FreeBSD Bugzilla – Attachment 253246 Details for
Bug 280619
security/openbao: New port: open source, community-driven fork of Vault
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
0002-added-SOURCEDATE-use-variables-for-user-groups.patch
0002-added-SOURCEDATE-use-variables-for-user-groups.patch (text/plain), 11.77 KB, created by
jake
on 2024-09-01 16:42:45 UTC
(
hide
)
Description:
0002-added-SOURCEDATE-use-variables-for-user-groups.patch
Filename:
MIME Type:
Creator:
jake
Created:
2024-09-01 16:42:45 UTC
Size:
11.77 KB
patch
obsolete
>From fe35a731df6edccafdcc8b164d1e6822069ffc3b Mon Sep 17 00:00:00 2001 >From: Charlie Root <jake@metalrip.com> >Date: Sun, 1 Sep 2024 12:37:23 -0400 >Subject: [PATCH 2/2] added SOURCEDATE; use variables for user/groups > >--- > ...dded-security-openbao-as-UID-GID-482.patch | 246 ++++++++++++++++++ > security/openbao/Makefile | 7 +- > security/openbao/distinfo | 4 +- > security/openbao/files/openbao.in | 8 +- > security/openbao/files/pkg-message.in | 4 +- > 5 files changed, 257 insertions(+), 12 deletions(-) > create mode 100644 0001-added-security-openbao-as-UID-GID-482.patch > >diff --git a/0001-added-security-openbao-as-UID-GID-482.patch b/0001-added-security-openbao-as-UID-GID-482.patch >new file mode 100644 >index 000000000000..bb1cea9c02c2 >--- /dev/null >+++ b/0001-added-security-openbao-as-UID-GID-482.patch >@@ -0,0 +1,246 @@ >+From 0989edb30253aeeb2ab4a6fef548c33a1118dde4 Mon Sep 17 00:00:00 2001 >+From: Charlie Root <jake@metalrip.com> >+Date: Fri, 30 Aug 2024 22:55:05 -0400 >+Subject: [PATCH] added security/openbao as UID/GID 482 >+ >+--- >+ GIDs | 2 +- >+ UIDs | 2 +- >+ security/openbao/Makefile | 45 ++++++++++++++ >+ security/openbao/distinfo | 5 ++ >+ security/openbao/files/openbao.in | 88 +++++++++++++++++++++++++++ >+ security/openbao/files/pkg-message.in | 25 ++++++++ >+ security/openbao/pkg-descr | 4 ++ >+ 7 files changed, 169 insertions(+), 2 deletions(-) >+ create mode 100644 security/openbao/Makefile >+ create mode 100644 security/openbao/distinfo >+ create mode 100644 security/openbao/files/openbao.in >+ create mode 100644 security/openbao/files/pkg-message.in >+ create mode 100644 security/openbao/pkg-descr >+ >+diff --git a/GIDs b/GIDs >+index aa63249122f3..df132f6913a8 100644 >+--- a/GIDs >++++ b/GIDs >+@@ -422,7 +422,7 @@ prometheus:*:478: >+ alertmanager:*:479: >+ datadog:*:480: >+ promxy:*:481: >+-# free: 482 >++openbao:*:482 >+ # free: 483 >+ # free: 484 >+ # free: 485 >+diff --git a/UIDs b/UIDs >+index ebc717fa6fdb..234a2f293d3d 100644 >+--- a/UIDs >++++ b/UIDs >+@@ -427,7 +427,7 @@ prometheus:*:478:478::0:0:Prometheus Daemon:/var/tmp/prometheus:/usr/sbin/nologi >+ alertmanager:*:479:479::0:0:Alertmanager Daemon:/var/tmp/alertmanager:/usr/sbin/nologin >+ datadog:*:480:480::0:0:DataDog Agent:/var/db/datadog:/usr/sbin/nologin >+ promxy:*:481:481::0:0:Promxy Daemon:/nonexistent:/usr/sbin/nologin >+-# free: 482 >++openbao:*:482:482:daemon:0:0:OpenBao Daemon:/nonexistent:/usr/sbin/nologin >+ # free: 483 >+ # free: 484 >+ # free: 485 >+diff --git a/security/openbao/Makefile b/security/openbao/Makefile >+new file mode 100644 >+index 000000000000..250b32a48929 >+--- /dev/null >++++ b/security/openbao/Makefile >+@@ -0,0 +1,45 @@ >++PORTNAME= openbao >++PORTVERSION= 2.0.0 >++DISTVERSIONPREFIX= v >++CATEGORIES= security >++ >++MAINTAINER= jake@metalrip.com >++COMMENT= Tool for securely accessing secrets >++WWW= https://openbao.org/ >++ >++LICENSE= MPL20 >++LICENSE_FILE= ${WRKSRC}/LICENSE >++ >++GO= go >++BIN_NAME= bao >++ >++# USES= go:modules >++USE_GITHUB= yes >++ >++GITID= 700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3 >++# GO_MODULE= github.com/openbao/openbao >++GO_BUILDFLAGS= -ldflags="\ >++ -s \ >++ -X github.com/openbao/openbao/version.GitCommit=${GITID} \ >++ -X github.com/openbao/openbao/version.BuildDate=${SOURCE_DATE_EPOCH} \ >++ -X github.com/openbao/openbao/version.fullVersion=${PORTVERSION}" >++ >++USE_RC_SUBR= openbao >++SUB_FILES= pkg-message >++SUB_LIST= GROUP=${GROUPS} USER=${USERS} >++USERS= ${PORTNAME} >++GROUPS= ${PORTNAME} >++ >++PLIST_FILES= bin/${BIN_NAME} >++GO_TARGET= :${BIN_NAME} >++ >++do-build: >++ @cd ${WRKSRC} && ${GO} mod tidy && ${GO} mod vendor >++ @cd ${WRKSRC} && ${GO} build ${GO_BUILDFLAGS} -o bin/${BIN_NAME} >++ >++do-install: >++ @echo "Installing ${PORTNAME} as ${BIN_NAME}" >++ ${MKDIR} ${STAGEDIR}${PREFIX}/bin >++ ${INSTALL_PROGRAM} ${WRKSRC}/bin/${BIN_NAME} ${STAGEDIR}${PREFIX}/bin/${BIN_NAME} >++ >++.include <bsd.port.mk> >+diff --git a/security/openbao/distinfo b/security/openbao/distinfo >+new file mode 100644 >+index 000000000000..1baafac3bc66 >+--- /dev/null >++++ b/security/openbao/distinfo >+@@ -0,0 +1,5 @@ >++TIMESTAMP = 1725068853 >++SHA256 (v2.0.0.zip) = aeb3cc3f74f8e09fd6b1ba920d62c5624a40b5926c947b2b2b495fe03b144064 >++SIZE (v2.0.0.zip) = 18291759 >++SHA256 (openbao-openbao-v2.0.0_GH0.tar.gz) = 0dcb7e7218890fdccd3b10205b93b96a186c4c3bc34b1fb328604d7ed6621ac4 >++SIZE (openbao-openbao-v2.0.0_GH0.tar.gz) = 15757091 >+diff --git a/security/openbao/files/openbao.in b/security/openbao/files/openbao.in >+new file mode 100644 >+index 000000000000..8c8572309539 >+--- /dev/null >++++ b/security/openbao/files/openbao.in >+@@ -0,0 +1,88 @@ >++#!/bin/sh >++ >++# PROVIDE: openbao >++# REQUIRE: DAEMON >++# KEYWORD: shutdown >++# >++# Add the following lines to /etc/rc.conf.local or /etc/rc.conf >++# to enable this service: >++# >++# openbao_enable (bool): Set it to YES to enable openbao. >++# Default is "NO". >++# openbao_user (user): Set user to run openbao. >++# Default is "openbao". >++# openbao_group (group): Set group to run openbao. >++# Default is "openbao". >++# openbao_config (file): Set openbao config file. >++# Default is "%%PREFIX%%/etc/openbao.hcl". >++# openbao_syslog_output_enable (bool): Set to enable syslog output. >++# Default is "NO". See daemon(8). >++# openbao_syslog_output_priority (str): Set syslog priority if syslog enabled. >++# Default is "info". See daemon(8). >++# openbao_syslog_output_facility (str): Set syslog facility if syslog enabled. >++# Default is "daemon". See daemon(8). >++# openbao_limits_mlock (size): allowd memorylocked value in size. Default is 1024M >++ >++. /etc/rc.subr >++ >++name=openbao >++rcvar=openbao_enable >++ >++load_rc_config $name >++ >++: ${openbao_enable:="NO"} >++: ${openbao_user:="openbao"} >++: ${openbao_group:="openbao"} >++: ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"} >++: ${openbao_limits_mlock:="1024M"} >++: ${openbao_limits:="-l ${openbao_limits_mlock}"} >++ >++DAEMON=$(/usr/sbin/daemon 2>&1 | grep -q syslog ; echo $?) >++if [ ${DAEMON} -eq 0 ]; then >++ : ${openbao_syslog_output_enable:="NO"} >++ : ${openbao_syslog_output_priority:="info"} >++ : ${openbao_syslog_output_facility:="daemon"} >++ if checkyesno openbao_syslog_output_enable; then >++ openbao_syslog_output_flags="-T ${name}" >++ >++ if [ -n "${openbao_syslog_output_priority}" ]; then >++ openbao_syslog_output_flags="${openbao_syslog_output_flags} -s ${openbao_syslog_output_priority}" >++ fi >++ >++ if [ -n "${openbao_syslog_output_facility}" ]; then >++ openbao_syslog_output_flags="${openbao_syslog_output_flags} -l ${openbao_syslog_output_facility}" >++ fi >++ fi >++else >++ openbao_syslog_output_enable="NO" >++ openbao_syslog_output_flags="" >++fi >++ >++pidfile=/var/run/openbao.pid >++procname="%%PREFIX%%/bin/bao" >++command="/usr/sbin/daemon" >++command_args="-f -t ${name} ${openbao_syslog_output_flags} -p ${pidfile} /usr/bin/env ${openbao_env} ${procname} server -config=${openbao_config}" >++ >++extra_commands="reload monitor" >++monitor_cmd=openbao_monitor >++start_precmd=openbao_startprecmd >++required_files="$openbao_config" >++ >++openbao_monitor() >++{ >++ sig_reload=USR1 >++ run_rc_command "reload" >++} >++ >++openbao_startprecmd() >++{ >++ if [ ! -e ${pidfile} ]; then >++ install -o ${openbao_user} -g ${openbao_group} /dev/null ${pidfile}; >++ fi >++ >++ if [ ! -d ${openbao_dir} ]; then >++ install -d -o ${openbao_user} -g ${openbao_group} ${openbao_dir} >++ fi >++} >++ >++run_rc_command "$1" >+diff --git a/security/openbao/files/pkg-message.in b/security/openbao/files/pkg-message.in >+new file mode 100644 >+index 000000000000..8501ff3d4544 >+--- /dev/null >++++ b/security/openbao/files/pkg-message.in >+@@ -0,0 +1,25 @@ >++[ >++{ type: install >++ message: <<EOM >++The bao user created by the bao package is now a member of the daemon >++class, which will allow it to use mlock() when started by the rc script. This >++will not be reflected in systems where the user already exists. Please add the >++bao user to the daemon class manually by running: >++ >++pw usermod -L daemon -n openbao >++ >++or delete the user and reinstall the package. >++ >++You may also need to increase memorylocked for the daemon class in >++/etc/rc.conf to more than 1024M (the default) or more: >++ >++openbao_limits_mlock="2048M" >++ >++Or to disable mlock, add: >++ >++disable_mlock = 1 >++ >++to %%PREFIX%%/etc/openbao.hcl >++EOM >++} >++] >+diff --git a/security/openbao/pkg-descr b/security/openbao/pkg-descr >+new file mode 100644 >+index 000000000000..4645826c021f >+--- /dev/null >++++ b/security/openbao/pkg-descr >+@@ -0,0 +1,4 @@ >++OpenBao is a tool for securely accessing secrets. A secret is anything that you >++want to tightly control access to, such as API keys, passwords, certificates, >++and more. OpenBao provides a unified interface to any secret, while providing >++tight access control and recording