You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
181 lines
7.3 KiB
181 lines
7.3 KiB
## |
|
## teleport.spec -- OpenPKG RPM Package Specification |
|
## Copyright (c) 2000-2022 OpenPKG Project <http://openpkg.org/> |
|
## |
|
## Permission to use, copy, modify, and distribute this software for |
|
## any purpose with or without fee is hereby granted, provided that |
|
## the above copyright notice and this permission notice appear in all |
|
## copies. |
|
## |
|
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED |
|
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
|
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR |
|
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
|
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
|
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
|
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
|
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
## SUCH DAMAGE. |
|
## |
|
|
|
# package information |
|
%define V_teleport_base 4.2.8 |
|
%define V_teleport_snap 20200402 |
|
|
|
# package information |
|
Name: teleport |
|
Summary: SSH for Clusters |
|
URL: https://github.com/gravitational/teleport |
|
Vendor: Gravitational Inc. |
|
Packager: OpenPKG Project |
|
Distribution: OpenPKG Community |
|
Class: EVAL |
|
Group: Networking |
|
License: Apache |
|
Version: %{V_teleport_base}.%{V_teleport_snap} |
|
Release: 20200402 |
|
|
|
# list of sources |
|
Source0: http://download.openpkg.org/components/versioned/teleport/teleport-%{V_teleport_snap}.tar.xz |
|
Source1: rc.teleport |
|
Source2: teleport.yaml |
|
Source3: teleport-tls.sh |
|
Patch0: teleport.patch |
|
|
|
# build information |
|
BuildPreReq: OpenPKG, openpkg >= 20160101, go, infozip |
|
PreReq: OpenPKG, openpkg >= 20160101, cfssl |
|
|
|
%description |
|
Gravitational Teleport is a tool for remotely accessing isolated |
|
clusters of Linux servers via SSH or HTTPS. Unlike traditional |
|
key-based access, Teleport enables teams to easily adopt the |
|
following practices: Avoid key distribution headaches by using |
|
auto-expiring keys signed by a cluster certificate authority |
|
(CA). Connect to clusters located behind firewalls. Record and |
|
replay SSH sessions for knowledge sharing and auditing purposes. |
|
Integrate identities of team members with Google Apps and other |
|
OAuth2 providers. Enforce 2nd factor authentication. Collaboratively |
|
troubleshoot issues through session sharing. Discover online servers |
|
and Docker containers within a cluster with dynamic node labels. |
|
Teleport does not suffer from and trust on first use weakness. |
|
|
|
%track |
|
prog teleport = { |
|
version = %{V_teleport_base} |
|
url = https://github.com/gravitational/teleport/releases |
|
regex = (\d+\.\d+\.\d+)\.tar\.gz |
|
} |
|
|
|
%prep |
|
%setup -q -n teleport |
|
%patch -p0 |
|
|
|
%build |
|
# configure paths |
|
%{l_shtool} subst \ |
|
-e 's;/etc/eteleport\.yaml;%{l_prefix}/etc/teleport/teleport.yaml;g' \ |
|
-e 's;/var/lib/teleport;%{l_prefix}/var/teleport/data;g' \ |
|
-e 's;/usr/local/share/teleport;%{l_prefix}/share/teleport;g' \ |
|
src/github.com/gravitational/teleport/Makefile \ |
|
src/github.com/gravitational/teleport/build.assets/Makefile \ |
|
src/github.com/gravitational/teleport/build.assets/pkg/etc/teleport.yaml \ |
|
src/github.com/gravitational/teleport/lib/defaults/defaults.go \ |
|
src/github.com/gravitational/teleport/lib/events/auditlog.go |
|
%{l_shtool} subst %{l_value -s -a} \ |
|
src/github.com/gravitational/teleport/lib/srv/exec.go |
