From cc8a34e3eb4159d116acd667a383e0ab1b517c16 Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Tue, 18 Mar 2025 14:00:43 -0700 Subject: [PATCH 1/2] Use default CDN by client-tools auto update for oss version --- Makefile | 14 +++----------- lib/autoupdate/tools/utils.go | 10 ++-------- 2 files changed, 5 insertions(+), 19 deletions(-) diff --git a/Makefile b/Makefile index 16f90b1212983..05effd9e2f05c 100644 --- a/Makefile +++ b/Makefile @@ -324,14 +324,6 @@ all: version binaries: $(MAKE) $(BINARIES) -# Appending new conditional settings for community build type for tools. -ifeq ("$(GITHUB_REPOSITORY_OWNER)","gravitational") -# TELEPORT_LDFLAGS and TOOLS_LDFLAGS if appended will overwrite the previous LDFLAGS set in the BUILDFLAGS. -# This is done here to prevent any changes to the (BUI)LDFLAGS passed to the other binaries -TELEPORT_LDFLAGS ?= -ldflags '$(GO_LDFLAGS) -X github.com/gravitational/teleport/lib/modules.teleportBuildType=community' -TOOLS_LDFLAGS ?= -ldflags '$(GO_LDFLAGS) -X github.com/gravitational/teleport/lib/modules.teleportBuildType=community' -endif - # By making these 3 targets below (tsh, tctl and teleport) PHONY we are solving # several problems: # * Build will rely on go build internal caching https://golang.org/doc/go1.10 at all times @@ -342,7 +334,7 @@ $(BUILDDIR)/tctl: @if [[ -z "$(LIBFIDO2_BUILD_TAG)" ]]; then \ echo 'Warning: Building tctl without libfido2. Install libfido2 to have access to MFA.' >&2; \ fi - GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG) go build -tags "$(PAM_TAG) $(FIPS_TAG) $(LIBFIDO2_BUILD_TAG) $(PIV_BUILD_TAG)" -o $(BUILDDIR)/tctl $(BUILDFLAGS) $(TOOLS_LDFLAGS) ./tool/tctl + GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG) go build -tags "$(PAM_TAG) $(FIPS_TAG) $(LIBFIDO2_BUILD_TAG) $(PIV_BUILD_TAG)" -o $(BUILDDIR)/tctl $(BUILDFLAGS) ./tool/tctl .PHONY: $(BUILDDIR)/teleport $(BUILDDIR)/teleport: ensure-webassets bpf-bytecode rdpclient @@ -362,7 +354,7 @@ $(BUILDDIR)/tsh: @if [[ -z "$(LIBFIDO2_BUILD_TAG)" ]]; then \ echo 'Warning: Building tsh without libfido2. Install libfido2 to have access to MFA.' >&2; \ fi - GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG_TSH) go build -tags "$(FIPS_TAG) $(LIBFIDO2_BUILD_TAG) $(TOUCHID_TAG) $(PIV_BUILD_TAG)" -o $(BUILDDIR)/tsh $(BUILDFLAGS) $(TOOLS_LDFLAGS) ./tool/tsh + GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG_TSH) go build -tags "$(FIPS_TAG) $(LIBFIDO2_BUILD_TAG) $(TOUCHID_TAG) $(PIV_BUILD_TAG)" -o $(BUILDDIR)/tsh $(BUILDFLAGS) ./tool/tsh .PHONY: $(BUILDDIR)/tbot # tbot is CGO-less by default except on Windows because lib/client/terminal/ wants CGO on this OS @@ -371,7 +363,7 @@ $(BUILDDIR)/tbot: TBOT_CGO_FLAGS ?