FreeBSD Bugzilla – Attachment 253196 Details for
Bug 280619
security/openbao: New port: open source, community-driven fork of Vault
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
OpenBao Patch
0001-added-security-openbao-as-UID-GID-482.patch (text/plain), 7.85 KB, created by
jake
on 2024-08-31 02:58:22 UTC
(
hide
)
Description:
OpenBao Patch
Filename:
MIME Type:
Creator:
jake
Created:
2024-08-31 02:58:22 UTC
Size:
7.85 KB
patch
obsolete
>From 0989edb30253aeeb2ab4a6fef548c33a1118dde4 Mon Sep 17 00:00:00 2001 >From: Charlie Root <jake@metalrip.com> >Date: Fri, 30 Aug 2024 22:55:05 -0400 >Subject: [PATCH] added security/openbao as UID/GID 482 > >--- > GIDs | 2 +- > UIDs | 2 +- > security/openbao/Makefile | 45 ++++++++++++++ > security/openbao/distinfo | 5 ++ > security/openbao/files/openbao.in | 88 +++++++++++++++++++++++++++ > security/openbao/files/pkg-message.in | 25 ++++++++ > security/openbao/pkg-descr | 4 ++ > 7 files changed, 169 insertions(+), 2 deletions(-) > create mode 100644 security/openbao/Makefile > create mode 100644 security/openbao/distinfo > create mode 100644 security/openbao/files/openbao.in > create mode 100644 security/openbao/files/pkg-message.in > create mode 100644 security/openbao/pkg-descr > >diff --git a/GIDs b/GIDs >index aa63249122f3..df132f6913a8 100644 >--- a/GIDs >+++ b/GIDs >@@ -422,7 +422,7 @@ prometheus:*:478: > alertmanager:*:479: > datadog:*:480: > promxy:*:481: >-# free: 482 >+openbao:*:482 > # free: 483 > # free: 484 > # free: 485 >diff --git a/UIDs b/UIDs >index ebc717fa6fdb..234a2f293d3d 100644 >--- a/UIDs >+++ b/UIDs >@@ -427,7 +427,7 @@ prometheus:*:478:478::0:0:Prometheus Daemon:/var/tmp/prometheus:/usr/sbin/nologi > alertmanager:*:479:479::0:0:Alertmanager Daemon:/var/tmp/alertmanager:/usr/sbin/nologin > datadog:*:480:480::0:0:DataDog Agent:/var/db/datadog:/usr/sbin/nologin > promxy:*:481:481::0:0:Promxy Daemon:/nonexistent:/usr/sbin/nologin >-# free: 482 >+openbao:*:482:482:daemon:0:0:OpenBao Daemon:/nonexistent:/usr/sbin/nologin > # free: 483 > # free: 484 > # free: 485 >diff --git a/security/openbao/Makefile b/security/openbao/Makefile >new file mode 100644 >index 000000000000..250b32a48929 >--- /dev/null >+++ b/security/openbao/Makefile >@@ -0,0 +1,45 @@ >+PORTNAME= openbao >+PORTVERSION= 2.0.0 >+DISTVERSIONPREFIX= v >+CATEGORIES= security >+ >+MAINTAINER= jake@metalrip.com >+COMMENT= Tool for securely accessing secrets >+WWW= https://openbao.org/ >+ >+LICENSE= MPL20 >+LICENSE_FILE= ${WRKSRC}/LICENSE >+ >+GO= go >+BIN_NAME= bao >+ >+# USES= go:modules >+USE_GITHUB= yes >+ >+GITID= 700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3 >+# GO_MODULE= github.com/openbao/openbao >+GO_BUILDFLAGS= -ldflags="\ >+ -s \ >+ -X github.com/openbao/openbao/version.GitCommit=${GITID} \ >+ -X github.com/openbao/openbao/version.BuildDate=${SOURCE_DATE_EPOCH} \ >+ -X github.com/openbao/openbao/version.fullVersion=${PORTVERSION}" >+ >+USE_RC_SUBR= openbao >+SUB_FILES= pkg-message >+SUB_LIST= GROUP=${GROUPS} USER=${USERS} >+USERS= ${PORTNAME} >+GROUPS= ${PORTNAME} >+ >+PLIST_FILES= bin/${BIN_NAME} >+GO_TARGET= :${BIN_NAME} >+ >+do-build: >+ @cd ${WRKSRC} && ${GO} mod tidy && ${GO} mod vendor >+ @cd ${WRKSRC} && ${GO} build ${GO_BUILDFLAGS} -o bin/${BIN_NAME} >+ >+do-install: >+ @echo "Installing ${PORTNAME} as ${BIN_NAME}" >+ ${MKDIR} ${STAGEDIR}${PREFIX}/bin >+ ${INSTALL_PROGRAM} ${WRKSRC}/bin/${BIN_NAME} ${STAGEDIR}${PREFIX}/bin/${BIN_NAME} >+ >+.include <bsd.port.mk> >diff --git a/security/openbao/distinfo b/security/openbao/distinfo >new file mode 100644 >index 000000000000..1baafac3bc66 >--- /dev/null >+++ b/security/openbao/distinfo >@@ -0,0 +1,5 @@ >+TIMESTAMP = 1725068853 >+SHA256 (v2.0.0.zip) = aeb3cc3f74f8e09fd6b1ba920d62c5624a40b5926c947b2b2b495fe03b144064 >+SIZE (v2.0.0.zip) = 18291759 >+SHA256 (openbao-openbao-v2.0.0_GH0.tar.gz) = 0dcb7e7218890fdccd3b10205b93b96a186c4c3bc34b1fb328604d7ed6621ac4 >+SIZE (openbao-openbao-v2.0.0_GH0.tar.gz) = 15757091 >diff --git a/security/openbao/files/openbao.in b/security/openbao/files/openbao.in >new file mode 100644 >index 000000000000..8c8572309539 >--- /dev/null >+++ b/security/openbao/files/openbao.in >@@ -0,0 +1,88 @@ >+#!