security/teleport: update to 4.3.2

While here, take maintainership since I use this, and also clean up a
bit, remove REINPLACE_CMD

12 files changed, 253 insertions, 55 deletions

diff --git a/security/teleport/Makefile b/security/teleport/Makefile
index 54750aa6927c..b54b81967201 100644
--- a/security/teleport/Makefile
+++ b/security/teleport/Makefile
@@ -2,10 +2,10 @@
 
 PORTNAME=	teleport
 DISTVERSIONPREFIX=	v
-DISTVERSION=	4.2.11
+DISTVERSION=	4.3.2
 CATEGORIES=	security
 
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	swills@FreeBSD.org
 COMMENT=	Gravitational Teleport SSH
 
 LICENSE=	APACHE20
@@ -17,8 +17,11 @@ BUILD_DEPENDS=	zip:archivers/zip
 
 USES=		compiler gmake go
 
-USE_GITHUB=	yes
-GH_ACCOUNT=	gravitational
+USE_GITHUB=		yes
+GH_ACCOUNT=		gravitational
+GH_TUPLE=		gravitational:webassets:e65ae13:webassets/webassets
+GH_COMMIT_SHORT=	c6d702ad8
+GH_TAG_COMMIT=		${DISTVERSIONPREFIX}${DISTVERSION}-0-g${GH_COMMIT_SHORT}
 
 USE_RC_SUBR=	teleport
 
@@ -28,26 +31,21 @@ NOPRECIOUSMAKEVARS=	YES
 
 SUB_FILES=	pkg-message
 
-PLIST_FILES=	bin/teleport \
-		bin/tctl \
+PLIST_FILES=	bin/tctl \
+		bin/teleport \
 		bin/tsh \
 		"@sample etc/teleport.yaml.sample"
 
 GO_TELEPORT_SRC_DIR=	src/github.com/gravitational/teleport
-PRE_GOPATH_DIR=	${PORTNAME}-${DISTVERSION}${DISTVERSIONSUFFIX}
+PRE_GOPATH_DIR=		${PORTNAME}-${DISTVERSION}${DISTVERSIONSUFFIX}
 
-post-extract:
+post-patch:
 	@${MKDIR} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}
+	@${REINPLACE_CMD} -e 's|%%GH_TAG_COMMIT%%|${GH_TAG_COMMIT}|' \
+		${WRKSRC}/version.mk
 	@${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/vendor/* ${WRKDIR}/src/
 	@${CP} -rpH ${WRKDIR}/${PRE_GOPATH_DIR}/* ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/
 
