* [gentoo-commits] repo/gentoo:master commit in: profiles/, sys-cluster/teleport/files/, sys-cluster/teleport/
@ 2025-04-22 10:21 Michał Górny
0 siblings, 0 replies; only message in thread
From: Michał Górny @ 2025-04-22 10:21 UTC (permalink / raw
To: gentoo-commits
commit: e2f21bcaafd68d7b02f3b8411fa84cb1d6526f41
Author: Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 22 10:18:20 2025 +0000
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Tue Apr 22 10:18:20 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2f21bca
sys-cluster/teleport: Remove last-rited pkg
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>
profiles/package.mask | 8 -
sys-cluster/teleport/Manifest | 1 -
sys-cluster/teleport/files/teleport.conf.d | 17 --
sys-cluster/teleport/files/teleport.init.d | 37 ----
sys-cluster/teleport/files/teleport.service | 13 --
sys-cluster/teleport/files/teleport.service.conf | 3 -
sys-cluster/teleport/files/teleport.yaml | 251 -----------------------
sys-cluster/teleport/metadata.xml | 17 --
sys-cluster/teleport/teleport-4.1.4.ebuild | 50 -----
9 files changed, 397 deletions(-)
diff --git a/profiles/package.mask b/profiles/package.mask
index a88436b92fe8..a05510c6f947 100644
--- a/profiles/package.mask
+++ b/profiles/package.mask
@@ -310,14 +310,6 @@ dev-python/bitvector
sys-cluster/crmsh
sys-cluster/pacemaker
-# Arthur Zamarin <arthurzam@gentoo.org> (2025-03-15)
-# EAPI=7, uses deprecated Go eclasses. Isn't maintained in Gentoo
-# since 2019, with awaiting version bump (upstream is still active).
-# Has open security vulnerabilities.
-# Removal on 2025-04-14. Bugs #951417, #631076, #679948, #695310,
-# #771051, #844727, #880151, #908590, #948207, #813702, #866356.
-sys-cluster/teleport
-
# Sam James <sam@gentoo.org> (2025-03-07)
# May cause emerge to hang (bug #950707). Tests hang on one machine
# and another strange report upstream: https://github.com/pkgconf/pkgconf/issues/383.
diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest
deleted file mode 100644
index 68e2e51767ab..000000000000
--- a/sys-cluster/teleport/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST teleport-4.1.4.tar.gz 42353194 BLAKE2B 905babaa899b80816b826a920f75dde55619ef7b476da6b3277347128a7301853241abcda852617363bfeb6fa432ef8f49d4b9444cde79e8e38ba9a79e2ec6dc SHA512 5aa8e872802924e03839d4311b346cf1ef00c786e77a62e43a7b182c49f8cee7430e153c5d9ce8400beba332c715d21cdffef7c75be86992e0290d3795b38f12
diff --git a/sys-cluster/teleport/files/teleport.conf.d b/sys-cluster/teleport/files/teleport.conf.d
deleted file mode 100644
index e4b2cbb1a7e8..000000000000
--- a/sys-cluster/teleport/files/teleport.conf.d
+++ /dev/null
@@ -1,17 +0,0 @@
-# /etc/conf.d/teleport: config file for /etc/init.d/teleport
-
-# Where is your teleport.yaml file stored?
-TELEPORT_CONFDIR="/etc/teleport"
-
-# Any random options you want to pass to teleport.
-TELEPORT_OPTS=""
-
-# Pid file to use (needs to be absolute path).
-#TELEPORT_PIDFILE="/var/run/teleport.pid"
-
-# Path to log file
-#TELEPORT_LOGFILE="/var/log/teleport.log"
-
-# Startup dependency
-# Un-comment when using etcd storage backend
-#rc_need="etcd"
diff --git a/sys-cluster/teleport/files/teleport.init.d b/sys-cluster/teleport/files/teleport.init.d
deleted file mode 100644
index a951ec5318a0..000000000000
--- a/sys-cluster/teleport/files/teleport.init.d
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-: ${TELEPORT_CONFDIR:=/etc/teleport}
-: ${TELEPORT_PIDFILE:=/var/run/${SVCNAME}.pid}
-: ${TELEPORT_BINARY:=/usr/bin/teleport}
-: ${TELEPORT_LOGFILE:=/var/log/teleport.log}
-
-depend() {
- need net
-}
-
-start() {
- ebegin "Starting Teleport SSH Service"
- start-stop-daemon --start --exec /usr/bin/teleport \
- --background --make-pidfile --pidfile "${TELEPORT_PIDFILE}" \
- --stderr "${TELEPORT_LOGFILE}" \
- -- start --config="${TELEPORT_CONFDIR}/teleport.yaml" \
- ${TELEPORT_OPTS}
- eend $?
