nixpkgs/pkgs/servers/teleport/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

146 lines
3.8 KiB
Nix
Raw Normal View History

2021-11-08 22:43:52 +01:00
{ lib
, buildGoModule
2021-11-08 22:43:52 +01:00
, rustPlatform
, fetchFromGitHub
, makeWrapper
2022-04-25 18:30:13 +02:00
, symlinkJoin
, CoreFoundation
, openssl
, pkg-config
2021-11-08 22:43:52 +01:00
, protobuf
2022-04-25 18:30:13 +02:00
, Security
2021-11-08 22:43:52 +01:00
, stdenv
, xdg-utils
2022-01-08 09:29:19 +01:00
, nixosTests
2018-01-14 09:04:08 +01:00
2022-04-25 18:30:13 +02:00
, withRdpClient ? true
2021-11-08 22:43:52 +01:00
, withRoleTester ? true
}:
let
# This repo has a private submodule "e" which fetchgit cannot handle without failing.
src = fetchFromGitHub {
owner = "gravitational";
repo = "teleport";
rev = "v${version}";
2022-04-25 18:06:27 +02:00
sha256 = "sha256-KQfdeMuZ9LJHhEJLMl58Yb0+gxgDT7VcVnK1JxjVZaI=";
2021-11-08 22:43:52 +01:00
};
2022-04-25 18:06:27 +02:00
version = "9.1.2";
2021-11-08 22:43:52 +01:00
2022-04-25 18:30:13 +02:00
rdpClient = rustPlatform.buildRustPackage rec {
name = "teleport-rdpclient";
cargoSha256 = "sha256-Jz7bB/f4HRxBhSevmfELSrIm+IXUVlADIgp2qWQd5PY=";
inherit version src;
buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient";
buildInputs = [ openssl ]
++ lib.optionals stdenv.isDarwin [ CoreFoundation Security ];
nativeBuildInputs = [ pkg-config ];
# https://github.com/NixOS/nixpkgs/issues/161570 ,
# buildRustPackage sets strictDeps = true;
checkInputs = buildInputs;
OPENSSL_NO_VENDOR = "1";
postInstall = ''
cp -r target $out
'';
};
2021-11-08 22:43:52 +01:00
roleTester = rustPlatform.buildRustPackage {
name = "teleport-roletester";
2022-04-25 18:06:27 +02:00
inherit version src;
2021-11-08 22:43:52 +01:00
2022-04-25 18:06:27 +02:00
cargoSha256 = "sha256-gCm4ETbXy6tGJQVSzUkoAWUmKD3poYgkw133LtziASI=";
buildAndTestSubdir = "lib/datalog/roletester";
2021-11-08 22:43:52 +01:00
PROTOC = "${protobuf}/bin/protoc";
PROTOC_INCLUDE = "${protobuf}/include";
postInstall = ''
cp -r target $out
'';
};
2021-11-08 22:43:52 +01:00
webassets = fetchFromGitHub {
owner = "gravitational";
repo = "webassets";
2022-04-25 18:06:27 +02:00
rev = "67e608db77300d8a6cb17709be67f12c1d3271c3";
sha256 = "sha256-o4qjXGaNi5XDSUQrUuU+G77EdRnvJ1WUPWrryZU1CUE=";
2021-11-08 22:43:52 +01:00
};
in
buildGoModule rec {
2021-11-08 22:43:52 +01:00
pname = "teleport";
inherit src version;
2022-04-25 18:06:27 +02:00
vendorSha256 = "sha256-UMgWM7KHag99JR4i4mwVHa6yd9aHQ6Dy+pmUijNL4Ew=";
2020-03-18 11:43:09 +01:00
2022-04-25 18:06:27 +02:00
subPackages = [ "tool/tbot" "tool/tctl" "tool/teleport" "tool/tsh" ];
2022-04-25 18:30:13 +02:00
tags = [ "webassets_embed" ]
++ lib.optional withRdpClient "desktop_access_rdp"
++ lib.optional withRoleTester "roletester";
2020-03-18 11:43:09 +01:00
2022-04-25 18:30:13 +02:00
buildInputs = [ openssl ]
++ lib.optionals (stdenv.isDarwin && withRdpClient) [ CoreFoundation Security ];
2021-08-13 14:21:05 +02:00
nativeBuildInputs = [ makeWrapper ];
2020-03-18 11:43:09 +01:00
patches = [
# https://github.com/NixOS/nixpkgs/issues/120738
./tsh.patch
# https://github.com/NixOS/nixpkgs/issues/132652
./test.patch
./0001-fix-add-nix-path-to-exec-env.patch
2022-04-25 18:30:13 +02:00
./rdpclient.patch
];
2021-08-11 14:58:40 +02:00
# Reduce closure size for client machines
outputs = [ "out" "client" ];
2022-04-25 18:30:13 +02:00
preBuild =
let rustDeps = symlinkJoin {
name = "teleport-rust-deps";
paths = lib.optional withRdpClient rdpClient
++ lib.optional withRoleTester roleTester;
};
in
''
mkdir -p build
echo "making webassets"
cp -r ${webassets}/* webassets/
make lib/web/build/webassets
2021-11-08 22:43:52 +01:00
2022-04-25 18:30:13 +02:00
cp -r ${rustDeps}/. .
'';
2018-01-14 09:04:08 +01:00
2022-04-25 18:06:27 +02:00
# Multiple tests fail in the build sandbox
# due to trying to spawn nixbld's shell (/noshell), etc.
doCheck = false;
2021-04-22 17:32:55 +02:00
postInstall = ''
install -Dm755 -t $client/bin $out/bin/tsh
2021-04-26 14:37:54 +02:00
wrapProgram $client/bin/tsh --prefix PATH : ${lib.makeBinPath [ xdg-utils ]}
wrapProgram $out/bin/tsh --prefix PATH : ${lib.makeBinPath [ xdg-utils ]}
'';
2018-01-14 09:04:08 +01:00
2021-02-01 15:45:17 +01:00
doInstallCheck = true;
installCheckPhase = ''
$out/bin/tsh version | grep ${version} > /dev/null
$client/bin/tsh version | grep ${version} > /dev/null
2022-04-25 18:06:27 +02:00
$out/bin/tbot version | grep ${version} > /dev/null
2021-02-01 15:45:17 +01:00
$out/bin/tctl version | grep ${version} > /dev/null
$out/bin/teleport version | grep ${version} > /dev/null
'';
2022-01-08 09:29:19 +01:00
passthru.tests = nixosTests.teleport;
meta = with lib; {
2021-11-08 22:43:52 +01:00
description = "Certificate authority and access plane for SSH, Kubernetes, web applications, and databases";
2021-04-22 17:32:55 +02:00
homepage = "https://goteleport.com/";
license = licenses.asl20;
maintainers = with maintainers; [ sigma tomberek freezeboy ];
platforms = platforms.unix;
2018-01-14 09:04:08 +01:00
};
}