mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-17 19:39:43 +00:00
security/openbao: New port: open source, community-driven fork of Vault
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. The OpenBao community intends to provide this software under an OSI-approved open-source license, led by a community run under open governance principles. https://openbao.org https://github.com/openbao/openbao PR: 280619
This commit is contained in:
parent
744834fc05
commit
a9cd810269
2
GIDs
2
GIDs
@ -422,7 +422,7 @@ prometheus:*:478:
|
||||
alertmanager:*:479:
|
||||
datadog:*:480:
|
||||
promxy:*:481:
|
||||
# free: 482
|
||||
openbao:*:482:
|
||||
# free: 483
|
||||
# free: 484
|
||||
# free: 485
|
||||
|
2
UIDs
2
UIDs
@ -427,7 +427,7 @@ prometheus:*:478:478::0:0:Prometheus Daemon:/var/tmp/prometheus:/usr/sbin/nologi
|
||||
alertmanager:*:479:479::0:0:Alertmanager Daemon:/var/tmp/alertmanager:/usr/sbin/nologin
|
||||
datadog:*:480:480::0:0:DataDog Agent:/var/db/datadog:/usr/sbin/nologin
|
||||
promxy:*:481:481::0:0:Promxy Daemon:/nonexistent:/usr/sbin/nologin
|
||||
# free: 482
|
||||
openbao:*:482:482:daemon:0:0:OpenBao Daemon:/nonexistent:/usr/sbin/nologin
|
||||
# free: 483
|
||||
# free: 484
|
||||
# free: 485
|
||||
|
@ -427,6 +427,7 @@
|
||||
SUBDIR += olm
|
||||
SUBDIR += onionscan
|
||||
SUBDIR += op
|
||||
SUBDIR += openbao
|
||||
SUBDIR += openbsm
|
||||
SUBDIR += openca-ocspd
|
||||
SUBDIR += openconnect
|
||||
|
43
security/openbao/Makefile
Normal file
43
security/openbao/Makefile
Normal file
@ -0,0 +1,43 @@
|
||||
PORTNAME= openbao
|
||||
DISTVERSIONPREFIX= v
|
||||
DISTVERSION= 2.0.1
|
||||
CATEGORIES= security
|
||||
MASTER_SITES+= https://raw.githubusercontent.com/${PORTNAME}/${PORTNAME}/${DISTVERSIONFULL}/
|
||||
DISTFILES= go.mod \
|
||||
api/go.mod \
|
||||
api/auth/approle/go.mod \
|
||||
api/auth/kubernetes/go.mod \
|
||||
api/auth/userpass/go.mod \
|
||||
sdk/go.mod
|
||||
|
||||
MAINTAINER= jake@metalrip.com
|
||||
COMMENT= Tool for securely accessing secrets
|
||||
WWW= https://openbao.org/
|
||||
|
||||
LICENSE= MPL20
|
||||
LICENSE_FILE= ${WRKSRC}/LICENSE
|
||||
|
||||
USES= go:1.22,modules
|
||||
USE_GITHUB= yes
|
||||
USE_RC_SUBR= ${PORTNAME}
|
||||
|
||||
GO_MODULE= github.com/${PORTNAME}/${PORTNAME}
|
||||
GO_TARGET= :${BIN_NAME}
|
||||
GO_BUILDFLAGS= -ldflags="-s \
|
||||
-X ${GO_MODULE}/version.GitCommit=${GITID} \
|
||||
-X ${GO_MODULE}/version.BuildDate=${SOURCE_DATE_EPOCH} \
|
||||
-X ${GO_MODULE}/version.fullVersion=${DISTVERSION}"
|
||||
|
||||
SUB_FILES= pkg-message
|
||||
SUB_LIST= USER=${USERS} GROUP=${GROUPS}
|
||||
USERS= ${PORTNAME}
|
||||
GROUPS= ${PORTNAME}
|
||||
|
||||
PLIST_FILES= bin/${BIN_NAME}
|
||||
|
||||
BIN_NAME= bao
|
||||
GITID= 700fe3f27ab1f0ec39ce20c36f6d9d97c9fe6ac3
|
||||
SOURCE_DATE_EPOCH= ${TIMEEPOCHNOW:gmtime}
|
||||
TIMEEPOCHNOW= %Y-%m-%dT%H:%M:%SZ
|
||||
|
||||
.include <bsd.port.mk>
|
15
security/openbao/distinfo
Normal file
15
security/openbao/distinfo
Normal file
@ -0,0 +1,15 @@
|
||||
TIMESTAMP = 1726704320
|
||||
SHA256 (go/security_openbao/openbao-openbao-v2.0.1_GH0/go.mod) = 07afdd23371122e726777b23ce81437992633589629dcaadc173109f58ba5e98
|
||||
