merge: debian/stable <--- feature/v1.14.8-1
* HEAD | \ | *914743b
<debian@luxolus.com> debian: add source, package lintian-overrides | *4730338
<debian@luxolus.com> debian: add rules for open-vault-agent | *35743e4
<debian@luxolus.com> debian: add open-vault-agent config files | *1f3df3a
<debian@luxolus.com> debian: add control.Package open-vault-agent | *565491f
<debian@luxolus.com> debian: add rules for open-vault | *1c47ea6
<debian@luxolus.com> debian: add open-vault config files | *2ffa95f
<debian@luxolus.com> debian: add control.Package open-vault | *b39b364
<debian@luxolus.com> debian: add control.Source, license | *7c87289
<debian@luxolus.com> debian: changelog (1.14.8-1) | *6dcdd73
<debian@luxolus.com> debian: add gbp.conf | *de07dde
<debian@luxolus.com> gitattributes: rm upstream lfs stuff | / | debian/stable Signed-off-by: Paul Stemmet <debian@luxolus.com>
This commit is contained in:
commit
37e8dfac04
|
@ -2,25 +2,3 @@ vendor/* linguist-vendored
|
|||
website/* linguist-documentation
|
||||
|
||||
/packagespec.mk linguist-generated
|
||||
*.ber filter=lfs diff=lfs merge=lfs -text
|
||||
*.DS_Store filter=lfs diff=lfs merge=lfs -text
|
||||
*.eot filter=lfs diff=lfs merge=lfs -text
|
||||
*.gif filter=lfs diff=lfs merge=lfs -text
|
||||
*.ico filter=lfs diff=lfs merge=lfs -text
|
||||
*.jks filter=lfs diff=lfs merge=lfs -text
|
||||
*.jpg filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.p12 filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.snap filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.woff filter=lfs diff=lfs merge=lfs -text
|
||||
*.woff2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
bin/codechecker filter=lfs diff=lfs merge=lfs -text
|
||||
Godeps/_workspace/src/github.com/gocql/gocql/testdata/pki/.keystore filter=lfs diff=lfs merge=lfs -text
|
||||
Godeps/_workspace/src/github.com/gocql/gocql/testdata/pki/.truststore filter=lfs diff=lfs merge=lfs -text
|
||||
plugins/database/cassandra/test-fixtures/with_tls/stores/keystore filter=lfs diff=lfs merge=lfs -text
|
||||
plugins/database/cassandra/test-fixtures/with_tls/stores/truststore filter=lfs diff=lfs merge=lfs -text
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
open-vault (1.14.8-1) stable; urgency=low
|
||||
|
||||
* New upstream version
|
||||
|
||||
-- Paul Stemmet <debian@luxolus.com> Thu, 18 Apr 2024 13:13:56 +0000
|
|
@ -0,0 +1,46 @@
|
|||
Source: open-vault
|
||||
Maintainer: Paul Stemmet <debian@luxolus.com>
|
||||
Section: net
|
||||
Priority: optional
|
||||
Build-Depends: debhelper-compat (= 13),
|
||||
dh-golang,
|
||||
golang-any (>= 1.18.0),
|
||||
npm,
|
||||
yarnpkg,
|
||||
acl,
|
||||
git,
|
||||
ca-certificates
|
||||
Standards-Version: 4.6.1.0
|
||||
XS-Go-Import-Path: github.com/hashicorp/vault
|
||||
Homepage: https://developer.hashicorp.com/vault/docs/v1.14.x
|
||||
Vcs-Browser: https://git.st8l.com/luxolus/open-vault
|
||||
Vcs-Git: https://git.st8l.com/luxolus/open-vault.git
|
||||
Rules-Requires-Root: no
|
||||
|
||||
Package: open-vault
|
||||
Provides: vault
|
||||
Conflicts: vault
|
||||
Architecture: any
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}
|
||||
Built-Using: ${misc:Built-Using}
|
||||
Description: A tool for securely accessing secrets
|
||||
Vault is an API first solution to securely store and tightly control
|
||||
access to tokens, passwords, certificates, and encryption keys for
|
||||
protecting secrets and other sensitive data using a UI, CLI, or HTTP API
|
||||
.
|
||||
This is a MPL2 licensed fork of Vault.
