From owner-svn-ports-all@freebsd.org Fri Jun 26 17:02:44 2015 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CD8E598DEAA; Fri, 26 Jun 2015 17:02:44 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BCBA215C1; Fri, 26 Jun 2015 17:02:44 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t5QH2iTa049016; Fri, 26 Jun 2015 17:02:44 GMT (envelope-from swills@FreeBSD.org) Received: (from swills@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t5QH2gnD049008; Fri, 26 Jun 2015 17:02:42 GMT (envelope-from swills@FreeBSD.org) Message-Id: <201506261702.t5QH2gnD049008@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: swills set sender to swills@FreeBSD.org using -f From: Steve Wills Date: Fri, 26 Jun 2015 17:02:42 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r390652 - in head: . security security/vault security/vault/files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2015 17:02:44 -0000 Author: swills Date: Fri Jun 26 17:02:42 2015 New Revision: 390652 URL: https://svnweb.freebsd.org/changeset/ports/390652 Log: security/vault: create port Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. WWW: https://vaultproject.io/ Added: head/security/vault/ head/security/vault/Makefile (contents, props changed) head/security/vault/distinfo (contents, props changed) head/security/vault/files/ head/security/vault/files/patch-src_github.com_hashicorp_vault_helper_password_password__unix.go (contents, props changed) head/security/vault/files/vault.in (contents, props changed) head/security/vault/pkg-descr (contents, props changed) Modified: head/GIDs head/UIDs head/security/Makefile Modified: head/GIDs ============================================================================== --- head/GIDs Fri Jun 26 16:54:41 2015 (r390651) +++ head/GIDs Fri Jun 26 17:02:42 2015 (r390652) @@ -181,6 +181,7 @@ netmon:*:467: slurm:*:468: consul:*:469: serf:*:470: +vault:*:470: _bbstored:*:505: radmind:*:506: skkserv:*:507: Modified: head/UIDs ============================================================================== --- head/UIDs Fri Jun 26 16:54:41 2015 (r390651) +++ head/UIDs Fri Jun 26 17:02:42 2015 (r390652) @@ -188,6 +188,7 @@ netmon:*:467:467::0:0:Network monitor ac slurm:*:468:468::0:0:SLURM Daemon:/home/slurm:/usr/sbin/nologin consul:*:469:469::0:0:Consul Daemon:/var/tmp/consul:/usr/sbin/nologin serf:*:470:470::0:0:Serf Daemon:/nonexistent:/usr/sbin/nologin +vault:*:471:471::0:0:Vault Daemon:/nonexistent:/usr/sbin/nologin _bbstored:*:505:505::0:0:Box Backup Store Daemon:/nonexistent:/usr/sbin/nologin radmind:*:506:506::0:0:radmind User:/var/radmind:/usr/sbin/nologin skkserv:*:507:507::0:0:skkserv User:/nonexistent:/usr/sbin/nologin Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Fri Jun 26 16:54:41 2015 (r390651) +++ head/security/Makefile Fri Jun 26 17:02:42 2015 (r390652) @@ -1048,6 +1048,7 @@ SUBDIR += unhide SUBDIR += unicornscan SUBDIR += unssh + SUBDIR += vault SUBDIR += vinetto SUBDIR += vlock SUBDIR += vlog Added: head/security/vault/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/vault/Makefile Fri Jun 