-post-patch:
-	@${REINPLACE_CMD} -e 's|^GITREF=.*|GITREF=${GH_TAG_COMMIT}|' \
-		${WRKDIR}/${GO_TELEPORT_SRC_DIR}/version.mk
-	@${FIND} ${WRKDIR} -type f -exec ${SED} -i '' \
-		-e 's|\/var\/lib|/var/db|g' \
-		-e 's|\/usr\/bin\/hostname|/bin/hostname|g' {} +
-
 do-build:
 	@cd ${WRKDIR}/${GO_TELEPORT_SRC_DIR} && \
 		${SETENV} ${MAKE_ENV} ${BUILD_ENV} \
diff --git a/security/teleport/distinfo b/security/teleport/distinfo
index 1519e2bb6792..4332410ffd95 100644
--- a/security/teleport/distinfo
+++ b/security/teleport/distinfo
@@ -1,3 +1,5 @@
-TIMESTAMP = 1593594956
-SHA256 (gravitational-teleport-v4.2.11_GH0.tar.gz) = e0c8f0123fd2c87fccd5464abc1079a82f0097999efeed32059a01f6fab19616
-SIZE (gravitational-teleport-v4.2.11_GH0.tar.gz) = 55839443
+TIMESTAMP = 1596370038
+SHA256 (gravitational-teleport-v4.3.2_GH0.tar.gz) = 25e1865e12672302bb854bdda9f7d9a7bfe5adc2c59e32bd904214fea4d0d1d6
+SIZE (gravitational-teleport-v4.3.2_GH0.tar.gz) = 54645625
+SHA256 (gravitational-webassets-e65ae13_GH0.tar.gz) = 0157db26b46741e0aa1483b47b1d6f643f01bdb6a626c51f77e2c36ba15834f6
+SIZE (gravitational-webassets-e65ae13_GH0.tar.gz) = 4684366
diff --git a/security/teleport/files/patch-build.assets_pkg_etc_teleport.yaml b/security/teleport/files/patch-build.assets_pkg_etc_teleport.yaml
new file mode 100644
index 000000000000..7a370e692e2e
--- /dev/null
+++ b/security/teleport/files/patch-build.assets_pkg_etc_teleport.yaml
@@ -0,0 +1,51 @@
+--- build.assets/pkg/etc/teleport.yaml.orig	2020-07-08 18:08:40 UTC
++++ build.assets/pkg/etc/teleport.yaml
+@@ -9,7 +9,7 @@ teleport:
+ 
+     # Data directory where Teleport daemon keeps its data.
+     # See "Filesystem Layout" section above for more details.
+-    # data_dir: /var/lib/teleport
++    # data_dir: /var/db/teleport
+ 
+     # Invitation token used to join a cluster. it is not used on
+     # subsequent starts
+@@ -54,8 +54,8 @@ teleport:
+         type: dir
+ 
+         # Array of locations where the audit log events will be stored. by
+-        # default they are stored in `/var/lib/teleport/log`
+-        # audit_events_uri: ['file:///var/lib/teleport/log', 'dynamodb://events_table_name', 'stdout://']
++        # default they are stored in `/var/db/teleport/log`
++        # audit_events_uri: ['file:///var/db/teleport/log', 'dynamodb://events_table_name', 'stdout://']
+ 
+         # Use this setting to configure teleport to store the recorded sessions in
+         # an AWS S3 bucket. see "Using Amazon S3" chapter for more information.
+@@ -111,7 +111,7 @@ auth_service:
+     # By default an automatically generated name is used (not recommended)
+     #
+     # IMPORTANT: if you change cluster_name, it will invalidate all generated
+-    # certificates and keys (may need to wipe out /var/lib/teleport directory)
++    # certificates and keys (may need to wipe out /var/db/teleport directory)
+     # cluster_name: "main"
+ 
+     authentication:
+@@ -185,7 +185,7 @@ auth_service:
+     #
+     # If not set, by default Teleport will look for the `license.pem` file in
+     # the configured `data_dir`.
+-    # license_file: /var/lib/teleport/license.pem
++    # license_file: /var/db/teleport/license.pem
+ 
+     # DEPRECATED in Teleport 3.2 (moved to proxy_service section)
+     # kubeconfig_file: /path/to/kubeconfig
+@@ -258,8 +258,8 @@ proxy_service:
+ 
+     # TLS certificate for the HTTPS connection. Configuring these properly is
+     # critical for Teleport security.
+-    # https_key_file: /var/lib/teleport/webproxy_key.pem
+-    # https_cert_file: /var/lib/teleport/webproxy_cert.pem
++    # https_key_file: /var/db/teleport/webproxy_key.pem
++    # https_cert_file: /var/db/teleport/webproxy_cert.pem
+ 
