From nobody Mon Jan 02 08:28:25 2023
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nlpsj2Dxmz2nhbZ;
	Mon,  2 Jan 2023 08:28:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nlpsj20mpz3mht;
	Mon,  2 Jan 2023 08:28:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1672648105;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=PkfGPM8IOQFYH4H2n6im36z0H56SkSQICHDVwBZKsTw=;
	b=H/A6H9BQ4EwtSBImyTaSIxe0T3S0rJv859MUn+w1M9jNxfQkW9e7TYmuFEjwcXBegn/Rjf
	IbxajXbOfCFiyKJU3b9SHs1J2wwO7Sd1bHH2gbyiq/Gq5bfMvVetnkXY8XtpH77WKY8NzG
	ixhANH2oWBZ6f3W4Wm3bbeeD0x95HjdMIrNYcrsDFHY8HJ2gVO/ZEYWJv3VuDQ0MWSGmBq
	xzyNmlzkWKxwKFNZWMxB2bfEnHFGivtFSO2+70tRYuecqjFWKg9R4MpZzlafPlYXe+jiCK
	y6zTWA90uboUJYQzewE7Dn8QeFbjgXiUmcIyhKhdaI7gJwUZjItXVpr5OV3IrQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1672648105;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=PkfGPM8IOQFYH4H2n6im36z0H56SkSQICHDVwBZKsTw=;
	b=RTIA9YotJOOxTEtQyTIGUVnmsLaK7W+U0kijaGPo+KZGuCZfDnfuGP6OiAIxMHdSkl4xT1
	jhhURQLwKspBFxVDQufuvkDKx1F3BB4Ytj+gpLmkyW4knbx+bX7DvMF49fKh0Smjpxj9L9
	FEvpzRc52Ni+hv5pZ7FW2ff4vWYmdK1fVJS9FwtiC4YBAEig5oqUIM2Qr3Xpl36WRV7mOy
	C1rWPrBGltzLu4YZnfYW/T7iJjg0m5sTkhksO/mOa1hIbJms0ClJPKa+YVahSdTN44WgYW
	CMGjr/OkysA2UFIWAXo9P+PcGiaaMIBIM8eMdFlrlgq1ylmKT9iwN7yxjPF+4Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1672648105; a=rsa-sha256; cv=none;
	b=OjQ49woZd0wUzaU9zmXB/JWxWf6s5uIJHlHSVt5wxWZN0NnoVWZlmFlW7OVYilyJ6lwMsw
	0HDh07KWtItkwuvh+D5UXMYyuqHQmZ6qtpAqytstAqbgmXobQ8ut463sasdfTmFsPv5u4Q
	oivnQWqgeanGYZwex6+FEoeWL8+oKzbSmzAKPUN1g+XE4qGubX99Q049X6VRBC+nHXHvSP
	7XsTCZVWqXkHbIh2q03JFQ1erubEPWMi7le8PKZ7posmeA0YgX7IlF/kF0E54fiUo7maXF
	YYo6DSg0bN2aj2szevd3MZR9gkS4Huc8PAgM/bkjH0rcemO8dC53mQmp3JHXbw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Nlpsj0tzHz10r9;
	Mon,  2 Jan 2023 08:28:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3028SPKS046613;
	Mon, 2 Jan 2023 08:28:25 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3028SPq8046612;
	Mon, 2 Jan 2023 08:28:25 GMT
	(envelope-from git)
Date: Mon, 2 Jan 2023 08:28:25 GMT
Message-Id: <202301020828.3028SPq8046612@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Daniel Engberg <diizzy@FreeBSD.org>
Subject: git: efc9e9c8f277 - main - security/teleport5: New port: Centralized access gateway using the SSH protocol
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: diizzy
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: efc9e9c8f277f200f794e7d6ec7a66a5aa7a0fb0
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by diizzy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=efc9e9c8f277f200f794e7d6ec7a66a5aa7a0fb0

commit efc9e9c8f277f200f794e7d6ec7a66a5aa7a0fb0
Author:     Michael Reim <kraileth@elderlinux.org>
AuthorDate: 2023-01-02 08:06:14 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-01-02 08:06:53 +0000

    security/teleport5: New port: Centralized access gateway using the SSH protocol
    
    This ports main purpose is to provide an upgrade path for users to
    Teleport 6 and newer versions. New installations are STRONGLY
    discouraged until we have version 7.X in tree.
