From 65b4088116019c00c1a75d86a9d5cf0b010121ec Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Fri, 15 Nov 2024 21:35:58 -0500 Subject: [PATCH 01/11] Move teleport binaries to new path --- build.assets/build-package.sh | 12 +++---- examples/systemd/post-install | 60 +++++++++++++++++++++++++++++++++++ examples/systemd/post-upgrade | 11 ------- 3 files changed, 66 insertions(+), 17 deletions(-) create mode 100755 examples/systemd/post-install delete mode 100644 examples/systemd/post-upgrade diff --git a/build.assets/build-package.sh b/build.assets/build-package.sh index 56274d0a1dee8..7b50114bc7d3a 100755 --- a/build.assets/build-package.sh +++ b/build.assets/build-package.sh @@ -63,7 +63,7 @@ TARBALL_DIRECTORY="$s" GNUPG_DIR=${GNUPG_DIR:-/tmp/gnupg} # linux package configuration -LINUX_BINARY_DIR=/usr/local/bin +LINUX_BINARY_DIR=/usr/local/teleport-system/bin LINUX_SYSTEMD_DIR=/lib/systemd/system LINUX_CONFIG_DIR=/etc LINUX_DATA_DIR=/var/lib/teleport @@ -226,8 +226,8 @@ if [[ "${PACKAGE_TYPE}" == "pkg" ]]; then PKG_FILENAME="teleport-bin-${TELEPORT_VERSION}${ARCH_TAG}.${PACKAGE_TYPE}" fi else - FILE_LIST="${TAR_PATH}/tsh ${TAR_PATH}/tctl ${TAR_PATH}/teleport ${TAR_PATH}/tbot ${TAR_PATH}/fdpass-teleport ${TAR_PATH}/examples/systemd/teleport.service ${TAR_PATH}/examples/systemd/post-upgrade" - LINUX_BINARY_FILE_LIST="${TAR_PATH}/tsh ${TAR_PATH}/tctl ${TAR_PATH}/tbot ${TAR_PATH}/fdpass-teleport ${TAR_PATH}/teleport" + FILE_LIST="${TAR_PATH}/tsh ${TAR_PATH}/tctl ${TAR_PATH}/teleport ${TAR_PATH}/tbot ${TAR_PATH}/fdpass-teleport ${TAR_PATH}/teleport-update ${TAR_PATH}/examples/systemd/teleport.service ${TAR_PATH}/examples/systemd/post-install" + LINUX_BINARY_FILE_LIST="${TAR_PATH}/tsh ${TAR_PATH}/tctl ${TAR_PATH}/tbot ${TAR_PATH}/fdpass-teleport ${TAR_PATH}/teleport ${TAR_PATH}/teleport-update" LINUX_SYSTEMD_FILE_LIST="${TAR_PATH}/examples/systemd/teleport.service" EXTRA_DOCKER_OPTIONS="" RPM_SIGN_STANZA="" @@ -291,8 +291,8 @@ if [[ "${PACKAGE_TYPE}" != "pkg" ]]; then CONFIG_FILE_STANZA="--config-files /src/buildroot${LINUX_CONFIG_DIR}/${LINUX_CONFIG_FILE} " fi - # include post-upgrade script - mv -v ${TAR_PATH}/examples/systemd/post-upgrade ${PACKAGE_TEMPDIR} + # include post-install script + mv -v ${TAR_PATH}/examples/systemd/post-install ${PACKAGE_TEMPDIR} # /var/lib/teleport # shellcheck disable=SC2174 @@ -369,7 +369,7 @@ else --provides teleport \ --prefix / \ --verbose \ - --after-upgrade /src/post-upgrade \ + --after-install /src/post-install \ ${CONFIG_FILE_STANZA} \ ${FILE_PERMISSIONS_STANZA} \ ${RPM_SIGN_STANZA} . diff --git a/examples/systemd/post-install b/examples/systemd/post-install new file mode 100755 index 0000000000000..4ac7fde9e1acb --- /dev/null +++ b/examples/systemd/post-install @@ -0,0 +1,60 @@ +#!/bin/bash + +# this post upgrade script is run each time the teleport package is upgraded + +set -eu + +case "$1" in + configure) + # Define old paths and new base directory. + OLD_PATHS=( + "/usr/local/bin/teleport" + "/usr/local/bin/tsh" + "/usr/local/bin/tctl" + "/usr/local/bin/tbot" + ) + NEW_BASE_DIR="/usr/local/teleport-system/bin" + + echo "Cleaning up old files and creating symlinks where necessary..." + + for FILE in "${OLD_PATHS[@]}"; do + BASENAME=$(basename "$FILE") + NEW_PATH="$NEW_BASE_DIR/$BASENAME" + + if [ -e "$FILE" ] && [ ! -L "$FILE" ]; then + echo "Removing old binary at $FILE..." + rm -f "$FILE" + fi + + if [ ! -e "$FILE" ] && [ ! -L "$FILE" ]; then + echo "Creating symlink at $FILE pointing to $NEW_PATH..." + ln -s "$NEW_PATH" "$FILE" + fi + done + + echo "Post-upgrade cleanup and symlink creation completed." + ;; + remove|deconfigure) + OLD_PATHS=( + "/usr/local/bin/teleport" + "/usr/local/bin/tsh" + "/usr/local/bin/tctl" + "/usr/local/bin/tbot" + ) + + echo "Removing symlinks from old paths..." + + for FILE in "${OLD_PATHS[@]}"; do + if [ -L "$FILE" ]; then + echo "Removing symlink at $FILE..." + rm -f "$FILE" + fi + done + ;; +esac + +# skip reload and restart when systemd is disabled. This is only relevant when +# testing in a container. +if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true +fi diff --git a/examples/systemd/post-upgrade b/examples/systemd/post-upgrade deleted file mode 100644 index 0fe4388403517..0000000000000 --- a/examples/systemd/post-upgrade +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -# this post upgrade script is run each time the teleport package is upgraded - -set -eu - -# skip reload and restart when systemd is disabled. This is only relevant when -# testing in a container. -if [ -d /run/systemd/system ]; then - systemctl --system daemon-reload >/dev/null || true -fi From 3ac63a018bd6444e33af16da52cf59633aac8f1b Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Tue, 19 Nov 2024 15:27:07 -0500 Subject: [PATCH 02/11] Use link/unlink command to manage links Move teleport.service to new path --- build.assets/build-package.sh | 11 +++++--- examples/systemd/before-remove | 18 +++++++++++++ examples/systemd/post-install | 46 ++-------------------------------- 3 files changed, 28 insertions(+), 47 deletions(-) create mode 100755 examples/systemd/before-remove diff --git a/build.assets/build-package.sh b/build.assets/build-package.sh index 7b50114bc7d3a..4b0cabf4e3752 100755 --- a/build.assets/build-package.sh +++ b/build.assets/build-package.sh @@ -64,7 +64,7 @@ GNUPG_DIR=${GNUPG_DIR:-/tmp/gnupg} # linux package configuration LINUX_BINARY_DIR=/usr/local/teleport-system/bin -LINUX_SYSTEMD_DIR=/lib/systemd/system +LINUX_SYSTEMD_DIR=/usr/local/teleport-system/lib/systemd/system LINUX_CONFIG_DIR=/etc LINUX_DATA_DIR=/var/lib/teleport @@ -226,7 +226,7 @@ if [[ "${PACKAGE_TYPE}" == "pkg" ]]; then PKG_FILENAME="teleport-bin-${TELEPORT_VERSION}${ARCH_TAG}.${PACKAGE_TYPE}" fi else - FILE_LIST="${TAR_PATH}/tsh ${TAR_PATH}/tctl ${TAR_PATH}/teleport ${TAR_PATH}/tbot ${TAR_PATH}/fdpass-teleport ${TAR_PATH}/teleport-update ${TAR_PATH}/examples/systemd/teleport.service ${TAR_PATH}/examples/systemd/post-install" + FILE_LIST="${TAR_PATH}/tsh ${TAR_PATH}/tctl ${TAR_PATH}/teleport ${TAR_PATH}/tbot ${TAR_PATH}/fdpass-teleport ${TAR_PATH}/teleport-update ${TAR_PATH}/examples/systemd/teleport.service ${TAR_PATH}/examples/systemd/post-install ${TAR_PATH}/examples/systemd/before-remove" LINUX_BINARY_FILE_LIST="${TAR_PATH}/tsh ${TAR_PATH}/tctl ${TAR_PATH}/tbot ${TAR_PATH}/fdpass-teleport ${TAR_PATH}/teleport ${TAR_PATH}/teleport-update" LINUX_SYSTEMD_FILE_LIST="${TAR_PATH}/examples/systemd/teleport.service" EXTRA_DOCKER_OPTIONS="" @@ -291,8 +291,12 @@ if [[ "${PACKAGE_TYPE}" != "pkg" ]]; then CONFIG_FILE_STANZA="--config-files /src/buildroot${LINUX_CONFIG_DIR}/${LINUX_CONFIG_FILE} " fi - # include post-install script + # include post-install and before-remove script mv -v ${TAR_PATH}/examples/systemd/post-install ${PACKAGE_TEMPDIR} + mv -v ${TAR_PATH}/examples/systemd/before-remove ${PACKAGE_TEMPDIR} + + # create versions folder + mkdir -p ${PACKAGE_TEMPDIR}/buildroot${LINUX_DATA_DIR}/versions # /var/lib/teleport # shellcheck disable=SC2174 @@ -370,6 +374,7 @@ else --prefix / \ --verbose \ --after-install /src/post-install \ + --before-remove /src/before-remove \ ${CONFIG_FILE_STANZA} \ ${FILE_PERMISSIONS_STANZA} \ ${RPM_SIGN_STANZA} . diff --git a/examples/systemd/before-remove b/examples/systemd/before-remove new file mode 100755 index 0000000000000..9dde13e786e23 --- /dev/null +++ b/examples/systemd/before-remove @@ -0,0 +1,18 @@ +#!