From 5007691691d6fb722aa8e78e89e067956fc8cee4 Mon Sep 17 00:00:00 2001
From: Justin Kromlinger <hashworks@archlinux.org>
Date: Sun, 11 Jun 2023 17:13:33 +0200
Subject: [PATCH] upgpkg: 1.13.3-2: Use upstream unit file

---
 PKGBUILD       | 23 ++++++++++++++------
 vault.hcl      | 59 ++++++++++++++++++++++++++++++++++++++------------
 vault.tmpfiles |  2 +-
 3 files changed, 62 insertions(+), 22 deletions(-)

diff --git a/PKGBUILD b/PKGBUILD
index 7c701b3..31d17e4 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,31 +7,35 @@
 pkgname=vault
 pkgdesc='A tool for managing secrets'
 pkgver=1.13.3
-pkgrel=1
+pkgrel=2
 url="https://vaultproject.io/"
 license=('MPL')
 arch=('x86_64')
 depends=('glibc')
 makedepends=('go' 'git' 'yarn' 'bower' 'nodejs-lts-gallium' 'npm' 'zip' 'gox' 'go-tools')
 install=vault.install
-backup=('etc/vault.hcl')
+backup=('etc/vault.hcl' 'etc/default/vault')
 _vault_commit='3bedf816cbf851656ae9e6bd65dd4a67a9ddff5e'
 source=("git+https://github.com/hashicorp/vault#commit=${_vault_commit}"
-  'vault.service'
   'vault.sysusers'
   'vault.tmpfiles'
   'vault.hcl')
 sha512sums=('SKIP'
-            '6619cf57668e995cddb29fb6c388c18c21b251052a53832415e415bb4fe538361ef77b74536f5b082b9cda6cd71b598fc50d8b7f51092c4d60262052c5725af2'
             '92616ccf83fa5ca9f8b0d022cf8ceb1f3549e12b66bf21d9f77f3eb26bd75ec1dc36c155948ec987c642067b85fbfc30a9217d6c503d952a402aa5ef63e50928'
-            '073f0f400cba78521cd2709ce86d88fbb14125117f9f3beca657f625d04eab8e00f7a01b5d9a1cfc03e9038844f5732bdbb1a85dd65a803d3f0b90f8bf87880e'
-            '46106cc76151eef2dd5e4b2caa6a96aae4d6ce1ecbf977dcc8667a3f6c829cbea95133622adafcb15cdfaa066ecc94c73c983e7613ee2f6573694981569729fe')
+            'db327aae6f821ee1ea608abdb3fc82aeeae72ce873d78ada44461644add32afd6c0197019427734498bc28ae187b6f741a02196e40a620caab597e5eef32ca7a'
+            '75d654ec4eadfe983f57951d470fff8b9eb953b42c08e7b6b3a1baaa0721fd7a9d5be37480b0e4f4fd8518f375348bdd8394848f0fb27cb1d425279acb67f693')
 
 pkgver() {
   cd vault
   git describe --tags --match 'v*' | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g'
 }
 
+prepare() {
+  cd vault
+  sed -i 's|/etc/vault.d/vault.hcl|/etc/vault.hcl|g' .release/linux/package/usr/lib/systemd/system/vault.service
+  sed -i 's|/etc/vault.d/vault.env|/etc/default/vault|g' .release/linux/package/usr/lib/systemd/system/vault.service
+}
+
 build() {
   mkdir -p "${srcdir}/vault/http/web_ui"
   cd "${srcdir}/vault/ui"
@@ -58,12 +62,17 @@ build() {
 
 package() {
   install -Dm644 "${srcdir}/vault.hcl" "${pkgdir}/etc/vault.hcl"
-  install -Dm644 "${srcdir}/vault.service" "${pkgdir}/usr/lib/systemd/system/vault.service"
   install -Dm644 "${srcdir}/vault.sysusers" "${pkgdir}/usr/lib/sysusers.d/vault.conf"
   install -Dm644 "${srcdir}/vault.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/vault.conf"
+
   cd "${srcdir}/vault"
+
+  install -Dm644 ".release/linux/package/etc/vault.d/vault.env" "${pkgdir}/etc/default/vault"
+  install -Dm644 ".release/linux/package/usr/lib/systemd/system/vault.service" "${pkgdir}/usr/lib/systemd/system/vault.service"
+
   install -Dm755 "dist/vault" "${pkgdir}/usr/bin/vault"
   install -Dm644 "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+
   for file in README.md CHANGELOG.md CONTRIBUTING.md; do
     install -Dm644 "${file}" "${pkgdir}/usr/share/doc/${pkgname}/${file}"
   done
diff --git a/vault.hcl b/vault.hcl
index a612cf1..6a738e9 100644
--- a/vault.hcl
+++ b/vault.hcl
@@ -1,19 +1,50 @@
-/*
- * Vault configuration. See: https://vaultproject.io/docs/config/
- */
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
 
-backend "file" {
-	path = "/var/lib/vault"
+# Full configuration options can be found at https://www.vaultproject.io/docs/configuration
+
+ui = true
+
+#mlock = true
+#disable_mlock = true
+
+storage "file" {
+  path = "/var/lib/vault"
 }
 
+#storage "consul" {
+#  address = "127.0.0.1:8500"
+#  path    = "vault"
+#}
+
+# HTTP listener
 listener "tcp" {
-	/*
-	 * By default Vault listens on localhost only.
-	 * Make sure to enable TLS support otherwise.
-	 *
-	 * Note that VAULT_ADDR=http://127.0.0.1:8200 must
-	 * be set in the environment in order for the client
-	 * to work because it uses HTTPS by default.
-	 */
-	tls_disable = 1
+  address = "127.0.0.1:8200"
+  tls_disable = 1
 }
+
+# HTTPS listener
+#listener "tcp" {
+#  address       = "0.0.0.0:8200"
+#  tls_cert_file = "/var/lib/vault/tls/tls.crt"
+#  tls_key_file  = "/var/lib/vault/tls/tls.key"
+#}
+
+# Enterprise license_path
+# This will be required for enterprise as of v1.8
+#license_path = "/etc/vault.hclic"
+
+# Example AWS KMS auto unseal
+#seal "awskms" {
+#  region = "us-east-1"
+#  kms_key_id = "REPLACE-ME"
+#}
+
+# Example HSM auto unseal
+#seal "pkcs11" {
+#  lib            = "/usr/vault/lib/libCryptoki2_64.so"
+#  slot           = "0"
+#  pin            = "AAAA-BBBB-CCCC-DDDD"
+#  key_label      = "vault-hsm-key"
+#  hmac_key_label = "vault-hsm-hmac-key"
+#}
diff --git a/vault.tmpfiles b/vault.tmpfiles
index 52fc5f2..de186c0 100644
--- a/vault.tmpfiles
+++ b/vault.tmpfiles
@@ -1 +1 @@
-d /var/lib/vault 0755 vault vault - -
+d /var/lib/vault 0750 vault vault - -