    
    PR:             268604
---
 security/Makefile                                  |   1 +
 security/teleport5/Makefile                        |  77 +++++++++++++++
 security/teleport5/distinfo                        |   5 +
 .../teleport5/files/patch-lib_defaults_defaults.go |  11 +++
 .../teleport5/files/patch-lib_events_auditlog.go   |  11 +++
 security/teleport5/files/patch-lib_events_doc.go   | 110 +++++++++++++++++++++
 .../teleport5/files/patch-lib_services_server.go   |  11 +++
 .../patch-tool_teleport_common_teleport__test.go   |  20 ++++
 ...dor_github.com_kr_pty_ztypes__freebsd__arm64.go |  16 +++
 security/teleport5/files/patch-version.mk          |   8 ++
 security/teleport5/files/pkg-message.in            |  33 +++++++
 security/teleport5/files/teleport.in               |  55 +++++++++++
 security/teleport5/pkg-descr                       |  15 +++
 13 files changed, 373 insertions(+)

diff --git a/security/Makefile b/security/Makefile
index 46677816e8a9..edde728caeb9 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1253,6 +1253,7 @@
     SUBDIR += tclsasl
     SUBDIR += tcpcrypt
     SUBDIR += teleport
+    SUBDIR += teleport5
     SUBDIR += testssl.sh
     SUBDIR += tfhe
     SUBDIR += tfsec
diff --git a/security/teleport5/Makefile b/security/teleport5/Makefile
new file mode 100644
index 000000000000..52d34fabe1c8
--- /dev/null
+++ b/security/teleport5/Makefile
@@ -0,0 +1,77 @@
+PORTNAME=	teleport
+DISTVERSIONPREFIX=	v
+DISTVERSION=	5.2.5
+CATEGORIES=	security
+PKGNAMESUFFIX=	5
+
+MAINTAINER=	kraileth@elderlinux.org
+COMMENT=	Centralized access gateway using the SSH protocol
+WWW=		https://goteleport.com/teleport
+
+LICENSE=	APACHE20
+
+NOT_FOR_ARCHS=	i386
+NOT_FOR_ARCHS_REASON=	Uses 64bit types
+
+BUILD_DEPENDS=	zip:archivers/zip
+
+# If you need the auth service to work, you need to compile this port with
+# Go 1.17 or older. In case tsh is what you're after, Go 1.19 is fine.
+USES=		compiler gmake go
+
+USE_GITHUB=		yes
+GH_ACCOUNT=		gravitational
+GH_TUPLE=		gravitational:webassets:8ace0cf:webassets/webassets
+GH_COMMIT_SHORT=	f8ba4afd9
+GH_TAG_COMMIT=		${DISTVERSIONPREFIX}${DISTVERSION}-0-g${GH_COMMIT_SHORT}
+
+USE_RC_SUBR=	teleport
+
+# Extra assets are stored in the binary and must not be inadvertently removed
+STRIP=
+NOPRECIOUSMAKEVARS=	YES
+
+SUB_FILES=	pkg-message
+
+PLIST_FILES=	bin/tctl \
+		bin/teleport \
+		bin/tsh \
+		"@sample etc/teleport.yaml.sample"
+
+GO_TELEPORT_SRC_DIR=	src/github.com/gravitational/teleport
+PRE_GOPATH_DIR=		${PORTNAME}-${DISTVERSION}${DISTVERSIONSUFFIX}
+
+post-patch:
+	@${MKDIR} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}
+	@${REINPLACE_CMD} -e 's|%%GH_TAG_COMMIT%%|${GH_TAG_COMMIT}|' \
+		${WRKSRC}/version.mk
+	@${FIND} ${WRKSRC}/docs/pages -iname '*.mdx' | ${XARGS} \
+		${REINPLACE_CMD} -i '' -e 's|/var/lib|/var/db|g'
+	@${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/vendor/* ${WRKDIR}/src/
+	@${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/* ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/
+
+do-build:
+	@cd ${WRKDIR}/${GO_TELEPORT_SRC_DIR} && \
+		${SETENV} ${MAKE_ENV} ${BUILD_ENV} ${GO_ENV} \
+		CGO_ENABLED=1 GOPATH=${WRKDIR} \
+		${GMAKE} full
+
+do-install:
+	${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/teleport configure > ${STAGEDIR}${PREFIX}/etc/teleport.yaml.sample
+	@${SED} -i '' \
+		-e "s|nodename: .*|nodename: |g" \
+		-e "s|cluster-join-token||g" \
+		${STAGEDIR}${PREFIX}/etc/teleport.yaml.sample
+	${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/teleport ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/tsh ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/tctl ${STAGEDIR}${PREFIX}/bin
+
+.include <bsd.port.pre.mk>
+
+# golang assumes that if clang is in use, it is called "clang" and not "cc". If
+# it's called "cc", go fails.
