diff --git a/_service b/_service
index 7347bb4..b84a661 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
git
disable
.git
- v9.0.4
+ v9.1.1
@PARENT_TAG@
enable
v(.*)
@@ -25,6 +25,6 @@
gz
- teleport-9.0.4.tar.gz
+ teleport-9.1.1.tar.gz
diff --git a/_servicedata b/_servicedata
index b089e83..ebb3a6f 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
https://github.com/gravitational/teleport
- f577413d3c2a85a53f560725fe2d39d726a6785e
\ No newline at end of file
+ b0129ff5e7754a462028467eb2a2534a24c5f627
\ No newline at end of file
diff --git a/tbot.yaml b/tbot.yaml
new file mode 100644
index 0000000..982b261
--- /dev/null
+++ b/tbot.yaml
@@ -0,0 +1,15 @@
+#
+# Example tbot.yaml
+# please see https://github.com/gravitational/teleport/tree/master/examples/systemd/machine-id
+# for details
+
+# auth_server: "auth.example.com:3025"
+# onboarding:
+# join_method: "token"
+# token: "00000000000000000000000000000000"
+# ca_pins:
+# - "sha256:1111111111111111111111111111111111111111111111111111111111111111"
+# storage:
+# directory: /var/lib/teleport/bot
+# destinations:
+# - directory: /opt/machine-id
diff --git a/teleport-9.0.4.tar.gz b/teleport-9.0.4.tar.gz
deleted file mode 100644
index 920ef15..0000000
--- a/teleport-9.0.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:036ebe49d40a7bbb0e25cf8718d0dca4d721ab3dc54a771df348852bb684e746
-size 47075792
diff --git a/teleport-9.1.1.tar.gz b/teleport-9.1.1.tar.gz
new file mode 100644
index 0000000..850a5ec
--- /dev/null
+++ b/teleport-9.1.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:75e0a576597d2f69dbedcd62f6015bad7b210413396955acdc67d261218fe32a
+size 47590811
diff --git a/teleport.changes b/teleport.changes
index 4a74bd7..c35be36 100644
--- a/teleport.changes
+++ b/teleport.changes
@@ -1,3 +1,118 @@
+-------------------------------------------------------------------
+Tue Apr 26 19:47:35 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 9.1.1:
+ * Release 9.1.1 (#12192)
+ * docs: Add example for label usage with `tsh ssh` (#12110) (#12158)
+ * [auto] Update webassets in branch/v9 (#12170)
+ * Added support for JumpCloud. (#11936)
+ * [v9] docs: Machine ID update (#12155)
+ * Ignore HTTP_PROXY for reverse tunnels (#11990) (#12035)
+ * Respect Firestore commit write limits (#12111) (#12177)
+ * updates meta-description (#11746)
+ * update latest 9 version (#12174)
+ * Update upcoming-releases.mdx (#12166)
+ * Update upcoming-releases.mdx
+ * Fix Download Link (#12132) (#12134)
+ * Prevent blocking forever when transport channel fails to open (#11875) (#12122)
+ * Mention ScopedBlock in the UI reference (#12085)
+ * Backport #12001 to branch/v9 (#12088)
+ * Backport #11419 to branch/v9 (#12091)
+ * Backport #11913 and #11826 to v9 (#12095)
+ * Fix flaky test - TestAuditOn (#12135)
+ * Fix ProxyKube not reporting its readiness (#12152)
+
+-------------------------------------------------------------------
+Tue Apr 26 18:54:52 UTC 2022 - Johannes Kastl
+
+- introduce new executable tbot for new feature Machine ID
+ https://goteleport.com/docs/machine-id/getting-started/
+
+-------------------------------------------------------------------
+Tue Apr 26 06:24:53 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 9.1.0:
+ * Release 9.1.0 (#12020)
+ * Manually extract SSO redirect URL to preserve its own query params (#12100) (#12125)
+ * Allow setting additional traits in tctl users add command (#12102) (#12133)
+ * Fix reference to tbot start --oneshot (#12064) (#12112)
+ * [auto] Update webassets in branch/v9 (#12126)
+ * [v9] backport #12057 (panic in `CertAuthority.Clone`) (#12004)
+ * [v9] backport #11019 (`ListResources` in the webapi layer) (#12106)
+ * Add manual websocket pingloop (#11765) (#11915)
+ * Improve error handling in `tbot start` (#11756) (#12012)
+ * Pipe terminal stdin to session in kubernetes peer mode (#11288) (#11918)
+ * Allow requesting a join token with IAM method from the web api (#11339) (#12060)
+ * Fix globbing for Moderated Sessions join policies (#12067) (#12071)
+ * Make `tsh db ls` lists available db users. (#10458) (#11942)
+ * Switch to forked `httprouter` and enable `UseRawPath` option (#11068) (#12080)
+ * Prevent goroutine leak in oidc client (#11974) (#12078)
+ * docs: Don't lint external links when running in CI (#12058) (#12069)
+ * Fix flaky test - TestChaosUpload (#12052)