/bin/bash + +# this post upgrade script is run each time the teleport package is upgraded + +set -eu + +case "$1" in + remove|deconfigure) + echo "Removing symlinks from teleport system paths..." + /usr/local/teleport-system/bin/teleport-update unlink + ;; +esac + +# skip reload and restart when systemd is disabled. This is only relevant when +# testing in a container. +if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true +fi diff --git a/examples/systemd/post-install b/examples/systemd/post-install index 4ac7fde9e1acb..8b8c364593e67 100755 --- a/examples/systemd/post-install +++ b/examples/systemd/post-install @@ -6,50 +6,8 @@ set -eu case "$1" in configure) - # Define old paths and new base directory. - OLD_PATHS=( - "/usr/local/bin/teleport" - "/usr/local/bin/tsh" - "/usr/local/bin/tctl" - "/usr/local/bin/tbot" - ) - NEW_BASE_DIR="/usr/local/teleport-system/bin" - - echo "Cleaning up old files and creating symlinks where necessary..." - - for FILE in "${OLD_PATHS[@]}"; do - BASENAME=$(basename "$FILE") - NEW_PATH="$NEW_BASE_DIR/$BASENAME" - - if [ -e "$FILE" ] && [ ! -L "$FILE" ]; then - echo "Removing old binary at $FILE..." - rm -f "$FILE" - fi - - if [ ! -e "$FILE" ] && [ ! -L "$FILE" ]; then - echo "Creating symlink at $FILE pointing to $NEW_PATH..." - ln -s "$NEW_PATH" "$FILE" - fi - done - - echo "Post-upgrade cleanup and symlink creation completed." - ;; - remove|deconfigure) - OLD_PATHS=( - "/usr/local/bin/teleport" - "/usr/local/bin/tsh" - "/usr/local/bin/tctl" - "/usr/local/bin/tbot" - ) - - echo "Removing symlinks from old paths..." - - for FILE in "${OLD_PATHS[@]}"; do - if [ -L "$FILE" ]; then - echo "Removing symlink at $FILE..." - rm -f "$FILE" - fi - done + /usr/local/teleport-system/bin/teleport-update link + echo "Post-install symlink creation completed." ;; esac From 4855745fea34a27ec26e7ec6678016d8a8d5ce48 Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Tue, 19 Nov 2024 22:09:41 -0500 Subject: [PATCH 03/11] Move teleport binaries under standard path for distroless Cleanup --- build.assets/charts/Dockerfile-distroless | 1 + build.assets/charts/Dockerfile-distroless-fips | 1 + build.assets/charts/Dockerfile-tbot-distroless | 2 +- build.assets/charts/Dockerfile-tbot-distroless-fips | 2 +- examples/systemd/before-remove | 7 +------ examples/systemd/post-install | 6 +++--- 6 files changed, 8 insertions(+), 11 deletions(-) diff --git a/build.assets/charts/Dockerfile-distroless b/build.assets/charts/Dockerfile-distroless index c57265c488405..37c96fb9fb308 100644 --- a/build.assets/charts/Dockerfile-distroless +++ b/build.assets/charts/Dockerfile-distroless @@ -24,6 +24,7 @@ RUN dpkg-deb -R $TELEPORT_DEB_FILE_NAME /opt/staging && \ mkdir -p /opt/staging/etc/teleport && \ mkdir -p /opt/staging/var/lib/dpkg/status.d/ && \ mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ + mv /usr/local/teleport-system/bin/* /usr/local/bin/ && \ rm -rf /opt/staging/DEBIAN FROM $BASE_IMAGE diff --git a/build.assets/charts/Dockerfile-distroless-fips b/build.assets/charts/Dockerfile-distroless-fips index 482704bf1e8be..4b6bdc0245ad9 100644 --- a/build.assets/charts/Dockerfile-distroless-fips +++ b/build.assets/charts/Dockerfile-distroless-fips @@ -24,6 +24,7 @@ RUN dpkg-deb -R $TELEPORT_DEB_FILE_NAME /opt/staging && \ mkdir -p /opt/staging/etc/teleport && \ mkdir -p /opt/staging/var/lib/dpkg/status.d/ && \ mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ + mv /usr/local/teleport-system/bin/* /usr/local/bin/ && \ rm -rf /opt/staging/DEBIAN FROM $BASE_IMAGE diff --git a/build.assets/charts/Dockerfile-tbot-distroless b/build.assets/charts/Dockerfile-tbot-distroless index 9e1e4d8897c07..564cfdc0acdd5 100644 --- a/build.assets/charts/Dockerfile-tbot-distroless +++ b/build.assets/charts/Dockerfile-tbot-distroless @@ -17,5 +17,5 @@ ENV TELEPORT_DEB_FILE_NAME=teleport${TELEPORT_RELEASE_INFIX}_${TELEPORT_VERSION} RUN --mount=type=bind,target=/ctx dpkg-deb -R /ctx/$TELEPORT_DEB_FILE_NAME /opt/staging FROM $BASE_IMAGE -COPY --from=teleport /opt/staging/usr/local/bin/tbot /usr/local/bin/tbot +COPY --from=teleport /opt/staging/usr/local/teleport-system/bin/tbot /usr/local/bin/tbot ENTRYPOINT ["/usr/local/bin/tbot"] diff --git a/build.assets/charts/Dockerfile-tbot-distroless-fips b/build.assets/charts/Dockerfile-tbot-distroless-fips