upgpkg: 1.4.2-1
This commit is contained in:
parent
4689f77f91
commit
2276d9bf04
3526
CHANGELOG.md
3526
CHANGELOG.md
File diff suppressed because it is too large
Load Diff
13
PKGBUILD
13
PKGBUILD
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
pkgname='vault'
|
pkgname='vault'
|
||||||
pkgdesc='A tool for managing secrets'
|
pkgdesc='A tool for managing secrets'
|
||||||
pkgver='1.4.1'
|
pkgver='1.4.2'
|
||||||
pkgrel='1'
|
pkgrel='1'
|
||||||
url="https://vaultproject.io/"
|
url="https://vaultproject.io/"
|
||||||
license=('MPL')
|
license=('MPL')
|
||||||
@ -14,30 +14,25 @@ makedepends=('go-pie' 'git' 'yarn' 'bower' 'nodejs-lts-dubnium' 'npm' 'zip'
|
|||||||
depends=('glibc')
|
depends=('glibc')
|
||||||
install='vault.install'
|
install='vault.install'
|
||||||
backup=('etc/vault.hcl')
|
backup=('etc/vault.hcl')
|
||||||
_vault_commit='b2b4ab9577e413b00d9b727e2c3f465561bd38bd'
|
_vault_commit='18f1c494be8b06788c2fdda1a4296eb3c4b174ce'
|
||||||
source=("git+https://github.com/hashicorp/vault#commit=${_vault_commit}"
|
source=("git+https://github.com/hashicorp/vault#commit=${_vault_commit}"
|
||||||
'vault.service'
|
'vault.service'
|
||||||
'vault.sysusers'
|
'vault.sysusers'
|
||||||
'vault.tmpfiles'
|
'vault.tmpfiles'
|
||||||
'vault.hcl'
|
'vault.hcl')
|
||||||
'vault-fix-ssh-rsa.patch')
|
|
||||||
sha512sums=('SKIP'
|
sha512sums=('SKIP'
|
||||||
'6619cf57668e995cddb29fb6c388c18c21b251052a53832415e415bb4fe538361ef77b74536f5b082b9cda6cd71b598fc50d8b7f51092c4d60262052c5725af2'
|
'6619cf57668e995cddb29fb6c388c18c21b251052a53832415e415bb4fe538361ef77b74536f5b082b9cda6cd71b598fc50d8b7f51092c4d60262052c5725af2'
|
||||||
'92616ccf83fa5ca9f8b0d022cf8ceb1f3549e12b66bf21d9f77f3eb26bd75ec1dc36c155948ec987c642067b85fbfc30a9217d6c503d952a402aa5ef63e50928'
|
'92616ccf83fa5ca9f8b0d022cf8ceb1f3549e12b66bf21d9f77f3eb26bd75ec1dc36c155948ec987c642067b85fbfc30a9217d6c503d952a402aa5ef63e50928'
|
||||||
'073f0f400cba78521cd2709ce86d88fbb14125117f9f3beca657f625d04eab8e00f7a01b5d9a1cfc03e9038844f5732bdbb1a85dd65a803d3f0b90f8bf87880e'
|
'073f0f400cba78521cd2709ce86d88fbb14125117f9f3beca657f625d04eab8e00f7a01b5d9a1cfc03e9038844f5732bdbb1a85dd65a803d3f0b90f8bf87880e'
|
||||||
'46106cc76151eef2dd5e4b2caa6a96aae4d6ce1ecbf977dcc8667a3f6c829cbea95133622adafcb15cdfaa066ecc94c73c983e7613ee2f6573694981569729fe'
|
'46106cc76151eef2dd5e4b2caa6a96aae4d6ce1ecbf977dcc8667a3f6c829cbea95133622adafcb15cdfaa066ecc94c73c983e7613ee2f6573694981569729fe')
|
||||||
'7aab08cc3e203ae9a0c440c53f1f970e086953b6564b0f3ec35a0ae23a1bcbd9bf3db1107ee1777d5a6cc18915a9e80514b8422a5077c2f059b14efd66bafb26')
|
|
||||||
changelog=CHANGELOG.md
|
changelog=CHANGELOG.md
|
||||||
|
|
||||||
prepare () {
|
prepare () {
|
||||||
export GOPATH="${srcdir}"
|
export GOPATH="${srcdir}"
|
||||||
# export PATH="$PATH:$GOPATH/bin"
|
|
||||||
mkdir -p src/github.com/hashicorp/ "$GOPATH/bin"
|
mkdir -p src/github.com/hashicorp/ "$GOPATH/bin"
|
||||||
mv "${pkgname}" "src/github.com/hashicorp/${pkgname}"
|
mv "${pkgname}" "src/github.com/hashicorp/${pkgname}"
|
||||||
export PACKAGE_ROOT="${GOPATH}/src/github.com/hashicorp/${pkgname}"
|
export PACKAGE_ROOT="${GOPATH}/src/github.com/hashicorp/${pkgname}"
|
||||||
cd $PACKAGE_ROOT
|
cd $PACKAGE_ROOT
|
||||||
#git revert -n 61ff0fd8699dfe9efb9b014df8e9aff86a0aa924 #https://github.com/hashicorp/vault/issues/7475
|
|
||||||
#patch -Np1 < "${srcdir}/vault-fix-ssh-rsa.patch"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
build () {
|
build () {
|
||||||
|
@ -1,41 +0,0 @@
|
|||||||
diff --git a/builtin/logical/ssh/path_sign.go b/builtin/logical/ssh/path_sign.go
|
|
||||||
index a64edfa2d..f3c83f765 100644
|
|
||||||
--- a/builtin/logical/ssh/path_sign.go
|
|
||||||
+++ b/builtin/logical/ssh/path_sign.go
|
|
||||||
@@ -9,6 +9,7 @@ import (
|
|
||||||
"crypto/sha256"
|
|
||||||
"errors"
|
|
||||||
"fmt"
|
|
||||||
+ "io"
|
|
||||||
"strconv"
|
|
||||||
"strings"
|
|
||||||
"time"
|
|
||||||
@@ -484,10 +485,27 @@ func (b *creationBundle) sign() (retCert *ssh.Certificate, retErr error) {
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
- err = certificate.SignCert(rand.Reader, b.Signer)
|
|
||||||
+ sshAlgorithmSigner, _ := b.Signer.(ssh.AlgorithmSigner)
|
|
||||||
+
|
|
||||||
+ // prepare certificate for signing
|
|
||||||
+ certificate.Nonce = make([]byte, 32)
|
|
||||||
+ if _, err := io.ReadFull(rand.Reader, certificate.Nonce); err != nil {
|
|
||||||
+ return nil, fmt.Errorf("failed to generate signed SSH key")
|
|
||||||
+ }
|
|
||||||
+ certificate.SignatureKey = sshAlgorithmSigner.PublicKey()
|
|
||||||
+
|
|
||||||
+ // get bytes to sign
|
|
||||||
+ c2 := *certificate
|
|
||||||
+ c2.Signature = nil
|
|
||||||
+ out := c2.Marshal()
|
|
||||||
+ certificateBytes := out[:len(out)-4]
|
|
||||||
+
|
|
||||||
+ // sign with rsa-sha2-256
|
|
||||||
+ sig, err := sshAlgorithmSigner.SignWithAlgorithm(rand.Reader, certificateBytes, ssh.SigAlgoRSASHA2256)
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("failed to generate signed SSH key")
|
|
||||||
}
|
|
||||||
+ certificate.Signature = sig
|
|
||||||
|
|
||||||
return certificate, nil
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user