+ * Add JSON and YAML to several tsh commands (#11681)
+ * update prereqs for machineid ansible guide (#12066)
+ * fix(db): send initial heartbeat when there is no static dbs (#11160) (#12039)
+ * Generate database access credentials with tctl auth sign command (#10785) (#12042)
+ * Align atomics on ARM32 (#11822) (#11917)
+ * Correct note on node (#12045)
+ * Update linux-server.mdx (#11682) (#11815)
+ * fix docker example (#12027)
+ * update teleport cloud version to 8.3.7 in docs (#12017)
+ * Update installation docs (#11677) (#12013)
+ * Includes advisory for pages that are installing proxy, auth for cloud scope (#12030)
+ * Ensure Cache `types.WatchKinds` and `proto.WatchEvents` are in sync (#11692) (#11927)
+ * Backport #11381 to branch/v9 (#11969)
+ * Backport #10996 to branch/v9 (#11967)
+ * Backport #10759 to branch/v9 (#11966)
+ * Backport #10801 to branch/v9 (#11964)
+ * docs: Don't lint external links (#11940) (#11996)
+ * Prepare five guides for Cloud users (#11982)
+ * Document Okta OIDC provider workaround
+ * Extract tabbed Prerequisites into a partial (#11960)
+ * Backport #11801 to branch/v9 (#11965)
+ * Fix Okta OIDC (#11718)
+ * Remove references to authentication type 'false' from docs (#11621) (#11924)
+ * (v9) Delete app sessions on logout (#11956)
+ * helm: Set default second factor to "otp" in values (#11034) (#11923)
+ * helm: Add support for mounting existing TLS secrets with optional root CA (#11295) (#11922)
+ * Bump Go to 1.17.9 (#11932)
+ * Fix race condition in (*sess). broadcastResult() (#11851)
+ * Mention scoped Admonitions (#11900)
+ * Edit four docs guides for Cloud users (#11971)
+ * Edit four Access Controls guides for Cloud users (#11977)
+ * Update upcoming-releases.mdx
+ * Update upcoming-releases.mdx
+ * [v9] Add audit logging for more MySQL commands (#11914) (#11949)
+ * [auto] Update webassets in branch/v9 (#11951)
+ * Return error message if supplied auth connector name doesn't match registered names. (#11800) (#11884)
+ * change bash blocks to code to fix copy/paste and consistency (#11912)
+ * Updated Getting Started Machine ID Guide.
+ * Updated Ansible Machine ID Guide.
+ * Updated Jenkins Machine ID Guide.
+ * Update teleport-plugin guides to reference docker images for downloads (#11617) (#11934)
+ * SQL Backend Documentation (#11897)
+ * Move Cloud download binaries into tables (#11839)
+ * [v9] Rollup bugfix backport (#11890)
+ * NO_PROXY port support + special case for proxying via localhost (#11403)
+ * [v9] Replace session upload grace period with session tracker (#11853)
+ * Edit Database Access guides for Cloud users (#11846)
+ * [v9] Release pipeline improvements (#10707) (#11833)
+ * [v9] Make relogin attempts use the strongest auth method (#11781) (#11847)
+ * Mention Teleport is deployable in k8s (#11874)
+ * update golang version in docs config to 1.17 (#11869)
+ * [v9] helm: Backports (#11728)
+ * [v9] Access Control, K8s Cluster docs set scope and AWS first (#11761)
+ * Add client cert in insecure mode (#11758)
+ * Backport #11725 #11249 #11799 to branch/v9 (#11795)
+ * Add auth'd tunnel mode to tsh proxy db command (#11720) (#11808)
+ * [v9] Moderated Sessions rollup backport (#11803)
+ * Fix session leave + termination deadlock
+ * Backport #10880 to branch/v9 (#11442)
+ * Add grpc server and client metrics to Teleport (#11773)
+ * Fix key principals not being used when identity files are being used (#11793)
+ * update 9 release version to 9.0.4 (#11789)
+ * Document limitations with the Google OIDC connector and transitive group memberships (#11422)
+
-------------------------------------------------------------------
Thu Apr 14 19:37:37 UTC 2022 - kastl@b1-systems.de
diff --git a/teleport.spec b/teleport.spec
index 48c229b..51f6fa0 100644
--- a/teleport.spec
+++ b/teleport.spec
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: teleport
-Version: 9.0.4
+Version: 9.1.1
Release: 0
Summary: Identity-aware, multi-protocol access proxy
License: Apache-2.0
@@ -29,6 +29,7 @@ Source1: vendor.tar.gz
Source2: webassets.tar.gz
Source3: teleport.service
Source4: teleport.yaml
+Source5: tbot.yaml
BuildRequires: git-core
BuildRequires: go >= 1.17
BuildRequires: pam-devel
@@ -60,6 +61,14 @@ License: Apache-2.0
%description -n teleport-tsh
A tool that lets end users interact with Teleport nodes. This replaces ssh.