|
||||
|
||||
Package: open-vault-agent
|
||||
Provides: vault-agent
|
||||
Conflicts: vault-agent
|
||||
Architecture: any
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}, vault
|
||||
Built-Using: ${misc:Built-Using}
|
||||
Description: Systemd service and configuration for Vault agents
|
||||
Vault agent(s) remove the initial hurdle to adopt Vault by
|
||||
providing a more scalable and simpler way for applications
|
||||
to integrate with Vault.
|
||||
.
|
||||
Providing the ability to render templates containing the
|
||||
secrets required by your application, without requiring
|
||||
changes to your application.
|
|
@ -0,0 +1,367 @@
|
|||
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
||||
Upstream-Name: open-vault
|
||||
Upstream-Contact: https://git.st8l.com/luxolus/open-vault/issues
|
||||
Source: https://git.st8l.com/luxolus/open-vault
|
||||
|
||||
Files: *
|
||||
Copyright: 2013 HashiCorp, Inc.
|
||||
License: MPL2
|
||||
|
||||
Files: debian/*
|
||||
Copyright: Paul Stemmet
|
||||
License: MPL2
|
||||
|
||||
License: MPL2
|
||||
Mozilla Public License, version 2.0
|
||||
.
|
||||
1. Definitions
|
||||
.
|
||||
1.1. “Contributor”
|
||||
.
|
||||
means each individual or legal entity that creates, contributes to the
|
||||
creation of, or owns Covered Software.
|
||||
.
|
||||
1.2. “Contributor Version”
|
||||
.
|
||||
means the combination of the Contributions of others (if any) used by a
|
||||
Contributor and that particular Contributor’s Contribution.
|
||||
.
|
||||
1.3. “Contribution”
|
||||
.
|
||||
means Covered Software of a particular Contributor.
|
||||
.
|
||||
1.4. “Covered Software”
|
||||
.
|
||||
means Source Code Form to which the initial Contributor has attached the
|
||||
notice in Exhibit A, the Executable Form of such Source Code Form, and
|
||||
Modifications of such Source Code Form, in each case including portions
|
||||
thereof.
|
||||
.
|
||||
1.5. “Incompatible With Secondary Licenses”
|
||||
means
|
||||
.
|
||||
a. that the initial Contributor has attached the notice described in
|
||||
Exhibit B to the Covered Software; or
|
||||
.
|
||||
b. that the Covered Software was made available under the terms of version
|
||||
1.1 or earlier of the License, but not also under the terms of a
|
||||
Secondary License.
|
||||
.
|
||||
1.6. “Executable Form”
|
||||
.
|
||||
means any form of the work other than Source Code Form.
|
||||
.
|
||||
1.7. “Larger Work”
|
||||
.
|
||||
means a work that combines Covered Software with other material, in a separate
|
||||
file or files, that is not Covered Software.
|
||||
.
|
||||
1.8. “License”
|
||||
.
|
||||
means this document.
|
||||
.
|
||||
1.9. “Licensable”
|
||||
.
|
||||
means having the right to grant, to the maximum extent possible, whether at the
|
||||
time of the initial grant or subsequently, any and all of the rights conveyed by
|
||||
this License.
|
||||
.
|
||||
1.10. “Modifications”
|
||||
.
|
||||
means any of the following:
|
||||
.
|
||||
a. any file in Source Code Form that results from an addition to, deletion
|
||||
from, or modification of the contents of Covered Software; or
|
||||
.
|
||||
b. any new file in Source Code Form that contains any Covered Software.
|
||||
.
|
||||
1.11. “Patent Claims” of a Contributor
|
||||
.
|
||||
means any patent claim(s), including without limitation, method, process,
|
||||
and apparatus claims, in any patent Licensable by such Contributor that
|
||||
would be infringed, but for the grant of the License, by the making,
|
||||
using, selling, offering for sale, having made, import, or transfer of
|
||||
either its Contributions or its Contributor Version.
|
||||
.
|
||||
1.12. “Secondary License”
|
||||
.
|
||||
means either the GNU General Public License, Version 2.0, the GNU Lesser
|
||||
General Public License, Version 2.1, the GNU Affero General Public
|
||||
License, Version 3.0, or any later versions of those licenses.