+     # This section configures the Kubernetes proxy service
+     # kubernetes:
diff --git a/security/teleport/files/patch-lib_config_fileconf.go b/security/teleport/files/patch-lib_config_fileconf.go
new file mode 100644
index 000000000000..5f8e7c1374a6
--- /dev/null
+++ b/security/teleport/files/patch-lib_config_fileconf.go
@@ -0,0 +1,11 @@
+--- lib/config/fileconf.go.orig	2020-07-08 18:08:40 UTC
++++ lib/config/fileconf.go
+@@ -281,7 +281,7 @@ func MakeSampleFileConfig() (fc *FileConfig, err error
+ 	s.Commands = []CommandLabel{
+ 		{
+ 			Name:    "hostname",
+-			Command: []string{"/usr/bin/hostname"},
++			Command: []string{"/bin/hostname"},
+ 			Period:  time.Minute,
+ 		},
+ 		{
diff --git a/security/teleport/files/patch-lib_defaults_defaults.go b/security/teleport/files/patch-lib_defaults_defaults.go
new file mode 100644
index 000000000000..7fbb9101de4f
--- /dev/null
+++ b/security/teleport/files/patch-lib_defaults_defaults.go
@@ -0,0 +1,11 @@
+--- lib/defaults/defaults.go.orig	2020-07-08 18:08:40 UTC
++++ lib/defaults/defaults.go
+@@ -436,7 +436,7 @@ var (
+ 
+ 	// DataDir is where all mutable data is stored (user keys, recorded sessions,
+ 	// registered SSH servers, etc):
+-	DataDir = "/var/lib/teleport"
++	DataDir = "/var/db/teleport"
+ 
+ 	// StartRoles is default roles teleport assumes when started via 'start' command
+ 	StartRoles = []string{RoleProxy, RoleNode, RoleAuthService}
diff --git a/security/teleport/files/patch-lib_events_auditlog.go b/security/teleport/files/patch-lib_events_auditlog.go
new file mode 100644
index 000000000000..5d4bf68432a4
--- /dev/null
+++ b/security/teleport/files/patch-lib_events_auditlog.go
@@ -0,0 +1,11 @@
+--- lib/events/auditlog.go.orig	2020-07-08 18:08:40 UTC
++++ lib/events/auditlog.go
+@@ -45,7 +45,7 @@ import (
+ const (
+ 	// SessionLogsDir is a subdirectory inside the eventlog data dir
+ 	// where all session-specific logs and streams are stored, like
+-	// in /var/lib/teleport/logs/sessions
++	// in /var/db/teleport/logs/sessions
+ 	SessionLogsDir = "sessions"
+ 
+ 	// PlaybacksDir is a directory for playbacks
diff --git a/security/teleport/files/patch-lib_events_doc.go b/security/teleport/files/patch-lib_events_doc.go
new file mode 100644
index 000000000000..bc308eaeec0e
--- /dev/null
+++ b/security/teleport/files/patch-lib_events_doc.go
@@ -0,0 +1,110 @@
+--- lib/events/doc.go.orig	2020-07-08 18:08:40 UTC
++++ lib/events/doc.go
+@@ -85,7 +85,7 @@ Main Audit Log Format
+ 
+ The main log files are saved as:
+ 
+-	/var/lib/teleport/log/<auth-server-id>/<date>.log
++	/var/db/teleport/log/<auth-server-id>/<date>.log
+ 
+ The log file is rotated every 24 hours. The old files must be cleaned
+ up or archived by an external tool.
+@@ -111,7 +111,7 @@ Each session has its own session log stored as several
+ 
+ Index file contains a list of event files and chunks files associated with a session:
+ 
+-	/var/lib/teleport/log/sessions/<auth-server-id>/<session-id>.index
++	/var/db/teleport/log/sessions/<auth-server-id>/<session-id>.index
+ 
+ The format of the index file contains of two or more lines with pointers to other files:
+ 
+@@ -120,8 +120,8 @@ The format of the index file contains of two or more l
+ 
+ Files:
+ 
+-	/var/lib/teleport/log/<auth-server-id>/<session-id>-<first-event-in-file-index>.events
+-	/var/lib/teleport/log/<auth-server-id>/<session-id>-<first-chunk-in-file-offset>.chunks
++	/var/db/teleport/log/<auth-server-id>/<session-id>-<first-event-in-file-index>.events
++	/var/db/teleport/log/<auth-server-id>/<session-id>-<first-chunk-in-file-offset>.chunks
+ 
+ Where:
+ 	- .events   (same events as in the main log, but related to the session)
+@@ -135,7 +135,7 @@ Examples
