Skip to content

Commit

Permalink
app-admin/vault: new package
Browse files Browse the repository at this point in the history
Signed-off-by: Patrice Clement <[email protected]>
  • Loading branch information
monsieurp committed Oct 16, 2024
1 parent de5a596 commit c131438
Show file tree
Hide file tree
Showing 8 changed files with 163 additions and 0 deletions.
1 change: 1 addition & 0 deletions app-admin/vault/Manifest
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DIST vault-1.17.6.tar.gz 33676185 BLAKE2B 55ba11bb74f7fe8511dc8402687a4c59ecf9dafa072df29ba1c84a2073940262381ea887b672110b54288147ac7720ecdf6ebeb52c63dab00a945dfc78543ba3 SHA512 ae1f2504885674f2a3cca4758aaf4f5b8244bba24d840093c8e4596d8c713ac0e63ae8d75cc6424d30e5d70a2f8953615eb35de245f0ad817e50e7494f0169f1
9 changes: 9 additions & 0 deletions app-admin/vault/files/localhost.json.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
backend "consul" {
address = "127.0.0.1:8500"
path = "vault"
}

listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = 1
}
7 changes: 7 additions & 0 deletions app-admin/vault/files/vault.confd
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# you can change the init script behavior by setting those parameters
# - group (default: vault)
# - pidfile (default: /run/vault/vault.pid)
# - user (default: vault)

# extra arguments for the consul agent
command_args="-config=/etc/vault.d"
20 changes: 20 additions & 0 deletions app-admin/vault/files/vault.initd
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/sbin/openrc-run
# Copyright 2015-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

description="vault server"
group=${group:-${RC_SVCNAME}}
pidfile=${pidfile:-"/run/${RC_SVCNAME}.pid"}
rc_ulimit=${rc_ulimit-"-n 65536"}
user=${user:-${RC_SVCNAME}}

command="/usr/bin/${RC_SVCNAME}"
command_args="server ${command_args}"
command_background="true"
start_stop_daemon_args="--user ${user} --group ${group} \
--stdout /var/log/${RC_SVCNAME}/${RC_SVCNAME}.log \
--stderr /var/log/${RC_SVCNAME}/${RC_SVCNAME}.log"

depend() {
need net
}
7 changes: 7 additions & 0 deletions app-admin/vault/files/vault.logrotated
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
/var/log/vault/vault.log {
missingok
size 5M
rotate 3
compress
copytruncate
}
31 changes: 31 additions & 0 deletions app-admin/vault/files/vault.service
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
[Unit]
Description=vault server
Requires=network-online.target
After=network-online.target

[Service]
Environment=VAULT_SERVER_OPTS="-config=/etc/vault.d"
User=vault
Group=vault
ProtectSystem=full
ProtectHome=read-only
PrivateTmp=yes
PrivateDevices=yes
SecureBits=keep-caps
AmbientCapabilities=CAP_IPC_LOCK
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
NoNewPrivileges=yes
ExecStart=/usr/bin/vault server $VAULT_SERVER_OPTS
ExecReload=/bin/kill --signal HUP $MAINPID
KillMode=process
KillSignal=SIGINT
Restart=on-failure
RestartSec=5
TimeoutStopSec=30
StartLimitIntervalSec=60
StartLimitBurst=3
LimitNOFILE=65536

[Install]
WantedBy=default.target
7 changes: 7 additions & 0 deletions app-admin/vault/metadata.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>[email protected]</email>
</maintainer>
</pkgmetadata>
81 changes: 81 additions & 0 deletions app-admin/vault/vault-1.17.6.ebuild
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

inherit fcaps go-module systemd

DESCRIPTION="A tool for managing secrets"
HOMEPAGE="https://vaultproject.io/"

SRC_URI="https://github.com/hashicorp/vault/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"

LICENSE="BUSL-1.1 MPL-2.0"
LICENSE+=" Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT"
SLOT="0"
KEYWORDS="~amd64 ~arm64 ~riscv"
IUSE=""

BDEPEND="
dev-go/gox
dev-go/enumer
app-arch/zip
>=dev-lang/go-1.21"

COMMON_DEPEND="
acct-group/vault
acct-user/vault"

DEPEND="${COMMON_DEPEND}"
RDEPEND="${COMMON_DEPEND}"

FILECAPS=(
-m 755 'cap_ipc_lock=+ep' usr/bin/${PN}
)

RESTRICT="test"

src_prepare() {
default
# Avoid the need to have a git checkout
sed -e 's:^\(GIT_COMMIT=\).*:\1:' \
-e 's:^\(GIT_DIRTY=\).*:\1:' \
-e s:\'\${GIT_COMMIT}\${GIT_DIRTY}\':: \
-e "s|^BUILD_DATE=.*|BUILD_DATE=$(date +%Y-%m-%dT%H:%M:%SZ)|" \
-i scripts/build.sh || die
sed -e "/hooks/d" \
-e 's|^\([[:space:]]*\)goimports .*)|\1true|' \
-e "s/gofumpt/gofmt/g" \
-i Makefile || die
if [[ -d "${WORKDIR}/http/web_ui" ]]; then
rm -rf "${S}/http/web_ui" || die
mv "${WORKDIR}/http/web_ui" "${S}/http/web_ui" ||
die "mv failed"
else
mkdir -p "${S}/http/web_ui" || die
touch "${S}/http/web_ui/no_web_ui" || die
fi
}

src_compile() {
mkdir "${T}"/bin || die
GOPATH="${T}" \
XC_ARCH=$(go env GOARCH) \
XC_OS=$(go env GOOS) \
XC_OSARCH=$(go env GOOS)/$(go env GOARCH) \
emake bin
}

src_install() {
dobin bin/${PN}
dodoc CHANGELOG.md CONTRIBUTING.md README.md
insinto /etc/${PN}.d
doins "${FILESDIR}/"*.json.example
insinto /etc/logrotate.d
newins "${FILESDIR}/${PN}.logrotated" "${PN}"
newinitd "${FILESDIR}/${PN}.initd" "${PN}"
newconfd "${FILESDIR}/${PN}.confd" "${PN}"
systemd_dounit "${FILESDIR}/${PN}.service"
keepdir /var/log/${PN}
fowners ${PN}:${PN} /var/log/${PN}
}

0 comments on commit c131438

Please sign in to comment.