Accepting request 972973 from home:ojkastl_buildservice:Branch_devel_kubic

update to 9.1.1; add new subpackage teleport-tbot for machine-id executable tbot

OBS-URL: https://build.opensuse.org/request/show/972973
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/teleport?expand=0&rev=17

_service

@@ -4,7 +4,7 @@
     <param name="scm">git</param>
     <param name="submodules">disable</param>
     <param name="exclude">.git</param>
-    <param name="revision">v9.0.4</param>
+    <param name="revision">v9.1.1</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>
@@ -25,6 +25,6 @@
     <param name="compression">gz</param>
   </service>
   <service name="go_modules" mode="disabled">
-    <param name="archive">teleport-9.0.4.tar.gz</param>
+    <param name="archive">teleport-9.1.1.tar.gz</param>
   </service>
 </services>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/gravitational/teleport</param>
-              <param name="changesrevision">f577413d3c2a85a53f560725fe2d39d726a6785e</param></service></servicedata>
+              <param name="changesrevision">b0129ff5e7754a462028467eb2a2534a24c5f627</param></service></servicedata>

tbot.yaml

@@ -0,0 +1,15 @@
+#
+# Example tbot.yaml
+# please see https://github.com/gravitational/teleport/tree/master/examples/systemd/machine-id
+# for details
+
+# auth_server: "auth.example.com:3025"
+# onboarding:
+#   join_method: "token"
+#   token: "00000000000000000000000000000000"
+#   ca_pins:
+#   - "sha256:1111111111111111111111111111111111111111111111111111111111111111"
+# storage:
+#   directory: /var/lib/teleport/bot
+# destinations:
+#   - directory: /opt/machine-id

teleport-9.0.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:036ebe49d40a7bbb0e25cf8718d0dca4d721ab3dc54a771df348852bb684e746
-size 47075792

teleport-9.1.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:75e0a576597d2f69dbedcd62f6015bad7b210413396955acdc67d261218fe32a
+size 47590811

