reinit the tree, so we can have metadata

12 files changed, 473 insertions, 0 deletions

diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest
new file mode 100644
index 000000000000..f5012b024bd2
--- /dev/null
+++ b/sys-cluster/teleport/Manifest
@@ -0,0 +1,14 @@
+AUX teleport-makefile-buildflags.patch 402 SHA256 a703d044a527736b4e6e4a0397b988464e992e29c8de9877ad66a6930bca9d76 SHA512 e9101609ec4155e3e77f99c7ff69abd47f75e1f0b7b6c75a639efc8df3e782b1e790c57c2f9a37c0f03e136c6084d4bd530a570ff67e17eaa4d518cdcc103d37 WHIRLPOOL 773632599d9f2058f8142e9a615826ddc256e21c0b5da2d2e268a874d7735e4fe98823d83dfe319ee9cc30f0b06c360d2fd176eceff23d9a47164785dc3b4183
+AUX teleport.conf.d 442 SHA256 741b26473c069d48da42ed244a5f2aa30b36854dca618f495bd1e73da5058892 SHA512 e50e3d0030e467afcfaf42c8f56ba1c0397e3dc6a445981b3f1533d7a0a9e550aabdc8bff394a5b01e44d3445b1981e2e955ea38b079386f675df8a37d7d20de WHIRLPOOL 86095a578040637175e6009fedbf67283361fa1f0bbe5b3db2899f47ca06c3728fb0b1e971dde61841b0775d6440dfcd36333696c78cde0ca043c79cc461fd06
+AUX teleport.init.d 763 SHA256 82e7ca98beb2f587deedf04c36ca94d545c4557f2bb88539900020cbf57eee90 SHA512 ea8803c27ed1b89615183ed17b6772726c4cc2f976bc008d6752a5d10a814e381baccd7c6cc354120b3707f351f1cc6592a9f55f6aff2010946eca9f17566f46 WHIRLPOOL 8278cdcd81df54469d5ba91020e420fbb173b5a8f09a927ca34395321ef48ad7a611b0c43f3c6cc76ff81d617246fbbfc0d49bb614d7808ebfc98392e76b7e17
+AUX teleport.service 209 SHA256 9b7f950ccf4d6795b70319389c7241a0f78bd5f6f27bd33076126926e9ae68d5 SHA512 c71665c287575b1e127fdf5c580552aeb17bff55627d537999964be3a86ba2b11dce9d46bf10ab8e909c65a9d94263ced590191b7ea9e5ee2f0c3f65a044816e WHIRLPOOL ad3501e68b828dafe34ca2c4c18832c87203994aebd8777df96ea23b5848e3b71e3b23b5a8b2335687ac51d1c548b8e7a0ebdc37e66a729413c7826a37eb3631
+AUX teleport.service.conf 90 SHA256 626001d9737938cafdf65b1dd83f50903889c6969cbd1446ba0f0178fd2cfe08 SHA512 d17faa0deaf3c864e5159d3567e542e36d09c6ea0ac91c663d3ae9729d1bccf7d2139f1f48fec132eccc473e023ffdaed0b8f2ee75db5dedc6ff36f637f68e1c WHIRLPOOL 61d4bb3847a4e35437ad58144c1cbd25fe0127e25d32a6ca12925867c5dcdb3246fc79beacfc07e22eb29fced0514c280de638499df21f2feba10bf073f80953
+AUX teleport.yaml 5177 SHA256 3de8389f6b87378fc0a3aa09b74917eb5e1d34f98cccb8e024006eab806fdab1 SHA512 f9f854472d469d0822d5766517cc68364feca4f3345a69d616d073aaaf9af7be6f72aa55c7d0c801426c3fef42714c09b884e0e086a58a07208ebef0ffe3ca80 WHIRLPOOL 13ffe73b8d75437dd46765f66477b9253fdac2bc3ea82dd7d7a3bce60ee5f560e26eb61c1cafeb937123a62c00f073783a3f81a1315960b99c8d4408cbd27b3b
+DIST teleport-2.2.0.tar.gz 7229371 SHA256 b12bea0474a0ce5f4df10729607661b1afbecd5e95083835ccee7b54493c9452 SHA512 bec288983371bd3807b7ce994b1533a5e869d903251f8a8ce6315768a1d3ae95d72f832037345c36c9cd4789fbc449c54b86359988b1e74d4f46f9e0db6b3239 WHIRLPOOL 5b128fda80b1ce4afe60e10e6d5d9e83f621f6a405e713af7d1b988562038aa927c9f7c733a927a3aa724c261d058dba1fa75526dd2eb9051b1e6fe4c984004c
