pkgbuild: pkgver=1.14.8 pkgrel=1 (genesis)

This repo was forked from the upstream Archlinux vault package at
commit 9c53f44a13c0115422f2a20561aa5b22997dcb4a.

This was then modified to download from the open-vault source, and
refactored to use a global GOFLAGS, split dep downloads into prepare(),
and tidies the build() + package() functions.

References: https://gitlab.archlinux.org/archlinux/packaging/packages/vault
References: 9c53f44a13

.SRCINFO

@@ -0,0 +1,30 @@
+pkgbase = open-vault
+	pkgdesc = A tool for managing secrets
+	pkgver = 1.14.8
+	pkgrel = 1
+	url = https://developer.hashicorp.com/vault/docs/v1.14.x
+	install = vault.install
+	arch = x86_64
+	license = MPL2
+	makedepends = go
+	makedepends = git
+	makedepends = yarn
+	makedepends = bower
+	makedepends = nodejs-lts-iron
+	makedepends = npm
+	makedepends = zip
+	depends = glibc
+	provides = vault
+	conflicts = vault
+	backup = etc/vault.hcl
+	backup = etc/default/vault
+	source = open-vault-1.14.8.tar.gz::https://git.st8l.com/luxolus/open-vault/archive/9f12e0f892b27c5518a918b15c46133cfdd2dff5.tar.gz
+	source = vault.sysusers
+	source = vault.tmpfiles
+	source = vault.hcl
+	sha512sums = SKIP
+	sha512sums = 92616ccf83fa5ca9f8b0d022cf8ceb1f3549e12b66bf21d9f77f3eb26bd75ec1dc36c155948ec987c642067b85fbfc30a9217d6c503d952a402aa5ef63e50928
+	sha512sums = db327aae6f821ee1ea608abdb3fc82aeeae72ce873d78ada44461644add32afd6c0197019427734498bc28ae187b6f741a02196e40a620caab597e5eef32ca7a
+	sha512sums = 75d654ec4eadfe983f57951d470fff8b9eb953b42c08e7b6b3a1baaa0721fd7a9d5be37480b0e4f4fd8518f375348bdd8394848f0fb27cb1d425279acb67f693
+
+pkgname = open-vault

.gitignore

@@ -0,0 +1,89 @@
+# Created by https://www.toptal.com/developers/gitignore/api/archlinuxpackages,linux,macos,vim
+# Edit at https://www.toptal.com/developers/gitignore?templates=archlinuxpackages,linux,macos,vim
+
+### ArchLinuxPackages ###
+*.tar
+*.tar.*
+*.jar
+*.exe
+*.msi
+*.zip
+*.tgz
+*.log
+*.log.*
+*.sig
+
+pkg/
+src/
+
+/open-vault*
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+
+### Vim ###
+# Swap
+[._]*.s[a-v][a-z]
+!*.svg  # comment out if you don't need vector files
+[._]*.sw[a-p]
+[._]s[a-rt-v][a-z]
+[._]ss[a-gi-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+Sessionx.vim
+
+# Temporary
+.netrwhist
+# Auto-generated tag files
+tags
+# Persistent undo
+[._]*.un~
+
+# End of https://www.toptal.com/developers/gitignore/api/archlinuxpackages,linux,macos,vim

