2021-11-08 21:43:52 +00:00
|
|
|
{ lib
|
2022-02-04 12:16:47 +00:00
|
|
|
, buildGoModule
|
2021-11-08 21:43:52 +00:00
|
|
|
, rustPlatform
|
|
|
|
, fetchFromGitHub
|
2023-02-03 22:42:58 +00:00
|
|
|
, fetchYarnDeps
|
2021-11-08 21:43:52 +00:00
|
|
|
, makeWrapper
|
2022-04-25 16:30:13 +00:00
|
|
|
, CoreFoundation
|
2022-10-11 08:55:39 +00:00
|
|
|
, AppKit
|
2022-09-19 04:02:12 +00:00
|
|
|
, libfido2
|
2023-02-03 22:42:58 +00:00
|
|
|
, nodejs
|
2022-04-25 16:30:13 +00:00
|
|
|
, openssl
|
|
|
|
, pkg-config
|
|
|
|
, Security
|
2021-11-08 21:43:52 +00:00
|
|
|
, stdenv
|
|
|
|
, xdg-utils
|
2023-02-03 22:42:58 +00:00
|
|
|
, yarn
|
|
|
|
, yarn2nix-moretea
|
2022-01-08 08:29:19 +00:00
|
|
|
, nixosTests
|
2018-01-14 08:04:08 +00:00
|
|
|
|
2022-04-25 16:30:13 +00:00
|
|
|
, withRdpClient ? true
|
2023-02-23 18:14:50 +00:00
|
|
|
|
|
|
|
, version
|
|
|
|
, hash
|
|
|
|
, vendorHash
|
2023-04-02 16:05:44 +00:00
|
|
|
, cargoHash ? null
|
|
|
|
, cargoLock ? null
|
2023-02-23 18:14:50 +00:00
|
|
|
, yarnHash
|
2021-11-08 21:43:52 +00:00
|
|
|
}:
|
|
|
|
let
|
2018-02-01 10:27:07 +00:00
|
|
|
# This repo has a private submodule "e" which fetchgit cannot handle without failing.
|
|
|
|
src = fetchFromGitHub {
|
|
|
|
owner = "gravitational";
|
|
|
|
repo = "teleport";
|
|
|
|
rev = "v${version}";
|
2023-02-23 18:14:50 +00:00
|
|
|
inherit hash;
|
2021-11-08 21:43:52 +00:00
|
|
|
};
|
2023-02-23 18:14:50 +00:00
|
|
|
inherit version;
|
2021-11-08 21:43:52 +00:00
|
|
|
|
2022-04-25 16:30:13 +00:00
|
|
|
rdpClient = rustPlatform.buildRustPackage rec {
|
2022-09-07 16:10:10 +00:00
|
|
|
pname = "teleport-rdpclient";
|
2023-04-02 16:05:44 +00:00
|
|
|
inherit cargoHash cargoLock;
|
2022-04-25 16:30:13 +00:00
|
|
|
inherit version src;
|
|
|
|
|
|
|
|
buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient";
|
|
|
|
|
|
|
|
buildInputs = [ openssl ]
|
|
|
|
++ lib.optionals stdenv.isDarwin [ CoreFoundation Security ];
|
|
|
|
nativeBuildInputs = [ pkg-config ];
|
|
|
|
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/161570 ,
|
|
|
|
# buildRustPackage sets strictDeps = true;
|
2023-01-21 12:00:00 +00:00
|
|
|
nativeCheckInputs = buildInputs;
|
2022-04-25 16:30:13 +00:00
|
|
|
|
|
|
|
OPENSSL_NO_VENDOR = "1";
|
|
|
|
|
|
|
|
postInstall = ''
|
2022-09-07 16:10:10 +00:00
|
|
|
mkdir -p $out/include
|
|
|
|
cp ${buildAndTestSubdir}/librdprs.h $out/include/
|
2021-11-08 21:43:52 +00:00
|
|
|
'';
|
2018-02-01 10:27:07 +00:00
|
|
|
};
|
|
|
|
|
2023-02-03 22:42:58 +00:00
|
|
|
yarnOfflineCache = fetchYarnDeps {
|
|
|
|
yarnLock = "${src}/yarn.lock";
|
2023-02-23 18:14:50 +00:00
|
|
|
hash = yarnHash;
|
2023-02-03 22:42:58 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
webassets = stdenv.mkDerivation {
|
|
|
|
pname = "teleport-webassets";
|
|
|
|
inherit src version;
|
|
|
|
|
|
|
|
nativeBuildInputs = [
|
|
|
|
nodejs
|
|
|
|
yarn
|
|
|
|
yarn2nix-moretea.fixup_yarn_lock
|
|
|
|
];
|
|
|
|
|
|
|
|
configurePhase = ''
|
|
|
|
export HOME=$(mktemp -d)
|
|
|
|
'';
|
|
|
|
|
|
|
|
buildPhase = ''
|
|
|
|
yarn config --offline set yarn-offline-mirror ${yarnOfflineCache}
|
|
|
|
fixup_yarn_lock yarn.lock
|
|
|
|
|
|
|
|
yarn install --offline \
|
|
|
|
--frozen-lockfile \
|
|
|
|
--ignore-engines --ignore-scripts
|
|
|
|
patchShebangs .
