FreeBSD Bugzilla – Attachment 253252 Details for
Bug 280619
security/openbao: New port: open source, community-driven fork of Vault
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
use GO_CMD var for build; fetch go as a dep properly with USES=
0003-fixed-go-command-using-GO_CMD.patch (text/plain), 14.25 KB, created by
jake
on 2024-09-01 17:32:43 UTC
(
hide
)
Description:
use GO_CMD var for build; fetch go as a dep properly with USES=
Filename:
MIME Type:
Creator:
jake
Created:
2024-09-01 17:32:43 UTC
Size:
14.25 KB
patch
obsolete
>From e082d6d0e393877d163bab1e4a4065c38f5c0dd5 Mon Sep 17 00:00:00 2001 >From: Charlie Root <jake@metalrip.com> >Date: Sun, 1 Sep 2024 13:29:41 -0400 >Subject: [PATCH 3/3] fixed go command using GO_CMD > >--- > ...dded-security-openbao-as-UID-GID-482.patch | 2 +- > ...CEDATE-use-variables-for-user-groups.patch | 346 ++++++++++++++++++ > security/openbao/Makefile | 6 +- > 3 files changed, 350 insertions(+), 4 deletions(-) > create mode 100644 0002-added-SOURCEDATE-use-variables-for-user-groups.patch > >diff --git a/0001-added-security-openbao-as-UID-GID-482.patch b/0001-added-security-openbao-as-UID-GID-482.patch >index bb1cea9c02c2..57c1b1d8090f 100644 >--- a/0001-added-security-openbao-as-UID-GID-482.patch >+++ b/0001-added-security-openbao-as-UID-GID-482.patch >@@ -1,7 +1,7 @@ > From 0989edb30253aeeb2ab4a6fef548c33a1118dde4 Mon Sep 17 00:00:00 2001 > From: Charlie Root <jake@metalrip.com> > Date: Fri, 30 Aug 2024 22:55:05 -0400 >-Subject: [PATCH] added security/openbao as UID/GID 482 >+Subject: [PATCH 1/2] added security/openbao as UID/GID 482 > > --- > GIDs | 2 +- >diff --git a/0002-added-SOURCEDATE-use-variables-for-user-groups.patch b/0002-added-SOURCEDATE-use-variables-for-user-groups.patch >new file mode 100644 >index 000000000000..ba1c7c34702c >--- /dev/null >+++ b/0002-added-SOURCEDATE-use-variables-for-user-groups.patch >@@ -0,0 +1,346 @@ >+From fe35a731df6edccafdcc8b164d1e6822069ffc3b Mon Sep 17 00:00:00 2001 >+From: Charlie Root <jake@metalrip.com> >+Date: Sun, 1 Sep 2024 12:37:23 -0400 >+Subject: [PATCH 2/2] added SOURCEDATE; use variables for user/groups >+ >+--- >+ ...dded-security-openbao-as-UID-GID-482.patch | 246 ++++++++++++++++++ >+ security/openbao/Makefile | 7 +- >+ security/openbao/distinfo | 4 +- >+ security/openbao/files/openbao.in | 8 +- >+ security/openbao/files/pkg-message.in | 4 +- >+ 5 files changed, 257 insertions(+), 12 deletions(-) >+ create mode 100644 0001-added-security-openbao-as-UID-GID-482.patch >+ >+diff --git a/0001-added-security-openbao-as-UID-GID-482.patch b/0001-added-security-openbao-as-UID-GID-482.patch >+new file mode 100644 >+index 000000000000..bb1cea9c02c2 >+--- /dev/null >++++ b/0001-added-security-openbao-as-UID-GID-482.patch >+@@ -0,0 +1,246 @@ >++From 0989edb30253aeeb2ab4a6fef548c33a1118dde4 Mon Sep 17 00:00:00 2001 >++From: Charlie Root <jake@metalrip.com> >++Date: Fri, 30 Aug 2024 22:55:05 -0400 >++Subject: [PATCH] added security/openbao as UID/GID 482 >++ >++--- >++ GIDs | 2 +- >++ UIDs | 2 +- >++ security/openbao/Makefile | 45 ++++++++++++++ >++ security/openbao/distinfo | 5 ++ >++ security/openbao/files/openbao.in | 88 +++++++++++++++++++++++++++ >++ security/openbao/files/pkg-message.in | 25 ++++++++ >++ security/openbao/pkg-descr | 4 ++ >++ 7 files changed, 169 insertions(+), 2 deletions(-) >++ create mode 100644 security/openbao/Makefile >++ create mode 100644 security/openbao/distinfo >++ create mode 100644 security/openbao/files/openbao.in >++ create mode 100644 security/openbao/files/pkg-message.in >++ create mode 100644 security/openbao/pkg-descr >++ >++diff --git a/GIDs b/GIDs >++index aa63249122f3..df132f6913a8 100644 >++--- a/GIDs >+++++ b/GIDs >++@@ -422,7 +422,7 @@ prometheus:*:478: >++ alertmanager:*:479: >++ datadog:*:480: >++ promxy:*:481: >++-# free: 482 >+++openbao:*:482 >++ # free: 483 >++ # free: 484 >++ # free: 485 >++diff --git a/UIDs b/UIDs >++index ebc717fa6fdb..234a2f293d3d 100644 >++--- a/UIDs >+++++ b/UIDs >++@@ -427,7 +427,7 @@ prometheus:*:478:478::0:0:Prometheus Daemon:/var/tmp/prometheus:/usr/sbin/nologi >++ alertmanager:*:479:479::0:0:Alertmanager Daemon:/var/tmp/alertmanager:/usr/sbin/nologin >++ datadog:*:480:480::0:0:DataDog Agent:/var/db/datadog:/usr/sbin/nologin >++ promxy:*:481:481::0:0:Promxy Daemon:/nonexistent:/usr/sbin/nologin >++-# free: 482 >+++openbao:*:482:482:daemon:0:0:OpenBao Daemon:/nonexistent:/usr/sbin/nologin >++ # free: 483 >++ # free: 484 >++ # free: 485 >++diff --git a/security/openbao/Makefile b/security/openbao/Makefile >++new file mode 100644 >++index 000000000000..250b32a48929 >++--- /dev/null >+++++ b/security/openbao/Makefile >++@@ -0,0 +1,45 @@ >+++PORTNAME= openbao >+++PORTVERSION= 2.0.0 >+++DISTVERSIONPREFIX= v >+++CATEGORIES= security >+++ >+++MAINTAINER= jake@metalrip.com >+++COMMENT= Tool for securely accessing secrets >+++WWW= https://openbao.org/ >+++ >+++LICENSE= MPL20 >+++LICENSE_FILE= ${WRKSRC}/LICENSE >+++ >+++GO= go >+++BIN_NAME= bao >+++ >+++# USES= go:modules >+++USE_GITHUB= yes >+++ >+++GITID= 700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3 >+++# GO_MODULE= github.com/openbao/openbao >+++GO_BUILDFLAGS= -ldflags="\ >+++ -s \ >+++ -X github.com/openbao/openbao/version.GitCommit=${GITID} \ >+++ -X github.com/openbao/openbao/version.BuildDate=${SOURCE_DATE_EPOCH} \ >+++ -X github.com/openbao/openbao/version.fullVersion=${PORTVERSION}" >+++ >+++USE_RC_SUBR= openbao >+++SUB_FILES= pkg-message >+++SUB_LIST= GROUP=${GROUPS} USER=${USERS} >+++USERS= ${PORTNAME} >+++GROUPS= ${PORTNAME} >+++ >+++PLIST_FILES= bin/${BIN_NAME} >+++GO_TARGET= :${BIN_NAME} >+++ >+++do-build: >+++ @cd ${WRKSRC} && ${GO} mod tidy && ${GO} mod vendor >+++ @cd ${WRKSRC} && ${GO} build ${GO_BUILDFLAGS} -o bin/${BIN_NAME} >+++ >+++do-install: >+++ @echo "Installing ${PORTNAME} as ${BIN_NAME}" >+++ ${MKDIR} ${STAGEDIR}${PREFIX}/bin >+++ ${INSTALL_PROGRAM} ${WRKSRC}/bin/${BIN_NAME} ${STAGEDIR}${PREFIX}/bin/${BIN_NAME} >+++ >+++.include <bsd.port.mk> >++diff --git a/security/openbao/distinfo b/security/openbao/distinfo >++new file mode 100644 >++index 000000000000..1baafac3bc66 >++--- /dev/null >+++++ b/security/openbao/distinfo >++@@ -0,0 +1,5 @@ >+++TIMESTAMP = 1725068853 >+++SHA256 (v2.0.0.zip) = aeb3cc3f74f8e09fd6b1ba920d62c5624a40b5926c947b2b2b495fe03b144064 >+++SIZE (v2.0.0.zip) = 18291759 >+++SHA256 (openbao-openbao-v2.0.0_GH0.tar.gz) = 0dcb7e7218890fdccd3b10205b93b96a186c4c3bc34b1fb328604d7ed6621ac4 >+++SIZE (openbao-openbao-v2.0.0_GH0.tar.gz) = 15757091 >++diff --git a/security/openbao/files/openbao.in b/security/openbao/files/openbao.in >++new file mode 100644 >++index 000000000000..8c8572309539 >++--- /dev/null >+++++ b/security/openbao/files/openbao.in >++@@ -0,0 +1,88 @@ >+++#!/bin/sh >+++ >+++# PROVIDE: openbao >+++# REQUIRE: DAEMON >+++# KEYWORD: shutdown >+++# >+++# Add the following lines to /etc/rc.conf.local or /etc/rc.conf >+++# to enable this service: >+++# >+++# openbao_enable (bool): Set it to YES to enable openbao. >+++# Default is "NO". >+++# openbao_user (user): Set user to run openbao. >+++# Default is "openbao". >+++# openbao_group (group): Set group to run openbao. >+++# Default is "openbao". >+++# openbao_config (file): Set openbao config file. >+++# Default is "%%PREFIX%%/etc/openbao.hcl". >+++# openbao_syslog_output_enable (bool): Set to enable syslog output. >+++# Default is "NO". See daemon(8). >+++# openbao_syslog_output_priority (str): Set syslog priority if syslog enabled. >+++# Default is "info". See daemon(8). >+++# openbao_syslog_output_facility (str): Set syslog facility if syslog enabled. >+++# Default is "daemon". See daemon(8). >+++# openbao_limits_mlock (size): allowd memorylocked value in size. Default is 1024M >+++ >+++. /etc/rc.subr >+++ >+++name=openbao >+++rcvar=openbao_enable >+++ >+++load_rc_config $name >+++ >+++: ${openbao_enable:="NO"} >+++: ${openbao_user:="openbao"} >+++: ${openbao_group:="openbao"} >+++: ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"} >+++: ${openbao_limits_mlock:="1024M"} >+++: ${openbao_limits:="-l ${openbao_limits_mlock}"} >+++ >+++DAEMON=$(/usr/sbin/daemon 2>&1 | grep -q syslog ; echo $?) >+++if [ ${DAEMON} -eq 0 ]; then >+++ : ${openbao_syslog_output_enable:="NO"} >+++ : ${openbao_syslog_output_priority:="info"} >+++ : ${openbao_syslog_output_facility:="daemon"} >+++ if checkyesno openbao_syslog_output_enable; then >+++ openbao_syslog_output_flags="-T ${name}" >+++ >+++ if [ -n "${openbao_syslog_output_priority}" ]; then >+++ openbao_syslog_output_flags="${openbao_syslog_output_flags} -s ${openbao_syslog_output_priority}" >+++ fi >+++ >+++ if [ -n "${openbao_syslog_output_facility}" ]; then >+++ openbao_syslog_output_flags="${openbao_syslog_output_flags} -l ${openbao_syslog_output_facility}" >+++ fi >+++ fi >+++else >+++ openbao_syslog_output_enable="NO" >+++ openbao_syslog_output_flags="" >+++fi >+++ >+++pidfile=/var/run/openbao.pid >+++procname="%%PREFIX%%/bin/bao" >+++command="/usr/sbin/daemon" >+++command_args="-f -t ${name} ${openbao_syslog_output_flags} -p ${pidfile} /usr/bin/env ${openbao_env} ${procname} server -config=${openbao_config}" >+++ >+++extra_commands="reload monitor" >+++monitor_cmd=openbao_monitor >+++start_precmd=openbao_startprecmd >+++required_files="$openbao_config" >+++ >+++openbao_monitor() >+++{ >+++ sig_reload=USR1 >+++ run_rc_command "reload" >+++} >+++ >+++openbao_startprecmd() >+++{ >+++ if [ ! -e ${pidfile} ]; then >+++ install -o ${openbao_user} -g ${openbao_group} /dev/null ${pidfile}; >+++ fi >+++ >+++ if [ ! -d ${openbao_dir} ]; then >+++ install -d -o ${openbao_user} -g ${openbao_group} ${openbao_dir} >+++ fi >+++} >+++ >+++run_rc_command "$1" >++diff --git a/security/openbao/files/pkg-message.in b/security/openbao/files/pkg-message.in >++new file mode 100644 >++index 000000000000..8501ff3d4544 >++--- /dev/null >+++++ b/security/openbao/files/pkg-message.in >++@@ -0,0 +1,25 @@ >+++[ >+++{ type: install >+++ message: <<EOM >+++The bao user created by the bao package is now a member of the daemon >+++class, which will allow it to use mlock() when started by the rc script. This >+++will not be reflected in systems where the user already exists. Please add the >+++bao user to the daemon class manually by running: >+++ >+++pw usermod -L daemon -n openbao >+++ >+++or delete the user and reinstall the package. >+++ >+++You may also need to increase memorylocked for the daemon class in >+++/etc/rc.conf to more than 1024M (the default) or more: >+++ >+++openbao_limits_mlock="2048M" >+++ >+++Or to disable mlock, add: >+++ >+++disable_mlock = 1 >+++ >+++to %%PREFIX%%/etc/openbao.hcl >+++EOM >+++} >+++] >++diff --git a/security/openbao/pkg-descr b/security/openbao/pkg-descr >++new file mode 100644 >++index 000000000000..4645826c021f >++--- /dev/null >+++++ b/security/openbao/pkg-descr >++@@ -0,0 +1,4 @@ >+++OpenBao is a tool for securely accessing secrets. A secret is anything that you >+++want to tightly control access to, such as API keys, passwords, certificates, >+++and more. OpenBao provides a unified interface to any secret, while providing >+++tight access control and recording a detailed audit log. >++-- >++2.45.2 >++ >+diff --git a/security/openbao/Makefile b/security/openbao/Makefile >+index 250b32a48929..f31d2a30ce66 100644 >+--- a/security/openbao/Makefile >++++ b/security/openbao/Makefile >+@@ -13,11 +13,12 @@ LICENSE_FILE= ${WRKSRC}/LICENSE >+ GO= go >+ BIN_NAME= bao >+ >+-# USES= go:modules >+ USE_GITHUB= yes >+- >+ GITID= 700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3 >+-# GO_MODULE= github.com/openbao/openbao >++ >++TIMEEPOCHNOW= %Y-%m-%dT%H:%M:%SZ >++SOURCE_DATE_EPOCH= ${TIMEEPOCHNOW:gmtime} >++ >+ GO_BUILDFLAGS= -ldflags="\ >+ -s \ >+ -X github.com/openbao/openbao/version.GitCommit=${GITID} \ >+diff --git a/security/openbao/distinfo b/security/openbao/distinfo >+index 1baafac3bc66..b76fc8203996 100644 >+--- a/security/openbao/distinfo >++++ b/security/openbao/distinfo >+@@ -1,5 +1,3 @@ >+-TIMESTAMP = 1725068853 >+-SHA256 (v2.0.0.zip) = aeb3cc3f74f8e09fd6b1ba920d62c5624a40b5926c947b2b2b495fe03b144064 >+-SIZE (v2.0.0.zip) = 18291759 >++TIMESTAMP = 1725208548 >+ SHA256 (openbao-openbao-v2.0.0_GH0.tar.gz) = 0dcb7e7218890fdccd3b10205b93b96a186c4c3bc34b1fb328604d7ed6621ac4 >+ SIZE (openbao-openbao-v2.0.0_GH0.tar.gz) = 15757091 >+diff --git a/security/openbao/files/openbao.in b/security/openbao/files/openbao.in >+index 8c8572309539..3eca9aa23228 100644 >+--- a/security/openbao/files/openbao.in >++++ b/security/openbao/files/openbao.in >+@@ -10,9 +10,9 @@ >+ # openbao_enable (bool): Set it to YES to enable openbao. >+ # Default is "NO". >+ # openbao_user (user): Set user to run openbao. >+-# Default is "openbao". >++# Default is "%%USER%%". >+ # openbao_group (group): Set group to run openbao. >+-# Default is "openbao". >++# Default is "%%GROUP%%". >+ # openbao_config (file): Set openbao config file. >+ # Default is "%%PREFIX%%/etc/openbao.hcl". >+ # openbao_syslog_output_enable (bool): Set to enable syslog output. >+@@ -31,8 +31,8 @@ rcvar=openbao_enable >+ load_rc_config $name >+ >+ : ${openbao_enable:="NO"} >+-: ${openbao_user:="openbao"} >+-: ${openbao_group:="openbao"} >++: ${openbao_user:=%%USER%%} >++: ${openbao_group:=%%GROUP%%} >+ : ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"} >+ : ${openbao_limits_mlock:="1024M"} >+ : ${openbao_limits:="-l ${openbao_limits_mlock}"} >+diff --git a/security/openbao/files/pkg-message.in b/security/openbao/files/pkg-message.in >+index 8501ff3d4544..996b48f9d4de 100644 >+--- a/security/openbao/files/pkg-message.in >++++ b/security/openbao/files/pkg-message.in >+@@ -1,12 +1,12 @@ >+ [ >+ { type: install >+ message: <<EOM >+-The bao user created by the bao package is now a member of the daemon >++The %%USER%% user created by the openbao package is now a member of the daemon >+ class, which will allow it to use mlock() when started by the rc script. This >+ will not be reflected in systems where the user already exists. Please add the >+ bao user to the daemon class manually by running: >+ >+-pw usermod -L daemon -n openbao >++pw usermod -L daemon -n %%USER%% >+ >+ or delete the user and reinstall the package. >+ >+-- >+2.45.2 >+ >diff --git a/security/openbao/Makefile b/security/openbao/Makefile >index f31d2a30ce66..9c6701d8fd78 100644 >--- a/security/openbao/Makefile >+++ b/security/openbao/Makefile >@@ -10,9 +10,9 @@ WWW= https://openbao.org/ > LICENSE= MPL20 > LICENSE_FILE= ${WRKSRC}/LICENSE > >-GO= go > BIN_NAME= bao > >+USES= go:modules > USE_GITHUB= yes > GITID= 700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3 > >@@ -35,8 +35,8 @@ PLIST_FILES= bin/${BIN_NAME} > GO_TARGET= :${BIN_NAME} > > do-build: >- @cd ${WRKSRC} && ${GO} mod tidy && ${GO} mod vendor >- @cd ${WRKSRC} && ${GO} build ${GO_BUILDFLAGS} -o bin/${BIN_NAME} >+ @cd ${WRKSRC} && ${GO_CMD} mod tidy && ${GO_CMD} mod vendor >+ @cd ${WRKSRC} && ${GO_CMD} build ${GO_BUILDFLAGS} -o bin/${BIN_NAME} > > do-install: > @echo "Installing ${PORTNAME} as ${BIN_NAME}" >-- >2.45.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=253252">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 280619
:
252503
|
253196
|
253246
|
253252
|
253261
|
253262
|
253267