index 7592a8993ec69..848a686fd80c0 100644 --- a/build.assets/charts/Dockerfile-tbot-distroless-fips +++ b/build.assets/charts/Dockerfile-tbot-distroless-fips @@ -17,5 +17,5 @@ ENV TELEPORT_DEB_FILE_NAME=teleport${TELEPORT_RELEASE_INFIX}_${TELEPORT_VERSION} RUN --mount=type=bind,target=/ctx dpkg-deb -R /ctx/$TELEPORT_DEB_FILE_NAME /opt/staging FROM $BASE_IMAGE -COPY --from=teleport /opt/staging/usr/local/bin/tbot /usr/local/bin/tbot +COPY --from=teleport /opt/staging/usr/local/teleport-system/bin/tbot /usr/local/bin/tbot ENTRYPOINT ["/usr/local/bin/tbot", "--fips"] diff --git a/examples/systemd/before-remove b/examples/systemd/before-remove index 9dde13e786e23..b3180a0933740 100755 --- a/examples/systemd/before-remove +++ b/examples/systemd/before-remove @@ -1,6 +1,6 @@ #!/bin/bash -# this post upgrade script is run each time the teleport package is upgraded +# This before remove script is run each time the teleport package is removed. set -eu @@ -11,8 +11,3 @@ case "$1" in ;; esac -# skip reload and restart when systemd is disabled. This is only relevant when -# testing in a container. -if [ -d /run/systemd/system ]; then - systemctl --system daemon-reload >/dev/null || true -fi diff --git a/examples/systemd/post-install b/examples/systemd/post-install index 8b8c364593e67..318d3ff0bc8e2 100755 --- a/examples/systemd/post-install +++ b/examples/systemd/post-install @@ -1,17 +1,17 @@ #!/bin/bash -# this post upgrade script is run each time the teleport package is upgraded +# This post install script is run each time the teleport package is installed/upgraded. set -eu case "$1" in configure) + echo "Teleport system symlinks creation..." /usr/local/teleport-system/bin/teleport-update link - echo "Post-install symlink creation completed." ;; esac -# skip reload and restart when systemd is disabled. This is only relevant when +# Skip reload and restart when systemd is disabled. This is only relevant when # testing in a container. if [ -d /run/systemd/system ]; then systemctl --system daemon-reload >/dev/null || true From 89b32daf7557db916446ac4ef30f66305a60c17b Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Tue, 19 Nov 2024 22:49:55 -0500 Subject: [PATCH 04/11] Fix wrong move path --- build.assets/charts/Dockerfile-distroless | 2 +- build.assets/charts/Dockerfile-distroless-fips | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.assets/charts/Dockerfile-distroless b/build.assets/charts/Dockerfile-distroless index 37c96fb9fb308..581905dc246ae 100644 --- a/build.assets/charts/Dockerfile-distroless +++ b/build.assets/charts/Dockerfile-distroless @@ -24,7 +24,7 @@ RUN dpkg-deb -R $TELEPORT_DEB_FILE_NAME /opt/staging && \ mkdir -p /opt/staging/etc/teleport && \ mkdir -p /opt/staging/var/lib/dpkg/status.d/ && \ mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ - mv /usr/local/teleport-system/bin/* /usr/local/bin/ && \ + mv /opt/staging/usr/local/teleport-system/bin/* /opt/staging/usr/local/bin/ && \ rm -rf /opt/staging/DEBIAN FROM $BASE_IMAGE diff --git a/build.assets/charts/Dockerfile-distroless-fips b/build.assets/charts/Dockerfile-distroless-fips index 4b6bdc0245ad9..524c92d6946d1 100644 --- a/build.assets/charts/Dockerfile-distroless-fips +++ b/build.assets/charts/Dockerfile-distroless-fips @@ -24,7 +24,7 @@ RUN dpkg-deb -R $TELEPORT_DEB_FILE_NAME /opt/staging && \ mkdir -p /opt/staging/etc/teleport && \ mkdir -p /opt/staging/var/lib/dpkg/status.d/ && \ mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ - mv /usr/local/teleport-system/bin/* /usr/local/bin/ && \ + mv /opt/staging/usr/local/teleport-system/bin/* /opt/staging/usr/local/bin/ && \ rm -rf /opt/staging/DEBIAN FROM $BASE_IMAGE From a16f9c6928265b827177bff9cf29dd858af66cb3 Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Tue, 19 Nov 2024 23:39:01 -0500 Subject: [PATCH 05/11] Create missing directory --- build.assets/charts/Dockerfile-distroless | 1 + build.assets/charts/Dockerfile-distroless-fips | 1 + 2 files changed, 2 insertions(+) diff --git a/build.assets/charts/Dockerfile-distroless b/build.assets/charts/Dockerfile-distroless index 581905dc246ae..08e50c11e0425 100644 --- a/build.assets/charts/Dockerfile-distroless +++ b/build.assets/charts/Dockerfile-distroless @@ -23,6 +23,7 @@ COPY $TELEPORT_DEB_FILE_NAME ./$TELEPORT_DEB_FILE_NAME RUN dpkg-deb -R $TELEPORT_DEB_FILE_NAME /opt/staging && \ mkdir -p /opt/staging/etc/teleport && \ mkdir -p /opt/staging/var/lib/dpkg/status.d/ && \ + mkdir -p /opt/staging/usr/local/bin && \ mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ mv /opt/staging/usr/local/teleport-system/bin/* /opt/staging/usr/local/bin/ && \ rm -rf /opt/staging/DEBIAN diff --git a/build.assets/charts/Dockerfile-distroless-fips b/build.assets/charts/Dockerfile-distroless-fips index 524c92d6946d1..fe9969fab1006 100644 --- a/build.assets/charts/Dockerfile-distroless-fips +++ b/build.assets/charts/Dockerfile-distroless-fips @@ -23,6 +23,7 @@ COPY $TELEPORT_DEB_FILE_NAME ./$TELEPORT_DEB_FILE_NAME RUN dpkg-deb -R $TELEPORT_DEB_FILE_NAME /opt/staging && \ mkdir -p /opt/staging/etc/teleport && \ mkdir -p /opt/staging/var/lib/dpkg/status.d/ && \ + mkdir -p /opt/staging/usr/local/bin && \ mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ mv /opt/staging/usr/local/teleport-system/bin/* /opt/staging/usr/local/bin/ && \ rm -rf /opt/staging/DEBIAN From a1da9f1aa675948a4130c6c34e0a503eb714a7dc Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Wed, 20 Nov 2024 10:06:16 -0500 Subject: [PATCH 06/11] Rename link/unlink commands --- examples/systemd/before-remove | 2 +- examples/systemd/post-install | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/systemd/before-remove b/examples/systemd/before-remove index b3180a0933740..b2983f8bd2391 100755 --- a/examples/systemd/before-remove +++ b/examples/systemd/before-remove @@ -7,7 +7,7 @@ set -eu case "$1" in remove|deconfigure) echo "Removing symlinks from teleport system paths..." - /usr/local/teleport-system/bin/teleport-update unlink + /usr/local/teleport-system/bin/teleport-update unlink-package ;; esac diff --git a/examples/systemd/post-install b/examples/systemd/post-install index 318d3ff0bc8e2..db30f07d503a5 100755 --- a/examples/systemd/post-install +++ b/examples/systemd/post-install @@ -7,7 +7,7 @@ set -eu case "$1" in configure) echo "Teleport system symlinks creation..." - /usr/local/teleport-system/bin/teleport-update link + /usr/local/teleport-system/bin/teleport-update link-package ;; esac From 981c042f83d72a03eb39a83ad43ea74667623e0c Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Wed, 20 Nov 2024 15:11:08 -0500 Subject: [PATCH 07/11] Exclude teleport-update from docker image Systemd reload now managed by teleport-update Make safe unlink not to block package removal --- build.assets/charts/Dockerfile-distroless | 1 + build.assets/charts/Dockerfile-distroless-fips | 1 + examples/systemd/before-remove | 2 +- examples/systemd/post-install | 6 ------ 4 files changed, 3 insertions(+), 7 deletions(-) diff --git a/build.assets/charts/Dockerfile-distroless b/build.assets/charts/Dockerfile-distroless index 08e50c11e0425..b720f023a50e6 100644 --- a/build.assets/charts/Dockerfile-distroless +++ b/build.assets/charts/Dockerfile-distroless @@ -26,6 +26,7 @@ RUN dpkg-deb -R $TELEPORT_DEB_FILE_NAME /opt/staging && \ mkdir -p /opt/staging/usr/local/bin && \ mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ mv /opt/staging/usr/local/teleport-system/bin/* /opt/staging/usr/local/bin/ && \ + rm -f /opt/staging/usr/local/bin/teleport-update && \ rm -rf /opt/staging/DEBIAN FROM $BASE_IMAGE diff --git a/build.assets/charts/Dockerfile-distroless-fips b/build.assets/charts/Dockerfile-distroless-fips index fe9969fab1006..4c0e4106c7570 100644 --- a/build.assets/charts/Dockerfile-distroless-fips +++ b/build.assets/charts/Dockerfile-distroless-fips @@ -26,6 +26,7 @@ RUN dpkg-deb -R $TELEPORT_DEB_FILE_NAME /opt/staging && \ mkdir -p /opt/staging/usr/local/bin && \ mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ mv /opt/staging/usr/local/teleport-system/bin/* /opt/staging/usr/local/bin/ && \ + rm -f /opt/staging/usr/local/bin/teleport-update && \ rm -rf /opt/staging/DEBIAN FROM $BASE_IMAGE diff --git a/examples/systemd/before-remove b/examples/systemd/before-remove index b2983f8bd2391..f314b7d45a4c6 100755 --- a/examples/systemd/before-remove +++ b/examples/systemd/before-remove @@ -7,7 +7,7 @@ set -eu case "$1" in remove|deconfigure) echo "Removing symlinks from teleport system paths..." - /usr/local/teleport-system/bin/teleport-update unlink-package + /usr/local/teleport-system/bin/teleport-update unlink-package || true ;; esac diff --git a/examples/systemd/post-install b/examples/systemd/post-install index db30f07d503a5..be96a49023dac 100755 --- a/examples/systemd/post-install +++ b/examples/systemd/post-install @@ -10,9 +10,3 @@ case "$1" in /usr/local/teleport-system/bin/teleport-update link-package ;; esac - -# Skip reload and restart when systemd is disabled. This is only relevant when -# testing in a container. -if [ -d /run/systemd/system ]; then - systemctl --system daemon-reload >/dev/null || true -fi From dd5594d4e656fc28bcadb2f7ec78da1c993b7e84 Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Fri, 22 Nov 2024 13:48:25 -0500 Subject: [PATCH 08/11] Add teleport-update to AMI image build --- assets/aws/files/install-hardened.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/assets/aws/files/install-hardened.sh b/assets/aws/files/install-hardened.sh index 2fd099a28e8d2..994a8b889431e 100644 --- a/assets/aws/files/install-hardened.sh +++ b/assets/aws/files/install-hardened.sh @@ -23,11 +23,14 @@ usermod -a -G adm teleport # Setup teleport run dir for pid files install -d -m 0700 -o teleport -g adm /var/lib/teleport install -d -m 0755 -o teleport -g adm /run/teleport /etc/teleport.d +# Setup teleport-system directory +install -d -m 0755 -o teleport -g adm /usr/local/teleport-system # Extract tarball to /tmp/teleport to get the binaries out mkdir /tmp/teleport tar -C /tmp/teleport -x -z -f /tmp/teleport.tar.gz --strip-components=1 -install -m 755 /tmp/teleport/{tctl,tsh,teleport,tbot,fdpass-teleport} /usr/local/bin +install -m 755 /tmp/teleport/{tctl,tsh,teleport,tbot,fdpass-teleport,teleport-update} /usr/local/teleport-system/bin +/usr/local/teleport-system/bin/teleport-update link-package rm -rf /tmp/teleport /tmp/teleport.tar.gz if [[ "${TELEPORT_FIPS}" == 1 ]]; then From 62ee8c3529f29d8ce23e5a0a55f12a9fb46f380c Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Fri, 22 Nov 2024 13:49:31 -0500 Subject: [PATCH 09/11] Fix RPM build, fpm automatically manage scripts --- examples/systemd/before-remove | 9 ++------- examples/systemd/post-install | 8 ++------ 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/examples/systemd/before-remove b/examples/systemd/before-remove index f314b7d45a4c6..ce9bbed662616 100755 --- a/examples/systemd/before-remove +++ b/examples/systemd/before-remove @@ -4,10 +4,5 @@ set -eu -case "$1" in - remove|deconfigure) - echo "Removing symlinks from teleport system paths..." - /usr/local/teleport-system/bin/teleport-update unlink-package || true - ;; -esac - +echo "Removing symlinks from teleport system paths..." +/usr/local/teleport-system/bin/teleport-update unlink-package || true diff --git a/examples/systemd/post-install b/examples/systemd/post-install index be96a49023dac..5c649c8f802f5 100755 --- a/examples/systemd/post-install +++ b/examples/systemd/post-install @@ -4,9 +4,5 @@ set -eu -case "$1" in - configure) - echo "Teleport system symlinks creation..." - /usr/local/teleport-system/bin/teleport-update link-package - ;; -esac +echo "Teleport system symlinks creation..." +/usr/local/teleport-system/bin/teleport-update link-package From d109f68f9fb3cfa1cc3481ef2598516c81565ac2 Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Fri, 22 Nov 2024 14:36:54 -0500 Subject: [PATCH 10/11] Fix AMI build, add missing teleport.service --- assets/aws/files/install-hardened.