+%package -n teleport-tbot
+Summary: CLI tool for Machine ID
+License: Apache-2.0
+
+%description -n teleport-tbot
+Machine ID is a service that programmatically issues and renews short-lived certificates to any service account (e.g., a CI/CD server) by retrieving credentials from the Teleport Auth Service. This enables fine-grained role-based access controls and audit.
+tbot is the executable belonging to the Machine ID service.
+
%prep
%setup -q
%setup -q -T -D -a 1
@@ -82,6 +91,13 @@ go build \
-buildmode=pie \
-ldflags="-w -s -X main.VERSION=%{version}" \
-o tsh ./tool/tsh
+go build \
+ -tags "pam" \
+ -mod=vendor \
+ -buildmode=pie \
+ -ldflags="-w -s -X main.VERSION=%{version}" \
+ -o tbot ./tool/tbot
+
go build \
-tags "pam" \
-mod=vendor \
@@ -93,9 +109,14 @@ go build \
# Install the binary.
install -D -m 0755 tsh "%{buildroot}/%{_bindir}/tsh"
install -D -m 0755 tctl "%{buildroot}/%{_bindir}/tctl"
+install -D -m 0755 tbot "%{buildroot}/%{_bindir}/tbot"
install -D -m 0755 teleport "%{buildroot}/%{_sbindir}/teleport"
install -D -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/teleport.service
install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/teleport.yaml
+install -D -m 644 examples/systemd/machine-id/machine-id.service %{buildroot}%{_unitdir}/
+install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/tbot.yaml
+
+# teleport service
%pre -n teleport
%service_add_pre teleport.service
@@ -109,6 +130,20 @@ install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/teleport.yaml
%postun -n teleport
%service_del_postun teleport.service
+# machine-id service
+
+%pre -n teleport-tbot
+%service_add_pre machine-id.service
+
+%post -n teleport-tbot
+%service_add_post machine-id.service
+
+%preun -n teleport-tbot
+%service_del_preun machine-id.service
+
+%postun -n teleport-tbot
+%service_del_postun machine-id.service
+
%files -n teleport
%doc README.md
%license LICENSE
@@ -126,4 +161,11 @@ install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/teleport.yaml
%license LICENSE
%{_bindir}/tctl
+%files -n teleport-tbot
+%doc README.md
+%license LICENSE
+%{_bindir}/tbot
+%{_unitdir}/machine-id.service
+%config(noreplace) %{_sysconfdir}/tbot.yaml
+
%changelog
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 1c457a0..ce9a7bd 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:ccecd9485baabd521aff2594187a466dd3782b9ba4d72e450dec21540d9a7956
-size 19564563
+oid sha256:73c1fd5482de45eaecfd009b19337e1aefa35dfe11ff2ad2a0cbb94f4a3302be
+size 19590391
diff --git a/webassets.tar.gz b/webassets.tar.gz
index 377fe67..df8a691 100644
--- a/webassets.tar.gz
+++ b/webassets.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:cf8173095321c7880a09cdeea124f825508b33519ea5669b150b3032596fbca6
-size 4804557
+oid sha256:9bc9d366fa2a67a2565b8d19658f04191903a6e242ae35b1ace16bf1255c2ba1
+size 4809295