2021-11-08 22:43:52 +01:00
|
|
|
{ lib
|
2022-02-04 13:16:47 +01:00
|
|
|
, buildGoModule
|
2021-11-08 22:43:52 +01:00
|
|
|
, rustPlatform
|
|
|
|
, fetchFromGitHub
|
2023-02-03 23:42:58 +01:00
|
|
|
, fetchYarnDeps
|
2021-11-08 22:43:52 +01:00
|
|
|
, makeWrapper
|
2022-04-25 18:30:13 +02:00
|
|
|
, CoreFoundation
|
2022-10-11 10:55:39 +02:00
|
|
|
, AppKit
|
2022-09-19 06:02:12 +02:00
|
|
|
, libfido2
|
2023-02-03 23:42:58 +01:00
|
|
|
, nodejs
|
2022-04-25 18:30:13 +02:00
|
|
|
, openssl
|
|
|
|
, pkg-config
|
|
|
|
, Security
|
2021-11-08 22:43:52 +01:00
|
|
|
, stdenv
|
|
|
|
, xdg-utils
|
2023-02-03 23:42:58 +01:00
|
|
|
, yarn
|
|
|
|
, yarn2nix-moretea
|
2022-01-08 09:29:19 +01:00
|
|
|
, nixosTests
|
2018-01-14 09:04:08 +01:00
|
|
|
|
2022-04-25 18:30:13 +02:00
|
|
|
, withRdpClient ? true
|
2023-02-23 19:14:50 +01:00
|
|
|
|
|
|
|
, version
|
|
|
|
, hash
|
|
|
|
, vendorHash
|
2023-04-02 18:05:44 +02:00
|
|
|
, cargoHash ? null
|
|
|
|
, cargoLock ? null
|
2023-02-23 19:14:50 +01:00
|
|
|
, yarnHash
|
2021-11-08 22:43:52 +01:00
|
|
|
}:
|
|
|
|
let
|
2018-02-01 11:27:07 +01:00
|
|
|
# This repo has a private submodule "e" which fetchgit cannot handle without failing.
|
|
|
|
src = fetchFromGitHub {
|
|
|
|
owner = "gravitational";
|
|
|
|
repo = "teleport";
|
|
|
|
rev = "v${version}";
|
2023-02-23 19:14:50 +01:00
|
|
|
inherit hash;
|
2021-11-08 22:43:52 +01:00
|
|
|
};
|
2023-02-23 19:14:50 +01:00
|
|
|
inherit version;
|
2021-11-08 22:43:52 +01:00
|
|
|
|
2022-04-25 18:30:13 +02:00
|
|
|
rdpClient = rustPlatform.buildRustPackage rec {
|
2022-09-07 18:10:10 +02:00
|
|
|
pname = "teleport-rdpclient";
|
2023-04-02 18:05:44 +02:00
|
|
|
inherit cargoHash cargoLock;
|
2022-04-25 18:30:13 +02:00
|
|
|
inherit version src;
|
|
|
|
|
|
|
|
buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient";
|
|
|
|
|
|
|
|
buildInputs = [ openssl ]
|
|
|
|
++ lib.optionals stdenv.isDarwin [ CoreFoundation Security ];
|
|
|
|
nativeBuildInputs = [ pkg-config ];
|
|
|
|
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/161570 ,
|
|
|
|
# buildRustPackage sets strictDeps = true;
|
2023-01-21 13:00:00 +01:00
|
|
|
nativeCheckInputs = buildInputs;
|
2022-04-25 18:30:13 +02:00
|
|
|
|
|
|
|
OPENSSL_NO_VENDOR = "1";
|
|
|
|
|
|
|
|
postInstall = ''
|
2022-09-07 18:10:10 +02:00
|
|
|
mkdir -p $out/include
|
|
|
|
cp ${buildAndTestSubdir}/librdprs.h $out/include/
|
2021-11-08 22:43:52 +01:00
|
|
|
'';
|
2018-02-01 11:27:07 +01:00
|
|
|
};
|
|
|
|
|
2023-02-03 23:42:58 +01:00
|
|
|
yarnOfflineCache = fetchYarnDeps {
|
|
|
|
yarnLock = "${src}/yarn.lock";
|
2023-02-23 19:14:50 +01:00
|
|
|
hash = yarnHash;
|
2023-02-03 23:42:58 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
webassets = stdenv.mkDerivation {
|
|
|
|
pname = "teleport-webassets";
|
|
|
|
inherit src version;
|
|
|
|
|
|
|
|
nativeBuildInputs = [
|
|
|
|
nodejs
|
|
|
|
yarn
|
|
|
|
yarn2nix-moretea.fixup_yarn_lock
|
|
|
|
];
|
|
|
|
|
|
|
|
configurePhase = ''
|
|
|
|
export HOME=$(mktemp -d)
|
|
|
|
'';
|
|
|
|
|
|
|
|
buildPhase = ''
|
|
|
|
yarn config --offline set yarn-offline-mirror ${yarnOfflineCache}
|
|
|
|
fixup_yarn_lock yarn.lock
|
|
|
|
|
|
|
|
yarn install --offline \
|
|
|
|
--frozen-lockfile \
|
|
|
|
--ignore-engines --ignore-scripts
|
|
|
|
patchShebangs .