+.if ${COMPILER_TYPE} == clang
+BUILD_ENV=	CC=clang
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/security/teleport5/distinfo b/security/teleport5/distinfo
new file mode 100644
index 000000000000..cd05976249ca
--- /dev/null
+++ b/security/teleport5/distinfo
@@ -0,0 +1,5 @@
+TIMESTAMP = 1670876102
+SHA256 (gravitational-teleport-v5.2.5_GH0.tar.gz) = 81b48678ead350ca40183ffef70c4afe0ffdcf1e895d04c0bc62eab180b41065
+SIZE (gravitational-teleport-v5.2.5_GH0.tar.gz) = 41856905
+SHA256 (gravitational-webassets-8ace0cf_GH0.tar.gz) = 87b4a3beff4259ff48d30a03cb2e5ac580dc964eac5218518ac89ede450d2220
+SIZE (gravitational-webassets-8ace0cf_GH0.tar.gz) = 4719723
diff --git a/security/teleport5/files/patch-lib_defaults_defaults.go b/security/teleport5/files/patch-lib_defaults_defaults.go
new file mode 100644
index 000000000000..a0ec9693613e
--- /dev/null
+++ b/security/teleport5/files/patch-lib_defaults_defaults.go
@@ -0,0 +1,11 @@
+--- lib/defaults/defaults.go.orig	2022-02-23 04:58:43 UTC
++++ lib/defaults/defaults.go
+@@ -466,7 +466,7 @@ var (
+ 
+ 	// DataDir is where all mutable data is stored (user keys, recorded sessions,
+ 	// registered SSH servers, etc):
+-	DataDir = "/var/lib/teleport"
++	DataDir = "/var/db/teleport"
+ 
+ 	// StartRoles is default roles teleport assumes when started via 'start' command
+ 	StartRoles = []string{RoleProxy, RoleNode, RoleAuthService}
diff --git a/security/teleport5/files/patch-lib_events_auditlog.go b/security/teleport5/files/patch-lib_events_auditlog.go
new file mode 100644
index 000000000000..ab0c4e04e7bf
--- /dev/null
+++ b/security/teleport5/files/patch-lib_events_auditlog.go
@@ -0,0 +1,11 @@
+--- lib/events/auditlog.go.orig	2022-02-23 04:58:43 UTC
++++ lib/events/auditlog.go
+@@ -45,7 +45,7 @@ import (
+ const (
+ 	// SessionLogsDir is a subdirectory inside the eventlog data dir
+ 	// where all session-specific logs and streams are stored, like
+-	// in /var/lib/teleport/logs/sessions
++	// in /var/db/teleport/logs/sessions
+ 	SessionLogsDir = "sessions"
+ 
+	// StreamingLogsDir is a subdirectory of sessions /var/lib/teleport/logs/streaming
diff --git a/security/teleport5/files/patch-lib_events_doc.go b/security/teleport5/files/patch-lib_events_doc.go
new file mode 100644
index 000000000000..570c0aba3879
--- /dev/null
+++ b/security/teleport5/files/patch-lib_events_doc.go
@@ -0,0 +1,110 @@
+--- lib/events/doc.go.orig	2022-02-23 04:58:43 UTC
++++ lib/events/doc.go
+@@ -85,7 +85,7 @@ Main Audit Log Format
+ 
+ The main log files are saved as:
+ 
+-	/var/lib/teleport/log/<auth-server-id>/<date>.log
++	/var/db/teleport/log/<auth-server-id>/<date>.log
+ 
+ The log file is rotated every 24 hours. The old files must be cleaned
+ up or archived by an external tool.
