Attachment #253246 for bug #280619




From 0989edb30253aeeb2ab4a6fef548c33a1118dde4 Mon Sep 17 00:00:00 2001
From: Charlie Root <jake@metalrip.com>
Date: Fri, 30 Aug 2024 22:55:05 -0400
Subject: [PATCH] added security/openbao as UID/GID 482

---
 GIDs                                  |  2 +-
 UIDs                                  |  2 +-
 security/openbao/Makefile             | 45 ++++++++++++++
 security/openbao/distinfo             |  5 ++
 security/openbao/files/openbao.in     | 88 +++++++++++++++++++++++++++
 security/openbao/files/pkg-message.in | 25 ++++++++
 security/openbao/pkg-descr            |  4 ++
 7 files changed, 169 insertions(+), 2 deletions(-)
 create mode 100644 security/openbao/Makefile
 create mode 100644 security/openbao/distinfo
 create mode 100644 security/openbao/files/openbao.in
 create mode 100644 security/openbao/files/pkg-message.in
 create mode 100644 security/openbao/pkg-descr

diff --git a/GIDs b/GIDs
index aa63249122f3..df132f6913a8 100644
--- a/GIDs
+++ b/GIDs
@@ -422,7 +422,7 @@ prometheus:*:478:
 alertmanager:*:479:
 datadog:*:480:
 promxy:*:481:
-# free: 482
+openbao:*:482
 # free: 483
 # free: 484
 # free: 485
diff --git a/UIDs b/UIDs
index ebc717fa6fdb..234a2f293d3d 100644
--- a/UIDs
+++ b/UIDs
@@ -427,7 +427,7 @@ prometheus:*:478:478::0:0:Prometheus Daemon:/var/tmp/prometheus:/usr/sbin/nologi
 alertmanager:*:479:479::0:0:Alertmanager Daemon:/var/tmp/alertmanager:/usr/sbin/nologin
 datadog:*:480:480::0:0:DataDog Agent:/var/db/datadog:/usr/sbin/nologin
 promxy:*:481:481::0:0:Promxy Daemon:/nonexistent:/usr/sbin/nologin
-# free: 482
+openbao:*:482:482:daemon:0:0:OpenBao Daemon:/nonexistent:/usr/sbin/nologin
 # free: 483
 # free: 484
 # free: 485
diff --git a/security/openbao/Makefile b/security/openbao/Makefile
new file mode 100644
index 000000000000..250b32a48929
--- /dev/null
+++ b/security/openbao/Makefile
@@ -0,0 +1,45 @@
+PORTNAME=	openbao
+PORTVERSION=	2.0.0
+DISTVERSIONPREFIX=	v
+CATEGORIES=	security
+
+MAINTAINER=	jake@metalrip.com
+COMMENT=	Tool for securely accessing secrets
+WWW=		https://openbao.org/
+
+LICENSE=	MPL20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+GO=		go
+BIN_NAME=	bao
+
+# USES=		go:modules
+USE_GITHUB=	yes
+
+GITID= 		700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3
+# GO_MODULE=	github.com/openbao/openbao
+GO_BUILDFLAGS=	-ldflags="\
+		-s \
+		-X github.com/openbao/openbao/version.GitCommit=${GITID} \
+		-X github.com/openbao/openbao/version.BuildDate=${SOURCE_DATE_EPOCH} \
+		-X github.com/openbao/openbao/version.fullVersion=${PORTVERSION}"
+
+USE_RC_SUBR=	openbao
+SUB_FILES=	pkg-message
+SUB_LIST=       GROUP=${GROUPS} USER=${USERS}
+USERS=          ${PORTNAME}
+GROUPS=         ${PORTNAME}
+
+PLIST_FILES=	bin/${BIN_NAME}
+GO_TARGET=	:${BIN_NAME}
+
+do-build:
+	@cd ${WRKSRC} && ${GO} mod tidy && ${GO} mod vendor
+	@cd ${WRKSRC} && ${GO} build ${GO_BUILDFLAGS} -o bin/${BIN_NAME}
+
+do-install:
+	@echo "Installing ${PORTNAME} as ${BIN_NAME}"
+	${MKDIR} ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/bin/${BIN_NAME} ${STAGEDIR}${PREFIX}/bin/${BIN_NAME}
+
+.include <bsd.port.mk>
diff --git a/security/openbao/distinfo b/security/openbao/distinfo
new file mode 100644
index 000000000000..1baafac3bc66
--- /dev/null
+++ b/security/openbao/distinfo
@@ -0,0 +1,5 @@
+TIMESTAMP = 1725068853
+SHA256 (v2.0.0.zip) = aeb3cc3f74f8e09fd6b1ba920d62c5624a40b5926c947b2b2b495fe03b144064
+SIZE (v2.0.0.zip) = 18291759
+SHA256 (openbao-openbao-v2.0.0_GH0.tar.gz) = 0dcb7e7218890fdccd3b10205b93b96a186c4c3bc34b1fb328604d7ed6621ac4
+SIZE (openbao-openbao-v2.0.0_GH0.tar.gz) = 15757091
diff --git a/security/openbao/files/openbao.in b/security/openbao/files/openbao.in
new file mode 100644
index 000000000000..8c8572309539
--- /dev/null
+++ b/security/openbao/files/openbao.in
@@ -0,0 +1,88 @@
+#!/bin/sh
+
+# PROVIDE: openbao
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# openbao_enable (bool):	Set it to YES to enable openbao.
+#			Default is "NO".
+# openbao_user (user):	Set user to run openbao.