|
||||
.
|
||||
1.13. “Source Code Form”
|
||||
.
|
||||
means the form of the work preferred for making modifications.
|
||||
.
|
||||
1.14. “You” (or “Your”)
|
||||
.
|
||||
means an individual or a legal entity exercising rights under this
|
||||
License. For legal entities, “You” includes any entity that controls, is
|
||||
controlled by, or is under common control with You. For purposes of this
|
||||
definition, “control” means (a) the power, direct or indirect, to cause
|
||||
the direction or management of such entity, whether by contract or
|
||||
otherwise, or (b) ownership of more than fifty percent (50%) of the
|
||||
outstanding shares or beneficial ownership of such entity.
|
||||
.
|
||||
.
|
||||
2. License Grants and Conditions
|
||||
.
|
||||
2.1. Grants
|
||||
.
|
||||
Each Contributor hereby grants You a world-wide, royalty-free,
|
||||
non-exclusive license:
|
||||
.
|
||||
a. under intellectual property rights (other than patent or trademark)
|
||||
Licensable by such Contributor to use, reproduce, make available,
|
||||
modify, display, perform, distribute, and otherwise exploit its
|
||||
Contributions, either on an unmodified basis, with Modifications, or as
|
||||
part of a Larger Work; and
|
||||
.
|
||||
b. under Patent Claims of such Contributor to make, use, sell, offer for
|
||||
sale, have made, import, and otherwise transfer either its Contributions
|
||||
or its Contributor Version.
|
||||
.
|
||||
2.2. Effective Date
|
||||
.
|
||||
The licenses granted in Section 2.1 with respect to any Contribution become
|
||||
effective for each Contribution on the date the Contributor first distributes
|
||||
such Contribution.
|
||||
.
|
||||
2.3. Limitations on Grant Scope
|
||||
.
|
||||
The licenses granted in this Section 2 are the only rights granted under this
|
||||
License. No additional rights or licenses will be implied from the distribution
|
||||
or licensing of Covered Software under this License. Notwithstanding Section
|
||||
2.1(b) above, no patent license is granted by a Contributor:
|
||||
.
|
||||
a. for any code that a Contributor has removed from Covered Software; or
|
||||
.
|
||||
b. for infringements caused by: (i) Your and any other third party’s
|
||||
modifications of Covered Software, or (ii) the combination of its
|
||||
Contributions with other software (except as part of its Contributor
|
||||
Version); or
|
||||
.
|
||||
c. under Patent Claims infringed by Covered Software in the absence of its
|
||||
Contributions.
|
||||
.
|
||||
This License does not grant any rights in the trademarks, service marks, or
|
||||
logos of any Contributor (except as may be necessary to comply with the
|
||||
notice requirements in Section 3.4).
|
||||
.
|
||||
2.4. Subsequent Licenses
|
||||
.
|
||||
No Contributor makes additional grants as a result of Your choice to
|
||||
distribute the Covered Software under a subsequent version of this License
|
||||
(see Section 10.2) or under the terms of a Secondary License (if permitted
|
||||
under the terms of Section 3.3).
|
||||
.
|
||||
2.5. Representation
|
||||
.
|
||||
Each Contributor represents that the Contributor believes its Contributions
|
||||
are its original creation(s) or it has sufficient rights to grant the
|
||||
rights to its Contributions conveyed by this License.
|
||||
.
|
||||
2.6. Fair Use
|
||||
.
|
||||
This License is not intended to limit any rights You have under applicable
|
||||
copyright doctrines of fair use, fair dealing, or other equivalents.
|
||||
.
|
||||
2.7. Conditions
|
||||
.
|
||||
Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
|
||||
Section 2.1.
|
||||
.
|
||||
.
|
||||
3. Responsibilities
|
||||
.
|
||||
3.1. Distribution of Source Form
|
||||
.
|
||||
All distribution of Covered Software in Source Code Form, including any
|
||||
Modifications that You create or to which You contribute, must be under the
|
||||
terms of this License. You must inform recipients that the Source Code Form
|
||||
of the Covered Software is governed by the terms of this License, and how
|
||||
they can obtain a copy of this License. You may not attempt to alter or
|
||||
restrict the recipients’ rights in the Source Code Form.