= $(if $(filter windows,$(OS)),$(CGOFLAG),CGO_ # Build mode pie requires CGO $(BUILDDIR)/tbot: BUILDFLAGS_TBOT += $(if $(findstring CGO_ENABLED=1,$(TBOT_CGO_FLAGS)), -buildmode=pie) $(BUILDDIR)/tbot: - GOOS=$(OS) GOARCH=$(ARCH) $(TBOT_CGO_FLAGS) go build -tags "$(FIPS_TAG)" -o $(BUILDDIR)/tbot $(BUILDFLAGS_TBOT) $(TOOLS_LDFLAGS) ./tool/tbot + GOOS=$(OS) GOARCH=$(ARCH) $(TBOT_CGO_FLAGS) go build -tags "$(FIPS_TAG)" -o $(BUILDDIR)/tbot $(BUILDFLAGS_TBOT) ./tool/tbot .PHONY: $(BUILDDIR)/fdpass-teleport $(BUILDDIR)/fdpass-teleport: diff --git a/lib/autoupdate/tools/utils.go b/lib/autoupdate/tools/utils.go index 7b41dc5b789b4..6b3922555423b 100644 --- a/lib/autoupdate/tools/utils.go +++ b/lib/autoupdate/tools/utils.go @@ -143,15 +143,9 @@ type packageURL struct { } // teleportPackageURLs returns URLs for the Teleport archives to download. -func teleportPackageURLs(ctx context.Context, uriTmpl string, baseURL, version string) ([]packageURL, error) { - m := modules.GetModules() - envBaseURL := os.Getenv(autoupdate.BaseURLEnvVar) - if m.BuildType() == modules.BuildOSS && envBaseURL == "" { - slog.WarnContext(ctx, "Client tools updates are disabled as they are licensed under AGPL. To use Community Edition builds or custom binaries, set the 'TELEPORT_CDN_BASE_URL' environment variable.") - return nil, errNoBaseURL - } - +func teleportPackageURLs(_ context.Context, uriTmpl string, baseURL, version string) ([]packageURL, error) { var flags autoupdate.InstallFlags + m := modules.GetModules() if m.IsBoringBinary() { flags |= autoupdate.FlagFIPS } From 931b60bd0c37da09d3667de261d96cd2f00d4fa1 Mon Sep 17 00:00:00 2001 From: Vadym Popov Date: Tue, 18 Mar 2025 15:40:52 -0700 Subject: [PATCH 2/2] Change logic of TestUpdateForOSSBuild --- integration/autoupdate/tools/updater_test.go | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/integration/autoupdate/tools/updater_test.go b/integration/autoupdate/tools/updater_test.go index 21f2962d75768..dd8483c34e6a6 100644 --- a/integration/autoupdate/tools/updater_test.go +++ b/integration/autoupdate/tools/updater_test.go @@ -35,7 +35,6 @@ import ( "github.com/gravitational/teleport/api/types" "github.com/gravitational/teleport/integration/autoupdate/tools/updater" - "github.com/gravitational/teleport/lib/autoupdate" "github.com/gravitational/teleport/lib/autoupdate/tools" "github.com/gravitational/teleport/lib/modules" ) @@ -238,7 +237,7 @@ func TestUpdateForOSSBuild(t *testing.T) { err := updater.Update(ctx, testVersions[0]) require.NoError(t, err) - // Verify that requested update is ignored by OSS build and version wasn't updated. + // Verify that requested update is not ignored by OSS build type and version is updated. cmd := exec.CommandContext(ctx, filepath.Join(toolsDir, "tsh"), "version") cmd.Env = append( os.Environ(), @@ -249,19 +248,5 @@ func TestUpdateForOSSBuild(t *testing.T) { matches := pattern.FindStringSubmatch(string(out)) require.Len(t, matches, 2) - require.Equal(t, testVersions[0], matches[1]) - - // Next update is set with the base URL env variable, must download new version. - t.Setenv(autoupdate.BaseURLEnvVar, baseURL) - cmd = exec.CommandContext(ctx, filepath.Join(toolsDir, "tsh"), "version") - cmd.Env = append( - os.Environ(), - fmt.Sprintf("%s=%s", teleportToolsVersion, testVersions[1]), - ) - out, err = cmd.Output() - require.NoError(t, err) - - matches = pattern.FindStringSubmatch(string(out)) - require.Len(t, matches, 2) require.Equal(t, testVersions[1], matches[1]) }