[arch-commits] Commit in vault/repos (5 files)

Christian Rebischke shibumi at archlinux.org
Sun Dec 3 00:44:10 UTC 2017 

    Date: Sunday, December 3, 2017 @ 00:44:09
  Author: shibumi
Revision: 271947

archrelease: copy trunk to community-x86_64

Added:
  vault/repos/community-x86_64/
  vault/repos/community-x86_64/PKGBUILD
    (from rev 271946, vault/trunk/PKGBUILD)
  vault/repos/community-x86_64/vault.hcl
    (from rev 271946, vault/trunk/vault.hcl)
  vault/repos/community-x86_64/vault.install
    (from rev 271946, vault/trunk/vault.install)
  vault/repos/community-x86_64/vault.service
    (from rev 271946, vault/trunk/vault.service)

---------------+
 PKGBUILD      |   42 ++++++++++++++++++++++++++++++++++++++++++
 vault.hcl     |   19 +++++++++++++++++++
 vault.install |   29 +++++++++++++++++++++++++++++
 vault.service |   22 ++++++++++++++++++++++
 4 files changed, 112 insertions(+)

Copied: vault/repos/community-x86_64/PKGBUILD (from rev 271946, vault/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD	                        (rev 0)
+++ community-x86_64/PKGBUILD	2017-12-03 00:44:09 UTC (rev 271947)
@@ -0,0 +1,42 @@
+# Maintainer : Christian Rebischke <Chris.Rebischke at archlinux.org>
+pkgname='vault'
+pkgdesc='A tool for managing secrets'
+pkgver='0.9.0'
+pkgrel='2'
+url='https://vaultproject.io/'
+license=('MPL')
+arch=('x86_64')
+makedepends=('go-pie' 'git')
+depends=('glibc')
+install='vault.install'
+backup=('etc/vault.hcl')
+_vault_commit='bdac1854478538052ba5b7ec9a9ec688d35a3335'
+source=("git+https://github.com/hashicorp/vault#commit=${_vault_commit}"
+        'vault.service'
+        'vault.hcl')
+sha512sums=('SKIP'
+            '1e67fe594198e42faf81eeb78eaa9904d832a04580c82cd5639b983bab850a01f33f4b43de43b4e3403ee7820236ab49c8b91a26981c47b9a2c6938b4c0b6be3'
+            '46106cc76151eef2dd5e4b2caa6a96aae4d6ce1ecbf977dcc8667a3f6c829cbea95133622adafcb15cdfaa066ecc94c73c983e7613ee2f6573694981569729fe')
+
+prepare () {
+  export GOPATH="${srcdir}"
+  export PATH="$PATH:$GOPATH/bin"
+  mkdir -p src/github.com/hashicorp/
+  mv ${pkgname} src/github.com/hashicorp/
+}
+
+build () {
+  cd src/github.com/hashicorp/${pkgname}
+  go build -o vault-binary
+}
+
+package () {
+  cd src/github.com/hashicorp/${pkgname}
+	install -Dm755 vault-binary "${pkgdir}/usr/bin/vault"
+	install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+	install -Dm644 "${srcdir}/vault.hcl" "${pkgdir}/etc/vault.hcl"
+	install -Dm644 "${srcdir}/vault.service" "${pkgdir}/usr/lib/systemd/system/vault.service"
+	for file in README.md CHANGELOG.md ; do
+		install -Dm644 "${file}" "${pkgdir}/usr/share/doc/${pkgname}/${file}"
+	done
+}

Copied: vault/repos/community-x86_64/vault.hcl (from rev 271946, vault/trunk/vault.hcl)
===================================================================
--- community-x86_64/vault.hcl	                        (rev 0)
+++ community-x86_64/vault.hcl	2017-12-03 00:44:09 UTC (rev 271947)
@@ -0,0 +1,19 @@
+/*
+ * Vault configuration. See: https://vaultproject.io/docs/config/
+ */
+
+backend "file" {
+	path = "/var/lib/vault"
+}
+
+listener "tcp" {
+	/*
+	 * By default Vault listens on localhost only.
+	 * Make sure to enable TLS support otherwise.
+	 *
+	 * Note that VAULT_ADDR=http://127.0.0.1:8200 must
+	 * be set in the environment in order for the client
+	 * to work because it uses HTTPS by default.
+	 */
+	tls_disable = 1
+}

Copied: vault/repos/community-x86_64/vault.install (from rev 271946, vault/trunk/vault.install)
===================================================================
--- community-x86_64/vault.install	                        (rev 0)
+++ community-x86_64/vault.install	2017-12-03 00:44:09 UTC (rev 271947)
@@ -0,0 +1,29 @@
+# vim: ft=sh ts=4 sw=4 et
+
+post_install () {
+    getent passwd vault > /dev/null || useradd \
+        -s /bin/nologin -c 'Vault daemon' -d /var/lib/vault -M -r -U vault
+    if [[ ! -d /var/lib/vault ]] ; then
+        mkdir /var/lib/vault
+        chown vault:vault /var/lib/vault
+    fi
+    setcap cap_ipc_lock=+ep /usr/bin/vault
+}
+
+post_upgrade () {
+    if [[ -d /var/lib/vault ]] ; then
+        local badperms=false
+        while read -r path ; do
+            if [[ $(stat --format=%U:%G "${path}") != vault:vault ]]
+            then
+                badperms=true
+                break
+            fi
+        done < <( find /var/lib/vault )
+        if ${badperms} ; then
+            echo 'Bad permissions detected in /var/lib/vault, fixing...'
+            chown -R vault:vault /var/lib/vault
+        fi
+    fi
+    post_install
+}

Copied: vault/repos/community-x86_64/vault.service (from rev 271946, vault/trunk/vault.service)
===================================================================
--- community-x86_64/vault.service	                        (rev 0)
+++ community-x86_64/vault.service	2017-12-03 00:44:09 UTC (rev 271947)
@@ -0,0 +1,22 @@
+[Unit]
+Description=Vault server
+Requires=basic.target network.target
+After=basic.target network.target
+
+[Service]
+User=vault
+Group=vault
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=read-only
+CapabilityBoundingSet=CAP_IPC_LOCK
+Environment=GOMAXPROCS=2
+ExecStart=/bin/vault server -config=/etc/vault/vault.hcl
+KillSignal=SIGINT
+TimeoutStopSec=30s
+Restart=on-failure
+StartLimitInterval=60s
+StartLimitBurst=3
+
+[Install]
+WantedBy=multi-user.target

More information about the arch-commits mailing list