|
||||
.
|
||||
3.2. Distribution of Executable Form
|
||||
.
|
||||
If You distribute Covered Software in Executable Form then:
|
||||
.
|
||||
a. such Covered Software must also be made available in Source Code Form,
|
||||
as described in Section 3.1, and You must inform recipients of the
|
||||
Executable Form how they can obtain a copy of such Source Code Form by
|
||||
reasonable means in a timely manner, at a charge no more than the cost
|
||||
of distribution to the recipient; and
|
||||
.
|
||||
b. You may distribute such Executable Form under the terms of this License,
|
||||
or sublicense it under different terms, provided that the license for
|
||||
the Executable Form does not attempt to limit or alter the recipients’
|
||||
rights in the Source Code Form under this License.
|
||||
.
|
||||
3.3. Distribution of a Larger Work
|
||||
.
|
||||
You may create and distribute a Larger Work under terms of Your choice,
|
||||
provided that You also comply with the requirements of this License for the
|
||||
Covered Software. If the Larger Work is a combination of Covered Software
|
||||
with a work governed by one or more Secondary Licenses, and the Covered
|
||||
Software is not Incompatible With Secondary Licenses, this License permits
|
||||
You to additionally distribute such Covered Software under the terms of
|
||||
such Secondary License(s), so that the recipient of the Larger Work may, at
|
||||
their option, further distribute the Covered Software under the terms of
|
||||
either this License or such Secondary License(s).
|
||||
.
|
||||
3.4. Notices
|
||||
.
|
||||
You may not remove or alter the substance of any license notices (including
|
||||
copyright notices, patent notices, disclaimers of warranty, or limitations
|
||||
of liability) contained within the Source Code Form of the Covered
|
||||
Software, except that You may alter any license notices to the extent
|
||||
required to remedy known factual inaccuracies.
|
||||
.
|
||||
3.5. Application of Additional Terms
|
||||
.
|
||||
You may choose to offer, and to charge a fee for, warranty, support,
|
||||
indemnity or liability obligations to one or more recipients of Covered
|
||||
Software. However, You may do so only on Your own behalf, and not on behalf
|
||||
of any Contributor. You must make it absolutely clear that any such
|
||||
warranty, support, indemnity, or liability obligation is offered by You
|
||||
alone, and You hereby agree to indemnify every Contributor for any
|
||||
liability incurred by such Contributor as a result of warranty, support,
|
||||
indemnity or liability terms You offer. You may include additional
|
||||
disclaimers of warranty and limitations of liability specific to any
|
||||
jurisdiction.
|
||||
.
|
||||
4. Inability to Comply Due to Statute or Regulation
|
||||
.
|
||||
If it is impossible for You to comply with any of the terms of this License
|
||||
with respect to some or all of the Covered Software due to statute, judicial
|
||||
order, or regulation then You must: (a) comply with the terms of this License
|
||||
to the maximum extent possible; and (b) describe the limitations and the code
|
||||
they affect. Such description must be placed in a text file included with all
|
||||
distributions of the Covered Software under this License. Except to the
|
||||
extent prohibited by statute or regulation, such description must be
|
||||
sufficiently detailed for a recipient of ordinary skill to be able to
|
||||
understand it.
|
||||
.
|
||||
5. Termination
|
||||
.
|
||||
5.1. The rights granted under this License will terminate automatically if You
|
||||
fail to comply with any of its terms. However, if You become compliant,
|
||||
then the rights granted under this License from a particular Contributor
|
||||
are reinstated (a) provisionally, unless and until such Contributor
|
||||
explicitly and finally terminates Your grants, and (b) on an ongoing basis,
|
||||
if such Contributor fails to notify You of the non-compliance by some
|
||||
reasonable means prior to 60 days after You have come back into compliance.
|
||||
Moreover, Your grants from a particular Contributor are reinstated on an
|
||||
ongoing basis if such Contributor notifies You of the non-compliance by
|
||||
some reasonable means, this is the first time You have received notice of
|
||||
non-compliance with this License from such Contributor, and You become
|
||||
compliant prior to 30 days after Your receipt of the notice.
|
||||
.
