Look into compiling Teleport as a static binary again

[webvictim]

There are a number of reasons why we don't compile Teleport as a static binary:

• (g)libc DNS resolver (the musl implementation has caused issues in the past when running in Kubernetes)
• PAM
• BPF
• sqlite (requires cgo)

It's possible to work around all of these except the current requirement of using the glibc DNS resolver. Go's native resolver has apparently been considerably improved since Teleport was first compiled and can now handle the majority of settings in /etc/nsswitch.conf without trouble. It might be worth investigating whether we can use this instead and remove the dependency on glibc. This would enable us to truly have one Teleport binary with everything compiled in which will work anywhere, so we would no longer need separate CentOS 6 or other builds.

[awly]

@webvictim how can we trigger PAM without CGO and libpam?

[webvictim]

I managed to compile the binary on alpine using libpam-devel and musl but didn't test whether PAM worked.

[russjones]

What does Go do? Because I've seen similar issues discussed, for glibc on the Go issue tracker.

[awly]

I was able to compile teleport as a static binary, by statically linking C libraries via -ldflags '-extldflags=-static':

$ file build/teleport
build/teleport: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=a2f4c8913c03bd489b208815a72816dcd6c2259f, for GNU/Linux 3.2.0, stripped

Inspired by https://www.arp242.net/static-go.html

The binary starts find, but I'm not sure what features could be broken by this.

[webvictim]

This is the same way I compiled it statically too.