+ In the simplest case, single auth server a1 log for a single session id s1
+ will consist of three files:
+ 
+-/var/lib/teleport/a1/s1.index
++/var/db/teleport/a1/s1.index
+ 
+ With contents:
+ 
+@@ -146,14 +146,14 @@ This means that all session events are located in s1-0
+ the first event with index 0 and all chunks are located in file s1-0.chunks file
+ with the byte offset from the start - 0.
+ 
+-File with session events /var/lib/teleport/a1/s1-0.events will contain:
++File with session events /var/db/teleport/a1/s1-0.events will contain:
+ 
+ {"ei":0,"event":"session.start", ...}
+ {"ei":1,"event":"resize",...}
+ {"ei":2,"ci":0, "event":"print","bytes":40,"offset":0}
+ {"ei":3,"event":"session.end", ...}
+ 
+-File with recorded session /var/lib/teleport/a1/s1-0.chunks will contain 40 bytes
++File with recorded session /var/db/teleport/a1/s1-0.chunks will contain 40 bytes
+ emitted by print event with chunk index 0
+ 
+ **Multiple Auth Servers**
+@@ -164,7 +164,7 @@ In high availability mode scenario, multiple auth serv
+ Any auth server can go down during session and clients will retry the delivery
+ to the other auth server.
+ 
+-Both auth servers have mounted /var/lib/teleport/log as a shared NFS folder.
++Both auth servers have mounted /var/db/teleport/log as a shared NFS folder.
+ 
+ To make sure that only one auth server writes to a file at a time,
+ each auth server writes to it's own file in a sub folder named
+@@ -176,37 +176,37 @@ and the second batch of event to the second server a2.
+ 
+ Server a1 will produce the following file:
+ 
+-/var/lib/teleport/a1/s1.index
++/var/db/teleport/a1/s1.index
+ 
+ With contents:
+ 
+ {"file_name":"s1-0.events","type":"events","index":0}
+ {"file_name":"s1-0.chunks","type":"chunks","offset":0}
+ 
+-Events file /var/lib/teleport/a1/s1-0.events will contain:
++Events file /var/db/teleport/a1/s1-0.events will contain:
+ 
+ {"ei":0,"event":"session.start", ...}
+ {"ei":1,"event":"resize",...}
+ {"ei":2,"ci":0, "event":"print","bytes":40,"offset":0}
+ 
+-Events file /var/lib/teleport/a1/s1-0.chunks will contain 40 bytes
++Events file /var/db/teleport/a1/s1-0.chunks will contain 40 bytes
+ emitted by print event with chunk index.
+ 
+ Server a2 will produce the following file:
+ 
+-/var/lib/teleport/a2/s1.index
++/var/db/teleport/a2/s1.index
+ 
+ With contents:
+ 
+ {"file_name":"s1-3.events","type":"events","index":3}
+ {"file_name":"s1-40.chunks","type":"chunks","offset":40}
+ 
+-Events file /var/lib/teleport/a2/s1-4.events will contain:
++Events file /var/db/teleport/a2/s1-4.events will contain:
+ 
+ {"ei":3,"ci":1, "event":"print","bytes":15,"ms":713,"offset":40}
+ {"ei":4,"event":"session.end", ...}
+ 
+-Events file /var/lib/teleport/a2/s1-40.chunks will contain 15 bytes emitted
++Events file /var/db/teleport/a2/s1-40.chunks will contain 15 bytes emitted
+ by print event with chunk index 1 and comes after delay of 713 milliseconds.
+ 
+ Offset 40 indicates that the first chunk stored in the file s1-40.chunks
diff --git a/security/teleport/files/patch-lib_services_server.go b/security/teleport/files/patch-lib_services_server.go
new file mode 100644
index 000000000000..f763c90a51db
--- /dev/null
+++ b/security/teleport/files/patch-lib_services_server.go
@@ -0,0 +1,11 @@
+--- lib/services/server.go.orig	2020-07-08 18:08:40 UTC
++++ lib/services/server.go
+@@ -546,7 +546,7 @@ type CommandLabelV1 struct {
+ 	// Period is a time between command runs
+ 	Period time.Duration `json:"period"`
+ 	// Command is a command to run
+-	Command []string `json:"command"` //["/usr/bin/hostname", "--long"]
++	Command []string `json:"command"` //["/bin/hostname", "--long"]
+ 	// Result captures standard output