PKGBUILD

@@ -0,0 +1,120 @@
+# Maintainer: Paul Stemmet <aur@luxolus.com>
+# Contributor: Christian Rebischke <Chris.Rebischke@archlinux.org>
+# Contributor: Justin Kromlinger <hashworks@archlinux.org>
+# Contributor: Tim Meusel <tim@bastelfreak.de>
+# Contributor: Sebastian Rakel <sebastian@devunit.eu>
+# Contributor: Andrew Tyler <assimilat@gmail.com>
+
+pkgname=open-vault
+_commit='9f12e0f892b27c5518a918b15c46133cfdd2dff5'
+pkgver=1.14.8
+pkgrel=1
+pkgdesc='A tool for managing secrets'
+provides=('vault')
+conflicts=('vault')
+arch=('x86_64')
+url="https://developer.hashicorp.com/vault/docs/v1.14.x"
+license=('MPL2')
+depends=('glibc')
+makedepends=('go' 'git' 'yarn' 'bower' 'nodejs-lts-iron' 'npm' 'zip')
+install=vault.install
+backup=('etc/vault.hcl' 'etc/default/vault')
+source=("${pkgname}-${pkgver}.tar.gz::https://git.st8l.com/luxolus/${pkgname}/archive/${_commit}.tar.gz"
+        'vault.sysusers'
+        'vault.tmpfiles'
+        'vault.hcl')
+sha512sums=('SKIP'
+            '92616ccf83fa5ca9f8b0d022cf8ceb1f3549e12b66bf21d9f77f3eb26bd75ec1dc36c155948ec987c642067b85fbfc30a9217d6c503d952a402aa5ef63e50928'
+            'db327aae6f821ee1ea608abdb3fc82aeeae72ce873d78ada44461644add32afd6c0197019427734498bc28ae187b6f741a02196e40a620caab597e5eef32ca7a'
+            '75d654ec4eadfe983f57951d470fff8b9eb953b42c08e7b6b3a1baaa0721fd7a9d5be37480b0e4f4fd8518f375348bdd8394848f0fb27cb1d425279acb67f693')
+
+export CGO_CPPFLAGS="${CPPFLAGS}"
+export CGO_CFLAGS="${CFLAGS}"
+export CGO_CXXFLAGS="${CXXFLAGS}"
+export CGO_LDFLAGS="${LDFLAGS}"
+
+export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"
+
+prepare() {
+  cd "${srcdir}/${pkgname}"
+
+  mkdir -p http/web_ui bin dist
+
+  local filename
+  for filename in "${source[@]}"; do
+    if [[ "$filename" =~ \.patch$ ]]; then
+      patch -p1 -N -l -i "$srcdir/${filename##*/}"
+    fi
+  done
+
+  sed -i \
+    's|/etc/vault.d/vault.hcl|/etc/vault.hcl|g' \
+    .release/linux/package/usr/lib/systemd/system/vault.service
+  sed -i \
+    's|/etc/vault.d/vault.env|/etc/default/vault|g' \
+    .release/linux/package/usr/lib/systemd/system/vault.service
+
+  # Vault UI
+  (
+    cd "ui"
+
+    yarn install
+  )
+
+  # Vault service
+  (
+    go mod download
+  )
+}
+
+build() {
+  cd "${srcdir}/${pkgname}"
+
+  # Vault UI
+  (
+    cd "ui"
+
+    npm rebuild node-sass ; yarn run build
+  )
+
+  # Vault service
+  (
+    local _flags=github.com/hashicorp/vault/sdk/version
+    local _ldflags=(
+      "-linkmode=external"
+      "-compressdwarf=false"
+      $(
+        printf -- "-X ${_flags}.%s " \
+          "Version=${pkgver}" \
+          "GitCommit=${_commit}" \
+          "BuildDate=$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
+      )
+    )
+
+    go build -tags ui -ldflags "${_ldflags[*]}" -o dist .
+  )
+}
+
+package() {
+  cd "${srcdir}/${pkgname}"
+
+  local file release='.release/linux/package'
+
+  # configuration
+  install -Dm644 "${srcdir}/vault.hcl"                "${pkgdir}/etc/vault.hcl"
+  install -Dm644 "${srcdir}/vault.sysusers"           "${pkgdir}/usr/lib/sysusers.d/vault.conf"
+  install -Dm644 "${srcdir}/vault.tmpfiles"           "${pkgdir}/usr/lib/tmpfiles.d/vault.conf"
+  install -Dm644 \
+    "$release/etc/vault.d/vault.env"                  "${pkgdir}/etc/default/vault"
+  install -Dm644 \
+    "$release/usr/lib/systemd/system/vault.service"   "${pkgdir}/usr/lib/systemd/system/vault.service"
+
+  install -Dm644 "LICENSE"                            "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+
+  for file in 'README.md' 'CHANGELOG.md'; do
+    install -Dm644 "${file}"                          "${pkgdir}/usr/share/doc/${pkgname}/${file}"
+  done
+
+  # binaries
+  install -Dm755 "dist/vault"                         "${pkgdir}/usr/bin/vault"
+}

vault.hcl

@@ -0,0 +1,50 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+# Full configuration options can be found at https://www.vaultproject.io/docs/configuration
+
+ui = true
+
+#mlock = true
+#disable_mlock = true
+
+storage "file" {
+  path = "/var/lib/vault"
+}
+
+#storage "consul" {
+#  address = "127.0.0.1:8500"
+#  path    = "vault"
+#}
+
+# HTTP listener
+listener "tcp" {
+  address = "127.0.0.1:8200"
+  tls_disable = 1
+}
+
+# HTTPS listener
+#listener "tcp" {
+#  address       = "0.0.0.0:8200"
+#  tls_cert_file = "/var/lib/vault/tls/tls.crt"
+#  tls_key_file  = "/var/lib/vault/tls/tls.key"
+#}
+
+# Enterprise license_path
+# This will be required for enterprise as of v1.8
+#license_path = "/etc/vault.hclic"
+
+# Example AWS KMS auto unseal
+#seal "awskms" {
+#  region = "us-east-1"
+#  kms_key_id = "REPLACE-ME"
+#}
+
+# Example HSM auto unseal
+#seal "pkcs11" {
+#  lib            = "/usr/vault/lib/libCryptoki2_64.so"
+#  slot           = "0"
+#  pin            = "AAAA-BBBB-CCCC-DDDD"
+#  key_label      = "vault-hsm-key"
+#  hmac_key_label = "vault-hsm-hmac-key"
+#}

vault.install

@@ -0,0 +1,9 @@
+# vim: ft=sh ts=4 sw=4 et
+
+post_install () {
+    setcap cap_ipc_lock=+ep /usr/bin/vault
+}
+
+post_upgrade () {
+    setcap cap_ipc_lock=+ep /usr/bin/vault
+}

vault.sysusers

@@ -0,0 +1 @@
+u vault - "Vault daemon" /var/lib/vault

vault.tmpfiles

@@ -0,0 +1 @@
+d /var/lib/vault 0750 vault vault - -