+@@ -111,7 +111,7 @@ Each session has its own session log stored as several
+ 
+ Index file contains a list of event files and chunks files associated with a session:
+ 
+-	/var/lib/teleport/log/sessions/<auth-server-id>/<session-id>.index
++	/var/db/teleport/log/sessions/<auth-server-id>/<session-id>.index
+ 
+ The format of the index file contains of two or more lines with pointers to other files:
+ 
+@@ -120,8 +120,8 @@ The format of the index file contains of two or more l
+ 
+ Files:
+ 
+-	/var/lib/teleport/log/<auth-server-id>/<session-id>-<first-event-in-file-index>.events
+-	/var/lib/teleport/log/<auth-server-id>/<session-id>-<first-chunk-in-file-offset>.chunks
++	/var/db/teleport/log/<auth-server-id>/<session-id>-<first-event-in-file-index>.events
++	/var/db/teleport/log/<auth-server-id>/<session-id>-<first-chunk-in-file-offset>.chunks
+ 
+ Where:
+ 	- .events   (same events as in the main log, but related to the session)
+@@ -135,7 +135,7 @@ Examples
+ In the simplest case, single auth server a1 log for a single session id s1
+ will consist of three files:
+ 
+-/var/lib/teleport/a1/s1.index
++/var/db/teleport/a1/s1.index
+ 
+ With contents:
+ 
+@@ -146,14 +146,14 @@ This means that all session events are located in s1-0
+ the first event with index 0 and all chunks are located in file s1-0.chunks file
+ with the byte offset from the start - 0.
+ 
+-File with session events /var/lib/teleport/a1/s1-0.events will contain:
++File with session events /var/db/teleport/a1/s1-0.events will contain:
+ 
+ {"ei":0,"event":"session.start", ...}
+ {"ei":1,"event":"resize",...}
+ {"ei":2,"ci":0, "event":"print","bytes":40,"offset":0}
+ {"ei":3,"event":"session.end", ...}
+ 
+-File with recorded session /var/lib/teleport/a1/s1-0.chunks will contain 40 bytes
++File with recorded session /var/db/teleport/a1/s1-0.chunks will contain 40 bytes
+ emitted by print event with chunk index 0
+ 
+ **Multiple Auth Servers**
+@@ -164,7 +164,7 @@ In high availability mode scenario, multiple auth serv
+ Any auth server can go down during session and clients will retry the delivery
+ to the other auth server.
+ 
+-Both auth servers have mounted /var/lib/teleport/log as a shared NFS folder.
++Both auth servers have mounted /var/db/teleport/log as a shared NFS folder.
+ 
+ To make sure that only one auth server writes to a file at a time,
+ each auth server writes to it's own file in a sub folder named
+@@ -176,37 +176,37 @@ and the second batch of event to the second server a2.
+ 
+ Server a1 will produce the following file:
+ 
+-/var/lib/teleport/a1/s1.index
++/var/db/teleport/a1/s1.index
+ 
+ With contents:
+ 
+ {"file_name":"s1-0.events","type":"events","index":0}
+ {"file_name":"s1-0.chunks","type":"chunks","offset":0}
+ 
+-Events file /var/lib/teleport/a1/s1-0.events will contain:
++Events file /var/db/teleport/a1/s1-0.events will contain:
+ 
+ {"ei":0,"event":"session.start", ...}
+ {"ei":1,"event":"resize",...}
+ {"ei":2,"ci":0, "event":"print","bytes":40,"offset":0}
+ 
+-Events file /var/lib/teleport/a1/s1-0.chunks will contain 40 bytes
++Events file /var/db/teleport/a1/s1-0.chunks will contain 40 bytes
+ emitted by print event with chunk index.
+ 
+ Server a2 will produce the following file:
+ 
+-/var/lib/teleport/a2/s1.index
++/var/db/teleport/a2/s1.index
+ 
+ With contents:
+ 
+ {"file_name":"s1-3.events","type":"events","index":3}
+ {"file_name":"s1-40.chunks","type":"chunks","offset":40}
+ 
+-Events file /var/lib/teleport/a2/s1-4.events will contain:
++Events file /var/db/teleport/a2/s1-4.events will contain:
+ 
+ {"ei":3,"ci":1, "event":"print","bytes":15,"ms":713,"offset":40}
+ {"ei":4,"event":"session.end", ...}
+ 
+-Events file /var/lib/teleport/a2/s1-40.chunks will contain 15 bytes emitted
++Events file /var/db/teleport/a2/s1-40.chunks will contain 15 bytes emitted
+ by print event with chunk index 1 and comes after delay of 713 milliseconds.