|
||||
5.2. If You initiate litigation against any entity by asserting a patent
|
||||
infringement claim (excluding declaratory judgment actions, counter-claims,
|
||||
and cross-claims) alleging that a Contributor Version directly or
|
||||
indirectly infringes any patent, then the rights granted to You by any and
|
||||
all Contributors for the Covered Software under Section 2.1 of this License
|
||||
shall terminate.
|
||||
.
|
||||
5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
|
||||
license agreements (excluding distributors and resellers) which have been
|
||||
validly granted by You or Your distributors under this License prior to
|
||||
termination shall survive termination.
|
||||
.
|
||||
6. Disclaimer of Warranty
|
||||
.
|
||||
Covered Software is provided under this License on an “as is” basis, without
|
||||
warranty of any kind, either expressed, implied, or statutory, including,
|
||||
without limitation, warranties that the Covered Software is free of defects,
|
||||
merchantable, fit for a particular purpose or non-infringing. The entire
|
||||
risk as to the quality and performance of the Covered Software is with You.
|
||||
Should any Covered Software prove defective in any respect, You (not any
|
||||
Contributor) assume the cost of any necessary servicing, repair, or
|
||||
correction. This disclaimer of warranty constitutes an essential part of this
|
||||
License. No use of any Covered Software is authorized under this License
|
||||
except under this disclaimer.
|
||||
.
|
||||
7. Limitation of Liability
|
||||
.
|
||||
Under no circumstances and under no legal theory, whether tort (including
|
||||
negligence), contract, or otherwise, shall any Contributor, or anyone who
|
||||
distributes Covered Software as permitted above, be liable to You for any
|
||||
direct, indirect, special, incidental, or consequential damages of any
|
||||
character including, without limitation, damages for lost profits, loss of
|
||||
goodwill, work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses, even if such party shall have been
|
||||
informed of the possibility of such damages. This limitation of liability
|
||||
shall not apply to liability for death or personal injury resulting from such
|
||||
party’s negligence to the extent applicable law prohibits such limitation.
|
||||
Some jurisdictions do not allow the exclusion or limitation of incidental or
|
||||
consequential damages, so this exclusion and limitation may not apply to You.
|
||||
.
|
||||
8. Litigation
|
||||
.
|
||||
Any litigation relating to this License may be brought only in the courts of
|
||||
a jurisdiction where the defendant maintains its principal place of business
|
||||
and such litigation shall be governed by laws of that jurisdiction, without
|
||||
reference to its conflict-of-law provisions. Nothing in this Section shall
|
||||
prevent a party’s ability to bring cross-claims or counter-claims.
|
||||
.
|
||||
9. Miscellaneous
|
||||
.
|
||||
This License represents the complete agreement concerning the subject matter
|
||||
hereof. If any provision of this License is held to be unenforceable, such
|
||||
provision shall be reformed only to the extent necessary to make it
|
||||
enforceable. Any law or regulation which provides that the language of a
|
||||
contract shall be construed against the drafter shall not be used to construe
|
||||
this License against a Contributor.
|
||||
.
|
||||
.
|
||||
10. Versions of the License
|
||||
.
|
||||
10.1. New Versions
|
||||
.
|
||||
Mozilla Foundation is the license steward. Except as provided in Section
|
||||
10.3, no one other than the license steward has the right to modify or
|
||||
publish new versions of this License. Each version will be given a
|
||||
distinguishing version number.
|
||||
.
|
||||
10.2. Effect of New Versions
|
||||
.
|
||||
You may distribute the Covered Software under the terms of the version of
|
||||
the License under which You originally received the Covered Software, or
|
||||
under the terms of any subsequent version published by the license
|
||||
steward.
|
||||
.
|
||||
10.3. Modified Versions
|
||||
.
|
||||
If you create software not governed by this License, and you want to
|
||||
create a new license for such software, you may create and use a modified
|
||||
version of this License if you rename the license and remove any
|
||||
references to the name of the license steward (except to note that such
|
||||
modified license differs from this License).
|
||||
.
|
||||
10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
|
||||
If You choose to distribute Source Code Form that is Incompatible With
|
||||
Secondary Licenses under the terms of this version of the License, the
|
||||
notice described in Exhibit B of this License must be attached.
|
||||
.
|
||||
Exhibit A - Source Code Form License Notice
|
||||
.