+#			Default is "openbao".
+# openbao_group (group):	Set group to run openbao.
+#			Default is "openbao".
+# openbao_config (file):	Set openbao config file.
+#			Default is "%%PREFIX%%/etc/openbao.hcl".
+# openbao_syslog_output_enable (bool):	Set to enable syslog output.
+#					Default is "NO". See daemon(8).
+# openbao_syslog_output_priority (str):	Set syslog priority if syslog enabled.
+#					Default is "info". See daemon(8).
+# openbao_syslog_output_facility (str):	Set syslog facility if syslog enabled.
+#					Default is "daemon". See daemon(8).
+# openbao_limits_mlock (size): allowd memorylocked value in size. Default is 1024M
+
+. /etc/rc.subr
+
+name=openbao
+rcvar=openbao_enable
+
+load_rc_config $name
+
+: ${openbao_enable:="NO"}
+: ${openbao_user:="openbao"}
+: ${openbao_group:="openbao"}
+: ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"}
+: ${openbao_limits_mlock:="1024M"}
+: ${openbao_limits:="-l ${openbao_limits_mlock}"}
+
+DAEMON=$(/usr/sbin/daemon 2>&1 | grep -q syslog ; echo $?)
+if [ ${DAEMON} -eq 0 ]; then
+        : ${openbao_syslog_output_enable:="NO"}
+        : ${openbao_syslog_output_priority:="info"}
+        : ${openbao_syslog_output_facility:="daemon"}
+        if checkyesno openbao_syslog_output_enable; then
+                openbao_syslog_output_flags="-T ${name}"
+
+                if [ -n "${openbao_syslog_output_priority}" ]; then
+                        openbao_syslog_output_flags="${openbao_syslog_output_flags} -s ${openbao_syslog_output_priority}"
+                fi
+
+                if [ -n "${openbao_syslog_output_facility}" ]; then
+                        openbao_syslog_output_flags="${openbao_syslog_output_flags} -l ${openbao_syslog_output_facility}"
+                fi
+        fi
+else
+        openbao_syslog_output_enable="NO"
+        openbao_syslog_output_flags=""
+fi
+
+pidfile=/var/run/openbao.pid
+procname="%%PREFIX%%/bin/bao"
+command="/usr/sbin/daemon"
+command_args="-f -t ${name} ${openbao_syslog_output_flags} -p ${pidfile} /usr/bin/env ${openbao_env} ${procname} server -config=${openbao_config}"
+
+extra_commands="reload monitor"
+monitor_cmd=openbao_monitor
+start_precmd=openbao_startprecmd
+required_files="$openbao_config"
+
+openbao_monitor()
+{
+	sig_reload=USR1
+	run_rc_command "reload"
+}
+
+openbao_startprecmd()
+{
+        if [ ! -e ${pidfile} ]; then
+                install -o ${openbao_user} -g ${openbao_group} /dev/null ${pidfile};
+        fi
+
+        if [ ! -d ${openbao_dir} ]; then
+                install -d -o ${openbao_user} -g ${openbao_group} ${openbao_dir}
+        fi
+}
+
+run_rc_command "$1"
diff --git a/security/openbao/files/pkg-message.in b/security/openbao/files/pkg-message.in
new file mode 100644
index 000000000000..8501ff3d4544
--- /dev/null
+++ b/security/openbao/files/pkg-message.in
@@ -0,0 +1,25 @@
+[
+{ type: install
+  message: <<EOM
+The bao user created by the bao package is now a member of the daemon
+class, which will allow it to use mlock() when started by the rc script. This
+will not be reflected in systems where the user already exists. Please add the
+bao user to the daemon class manually by running:
+
+pw usermod -L daemon -n openbao
+
+or delete the user and reinstall the package.
+
+You may also need to increase memorylocked for the daemon class in
+/etc/rc.conf to more than 1024M (the default) or more:
+
+openbao_limits_mlock="2048M"
+
+Or to disable mlock, add:
+
+disable_mlock = 1
+
+to %%PREFIX%%/etc/openbao.hcl
+EOM
+}
+]
diff --git a/security/openbao/pkg-descr b/security/openbao/pkg-descr
new file mode 100644
index 000000000000..4645826c021f
--- /dev/null
+++ b/security/openbao/pkg-descr
@@ -0,0 +1,4 @@
+OpenBao is a tool for securely accessing secrets. A secret is anything that you
+want to tightly control access to, such as API keys, passwords, certificates,
+and more. OpenBao provides a unified interface to any secret, while providing
+tight access control and recording a detailed audit log.
-- 
2.45.2


