openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
93717 Commits
1 Branch
2 Tags
575 MiB
 
 
 
 
 
 
Tree: cd33d56f43
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cd33d56f43'
${ noResults }
openpkg-packages/vault/vault.spec

177 lines
7.2 KiB
Raw Blame History

##
## vault.spec -- OpenPKG RPM Package Specification
## Copyright (c) 2000-2022 OpenPKG Project <http://openpkg.org/>
##
## Permission to use, copy, modify, and distribute this software for
## any purpose with or without fee is hereby granted, provided that
## the above copyright notice and this permission notice appear in all
## copies.
##
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
## SUCH DAMAGE.
##
# package version
%define V_vault_opkg 1.9.2
%define V_vault_base 1.9.2
%define V_vault_snap 20211222
# package information
Name: vault
Summary: Security Manager
URL: https://www.vaultproject.io/
Vendor: Hashicorp
Packager: OpenPKG Project
Distribution: OpenPKG Community
Class: EVAL
Group: Networking
License: MPL
Version: %{V_vault_opkg}.%{V_vault_snap}
Release: 20211222
# list of sources
Source0: http://download.openpkg.org/components/versioned/vault/vault-%{V_vault_snap}.tar.xz
Source1: rc.vault
Source2: vault.hcl
Source3: vault-tls.sh
# build information
BuildPreReq: OpenPKG, openpkg >= 20160101, go
PreReq: OpenPKG, openpkg >= 20160101, cfssl
%description
Vault is a tool for securely accessing secrets. A secret is
anything that you want to tightly control access to, such as API
keys, passwords, certificates, and more. Vault provides a unified
interface to any secret, while providing tight access control and
recording a detailed audit log.
%track
prog vault:release = {
version = %{V_vault_base}
url = https://github.com/hashicorp/vault/releases
regex = v(\d+\.\d+\.\d+)\.tar\.gz
}
prog vault:snapshot = {
version = %{V_vault_snap}
url = http://download.openpkg.org/components/versioned/vault/
regex = vault-(__VER__)\.tar\.xz
}
%prep
%setup -q -n vault
%build
# build program
export GOPATH=`pwd`
cd src/github.com/hashicorp/vault
go build -v -o vault main.go
%install
# create directory hierarchy
%{l_shtool} mkdir -f -p -m 755 \
$RPM_BUILD_ROOT%{l_prefix}/bin \
$RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
$RPM_BUILD_ROOT%{l_prefix}/etc/vault \
$RPM_BUILD_ROOT%{l_prefix}/var/vault/log \
$RPM_BUILD_ROOT%{l_prefix}/var/vault/run \
$RPM_BUILD_ROOT%{l_prefix}/var/vault/db
# install program
%{l_shtool} install -c -s -m 755 \
src/github.com/hashicorp/vault/vault \
$RPM_BUILD_ROOT%{l_prefix}/bin/vault
# install default configuration
%{l_shtool} install -c -m 644 %{l_value -s -a} \
%{SOURCE vault.hcl} \
$RPM_BUILD_ROOT%{l_prefix}/etc/vault/
%{l_shtool} install -c -m 644 %{l_value -s -a} \
%{SOURCE vault-tls.sh} \
$RPM_BUILD_ROOT%{l_prefix}/etc/vault/
# install run-command script
%{l_shtool} install -c -m 755 %{l_value -s -a} \
%{SOURCE rc.vault} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
# determine installation files
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
%{l_files_std} \
'%config %{l_prefix}/etc/vault/*' \
'%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/vault/*'
%files -f files
%clean
%post
if [ $1 -eq 1 ]; then
# on initial installation, generate initial credentials
echo "Generate initial TLS credentials..." | \
%{l_rpmtool} msg -b -t notice
( cd $RPM_INSTALL_PREFIX/etc/vault && %{l_bash} vault-tls.sh ) || exit $?
# on initial installation, display information about first steps
( echo "Your next steps should be:"
echo "1. optionally (re)configure and (re)generate your TLS credentials:"
echo " \$ cd $RPM_INSTALL_PREFIX/etc/vault"
echo " \$ vi vault-tls.sh"
echo " \$ sh vault-tls.sh"
echo "2. start Vault server:"
echo " \$ $RPM_INSTALL_PREFIX/bin/openpkg rc vault start"
echo "3. prepare your client environment:"
echo " \$ export VAULT_ADDR=\"https://127.0.0.1:8200\""
echo " \$ export VAULT_CACERT=\"$RPM_INSTALL_PREFIX/etc/vault/vault-tls-ca.crt\""
echo "4. check status (understand it is still sealed):"
echo " \$ $RPM_INSTALL_PREFIX/bin/vault status"
echo "5. initialize database (remember unseal key and root token):"
echo " \$ $RPM_INSTALL_PREFIX/bin/vault operator init \\%{l_nil}"
echo " -key-shares=1 -key-threshold=1 \\%{l_nil}"
echo " -recovery-shares=1 -recovery-threshold=1"
echo " In case of a Vault cluster of N nodes use (N>K>1):"
echo " \$ $RPM_INSTALL_PREFIX/bin/vault operator init \\%{l_nil}"
echo " -key-shares=N -key-threshold=K \\%{l_nil}"
echo " -recovery-shares=N -recovery-threshold=K"
echo "6. unseal database (with remembered unseal key):"
echo " \$ $RPM_INSTALL_PREFIX/bin/vault operator unseal <key>"
echo "7. authenticate against database (use remembered root token):"
echo " \$ $RPM_INSTALL_PREFIX/bin/vault login -method=token"
echo "8. create key/value secret engine:"
echo " \$ $RPM_INSTALL_PREFIX/bin/vault secrets enable \\%{l_nil}"
echo " -version=2 -description=\"key-value store\" -path=kv kv"
echo "9. write key/value data under <name>:"
echo " \$ $RPM_INSTALL_PREFIX/bin/vault kv put kv/<name> <key>=<value>"
echo "10. read key/value data under <name>:"
echo " \$ $RPM_INSTALL_PREFIX/bin/vault kv get -field=<key> kv/<name>"
) | %{l_rpmtool} msg -b -t notice
elif [ $1 -eq 2 ]; then
# after upgrade, restart service
eval `%{l_rc} vault status 2>/dev/null`
[ ".$vault_active" = .yes ] && %{l_rc} vault restart
fi
exit 0
%preun
if [ $1 -eq 0 ]; then
# before erase, stop service and remove log files
%{l_rc} vault stop 2>/dev/null
rm -f $RPM_INSTALL_PREFIX/etc/vault/vault-tls-ca.crt >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/etc/vault/vault-tls-ca.key >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/etc/vault/vault-tls-sv.crt >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/etc/vault/vault-tls-sv.key >/dev/null 2>&1 || true
rm -rf $RPM_INSTALL_PREFIX/var/vault/log/* >/dev/null 2>&1 || true
rm -rf $RPM_INSTALL_PREFIX/var/vault/run/* >/dev/null 2>&1 || true
rm -rf $RPM_INSTALL_PREFIX/var/vault/db/* >/dev/null 2>&1 || true
fi
exit 0