Date: Sunday, December 3, 2017 @ 00:44:09 Author: shibumi Revision: 271947
archrelease: copy trunk to community-x86_64 Added: vault/repos/community-x86_64/ vault/repos/community-x86_64/PKGBUILD (from rev 271946, vault/trunk/PKGBUILD) vault/repos/community-x86_64/vault.hcl (from rev 271946, vault/trunk/vault.hcl) vault/repos/community-x86_64/vault.install (from rev 271946, vault/trunk/vault.install) vault/repos/community-x86_64/vault.service (from rev 271946, vault/trunk/vault.service) ---------------+ PKGBUILD | 42 ++++++++++++++++++++++++++++++++++++++++++ vault.hcl | 19 +++++++++++++++++++ vault.install | 29 +++++++++++++++++++++++++++++ vault.service | 22 ++++++++++++++++++++++ 4 files changed, 112 insertions(+) Copied: vault/repos/community-x86_64/PKGBUILD (from rev 271946, vault/trunk/PKGBUILD) =================================================================== --- community-x86_64/PKGBUILD (rev 0) +++ community-x86_64/PKGBUILD 2017-12-03 00:44:09 UTC (rev 271947) @@ -0,0 +1,42 @@ +# Maintainer : Christian Rebischke <chris.rebisc...@archlinux.org> +pkgname='vault' +pkgdesc='A tool for managing secrets' +pkgver='0.9.0' +pkgrel='2' +url='https://vaultproject.io/' +license=('MPL') +arch=('x86_64') +makedepends=('go-pie' 'git') +depends=('glibc') +install='vault.install' +backup=('etc/vault.hcl') +_vault_commit='bdac1854478538052ba5b7ec9a9ec688d35a3335' +source=("git+https://github.com/hashicorp/vault#commit=${_vault_commit}" + 'vault.service' + 'vault.hcl') +sha512sums=('SKIP' + '1e67fe594198e42faf81eeb78eaa9904d832a04580c82cd5639b983bab850a01f33f4b43de43b4e3403ee7820236ab49c8b91a26981c47b9a2c6938b4c0b6be3' + '46106cc76151eef2dd5e4b2caa6a96aae4d6ce1ecbf977dcc8667a3f6c829cbea95133622adafcb15cdfaa066ecc94c73c983e7613ee2f6573694981569729fe') + +prepare () { + export GOPATH="${srcdir}" + export PATH="$PATH:$GOPATH/bin" + mkdir -p src/github.com/hashicorp/ + mv ${pkgname} src/github.com/hashicorp/ +} + +build () { + cd src/github.com/hashicorp/${pkgname} + go build -o vault-binary +} + +package () { + cd src/github.com/hashicorp/${pkgname} + install -Dm755 vault-binary "${pkgdir}/usr/bin/vault" + install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" + install -Dm644 "${srcdir}/vault.hcl" "${pkgdir}/etc/vault.hcl" + install -Dm644 "${srcdir}/vault.service" "${pkgdir}/usr/lib/systemd/system/vault.service" + for file in README.md CHANGELOG.md ; do + install -Dm644 "${file}" "${pkgdir}/usr/share/doc/${pkgname}/${file}" + done +} Copied: vault/repos/community-x86_64/vault.hcl (from rev 271946, vault/trunk/vault.hcl) =================================================================== --- community-x86_64/vault.hcl (rev 0) +++ community-x86_64/vault.hcl 2017-12-03 00:44:09 UTC (rev 271947) @@ -0,0 +1,19 @@ +/* + * Vault configuration. See: https://vaultproject.io/docs/config/ + */ + +backend "file" { + path = "/var/lib/vault" +} + +listener "tcp" { + /* + * By default Vault listens on localhost only. + * Make sure to enable TLS support otherwise. + * + * Note that VAULT_ADDR=http://127.0.0.1:8200 must + * be set in the environment in order for the client + * to work because it uses HTTPS by default. + */ + tls_disable = 1 +} Copied: vault/repos/community-x86_64/vault.install (from rev 271946, vault/trunk/vault.install) =================================================================== --- community-x86_64/vault.install (rev 0) +++ community-x86_64/vault.install 2017-12-03 00:44:09 UTC (rev 271947) @@ -0,0 +1,29 @@ +# vim: ft=sh ts=4 sw=4 et + +post_install () { + getent passwd vault > /dev/null || useradd \ + -s /bin/nologin -c 'Vault daemon' -d /var/lib/vault -M -r -U vault + if [[ ! -d /var/lib/vault ]] ; then + mkdir /var/lib/vault + chown vault:vault /var/lib/vault + fi + setcap cap_ipc_lock=+ep /usr/bin/vault +} + +post_upgrade () { + if [[ -d /var/lib/vault ]] ; then + local badperms=false + while read -r path ; do + if [[ $(stat --format=%U:%G "${path}") != vault:vault ]] + then + badperms=true + break + fi + done < <( find /var/lib/vault ) + if ${badperms} ; then + echo 'Bad permissions detected in /var/lib/vault, fixing...' + chown -R vault:vault /var/lib/vault + fi + fi + post_install +} Copied: vault/repos/community-x86_64/vault.service (from rev 271946, vault/trunk/vault.service) =================================================================== --- community-x86_64/vault.service (rev 0) +++ community-x86_64/vault.service 2017-12-03 00:44:09 UTC (rev 271947) @@ -0,0 +1,22 @@ +[Unit] +Description=Vault server +Requires=basic.target network.target +After=basic.target network.target + +[Service] +User=vault +Group=vault +PrivateTmp=yes +ProtectSystem=full +ProtectHome=read-only +CapabilityBoundingSet=CAP_IPC_LOCK +Environment=GOMAXPROCS=2 +ExecStart=/bin/vault server -config=/etc/vault/vault.hcl +KillSignal=SIGINT +TimeoutStopSec=30s +Restart=on-failure +StartLimitInterval=60s +StartLimitBurst=3 + +[Install] +WantedBy=multi-user.target