Attachment #253196 for bug #280619

Lines 422-428 prometheus:*:478: Link Here

(-)b/GIDs (-1 / +1 lines)
422	alertmanager:*:479:	422	alertmanager:*:479:
423	datadog:*:480:	423	datadog:*:480:
424	promxy:*:481:	424	promxy:*:481:
425	# free: 482	425	openbao:*:482
426	# free: 483	426	# free: 483
427	# free: 484	427	# free: 484
428	# free: 485	428	# free: 485

Lines 427-433 prometheus:*:478:478::0:0:Prometheus Daemon:/var/tmp/prometheus:/usr/sbin/nologi Link Here

(-)b/UIDs (-1 / +1 lines)
427	alertmanager:*:479:479::0:0:Alertmanager Daemon:/var/tmp/alertmanager:/usr/sbin/nologin	427	alertmanager:*:479:479::0:0:Alertmanager Daemon:/var/tmp/alertmanager:/usr/sbin/nologin
428	datadog:*:480:480::0:0:DataDog Agent:/var/db/datadog:/usr/sbin/nologin	428	datadog:*:480:480::0:0:DataDog Agent:/var/db/datadog:/usr/sbin/nologin
429	promxy:*:481:481::0:0:Promxy Daemon:/nonexistent:/usr/sbin/nologin	429	promxy:*:481:481::0:0:Promxy Daemon:/nonexistent:/usr/sbin/nologin
430	# free: 482	430	openbao:*:482:482:daemon:0:0:OpenBao Daemon:/nonexistent:/usr/sbin/nologin
431	# free: 483	431	# free: 483
432	# free: 484	432	# free: 484
433	# free: 485	433	# free: 485




PORTNAME=	openbao
PORTVERSION=	2.0.0
DISTVERSIONPREFIX=	v
CATEGORIES=	security

MAINTAINER=	jake@metalrip.com
COMMENT=	Tool for securely accessing secrets
WWW=		https://openbao.org/

LICENSE=	MPL20
LICENSE_FILE=	${WRKSRC}/LICENSE

GO=		go
BIN_NAME=	bao

# USES=		go:modules
USE_GITHUB=	yes

GITID= 		700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3
# GO_MODULE=	github.com/openbao/openbao
GO_BUILDFLAGS=	-ldflags="\
		-s \
		-X github.com/openbao/openbao/version.GitCommit=${GITID} \
		-X github.com/openbao/openbao/version.BuildDate=${SOURCE_DATE_EPOCH} \
		-X github.com/openbao/openbao/version.fullVersion=${PORTVERSION}"

USE_RC_SUBR=	openbao
SUB_FILES=	pkg-message
SUB_LIST=       GROUP=${GROUPS} USER=${USERS}
USERS=          ${PORTNAME}
GROUPS=         ${PORTNAME}

PLIST_FILES=	bin/${BIN_NAME}
GO_TARGET=	:${BIN_NAME}

do-build:
	@cd ${WRKSRC} && ${GO} mod tidy && ${GO} mod vendor
	@cd ${WRKSRC} && ${GO} build ${GO_BUILDFLAGS} -o bin/${BIN_NAME}

do-install:
	@echo "Installing ${PORTNAME} as ${BIN_NAME}"
	${MKDIR} ${STAGEDIR}${PREFIX}/bin
	${INSTALL_PROGRAM} ${WRKSRC}/bin/${BIN_NAME} ${STAGEDIR}${PREFIX}/bin/${BIN_NAME}

.include <bsd.port.mk>

Added Link Here

(-)b/security/openbao/distinfo (+5 lines)
1	TIMESTAMP = 1725068853
2	SHA256 (v2.0.0.zip) = aeb3cc3f74f8e09fd6b1ba920d62c5624a40b5926c947b2b2b495fe03b144064
3	SIZE (v2.0.0.zip) = 18291759
4	SHA256 (openbao-openbao-v2.0.0_GH0.tar.gz) = 0dcb7e7218890fdccd3b10205b93b96a186c4c3bc34b1fb328604d7ed6621ac4
5	SIZE (openbao-openbao-v2.0.0_GH0.tar.gz) = 15757091




#!/bin/sh

# PROVIDE: openbao
# REQUIRE: DAEMON
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# openbao_enable (bool):	Set it to YES to enable openbao.
#			Default is "NO".
# openbao_user (user):	Set user to run openbao.
#			Default is "openbao".
# openbao_group (group):	Set group to run openbao.
#			Default is "openbao".
# openbao_config (file):	Set openbao config file.
#			Default is "%%PREFIX%%/etc/openbao.hcl".
# openbao_syslog_output_enable (bool):	Set to enable syslog output.
#					Default is "NO". See daemon(8).
# openbao_syslog_output_priority (str):	Set syslog priority if syslog enabled.
#					Default is "info". See daemon(8).
# openbao_syslog_output_facility (str):	Set syslog facility if syslog enabled.
#					Default is "daemon". See daemon(8).
# openbao_limits_mlock (size): allowd memorylocked value in size. Default is 1024M