26 17:02:42 2015 (r390652) @@ -0,0 +1,101 @@ +# $FreeBSD$ + +PORTNAME= vault +PORTVERSION= 0.1.2 +DISTVERSIONPREFIX= v +CATEGORIES= security + +MAINTAINER= swills@FreeBSD.org +COMMENT= Tool for securely accessing secrets + +BUILD_DEPENDS= ${LOCALBASE}/bin/go:${PORTSDIR}/lang/go + +USE_GITHUB= yes +GH_ACCOUNT= hashicorp:DEFAULT,consul,errwrap,gomultierror,hcl,awssdkgo,syslog,lru,logutils \ + mitchellh:cli,copystructure,gohomedir,mapstructure,reflectwalk \ + vaughan0:goini golang:crypto,oauth2,net armon:gometrics,goradix \ + go-sql-driver:mysql kardianos:osext lib:pq ryanuber:columnize samuel:zk vanackere:ldap,asn google:querystring,github +GH_PROJECT= consul:consul errwrap:errwrap go-multierror:gomultierror \ + hcl:hcl cli:cli copystructure:copystructure go-homedir:gohomedir \ + mapstructure:mapstructure osext:osext \ + reflectwalk:reflectwalk go-ini:goini aws-sdk-go:awssdkgo \ + crypto:crypto \ + oauth2:oauth2 \ + net:net \ + go-metrics:gometrics go-radix:goradix mysql:mysql go-github:github go-syslog:syslog golang-lru:lru \ + logutils:logutils pq:pq columnize:columnize go-zookeeper:zk ldap:ldap go-querystring:querystring \ + asn1-ber:asn +GH_TAGNAME= 7062ecc:consul 7554cd9:errwrap fcdddc3:gomultierror \ + 513e04c:hcl 6cc8bc5:cli 6fc6626:copystructure \ + 1f6da4a:gohomedir 442e588:mapstructure 242be0c:reflectwalk \ + a98ad7e:goini 5943553:crypto \ + ec6d5d7:oauth2 a8c6199:net \ + a54701e:gometrics 0bab926:goradix a197e5d:mysql 0aaa85b:github e6ea0192:awssdkgo 42a2b57:syslog d85392d:lru 367a65d:logutils 8fef92e:osext 8910d1c:pq \ + 44cb4788:columnize d0e0d8e1:zk e29b797:ldap 547ef5a:querystring 295c7b2:asn + +STRIP= # stripping can break go binaries + +USE_RC_SUBR= vault + +USERS= vault +GRUOPS= vault + +PLIST_FILES= bin/${PORTNAME} + +post-extract: + @${MKDIR} ${WRKSRC}/src/github.com/${GH_ACCOUNT}/${PORTNAME} +.for src in Godeps LICENSE Makefile README.md api audit builtin cli command \ + helper http logical main.go main_test.go make.bat physical scripts \ + shamir test vault website CHANGELOG.md .gitignore .travis.yml + @${MV} ${WRKSRC}/${src} \ + ${WRKSRC}/src/github.com/hashicorp/${PORTNAME} +.endfor + @${MKDIR} ${WRKSRC}/src/github.com/mitchellh + @${MKDIR} ${WRKSRC}/src/github.com/vaughan0 + @${MKDIR} ${WRKSRC}/src/github.com/golang + @${MKDIR} ${WRKSRC}/src/github.com/armon + @${MKDIR} ${WRKSRC}/src/github.com/go-sql-driver + @${MKDIR} ${WRKSRC}/src/github.com/google + @${MKDIR} ${WRKSRC}/src/github.com/vanackere + @${MKDIR} ${WRKSRC}/src/github.com/samuel + @${MKDIR} ${WRKSRC}/src/github.com/ryanuber + @${MKDIR} ${WRKSRC}/src/github.com/lib + @${MKDIR} ${WRKSRC}/src/github.com/kardianos + @${MKDIR} ${WRKSRC}/src/golang.org/x + @${MV} ${WRKSRC_osext} ${WRKSRC}/src/github.com/kardianos/osext + @${MV} ${WRKSRC_reflectwalk} ${WRKSRC}/src/github.com/mitchellh/reflectwalk + @${MV} ${WRKSRC_mapstructure} ${WRKSRC}/src/github.com/mitchellh/mapstructure + @${MV} ${WRKSRC_gohomedir} ${WRKSRC}/src/github.com/mitchellh/go-homedir + @${MV} ${WRKSRC_copystructure} ${WRKSRC}/src/github.com/mitchellh/copystructure + @${MV} ${WRKSRC_cli} ${WRKSRC}/src/github.com/mitchellh/cli + @${MV} ${WRKSRC_hcl} ${WRKSRC}/src/github.com/hashicorp/hcl + @${MV} ${WRKSRC_gomultierror} ${WRKSRC}/src/github.com/hashicorp/go-multierror + @${MV} ${WRKSRC_errwrap} ${WRKSRC}/src/github.com/hashicorp/errwrap + @${MV} ${WRKSRC_consul} ${WRKSRC}/src/github.com/hashicorp/consul + @${MV} ${WRKSRC_awssdkgo} ${WRKSRC}/src/github.com/hashicorp/aws-sdk-go + @${MV} ${WRKSRC_goini} ${WRKSRC}/src/github.com/vaughan0/go-ini + @${MV} ${WRKSRC_crypto} ${WRKSRC}/src/golang.org/x/crypto + @${MV} ${WRKSRC_oauth2} ${WRKSRC}/src/golang.org/x/oauth2 + @${CP} -r ${WRKSRC_net} ${WRKSRC}/src/golang.org/x/net + @${MV} ${WRKSRC_net} ${WRKSRC}/src/github.com/golang/net + @${MV} ${WRKSRC_gometrics} ${WRKSRC}/src/github.com/armon/go-metrics + @${MV} ${WRKSRC_goradix} ${WRKSRC}/src/github.com/armon/go-radix + @${MV} ${WRKSRC_mysql} ${WRKSRC}/src/github.com/go-sql-driver/mysql + @${MV} ${WRKSRC_github} ${WRKSRC}/src/github.com/google/go-github + @${MV} ${WRKSRC_ldap} ${WRKSRC}/src/github.com/vanackere/ldap + @${MV} ${WRKSRC_zk} ${WRKSRC}/src/github.com/samuel/go-zookeeper + @${MV} ${WRKSRC_columnize} ${WRKSRC}/src/github.com/ryanuber/columnize + @${MV} ${WRKSRC_pq} ${WRKSRC}/src/github.com/lib/pq + @${MV} ${WRKSRC_lru} ${WRKSRC}/src/github.com/hashicorp/golang-lru + @${MV} ${WRKSRC_logutils} ${WRKSRC}/src/github.com/hashicorp/logutils + @${MV} ${WRKSRC_syslog} ${WRKSRC}/src/github.com/hashicorp/go-syslog + @${MV} ${WRKSRC_querystring} ${WRKSRC}/src/github.com/google/go-querystring + @${MV} ${WRKSRC_asn} ${WRKSRC}/src/github.com/vanackere/asn1-ber + +do-build: + @cd ${WRKSRC}/src/github.com/${GH_ACCOUNT}/${PORTNAME}; ${SETENV} ${BUILD_ENV} GOPATH=${WRKSRC} go build -o bin/${PORTNAME} + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/src/github.com/${GH_ACCOUNT}/${PORTNAME}/bin/${PORTNAME} ${STAGEDIR}${PREFIX}/bin/${PORTNAME} + +.include Added: head/security/vault/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/vault/distinfo Fri Jun 26 17:02:42 2015 (r390652) @@ -0,0 +1,58 @@ +SHA256 (hashicorp-vault-v0.1.2_GH0.tar.gz) = b8d56f1ebd11f5d80a6a6728b6c9ac399c7e507e3e9fe8830966be50ba15d1b3 +SIZE (hashicorp-vault-v0.1.2_GH0.tar.gz) = 1158880 +SHA256 (hashicorp-consul-7062ecc_GH0.tar.gz) = a0fdd64eaf00d9e431bbc3cebe880aed650d73cf6090a663f53d4f4e140c3094 +SIZE (hashicorp-consul-7062ecc_GH0.tar.gz) = 1810922 +SHA256 (hashicorp-errwrap-7554cd9_GH0.tar.gz) = b800e361c15decd0ebb39a0ff02ad046a1fc81021267f8625232f3921617daa0 +SIZE (hashicorp-errwrap-7554cd9_GH0.tar.gz) = 8312 +SHA256 (hashicorp-go-multierror-fcdddc3_GH0.tar.gz) = e730020ed331e0fed430a5f725de4c5f61aa7f240258f797833d1689efb178b0 +SIZE (hashicorp-go-multierror-fcdddc3_GH0.tar.gz) = 8064 +SHA256 (hashicorp-hcl-513e04c_GH0.tar.gz) = 9cb1e4a7fb176da78d8e9d001faf4290ed3717659f663e37ee5937544f22ee3c +SIZE (hashicorp-hcl-513e04c_GH0.tar.gz) = 28683 +SHA256 (hashicorp-aws-sdk-go-e6ea0192_GH0.tar.gz) = 2c17b0e6edb3a57a57b76b1b9d9a80a09d9342189a37f779b2c4448a8e33e06a +SIZE (hashicorp-aws-sdk-go-e6ea0192_GH0.tar.gz) = 1137111 +SHA256 (hashicorp-go-syslog-42a2b57_GH0.tar.gz) = c092db8da3dc2c7279b4ad6afbb6ee7c4daae9ac3020a591096be59f94330544 +SIZE (hashicorp-go-syslog-42a2b57_GH0.tar.gz) = 4394 +SHA256 (hashicorp-golang-lru-d85392d_GH0.tar.gz) = e59effc493d0e08cff39a9e08d9be543a0426d6757009fc61f343f370e6c59cb +SIZE (hashicorp-golang-lru-d85392d_GH0.tar.gz) = 7529 +SHA256 (hashicorp-logutils-367a65d_GH0.tar.gz) = 8d5c3590f17c3bd5cb11d3edf93ee082fe3fb18a05edfddca4aaa2e7c064cd1e +SIZE (hashicorp-logutils-367a65d_GH0.tar.gz) = 7703 +SHA256 (mitchellh-cli-6cc8bc5_GH0.tar.gz) = 548d9450e53b527aaa494d060769d91449f2daeeed4ae77e818117b169f19937 +SIZE (mitchellh-cli-6cc8bc5_GH0.tar.gz) = 12683 +SHA256 (mitchellh-copystructure-6fc6626_GH0.tar.gz) = b632b0536ab26766989d11287d798417b7583e4f55928ee2c1100d11a222d64a +SIZE (mitchellh-copystructure-6fc6626_GH0.tar.gz) = 4029 +SHA256 (mitchellh-go-homedir-1f6da4a_GH0.tar.gz) = 833deeb737da785f28dce3dc349ab229224a1c9694e3636c3588c54171404b24 +SIZE (mitchellh-go-homedir-1f6da4a_GH0.tar.gz) = 2533 +SHA256 (mitchellh-mapstructure-442e588_GH0.tar.gz) = 5ca01f6ba1175733ae94a13e532e9465b11951519dcdcc6693651842ed1d6205 +SIZE (mitchellh-mapstructure-442e588_GH0.tar.gz) = 12216 +SHA256 (mitchellh-reflectwalk-242be0c_GH0.tar.gz) = c45c6a1f86290d328970e94f9cd9f974b3509dbb287f93a5675ceae397353d3f +SIZE (mitchellh-reflectwalk-242be0c_GH0.tar.gz) = 4286 +SHA256 (vaughan0-go-ini-a98ad7e_GH0.tar.gz) = f8daa0afa08af1fdce4747074602078c72f49fd60c7d8dc3d07b6b7e70cd5f82 +SIZE (vaughan0-go-ini-a98ad7e_GH0.tar.gz) = 3694 +SHA256 (golang-crypto-5943553_GH0.tar.gz) = ecd188aab5696d312e6997e68ef87180ddec5da9a0a85bd37c9b23cc90e6900a +SIZE (golang-crypto-5943553_GH0.tar.gz) = 863999 +SHA256 (golang-oauth2-ec6d5d7_GH0.tar.gz) = 146c50836d1d2cf68fe3247fc45ec08fc057d8b114055c905f849da7f01d1fe1 +SIZE (golang-oauth2-ec6d5d7_GH0.tar.gz) = 31622 +SHA256 (golang-net-a8c6199_GH0.tar.gz) = 1dff8cbf7938a37d3854ca725dc4c3570a6a21d2dd5b9c6db060e11207fa9e0c +SIZE (golang-net-a8c6199_GH0.tar.gz) = 447930 +SHA256 (armon-go-metrics-a54701e_GH0.tar.gz) = 31550ea79de7e4e5beadfa6d3b43dd58a1ce144cbda29c74970cc6ebb956cd05 +SIZE (armon-go-metrics-a54701e_GH0.tar.gz) = 11259 +SHA256 (armon-go-radix-0bab926_GH0.tar.gz) = 2ff6c92d418018e16078ce5b51287cb429f79d73dca62b63f77c37b66fbdf9d1 +SIZE (armon-go-radix-0bab926_GH0.tar.gz) = 5447 +SHA256 (go-sql-driver-mysql-a197e5d_GH0.tar.gz) = 702ba416214096c0318c7e133ab21958b110d6f580336458634f15c31b3d3ad1 +SIZE (go-sql-driver-mysql-a197e5d_GH0.tar.gz) = 51540 +SHA256 (kardianos-osext-8fef92e_GH0.tar.gz) = 99fcad3b0fb5b27233eeb83118f4885d300f474632090573c1d544b95f473d8c +SIZE (kardianos-osext-8fef92e_GH0.tar.gz) = 4067 +SHA256 (lib-pq-8910d1c_GH0.tar.gz) = 1c2d716c7a87ac8bfd96c63792b532bc7f3fe4c5a148213bf2896df8e6fd515d +SIZE (lib-pq-8910d1c_GH0.tar.gz) = 63875 +SHA256 (ryanuber-columnize-44cb4788_GH0.tar.gz) = 97a0f41b437382cfa388f9312b8ec971288f1459c6cea68c115fdf28e4282e10 +SIZE (ryanuber-columnize-44cb4788_GH0.tar.gz) = 3676 +SHA256 (samuel-go-zookeeper-d0e0d8e1_GH0.tar.gz) = 30723a529db542aeb35d57e6a899f89fd097391c702554ad83971403296553ae +SIZE (samuel-go-zookeeper-d0e0d8e1_GH0.tar.gz) = 24955 +SHA256 (vanackere-ldap-e29b797_GH0.tar.gz) = 13e568d3929248fd1759c0c3903b94486bfe332af92c033b72880cc4cfafd0e5 +SIZE (vanackere-ldap-e29b797_GH0.tar.gz) = 15884 +SHA256 (vanackere-asn1-ber-295c7b2_GH0.tar.gz) = 4358659b06bdb1346dbe5cb66b10ba995690737ba4804cb6cc4d92742cd15d3a +SIZE (vanackere-asn1-ber-295c7b2_GH0.tar.gz) = 5954 +SHA256 (google-go-querystring-547ef5a_GH0.tar.gz) = 949a780dfac94ce95521a1eb29d4f4bd4df20a02f8786cf817611b3e52ce0853 +SIZE (google-go-querystring-547ef5a_GH0.tar.gz) = 7228 +SHA256 (google-go-github-0aaa85b_GH0.tar.gz) = 341d20f31e6ddb2f6a969fae2cba9849fa04a055df4955d6c0f06561bd18e0a1 +SIZE (google-go-github-0aaa85b_GH0.tar.gz) = 87252 Added: head/security/vault/files/patch-src_github.com_hashicorp_vault_helper_password_password__unix.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/vault/files/patch-src_github.com_hashicorp_vault_helper_password_password__unix.go Fri Jun 26 17:02:42 2015 (r390652) @@ -0,0 +1,8 @@ +--- src/github.com/hashicorp/vault/helper/password/password_unix.go.orig 2015-05-11 18:30:01 UTC ++++ src/github.com/hashicorp/vault/helper/password/password_unix.go +@@ -1,4 +1,4 @@ +-// +build linux darwin ++// +build linux darwin freebsd + + package password + Added: head/security/vault/files/vault.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/vault/files/vault.in Fri Jun 26 17:02:42 2015 (r390652) @@ -0,0 +1,53 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: vault +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# vault_enable (bool): Set to NO by default. +# Set it to YES to enable vault. +# vault_user (user): Set user to run vault. +# Default is "vault". +# vault_group (group): Set group to run vault. +# Default is "vault". +# vault_config (dir): Set vault config file. +# Default is "%%PREFIX%%/etc/vault.hcl". +# vault_env (dir): Set environment variables used with vault +# Default is "". + +. /etc/rc.subr + +name=vault +rcvar=vault_enable + +load_rc_config $name + +: ${vault_enable:="NO"} +: ${vault_user:="vault"} +: ${vault_group:="vault"} +: ${vault_config:="%%PREFIX%%/etc/vault.hcl"} +: ${vault_env:=""} + +pidfile=/var/run/vault.pid +procname="%%PREFIX%%/bin/vault" +command="/usr/sbin/daemon" +command_args="-f -p ${pidfile} /usr/bin/env ${vault_env} ${procname} server -config=${vault_config}" + +start_precmd=vault_startprecmd + +vault_startprecmd() +{ + if [ ! -e ${pidfile} ]; then + install -o ${vault_user} -g ${vault_group} /dev/null ${pidfile}; + fi + + if [ ! -d ${vault_dir} ]; then + install -d -o ${vault_user} -g ${vault_group} ${vault_dir} + fi + +} Added: head/security/vault/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/vault/pkg-descr Fri Jun 26 17:02:42 2015 (r390652) @@ -0,0 +1,6 @@ +Vault is a tool for securely accessing secrets. A secret is anything that you +want to tightly control access to, such as API keys, passwords, certificates, +and more. Vault provides a unified interface to any secret, while providing +tight access control and recording a detailed audit log. + +WWW: https://vaultproject.io/