|
||||
This Source Code Form is subject to the
|
||||
terms of the Mozilla Public License, v.
|
||||
2.0. If a copy of the MPL was not
|
||||
distributed with this file, You can
|
||||
obtain one at
|
||||
http://mozilla.org/MPL/2.0/.
|
||||
.
|
||||
If it is not possible or desirable to put the notice in a particular file, then
|
||||
You may include the notice in a location (such as a LICENSE file in a relevant
|
||||
directory) where a recipient would be likely to look for such a notice.
|
||||
.
|
||||
You may add additional accurate notices of copyright ownership.
|
||||
.
|
||||
Exhibit B - “Incompatible With Secondary Licenses” Notice
|
||||
.
|
||||
This Source Code Form is “Incompatible
|
||||
With Secondary Licenses”, as defined by
|
||||
the Mozilla Public License, v. 2.0.
|
|
@ -0,0 +1,8 @@
|
|||
[DEFAULT]
|
||||
debian-branch = debian/stable
|
||||
dist = DEP14
|
||||
|
||||
[builder.debspawn]
|
||||
image = stable
|
||||
lintian = true
|
||||
results-dir = ~/open-vault.results
|
|
@ -0,0 +1 @@
|
|||
etc/vault-agent.d
|
|
@ -0,0 +1 @@
|
|||
lib/systemd/system/vault-agent@.service lib/systemd/system/open-vault-agent@.service
|
|
@ -0,0 +1,7 @@
|
|||
# vim: set ft=conf:
|
||||
|
||||
# The 2000s called, they want their init system back.
|
||||
package-supports-alternative-init-but-no-init.d-script *
|
||||
|
||||
initial-upload-closes-no-bugs *
|
||||
description-synopsis-starts-with-article *
|
|
@ -0,0 +1,26 @@
|
|||
[Unit]
|
||||
Description=Vault agent (config:%i)
|
||||
Documentation=https://developer.hashicorp.com/vault/docs/agent
|
||||
After=network.target network-online.target
|
||||
|
||||
ConditionPathIsDirectory=/etc/vault-agent.d/%i
|
||||
ConditionFileNotEmpty=/etc/vault-agent.d/%i/agent.hcl
|
||||
StartLimitIntervalSec=300
|
||||
StartLimitBurst=20
|
||||
|
||||
[Service]
|
||||
User=vault
|
||||
Group=vault
|
||||
ExecStart=/bin/vault agent -config=/etc/vault-agent.d/%i/agent.hcl
|
||||
KillSignal=SIGINT
|
||||
|
||||
Environment=GOMAXPROCS=2
|
||||
EnvironmentFile=-/etc/default/vault-agent
|
||||
EnvironmentFile=-/etc/vault-agent.d/%i/agent.env
|
||||
WorkingDirectory=/etc/vault-agent.d/%i
|
||||
TimeoutStopSec=30s
|
||||
Restart=on-failure
|
||||
RestartSec=15
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,14 @@
|
|||
# Any additional options to pass to 'vault server'
|
||||
#
|
||||
# For more, see: `vault server --help`
|
||||
VAULT_FLAGS=
|
||||
|
||||
# Consider setting these, if you're in a containerized
|
||||
# environment.
|
||||
#
|
||||
# Go does not handle cgroup based limits well, for either
|
||||
# CPU or MEM.
|
||||
#
|
||||
# For more, see: https://pkg.go.dev/runtime
|
||||
#GOMAXPROCS=
|
||||
#GOMEMLIMIT=
|
|
@ -0,0 +1 @@
|
|||
etc/vault.d
|
|
@ -0,0 +1 @@
|
|||
lib/systemd/system/vault.service lib/systemd/system/open-vault.service
|
|
@ -0,0 +1,14 @@
|
|||
# vim: set ft=conf:
|
||||
|
||||
# The upstream is a go binary that doesn't require stripping,
|
||||
# doesn't create manpages, and I don't care about
|
||||
# 'spelling errors' in the .data section of a binary.
|
||||
unstripped-binary-or-object [usr/bin/vault]
|
||||
no-manual-page [usr/bin/vault]
|
||||
spelling-error-in-binary * [usr/bin/vault]