SIZE (go/security_openbao/openbao-openbao-v2.0.1_GH0/go.mod) = 18131
|
||||
SHA256 (go/security_openbao/openbao-openbao-v2.0.1_GH0/api/go.mod) = aae819cfafff9f54e6e58983b0277797a4744df72f7db2e3d81ffac32ce960b6
|
||||
SIZE (go/security_openbao/openbao-openbao-v2.0.1_GH0/api/go.mod) = 1525
|
||||
SHA256 (go/security_openbao/openbao-openbao-v2.0.1_GH0/api/auth/approle/go.mod) = 37d743ea994960230616092168903b7e806607fbda94757b28d646be105bee4c
|
||||
SIZE (go/security_openbao/openbao-openbao-v2.0.1_GH0/api/auth/approle/go.mod) = 182
|
||||
SHA256 (go/security_openbao/openbao-openbao-v2.0.1_GH0/api/auth/kubernetes/go.mod) = cf1312fefbf43849805eb13b283556f500f246635c4f39f459908d854dacf41a
|
||||
SIZE (go/security_openbao/openbao-openbao-v2.0.1_GH0/api/auth/kubernetes/go.mod) = 185
|
||||
SHA256 (go/security_openbao/openbao-openbao-v2.0.1_GH0/api/auth/userpass/go.mod) = 41994758ed7b2ba521e641b3ea77a46371e748ce675fffd39ed1b87eb64342ec
|
||||
SIZE (go/security_openbao/openbao-openbao-v2.0.1_GH0/api/auth/userpass/go.mod) = 183
|
||||
SHA256 (go/security_openbao/openbao-openbao-v2.0.1_GH0/sdk/go.mod) = df45cdcb8dd0c366f9b49ed401f2a9087a28f8d25fdef627d0998dfca0449eda
|
||||
SIZE (go/security_openbao/openbao-openbao-v2.0.1_GH0/sdk/go.mod) = 4653
|
||||
SHA256 (go/security_openbao/openbao-openbao-v2.0.1_GH0/openbao-openbao-v2.0.1_GH0.tar.gz) = 820f9dcc1a42982dbdb87fefceb714e2a9600f5aeeeafcf1ea2509c774d1a42f
|
||||
SIZE (go/security_openbao/openbao-openbao-v2.0.1_GH0/openbao-openbao-v2.0.1_GH0.tar.gz) = 15762632
|
89
security/openbao/files/openbao.in
Normal file
89
security/openbao/files/openbao.in
Normal file
@ -0,0 +1,89 @@
|
||||
#!/bin/sh
|
||||
|
||||
# PROVIDE: openbao
|
||||
# REQUIRE: DAEMON
|
||||
# KEYWORD: shutdown
|
||||
#
|
||||
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
|
||||
# to enable this service:
|
||||
#
|
||||
# openbao_enable (bool): Set it to YES to enable openbao.
|
||||
# Default is "NO".
|
||||
# openbao_user (user): Set user to run openbao.
|
||||
# Default is "%%USER%%".
|
||||
# openbao_group (group): Set group to run openbao.
|
||||
# Default is "%%GROUP%%".
|
||||
# openbao_config (file): Set openbao config file.
|
||||
# Default is "%%PREFIX%%/etc/openbao.hcl".
|
||||
# openbao_syslog_output_enable (bool): Set to enable syslog output.
|
||||
# Default is "NO". See daemon(8).
|
||||
# openbao_syslog_output_priority (str): Set syslog priority if syslog enabled.
|
||||
# Default is "info". See daemon(8).
|
||||
# openbao_syslog_output_facility (str): Set syslog facility if syslog enabled.
|
||||
# Default is "daemon". See daemon(8).
|
||||
# openbao_limits_mlock (size): Allowed memorylocked value in size.
|
||||
# Default is 1024M.
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name=openbao
|
||||
rcvar=openbao_enable
|
||||
|
||||
load_rc_config $name
|
||||
|
||||
: ${openbao_enable:="NO"}
|
||||
: ${openbao_user:="%%USER%%"}
|
||||
: ${openbao_group:="%%GROUP%%"}
|
||||
: ${openbao_config:="%%PREFIX%%/etc/openbao.hcl"}
|
||||
: ${openbao_limits_mlock:="1024M"}
|
||||
: ${openbao_limits:="-l ${openbao_limits_mlock}"}
|
||||
|
||||
DAEMON=$(/usr/sbin/daemon 2>&1 | grep -q syslog ; echo $?)