Lines 13-23 LICENSE_FILE= ${WRKSRC}/LICENSE Link Here

(-)b/security/openbao/Makefile (-3 / +4 lines)
13	GO= go	13	GO= go
14	BIN_NAME= bao	14	BIN_NAME= bao
15		15
16	# USES= go:modules
17	USE_GITHUB= yes	16	USE_GITHUB= yes
18
19	GITID= 700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3	17	GITID= 700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3
20	# GO_MODULE= github.com/openbao/openbao	18
		19	TIMEEPOCHNOW= %Y-%m-%dT%H:%M:%SZ
		20	SOURCE_DATE_EPOCH= ${TIMEEPOCHNOW:gmtime}
		21
21	GO_BUILDFLAGS= -ldflags="\	22	GO_BUILDFLAGS= -ldflags="\
22	-s \	23	-s \
23	-X github.com/openbao/openbao/version.GitCommit=${GITID} \	24	-X github.com/openbao/openbao/version.GitCommit=${GITID} \

Lines 1-5 Link Here

(-)b/security/openbao/distinfo (-3 / +1 lines)
1	TIMESTAMP = 1725068853	1	TIMESTAMP = 1725208548
2	SHA256 (v2.0.0.zip) = aeb3cc3f74f8e09fd6b1ba920d62c5624a40b5926c947b2b2b495fe03b144064
3	SIZE (v2.0.0.zip) = 18291759
4	SHA256 (openbao-openbao-v2.0.0_GH0.tar.gz) = 0dcb7e7218890fdccd3b10205b93b96a186c4c3bc34b1fb328604d7ed6621ac4	2	SHA256 (openbao-openbao-v2.0.0_GH0.tar.gz) = 0dcb7e7218890fdccd3b10205b93b96a186c4c3bc34b1fb328604d7ed6621ac4
5	SIZE (openbao-openbao-v2.0.0_GH0.tar.gz) = 15757091	3	SIZE (openbao-openbao-v2.0.0_GH0.tar.gz) = 15757091