|
||||
|
||||
# The 2000s called, they want their init system back.
|
||||
package-supports-alternative-init-but-no-init.d-script *
|
||||
|
||||
initial-upload-closes-no-bugs *
|
||||
description-synopsis-starts-with-article *
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
setcap cap_ipc_lock=+ep /usr/bin/vault
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,39 @@
|
|||
[Unit]
|
||||
Description=A tool for managing secrets
|
||||
Documentation=https://developer.hashicorp.com/vault/docs/v1.14.x
|
||||
StartLimitIntervalSec=60
|
||||
StartLimitBurst=10
|
||||
After=network.target network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
User=vault
|
||||
Group=vault
|
||||
EnvironmentFile=/etc/default/vault
|
||||
ExecStart=/bin/vault server ${VAULT_FLAGS} -config=/etc/vault.d/
|
||||
ExecReload=/bin/kill --signal HUP $MAINPID
|
||||
KillMode=process
|
||||
KillSignal=SIGINT
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
TimeoutStopSec=30
|
||||
|
||||
# Service files / dirs
|
||||
RuntimeDirectory=vault
|
||||
StateDirectory=vault
|
||||
ConfigurationDirectory=vault.d
|
||||
|
||||
# Service limits, hardening
|
||||
LimitNOFILE=65536
|
||||
LimitMEMLOCK=infinity
|
||||
ProtectSystem=full
|
||||
ProtectHome=read-only
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
SecureBits=keep-caps
|
||||
AmbientCapabilities=CAP_IPC_LOCK
|
||||
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
|
||||
NoNewPrivileges=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1 @@
|
|||
u vault 972 - /var/lib/vault
|
|
@ -0,0 +1,88 @@
|
|||
#!/usr/bin/make -f
|
||||
|
||||
# Defines:
|
||||
# DEB_SOURCE
|
||||
# DEB_VERSION
|
||||
# DEB_VERSION_EPOCH_UPSTREAM
|
||||
# DEB_VERSION_UPSTREAM_REVISION
|
||||
# DEB_VERSION_UPSTREAM
|
||||
# DEB_DISTRIBUTION
|
||||
# SOURCE_DATE_EPOCH
|
||||
include /usr/share/dpkg/pkg-info.mk
|
||||
|
||||
#export DH_VERBOSE := 1
|
||||
|
||||
PKGNAME := open-vault
|
||||
PKGALIAS := vault
|
||||
PKGDIR := debian/$(PKGNAME)
|
||||
SRCDIR := debian
|
||||
BUILDDIR := dist
|
||||
BUILDDATE := $(shell date -u '+%Y-%m-%dT%H:%M:%SZ' -d @$(SOURCE_DATE_EPOCH))
|
||||
|
||||
export DH_OPTIONS
|
||||
export DEB_BUILD_OPTIONS ?= terse
|
||||
export DEB_BUILD_MAINT_OPTIONS := hardening=+all
|
||||
export YARNCACHE := /tmp/yarncache
|
||||
export GO111MODULE := on
|
||||
export GOFLAGS := -buildmode=pie -trimpath -mod=readonly -modcacherw
|
||||
export GOCACHE := /tmp/gocache
|
||||
export GOPATH := /tmp/gopath
|
||||
export GOPROXY := https://proxy.golang.org,direct
|
||||
export CGO_LDFLAGS = $(LDFLAGS)
|
||||
export CGO_CFLAGS = $(CFLAGS)
|
||||
export CGO_CPPFLAGS = $(CPPFLAGS)
|
||||
export CGO_CXXFLAGS = $(CXXFLAGS)
|
||||
# dh_golang doesn't do this for you
|
||||
ifeq ($(DEB_HOST_ARCH), i386)
|
||||
export GOARCH := 386
|
||||
else ifeq ($(DEB_HOST_ARCH), amd64)
|
||||
export GOARCH := amd64
|
||||
else ifeq ($(DEB_HOST_ARCH), armhf)
|
||||
export GOARCH := arm
|
||||
else ifeq ($(DEB_HOST_ARCH), arm64)
|
||||
export GOARCH := arm64
|
||||
endif
|
||||
|
||||
%:
|
||||