+DIST teleport-2.2.1.tar.gz 7235188 SHA256 5a5c7be4615a3ef3e6915a4330b71cd063dd3a86013b8a72a5dbbca882eb28ac SHA512 011ffd8fdf42131455c32b8a8ed1ddee0181a8dcd3424dc9cf5ac96c53ce719d369e0bfac4392cc0dec14e78fed94732bbcb56c2db5987ee778ad29e4f7a749d WHIRLPOOL 988da053d7c85acfe1103696e33eff9fbb37d4feb5af580b1fb7b8995ca7ec449786c997619f81717816298b4cdc0bf26b823ac62b3c85ce72d3bdd783d02215
+DIST teleport-2.2.4.tar.gz 7234252 SHA256 25624d3b8dff987eab70cfadd0fe55a96d741ef8955064cd6e51e718da7f0363 SHA512 859bc34c90c4d1a504b9fa2958e49803c7af8bee3c2692d70590095ef0356a00cf963c5fc30613f3a7852b602fc7fbbd81ca99fc24ce51787f6d8d2e05af4762 WHIRLPOOL 4572b9b0cd9b84a579b99135759cd270d6b6c1f4590a990f3652bd4a80ce80f54e061564518500615ac77a321bebfd1476596a83e822b33a166fa1b3ae62311f
+EBUILD teleport-2.2.0.ebuild 1542 SHA256 63d498de0fb9999b59633bab0267d9eab225eaf222cad8b9757e9388c1d438a5 SHA512 416f9685b2b50788476043d7130ac358b68621da05237ea84502220fe065dff96b10f44e29b068690c79a9a0f528dfabee7430a87e25ef4b86c64e1d288c78a8 WHIRLPOOL 0e389dd9d5dfb02d8c8b3b6e046e3a9b952d93f265e42669250f68abdb86e5024466dc86b6873ac5b4ce8a8922c0b10181dc80e5d30d413ef4c467a47dab2724
+EBUILD teleport-2.2.1.ebuild 1542 SHA256 63d498de0fb9999b59633bab0267d9eab225eaf222cad8b9757e9388c1d438a5 SHA512 416f9685b2b50788476043d7130ac358b68621da05237ea84502220fe065dff96b10f44e29b068690c79a9a0f528dfabee7430a87e25ef4b86c64e1d288c78a8 WHIRLPOOL 0e389dd9d5dfb02d8c8b3b6e046e3a9b952d93f265e42669250f68abdb86e5024466dc86b6873ac5b4ce8a8922c0b10181dc80e5d30d413ef4c467a47dab2724
+EBUILD teleport-2.2.4.ebuild 1542 SHA256 63d498de0fb9999b59633bab0267d9eab225eaf222cad8b9757e9388c1d438a5 SHA512 416f9685b2b50788476043d7130ac358b68621da05237ea84502220fe065dff96b10f44e29b068690c79a9a0f528dfabee7430a87e25ef4b86c64e1d288c78a8 WHIRLPOOL 0e389dd9d5dfb02d8c8b3b6e046e3a9b952d93f265e42669250f68abdb86e5024466dc86b6873ac5b4ce8a8922c0b10181dc80e5d30d413ef4c467a47dab2724
+EBUILD teleport-9999.ebuild 1460 SHA256 0b70586206bb346e9725430ef5528e960cc23ead7c24a161801a4ea83acccdf2 SHA512 74ff9bb734b5b47ad2ac475413af8721c818293eb8166bc99887f75f3e9fa4b8e66e5abeb6fcbf58bb8a4f63db34f010d85471b1a5a7cd1c28c70e43019fa2cd WHIRLPOOL 3e91ec924a2c1c53278b437044049f7ca59e1105b2afd52f7c7a68680a321a7a80041657436919503b6702897261980501795b23e24e23554b38a29ae8fdd857
+MISC metadata.xml 630 SHA256 dde12b45aed05bd498cedda65f05c118e615b2ff246d404304782481b5ab83a1 SHA512 2aa911f2a91bfdea340b38715d69cbe59bcd460d34ac6d1d641f2badf2ba72f4e02cdd2f8a2ca387c9a9d19ea2c22e2be80ab4bb582d9395c1517b818f343c74 WHIRLPOOL 7a4feaf6cc59a3386c3fcb41304b8a1a799deea87c2957bdd9915dfc9f8a922dc802a8a6e8bd3d761d27a35dba46baf53bf3305b059922314ab5764c57fa99ee
diff --git a/sys-cluster/teleport/files/teleport-makefile-buildflags.patch b/sys-cluster/teleport/files/teleport-makefile-buildflags.patch
new file mode 100644
index 000000000000..d3da35350d86
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport-makefile-buildflags.patch
@@ -0,0 +1,11 @@
+--- work/src/github.com/gravitational/teleport/Makefile
++++ work/src/github.com/gravitational/teleport/Makefile
+@@ -12,7 +12,7 @@
+ PWD ?= `pwd`
+ TELEPORT_DEBUG ?= no
