[BACK]Return to Makefile CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / security / vault

File: [cvs.NetBSD.org] / pkgsrc / security / vault / Makefile (download)

Revision 1.10, Mon Mar 20 15:15:28 2017 UTC (2 years, 3 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1
Changes since 1.9: +2 -2 lines

Update security/vault to 0.7.0.

SECURITY:

* Common name not being validated when `exclude_cn_from_sans` option used in
  `pki` backend

DEPRECATIONS/CHANGES:

* List Operations Always Use Trailing Slash
* PKI Defaults to Unleased Certificates

FEATURES:

* Replication (Enterprise)
* Response Wrapping & Replication in the Vault Enterprise UI
* Expanded Access Control Policies
* SSH Backend As Certificate Authority

IMPROVEMENTS:

* api/request: Passing username and password information in API request
* audit: Logging the token's use count with authentication response and
  logging the remaining uses of the client token with request
* auth/approle: Support for restricting the number of uses on the tokens
  issued
* auth/aws-ec2: AWS EC2 auth backend now supports constraints for VPC ID,
  Subnet ID and Region
* auth/ldap: Use the value of the `LOGNAME` or `USER` env vars for the
  username if not explicitly set on the command line when authenticating
* audit: Support adding a configurable prefix (such as `@cee`) before each
  line
* core: Canonicalize list operations to use a trailing slash
* core: Add option to disable caching on a per-mount level
* core: Add ability to require valid client certs in listener config
* physical/dynamodb: Implement a session timeout to avoid having to use
  recovery mode in the case of an unclean shutdown, which makes HA much safer
* secret/pki: O (Organization) values can now be set to role-defined values
  for issued/signed certificates
* secret/pki: Certificates issued/signed from PKI backend do not generate
  leases by default
* secret/pki: When using DER format, still return the private key type
* secret/pki: Add an intermediate to the CA chain even if it lacks an
  authority key ID
* secret/pki: Add role option to use CSR SANs
* secret/ssh: SSH backend as CA to sign user and host certificates
* secret/ssh: Support reading of SSH CA public key from `config/ca` endpoint
  and also return it when CA key pair is generated

BUG FIXES:

* audit: When auditing headers use case-insensitive comparisons
* auth/aws-ec2: Return role period in seconds and not nanoseconds
* auth/okta: Fix panic if user had no local groups and/or policies set
* command/server: Fix parsing of redirect address when port is not mentioned
* physical/postgresql: Fix listing returning incorrect results if there were
  multiple levels of children

Full changelog:

  https://github.com/hashicorp/vault/blob/v0.7.0/CHANGELOG.md

# $NetBSD: Makefile,v 1.10 2017/03/20 15:15:28 fhajny Exp $

DISTNAME=	vault-0.7.0
CATEGORIES=	security
MASTER_SITES=	${MASTER_SITE_GITHUB:=hashicorp/}

MAINTAINER=	filip@joyent.com
HOMEPAGE=	http://www.vaultproject.io/
COMMENT=	Tool for managing secrets
LICENSE=	mpl-2.0

GITHUB_TAG=	v${PKGVERSION_NOREV}

WRKSRC=		${WRKDIR}/src/github.com/hashicorp/vault

.include "../../lang/go/version.mk"

BUILD_DEPENDS+=		go-${GO_VERSION}*:../../lang/go

USE_TOOLS+=		bash gmake

MAKE_ENV+=		GOPATH=${WRKDIR}:${PREFIX}/gopkg

INSTALLATION_DIRS+=	bin

post-extract:
	${MKDIR} ${WRKSRC}
	${MV} ${WRKDIR}/${DISTNAME}/* ${WRKSRC}

do-build:
	cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} go build -o bin/vault

do-install:
	${INSTALL_PROGRAM} ${WRKSRC}/bin/vault ${DESTDIR}${PREFIX}/bin

.include "../../mk/bsd.pkg.mk"