openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
93785 Commits
1 Branch
2 Tags
575 MiB
 
 
 
 
 
 
Tree: a1b60c2aa3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a1b60c2aa3'
${ noResults }
openpkg-packages/vault-unseal/vault-unseal.spec

138 lines
4.9 KiB
Raw Blame History

##
## vault-unseal.spec -- OpenPKG RPM Package Specification
## Copyright (c) 2000-2022 OpenPKG Project <http://openpkg.org/>
##
## Permission to use, copy, modify, and distribute this software for
## any purpose with or without fee is hereby granted, provided that
## the above copyright notice and this permission notice appear in all
## copies.
##
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
## SUCH DAMAGE.
##
# package version
%define V_opkg 0.0.8
%define V_dist 20211018
# package information
Name: vault-unseal
Summary: Vault Auto-Unsealing
URL: https://github.com/lrstanley/vault-unseal
Vendor: Liam Stanley
Packager: OpenPKG Project
Distribution: OpenPKG Community
Class: EVAL
Group: Database
License: MIT
Version: %{V_opkg}.%{V_dist}
Release: 20211018
# list of sources
Source0: http://download.openpkg.org/components/versioned/vault-unseal/vault-unseal-%{V_dist}.tar.xz
Source1: vault-unseal.yaml
Source2: rc.vault-unseal
Patch0: vault-unseal.patch
# build information
BuildPreReq: OpenPKG, openpkg >= 20160101, go
PreReq: OpenPKG, openpkg >= 20160101
%description
The database of the Vault secret store is encrypted with a master
key and hence still "sealed" on daemon startup. For Vaults
own operation it has to be "unsealed" first. For this three
approaches exist: (1) auto-unseal with a Cloud provider service,
(2) auto-unseal with a second Vault "transit" store or (3) manually
by at least N (of M) people via the "vault operator unseal"
command (executed locally or remotely). In case (1) and (2) are
not an option (or if the "transit" Vault of (2) has to be unsealed
itself) (3) can be automated. For this you run M instances of the
vault-unseal(8) daemon (for instance one on each node of a Vault
cluster itself). Each instance of vault-unseal(8) is given a subset
N of the M total number of unseal tokens.
%track
prog vault-unseal:release = {
version = %{V_opkg}
url = https://github.com/lrstanley/vault-unseal/releases
regex = v(__VER__)\.tar\.gz
}
prog vault-unseal:snapshot = {
version = %{V_dist}
url = http://download.openpkg.org/components/versioned/vault-unseal/
regex = vault-unseal-(__VER__)\.tar\.xz
}
%prep
%setup -q -n vault-unseal
%patch -p0
%build
# build program
export GOPATH=`pwd`
cd src/github.com/lrstanley/vault-unseal
go build -v -o vault-unseal *.go
%install
# create directory tree
%{l_shtool} mkdir -f -p -m 755 \
$RPM_BUILD_ROOT%{l_prefix}/sbin \
$RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
$RPM_BUILD_ROOT%{l_prefix}/etc/vault-unseal \
$RPM_BUILD_ROOT%{l_prefix}/var/vault-unseal/log \
$RPM_BUILD_ROOT%{l_prefix}/var/vault-unseal/run
# install program
%{l_shtool} install -c -s -m 755 \
src/github.com/lrstanley/vault-unseal/vault-unseal \
$RPM_BUILD_ROOT%{l_prefix}/sbin/
# install default configuration
%{l_shtool} install -c -m 644 %{l_value -s -a} \
%{SOURCE vault-unseal.yaml} $RPM_BUILD_ROOT%{l_prefix}/etc/vault-unseal/
# install run-command script
%{l_shtool} install -c -m 644 %{l_value -s -a} \
%{SOURCE rc.vault-unseal} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
# determine installation files
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
%{l_files_std} \
'%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/etc/vault-unseal' \
'%config %attr(0600,%{l_rusr},%{l_rusr}) %{l_prefix}/etc/vault-unseal/*' \
'%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/vault-unseal/*'
%files -f files
%clean
%post
if [ $1 -eq 2 ]; then
# after upgrade, restart service
eval `%{l_rc} vault-unseal status 2>/dev/null`
[ ".$vault_unseal_active" = .yes ] && %{l_rc} vault-unseal restart
fi
exit 0
%preun
if [ $1 -eq 0 ]; then
# stop service
%{l_rc} vault-unseal stop 2>/dev/null
# remove run-time files
rm -f $RPM_INSTALL_PREFIX/var/vault-unseal/log/* >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/var/vault-unseal/run/* >/dev/null 2>&1 || true
fi
exit 0