testing/vault: move to community

6 files changed, 128 insertions, 0 deletions

diff --git a/community/vault/APKBUILD b/community/vault/APKBUILD
new file mode 100644
index 0000000000..1932931a49
--- /dev/null
+++ b/community/vault/APKBUILD
@@ -0,0 +1,73 @@
+# Contributor: Christian Kampka <christian@kampka.net>
+# Maintainer: Gennady Feldman <gena01@gmail.com>
+pkgname=vault
+pkgver=1.1.0
+pkgrel=0
+pkgdesc="Vault is a tool for securely accessing secrets"
+url="https://www.vaultproject.io/"
+arch="all !s390x"
+license="MPL-2.0"
+makedepends="libcap bash make go python2 yarn npm go-bindata-assetfs"
+install="$pkgname.pre-install"
+pkgusers="vault"
+pkggroups="vault"
+subpackages="$pkgname-openrc"
+source="$pkgname-$pkgver.tar.gz::https://github.com/hashicorp/$pkgname/archive/v$pkgver.tar.gz
+	bindata-filename.patch
+	vault.confd
+	vault.hcl
+	vault.initd"
+builddir="$srcdir/src/github.com/hashicorp/$pkgname"
+
+prepare() {
+	mkdir -p "$srcdir/src/github.com/hashicorp"
+	mv "$srcdir"/$pkgname-$pkgver "$builddir"/
+	default_prepare
+}
+
+build() {
+	cd "$builddir"
+
+	GOPATH="$srcdir" CGO_ENABLED=0 make static-dist prep
+	GOPATH="$srcdir" CGO_ENABLED=0 go build -v -o bin/$pkgname \
+		-ldflags "-X github.com/hashicorp/vault/version.GitDescribe='$pkgver'" \
+		--tags ui
+}
+
+check() {
+	# Manually specify tests because full test suite runs all kinds of
+	# integration tests with other systems and fail.
+	for module in api audit command http logical shamir vault
+	do
+		GOPATH=$HOME/aports/community/vault/src CGO_ENABLED=0 make \
+			test TEST=./$module
+	done
+}
+
+package() {
+	cd "$builddir"
+
+	install -m755 -D "$srcdir/$pkgname.initd" \
+		"$pkgdir/etc/init.d/$pkgname"
+
+	install -m644 -D "$srcdir/$pkgname.confd" \
+		"$pkgdir/etc/conf.d/$pkgname"
+
+	install -m750 -o root -g vault -D bin/$pkgname \
+		"$pkgdir/usr/sbin/$pkgname"
+
+	# Allow vault to use mlock as "vault" user.
+	setcap cap_ipc_lock=+ep \
+		"$pkgdir/usr/sbin/$pkgname"
+
+	install -m750 -o root -g vault -D "$srcdir/$pkgname.hcl" \
+		"$pkgdir/etc/$pkgname.hcl"
+
+	install -m750 -o vault -g vault -d "$pkgdir/var/lib/$pkgname"
+}
+
+sha512sums="b0bc32f438e8432d849aa896f610c9532fa923384d40749efe49985d64a91f4768a3309af449efd8c8ab4604ecdb2474c39999bfe196f0f876894f788618ae61  vault-1.1.0.tar.gz
+0a2dc4d2deb42c77a225451a3c3cf68063435bc077495a6b207cfa2e2b446c9dba5ac726f9a7ec0be7f52e4519e7563c49561397750a069f5536fda66843ace4  bindata-filename.patch
+6f3f30e5c9d9dd5117f18fce0e669f0cd752a6be4910405d6b394f15273372731ee887a5ba4c700293e5b8bc2bf40fd69d4337156f77b03549d2dc2c0a666bec  vault.confd
+8c064aa5dcca84822c1fa85e9d0ff520df46f794b2e9c689a9b4f81f74279387b3aebc08b3ca26cf786c2fcf1a330e765bf5a511074c24f87e5346672346ba1c  vault.hcl
+1e436932647b191e691f5c60bec4ad926588cee5119c7cbe61345249a6768472387b6dd8b19b954c8ac80fb97f6e68f93749229b216300b0438dbeb0bdb57957  vault.initd"
diff --git a/community/vault/bindata-filename.patch b/community/vault/bindata-filename.patch
new file mode 100644
index 0000000000..f48f76860d
--- /dev/null
+++ b/community/vault/bindata-filename.patch
@@ -0,0 +1,14 @@
+This patch removes the custom output name option that is handled properly only
+in the master branch of go-bindata-assetfs (see https://github.com/elazarl/go-bindata-assetfs/pull/32)
+diff --git a/Makefile b/Makefile
+index 8a72e5f70..4055122f4 100644
+--- a/Makefile
++++ b/Makefile
+@@ -118,7 +118,7 @@ update-plugins:
+
+ static-assets:
+	@echo "--> Generating static assets"
+-	@go-bindata-assetfs -o bindata_assetfs.go -pkg http -prefix pkg -modtime 1480000000 -tags ui ./pkg/web_ui/...
++	@go-bindata-assetfs -pkg http -prefix pkg -modtime 1480000000 -tags ui ./pkg/web_ui/...
+	@mv bindata_assetfs.go http
+	@$(MAKE) -f $(THIS_FILE) fmt
diff --git a/community/vault/vault.confd b/community/vault/vault.confd
new file mode 100644
index 0000000000..79bf72f940
--- /dev/null
+++ b/community/vault/vault.confd
@@ -0,0 +1 @@
+vault_opts="server -config=/etc/vault.hcl"
diff --git a/community/vault/vault.hcl b/community/vault/vault.hcl
new file mode 100644
index 0000000000..b74da5ed80
--- /dev/null
+++ b/community/vault/vault.hcl
@@ -0,0 +1,15 @@
+/*
+ * Vault configuration. See: https://vaultproject.io/docs/config/
+ */
+
+backend "file" {
+	path = "/var/lib/vault"
+}
+
+listener "tcp" {
+	/*
+	 * By default Vault listens on localhost only.
+	 * Make sure to enable TLS support otherwise.
+	 */
+	tls_disable = 1
+}
diff --git a/community/vault/vault.initd b/community/vault/vault.initd
new file mode 100644
index 0000000000..2ed3152b34
--- /dev/null
+++ b/community/vault/vault.initd
@@ -0,0 +1,19 @@
+#!/sbin/openrc-run
+
+VAULT_LOG_FILE="/var/log/${SVCNAME}.log"
+
+description="Vault is a tool for securely accessing secrets"
+command=/usr/sbin/${SVCNAME}
+command_args="${vault_opts}"
+command_background="true"
+start_stop_daemon_args="-w 100 --user ${SVCNAME}:${SVCNAME}  --stdout $VAULT_LOG_FILE --stderr $VAULT_LOG_FILE"
+pidfile="/run/${SVCNAME}.pid"
+
+start_pre() {
+	checkpath -f -m 0644 -o ${SVCNAME}:${SVCNAME} "$VAULT_LOG_FILE"
+}
+
+depend() {
+        need net
+        after firewall
+}
diff --git a/community/vault/vault.pre-install b/community/vault/vault.pre-install
new file mode 100644
index 0000000000..20b3435488
--- /dev/null
+++ b/community/vault/vault.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S vault 2>/dev/null
+adduser -S -D -H -h /dev/null -s /sbin/nologin -G vault -g vault vault 2>/dev/null
+
+exit 0