a detailed audit log. >+-- >+2.45.2 >+ >diff --git a/security/openbao/Makefile b/security/openbao/Makefile >index 250b32a48929..f31d2a30ce66 100644 >--- a/security/openbao/Makefile >+++ b/security/openbao/Makefile >@@ -13,11 +13,12 @@ LICENSE_FILE= ${WRKSRC}/LICENSE > GO= go > BIN_NAME= bao > >-# USES= go:modules > USE_GITHUB= yes >- > GITID= 700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3 >-# GO_MODULE= github.com/openbao/openbao >+ >+TIMEEPOCHNOW= %Y-%m-%dT%H:%M:%SZ >+SOURCE_DATE_EPOCH= ${TIMEEPOCHNOW:gmtime} >+ > GO_BUILDFLAGS= -ldflags="\ > -s \ > -X github.com/openbao/openbao/version.GitCommit=${GITID} \ >diff --git a/security/openbao/distinfo b/security/openbao/distinfo >index 1baafac3bc66..b76fc8203996 100644 >--- a/security/openbao/distinfo >+++ b/security/openbao/distinfo >@@ -1,5 +1,3 @@ >-TIMESTAMP = 1725068853 >-SHA256 (v2.0.0.zip) = aeb3cc3f74f8e09fd6b1ba920d62c5624a40b5926c947b2b2b495fe03b144064 >-SIZE (v2.0.0.zip) = 18291759 >+TIMESTAMP = 1725208548 > SHA256 (openbao-openbao-v2.0.0_GH0.tar.gz) = 0dcb7e7218890fdccd3b10205b93b96a186c4c3bc34b1fb328604d7ed6621ac4 > SIZE (openbao-openbao-v2.0.0_GH0.tar.gz) = 15757091 >diff --git a/security/openbao/files/openbao.in b/security/openbao/files/openbao.in >index 8c8572309539..3eca9aa23228 100644 >--- a/security/openbao/files/openbao.in >+++ b/security/openbao/files/openbao.in >@@ -10,9 +10,9 @@ > # openbao_enable (bool): Set it to YES to enable openbao. > # Default is "NO". > # openbao_user (user): Set user to run openbao. >-# Default is "openbao". >+# Default is "%%USER%%". > # openbao_group (group): Set group to run openbao. >-# Default is "openbao". >+# Default is "%%GROUP%%". > # openbao_config (file): Set openbao config file. > # Default is "%%PREFIX%%/etc/openbao.hcl". > # openbao_syslog_output_enable (bool): Set to enable syslog output. >@@ -31,8 +31,8 @@ rcvar=openbao_enable > load_rc_config $name > > : ${openbao_enable:="NO"} >-: ${openbao_user:="openbao"} >-: ${openbao_group:="openbao"} >+: ${openbao_user:=%%USER%%} >+: ${openbao_group:=%%GROUP%%} > : ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"} > : ${openbao_limits_mlock:="1024M"} > : ${openbao_limits:="-l ${openbao_limits_mlock}"} >diff --git a/security/openbao/files/pkg-message.in b/security/openbao/files/pkg-message.in >index 8501ff3d4544..996b48f9d4de 100644 >--- a/security/openbao/files/pkg-message.in >+++ b/security/openbao/files/pkg-message.in >@@ -1,12 +1,12 @@ > [ > { type: install > message: <<EOM >-The bao user created by the bao package is now a member of the daemon >+The %%USER%% user created by the openbao package is now a member of the daemon > class, which will allow it to use mlock() when started by the rc script. This > will not be reflected in systems where the user already exists. Please add the > bao user to the daemon class manually by running: > >-pw usermod -L daemon -n openbao >+pw usermod -L daemon -n %%USER%% > > or delete the user and reinstall the package. > >-- >2.45.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=253246">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 280619
:
252503
|
253196
|
253246
|
253252
|
253261
|
253262
|
253267