+ GITTAG=v$(VERSION)
+-BUILDFLAGS := $(ADDFLAGS) -ldflags '-w -s'
++BUILDFLAGS ?= $(ADDFLAGS) -ldflags '-w -s'
+ 
+ RELEASE=teleport-$(GITTAG)-`go env GOOS`-`go env GOARCH`-bin
+ BINARIES=$(BUILDDIR)/tsh $(BUILDDIR)/teleport $(BUILDDIR)/tctl
diff --git a/sys-cluster/teleport/files/teleport.conf.d b/sys-cluster/teleport/files/teleport.conf.d
new file mode 100644
index 000000000000..e4b2cbb1a7e8
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport.conf.d
@@ -0,0 +1,17 @@
+# /etc/conf.d/teleport: config file for /etc/init.d/teleport
+
+# Where is your teleport.yaml file stored?
+TELEPORT_CONFDIR="/etc/teleport"
+
+# Any random options you want to pass to teleport.
+TELEPORT_OPTS=""
+
+# Pid file to use (needs to be absolute path).
+#TELEPORT_PIDFILE="/var/run/teleport.pid"
+
+# Path to log file
+#TELEPORT_LOGFILE="/var/log/teleport.log"
+
+# Startup dependency
+# Un-comment when using etcd storage backend
+#rc_need="etcd"
diff --git a/sys-cluster/teleport/files/teleport.init.d b/sys-cluster/teleport/files/teleport.init.d
new file mode 100644
index 000000000000..a5d08b7f3f69
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport.init.d
@@ -0,0 +1,29 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+: ${TELEPORT_CONFDIR:=/etc/teleport}
+: ${TELEPORT_PIDFILE:=/var/run/${SVCNAME}.pid}
+: ${TELEPORT_BINARY:=/usr/bin/teleport}
+: ${TELEPORT_LOGFILE:=/var/log/teleport.log}
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting Teleport SSH Service"
+		start-stop-daemon --start --exec /usr/bin/teleport \
+		--background --make-pidfile --pidfile "${TELEPORT_PIDFILE}" \
+		--stderr "${TELEPORT_LOGFILE}" \
+		-- start --config="${TELEPORT_CONFDIR}/teleport.yaml" \
+		${TELEPORT_OPTS}
+		eend $?
+}
+
+stop() {
+	ebegin "Stopping Teleport SSH Service"
+		start-stop-daemon --stop --exec /usr/bin/teleport \
+		--pidfile "${TELEPORT_PIDFILE}"
+	eend $?
+}
diff --git a/sys-cluster/teleport/files/teleport.service b/sys-cluster/teleport/files/teleport.service
new file mode 100644
index 000000000000..b74734bbf9ef
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Teleport SSH Service
+After=network.target 
+
+[Service]
+Type=simple
+Restart=always
+ExecStart=/usr/bin/teleport start --config=/etc/teleport/teleport.yaml
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sys-cluster/teleport/files/teleport.service.conf b/sys-cluster/teleport/files/teleport.service.conf
new file mode 100644
index 000000000000..2ff7ffbf3a4e
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport.service.conf
@@ -0,0 +1,3 @@
+# Uncomment the following when using the etcd storage backend
+#[Unit]
+#Wants=etcd.service
diff --git a/sys-cluster/teleport/files/teleport.yaml b/sys-cluster/teleport/files/teleport.yaml
new file mode 100644
index 000000000000..e297bb89b571
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport.yaml
@@ -0,0 +1,142 @@
+# By default, this file should be stored in /etc/teleport.yaml
+
+# This section of the configuration file applies to all teleport
+# services.
