app-admin/vault: new package

Signed-off-by: Patrice Clement <[email protected]>

app-admin/vault/Manifest

@@ -0,0 +1 @@
+DIST vault-1.17.6.tar.gz 33676185 BLAKE2B 55ba11bb74f7fe8511dc8402687a4c59ecf9dafa072df29ba1c84a2073940262381ea887b672110b54288147ac7720ecdf6ebeb52c63dab00a945dfc78543ba3 SHA512 ae1f2504885674f2a3cca4758aaf4f5b8244bba24d840093c8e4596d8c713ac0e63ae8d75cc6424d30e5d70a2f8953615eb35de245f0ad817e50e7494f0169f1

app-admin/vault/files/localhost.json.example

@@ -0,0 +1,9 @@
+backend "consul" {
+	address = "127.0.0.1:8500"
+	path = "vault"
+}
+
+listener "tcp" {
+	address = "127.0.0.1:8200"
+	tls_disable = 1
+}

app-admin/vault/files/vault.confd

@@ -0,0 +1,7 @@
+# you can change the init script behavior by setting those parameters
+# - group (default: vault)
+# - pidfile (default: /run/vault/vault.pid)
+# - user (default: vault)
+
+# extra arguments for the consul agent
+command_args="-config=/etc/vault.d"

app-admin/vault/files/vault.initd

@@ -0,0 +1,20 @@
+#!/sbin/openrc-run
+# Copyright 2015-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="vault server"
+group=${group:-${RC_SVCNAME}}
+pidfile=${pidfile:-"/run/${RC_SVCNAME}.pid"}
+rc_ulimit=${rc_ulimit-"-n 65536"}
+user=${user:-${RC_SVCNAME}}
+
+command="/usr/bin/${RC_SVCNAME}"
+command_args="server ${command_args}"
+command_background="true"
+start_stop_daemon_args="--user ${user} --group ${group} \
+	--stdout /var/log/${RC_SVCNAME}/${RC_SVCNAME}.log \
+	--stderr /var/log/${RC_SVCNAME}/${RC_SVCNAME}.log"
+
+depend() {
+	need net
+}

app-admin/vault/files/vault.logrotated

@@ -0,0 +1,7 @@
+/var/log/vault/vault.log {
+	missingok
+	size 5M
+	rotate 3
+	compress
+	copytruncate
+}

app-admin/vault/files/vault.service

@@ -0,0 +1,31 @@
+[Unit]
+Description=vault server
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+Environment=VAULT_SERVER_OPTS="-config=/etc/vault.d"
+User=vault
+Group=vault
+ProtectSystem=full
+ProtectHome=read-only
+PrivateTmp=yes
+PrivateDevices=yes
+SecureBits=keep-caps
+AmbientCapabilities=CAP_IPC_LOCK
+Capabilities=CAP_IPC_LOCK+ep
+CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
+NoNewPrivileges=yes
+ExecStart=/usr/bin/vault server $VAULT_SERVER_OPTS
+ExecReload=/bin/kill --signal HUP $MAINPID
+KillMode=process
+KillSignal=SIGINT
+Restart=on-failure
+RestartSec=5
+TimeoutStopSec=30
+StartLimitIntervalSec=60
+StartLimitBurst=3
+LimitNOFILE=65536
+
+[Install]
+WantedBy=default.target

app-admin/vault/metadata.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>[email protected]</email>
+	</maintainer>
+</pkgmetadata>

app-admin/vault/vault-1.17.6.ebuild

@@ -0,0 +1,82 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit fcaps go-module systemd
+
+DESCRIPTION="A tool for managing secrets"
+HOMEPAGE="https://vaultproject.io/"
+
+SRC_URI="https://github.com/hashicorp/vault/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="BUSL-1.1 MPL-2.0"
+LICENSE+=" Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~riscv"
+IUSE=""
+
+BDEPEND="
+	app-arch/zip
+	dev-go/enumer
+	dev-go/gox
+	>=dev-lang/go-1.21"
+COMMON_DEPEND="acct-group/vault
+	acct-user/vault"
+	DEPEND="${COMMON_DEPEND}"
+	RDEPEND="${COMMON_DEPEND}"
+
+FILECAPS=(
+	-m 755 'cap_ipc_lock=+ep' usr/bin/${PN}
+)
+
+RESTRICT="test"
+
+src_unpack() {
+	default
+}
+
+src_prepare() {
+	default
+	# Avoid the need to have a git checkout
+	sed -e 's:^\(GIT_COMMIT=\).*:\1:' \
+		-e 's:^\(GIT_DIRTY=\).*:\1:' \
+		-e s:\'\${GIT_COMMIT}\${GIT_DIRTY}\':: \
+		-e "s|^BUILD_DATE=.*|BUILD_DATE=$(date +%Y-%m-%dT%H:%M:%SZ)|" \
+		-i scripts/build.sh || die
+	sed -e "/hooks/d" \
+		-e 's|^\([[:space:]]*\)goimports .*)|\1true|' \
+		-e "s/gofumpt/gofmt/g" \
+		-i Makefile || die
+	if [[ -d "${WORKDIR}/http/web_ui" ]]; then
+		rm -rf "${S}/http/web_ui" || die
+		mv "${WORKDIR}/http/web_ui" "${S}/http/web_ui" ||
+			die "mv failed"
+	else
+		mkdir -p "${S}/http/web_ui" || die
+		touch "${S}/http/web_ui/no_web_ui" || die
+	fi
+}
+
+src_compile() {
+	mkdir "${T}"/bin || die
+	GOPATH="${T}" \
+	XC_ARCH=$(go env GOARCH) \
+	XC_OS=$(go env GOOS) \
+	XC_OSARCH=$(go env GOOS)/$(go env GOARCH) \
+	emake bin
+}
+
+src_install() {
+	dobin bin/${PN}
+	dodoc CHANGELOG.md CONTRIBUTING.md README.md
+	insinto /etc/${PN}.d
+	doins "${FILESDIR}/"*.json.example
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/${PN}.logrotated" "${PN}"
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+	systemd_dounit "${FILESDIR}/${PN}.service"
+	keepdir /var/log/${PN}
+	fowners ${PN}:${PN} /var/log/${PN}
+}