. /etc/rc.subr

name=openbao
rcvar=openbao_enable

load_rc_config $name

: ${openbao_enable:="NO"}
: ${openbao_user:="openbao"}
: ${openbao_group:="openbao"}
: ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"}
: ${openbao_limits_mlock:="1024M"}
: ${openbao_limits:="-l ${openbao_limits_mlock}"}

DAEMON=$(/usr/sbin/daemon 2>&1 | grep -q syslog ; echo $?)
if [ ${DAEMON} -eq 0 ]; then
        : ${openbao_syslog_output_enable:="NO"}
        : ${openbao_syslog_output_priority:="info"}
        : ${openbao_syslog_output_facility:="daemon"}
        if checkyesno openbao_syslog_output_enable; then
                openbao_syslog_output_flags="-T ${name}"

                if [ -n "${openbao_syslog_output_priority}" ]; then
                        openbao_syslog_output_flags="${openbao_syslog_output_flags} -s ${openbao_syslog_output_priority}"
                fi

                if [ -n "${openbao_syslog_output_facility}" ]; then
                        openbao_syslog_output_flags="${openbao_syslog_output_flags} -l ${openbao_syslog_output_facility}"
                fi
        fi
else
        openbao_syslog_output_enable="NO"
        openbao_syslog_output_flags=""
fi

pidfile=/var/run/openbao.pid
procname="%%PREFIX%%/bin/bao"
command="/usr/sbin/daemon"
command_args="-f -t ${name} ${openbao_syslog_output_flags} -p ${pidfile} /usr/bin/env ${openbao_env} ${procname} server -config=${openbao_config}"

extra_commands="reload monitor"
monitor_cmd=openbao_monitor
start_precmd=openbao_startprecmd
required_files="$openbao_config"

openbao_monitor()
{
	sig_reload=USR1
	run_rc_command "reload"
}

openbao_startprecmd()
{
        if [ ! -e ${pidfile} ]; then
                install -o ${openbao_user} -g ${openbao_group} /dev/null ${pidfile};
        fi

        if [ ! -d ${openbao_dir} ]; then
                install -d -o ${openbao_user} -g ${openbao_group} ${openbao_dir}
        fi
}

run_rc_command "$1"




[
{ type: install
  message: <<EOM
The bao user created by the bao package is now a member of the daemon
class, which will allow it to use mlock() when started by the rc script. This
will not be reflected in systems where the user already exists. Please add the
bao user to the daemon class manually by running:

pw usermod -L daemon -n openbao

or delete the user and reinstall the package.

You may also need to increase memorylocked for the daemon class in
/etc/rc.conf to more than 1024M (the default) or more:

openbao_limits_mlock="2048M"

Or to disable mlock, add:

disable_mlock = 1

to %%PREFIX%%/etc/openbao.hcl
EOM
}
]

Added Link Here

(-)b/security/openbao/pkg-descr (-1 / +4 lines)
0	-	1	OpenBao is a tool for securely accessing secrets. A secret is anything that you
		2	want to tightly control access to, such as API keys, passwords, certificates,
		3	and more. OpenBao provides a unified interface to any secret, while providing
		4	tight access control and recording a detailed audit log.

Return to bug 280619

Added Link Here

(-)b/security/openbao/Makefile (+45 lines)
1	PORTNAME= openbao
2	PORTVERSION= 2.0.0
3	DISTVERSIONPREFIX= v
4	CATEGORIES= security
5
6	MAINTAINER= jake@metalrip.com
7	COMMENT= Tool for securely accessing secrets
8	WWW= https://openbao.org/
9
10	LICENSE= MPL20
11	LICENSE_FILE= ${WRKSRC}/LICENSE
12
13	GO= go
14	BIN_NAME= bao
15
16	# USES= go:modules
17	USE_GITHUB= yes
18
19	GITID= 700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3
20	# GO_MODULE= github.com/openbao/openbao
21	GO_BUILDFLAGS= -ldflags="\
22	-s \
23	-X github.com/openbao/openbao/version.GitCommit=${GITID} \
24	-X github.com/openbao/openbao/version.BuildDate=${SOURCE_DATE_EPOCH} \
25	-X github.com/openbao/openbao/version.fullVersion=${PORTVERSION}"
26
27	USE_RC_SUBR= openbao
28	SUB_FILES= pkg-message
29	SUB_LIST= GROUP=${GROUPS} USER=${USERS}
30	USERS= ${PORTNAME}
31	GROUPS= ${PORTNAME}
32
33	PLIST_FILES= bin/${BIN_NAME}
34	GO_TARGET= :${BIN_NAME}
35
36	do-build:
37	@cd ${WRKSRC} && ${GO} mod tidy && ${GO} mod vendor
38	@cd ${WRKSRC} && ${GO} build ${GO_BUILDFLAGS} -o bin/${BIN_NAME}
39
40	do-install:
41	@echo "Installing ${PORTNAME} as ${BIN_NAME}"
42	${MKDIR} ${STAGEDIR}${PREFIX}/bin
43	${INSTALL_PROGRAM} ${WRKSRC}/bin/${BIN_NAME} ${STAGEDIR}${PREFIX}/bin/${BIN_NAME}
44
45	.include <bsd.port.mk>