+ 	Result string `json:"result"`
+ }
diff --git a/security/teleport/files/patch-tool_teleport_common_teleport__test.go b/security/teleport/files/patch-tool_teleport_common_teleport__test.go
new file mode 100644
index 000000000000..d2f64d5757d3
--- /dev/null
+++ b/security/teleport/files/patch-tool_teleport_common_teleport__test.go
@@ -0,0 +1,20 @@
+--- tool/teleport/common/teleport_test.go.orig	2020-07-08 18:08:40 UTC
++++ tool/teleport/common/teleport_test.go
+@@ -62,7 +62,7 @@ func (s *MainTestSuite) SetUpSuite(c *check.C) {
+ 
+ 	// set imprtant defaults to test-mode (non-existing files&locations)
+ 	defaults.ConfigFilePath = "/tmp/teleport/etc/teleport.yaml"
+-	defaults.DataDir = "/tmp/teleport/var/lib/teleport"
++	defaults.DataDir = "/tmp/teleport/var/db/teleport"
+ }
+ 
+ func (s *MainTestSuite) TestDefault(c *check.C) {
+@@ -72,7 +72,7 @@ func (s *MainTestSuite) TestDefault(c *check.C) {
+ 	})
+ 	c.Assert(cmd, check.Equals, "start")
+ 	c.Assert(conf.Hostname, check.Equals, s.hostname)
+-	c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/lib/teleport")
++	c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/db/teleport")
+ 	c.Assert(conf.Auth.Enabled, check.Equals, true)
+ 	c.Assert(conf.SSH.Enabled, check.Equals, true)
+ 	c.Assert(conf.Proxy.Enabled, check.Equals, true)
diff --git a/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go b/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go
index 297cc21ca8fe..1362356deb92 100644
--- a/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go
+++ b/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go
@@ -1,4 +1,4 @@
---- vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig	2019-12-23 19:57:30 UTC
+--- vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig	2020-07-24 04:36:27 UTC
 +++ vendor/github.com/kr/pty/ztypes_freebsd_arm64.go
 @@ -0,0 +1,13 @@
 +// Created by cgo -godefs - DO NOT EDIT
@@ -14,38 +14,3 @@
 +	Len       int32
 +	Buf       *byte
 +}
-
-
---- ../src/github.com/gravitational/teleport/vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig	2019-12-23 19:57:30 UTC
-+++ ../src/github.com/gravitational/teleport/vendor/github.com/kr/pty/ztypes_freebsd_arm64.go
-@@ -0,0 +1,13 @@
-+// Created by cgo -godefs - DO NOT EDIT
-+// cgo -godefs types_freebsd.go
-+
-+package pty
-+
-+const (
-+	_C_SPECNAMELEN = 0x3f
-+)
-+
-+type fiodgnameArg struct {
-+	Len       int32
-+	Buf       *byte
-+}
-
---- ../src/golang.org/x/sys/unix/ztypes_freebsd_arm64.go.orig	2019-12-23 19:57:30 UTC
-+++ ../src/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
-@@ -0,0 +1,13 @@
-+// Created by cgo -godefs - DO NOT EDIT
-+// cgo -godefs types_freebsd.go
-+
-+package pty
-+
-+const (
-+	_C_SPECNAMELEN = 0x3f
-+)
-+
-+type fiodgnameArg struct {
-+	Len       int32
-+	Buf       *byte
-+}
diff --git a/security/teleport/files/patch-version.mk b/security/teleport/files/patch-version.mk
new file mode 100644
index 000000000000..ee12c2c4fbe7
--- /dev/null
+++ b/security/teleport/files/patch-version.mk
@@ -0,0 +1,8 @@
+--- version.mk.orig	2020-07-08 18:08:40 UTC
++++ version.mk
+@@ -1,4 +1,4 @@
+-GITREF=`git describe --dirty --long --tags`
++GITREF=%%GH_TAG_COMMIT%%
+ 
+ # $(VERSION_GO) will be written to version.go
+ VERSION_GO="/* DO NOT EDIT THIS FILE. IT IS GENERATED BY 'make setver'*/\n\n\
diff --git a/security/teleport/files/teleport.in b/security/teleport/files/teleport.in
index dff563708ebd..01c2b959f813 100644
--- a/security/teleport/files/teleport.in
+++ b/security/teleport/files/teleport.in
@@ -3,7 +3,7 @@
 # $FreeBSD$
 #
 # PROVIDE: teleport
-# REQUIRE: LOGIN
+# REQUIRE: NETWORKING SERVERS DAEMON
 # KEYWORD: shutdown
 #
 # Add the following lines to /etc/rc.conf.local or /etc/rc.conf