teleport.changes

@@ -1,3 +1,118 @@
+-------------------------------------------------------------------
+Tue Apr 26 19:47:35 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 9.1.1:
+  * Release 9.1.1 (#12192)
+  * docs: Add example for label usage with `tsh ssh` (#12110) (#12158)
+  * [auto] Update webassets in branch/v9 (#12170)
+  * Added support for JumpCloud. (#11936)
+  * [v9] docs: Machine ID update (#12155)
+  * Ignore HTTP_PROXY for reverse tunnels (#11990) (#12035)
+  * Respect Firestore commit write limits (#12111) (#12177)
+  * updates meta-description (#11746)
+  * update latest 9 version (#12174)
+  * Update upcoming-releases.mdx (#12166)
+  * Update upcoming-releases.mdx
+  * Fix Download Link (#12132) (#12134)
+  * Prevent blocking forever when transport channel fails to open (#11875) (#12122)
+  * Mention ScopedBlock in the UI reference (#12085)
+  * Backport #12001 to branch/v9 (#12088)
+  * Backport #11419 to branch/v9 (#12091)
+  * Backport #11913 and #11826 to v9 (#12095)
+  * Fix flaky test - TestAuditOn (#12135)
+  * Fix ProxyKube not reporting its readiness (#12152)
+
+-------------------------------------------------------------------
+Tue Apr 26 18:54:52 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
+
+- introduce new executable tbot for new feature Machine ID
+  https://goteleport.com/docs/machine-id/getting-started/ 
+
+-------------------------------------------------------------------
+Tue Apr 26 06:24:53 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 9.1.0:
+  * Release 9.1.0 (#12020)
+  * Manually extract SSO redirect URL to preserve its own query params (#12100) (#12125)
+  * Allow setting additional traits in tctl users add command (#12102) (#12133)
+  * Fix reference to tbot start --oneshot (#12064) (#12112)
+  * [auto] Update webassets in branch/v9 (#12126)
+  * [v9] backport #12057 (panic in `CertAuthority.Clone`) (#12004)
+  * [v9] backport #11019 (`ListResources` in the webapi layer) (#12106)
+  * Add manual websocket pingloop (#11765) (#11915)
+  * Improve error handling in `tbot start` (#11756) (#12012)
+  * Pipe terminal stdin to session in kubernetes peer mode (#11288) (#11918)
+  * Allow requesting a join token with IAM method from the web api (#11339) (#12060)
+  * Fix globbing for Moderated Sessions join policies (#12067) (#12071)
+  * Make `tsh db ls` lists available db users. (#10458) (#11942)
+  * Switch to forked `httprouter` and enable `UseRawPath` option (#11068) (#12080)
+  * Prevent goroutine leak in oidc client (#11974) (#12078)
+  * docs: Don't lint external links when running in CI (#12058) (#12069)
+  * Fix flaky test - TestChaosUpload (#12052)
+  * Add JSON and YAML to several tsh commands (#11681)
+  * update prereqs for machineid ansible guide (#12066)
+  * fix(db): send initial heartbeat when there is no static dbs (#11160) (#12039)
+  * Generate database access credentials with tctl auth sign command (#10785) (#12042)
+  * Align atomics on ARM32 (#11822) (#11917)
+  * Correct note on node (#12045)
+  * Update linux-server.mdx (#11682) (#11815)
+  * fix docker example (#12027)
+  * update teleport cloud version to 8.3.7 in docs (#12017)
+  * Update installation docs (#11677) (#12013)
+  * Includes advisory for pages that are installing proxy, auth for cloud scope (#12030)
+  * Ensure Cache `types.WatchKinds` and `proto.WatchEvents` are in sync (#11692) (#11927)
+  * Backport #11381 to branch/v9 (#11969)
+  * Backport #10996 to branch/v9 (#11967)
+  * Backport #10759 to branch/v9 (#11966)
+  * Backport #10801 to branch/v9 (#11964)
+  * docs: Don't lint external links (#11940) (#11996)
+  * Prepare five guides for Cloud users (#11982)
+  * Document Okta OIDC provider workaround
+  * Extract tabbed Prerequisites into a partial (#11960)
+  * Backport #11801 to branch/v9 (#11965)
+  * Fix Okta OIDC (#11718)
+  * Remove references to authentication type 'false' from docs (#11621) (#11924)
+  * (v9) Delete app sessions on logout (#11956)
+  * helm: Set default second factor to "otp" in values (#11034) (#11923)
+  * helm: Add support for mounting existing TLS secrets with optional root CA (#11295) (#11922)
+  * Bump Go to 1.17.9 (#11932)
+  * Fix race condition in (*sess). broadcastResult() (#11851)
+  * Mention scoped Admonitions (#11900)
+  * Edit four docs guides for Cloud users (#11971)
+  * Edit four Access Controls guides for Cloud users (#11977)
+  * Update upcoming-releases.mdx
+  * Update upcoming-releases.mdx
+  * [v9] Add audit logging for more MySQL commands (#11914) (#11949)
+  * [auto] Update webassets in branch/v9 (#11951)
+  * Return error message if supplied auth connector name doesn't match registered names. (#11800) (#11884)
+  * change bash blocks to code to fix copy/paste and consistency (#11912)
+  * Updated Getting Started Machine ID Guide.
+  * Updated Ansible Machine ID Guide.
+  * Updated Jenkins Machine ID Guide.
+  * Update teleport-plugin guides to reference docker images for downloads (#11617) (#11934)
+  * SQL Backend Documentation (#11897)
+  * Move Cloud download binaries into tables (#11839)
+  * [v9] Rollup bugfix backport (#11890)
+  * NO_PROXY port support + special case for proxying via localhost (#11403)
+  * [v9] Replace session upload grace period with session tracker (#11853)
+  * Edit Database Access guides for Cloud users (#11846)
+  * [v9] Release pipeline improvements (#10707) (#11833)
+  * [v9] Make relogin attempts use the strongest auth method (#11781) (#11847)
+  * Mention Teleport is deployable in k8s (#11874)
+  * update golang version in docs config to 1.17 (#11869)
+  * [v9] helm: Backports (#11728)
+  * [v9] Access Control, K8s Cluster docs set scope and AWS first (#11761)
+  * Add client cert in insecure mode (#11758)
+  * Backport #11725 #11249 #11799 to branch/v9 (#11795)
+  * Add auth'd tunnel mode to tsh proxy db command (#11720) (#11808)
+  * [v9] Moderated Sessions rollup backport (#11803)
+  * Fix session leave + termination deadlock
+  * Backport #10880 to branch/v9 (#11442)
+  * Add grpc server and client metrics to Teleport (#11773)
+  * Fix key principals not being used when identity files are being used (#11793)
+  * update 9 release version to 9.0.4 (#11789)
+  * Document limitations with the Google OIDC connector and transitive group memberships (#11422)
+
 -------------------------------------------------------------------
 Thu Apr 14 19:37:37 UTC 2022 - kastl@b1-systems.de
 

