upgpkg: 1.4.2-1
This commit is contained in:
Christian Rebischke
parent
4689f77f91
commit
2276d9bf04
3526
CHANGELOG.md
3526
CHANGELOG.md
File diff suppressed because it is too large
Load Diff
13
PKGBUILD
13
PKGBUILD
@ -4,7 +4,7 @@
|
||||
|
||||
pkgname='vault'
|
||||
pkgdesc='A tool for managing secrets'
|
||||
pkgver='1.4.1'
|
||||
pkgver='1.4.2'
|
||||
pkgrel='1'
|
||||
url="https://vaultproject.io/"
|
||||
license=('MPL')
|
||||
@ -14,30 +14,25 @@ makedepends=('go-pie' 'git' 'yarn' 'bower' 'nodejs-lts-dubnium' 'npm' 'zip'
|
||||
depends=('glibc')
|
||||
install='vault.install'
|
||||
backup=('etc/vault.hcl')
|
||||
_vault_commit='b2b4ab9577e413b00d9b727e2c3f465561bd38bd'
|
||||
_vault_commit='18f1c494be8b06788c2fdda1a4296eb3c4b174ce'
|
||||
source=("git+https://github.com/hashicorp/vault#commit=${_vault_commit}"
|
||||
'vault.service'
|
||||
'vault.sysusers'
|
||||
'vault.tmpfiles'
|
||||
'vault.hcl'
|
||||
'vault-fix-ssh-rsa.patch')
|
||||
'vault.hcl')
|
||||
sha512sums=('SKIP'
|
||||
'6619cf57668e995cddb29fb6c388c18c21b251052a53832415e415bb4fe538361ef77b74536f5b082b9cda6cd71b598fc50d8b7f51092c4d60262052c5725af2'
|
||||
'92616ccf83fa5ca9f8b0d022cf8ceb1f3549e12b66bf21d9f77f3eb26bd75ec1dc36c155948ec987c642067b85fbfc30a9217d6c503d952a402aa5ef63e50928'
|
||||
'073f0f400cba78521cd2709ce86d88fbb14125117f9f3beca657f625d04eab8e00f7a01b5d9a1cfc03e9038844f5732bdbb1a85dd65a803d3f0b90f8bf87880e'
|
||||
'46106cc76151eef2dd5e4b2caa6a96aae4d6ce1ecbf977dcc8667a3f6c829cbea95133622adafcb15cdfaa066ecc94c73c983e7613ee2f6573694981569729fe'
|
||||
'7aab08cc3e203ae9a0c440c53f1f970e086953b6564b0f3ec35a0ae23a1bcbd9bf3db1107ee1777d5a6cc18915a9e80514b8422a5077c2f059b14efd66bafb26')
|
||||
'46106cc76151eef2dd5e4b2caa6a96aae4d6ce1ecbf977dcc8667a3f6c829cbea95133622adafcb15cdfaa066ecc94c73c983e7613ee2f6573694981569729fe')
|
||||
changelog=CHANGELOG.md
|
||||
|
||||
prepare () {
|
||||
export GOPATH="${srcdir}"
|
||||
# export PATH="$PATH:$GOPATH/bin"
|
||||
mkdir -p src/github.com/hashicorp/ "$GOPATH/bin"
|
||||
mv "${pkgname}" "src/github.com/hashicorp/${pkgname}"
|
||||
export PACKAGE_ROOT="${GOPATH}/src/github.com/hashicorp/${pkgname}"
|
||||
cd $PACKAGE_ROOT
|
||||
#git revert -n 61ff0fd8699dfe9efb9b014df8e9aff86a0aa924 #https://github.com/hashicorp/vault/issues/7475
|
||||
#patch -Np1 < "${srcdir}/vault-fix-ssh-rsa.patch"
|
||||
}
|
||||
|
||||
build () {
|
||||
|
||||
@ -1,41 +0,0 @@
|
||||
diff --git a/builtin/logical/ssh/path_sign.go b/builtin/logical/ssh/path_sign.go
|
||||
index a64edfa2d..f3c83f765 100644
|
||||
--- a/builtin/logical/ssh/path_sign.go
|
||||
+++ b/builtin/logical/ssh/path_sign.go
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"crypto/sha256"
|
||||
"errors"
|
||||
"fmt"
|
||||
+ "io"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
@@ -484,10 +485,27 @@ func (b *creationBundle) sign() (retCert *ssh.Certificate, retErr error) {
|
||||
},
|
||||
}
|
||||
|
||||
- err = certificate.SignCert(rand.Reader, b.Signer)
|
||||
+ sshAlgorithmSigner, _ := b.Signer.(ssh.AlgorithmSigner)
|
||||
+
|
||||
+ // prepare certificate for signing
|
||||
+ certificate.Nonce = make([]byte, 32)
|
||||
+ if _, err := io.ReadFull(rand.Reader, certificate.Nonce); err != nil {
|
||||
+ return nil, fmt.Errorf("failed to generate signed SSH key")
|
||||
+ }
|
||||
+ certificate.SignatureKey = sshAlgorithmSigner.PublicKey()
|
||||
+
|
||||
+ // get bytes to sign
|
||||
+ c2 := *certificate
|
||||
+ c2.Signature = nil
|
||||
+ out := c2.Marshal()
|
||||
+ certificateBytes := out[:len(out)-4]
|
||||
+
|
||||
+ // sign with rsa-sha2-256
|
||||
+ sig, err := sshAlgorithmSigner.SignWithAlgorithm(rand.Reader, certificateBytes, ssh.SigAlgoRSASHA2256)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to generate signed SSH key")
|
||||
}
|
||||
+ certificate.Signature = sig
|
||||
|
||||
return certificate, nil
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user