# Contributor: Hoang Nguyen # Contributor: Christian Kampka # Contributor: omni # Maintainer: Mike Crute pkgname=vault pkgver=1.14.1 pkgrel=0 pkgdesc="Tool for encryption as a service, secrets and privileged access management" url="https://www.vaultproject.io/" # riscv64: ftbfs # arm: https://github.com/golang/go/issues/58425 arch="all !armhf !armv7 !riscv64" license="MPL-2.0" makedepends=" libcap-utils make go python3 nodejs npm yarn " install="$pkgname.pre-install" pkgusers="vault" pkggroups="vault" subpackages="$pkgname-openrc" options="setcap !check" source="$pkgname-$pkgver.tar.gz::https://github.com/hashicorp/vault/archive/v$pkgver.tar.gz vault.confd vault.hcl vault.initd " # secfixes: # 1.14.0-r0: # - CVE-2023-2121 # 1.13.2-r0: # - CVE-2023-2197 # 1.11.4-r0: # - CVE-2022-41316 # 1.9.4-r0: # - CVE-2022-25243 # - CVE-2022-25244 # 1.7.2-r0: # - CVE-2021-32923 # 1.7.1-r0: # - CVE-2021-27400 # - CVE-2021-27668 # 1.6.3-r0: # - CVE-2021-3282 # 1.5.7-r0: # - CVE-2020-25594 # - CVE-2021-3024 # 1.5.6-r0: # - CVE-2020-35177 # 1.5.4-r0: # - CVE-2020-16250 # - CVE-2020-16251 # - CVE-2020-17455 # - CVE-2020-25816 # 1.4.3-r0: # - CVE-2020-13223 export CGO_ENABLED=0 export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}" export GOTMPDIR="${GOTMPDIR:-"$srcdir"}" export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}" export GOFLAGS="$GOFLAGS -trimpath -mod=readonly -modcacherw" build() { # Runs go-get to fetch tools dependencies make bootstrap # Build plugins grep "^[a-z].*plugin[:]" Makefile | cut -f1 -d: | while IFS= read -r plugin; do echo "--> Building $plugin" make "$plugin" done # Build Web UI # # JOBS needs to be limited because the builders have many cores which # causes nodejs to run a thread per core and crash with std::bad_alloc # errors case "$CARCH" in # sass C library fails to link with musl on x86 # s390x hangs in yarn build forever x86|s390x) _gotags="vault" ;; *) JOBS=4 NODE_OPTIONS="--openssl-legacy-provider" make static-dist _gotags="vault ui" ;; esac local _goldflags=" -X github.com/hashicorp/vault/sdk/version.Version=$pkgver -X github.com/hashicorp/vault/sdk/version.GitCommit=AlpineLinux -X github.com/hashicorp/vault/sdk/version.BuildDate=$(date ${SOURCE_DATE_EPOCH:+ -d@${SOURCE_DATE_EPOCH}} "+%Y-%m-%dT%H:%M:%SZ") " go build -v -o bin/$pkgname -ldflags "$_goldflags" -tags "$_gotags" } package() { install -m755 -D "$srcdir/$pkgname.initd" \ "$pkgdir/etc/init.d/$pkgname" install -m644 -D "$srcdir/$pkgname.confd" \ "$pkgdir/etc/conf.d/$pkgname" install -m755 -o root -g vault -D bin/$pkgname \ "$pkgdir/usr/sbin/$pkgname" # Allow vault to use mlock as "vault" user. setcap cap_ipc_lock=+ep \ "$pkgdir/usr/sbin/$pkgname" install -m640 -o root -g vault -D "$srcdir/$pkgname.hcl" \ "$pkgdir/etc/$pkgname.hcl" install -m750 -o vault -g vault -d "$pkgdir/var/lib/$pkgname" } sha512sums=" 4e9596951258099fa37b18aac424bc76cfdfd46a6cc885e991d7e8e0368d548db74e5896d3ad6ebdaf643f68012acc2a94b29e374ef8f54532851dceb96ebc0e vault-1.14.1.tar.gz 6f3f30e5c9d9dd5117f18fce0e669f0cd752a6be4910405d6b394f15273372731ee887a5ba4c700293e5b8bc2bf40fd69d4337156f77b03549d2dc2c0a666bec vault.confd eed200a6db0686a9f9948a2fce151340125cddc209522b4b6de22c447c78296eaf948c80ee8fd241e0093df6409477f2de1aea23edb97f27a4427396fe03ad2f vault.hcl 9a1846a10eff015cf7d4c8c2c20540c125213302925e54bdfae1c1ec9c43bf0e97b3433c041615c9fdc7d5e9468a0f606321991c597af3be92025bd5042c08df vault.initd "