From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id DAC771584AD for ; Tue, 22 Apr 2025 10:21:39 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id BB508342FB6 for ; Tue, 22 Apr 2025 10:21:39 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 3E0DE1104B9; Tue, 22 Apr 2025 10:21:33 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id 287D41104B9 for ; Tue, 22 Apr 2025 10:21:33 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id C5F32342F9D for ; Tue, 22 Apr 2025 10:21:32 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 2C583254D for ; Tue, 22 Apr 2025 10:21:31 +0000 (UTC) From: "Michał Górny" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" Message-ID: <1745317100.e2f21bcaafd68d7b02f3b8411fa84cb1d6526f41.mgorny@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: profiles/, sys-cluster/teleport/files/, sys-cluster/teleport/ X-VCS-Repository: repo/gentoo X-VCS-Files: profiles/package.mask sys-cluster/teleport/Manifest sys-cluster/teleport/files/teleport.conf.d sys-cluster/teleport/files/teleport.init.d sys-cluster/teleport/files/teleport.service sys-cluster/teleport/files/teleport.service.conf sys-cluster/teleport/files/teleport.yaml sys-cluster/teleport/metadata.xml sys-cluster/teleport/teleport-4.1.4.ebuild X-VCS-Directories: profiles/ sys-cluster/teleport/files/ sys-cluster/teleport/ X-VCS-Committer: mgorny X-VCS-Committer-Name: Michał Górny X-VCS-Revision: e2f21bcaafd68d7b02f3b8411fa84cb1d6526f41 X-VCS-Branch: master Date: Tue, 22 Apr 2025 10:21:31 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 1b6652ca-0b83-4728-b069-039dbb3b46e8 X-Archives-Hash: 9efc09c6b0aa26d1eddc71937a73a628 commit: e2f21bcaafd68d7b02f3b8411fa84cb1d6526f41 Author: Michał Górny gentoo org> AuthorDate: Tue Apr 22 10:18:20 2025 +0000 Commit: Michał Górny gentoo org> CommitDate: Tue Apr 22 10:18:20 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2f21bca sys-cluster/teleport: Remove last-rited pkg Signed-off-by: Michał Górny gentoo.org> profiles/package.mask | 8 - sys-cluster/teleport/Manifest | 1 - sys-cluster/teleport/files/teleport.conf.d | 17 -- sys-cluster/teleport/files/teleport.init.d | 37 ---- sys-cluster/teleport/files/teleport.service | 13 -- sys-cluster/teleport/files/teleport.service.conf | 3 - sys-cluster/teleport/files/teleport.yaml | 251 ----------------------- sys-cluster/teleport/metadata.xml | 17 -- sys-cluster/teleport/teleport-4.1.4.ebuild | 50 ----- 9 files changed, 397 deletions(-) diff --git a/profiles/package.mask b/profiles/package.mask index a88436b92fe8..a05510c6f947 100644 --- a/profiles/package.mask +++ b/profiles/package.mask @@ -310,14 +310,6 @@ dev-python/bitvector sys-cluster/crmsh sys-cluster/pacemaker -# Arthur Zamarin (2025-03-15) -# EAPI=7, uses deprecated Go eclasses. Isn't maintained in Gentoo -# since 2019, with awaiting version bump (upstream is still active). -# Has open security vulnerabilities. -# Removal on 2025-04-14. Bugs #951417, #631076, #679948, #695310, -# #771051, #844727, #880151, #908590, #948207, #813702, #866356. -sys-cluster/teleport - # Sam James (2025-03-07) # May cause emerge to hang (bug #950707). Tests hang on one machine # and another strange report upstream: https://github.com/pkgconf/pkgconf/issues/383. diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest deleted file mode 100644 index 68e2e51767ab..000000000000 --- a/sys-cluster/teleport/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST teleport-4.1.4.tar.gz 42353194 BLAKE2B 905babaa899b80816b826a920f75dde55619ef7b476da6b3277347128a7301853241abcda852617363bfeb6fa432ef8f49d4b9444cde79e8e38ba9a79e2ec6dc SHA512 5aa8e872802924e03839d4311b346cf1ef00c786e77a62e43a7b182c49f8cee7430e153c5d9ce8400beba332c715d21cdffef7c75be86992e0290d3795b38f12 diff --git a/sys-cluster/teleport/files/teleport.conf.d b/sys-cluster/teleport/files/teleport.conf.d deleted file mode 100644 index e4b2cbb1a7e8..000000000000 --- a/sys-cluster/teleport/files/teleport.conf.d +++ /dev/null @@ -1,17 +0,0 @@ -# /etc/conf.d/teleport: config file for /etc/init.d/teleport - -# Where is your teleport.yaml file stored? -TELEPORT_CONFDIR="/etc/teleport" - -# Any random options you want to pass to teleport. -TELEPORT_OPTS="" - -# Pid file to use (needs to be absolute path). -#TELEPORT_PIDFILE="/var/run/teleport.pid" - -# Path to log file -#TELEPORT_LOGFILE="/var/log/teleport.log" - -# Startup dependency -# Un-comment when using etcd storage backend -#rc_need="etcd" diff --git a/sys-cluster/teleport/files/teleport.init.d b/sys-cluster/teleport/files/teleport.init.d