-}
-
-stop() {
- ebegin "Stopping Teleport SSH Service"
- start-stop-daemon --stop --exec /usr/bin/teleport \
- --pidfile "${TELEPORT_PIDFILE}"
- eend $?
-}
-
-reload() {
- checkconfig || return 1
- ebegin "Reloading ${SVCNAME}"
- start-stop-daemon --signal HUP \
- --exec "${TELEPORT_BINARY}" --pidfile "${TELEPORT_PIDFILE}"
- eend $?
-}
diff --git a/sys-cluster/teleport/files/teleport.service b/sys-cluster/teleport/files/teleport.service
deleted file mode 100644
index 37b38210aff4..000000000000
--- a/sys-cluster/teleport/files/teleport.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Teleport SSH Service
-After=network.target
-
-[Service]
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/teleport start --config=/etc/teleport/teleport.yaml --pid-file=/var/run/teleport.pid
-ExecReload=/bin/kill -HUP $MAINPID
-PIDFile=/var/run/teleport.pid
-
-[Install]
-WantedBy=multi-user.target
diff --git a/sys-cluster/teleport/files/teleport.service.conf b/sys-cluster/teleport/files/teleport.service.conf
deleted file mode 100644
index 2ff7ffbf3a4e..000000000000
--- a/sys-cluster/teleport/files/teleport.service.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# Uncomment the following when using the etcd storage backend
-#[Unit]
-#Wants=etcd.service
diff --git a/sys-cluster/teleport/files/teleport.yaml b/sys-cluster/teleport/files/teleport.yaml
deleted file mode 100644
index c6b012590f2e..000000000000
--- a/sys-cluster/teleport/files/teleport.yaml
+++ /dev/null
@@ -1,251 +0,0 @@
-# By default, this file should be stored in /etc/teleport.yaml
-
-# This section of the configuration file applies to all teleport
-# services.
-teleport:
- # nodename allows to assign an alternative name this node can be reached by.
- # by default it's equal to hostname
- # nodename: graviton
-
- # Data directory where Teleport daemon keeps its data.
- # See "Filesystem Layout" section above for more details.
- data_dir: /var/lib/teleport
-
- # Invitation token used to join a cluster. it is not used on
- # subsequent starts
- # auth_token: xxxx-token-xxxx
-
- # When running in multi-homed or NATed environments Teleport nodes need
- # to know which IP it will be reachable at by other nodes
- #
- # This value can be specified as FQDN e.g. host.example.com
- # advertise_ip: 10.1.0.5
-
- # list of auth servers in a cluster. you will have more than one auth server
- # if you configure teleport auth to run in HA configuration
- auth_servers:
- - localhost:3025
-
- # Teleport throttles all connections to avoid abuse. These settings allow
- # you to adjust the default limits
- connection_limits:
- max_connections: 1000
- max_users: 250
-
- # Logging configuration. Possible output values are 'stdout', 'stderr' and
- # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
- log:
- output: stderr
- severity: ERROR
-
- # Configuration for the storage back-end used for the cluster state and the
- # audit log. Several back-end types are supported. See "High Availability"
- # section of this Admin Manual below to learn how to configure DynamoDB,
- # S3, etcd and other highly available back-ends.
- storage:
- # By default teleport uses the `data_dir` directory on a local filesystem
- type: dir
-
- # Array of locations where the audit log events will be stored. by
- # default they are stored in `/var/lib/teleport/log`
- # audit_events_uri: [file:///var/lib/teleport/log, dynamo://events_table_name]
-
- # Use this setting to configure teleport to store the recorded sessions in
- # an AWS S3 bucket. see "Using Amazon S3" chapter for more information.
- # audit_sessions_uri: s3://name-of-s3-bucket
-
- # Cipher algorithms that the server supports. This section only needs to be
- # set if you want to override the defaults.
- # ciphers:
- # - aes128-ctr
- # - aes192-ctr
- # - aes256-ctr
- # - aes128-gcm@openssh.com
- # - chacha20-poly1305@openssh.com
-
- # Key exchange algorithms that the server supports. This section only needs
- # to be set if you want to override the defaults.
- # kex_algos:
- # - curve25519-sha256@libssh.org
- # - ecdh-sha2-nistp256
- # - ecdh-sha2-nistp384
- # - ecdh-sha2-nistp521
-
- # Message authentication code (MAC) algorithms that the server supports.
- # This section only needs to be set if you want to override the defaults.