+ 
+ Offset 40 indicates that the first chunk stored in the file s1-40.chunks
diff --git a/security/teleport5/files/patch-lib_services_server.go b/security/teleport5/files/patch-lib_services_server.go
new file mode 100644
index 000000000000..a93f72ee384f
--- /dev/null
+++ b/security/teleport5/files/patch-lib_services_server.go
@@ -0,0 +1,11 @@
+--- lib/services/server.go.orig	2022-02-23 04:58:43 UTC
++++ lib/services/server.go
+@@ -578,7 +578,7 @@ type CommandLabelV1 struct {
+ 	// Period is a time between command runs
+ 	Period time.Duration `json:"period"`
+ 	// Command is a command to run
+-	Command []string `json:"command"` //["/usr/bin/hostname", "--long"]
++	Command []string `json:"command"` //["/bin/hostname", "--long"]
+ 	// Result captures standard output
+ 	Result string `json:"result"`
+ }
diff --git a/security/teleport5/files/patch-tool_teleport_common_teleport__test.go b/security/teleport5/files/patch-tool_teleport_common_teleport__test.go
new file mode 100644
index 000000000000..cccc072a243f
--- /dev/null
+++ b/security/teleport5/files/patch-tool_teleport_common_teleport__test.go
@@ -0,0 +1,20 @@
+--- tool/teleport/common/teleport_test.go.orig	2022-02-23 04:58:43 UTC
++++ tool/teleport/common/teleport_test.go
+@@ -62,7 +62,7 @@ func (s *MainTestSuite) SetUpSuite(c *check.C) {
+ 
+ 	// set imprtant defaults to test-mode (non-existing files&locations)
+ 	defaults.ConfigFilePath = "/tmp/teleport/etc/teleport.yaml"
+-	defaults.DataDir = "/tmp/teleport/var/lib/teleport"
++	defaults.DataDir = "/tmp/teleport/var/db/teleport"
+ }
+ 
+ func (s *MainTestSuite) TestDefault(c *check.C) {
+@@ -72,7 +72,7 @@ func (s *MainTestSuite) TestDefault(c *check.C) {
+ 	})
+ 	c.Assert(cmd, check.Equals, "start")
+ 	c.Assert(conf.Hostname, check.Equals, s.hostname)
+-	c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/lib/teleport")
++	c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/db/teleport")
+ 	c.Assert(conf.Auth.Enabled, check.Equals, true)
+ 	c.Assert(conf.SSH.Enabled, check.Equals, true)
+ 	c.Assert(conf.Proxy.Enabled, check.Equals, true)
diff --git a/security/teleport5/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go b/security/teleport5/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go
new file mode 100644
index 000000000000..3178f17f721b
--- /dev/null
+++ b/security/teleport5/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go
@@ -0,0 +1,16 @@
+--- vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig	2022-10-14 07:07:07 UTC
++++ vendor/github.com/kr/pty/ztypes_freebsd_arm64.go
+@@ -0,0 +1,13 @@
++// Created by cgo -godefs - DO NOT EDIT
++// cgo -godefs types_freebsd.go
++
++package pty
++
++const (
++	_C_SPECNAMELEN = 0x3f
++)
++
++type fiodgnameArg struct {
++	Len       int32
++	Buf       *byte
++}
diff --git a/security/teleport5/files/patch-version.mk b/security/teleport5/files/patch-version.mk
new file mode 100644
index 000000000000..1457af7a19fc
--- /dev/null
+++ b/security/teleport5/files/patch-version.mk
@@ -0,0 +1,8 @@
+--- version.mk.orig	2022-02-23 04:58:43 UTC
++++ version.mk
+@@ -1,4 +1,4 @@
+-GITREF=`git describe --dirty --long --tags`
++GITREF=%%GH_TAG_COMMIT%%
+ 
+ # $(VERSION_GO) will be written to version.go
+ VERSION_GO="/* DO NOT EDIT THIS FILE. IT IS GENERATED BY 'make setver'*/\n\n\
diff --git a/security/teleport5/files/pkg-message.in b/security/teleport5/files/pkg-message.in
new file mode 100644
index 000000000000..6559d0153a15
--- /dev/null
+++ b/security/teleport5/files/pkg-message.in
@@ -0,0 +1,33 @@
+[
+{ type: install
+  message: <<EOM
+ATTENTION! This version of Teleport is very old and likely to contain unfixed
+ATTENTION! vulnerabilities. It's only provided to allow for a working upgrade
+ATTENTION! path from 4.4. Watch for an upgrade to teleport6 next.