Added Link Here

(-)b/security/openbao/files/openbao.in (+88 lines)
1	#!/bin/sh
2
3	# PROVIDE: openbao
4	# REQUIRE: DAEMON
5	# KEYWORD: shutdown
6	#
7	# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
8	# to enable this service:
9	#
10	# openbao_enable (bool): Set it to YES to enable openbao.
11	# Default is "NO".
12	# openbao_user (user): Set user to run openbao.
13	# Default is "openbao".
14	# openbao_group (group): Set group to run openbao.
15	# Default is "openbao".
16	# openbao_config (file): Set openbao config file.
17	# Default is "%%PREFIX%%/etc/openbao.hcl".
18	# openbao_syslog_output_enable (bool): Set to enable syslog output.
19	# Default is "NO". See daemon(8).
20	# openbao_syslog_output_priority (str): Set syslog priority if syslog enabled.
21	# Default is "info". See daemon(8).
22	# openbao_syslog_output_facility (str): Set syslog facility if syslog enabled.
23	# Default is "daemon". See daemon(8).
24	# openbao_limits_mlock (size): allowd memorylocked value in size. Default is 1024M
25
26	. /etc/rc.subr
27
28	name=openbao
29	rcvar=openbao_enable
30
31	load_rc_config $name
32
33	: ${openbao_enable:="NO"}
34	: ${openbao_user:="openbao"}
35	: ${openbao_group:="openbao"}
36	: ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"}
37	: ${openbao_limits_mlock:="1024M"}
38	: ${openbao_limits:="-l ${openbao_limits_mlock}"}
39
40	DAEMON=$(/usr/sbin/daemon 2>&1 \| grep -q syslog ; echo $?)
41	if [ ${DAEMON} -eq 0 ]; then
42	: ${openbao_syslog_output_enable:="NO"}
43	: ${openbao_syslog_output_priority:="info"}
44	: ${openbao_syslog_output_facility:="daemon"}
45	if checkyesno openbao_syslog_output_enable; then
46	openbao_syslog_output_flags="-T ${name}"
47
48	if [ -n "${openbao_syslog_output_priority}" ]; then
49	openbao_syslog_output_flags="${openbao_syslog_output_flags} -s ${openbao_syslog_output_priority}"
50	fi
51
52	if [ -n "${openbao_syslog_output_facility}" ]; then
53	openbao_syslog_output_flags="${openbao_syslog_output_flags} -l ${openbao_syslog_output_facility}"
54	fi
55	fi
56	else
57	openbao_syslog_output_enable="NO"
58	openbao_syslog_output_flags=""
59	fi
60
61	pidfile=/var/run/openbao.pid
62	procname="%%PREFIX%%/bin/bao"
63	command="/usr/sbin/daemon"
64	command_args="-f -t ${name} ${openbao_syslog_output_flags} -p ${pidfile} /usr/bin/env ${openbao_env} ${procname} server -config=${openbao_config}"
65
66	extra_commands="reload monitor"
67	monitor_cmd=openbao_monitor
68	start_precmd=openbao_startprecmd
69	required_files="$openbao_config"
70
71	openbao_monitor()
72	{
73	sig_reload=USR1
74	run_rc_command "reload"
75	}
76
77	openbao_startprecmd()
78	{
79	if [ ! -e ${pidfile} ]; then
80	install -o ${openbao_user} -g ${openbao_group} /dev/null ${pidfile};
81	fi
82
83	if [ ! -d ${openbao_dir} ]; then
84	install -d -o ${openbao_user} -g ${openbao_group} ${openbao_dir}
85	fi
86	}
87
88	run_rc_command "$1"

Added Link Here

(-)b/security/openbao/files/pkg-message.in (+25 lines)
1	[
2	{ type: install
3	message: <<EOM
4	The bao user created by the bao package is now a member of the daemon
5	class, which will allow it to use mlock() when started by the rc script. This
6	will not be reflected in systems where the user already exists. Please add the
7	bao user to the daemon class manually by running:
8
9	pw usermod -L daemon -n openbao
10
11	or delete the user and reinstall the package.
12
13	You may also need to increase memorylocked for the daemon class in
14	/etc/rc.conf to more than 1024M (the default) or more:
15
16	openbao_limits_mlock="2048M"
17
18	Or to disable mlock, add:
19
20	disable_mlock = 1
21
22	to %%PREFIX%%/etc/openbao.hcl
23	EOM
24	}
25	]