/bin/sh >+ >+# PROVIDE: openbao >+# REQUIRE: DAEMON >+# KEYWORD: shutdown >+# >+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf >+# to enable this service: >+# >+# openbao_enable (bool): Set it to YES to enable openbao. >+# Default is "NO". >+# openbao_user (user): Set user to run openbao. >+# Default is "openbao". >+# openbao_group (group): Set group to run openbao. >+# Default is "openbao". >+# openbao_config (file): Set openbao config file. >+# Default is "%%PREFIX%%/etc/openbao.hcl". >+# openbao_syslog_output_enable (bool): Set to enable syslog output. >+# Default is "NO". See daemon(8). >+# openbao_syslog_output_priority (str): Set syslog priority if syslog enabled. >+# Default is "info". See daemon(8). >+# openbao_syslog_output_facility (str): Set syslog facility if syslog enabled. >+# Default is "daemon". See daemon(8). >+# openbao_limits_mlock (size): allowd memorylocked value in size. Default is 1024M >+ >+. /etc/rc.subr >+ >+name=openbao >+rcvar=openbao_enable >+ >+load_rc_config $name >+ >+: ${openbao_enable:="NO"} >+: ${openbao_user:="openbao"} >+: ${openbao_group:="openbao"} >+: ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"} >+: ${openbao_limits_mlock:="1024M"} >+: ${openbao_limits:="-l ${openbao_limits_mlock}"} >+ >+DAEMON=$(/usr/sbin/daemon 2>&1 | grep -q syslog ; echo $?) >+if [ ${DAEMON} -eq 0 ]; then >+ : ${openbao_syslog_output_enable:="NO"} >+ : ${openbao_syslog_output_priority:="info"} >+ : ${openbao_syslog_output_facility:="daemon"} >+ if checkyesno openbao_syslog_output_enable; then >+ openbao_syslog_output_flags="-T ${name}" >+ >+ if [ -n "${openbao_syslog_output_priority}" ]; then >+ openbao_syslog_output_flags="${openbao_syslog_output_flags} -s ${openbao_syslog_output_priority}" >+ fi >+ >+ if [ -n "${openbao_syslog_output_facility}" ]; then >+ openbao_syslog_output_flags="${openbao_syslog_output_flags} -l ${openbao_syslog_output_facility}" >+ fi >+ fi >+else >+ openbao_syslog_output_enable="NO" >+ openbao_syslog_output_flags="" >+fi >+ >+pidfile=/var/run/openbao.pid >+procname="%%PREFIX%%/bin/bao" >+command="/usr/sbin/daemon" >+command_args="-f -t ${name} ${openbao_syslog_output_flags} -p ${pidfile} /usr/bin/env ${openbao_env} ${procname} server -config=${openbao_config}" >+ >+extra_commands="reload monitor" >+monitor_cmd=openbao_monitor >+start_precmd=openbao_startprecmd >+required_files="$openbao_config" >+ >+openbao_monitor() >+{ >+ sig_reload=USR1 >+ run_rc_command "reload" >+} >+ >+openbao_startprecmd() >+{ >+ if [ ! -e ${pidfile} ]; then >+ install -o ${openbao_user} -g ${openbao_group} /dev/null ${pidfile}; >+ fi >+ >+ if [ ! -d ${openbao_dir} ]; then >+ install -d -o ${openbao_user} -g ${openbao_group} ${openbao_dir} >+ fi >+} >+ >+run_rc_command "$1" >diff --git a/security/openbao/files/pkg-message.in b/security/openbao/files/pkg-message.in >new file mode 100644 >index 000000000000..8501ff3d4544 >--- /dev/null >+++ b/security/openbao/files/pkg-message.in >@@ -0,0 +1,25 @@ >+[ >+{ type: install >+ message: <<EOM >+The bao user created by the bao package is now a member of the daemon >+class, which will allow it to use mlock() when started by the rc script. This >+will not be reflected in systems where the user already exists. Please add the >+bao user to the daemon class manually by running: >+ >+pw usermod -L daemon -n openbao >+ >+or delete the user and reinstall the package. >+ >+You may also need to increase memorylocked for the daemon class in >+/etc/rc.conf to more than 1024M (the default) or more: >+ >+openbao_limits_mlock="2048M" >+ >+Or to disable mlock, add: >+ >+disable_mlock = 1 >+ >+to %%PREFIX%%/etc/openbao.hcl >+EOM >+} >+] >diff --git a/security/openbao/pkg-descr b/security/openbao/pkg-descr >new file mode 100644 >index 000000000000..4645826c021f >--- /dev/null >+++ b/security/openbao/pkg-descr >@@ -0,0 +1,4 @@ >+OpenBao is a tool for securely accessing secrets. A secret is anything that you >+want to tightly control access to, such as API keys, passwords, certificates, >+and more. OpenBao provides a unified interface to any secret, while providing >+tight access control and recording a detailed audit log. >-- >2.45.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=253196">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 280619
:
252503
|
253196
|
253246
|
253252
|
253261
|
253262
|
253267
Working