- # mac_algos:
- # - hmac-sha2-256-etm@openssh.com
- # - hmac-sha2-256
-
- # List of the supported ciphersuites. If this section is not specified,
- # only the default ciphersuites are enabled.
- # ciphersuites:
- # - tls-rsa-with-aes-128-gcm-sha256
- # - tls-rsa-with-aes-256-gcm-sha384
- # - tls-ecdhe-rsa-with-aes-128-gcm-sha256
- # - tls-ecdhe-ecdsa-with-aes-128-gcm-sha256
- # - tls-ecdhe-rsa-with-aes-256-gcm-sha384
- # - tls-ecdhe-ecdsa-with-aes-256-gcm-sha384
- # - tls-ecdhe-rsa-with-chacha20-poly1305
- # - tls-ecdhe-ecdsa-with-chacha20-poly1305
-
-
-# This section configures the 'auth service':
-auth_service:
- # Turns 'auth' role on. Default is 'yes'
- enabled: yes
-
- # A cluster name is used as part of a signature in certificates
- # generated by this CA.
- #
- # We strongly recommend to explicitly set it to something meaningful as it
- # becomes important when configuring trust between multiple clusters.
- #
- # By default an automatically generated name is used (not recommended)
- #
- # IMPORTANT: if you change cluster_name, it will invalidate all generated
- # certificates and keys (may need to wipe out /var/lib/teleport directory)
- cluster_name: "main"
-
- authentication:
- # default authentication type. possible values are 'local', 'oidc' and 'saml'
- # only local authentication (Teleport's own user DB) is supported in the open
- # source version
- type: local
- # second_factor can be off, otp, or u2f
- second_factor: otp
- # this section is used if second_factor is set to 'u2f'
- u2f:
- # app_id must point to the URL of the Teleport Web UI (proxy) accessible
- # by the end users
- app_id: https://localhost:3080
- # facets must list all proxy servers if there are more than one deployed
- facets:
- - https://localhost:3080
-
- # IP and the port to bind to. Other Teleport nodes will be connecting to
- # this port (AKA "Auth API" or "Cluster API") to validate client
- # certificates
- listen_addr: 0.0.0.0:3025
-
- # The optional DNS name the auth server if located behind a load balancer.
- # (see public_addr section below)
- # public_addr: auth.example.com:3025
-
- # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
- # the role a new node will be allowed to assume. The more secure way to
- # add nodes is to use `ttl node add --ttl` command to generate auto-expiring
- # tokens.
- #
- # We recommend to use tools like `pwgen` to generate sufficiently random
- # tokens of 32+ byte length.
- # tokens:
- # - "proxy,node:xxxxx"
- # - "auth:yyyy"
-
- # Optional setting for configuring session recording. Possible values are:
- # "node" : sessions will be recorded on the node level (the default)
- # "proxy" : recording on the proxy level, see "recording proxy mode" section.
- # "off" : session recording is turned off
- session_recording: "node"
-
- # This setting determines if a Teleport proxy performs strict host key checks.
- # Only applicable if session_recording=proxy, see "recording proxy mode" for details.
- proxy_checks_host_keys: yes
-
- # Determines if SSH sessions to cluster nodes are forcefully terminated
- # after no activity from a client (idle client).
- # Examples: "30m", "1h" or "1h30m"
- client_idle_timeout: never
-
- # Determines if the clients will be forcefully disconnected when their
- # certificates expire in the middle of an active SSH session. (default is 'no')
- disconnect_expired_cert: no
-
-# This section configures the 'node service':
-ssh_service:
- # Turns 'ssh' role on. Default is 'yes'
- enabled: yes
-
- # IP and the port for SSH service to bind to.
- listen_addr: 0.0.0.0:3022
-
- # The optional public address the SSH service. This is useful if administrators
- # want to allow users to connect to nodes directly, bypassing a Teleport proxy
- # (see public_addr section below)
- # public_addr: node.example.com:3022
-
- # See explanation of labels in "Labeling Nodes" section below
- labels:
- role: master
-
- # List of the commands to periodically execute. Their output will be used as node labels.
- # See "Labeling Nodes" section below for more information and more examples.
- commands:
- # this command will add a label 'arch=x86_64' to a node
- - name: arch
- command: ['/bin/uname', '-p']
- period: 1h0m0s
-
- # enables reading ~/.tsh/environment before creating a session. by default
- # set to false, can be set true here or as a command line flag.
- permit_user_env: false
-
- # configures PAM integration. see below for more details.