# openbao_enable (bool):	Set it to YES to enable openbao.
#			Default is "NO".
# openbao_user (user):	Set user to run openbao.
#			Default is "%%USER%%".
# openbao_group (group):	Set group to run openbao.
#			Default is "%%GROUP%%".
# openbao_config (file):	Set openbao config file.
#			Default is "%%PREFIX%%/etc/openbao.hcl".
# openbao_syslog_output_enable (bool):	Set to enable syslog output.

load_rc_config $name

: ${openbao_enable:="NO"}
: ${openbao_user:=%%USER%%}
: ${openbao_group:=%%GROUP%%}
: ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"}
: ${openbao_limits_mlock:="1024M"}
: ${openbao_limits:="-l ${openbao_limits_mlock}"}




[
{ type: install
  message: <<EOM
The %%USER%% user created by the openbao package is now a member of the daemon
class, which will allow it to use mlock() when started by the rc script. This
will not be reflected in systems where the user already exists. Please add the
bao user to the daemon class manually by running:

pw usermod -L daemon -n %%USER%%

or delete the user and reinstall the package.

- 

Return to bug 280619

Added Link Here

(-)b/0001-added-security-openbao-as-UID-GID-482.patch (+246 lines)
1	From 0989edb30253aeeb2ab4a6fef548c33a1118dde4 Mon Sep 17 00:00:00 2001
2	From: Charlie Root <jake@metalrip.com>
3	Date: Fri, 30 Aug 2024 22:55:05 -0400
4	Subject: [PATCH] added security/openbao as UID/GID 482
5
6	---
7	GIDs \| 2 +-
8	UIDs \| 2 +-
9	security/openbao/Makefile \| 45 ++++++++++++++
10	security/openbao/distinfo \| 5 ++
11	security/openbao/files/openbao.in \| 88 +++++++++++++++++++++++++++
12	security/openbao/files/pkg-message.in \| 25 ++++++++
13	security/openbao/pkg-descr \| 4 ++
14	7 files changed, 169 insertions(+), 2 deletions(-)
15	create mode 100644 security/openbao/Makefile
16	create mode 100644 security/openbao/distinfo
17	create mode 100644 security/openbao/files/openbao.in
18	create mode 100644 security/openbao/files/pkg-message.in
19	create mode 100644 security/openbao/pkg-descr
20
21	diff --git a/GIDs b/GIDs
22	index aa63249122f3..df132f6913a8 100644
23	--- a/GIDs
24	+++ b/GIDs
25	@@ -422,7 +422,7 @@ prometheus:*:478:
26	alertmanager:*:479:
27	datadog:*:480:
28	promxy:*:481:
29	-# free: 482
30	+openbao:*:482
31	# free: 483
32	# free: 484
33	# free: 485
34	diff --git a/UIDs b/UIDs
35	index ebc717fa6fdb..234a2f293d3d 100644
36	--- a/UIDs
37	+++ b/UIDs
38	@@ -427,7 +427,7 @@ prometheus:*:478:478::0:0:Prometheus Daemon:/var/tmp/prometheus:/usr/sbin/nologi
39	alertmanager:*:479:479::0:0:Alertmanager Daemon:/var/tmp/alertmanager:/usr/sbin/nologin
40	datadog:*:480:480::0:0:DataDog Agent:/var/db/datadog:/usr/sbin/nologin
41	promxy:*:481:481::0:0:Promxy Daemon:/nonexistent:/usr/sbin/nologin
42	-# free: 482
43	+openbao:*:482:482:daemon:0:0:OpenBao Daemon:/nonexistent:/usr/sbin/nologin
44	# free: 483
45	# free: 484
46	# free: 485
47	diff --git a/security/openbao/Makefile b/security/openbao/Makefile
48	new file mode 100644
49	index 000000000000..250b32a48929
50	--- /dev/null
51	+++ b/security/openbao/Makefile
52	@@ -0,0 +1,45 @@
53	+PORTNAME= openbao
54	+PORTVERSION= 2.0.0
55	+DISTVERSIONPREFIX= v
56	+CATEGORIES= security
57	+
58	+MAINTAINER= jake@metalrip.com
59	+COMMENT= Tool for securely accessing secrets