+teleport:
+    # nodename allows to assign an alternative name this node can be reached by.
+    # by default it's equal to hostname
+    # nodename: graviton
+
+    # Data directory where Teleport keeps its data, like keys/users for 
+    # authentication (if using the default BoltDB back-end)
+    data_dir: /var/lib/teleport
+
+    # one-time invitation token used to join a cluster. it is not used on 
+    # subsequent starts
+    auth_token: xxxx-token-xxxx
+
+    # when running in multi-homed or NATed environments Teleport nodes need 
+    # to know which IP it will be reachable at by other nodes
+    # advertise_ip: 10.1.0.5
+
+    # list of auth servers in a cluster. you will have more than one auth server
+    # if you configure teleport auth to run in HA configuration
+    auth_servers: 
+        - localhost:3025
+
+    # Teleport throttles all connections to avoid abuse. These settings allow
+    # you to adjust the default limits
+    connection_limits:
+        max_connections: 1000
+        max_users: 250
+
+    # Logging configuration. Possible output values are 'stdout', 'stderr' and 
+    # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
+    log:
+        output: stderr
+        severity: ERROR
+
+    # Type of storage used for keys. You need to configure this to use etcd
+    # backend if you want to run Teleport in HA configuration.
+    storage:
+        type: bolt
+
+# This section configures the 'auth service':
+auth_service:
+    # Turns 'auth' role on. Default is 'yes'
+    enabled: yes
+
+    # Turns on dynamic configuration. Dynamic configuration defines the source
+    # for configuration information, configuration files on disk or what's
+    # stored in the backend. Default is false if no backend is specified,
+    # otherwise if backend is specified, it is assumed to be true.
+    dynamic_config: false
+
+    # defines the types and second factors the auth server supports
+    authentication:
+        # type can be local or oidc
+        type: local
+        # second_factor can be off, otp, or u2f
+        second_factor: otp
+
+        # this section is only used if using u2f
+        u2f:
+            # app_id should point to the Web UI.
+            app_id: https://localhost:3080
+
+            # facets should list all proxy servers.
+            facets:
+            - https://localhost
+            - https://localhost:3080
+
+    # IP and the port to bind to. Other Teleport nodes will be connecting to
+    # this port (AKA "Auth API" or "Cluster API") to validate client 
+    # certificates 
+    listen_addr: 0.0.0.0:3025
+
+    # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
+    # the role a new node will be allowed to assume. The more secure way to 
+    # add nodes is to use `ttl node add --ttl` command to generate auto-expiring 
+    # tokens. 
+    #
+    # We recommend to use tools like `pwgen` to generate sufficiently random
+    # tokens of 32+ byte length.
+    tokens:
+        - "proxy,node:xxxxx"
+        - "auth:yyyy"
+
+    # Optional "cluster name" is needed when configuring trust between multiple
+    # auth servers. A cluster name is used as part of a signature in certificates
+    # generated by this CA.
+    # 
+    # By default an automatically generated GUID is used.
+    #
+    # IMPORTANT: if you change cluster_name, it will invalidate all generated 
+    # certificates and keys (may need to wipe out /var/lib/teleport directory)
+    cluster_name: "main"
+
+# This section configures the 'node service':
+ssh_service:
+    # Turns 'ssh' role on. Default is 'yes'
+    enabled: yes
+
+    # IP and the port for SSH service to bind to. 
+    listen_addr: 0.0.0.0:3022
+    # See explanation of labels in "Labeling Nodes" section below
+    labels:
+        role: master
+        type: postgres
+    # List (YAML array) of commands to periodically execute and use
+    # their output as labels. 
+    # See explanation of how this works in "Labeling Nodes" section below
+    commands:
+    - name: hostname
+      command: [/usr/bin/hostname]
+      period: 1m0s
+    - name: arch
+      command: [/usr/bin/uname, -p]
+      period: 1h0m0s
+
+# This section configures the 'proxy servie'
+proxy_service:
+    # Turns 'proxy' role on. Default is 'yes'
+    enabled: yes
+
+    # SSH forwarding/proxy address. Command line (CLI) clients always begin their
+    # SSH sessions by connecting to this port
+    listen_addr: 0.0.0.0:3023
+
+    # Reverse tunnel listening address. An auth server (CA) can establish an 
+    # outbound (from behind the firewall) connection to this address. 
