Date: Thu, 25 Apr 2019 21:00:52 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r500070 - in head: . security/vault security/vault/files Message-ID: <201904252100.x3PL0qnF066880@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Thu Apr 25 21:00:52 2019 New Revision: 500070 URL: https://svnweb.freebsd.org/changeset/ports/500070 Log: security/vault: add vault user to daemon class This allows use of mlock() when vault is started via rc script. Submitted by: dch Reviewed by: jrm Differential Revision: https://reviews.freebsd.org/D20025 Added: head/security/vault/files/pkg-message.in (contents, props changed) Modified: head/UIDs head/security/vault/Makefile (contents, props changed) Modified: head/UIDs ============================================================================== --- head/UIDs Thu Apr 25 19:42:01 2019 (r500069) +++ head/UIDs Thu Apr 25 21:00:52 2019 (r500070) @@ -416,7 +416,7 @@ netmon:*:467:467::0:0:Network monitor account:/var/net slurm:*:468:468::0:0:SLURM Daemon:/nonexistent:/usr/sbin/nologin consul:*:469:469::0:0:Consul Daemon:/var/tmp/consul:/usr/sbin/nologin serf:*:470:470::0:0:Serf Daemon:/nonexistent:/usr/sbin/nologin -vault:*:471:471::0:0:Vault Daemon:/nonexistent:/usr/sbin/nologin +vault:*:471:471:daemon:0:0:Vault Daemon:/nonexistent:/usr/sbin/nologin nomad:*:472:472::0:0:Nomad Daemon:/var/tmp/nomad:/usr/sbin/nologin minio:*:473:473::0:0:Minio Daemon:/var/tmp/minio:/usr/sbin/nologin gitlab-runner:*:474:474::0:0:GitLab Runner Daemon:/var/tmp/gitlab_runner:/usr/sbin/nologin Modified: head/security/vault/Makefile ============================================================================== --- head/security/vault/Makefile Thu Apr 25 19:42:01 2019 (r500069) +++ head/security/vault/Makefile Thu Apr 25 21:00:52 2019 (r500070) @@ -2,6 +2,7 @@ PORTNAME= vault PORTVERSION= 1.1.2 +PORTREVISION= 1 DISTVERSIONPREFIX= v CATEGORIES= security @@ -26,6 +27,7 @@ USERS= vault GROUPS= vault PLIST_FILES= bin/${PORTNAME} +SUB_FILES= pkg-message post-patch: @${CP} ${WRKDIR}/vaultui-${PORTVERSION}/http/bindata_assetfs.go ${WRKDIR}/vault-${PORTVERSION}/http/bindata_assetfs.go Added: head/security/vault/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/vault/files/pkg-message.in Thu Apr 25 21:00:52 2019 (r500070) @@ -0,0 +1,19 @@ +The vault user created by the vault package is now a member of the daemon +class, which will allow it to use mlock() when started by the rc script. This +will not be reflected in systems where the user already exists. Please add the +vault user to the daemon class manually by running: + +pw usermod -L daemon -n vault + +or delete the user and reinstall the package. + +You may also need to increase memorylocked for the daemon class in +/etc/login.conf to 256M or more and run: + +cap_mkdb /etc/login.conf + +Or to disable mlock, add: + +disable_mlock = 1 + +to %%PREFIX%%/etc/vault.hcl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201904252100.x3PL0qnF066880>