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/assets/aws/files/install-hardened.sh b/assets/aws/files/install-hardened.sh index 994a8b889431e..0403e21b83789 100644 --- a/assets/aws/files/install-hardened.sh +++ b/assets/aws/files/install-hardened.sh @@ -24,12 +24,14 @@ usermod -a -G adm teleport install -d -m 0700 -o teleport -g adm /var/lib/teleport install -d -m 0755 -o teleport -g adm /run/teleport /etc/teleport.d # Setup teleport-system directory -install -d -m 0755 -o teleport -g adm /usr/local/teleport-system +install -d -m 0755 -o teleport -g adm /usr/local/teleport-system/bin +install -d -m 0755 -o teleport -g adm /usr/local/teleport-system/lib/systemd/system # Extract tarball to /tmp/teleport to get the binaries out mkdir /tmp/teleport tar -C /tmp/teleport -x -z -f /tmp/teleport.tar.gz --strip-components=1 install -m 755 /tmp/teleport/{tctl,tsh,teleport,tbot,fdpass-teleport,teleport-update} /usr/local/teleport-system/bin +install -m 755 /tmp/teleport/examples/systemd/teleport.service /usr/local/teleport-system/lib/systemd/system /usr/local/teleport-system/bin/teleport-update link-package rm -rf /tmp/teleport /tmp/teleport.tar.gz From 8a0fb1f242cdf531ff8126cdfbafcf7c85643b7b Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Wed, 4 Dec 2024 21:15:41 -0600 Subject: [PATCH 11/11] Move binaries to /opt/teleport/system --- assets/aws/files/install-hardened.sh | 12 ++++++------ build.assets/build-package.sh | 4 ++-- build.assets/charts/Dockerfile-distroless | 2 +- build.assets/charts/Dockerfile-distroless-fips | 2 +- build.assets/charts/Dockerfile-tbot-distroless | 2 +- build.assets/charts/Dockerfile-tbot-distroless-fips | 2 +- examples/systemd/before-remove | 4 ++-- examples/systemd/post-install | 2 +- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/assets/aws/files/install-hardened.sh b/assets/aws/files/install-hardened.sh index 0403e21b83789..c0db8a739bf3b 100644 --- a/assets/aws/files/install-hardened.sh +++ b/assets/aws/files/install-hardened.sh @@ -23,16 +23,16 @@ usermod -a -G adm teleport # Setup teleport run dir for pid files install -d -m 0700 -o teleport -g adm /var/lib/teleport install -d -m 0755 -o teleport -g adm /run/teleport /etc/teleport.d -# Setup teleport-system directory -install -d -m 0755 -o teleport -g adm /usr/local/teleport-system/bin -install -d -m 0755 -o teleport -g adm /usr/local/teleport-system/lib/systemd/system +# Setup teleport/system directory +install -d -m 0755 -o teleport -g adm /opt/teleport/system/bin +install -d -m 0755 -o teleport -g adm /opt/teleport/system/lib/systemd/system # Extract tarball to /tmp/teleport to get the binaries out mkdir /tmp/teleport tar -C /tmp/teleport -x -z -f /tmp/teleport.tar.gz --strip-components=1 -install -m 755 /tmp/teleport/{tctl,tsh,teleport,tbot,fdpass-teleport,teleport-update} /usr/local/teleport-system/bin -install -m 755 /tmp/teleport/examples/systemd/teleport.service /usr/local/teleport-system/lib/systemd/system -/usr/local/teleport-system/bin/teleport-update link-package +install -m 755 /tmp/teleport/{tctl,tsh,teleport,tbot,fdpass-teleport,teleport-update} /opt/teleport/system/bin +install -m 755 /tmp/teleport/examples/systemd/teleport.service /opt/teleport/system/lib/systemd/system +/opt/teleport/system/bin/teleport-update link-package rm -rf /tmp/teleport /tmp/teleport.tar.gz if [[ "${TELEPORT_FIPS}" == 1 ]]; then diff --git a/build.assets/build-package.sh b/build.assets/build-package.sh index 4b0cabf4e3752..b4b0e3b8c7972 100755 --- a/build.assets/build-package.sh +++ b/build.assets/build-package.sh @@ -63,8 +63,8 @@ TARBALL_DIRECTORY="$s" GNUPG_DIR=${GNUPG_DIR:-/tmp/gnupg} # linux package