60	+WWW= https://openbao.org/
61	+
62	+LICENSE= MPL20
63	+LICENSE_FILE= ${WRKSRC}/LICENSE
64	+
65	+GO= go
66	+BIN_NAME= bao
67	+
68	+# USES= go:modules
69	+USE_GITHUB= yes
70	+
71	+GITID= 700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3
72	+# GO_MODULE= github.com/openbao/openbao
73	+GO_BUILDFLAGS= -ldflags="\
74	+ -s \
75	+ -X github.com/openbao/openbao/version.GitCommit=${GITID} \
76	+ -X github.com/openbao/openbao/version.BuildDate=${SOURCE_DATE_EPOCH} \
77	+ -X github.com/openbao/openbao/version.fullVersion=${PORTVERSION}"
78	+
79	+USE_RC_SUBR= openbao
80	+SUB_FILES= pkg-message
81	+SUB_LIST= GROUP=${GROUPS} USER=${USERS}
82	+USERS= ${PORTNAME}
83	+GROUPS= ${PORTNAME}
84	+
85	+PLIST_FILES= bin/${BIN_NAME}
86	+GO_TARGET= :${BIN_NAME}
87	+
88	+do-build:
89	+ @cd ${WRKSRC} && ${GO} mod tidy && ${GO} mod vendor
90	+ @cd ${WRKSRC} && ${GO} build ${GO_BUILDFLAGS} -o bin/${BIN_NAME}
91	+
92	+do-install:
93	+ @echo "Installing ${PORTNAME} as ${BIN_NAME}"
94	+ ${MKDIR} ${STAGEDIR}${PREFIX}/bin
95	+ ${INSTALL_PROGRAM} ${WRKSRC}/bin/${BIN_NAME} ${STAGEDIR}${PREFIX}/bin/${BIN_NAME}
96	+
97	+.include <bsd.port.mk>
98	diff --git a/security/openbao/distinfo b/security/openbao/distinfo
99	new file mode 100644
100	index 000000000000..1baafac3bc66
101	--- /dev/null
102	+++ b/security/openbao/distinfo
103	@@ -0,0 +1,5 @@
104	+TIMESTAMP = 1725068853
105	+SHA256 (v2.0.0.zip) = aeb3cc3f74f8e09fd6b1ba920d62c5624a40b5926c947b2b2b495fe03b144064
106	+SIZE (v2.0.0.zip) = 18291759
107	+SHA256 (openbao-openbao-v2.0.0_GH0.tar.gz) = 0dcb7e7218890fdccd3b10205b93b96a186c4c3bc34b1fb328604d7ed6621ac4
108	+SIZE (openbao-openbao-v2.0.0_GH0.tar.gz) = 15757091
109	diff --git a/security/openbao/files/openbao.in b/security/openbao/files/openbao.in
110	new file mode 100644
111	index 000000000000..8c8572309539
112	--- /dev/null
113	+++ b/security/openbao/files/openbao.in
114	@@ -0,0 +1,88 @@
115	+#!/bin/sh
116	+
117	+# PROVIDE: openbao
118	+# REQUIRE: DAEMON
119	+# KEYWORD: shutdown
120	+#
121	+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
122	+# to enable this service:
123	+#
124	+# openbao_enable (bool): Set it to YES to enable openbao.
125	+# Default is "NO".
126	+# openbao_user (user): Set user to run openbao.
127	+# Default is "openbao".
128	+# openbao_group (group): Set group to run openbao.
129	+# Default is "openbao".
130	+# openbao_config (file): Set openbao config file.
131	+# Default is "%%PREFIX%%/etc/openbao.hcl".
132	+# openbao_syslog_output_enable (bool): Set to enable syslog output.
133	+# Default is "NO". See daemon(8).
134	+# openbao_syslog_output_priority (str): Set syslog priority if syslog enabled.
135	+# Default is "info". See daemon(8).
136	+# openbao_syslog_output_facility (str): Set syslog facility if syslog enabled.
137	+# Default is "daemon". See daemon(8).
138	+# openbao_limits_mlock (size): allowd memorylocked value in size. Default is 1024M
139	+
140	+. /etc/rc.subr
141	+
142	+name=openbao
143	+rcvar=openbao_enable
144	+
145	+load_rc_config $name
146	+
147	+: ${openbao_enable:="NO"}
148	+: ${openbao_user:="openbao"}
149	+: ${openbao_group:="openbao"}
150	+: ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"}
151	+: ${openbao_limits_mlock:="1024M"}