+    # This will allow users of the outside CA to connect to behind-the-firewall 
+    # nodes.
+    tunnel_listen_addr: 0.0.0.0:3024
+
+    # The HTTPS listen address to serve the Web UI and also to authenticate the 
+    # command line (CLI) users via password+HOTP
+    web_listen_addr: 0.0.0.0:3080
+
+    # TLS certificate for the HTTPS connection. Configuring these properly is 
+    # critical for Teleport security.
+    https_key_file: /etc/teleport/teleport.key
+    https_cert_file: /etc/teleport/teleport.crt
diff --git a/sys-cluster/teleport/metadata.xml b/sys-cluster/teleport/metadata.xml
new file mode 100644
index 000000000000..224f5639f024
--- /dev/null
+++ b/sys-cluster/teleport/metadata.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<name>Graeme Lawes</name>
+		<email>graemelawes@gmail.com</email>
+	</maintainer>
+	<maintainer type="project">
+		<name>Gentoo Proxy Maintainers Project</name>
+		<email>proxy-maint@gentoo.org</email>
+	</maintainer>
+	<upstream>
+		<changelog>https://github.com/gravitational/teleport/blob/master/CHANGELOG.md</changelog>
+		<bugs-to>https://github.com/gravitational/teleport/issues</bugs-to>
+		<remote-id type="github">gravitational/teleport</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/sys-cluster/teleport/teleport-2.2.0.ebuild b/sys-cluster/teleport/teleport-2.2.0.ebuild
new file mode 100644
index 000000000000..90fddb344c0c
--- /dev/null
+++ b/sys-cluster/teleport/teleport-2.2.0.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit eutils golang-build systemd user
+
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
+HOMEPAGE="https://gravitational.com/teleport"
+
+EGO_PN="github.com/gravitational/${PN}/..."
+
+if [[ ${PV} == "9999" ]] ; then
+	inherit git-r3 golang-vcs
+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
+else
+	inherit golang-vcs-snapshot
+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE=""
+RESTRICT="test"
+
+DEPEND="
+	app-arch/zip
+	>=dev-lang/go-1.8.3"
+RDEPEND=""
+
+PATCHES=( "${FILESDIR}"/${PN}-makefile-buildflags.patch )
+
+src_compile() {
+	BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*}
+	pushd src/${EGO_PN%/*}/web/dist >/dev/null || die
+	zip -qr "${S}/src/${EGO_PN%/*}/build/webassets.zip" . || die
+	popd >/dev/null || die
+	cat "${S}/src/${EGO_PN%/*}/build/webassets.zip" >> "src/${EGO_PN%/*}/build/${PN}" || die
+	zip -q -A "${S}/src/${EGO_PN%/*}/build/${PN}" || die
+}
+
+src_install() {
+	dodir /var/lib/${PN} /etc/${PN}
+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
+
+	insinto /etc/${PN}
+	doins "${FILESDIR}"/${PN}.yaml
+
+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
+
+	systemd_dounit "${FILESDIR}"/${PN}.service
+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
+}
+
+src_test() {
+	GOPATH="${S}" emake -C src/${EGO_PN%/*} test
+}
diff --git a/sys-cluster/teleport/teleport-2.2.1.ebuild b/sys-cluster/teleport/teleport-2.2.1.ebuild
new file mode 100644
index 000000000000..90fddb344c0c
--- /dev/null
+++ b/sys-cluster/teleport/teleport-2.2.1.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit eutils golang-build systemd user
+
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
+HOMEPAGE="https://gravitational.com/teleport"
+
+EGO_PN="github.com/gravitational/${PN}/..."
