[arch-commits] Commit in (7 files)
Christian Rebischke
shibumi at archlinux.org
Sun Dec 3 00:43:54 UTC 2017
Date: Sunday, December 3, 2017 @ 00:43:53
Author: shibumi
Revision: 271946
added vault package
Added:
vault/
vault/repos/
vault/trunk/
vault/trunk/PKGBUILD
vault/trunk/vault.hcl
vault/trunk/vault.install
vault/trunk/vault.service
---------------+
PKGBUILD | 42 ++++++++++++++++++++++++++++++++++++++++++
vault.hcl | 19 +++++++++++++++++++
vault.install | 29 +++++++++++++++++++++++++++++
vault.service | 22 ++++++++++++++++++++++
4 files changed, 112 insertions(+)
Added: vault/trunk/PKGBUILD
===================================================================
--- vault/trunk/PKGBUILD (rev 0)
+++ vault/trunk/PKGBUILD 2017-12-03 00:43:53 UTC (rev 271946)
@@ -0,0 +1,42 @@
+# Maintainer : Christian Rebischke <Chris.Rebischke at archlinux.org>
+pkgname='vault'
+pkgdesc='A tool for managing secrets'
+pkgver='0.9.0'
+pkgrel='2'
+url='https://vaultproject.io/'
+license=('MPL')
+arch=('x86_64')
+makedepends=('go-pie' 'git')
+depends=('glibc')
+install='vault.install'
+backup=('etc/vault.hcl')
+_vault_commit='bdac1854478538052ba5b7ec9a9ec688d35a3335'
+source=("git+https://github.com/hashicorp/vault#commit=${_vault_commit}"
+ 'vault.service'
+ 'vault.hcl')
+sha512sums=('SKIP'
+ '1e67fe594198e42faf81eeb78eaa9904d832a04580c82cd5639b983bab850a01f33f4b43de43b4e3403ee7820236ab49c8b91a26981c47b9a2c6938b4c0b6be3'
+ '46106cc76151eef2dd5e4b2caa6a96aae4d6ce1ecbf977dcc8667a3f6c829cbea95133622adafcb15cdfaa066ecc94c73c983e7613ee2f6573694981569729fe')
+
+prepare () {
+ export GOPATH="${srcdir}"
+ export PATH="$PATH:$GOPATH/bin"
+ mkdir -p src/github.com/hashicorp/
+ mv ${pkgname} src/github.com/hashicorp/
+}
+
+build () {
+ cd src/github.com/hashicorp/${pkgname}
+ go build -o vault-binary
+}
+
+package () {
+ cd src/github.com/hashicorp/${pkgname}
+ install -Dm755 vault-binary "${pkgdir}/usr/bin/vault"
+ install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+ install -Dm644 "${srcdir}/vault.hcl" "${pkgdir}/etc/vault.hcl"
+ install -Dm644 "${srcdir}/vault.service" "${pkgdir}/usr/lib/systemd/system/vault.service"
+ for file in README.md CHANGELOG.md ; do
+ install -Dm644 "${file}" "${pkgdir}/usr/share/doc/${pkgname}/${file}"
+ done
+}
Property changes on: vault/trunk/PKGBUILD
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+Id
\ No newline at end of property
Added: vault/trunk/vault.hcl
===================================================================
--- vault/trunk/vault.hcl (rev 0)
+++ vault/trunk/vault.hcl 2017-12-03 00:43:53 UTC (rev 271946)
@@ -0,0 +1,19 @@
+/*
+ * Vault configuration. See: https://vaultproject.io/docs/config/
+ */
+
+backend "file" {
+ path = "/var/lib/vault"
+}
+
+listener "tcp" {
+ /*
+ * By default Vault listens on localhost only.
+ * Make sure to enable TLS support otherwise.
+ *
+ * Note that VAULT_ADDR=http://127.0.0.1:8200 must
+ * be set in the environment in order for the client
+ * to work because it uses HTTPS by default.
+ */
+ tls_disable = 1
+}
Added: vault/trunk/vault.install
===================================================================
--- vault/trunk/vault.install (rev 0)
+++ vault/trunk/vault.install 2017-12-03 00:43:53 UTC (rev 271946)
@@ -0,0 +1,29 @@
+# vim: ft=sh ts=4 sw=4 et
+
+post_install () {
+ getent passwd vault > /dev/null || useradd \
+ -s /bin/nologin -c 'Vault daemon' -d /var/lib/vault -M -r -U vault
+ if [[ ! -d /var/lib/vault ]] ; then
+ mkdir /var/lib/vault
+ chown vault:vault /var/lib/vault
+ fi
+ setcap cap_ipc_lock=+ep /usr/bin/vault
+}
+
+post_upgrade () {
+ if [[ -d /var/lib/vault ]] ; then
+ local badperms=false
+ while read -r path ; do
+ if [[ $(stat --format=%U:%G "${path}") != vault:vault ]]
+ then
+ badperms=true
+ break
+ fi
+ done < <( find /var/lib/vault )
+ if ${badperms} ; then
+ echo 'Bad permissions detected in /var/lib/vault, fixing...'
+ chown -R vault:vault /var/lib/vault
+ fi
+ fi
+ post_install
+}
Added: vault/trunk/vault.service
===================================================================
--- vault/trunk/vault.service (rev 0)
+++ vault/trunk/vault.service 2017-12-03 00:43:53 UTC (rev 271946)
@@ -0,0 +1,22 @@
+[Unit]
+Description=Vault server
+Requires=basic.target network.target
+After=basic.target network.target
+
+[Service]
+User=vault
+Group=vault
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=read-only
+CapabilityBoundingSet=CAP_IPC_LOCK
+Environment=GOMAXPROCS=2
+ExecStart=/bin/vault server -config=/etc/vault/vault.hcl
+KillSignal=SIGINT
+TimeoutStopSec=30s
+Restart=on-failure
+StartLimitInterval=60s
+StartLimitBurst=3
+
+[Install]
+WantedBy=multi-user.target
More information about the arch-commits
mailing list