dh $@ --builddirectory=$(BUILDDIR) --buildsystem=golang --with=golang
|
||||
|
||||
override_dh_clean:
|
||||
rm -f debian/debhelper.log
|
||||
dh_clean
|
||||
|
||||
override_dh_auto_configure:
|
||||
mkdir -p $(BUILDDIR) $(GOCACHE) $(GOPATH) $(YARNCACHE) /tmp/builder
|
||||
setfacl -m "default:group::rwx" $(GOCACHE) $(GOPATH) $(YARNCACHE) /tmp/builder
|
||||
mv $(SRCDIR)/$(PKGNAME).service $(SRCDIR)/$(PKGNAME).$(PKGALIAS).service
|
||||
mv $(SRCDIR)/$(PKGNAME).default $(SRCDIR)/$(PKGNAME).$(PKGALIAS).default
|
||||
mv $(SRCDIR)/$(PKGNAME).sysusers $(SRCDIR)/$(PKGNAME).$(PKGALIAS).sysusers
|
||||
mv $(SRCDIR)/$(PKGNAME)-agent@.service $(SRCDIR)/$(PKGNAME)-agent.$(PKGALIAS)-agent@.service
|
||||
yarnpkg config set cacheFolder $(YARNCACHE)
|
||||
( cd "ui" && yarnpkg install )
|
||||
go mod download
|
||||
$(SRCDIR)/vault-ldflags.sh \
|
||||
"v$(DEB_VERSION_UPSTREAM)" "$(DEB_VERSION)" "$(BUILDDATE)" \
|
||||
> $(BUILDDIR)/.ldflags
|
||||
|
||||
override_dh_auto_build:
|
||||
( cd "ui" ; npm rebuild node-sass ; yarnpkg run build )
|
||||
go build -tags ui -ldflags "$$(< $(BUILDDIR)/.ldflags)" -o $(BUILDDIR) .
|
||||
|
||||
override_dh_auto_install:
|
||||
dh_installsysusers --name=$(PKGALIAS)
|
||||
|
||||
install -D -m755 $(BUILDDIR)/vault $(PKGDIR)/usr/bin/$(PKGALIAS)
|
||||
|
||||
override_dh_auto_test:
|
||||
# Check vault runs and is the correct version
|
||||
$(BUILDDIR)/vault --version | head -1 | grep -qF -- "v$(DEB_VERSION_UPSTREAM)"
|
||||
|
||||
override_dh_installsystemd:
|
||||
dh_installsystemd --name=$(PKGALIAS)
|
||||
dh_installsystemd --name=$(PKGALIAS)-agent@
|
||||
|
||||
override_dh_installinit:
|
||||
dh_installinit --name=$(PKGALIAS)
|
||||
|
||||
override_dh_golang:
|
||||
@echo "Skipping! dh_golang does not support external GOPATH build depends..."
|
|
@ -0,0 +1 @@
|
|||
3.0 (quilt)
|
|
@ -0,0 +1,16 @@
|
|||
# vim: set ft=conf:
|
||||
|
||||
# The upstream generates and commits these like this.
|
||||
#
|
||||
# If this package was to ever be considered for inclusion in
|
||||
# mainline debian we'd need to fix these, but because I have
|
||||
# no desire to do that and it would be a massive PITA, ignore
|
||||
# these missing sources.
|
||||
source-is-missing *ui/tests*
|
||||
source-contains-prebuilt-javascript-object *ui/tests*
|
||||
|
||||
# We set debhelper compat >= 13, therefore are unaffected
|
||||
override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS
|
||||
|
||||
# Not relevant...
|
||||
package-does-not-install-examples [website/content/docs/platform/k8s/helm/examples/]
|
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Small shim to properly generate the ldflags
|
||||
# Vault expects for its buildconf
|
||||
|
||||
xpath=github.com/hashicorp/vault/sdk/version
|
||||
version=$1 commit=$2 builddate=$3
|
||||
|
||||
printf -- '%s ' \
|
||||
"-linkmode=external" \
|
||||
"-compressdwarf=false" \
|
||||
$(
|
||||
printf -- "-X ${xpath}.%s " \
|
||||
"Version=${version}" \
|
||||
"GitCommit=${commit}" \
|
||||
"BuildDate=${builddate}"
|
||||
)
|
Loading…
Reference in New Issue