|
|
|
|
|
|
|
|
yarn build-ui-oss
|
|
|
|
'';
|
|
|
|
|
|
|
|
installPhase = ''
|
|
|
|
mkdir -p $out
|
|
|
|
cp -R webassets/. $out
|
|
|
|
'';
|
2021-11-08 21:43:52 +00:00
|
|
|
};
|
|
|
|
in
|
2022-02-04 12:16:47 +00:00
|
|
|
buildGoModule rec {
|
2021-11-08 21:43:52 +00:00
|
|
|
pname = "teleport";
|
|
|
|
|
|
|
|
inherit src version;
|
2023-02-23 18:14:50 +00:00
|
|
|
inherit vendorHash;
|
2023-02-03 22:42:58 +00:00
|
|
|
proxyVendor = true;
|
2020-03-18 10:43:09 +00:00
|
|
|
|
2022-04-25 16:06:27 +00:00
|
|
|
subPackages = [ "tool/tbot" "tool/tctl" "tool/teleport" "tool/tsh" ];
|
2022-09-19 04:02:12 +00:00
|
|
|
tags = [ "libfido2" "webassets_embed" ]
|
2022-09-07 16:10:10 +00:00
|
|
|
++ lib.optional withRdpClient "desktop_access_rdp";
|
2020-03-18 10:43:09 +00:00
|
|
|
|
2022-09-19 04:02:12 +00:00
|
|
|
buildInputs = [ openssl libfido2 ]
|
2022-10-11 08:55:39 +00:00
|
|
|
++ lib.optionals (stdenv.isDarwin && withRdpClient) [ CoreFoundation Security AppKit ];
|
2022-09-19 04:02:12 +00:00
|
|
|
nativeBuildInputs = [ makeWrapper pkg-config ];
|
2020-03-18 10:43:09 +00:00
|
|
|
|
2021-08-04 12:00:16 +00:00
|
|
|
patches = [
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/120738
|
|
|
|
./tsh.patch
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/132652
|
|
|
|
./test.patch
|
2022-03-28 11:27:12 +00:00
|
|
|
./0001-fix-add-nix-path-to-exec-env.patch
|
2022-04-25 16:30:13 +00:00
|
|
|
./rdpclient.patch
|
2021-08-04 12:00:16 +00:00
|
|
|
];
|
2021-04-26 12:45:28 +00:00
|
|
|
|
2021-08-11 12:58:40 +00:00
|
|
|
# Reduce closure size for client machines
|
|
|
|
outputs = [ "out" "client" ];
|
|
|
|
|
2022-09-07 16:10:10 +00:00
|
|
|
preBuild = ''
|
2023-02-03 22:42:58 +00:00
|
|
|
cp -r ${webassets} webassets
|
2022-09-07 16:10:10 +00:00
|
|
|
'' + lib.optionalString withRdpClient ''
|
|
|
|
ln -s ${rdpClient}/lib/* lib/
|
|
|
|
ln -s ${rdpClient}/include/* lib/srv/desktop/rdp/rdpclient/
|
|
|
|
'';
|
2018-01-14 08:04:08 +00:00
|
|
|
|
2022-04-25 16:06:27 +00:00
|
|
|
# Multiple tests fail in the build sandbox
|
|
|
|
# due to trying to spawn nixbld's shell (/noshell), etc.
|
|
|
|
doCheck = false;
|
2021-04-22 15:32:55 +00:00
|
|
|
|
2021-01-05 12:50:58 +00:00
|
|
|
postInstall = ''
|
2022-09-07 16:10:10 +00:00
|
|
|
mkdir -p $client/bin
|
|
|
|
mv {$out,$client}/bin/tsh
|
2022-07-11 23:23:52 +00:00
|
|
|
# make xdg-open overrideable at runtime
|
|
|
|
wrapProgram $client/bin/tsh --suffix PATH : ${lib.makeBinPath [ xdg-utils ]}
|
2022-09-07 16:10:10 +00:00
|
|
|
ln -s {$client,$out}/bin/tsh
|
2021-01-05 12:50:58 +00:00
|
|
|
'';
|
2018-01-14 08:04:08 +00:00
|
|
|
|
2021-02-01 14:45:17 +00:00
|
|
|
doInstallCheck = true;
|
|
|
|
|
|
|
|
installCheckPhase = ''
|
|
|
|
$out/bin/tsh version | grep ${version} > /dev/null
|
2021-01-05 12:50:58 +00:00
|
|
|
$client/bin/tsh version | grep ${version} > /dev/null
|
2022-04-25 16:06:27 +00:00
|
|
|
$out/bin/tbot version | grep ${version} > /dev/null
|
2021-02-01 14:45:17 +00:00
|
|
|
$out/bin/tctl version | grep ${version} > /dev/null
|
|
|
|
$out/bin/teleport version | grep ${version} > /dev/null
|
|
|
|
'';
|
|
|
|
|
2022-01-08 08:29:19 +00:00
|
|
|
passthru.tests = nixosTests.teleport;
|
|
|
|
|
2021-01-05 12:50:58 +00:00
|
|
|
meta = with lib; {
|
2021-11-08 21:43:52 +00:00
|
|
|
description = "Certificate authority and access plane for SSH, Kubernetes, web applications, and databases";
|
2021-04-22 15:32:55 +00:00
|
|
|
homepage = "https://goteleport.com/";
|
2021-01-05 12:50:58 +00:00
|
|
|
license = licenses.asl20;
|
2023-03-07 14:41:39 +00:00
|
|
|
maintainers = with maintainers; [ arianvp justinas sigma tomberek freezeboy ];
|
2021-01-05 12:50:58 +00:00
|
|
|
platforms = platforms.unix;
|
2023-05-27 09:18:34 +00:00
|
|
|
# go-libfido2 is broken on platforms with less than 64-bit because it defines an array
|
|
|
|
# which occupies more than 31 bits of address space.
|
|
|
|
broken = stdenv.hostPlatform.parsed.cpu.bits < 64;
|
2018-01-14 08:04:08 +00:00
|
|
|
};
|
|
|
|
}
|