deleted file mode 100644 index a951ec5318a0..000000000000 --- a/sys-cluster/teleport/files/teleport.init.d +++ /dev/null @@ -1,37 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -: ${TELEPORT_CONFDIR:=/etc/teleport} -: ${TELEPORT_PIDFILE:=/var/run/${SVCNAME}.pid} -: ${TELEPORT_BINARY:=/usr/bin/teleport} -: ${TELEPORT_LOGFILE:=/var/log/teleport.log} - -depend() { - need net -} - -start() { - ebegin "Starting Teleport SSH Service" - start-stop-daemon --start --exec /usr/bin/teleport \ - --background --make-pidfile --pidfile "${TELEPORT_PIDFILE}" \ - --stderr "${TELEPORT_LOGFILE}" \ - -- start --config="${TELEPORT_CONFDIR}/teleport.yaml" \ - ${TELEPORT_OPTS} - eend $? -} - -stop() { - ebegin "Stopping Teleport SSH Service" - start-stop-daemon --stop --exec /usr/bin/teleport \ - --pidfile "${TELEPORT_PIDFILE}" - eend $? -} - -reload() { - checkconfig || return 1 - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --signal HUP \ - --exec "${TELEPORT_BINARY}" --pidfile "${TELEPORT_PIDFILE}" - eend $? -} diff --git a/sys-cluster/teleport/files/teleport.service b/sys-cluster/teleport/files/teleport.service deleted file mode 100644 index 37b38210aff4..000000000000 --- a/sys-cluster/teleport/files/teleport.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Teleport SSH Service -After=network.target - -[Service] -Type=simple -Restart=on-failure -ExecStart=/usr/bin/teleport start --config=/etc/teleport/teleport.yaml --pid-file=/var/run/teleport.pid -ExecReload=/bin/kill -HUP $MAINPID -PIDFile=/var/run/teleport.pid - -[Install] -WantedBy=multi-user.target diff --git a/sys-cluster/teleport/files/teleport.service.conf b/sys-cluster/teleport/files/teleport.service.conf deleted file mode 100644 index 2ff7ffbf3a4e..000000000000 --- a/sys-cluster/teleport/files/teleport.service.conf +++ /dev/null @@ -1,3 +0,0 @@ -# Uncomment the following when using the etcd storage backend -#[Unit] -#Wants=etcd.service diff --git a/sys-cluster/teleport/files/teleport.yaml b/sys-cluster/teleport/files/teleport.yaml deleted file mode 100644 index c6b012590f2e..000000000000 --- a/sys-cluster/teleport/files/teleport.yaml +++ /dev/null @@ -1,251 +0,0 @@ -# By default, this file should be stored in /etc/teleport.yaml - -# This section of the configuration file applies to all teleport -# services. -teleport: - # nodename allows to assign an alternative name this node can be reached by. - # by default it's equal to hostname - # nodename: graviton - - # Data directory where Teleport daemon keeps its data. - # See "Filesystem Layout" section above for more details. - data_dir: /var/lib/teleport - - # Invitation token used to join a cluster. it is not used on - # subsequent starts - # auth_token: xxxx-token-xxxx - - # When running in multi-homed or NATed environments Teleport nodes need - # to know which IP it will be reachable at by other nodes - # - # This value can be specified as FQDN e.g. host.example.com - # advertise_ip: 10.1.0.5 - - # list of auth servers in a cluster. you will have more than one auth server - # if you configure teleport auth to run in HA configuration - auth_servers: - - localhost:3025 - - # Teleport throttles all connections to avoid abuse. These settings allow - # you to adjust the default limits - connection_limits: - max_connections: 1000 - max_users: 250 - - # Logging configuration. Possible output values are 'stdout', 'stderr' and - # 'syslog'. Possible severity values are INFO, WARN and ERROR (default). - log: - output: stderr - severity: ERROR - - # Configuration for the storage back-end used for the cluster state and the - # audit log. Several back-end types are supported. See "High Availability" - # section of this Admin Manual below to learn how to configure DynamoDB, - # S3, etcd and other highly available back-ends. - storage: - # By default teleport uses the `data_dir` directory on a local filesystem - type: dir - - # Array of locations where the audit log events will be stored. by - # default they are stored in `/var/lib/teleport/log` - # audit_events_uri: [file:///var/lib/teleport/log, dynamo://events_table_name] - - # Use this setting to configure teleport to store the recorded sessions in - # an AWS S3 bucket. see "Using Amazon S3" chapter for more information. - # audit_sessions_uri: s3://name-of-s3-bucket - - # Cipher algorithms that the server supports. This section only needs to be - # set if you want to override the defaults. - # ciphers: - # - aes128-ctr - # - aes192-ctr - # - aes256-ctr - # - aes128-gcm@openssh.com - # - chacha20-poly1305@openssh.com - - # Key exchange algorithms that the server supports. This section only needs - # to be set if you want to override the defaults. - # kex_algos: - # - curve25519-sha256@libssh.org - # - ecdh-sha2-nistp256 - # - ecdh-sha2-nistp384 - # - ecdh-sha2-nistp521 - - # Message authentication code (MAC) algorithms that the server supports. - # This section only needs to be set if you want to override the defaults. - # mac_algos: - # - hmac-sha2-256-etm@openssh.com - # - hmac-sha2-256 - - # List of the supported ciphersuites. If this section is not specified, - # only the default ciphersuites are enabled. - # ciphersuites: - # - tls-rsa-with-aes-128-gcm-sha256 - # - tls-rsa-with-aes-256-gcm-sha384 - # - tls-ecdhe-rsa-with-aes-128-gcm-sha256 - # - tls-ecdhe-ecdsa-with-aes-128-gcm-sha256 - # - tls-ecdhe-rsa-with-aes-256-gcm-sha384 - # - tls-ecdhe-ecdsa-with-aes-256-gcm-sha384 - # - tls-ecdhe-rsa-with-chacha20-poly1305 - # - tls-ecdhe-ecdsa-with-chacha20-poly1305 - - -# This section configures the 'auth service': -auth_service: - # Turns 'auth' role on. Default is 'yes' - enabled: yes - - # A cluster name is used as part of a signature in certificates - # generated by this CA. - # - # We strongly recommend to explicitly set it to something meaningful as it - # becomes important when configuring trust between multiple clusters. - # - # By default an automatically generated name is used (not recommended) - # - # IMPORTANT: if you change cluster_name, it will invalidate all generated - # certificates and keys (may need to wipe out /var/lib/teleport directory) - cluster_name: "main" - - authentication: - # default authentication type. possible values are 'local', 'oidc' and 'saml' - # only local authentication (Teleport's own user DB) is supported in the open - # source version - type: local - # second_factor can be off, otp, or u2f - second_factor: otp - # this section is used if second_factor is set to 'u2f' - u2f: - # app_id must point to the URL of the Teleport Web UI (proxy) accessible - # by the end users - app_id: https://localhost:3080 - # facets must list all proxy servers if there are more than one deployed - facets: - - https://localhost:3080 - - # IP and the port to bind to. Other Teleport nodes will be connecting to - # this port (AKA "Auth API" or "Cluster API") to validate client - # certificates - listen_addr: 0.0.0.0:3025 - - # The optional DNS name the auth server if located behind a load balancer. - # (see public_addr section below) - # public_addr: auth.example.com:3025 - - # Pre-defined tokens for adding new nodes to a cluster. Each token specifies - # the role a new node will be allowed to assume. The more secure way to - # add nodes is to use `ttl node add --ttl` command to generate auto-expiring - # tokens. - # - # We recommend to use tools like `pwgen` to generate sufficiently random - # tokens of 32+ byte length. - # tokens: - # - "proxy,node:xxxxx" - # - "auth:yyyy" - - # Optional setting for configuring session recording. Possible values are: - # "node" : sessions will be recorded on the node level (the default) - # "proxy" : recording on the proxy level, see "recording proxy mode" section. - # "off" : session recording is turned off - session_recording: "node" - - # This setting determines if a Teleport proxy performs strict host key checks. - # Only applicable if session_recording=proxy, see "recording proxy mode" for details. - proxy_checks_host_keys: yes - - # Determines if SSH sessions to cluster nodes are forcefully terminated - # after no activity from a client (idle client). - # Examples: "30m", "1h" or "1h30m" - client_idle_timeout: never - - # Determines if the clients will be forcefully disconnected when their - # certificates expire in the middle of an active SSH session. (default is 'no') - disconnect_expired_cert: no - -# This section configures the 'node service': -ssh_service: - # Turns 'ssh' role on. Default is 'yes' - enabled: yes - - # IP and the port for SSH service to bind to. - listen_addr: 0.0.0.0:3022 - - # The optional public address the SSH service. This is useful if administrators - # want to allow users to connect to nodes directly, bypassing a Teleport proxy - # (see public_addr section below) - # public_addr: node.example.com:3022 - - # See explanation of labels in "Labeling Nodes" section below - labels: - role: master - - # List of the commands to periodically execute. Their output will be used as node labels. - # See "Labeling Nodes" section below for more information and more examples. - commands: - # this command will add a label 'arch=x86_64' to a node - - name: arch - command: ['/bin/uname', '-p'] - period: 1h0m0s - - # enables reading ~/.tsh/environment before creating a session. by default - # set to false, can be set true here or as a command line flag. - permit_user_env: false - - # configures PAM integration. see below for more details. - pam: - enabled: no - service_name: teleport - -# This section configures the 'proxy service' -proxy_service: - # Turns 'proxy' role on. Default is 'yes' - enabled: yes - - # SSH forwarding/proxy address. Command line (CLI) clients always begin their - # SSH sessions by connecting to this port - listen_addr: 0.0.0.0:3023 - - # Reverse tunnel listening address. An auth server (CA) can establish an - # outbound (from behind the firewall) connection to this address. - # This will allow users of the outside CA to connect to behind-the-firewall - # nodes. - tunnel_listen_addr: 0.0.0.0:3024 - - # The HTTPS listen address to serve the Web UI and also to authenticate the - # command line (CLI) users via password+HOTP - web_listen_addr: 0.0.0.0:3080 - - # The DNS name the proxy HTTPS endpoint as accessible by cluster users. - # Defaults to the proxy's hostname if not specified. If running multiple - # proxies behind a load balancer, this name must point to the load balancer - # (see public_addr section below) - # public_addr: proxy.example.com:3080 - - # The DNS name of the proxy SSH endpoint as accessible by cluster clients. - # Defaults to the proxy's hostname if not specified. If running multiple proxies - # behind a load balancer, this name must point to the load balancer. - # Use a TCP load balancer because this port uses SSH protocol. - # ssh_public_addr: proxy.example.com:3023 - - # TLS certificate for the HTTPS connection. Configuring these properly is - # critical for Teleport security. - https_key_file: /var/lib/teleport/webproxy_key.pem - https_cert_file: /var/lib/teleport/webproxy_cert.pem - - # This section configures the Kubernetes proxy service - kubernetes: - # Turns 'kubernetes' proxy on. Default is 'no' - enabled: no - - # Kubernetes proxy listen address. - listen_addr: 0.0.0.0:3026 - - # The DNS name of the Kubernetes proxy server that is accessible by cluster clients. - # If running multiple proxies behind a load balancer, this name must point to the - # load balancer. - # public_addr: ['kube.example.com:3026'] - - # This setting is not required if the Teleport proxy service is - # deployed inside a Kubernetes cluster. Otherwise, Teleport proxy - # will use the credentials from this file: - # kubeconfig_file: /path/to/kube/config diff --git a/sys-cluster/teleport/metadata.xml b/sys-cluster/teleport/metadata.xml deleted file mode 100644 index dbf29994dfd3..000000000000 --- a/sys-cluster/teleport/metadata.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - Graeme Lawes - graemelawes@gmail.com - - - Gentoo Proxy Maintainers Project - proxy-maint@gentoo.org - - - https://github.com/gravitational/teleport/blob/master/CHANGELOG.md - https://github.com/gravitational/teleport/issues - gravitational/teleport - - diff --git a/sys-cluster/teleport/teleport-4.1.4.ebuild b/sys-cluster/teleport/teleport-4.1.4.ebuild deleted file mode 100644 index 5421480e2d1b..000000000000 --- a/sys-cluster/teleport/teleport-4.1.4.ebuild +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit golang-build systemd - -DESCRIPTION="Modern SSH server for teams managing distributed infrastructure" -HOMEPAGE="https://gravitational.com/teleport" - -EGO_PN="github.com/gravitational/${PN}/..." - -if [[ ${PV} == "9999" ]] ; then - inherit git-r3 golang-vcs - EGIT_REPO_URI="https://github.com/gravitational/${PN}.git" -else - inherit golang-vcs-snapshot - SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="~amd64 ~arm" -fi - -IUSE="pam" -LICENSE="Apache-2.0 MIT BSD ISC" -RESTRICT="test strip" -SLOT="0" - -BDEPEND="app-arch/zip" -RDEPEND="pam? ( sys-libs/pam )" - -src_compile() { - BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full -} - -src_install() { - keepdir /var/lib/${PN} /etc/${PN} - dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport} - - insinto /etc/${PN} - newins "${FILESDIR}"/${PN}.yaml ${PN}.yaml - - newinitd "${FILESDIR}"/${PN}.init.d ${PN} - newconfd "${FILESDIR}"/${PN}.conf.d ${PN} - - systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service - systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service -} - -src_test() { - BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test -}