added vault package

2017-12-03 00:43:53 +00:00 · 2017-12-03 00:43:53 +00:00 · 7b0e2094c6
commit 7b0e2094c6
4 changed files with 112 additions and 0 deletions
--- a/42
+++ b/42
@ -0,0 +1,42 @@
+# Maintainer : Christian Rebischke <Chris.Rebischke@archlinux.org>
+pkgname='vault'
+pkgdesc='A tool for managing secrets'
+pkgver='0.9.0'
+pkgrel='2'
+url='https://vaultproject.io/'
+license=('MPL')
+arch=('x86_64')
+makedepends=('go-pie' 'git')
+depends=('glibc')
+install='vault.install'
+backup=('etc/vault.hcl')
+_vault_commit='bdac1854478538052ba5b7ec9a9ec688d35a3335'
+source=("git+https://github.com/hashicorp/vault#commit=${_vault_commit}"
+        'vault.service'
+        'vault.hcl')
+sha512sums=('SKIP'
+            '1e67fe594198e42faf81eeb78eaa9904d832a04580c82cd5639b983bab850a01f33f4b43de43b4e3403ee7820236ab49c8b91a26981c47b9a2c6938b4c0b6be3'
+            '46106cc76151eef2dd5e4b2caa6a96aae4d6ce1ecbf977dcc8667a3f6c829cbea95133622adafcb15cdfaa066ecc94c73c983e7613ee2f6573694981569729fe')
+
+prepare () {
+  export GOPATH="${srcdir}"
+  export PATH="$PATH:$GOPATH/bin"
+  mkdir -p src/github.com/hashicorp/
+  mv ${pkgname} src/github.com/hashicorp/
+}
+
+build () {
+  cd src/github.com/hashicorp/${pkgname}
+  go build -o vault-binary
+}
+
+package () {
+  cd src/github.com/hashicorp/${pkgname}
+	install -Dm755 vault-binary "${pkgdir}/usr/bin/vault"
+	install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+	install -Dm644 "${srcdir}/vault.hcl" "${pkgdir}/etc/vault.hcl"
+	install -Dm644 "${srcdir}/vault.service" "${pkgdir}/usr/lib/systemd/system/vault.service"
+	for file in README.md CHANGELOG.md ; do
+		install -Dm644 "${file}" "${pkgdir}/usr/share/doc/${pkgname}/${file}"
+	done
+}
--- a/vault.hcl
+++ b/vault.hcl
@ -0,0 +1,19 @@
+/*
+ * Vault configuration. See: https://vaultproject.io/docs/config/
+ */
+
+backend "file" {
+	path = "/var/lib/vault"
+}
+
+listener "tcp" {
+	/*
+	 * By default Vault listens on localhost only.
+	 * Make sure to enable TLS support otherwise.
+	 *
+	 * Note that VAULT_ADDR=http://127.0.0.1:8200 must
+	 * be set in the environment in order for the client
+	 * to work because it uses HTTPS by default.
+	 */
+	tls_disable = 1
+}
--- a/vault.install
+++ b/vault.install
@ -0,0 +1,29 @@
+# vim: ft=sh ts=4 sw=4 et
+
+post_install () {
+    getent passwd vault > /dev/null || useradd \
+        -s /bin/nologin -c 'Vault daemon' -d /var/lib/vault -M -r -U vault
+    if [[ ! -d /var/lib/vault ]] ; then
+        mkdir /var/lib/vault
+        chown vault:vault /var/lib/vault
+    fi
+    setcap cap_ipc_lock=+ep /usr/bin/vault
+}
+
+post_upgrade () {
+    if [[ -d /var/lib/vault ]] ; then
+        local badperms=false
+        while read -r path ; do
+            if [[ $(stat --format=%U:%G "${path}") != vault:vault ]]
+            then
+                badperms=true
+                break
+            fi
+        done < <( find /var/lib/vault )
+        if ${badperms} ; then
+            echo 'Bad permissions detected in /var/lib/vault, fixing...'
+            chown -R vault:vault /var/lib/vault
+        fi
+    fi
+    post_install
+}
--- a/vault.service
+++ b/vault.service
@ -0,0 +1,22 @@
+[Unit]
+Description=Vault server
+Requires=basic.target network.target
+After=basic.target network.target
+
+[Service]
+User=vault
+Group=vault
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=read-only
+CapabilityBoundingSet=CAP_IPC_LOCK
+Environment=GOMAXPROCS=2
+ExecStart=/bin/vault server -config=/etc/vault/vault.hcl
+KillSignal=SIGINT
+TimeoutStopSec=30s
+Restart=on-failure
+StartLimitInterval=60s
+StartLimitBurst=3
+
+[Install]
+WantedBy=multi-user.target