|
|
|
# build program |
|
( export GOPATH=`pwd` |
|
cd $GOPATH/src/github.com/gravitational/teleport |
|
%{l_make} %{l_mflags} release \ |
|
SHELL="%{l_bash}" \ |
|
BINDIR=%{l_prefix}/bin \ |
|
DATADIR=%{l_prefix}/share/teleport |
|
) || exit $? |
|
|
|
%install |
|
# create directory hierarchy |
|
%{l_shtool} mkdir -f -p -m 755 \ |
|
$RPM_BUILD_ROOT%{l_prefix}/bin \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/teleport \ |
|
$RPM_BUILD_ROOT%{l_prefix}/var/teleport/run \ |
|
$RPM_BUILD_ROOT%{l_prefix}/var/teleport/log \ |
|
$RPM_BUILD_ROOT%{l_prefix}/var/teleport/data |
|
|
|
# install program |
|
( export GOPATH=`pwd` |
|
cd $GOPATH/src/github.com/gravitational/teleport |
|
%{l_make} %{l_mflags} install \ |
|
BINDIR=$RPM_BUILD_ROOT%{l_prefix}/bin \ |
|
DATADIR=$RPM_BUILD_ROOT%{l_prefix}/share/teleport |
|
) || exit $? |
|
|
|
# install TLS utility |
|
%{l_shtool} install -c -m 755 %{l_value -s -a} \ |
|
-e 's;@l_bash@;%{l_bash};g' \ |
|
%{SOURCE teleport-tls.sh} $RPM_BUILD_ROOT%{l_prefix}/bin/teleport-tls |
|
|
|
# install run-command script |
|
%{l_shtool} install -c -m 755 %{l_value -s -a} \ |
|
%{SOURCE rc.teleport} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ |
|
|
|
# install default configuration |
|
cmd_hostname=`which hostname` |
|
cmd_uname=`which uname` |
|
%{l_shtool} install -c -m 644 %{l_value -s -a} \ |
|
-e "s;@cmd_hostname@;$cmd_hostname;g" \ |
|
-e "s;@cmd_uname@;$cmd_uname;g" \ |
|
%{SOURCE teleport.yaml} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/teleport/ |
|
|
|
# determine installation files |
|
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ |
|
%{l_files_std} \ |
|
'%config %{l_prefix}/etc/teleport/*' \ |
|
'%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/teleport/*' \ |
|
'%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/teleport/*/*' |
|
|
|
%files -f files |
|
|
|
%clean |
|
|
|
%post |
|
if [ $1 -eq 1 ]; then |
|
# on initial installation, generate TLS certificate/key pair |
|
echo "Generating TLS Certificates/Keys" | %{l_rpmtool} msg -b -t notice |
|
$RPM_INSTALL_PREFIX/bin/teleport-tls localhost 127.0.0.1 |
|
( echo "Teleport was configured with a standard TLS certificate/key pair." |
|
echo "for \"localhost\" and \"127.0.0.1\". For production use, you usually let" |
|
echo "Teleport listen on an external IP address. For this the TLS" |
|
echo "certificate/key pair has to be regenerated with for instance:" |
|
echo " \$ $RPM_INSTALL_PREFIX/bin/teleport-tls www.example.com 192.168.0.1" |
|
echo "The next step is to start Teleport and add a user:" |
|
echo " \$ $RPM_INSTALL_PREFIX/bin/openpkg rc teleport start" |
|
echo " \$ $RPM_INSTALL_PREFIX/bintctl users add <name>" |
|
echo "The Web user interface you can find under:" |
|
echo " https://<hostname>:3080/" |
|
) | %{l_rpmtool} msg -b -t notice |
|
elif [ $1 -eq 2 ]; then |
|
# after upgrade, restart service |
|
eval `%{l_rc} teleport status 2>/dev/null` |
|
[ ".$teleport_active" = .yes ] && %{l_rc} teleport restart |
|
fi |
|
exit 0 |
|
|
|
%preun |
|
if [ $1 -eq 0 ]; then |
|
# before erase, stop service and remove log files |
|
%{l_rc} teleport stop 2>/dev/null |
|
rm -f $RPM_INSTALL_PREFIX/etc/teleport/ca.* >/dev/null 2>&1 || true |
|
rm -f $RPM_INSTALL_PREFIX/etc/teleport/server.* >/dev/null 2>&1 || true |
|
rm -rf $RPM_INSTALL_PREFIX/var/teleport/log/* >/dev/null 2>&1 || true |
|
rm -rf $RPM_INSTALL_PREFIX/var/teleport/run/* >/dev/null 2>&1 || true |
|
rm -rf $RPM_INSTALL_PREFIX/var/teleport/data/* >/dev/null 2>&1 || true |
|
fi |
|
exit 0 |
|
|
|
|