|
|
|
|
|
|
|
|
yarn build-ui-oss
|
|
|
|
'';
|
|
|
|
|
|
|
|
installPhase = ''
|
|
|
|
mkdir -p $out
|
|
|
|
cp -R webassets/. $out
|
|
|
|
'';
|
2021-11-08 22:43:52 +01:00
|
|
|
};
|
|
|
|
in
|
2022-02-04 13:16:47 +01:00
|
|
|
buildGoModule rec {
|
2021-11-08 22:43:52 +01:00
|
|
|
pname = "teleport";
|
|
|
|
|
|
|
|
inherit src version;
|
2023-02-23 19:14:50 +01:00
|
|
|
inherit vendorHash;
|
2023-02-03 23:42:58 +01:00
|
|
|
proxyVendor = true;
|
2020-03-18 11:43:09 +01:00
|
|
|
|
2022-04-25 18:06:27 +02:00
|
|
|
subPackages = [ "tool/tbot" "tool/tctl" "tool/teleport" "tool/tsh" ];
|
2022-09-19 06:02:12 +02:00
|
|
|
tags = [ "libfido2" "webassets_embed" ]
|
2022-09-07 18:10:10 +02:00
|
|
|
++ lib.optional withRdpClient "desktop_access_rdp";
|
2020-03-18 11:43:09 +01:00
|
|
|
|
2022-09-19 06:02:12 +02:00
|
|
|
buildInputs = [ openssl libfido2 ]
|
2022-10-11 10:55:39 +02:00
|
|
|
++ lib.optionals (stdenv.isDarwin && withRdpClient) [ CoreFoundation Security AppKit ];
|
2022-09-19 06:02:12 +02:00
|
|
|
nativeBuildInputs = [ makeWrapper pkg-config ];
|
2020-03-18 11:43:09 +01:00
|
|
|
|
2021-08-04 14:00:16 +02:00
|
|
|
patches = [
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/120738
|
|
|
|
./tsh.patch
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/132652
|
|
|
|
./test.patch
|
2022-03-28 13:27:12 +02:00
|
|
|
./0001-fix-add-nix-path-to-exec-env.patch
|
2022-04-25 18:30:13 +02:00
|
|
|
./rdpclient.patch
|
2021-08-04 14:00:16 +02:00
|
|
|
];
|
2021-04-26 14:45:28 +02:00
|
|
|
|
2021-08-11 14:58:40 +02:00
|
|
|
# Reduce closure size for client machines
|
|
|
|
outputs = [ "out" "client" ];
|
|
|
|
|
2022-09-07 18:10:10 +02:00
|
|
|
preBuild = ''
|
2023-02-03 23:42:58 +01:00
|
|
|
cp -r ${webassets} webassets
|
2022-09-07 18:10:10 +02:00
|
|
|
'' + lib.optionalString withRdpClient ''
|
|
|
|
ln -s ${rdpClient}/lib/* lib/
|
|
|
|
ln -s ${rdpClient}/include/* lib/srv/desktop/rdp/rdpclient/
|
|
|
|
'';
|
2018-01-14 09:04:08 +01:00
|
|
|
|
2022-04-25 18:06:27 +02:00
|
|
|
# Multiple tests fail in the build sandbox
|
|
|
|
# due to trying to spawn nixbld's shell (/noshell), etc.
|
|
|
|
doCheck = false;
|
2021-04-22 17:32:55 +02:00
|
|
|
|
2021-01-05 13:50:58 +01:00
|
|
|
postInstall = ''
|
2022-09-07 18:10:10 +02:00
|
|
|
mkdir -p $client/bin
|
|
|
|
mv {$out,$client}/bin/tsh
|
2022-07-12 01:23:52 +02:00
|
|
|
# make xdg-open overrideable at runtime
|
|
|
|
wrapProgram $client/bin/tsh --suffix PATH : ${lib.makeBinPath [ xdg-utils ]}
|
2022-09-07 18:10:10 +02:00
|
|
|
ln -s {$client,$out}/bin/tsh
|
2021-01-05 13:50:58 +01:00
|
|
|
'';
|
2018-01-14 09:04:08 +01:00
|
|
|
|
2021-02-01 15:45:17 +01:00
|
|
|
doInstallCheck = true;
|
|
|
|
|
|
|
|
installCheckPhase = ''
|
|
|
|
$out/bin/tsh version | grep ${version} > /dev/null
|
2021-01-05 13:50:58 +01:00
|
|
|
$client/bin/tsh version | grep ${version} > /dev/null
|
2022-04-25 18:06:27 +02:00
|
|
|
$out/bin/tbot version | grep ${version} > /dev/null
|
2021-02-01 15:45:17 +01:00
|
|
|
$out/bin/tctl version | grep ${version} > /dev/null
|
|
|
|
$out/bin/teleport version | grep ${version} > /dev/null
|
|
|
|
'';
|
|
|
|
|
2022-01-08 09:29:19 +01:00
|
|
|
passthru.tests = nixosTests.teleport;
|
|
|
|
|
2021-01-05 13:50:58 +01:00
|
|
|
meta = with lib; {
|
2021-11-08 22:43:52 +01:00
|
|
|
description = "Certificate authority and access plane for SSH, Kubernetes, web applications, and databases";
|
2021-04-22 17:32:55 +02:00
|
|
|
homepage = "https://goteleport.com/";
|
2021-01-05 13:50:58 +01:00
|
|
|
license = licenses.asl20;
|
2023-03-07 15:41:39 +01:00
|
|
|
maintainers = with maintainers; [ arianvp justinas sigma tomberek freezeboy ];
|
2021-01-05 13:50:58 +01:00
|
|
|
platforms = platforms.unix;
|
2023-05-27 11:18:34 +02:00
|
|
|
# go-libfido2 is broken on platforms with less than 64-bit because it defines an array
|
|
|
|
# which occupies more than 31 bits of address space.
|
|
|
|
broken = stdenv.hostPlatform.parsed.cpu.bits < 64;
|
2018-01-14 09:04:08 +01:00
|
|
|
};
|
|
|
|
}
|