openpkg
/
openpkg-packages


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169
							##
##  vault.spec -- OpenPKG RPM Package Specification
##  Copyright (c) 2000-2017 OpenPKG Foundation e.V. <http://openpkg.net/>
##
##  Permission to use, copy, modify, and distribute this software for
##  any purpose with or without fee is hereby granted, provided that
##  the above copyright notice and this permission notice appear in all
##  copies.
##
##  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
##  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
##  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
##  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
##  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
##  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
##  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
##  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
##  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
##  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
##  SUCH DAMAGE.
##

#   package version
%define       V_vault_opkg 0.8.1
%define       V_vault_base 0.8.1
%define       V_vault_snap 20170816

#   package information
Name:         vault
Summary:      Security Manager
URL:          https://www.vaultproject.io/
Vendor:       Hashicorp
Packager:     OpenPKG Foundation e.V.
Distribution: OpenPKG Community
Class:        EVAL
Group:        Networking
License:      MPL
Version:      %{V_vault_opkg}.%{V_vault_snap}
Release:      20170816

#   list of sources
Source0:      http://download.openpkg.org/components/versioned/vault/vault-%{V_vault_snap}.tar.xz
Source1:      rc.vault
Source2:      vault.hcl
Source3:      vault-tls.sh

#   build information
BuildPreReq:  OpenPKG, openpkg >= 20160101, go
PreReq:       OpenPKG, openpkg >= 20160101, cfssl

%description
    Vault is a tool for securely accessing secrets. A secret is
    anything that you want to tightly control access to, such as API
    keys, passwords, certificates, and more. Vault provides a unified
    interface to any secret, while providing tight access control and
    recording a detailed audit log.

%track
    prog vault:release = {
        version   = %{V_vault_base}
        url       = https://github.com/hashicorp/vault/releases
        regex     = v(\d+\.\d+\.\d+)\.tar\.gz
    }
    prog vault:snapshot = {
        version   = %{V_vault_snap}
        url       = http://download.openpkg.org/components/versioned/vault/
        regex     = vault-(__VER__)\.tar\.xz
    }

%prep
    %setup -q -n vault

%build
    #   build program
    export GOPATH=`pwd`
    cd src/github.com/hashicorp/vault
    go build -x -o bin/vault main.go

%install
    #   create directory hierarchy
    %{l_shtool} mkdir -f -p -m 755 \
        $RPM_BUILD_ROOT%{l_prefix}/bin \
        $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
        $RPM_BUILD_ROOT%{l_prefix}/etc/vault \
        $RPM_BUILD_ROOT%{l_prefix}/var/vault/log \
        $RPM_BUILD_ROOT%{l_prefix}/var/vault/run \
        $RPM_BUILD_ROOT%{l_prefix}/var/vault/db

    #   install program
    %{l_shtool} install -c -s -m 755 \
        src/github.com/hashicorp/vault/bin/vault \
        $RPM_BUILD_ROOT%{l_prefix}/bin/vault

    #   install default configuration
    %{l_shtool} install -c -m 644 %{l_value -s -a} \
        %{SOURCE vault.hcl} \
        $RPM_BUILD_ROOT%{l_prefix}/etc/vault/
    %{l_shtool} install -c -m 644 %{l_value -s -a} \
        %{SOURCE vault-tls.sh} \
        $RPM_BUILD_ROOT%{l_prefix}/etc/vault/

    #   install run-command script
    %{l_shtool} install -c -m 755 %{l_value -s -a} \
        %{SOURCE rc.vault} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/

    #   determine installation files
    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
        %{l_files_std} \
        '%config %{l_prefix}/etc/vault/*' \
        '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/vault/*'

%files -f files

%clean

%post
    if [ $1 -eq 1 ]; then
        #   on initial installation, generate initial credentials
        echo "Generate initial TLS credentials..." | \
            %{l_rpmtool} msg -b -t notice
        ( cd $RPM_INSTALL_PREFIX/etc/vault && %{l_bash} vault-tls.sh ) || exit $?

        #   on initial installation, display information about first steps
        ( echo "Your next steps should be:"
          echo "1. optionally (re)configure and (re)generate your TLS credentials:"
          echo "   \$ cd $RPM_INSTALL_PREFIX/etc/vault"
          echo "   \$ vi vault-tls.sh"
          echo "   \$ sh vault-tls.sh"
          echo "2. start Vault server:"
          echo "   \$ $RPM_INSTALL_PREFIX/bin/openpkg rc vault start"
          echo "3. prepare your client environment:"
          echo "   \$ export VAULT_ADDR=\"https://127.0.0.1:8200\""
          echo "   \$ export VAULT_CACERT=\"$RPM_INSTALL_PREFIX/etc/vault/vault-tls-ca.crt\""
          echo "4. initialize database (remember key and auth token):"
          echo "   \$ $RPM_INSTALL_PREFIX/bin/vault init -key-shares=1 -key-threshold=1"
          echo "5. check status:"
          echo "   \$ $RPM_INSTALL_PREFIX/bin/vault status"
          echo "6. unseal database (with remembered key):"
          echo "   \$ $RPM_INSTALL_PREFIX/bin/vault unseal <key>"
          echo "7. authenticate against database (with remembered auth token):"
          echo "   \$ $RPM_INSTALL_PREFIX/bin/vault auth <token>"
          echo "8. write data under <name>:"
          echo "   \$ $RPM_INSTALL_PREFIX/bin/vault write secret/<name> value=<value>"
          echo "9. read data under <name>:"
          echo "   \$ $RPM_INSTALL_PREFIX/bin/vault read -field=value secret/<name>"
        ) | %{l_rpmtool} msg -b -t notice
    elif [ $1 -eq 2 ]; then
        #   after upgrade, restart service
        eval `%{l_rc} vault status 2>/dev/null`
        [ ".$vault_active" = .yes ] && %{l_rc} vault restart
    fi
    exit 0

%preun
    if [ $1 -eq 0 ]; then
        #   before erase, stop service and remove log files
        %{l_rc} vault stop 2>/dev/null
        rm -f  $RPM_INSTALL_PREFIX/etc/vault/vault-tls-ca.crt >/dev/null 2>&1 || true
        rm -f  $RPM_INSTALL_PREFIX/etc/vault/vault-tls-ca.key >/dev/null 2>&1 || true
        rm -f  $RPM_INSTALL_PREFIX/etc/vault/vault-tls-sv.crt >/dev/null 2>&1 || true
        rm -f  $RPM_INSTALL_PREFIX/etc/vault/vault-tls-sv.key >/dev/null 2>&1 || true
        rm -rf $RPM_INSTALL_PREFIX/var/vault/log/*            >/dev/null 2>&1 || true
        rm -rf $RPM_INSTALL_PREFIX/var/vault/run/*            >/dev/null 2>&1 || true
        rm -rf $RPM_INSTALL_PREFIX/var/vault/db/*             >/dev/null 2>&1 || true
    fi
    exit 0