- pam:
- enabled: no
- service_name: teleport
-
-# This section configures the 'proxy service'
-proxy_service:
- # Turns 'proxy' role on. Default is 'yes'
- enabled: yes
-
- # SSH forwarding/proxy address. Command line (CLI) clients always begin their
- # SSH sessions by connecting to this port
- listen_addr: 0.0.0.0:3023
-
- # Reverse tunnel listening address. An auth server (CA) can establish an
- # outbound (from behind the firewall) connection to this address.
- # This will allow users of the outside CA to connect to behind-the-firewall
- # nodes.
- tunnel_listen_addr: 0.0.0.0:3024
-
- # The HTTPS listen address to serve the Web UI and also to authenticate the
- # command line (CLI) users via password+HOTP
- web_listen_addr: 0.0.0.0:3080
-
- # The DNS name the proxy HTTPS endpoint as accessible by cluster users.
- # Defaults to the proxy's hostname if not specified. If running multiple
- # proxies behind a load balancer, this name must point to the load balancer
- # (see public_addr section below)
- # public_addr: proxy.example.com:3080
-
- # The DNS name of the proxy SSH endpoint as accessible by cluster clients.
- # Defaults to the proxy's hostname if not specified. If running multiple proxies
- # behind a load balancer, this name must point to the load balancer.
- # Use a TCP load balancer because this port uses SSH protocol.
- # ssh_public_addr: proxy.example.com:3023
-
- # TLS certificate for the HTTPS connection. Configuring these properly is
- # critical for Teleport security.
- https_key_file: /var/lib/teleport/webproxy_key.pem
- https_cert_file: /var/lib/teleport/webproxy_cert.pem
-
- # This section configures the Kubernetes proxy service
- kubernetes:
- # Turns 'kubernetes' proxy on. Default is 'no'
- enabled: no
-
- # Kubernetes proxy listen address.
- listen_addr: 0.0.0.0:3026
-
- # The DNS name of the Kubernetes proxy server that is accessible by cluster clients.
- # If running multiple proxies behind a load balancer, this name must point to the
- # load balancer.
- # public_addr: ['kube.example.com:3026']
-
- # This setting is not required if the Teleport proxy service is
- # deployed inside a Kubernetes cluster. Otherwise, Teleport proxy
- # will use the credentials from this file:
- # kubeconfig_file: /path/to/kube/config
diff --git a/sys-cluster/teleport/metadata.xml b/sys-cluster/teleport/metadata.xml
deleted file mode 100644
index dbf29994dfd3..000000000000
--- a/sys-cluster/teleport/metadata.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <maintainer type="person" proxied="yes">
- <name>Graeme Lawes</name>
- <email>graemelawes@gmail.com</email>
- </maintainer>
- <maintainer type="project" proxied="proxy">
- <name>Gentoo Proxy Maintainers Project</name>
- <email>proxy-maint@gentoo.org</email>
- </maintainer>
- <upstream>
- <changelog>https://github.com/gravitational/teleport/blob/master/CHANGELOG.md</changelog>
- <bugs-to>https://github.com/gravitational/teleport/issues</bugs-to>
- <remote-id type="github">gravitational/teleport</remote-id>
- </upstream>
-</pkgmetadata>
diff --git a/sys-cluster/teleport/teleport-4.1.4.ebuild b/sys-cluster/teleport/teleport-4.1.4.ebuild
deleted file mode 100644
index 5421480e2d1b..000000000000
--- a/sys-cluster/teleport/teleport-4.1.4.ebuild
+++ /dev/null
@@ -1,50 +0,0 @@
-# Copyright 2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit golang-build systemd
-
-DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
-HOMEPAGE="https://gravitational.com/teleport"
-
-EGO_PN="github.com/gravitational/${PN}/..."
-
-if [[ ${PV} == "9999" ]] ; then
- inherit git-r3 golang-vcs
- EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
-else
- inherit golang-vcs-snapshot
- SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
- KEYWORDS="~amd64 ~arm"
-fi
-
-IUSE="pam"
-LICENSE="Apache-2.0 MIT BSD ISC"
-RESTRICT="test strip"
-SLOT="0"
-
-BDEPEND="app-arch/zip"
-RDEPEND="pam? ( sys-libs/pam )"
-
-src_compile() {
- BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full
-}
-
-src_install() {
- keepdir /var/lib/${PN} /etc/${PN}
- dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
-
- insinto /etc/${PN}
- newins "${FILESDIR}"/${PN}.yaml ${PN}.yaml
-
- newinitd "${FILESDIR}"/${PN}.init.d ${PN}
- newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
-
- systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service
- systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
-}
-
-src_test() {
- BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test
-}
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2025-04-22 10:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-22 10:21 [gentoo-commits] repo/gentoo:master commit in: profiles/, sys-cluster/teleport/files/, sys-cluster/teleport/ Michał Górny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox