[BACK]Return to Makefile CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / security / vault

File: [cvs.NetBSD.org] / pkgsrc / security / vault / Makefile (download)

Revision 1.15, Thu Aug 17 07:58:53 2017 UTC (22 months, 1 week ago) by fhajny
Branch: MAIN
Changes since 1.14: +2 -2 lines

Update security/vault to 0.8.1.

DEPRECATIONS/CHANGES:

- PKI Root Generation: Calling `pki/root/generate` when a CA cert/key already
  exists will now return a `204` instead of overwriting an existing root. If
  you want to recreate the root, first run a delete operation on `pki/root`
  (requires `sudo` capability), then generate it again.

FEATURES:

- Oracle Secret Backend: There is now an external plugin to support leased
  credentials for Oracle databases (distributed separately).
- GCP IAM Auth Backend: There is now an authentication backend that allows
  using GCP IAM credentials to retrieve Vault tokens. This is available as
  both a plugin and built-in to Vault.
- PingID Push Support for Path-Baased MFA (Enterprise): PingID Push can
  now be used for MFA with the new path-based MFA introduced in Vault
  Enterprise 0.8.
- Permitted DNS Domains Support in PKI: The `pki` backend now supports
  specifying permitted DNS domains for CA certificates, allowing you to
  narrowly scope the set of domains for which a CA can issue or sign child
  certificates.
- Plugin Backend Reload Endpoint: Plugin backends can now be triggered to
  reload using the `sys/plugins/reload/backend` endpoint and providing either
  the plugin name or the mounts to reload.
- Self-Reloading Plugins: The plugin system will now attempt to reload a
  crashed or stopped plugin, once per request.

IMPROVEMENTS:

- auth/approle: Allow array input for policies in addition to comma-delimited
  strings
- auth/aws: Allow using root credentials for IAM authentication
- plugins: Send logs through Vault's logger rather than stdout
- secret/pki: Add `pki/root` delete operation
- secret/pki: Don't overwrite an existing root cert/key when calling generate

BUG FIXES:

- aws: Don't prefer a nil HTTP client over an existing one
- core: If there is an error when checking for create/update existence, return
  500 instead of 400
- secret/database: Avoid creating usernames that are too long for legacy MySQL

# $NetBSD: Makefile,v 1.15 2017/08/17 07:58:53 fhajny Exp $

DISTNAME=	vault-0.8.1
CATEGORIES=	security
MASTER_SITES=	${MASTER_SITE_GITHUB:=hashicorp/}

MAINTAINER=	filip@joyent.com
HOMEPAGE=	http://www.vaultproject.io/
COMMENT=	Tool for managing secrets
LICENSE=	mpl-2.0

GITHUB_TAG=	v${PKGVERSION_NOREV}

GO_DIST_BASE=	${DISTNAME}
GO_SRCPATH=	github.com/hashicorp/vault

USE_TOOLS+=		bash gmake

MAKE_ENV+=		GOPATH=${WRKDIR}:${PREFIX}/gopkg

INSTALLATION_DIRS+=	bin

do-build:
	cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} go build -o bin/vault

do-install:
	${INSTALL_PROGRAM} ${WRKSRC}/bin/vault ${DESTDIR}${PREFIX}/bin

.include "../../lang/go/go-package.mk"
.include "../../mk/bsd.pkg.mk"