlatform.fetchCargoVendor {
+    inherit src;
+    inherit (src) pname version;
+    hash = "sha256-HGcqXb2vt6nAvPXBZOJn7nogjIoAgXno2OJBE1trHpc=";
+  };
+}

pkgs/top-level/all-packages.nix

@@ -4534,6 +4534,8 @@ with pkgs;
 
   teamviewer = libsForQt5.callPackage ../applications/networking/remote/teamviewer { };
 
+  buildTeleport = callPackage ../build-support/teleport { };
+
   telepresence = callPackage ../tools/networking/telepresence {
     pythonPackages = python3Packages;
   };