|
||||
if [ ${DAEMON} -eq 0 ]; then
|
||||
: ${openbao_syslog_output_enable:="NO"}
|
||||
: ${openbao_syslog_output_priority:="info"}
|
||||
: ${openbao_syslog_output_facility:="daemon"}
|
||||
if checkyesno openbao_syslog_output_enable; then
|
||||
openbao_syslog_output_flags="-T ${name}"
|
||||
|
||||
if [ -n "${openbao_syslog_output_priority}" ]; then
|
||||
openbao_syslog_output_flags="${openbao_syslog_output_flags} -s ${openbao_syslog_output_priority}"
|
||||
fi
|
||||
|
||||
if [ -n "${openbao_syslog_output_facility}" ]; then
|
||||
openbao_syslog_output_flags="${openbao_syslog_output_flags} -l ${openbao_syslog_output_facility}"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
openbao_syslog_output_enable="NO"
|
||||
openbao_syslog_output_flags=""
|
||||
fi
|
||||
|
||||
pidfile=/var/run/openbao.pid
|
||||
procname="%%PREFIX%%/bin/bao"
|
||||
command="/usr/sbin/daemon"
|
||||
command_args="-f -t ${name} ${openbao_syslog_output_flags} -p ${pidfile} /usr/bin/env ${openbao_env} ${procname} server -config=${openbao_config}"
|
||||
|
||||
extra_commands="reload monitor"
|
||||
monitor_cmd=openbao_monitor
|
||||
start_precmd=openbao_startprecmd
|
||||
required_files="$openbao_config"
|
||||
|
||||
openbao_monitor()
|
||||
{
|
||||
sig_reload=USR1
|
||||
run_rc_command "reload"
|
||||
}
|
||||
|
||||
openbao_startprecmd()
|
||||
{
|
||||
if [ ! -e ${pidfile} ]; then
|
||||
install -o ${openbao_user} -g ${openbao_group} /dev/null ${pidfile};
|
||||
fi
|
||||
|
||||
if [ ! -d ${openbao_dir} ]; then
|
||||
install -d -o ${openbao_user} -g ${openbao_group} ${openbao_dir}
|
||||
fi
|
||||
}
|
||||
|
||||
run_rc_command "$1"
|
25
security/openbao/files/pkg-message.in
Normal file
25
security/openbao/files/pkg-message.in
Normal file
@ -0,0 +1,25 @@
|
||||
[
|
||||
{ type: install
|
||||
message: <<EOM
|
||||
The %%USER%% user created by the bao package is now a member of the daemon
|
||||
class, which will allow it to use mlock() when started by the rc script. This
|
||||
will not be reflected in systems where the user already exists. Please add the
|
||||
bao user to the daemon class manually by running:
|
||||
|
||||
pw usermod -L daemon -n %%USER%%
|
||||
|
||||
or delete the user and reinstall the package.
|
||||
|
||||
You may also need to increase memorylocked for the daemon class in
|
||||
/etc/rc.conf to more than 1024M (the default) or more:
|
||||
|
||||
openbao_limits_mlock="2048M"
|
||||
|
||||
Or to disable mlock, add:
|
||||
|
||||
disable_mlock = 1
|
||||
|
||||
to %%PREFIX%%/etc/openbao.hcl
|
||||
EOM
|
||||
}
|
||||
]
|
4
security/openbao/pkg-descr
Normal file
4
security/openbao/pkg-descr
Normal file
@ -0,0 +1,4 @@
|
||||
OpenBao is a tool for securely accessing secrets. A secret is anything that you
|
||||
want to tightly control access to, such as API keys, passwords, certificates,
|
||||
and more. OpenBao provides a unified interface to any secret, while providing
|
||||
tight access control and recording a detailed audit log.
|
Loading…
Reference in New Issue
Block a user