+ATTENTION! New installations are STRONGLY discouraged (wait for version 7).
+
+Quick getting started guide:
+
+1. Read through the Quick Start Guide (see below).
+2. Start teleport: su -c 'sysrc teleport_enable=YES'
+3. If not just setting up a node: su -c 'sysrc teleport_roles=auth,proxy,node'
+4. Review and edit /usr/local/etc/teleport.yaml
+5. Start teleport: su -c 'service teleport start'
+6. Add yourself as a user on the auth server: su -c "tctl users add $USER"
+7. Create a password and 2FA code using the URL emitted during
+   the previous step.
+
+To add a new node to the cluster, on the auth server:
+
+   $ tctl nodes add --ttl=5m --roles=node,proxy
+
+See the docs for additional details:
+
+Quick start:	https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/quickstart.mdx
+Admin Manual:	https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/admin-guide.mdx
+User Manual:	https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/user-manual.mdx
+Architecture:	https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/architecture/overview.mdx
+FAQ:		https://github.com/gravitational/teleport/blob/branch/5.0/docs/pages/faq.mdx
+EOM
+}
+]
diff --git a/security/teleport5/files/teleport.in b/security/teleport5/files/teleport.in
new file mode 100644
index 000000000000..248b0d7dc441
--- /dev/null
+++ b/security/teleport5/files/teleport.in
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+# PROVIDE: teleport
+# REQUIRE: NETWORKING SERVERS DAEMON
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# teleport_enable (bool):       Set to NO by default.
+#                               Set it to YES to enable teleport.
+# teleport_config (str):        Configuration file.
+#                               Default is "${LOCALBASE}/etc/teleport.yaml"
+# teleport_dir (dir):           Set dir to run teleport in.
+#                               Default is "/var/db/teleport".
+# teleport_roles (dir):         Set roles to run teleport in.
+#                               Default is "node".
+#                               Can be any combination of
+#                               "node", "app", "proxy" and "auth", separated by commas
+
+. /etc/rc.subr
+
+name=teleport
+rcvar=teleport_enable
+
+load_rc_config $name
+
+: ${teleport_enable:="NO"}
+: ${teleport_config:="%%PREFIX%%/etc/teleport.yaml"}
+: ${teleport_args:="--config=${teleport_config}"}
+: ${teleport_dir:="/var/db/teleport"}
+: ${teleport_roles:="node"}
+
+pidfile=/var/run/teleport.pid
+required_files="${teleport_config}"
+procname="%%PREFIX%%/bin/teleport"
+command="/usr/sbin/daemon"
+
+DAEMON=$(daemon 2>&1 | grep -q syslog ; echo $?)
+if [ ${DAEMON} -eq 0 ]; then
+  DAEMON_SYSLOG_FLAGS="-S -T teleport -s info -m 3"
+else
+  DAEMON_SYSLOG_FLAGS=""
+fi
+
+command_args="${DAEMON_SYSLOG_FLAGS} -f -p ${pidfile} /usr/bin/env ${teleport_env} ${procname} start --roles=${teleport_roles} ${teleport_args}"
+
+start_precmd="teleport_prestart"
+
+teleport_prestart()
+{
+	mkdir -p ${teleport_dir}
+}
+
+run_rc_command "$1"
diff --git a/security/teleport5/pkg-descr b/security/teleport5/pkg-descr
new file mode 100644
index 000000000000..4485b972f7a7
--- /dev/null
+++ b/security/teleport5/pkg-descr
@@ -0,0 +1,15 @@
+What is Teleport?
+=================
+Teleport is a gateway for managing access to clusters of *nix servers via
+SSH or the Kubernetes API. While it does also support connecting to
+servers running traditional OpenSSH, its own node deamon is intended to be
+used instead for additional functionality.
+
+With Teleport it is simple to adopt SSH best practices like using
+certificate-based access and enabling 2FA via TOTP (e.g. Google
+Authenticator), U2F or an SSO provider. Cluster nodes can be accessed via
+a CLI (tsh) or a Web UI which both allow for session sharing.
+
+Teleport provides centralized user management as well as full session
+recordings that can be played back for knowledge sharing or auditing
+purposes. It can also be used to protect Web applications like dashboards.