+
+if [[ ${PV} == "9999" ]] ; then
+	inherit git-r3 golang-vcs
+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
+else
+	inherit golang-vcs-snapshot
+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE=""
+RESTRICT="test"
+
+DEPEND="
+	app-arch/zip
+	>=dev-lang/go-1.8.3"
+RDEPEND=""
+
+PATCHES=( "${FILESDIR}"/${PN}-makefile-buildflags.patch )
+
+src_compile() {
+	BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*}
+	pushd src/${EGO_PN%/*}/web/dist >/dev/null || die
+	zip -qr "${S}/src/${EGO_PN%/*}/build/webassets.zip" . || die
+	popd >/dev/null || die
+	cat "${S}/src/${EGO_PN%/*}/build/webassets.zip" >> "src/${EGO_PN%/*}/build/${PN}" || die
+	zip -q -A "${S}/src/${EGO_PN%/*}/build/${PN}" || die
+}
+
+src_install() {
+	dodir /var/lib/${PN} /etc/${PN}
+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
+
+	insinto /etc/${PN}
+	doins "${FILESDIR}"/${PN}.yaml
+
+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
+
+	systemd_dounit "${FILESDIR}"/${PN}.service
+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
+}
+
+src_test() {
+	GOPATH="${S}" emake -C src/${EGO_PN%/*} test
+}
diff --git a/sys-cluster/teleport/teleport-2.2.4.ebuild b/sys-cluster/teleport/teleport-2.2.4.ebuild
new file mode 100644
index 000000000000..90fddb344c0c
--- /dev/null
+++ b/sys-cluster/teleport/teleport-2.2.4.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit eutils golang-build systemd user
+
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
+HOMEPAGE="https://gravitational.com/teleport"
+
+EGO_PN="github.com/gravitational/${PN}/..."
+
+if [[ ${PV} == "9999" ]] ; then
+	inherit git-r3 golang-vcs
+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
+else
+	inherit golang-vcs-snapshot
+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE=""
+RESTRICT="test"
+
+DEPEND="
+	app-arch/zip
+	>=dev-lang/go-1.8.3"
+RDEPEND=""
+
+PATCHES=( "${FILESDIR}"/${PN}-makefile-buildflags.patch )
+
+src_compile() {
+	BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*}
+	pushd src/${EGO_PN%/*}/web/dist >/dev/null || die
+	zip -qr "${S}/src/${EGO_PN%/*}/build/webassets.zip" . || die
+	popd >/dev/null || die
+	cat "${S}/src/${EGO_PN%/*}/build/webassets.zip" >> "src/${EGO_PN%/*}/build/${PN}" || die
+	zip -q -A "${S}/src/${EGO_PN%/*}/build/${PN}" || die
+}
+
+src_install() {
+	dodir /var/lib/${PN} /etc/${PN}
+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
+
+	insinto /etc/${PN}
+	doins "${FILESDIR}"/${PN}.yaml
+
+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
+
+	systemd_dounit "${FILESDIR}"/${PN}.service
+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
+}
+
+src_test() {
+	GOPATH="${S}" emake -C src/${EGO_PN%/*} test
+}
diff --git a/sys-cluster/teleport/teleport-9999.ebuild b/sys-cluster/teleport/teleport-9999.ebuild
new file mode 100644
index 000000000000..a16c3c133705
--- /dev/null
+++ b/sys-cluster/teleport/teleport-9999.ebuild
@@ -0,0 +1,55 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit eutils golang-build systemd user
+
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
+HOMEPAGE="https://gravitational.com/teleport"
+
+EGO_PN="github.com/gravitational/${PN}/..."
+
+if [[ ${PV} == "9999" ]] ; then
+	inherit git-r3 golang-vcs
+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
+else
+	inherit golang-vcs-snapshot
+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE=""
+
+DEPEND="
+	app-arch/zip
+	>=dev-lang/go-1.7"
+RDEPEND=""
+
+src_compile() {
+	BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*}
+	pushd src/${EGO_PN%/*}/web/dist >/dev/null || die
+	zip -qr "${S}/src/${EGO_PN%/*}/build/webassets.zip" . || die
+	popd >/dev/null || die
+	cat "${S}/src/${EGO_PN%/*}/build/webassets.zip" >> "src/${EGO_PN%/*}/build/${PN}" || die
+	zip -q -A "${S}/src/${EGO_PN%/*}/build/${PN}" || die
+}
+
+src_install() {
+	dodir /var/lib/${PN} /etc/${PN}
+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
+
+	insinto /etc/${PN}
+	doins "${FILESDIR}"/${PN}.yaml
+
+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
+
+	systemd_dounit "${FILESDIR}"/${PN}.service
+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
+}
+
+src_test() {
+	GOPATH="${S}" emake -C src/${EGO_PN%/*} test
+}