152	+: ${openbao_limits:="-l ${openbao_limits_mlock}"}
153	+
154	+DAEMON=$(/usr/sbin/daemon 2>&1 \| grep -q syslog ; echo $?)
155	+if [ ${DAEMON} -eq 0 ]; then
156	+ : ${openbao_syslog_output_enable:="NO"}
157	+ : ${openbao_syslog_output_priority:="info"}
158	+ : ${openbao_syslog_output_facility:="daemon"}
159	+ if checkyesno openbao_syslog_output_enable; then
160	+ openbao_syslog_output_flags="-T ${name}"
161	+
162	+ if [ -n "${openbao_syslog_output_priority}" ]; then
163	+ openbao_syslog_output_flags="${openbao_syslog_output_flags} -s ${openbao_syslog_output_priority}"
164	+ fi
165	+
166	+ if [ -n "${openbao_syslog_output_facility}" ]; then
167	+ openbao_syslog_output_flags="${openbao_syslog_output_flags} -l ${openbao_syslog_output_facility}"
168	+ fi
169	+ fi
170	+else
171	+ openbao_syslog_output_enable="NO"
172	+ openbao_syslog_output_flags=""
173	+fi
174	+
175	+pidfile=/var/run/openbao.pid
176	+procname="%%PREFIX%%/bin/bao"
177	+command="/usr/sbin/daemon"
178	+command_args="-f -t ${name} ${openbao_syslog_output_flags} -p ${pidfile} /usr/bin/env ${openbao_env} ${procname} server -config=${openbao_config}"
179	+
180	+extra_commands="reload monitor"
181	+monitor_cmd=openbao_monitor
182	+start_precmd=openbao_startprecmd
183	+required_files="$openbao_config"
184	+
185	+openbao_monitor()
186	+{
187	+ sig_reload=USR1
188	+ run_rc_command "reload"
189	+}
190	+
191	+openbao_startprecmd()
192	+{
193	+ if [ ! -e ${pidfile} ]; then
194	+ install -o ${openbao_user} -g ${openbao_group} /dev/null ${pidfile};
195	+ fi
196	+
197	+ if [ ! -d ${openbao_dir} ]; then
198	+ install -d -o ${openbao_user} -g ${openbao_group} ${openbao_dir}
199	+ fi
200	+}
201	+
202	+run_rc_command "$1"
203	diff --git a/security/openbao/files/pkg-message.in b/security/openbao/files/pkg-message.in
204	new file mode 100644
205	index 000000000000..8501ff3d4544
206	--- /dev/null
207	+++ b/security/openbao/files/pkg-message.in
208	@@ -0,0 +1,25 @@
209	+[
210	+{ type: install
211	+ message: <<EOM
212	+The bao user created by the bao package is now a member of the daemon
213	+class, which will allow it to use mlock() when started by the rc script. This
214	+will not be reflected in systems where the user already exists. Please add the
215	+bao user to the daemon class manually by running:
216	+
217	+pw usermod -L daemon -n openbao
218	+
219	+or delete the user and reinstall the package.
220	+
221	+You may also need to increase memorylocked for the daemon class in
222	+/etc/rc.conf to more than 1024M (the default) or more:
223	+
224	+openbao_limits_mlock="2048M"
225	+
226	+Or to disable mlock, add:
227	+
228	+disable_mlock = 1
229	+
230	+to %%PREFIX%%/etc/openbao.hcl
231	+EOM
232	+}
233	+]
234	diff --git a/security/openbao/pkg-descr b/security/openbao/pkg-descr
235	new file mode 100644
236	index 000000000000..4645826c021f
237	--- /dev/null
238	+++ b/security/openbao/pkg-descr
239	@@ -0,0 +1,4 @@
240	+OpenBao is a tool for securely accessing secrets. A secret is anything that you
241	+want to tightly control access to, such as API keys, passwords, certificates,
242	+and more. OpenBao provides a unified interface to any secret, while providing
243	+tight access control and recording a detailed audit log.
244	--
245	2.45.2
246

