Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 20 Sep 2016 18:31:33 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 212863] security/vault: update 5.3 to 6.1
Message-ID:  <bug-212863-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212863

            Bug ID: 212863
           Summary: security/vault: update 5.3 to 6.1
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: swills@FreeBSD.org
          Reporter: dch@skunkwerks.at
          Assignee: swills@FreeBSD.org
             Flags: maintainer-feedback?(swills@FreeBSD.org)

Created attachment 175012
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D175012&action=
=3Dedit
v1 patch

# update & fixes

- use upstream mlock (verified to work)
- add vault tag in process name to daemon(8)
- update version tag from portstree Makefile

In the end I left the daemon restart & pid management flags alone, until I =
can
replicate the issue I had in production -- changing it seem to make matters
worse and the vault is anyway sealed until admins re-open it.

# qa

- poudriere OK (11.0-RC3 amd64, 10.3R amd64 & i386, 9.3R amd64 & i386)
- portlint OK
- confirmed mlock works when using daemon & dropped privileges:

```
# limits -C daemon su -m vault -c 'sh -c "/usr/local/bin/vault server
-config=3D/usr/local/etc/vault.hcl | tee -a /var/log/vault/console.log"'
=3D=3D> Vault server configuration:

                 Backend: s3
              Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "", t=
ls:
"enabled")
               Log Level: info
                   Mlock: supported: true, enabled: true
                 Version: Vault v0.6.1

=3D=3D> Vault server started! Log data will stream in below:
```

incidentally if there is a logrotation friendly way to grab console data
instead of tee(1) please let me know, the actual steps above did work, just=
 no
response from SIGHUP et al.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-212863-13>