teleport.spec

@@ -19,7 +19,7 @@
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 
 Name:           teleport
-Version:        9.0.4
+Version:        9.1.1
 Release:        0
 Summary:        Identity-aware, multi-protocol access proxy
 License:        Apache-2.0
@@ -29,6 +29,7 @@ Source1:        vendor.tar.gz
 Source2:        webassets.tar.gz
 Source3:        teleport.service
 Source4:        teleport.yaml
+Source5:        tbot.yaml
 BuildRequires:  git-core
 BuildRequires:  go >= 1.17
 BuildRequires:  pam-devel
@@ -60,6 +61,14 @@ License:        Apache-2.0
 %description -n teleport-tsh
 A tool that lets end users interact with Teleport nodes. This replaces ssh.
 
+%package -n teleport-tbot
+Summary:        CLI tool for Machine ID
+License:        Apache-2.0
+
+%description -n teleport-tbot
+Machine ID is a service that programmatically issues and renews short-lived certificates to any service account (e.g., a CI/CD server) by retrieving credentials from the Teleport Auth Service. This enables fine-grained role-based access controls and audit.
+tbot is the executable belonging to the Machine ID service.
+
 %prep
 %setup -q
 %setup -q -T -D -a 1
@@ -82,6 +91,13 @@ go build \
    -buildmode=pie \
    -ldflags="-w -s -X main.VERSION=%{version}" \
    -o tsh ./tool/tsh
+go build \
+   -tags "pam" \
+   -mod=vendor \
+   -buildmode=pie \
+   -ldflags="-w -s -X main.VERSION=%{version}" \
+   -o tbot ./tool/tbot
+
 go build \
    -tags "pam" \
    -mod=vendor \
@@ -93,9 +109,14 @@ go build \
 # Install the binary.
 install -D -m 0755 tsh "%{buildroot}/%{_bindir}/tsh"
 install -D -m 0755 tctl "%{buildroot}/%{_bindir}/tctl"
+install -D -m 0755 tbot "%{buildroot}/%{_bindir}/tbot"
 install -D -m 0755 teleport "%{buildroot}/%{_sbindir}/teleport"
 install -D -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/teleport.service
 install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/teleport.yaml
+install -D -m 644 examples/systemd/machine-id/machine-id.service %{buildroot}%{_unitdir}/
+install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/tbot.yaml
+
+# teleport service
 
 %pre -n teleport
 %service_add_pre teleport.service
@@ -109,6 +130,20 @@ install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/teleport.yaml
 %postun -n teleport
 %service_del_postun teleport.service
 
+# machine-id service
+
+%pre -n teleport-tbot
+%service_add_pre machine-id.service
+
+%post -n teleport-tbot
+%service_add_post machine-id.service
+
+%preun -n teleport-tbot
+%service_del_preun machine-id.service
+
+%postun -n teleport-tbot
+%service_del_postun machine-id.service
+
 %files -n teleport
 %doc README.md
 %license LICENSE
@@ -126,4 +161,11 @@ install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/teleport.yaml
 %license LICENSE
 %{_bindir}/tctl
 
+%files -n teleport-tbot
+%doc README.md
+%license LICENSE
+%{_bindir}/tbot
+%{_unitdir}/machine-id.service
+%config(noreplace) %{_sysconfdir}/tbot.yaml
+
 %changelog

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ccecd9485baabd521aff2594187a466dd3782b9ba4d72e450dec21540d9a7956
-size 19564563
+oid sha256:73c1fd5482de45eaecfd009b19337e1aefa35dfe11ff2ad2a0cbb94f4a3302be
+size 19590391

webassets.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:cf8173095321c7880a09cdeea124f825508b33519ea5669b150b3032596fbca6
-size 4804557
+oid sha256:9bc9d366fa2a67a2565b8d19658f04191903a6e242ae35b1ace16bf1255c2ba1
+size 4809295