Lines 10-18 Link Here

(-)b/security/openbao/files/openbao.in (-4 / +4 lines)
10	# openbao_enable (bool): Set it to YES to enable openbao.	10	# openbao_enable (bool): Set it to YES to enable openbao.
11	# Default is "NO".	11	# Default is "NO".
12	# openbao_user (user): Set user to run openbao.	12	# openbao_user (user): Set user to run openbao.
13	# Default is "openbao".	13	# Default is "%%USER%%".
14	# openbao_group (group): Set group to run openbao.	14	# openbao_group (group): Set group to run openbao.
15	# Default is "openbao".	15	# Default is "%%GROUP%%".
16	# openbao_config (file): Set openbao config file.	16	# openbao_config (file): Set openbao config file.
17	# Default is "%%PREFIX%%/etc/openbao.hcl".	17	# Default is "%%PREFIX%%/etc/openbao.hcl".
18	# openbao_syslog_output_enable (bool): Set to enable syslog output.	18	# openbao_syslog_output_enable (bool): Set to enable syslog output.
Lines 31-38 rcvar=openbao_enable Link Here
31	load_rc_config $name	31	load_rc_config $name
32		32
33	: ${openbao_enable:="NO"}	33	: ${openbao_enable:="NO"}
34	: ${openbao_user:="openbao"}	34	: ${openbao_user:=%%USER%%}
35	: ${openbao_group:="openbao"}	35	: ${openbao_group:=%%GROUP%%}
36	: ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"}	36	: ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"}
37	: ${openbao_limits_mlock:="1024M"}	37	: ${openbao_limits_mlock:="1024M"}
38	: ${openbao_limits:="-l ${openbao_limits_mlock}"}	38	: ${openbao_limits:="-l ${openbao_limits_mlock}"}

Lines 1-12 Link Here

(-)b/security/openbao/files/pkg-message.in (-3 / +2 lines)
1	[	1	[
2	{ type: install	2	{ type: install
3	message: <<EOM	3	message: <<EOM
4	The bao user created by the bao package is now a member of the daemon	4	The %%USER%% user created by the openbao package is now a member of the daemon
5	class, which will allow it to use mlock() when started by the rc script. This	5	class, which will allow it to use mlock() when started by the rc script. This
6	will not be reflected in systems where the user already exists. Please add the	6	will not be reflected in systems where the user already exists. Please add the
7	bao user to the daemon class manually by running:	7	bao user to the daemon class manually by running:
8		8
9	pw usermod -L daemon -n openbao	9	pw usermod -L daemon -n %%USER%%
10		10
11	or delete the user and reinstall the package.	11	or delete the user and reinstall the package.
12		12
13	-