diff --git a/PKGBUILD b/PKGBUILD index 6563cde..834adf1 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -1,8 +1,9 @@ # Maintainer : Christian Rebischke + pkgname='vault' pkgdesc='A tool for managing secrets' pkgver='0.9.0' -pkgrel='3' +pkgrel='4' url='https://vaultproject.io/' license=('MPL') arch=('x86_64') @@ -13,9 +14,13 @@ backup=('etc/vault.hcl') _vault_commit='bdac1854478538052ba5b7ec9a9ec688d35a3335' source=("git+https://github.com/hashicorp/vault#commit=${_vault_commit}" 'vault.service' + 'vault.sysusers' + 'vault.tmpfiles' 'vault.hcl') sha512sums=('SKIP' '6619cf57668e995cddb29fb6c388c18c21b251052a53832415e415bb4fe538361ef77b74536f5b082b9cda6cd71b598fc50d8b7f51092c4d60262052c5725af2' + '92616ccf83fa5ca9f8b0d022cf8ceb1f3549e12b66bf21d9f77f3eb26bd75ec1dc36c155948ec987c642067b85fbfc30a9217d6c503d952a402aa5ef63e50928' + '073f0f400cba78521cd2709ce86d88fbb14125117f9f3beca657f625d04eab8e00f7a01b5d9a1cfc03e9038844f5732bdbb1a85dd65a803d3f0b90f8bf87880e' '46106cc76151eef2dd5e4b2caa6a96aae4d6ce1ecbf977dcc8667a3f6c829cbea95133622adafcb15cdfaa066ecc94c73c983e7613ee2f6573694981569729fe') prepare () { @@ -36,6 +41,8 @@ package () { install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" install -Dm644 "${srcdir}/vault.hcl" "${pkgdir}/etc/vault.hcl" install -Dm644 "${srcdir}/vault.service" "${pkgdir}/usr/lib/systemd/system/vault.service" + install -Dm644 "${srcdir}/vault.sysusers" "${pkgdir}/usr/lib/sysusers.d/vault.conf" + install -Dm644 "${srcdir}/vault.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/vault.conf" for file in README.md CHANGELOG.md ; do install -Dm644 "${file}" "${pkgdir}/usr/share/doc/${pkgname}/${file}" done diff --git a/vault.install b/vault.install index b7c6c28..5d98057 100644 --- a/vault.install +++ b/vault.install @@ -1,29 +1,5 @@ # vim: ft=sh ts=4 sw=4 et post_install () { - getent passwd vault > /dev/null || useradd \ - -s /bin/nologin -c 'Vault daemon' -d /var/lib/vault -M -r -U vault - if [[ ! -d /var/lib/vault ]] ; then - mkdir /var/lib/vault - chown vault:vault /var/lib/vault - fi setcap cap_ipc_lock=+ep /usr/bin/vault } - -post_upgrade () { - if [[ -d /var/lib/vault ]] ; then - local badperms=false - while read -r path ; do - if [[ $(stat --format=%U:%G "${path}") != vault:vault ]] - then - badperms=true - break - fi - done < <( find /var/lib/vault ) - if ${badperms} ; then - echo 'Bad permissions detected in /var/lib/vault, fixing...' - chown -R vault:vault /var/lib/vault - fi - fi - post_install -} diff --git a/vault.sysusers b/vault.sysusers new file mode 100644 index 0000000..93e8223 --- /dev/null +++ b/vault.sysusers @@ -0,0 +1 @@ +u vault - "Vault daemon" /var/lib/vault diff --git a/vault.tmpfiles b/vault.tmpfiles new file mode 100644 index 0000000..52fc5f2 --- /dev/null +++ b/vault.tmpfiles @@ -0,0 +1 @@ +d /var/lib/vault 0755 vault vault - -