configuration -LINUX_BINARY_DIR=/usr/local/teleport-system/bin -LINUX_SYSTEMD_DIR=/usr/local/teleport-system/lib/systemd/system +LINUX_BINARY_DIR=/opt/teleport/system/bin +LINUX_SYSTEMD_DIR=/opt/teleport/system/lib/systemd/system LINUX_CONFIG_DIR=/etc LINUX_DATA_DIR=/var/lib/teleport diff --git a/build.assets/charts/Dockerfile-distroless b/build.assets/charts/Dockerfile-distroless index b720f023a50e6..afc9ef481d768 100644 --- a/build.assets/charts/Dockerfile-distroless +++ b/build.assets/charts/Dockerfile-distroless @@ -25,7 +25,7 @@ RUN dpkg-deb -R $TELEPORT_DEB_FILE_NAME /opt/staging && \ mkdir -p /opt/staging/var/lib/dpkg/status.d/ && \ mkdir -p /opt/staging/usr/local/bin && \ mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ - mv /opt/staging/usr/local/teleport-system/bin/* /opt/staging/usr/local/bin/ && \ + mv /opt/staging/opt/teleport/system/bin/* /opt/staging/usr/local/bin/ && \ rm -f /opt/staging/usr/local/bin/teleport-update && \ rm -rf /opt/staging/DEBIAN diff --git a/build.assets/charts/Dockerfile-distroless-fips b/build.assets/charts/Dockerfile-distroless-fips index 4c0e4106c7570..c1443b96c6217 100644 --- a/build.assets/charts/Dockerfile-distroless-fips +++ b/build.assets/charts/Dockerfile-distroless-fips @@ -25,7 +25,7 @@ RUN dpkg-deb -R $TELEPORT_DEB_FILE_NAME /opt/staging && \ mkdir -p /opt/staging/var/lib/dpkg/status.d/ && \ mkdir -p /opt/staging/usr/local/bin && \ mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ - mv /opt/staging/usr/local/teleport-system/bin/* /opt/staging/usr/local/bin/ && \ + mv /opt/staging/opt/teleport/system/bin/* /opt/staging/usr/local/bin/ && \ rm -f /opt/staging/usr/local/bin/teleport-update && \ rm -rf /opt/staging/DEBIAN diff --git a/build.assets/charts/Dockerfile-tbot-distroless b/build.assets/charts/Dockerfile-tbot-distroless index 564cfdc0acdd5..842157a175bbc 100644 --- a/build.assets/charts/Dockerfile-tbot-distroless +++ b/build.assets/charts/Dockerfile-tbot-distroless @@ -17,5 +17,5 @@ ENV TELEPORT_DEB_FILE_NAME=teleport${TELEPORT_RELEASE_INFIX}_${TELEPORT_VERSION} RUN --mount=type=bind,target=/ctx dpkg-deb -R /ctx/$TELEPORT_DEB_FILE_NAME /opt/staging FROM $BASE_IMAGE -COPY --from=teleport /opt/staging/usr/local/teleport-system/bin/tbot /usr/local/bin/tbot +COPY --from=teleport /opt/staging/opt/teleport/system/bin/tbot /usr/local/bin/tbot ENTRYPOINT ["/usr/local/bin/tbot"] diff --git a/build.assets/charts/Dockerfile-tbot-distroless-fips b/build.assets/charts/Dockerfile-tbot-distroless-fips index 848a686fd80c0..b6fb33caab877 100644 --- a/build.assets/charts/Dockerfile-tbot-distroless-fips +++ b/build.assets/charts/Dockerfile-tbot-distroless-fips @@ -17,5 +17,5 @@ ENV TELEPORT_DEB_FILE_NAME=teleport${TELEPORT_RELEASE_INFIX}_${TELEPORT_VERSION} RUN --mount=type=bind,target=/ctx dpkg-deb -R /ctx/$TELEPORT_DEB_FILE_NAME /opt/staging FROM $BASE_IMAGE -COPY --from=teleport /opt/staging/usr/local/teleport-system/bin/tbot /usr/local/bin/tbot +COPY --from=teleport /opt/staging/opt/teleport/system/bin/tbot /usr/local/bin/tbot ENTRYPOINT ["/usr/local/bin/tbot", "--fips"] diff --git a/examples/systemd/before-remove b/examples/systemd/before-remove index ce9bbed662616..2c83711d60c76 100755 --- a/examples/systemd/before-remove +++ b/examples/systemd/before-remove @@ -4,5 +4,5 @@ set -eu -echo "Removing symlinks from teleport system paths..." -/usr/local/teleport-system/bin/teleport-update unlink-package || true +echo "Removing symlinks from Teleport system paths..." +/opt/teleport/system/bin/teleport-update unlink-package || true diff --git a/examples/systemd/post-install b/examples/systemd/post-install index 5c649c8f802f5..189069bd2784d 100755 --- a/examples/systemd/post-install +++ b/examples/systemd/post-install @@ -5,4 +5,4 @@ set -eu echo "Teleport system symlinks creation..." -/usr/local/teleport-system/bin/teleport-update link-package +/opt/teleport/system/bin/teleport-update link-package