Created attachment 239072 [details] Add security/teleport5, set deprecation and expiry date for security/teleport This patch updates the security/teleport port from 4.4.12 to 5.2.5 (last version compatible for upgrades) as security/teleport5. This is necessary because in 2022q4 the original port is still at version 4.3.9, which cannot be updated to 5.x. Therefore this update is a second intermediary step necessary to eventually upgrade to version 6.x which I intend to work on next. I had hoped to proceed more quickly after claiming maintainership, but for $reasons it took some more time. Maybe this work can still go in before 2023q1 is branched. What was tested: I set up a 4.4 cluster and tested invitations & joins, access to nodes via both the WebUI and CLI (tsh), 2FA (via OTP) as well as access to sshd-only nodes. Then I updated both the server and the regular test node to 5.2 and made sure that everything still worked. In addition I successfully tested the major new feature of 5.x: Web application access (caveat: I could not get it to work regularly via configuration file and using the rc.d service for some reason; it works when done manually though which is good enough to prove that it's working in general). What was not tested: 2FA via U2F, direct OpenSSH access to teleport nodes (this should work, though), database access (feature preview in this version, production ready in 6.x). Both the new port and the modified one passed "portlint -AC" and could be built using Synth in test mode. So they probably are in good shape. However I'm only beginning to learn about ports work; any comments or suggestions are very welcome.
Thanks, I'll try to have a look asap but I can't promise it will be before next year
(In reply to Daniel Engberg from comment #1) Thanks for trying! If it can't go in before 2023q1 it's my fault for taking too long for this PR. Well, either way: Teleport on FreeBSD is in bad shape with or without it. The important one is the 4.4 update which you already committed and which is thus definitely going to be included in the next quarterly release. For one it updates the almost two years old version 4.3 that we had in tree before to one that's "only" about 9 months old. More importantly, though, it adds the warning about setting up new servers with this obsolete version. Of course it would be nice to have the 4.4 update plus security/teleport5 in the upcoming quarter and security/teleport6 as well as security/teleport7 in the next. But if it's one now and three in the next it doesn't make such a big difference. Everything before 7 has been EOL since march, so that's the minimum we've got to reach before we're ok again. And target for that is definitely q2.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=212d02e71cc57a42be3dfebcb0524c3b59405aac commit 212d02e71cc57a42be3dfebcb0524c3b59405aac Author: Daniel Engberg <diizzy@FreeBSD.org> AuthorDate: 2023-01-02 08:18:43 +0000 Commit: Daniel Engberg <diizzy@FreeBSD.org> CommitDate: 2023-01-02 08:18:52 +0000 security/teleport: Deprecate and set expiration date to 2023-03-31 4.x is no longer supported upstream and users are recommended to upgrade. Work is being done to bring Teleport up to date but for now we're at 5.x which is still old but supports migration from 4.x. For more details regarding migration please refer to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267052 PR: 268604 Reported by: Michael Reim <kraileth@elderlinux.org> security/teleport/Makefile | 3 +++ 1 file changed, 3 insertions(+)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=efc9e9c8f277f200f794e7d6ec7a66a5aa7a0fb0 commit efc9e9c8f277f200f794e7d6ec7a66a5aa7a0fb0 Author: Michael Reim <kraileth@elderlinux.org> AuthorDate: 2023-01-02 08:06:14 +0000 Commit: Daniel Engberg <diizzy@FreeBSD.org> CommitDate: 2023-01-02 08:06:53 +0000 security/teleport5: New port: Centralized access gateway using the SSH protocol This ports main purpose is to provide an upgrade path for users to Teleport 6 and newer versions. New installations are STRONGLY discouraged until we have version 7.X in tree. PR: 268604 security/Makefile | 1 + security/teleport5/Makefile (new) | 77 +++++++++++++++ security/teleport5/distinfo (new) | 5 + .../files/patch-lib_defaults_defaults.go (new) | 11 +++ .../files/patch-lib_events_auditlog.go (new) | 11 +++ .../teleport5/files/patch-lib_events_doc.go (new) | 110 +++++++++++++++++++++ .../files/patch-lib_services_server.go (new) | 11 +++ ...ch-tool_teleport_common_teleport__test.go (new) | 20 ++++ ...thub.com_kr_pty_ztypes__freebsd__arm64.go (new) | 16 +++ security/teleport5/files/patch-version.mk (new) | 8 ++ security/teleport5/files/pkg-message.in (new) | 33 +++++++ security/teleport5/files/teleport.in (new) | 55 +++++++++++ security/teleport5/pkg-descr (new) | 15 +++ 13 files changed, 373 insertions(+)
Committed, many thanks for working on this! :-)