[BACK]Return to Makefile CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / security / vault

File: [cvs.NetBSD.org] / pkgsrc / security / vault / Makefile (download)

Revision 1.17, Wed Sep 6 11:44:07 2017 UTC (21 months, 1 week ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-
Changes since 1.16: +2 -2 lines

## 0.8.2 (September 5th, 2017)

SECURITY:

- In prior versions of Vault, if authenticating via AWS IAM and
  requesting a periodic token, the period was not properly respected.
  This could lead to tokens expiring unexpectedly, or a token lifetime
  being longer than expected. Upon token renewal with Vault 0.8.2 the
  period will be properly enforced.

DEPRECATIONS/CHANGES:

- `vault ssh` users should supply `-mode` and `-role` to reduce the
  number of API calls. A future version of Vault will mark these
  optional values are required. Failure to supply `-mode` or `-role`
  will result in a warning.
- Vault plugins will first briefly run a restricted version of the
  plugin to fetch metadata, and then lazy-load the plugin on first
  request to prevent crash/deadlock of Vault during the unseal process.
  Plugins will need to be built with the latest changes in order for them
  to run properly.

FEATURES:

- Lazy Lease Loading: On startup, Vault will now load leases from
  storage in a lazy fashion (token checks and revocation/renewal
  requests still force an immediate load). For larger installations this
  can significantly reduce downtime when switching active nodes or
  bringing Vault up from cold start.
- SSH CA Login with `vault ssh`: `vault ssh` now supports the SSH CA
  backend for authenticating to machines. It also supports remote host
  key verification through the SSH CA backend, if enabled.
- Signing of Self-Issued Certs in PKI: The `pki` backend now supports
  signing self-issued CA certs. This is useful when switching root CAs.

IMPROVEMENTS:

- audit/file: Allow specifying `stdout` as the `file_path` to log to
  standard output
- auth/aws: Allow wildcards in `bound_iam_principal_id`
- auth/okta: Compare groups case-insensitively since Okta is only
  case-preserving
- auth/okta: Standarize Okta configuration APIs across backends
- cli: Add subcommand autocompletion that can be enabled with `vault
  -autocomplete-install`
- cli: Add ability to handle wrapped responses when using `vault auth`.
  What is output depends on the other given flags; see the help output
  for that command for more information.
- core: TLS cipher suites used for cluster behavior can now be set via
  `cluster_cipher_suites` in configuration
- core: The `plugin_name` can now either be specified directly as part
  of the parameter or within the `config` object when mounting a secret
  or auth backend via `sys/mounts/:path` or `sys/auth/:path` respectively
- core: It is now possible to update the `description` of a mount when
  mount-tuning, although this must be done through the HTTP layer
- secret/databases/mongo: If an EOF is encountered, attempt reconnecting
  and retrying the operation
- secret/pki: TTLs can now be specified as a string or an integer number
  of seconds
- secret/pki: Self-issued certs can now be signed via
  `pki/root/sign-self-issued`
- storage/gcp: Use application default credentials if they exist

BUG FIXES:

- auth/aws: Properly use role-set period values for IAM-derived token
  renewals
- auth/okta: Fix updating organization/ttl/max_ttl after initial setting
- core: Fix PROXY when underlying connection is TLS
- core: Policy-related commands would sometimes fail to act
  case-insensitively
- storage/consul: Fix parsing TLS configuration when using a bare IPv6
  address
- plugins: Lazy-load plugins to prevent crash/deadlock during unseal
  process.
- plugins: Skip mounting plugin-based secret and credential mounts when
  setting up mounts if the plugin is no longer present in the catalog.

# $NetBSD: Makefile,v 1.17 2017/09/06 11:44:07 fhajny Exp $

DISTNAME=	vault-0.8.2
CATEGORIES=	security
MASTER_SITES=	${MASTER_SITE_GITHUB:=hashicorp/}

MAINTAINER=	filip@joyent.com
HOMEPAGE=	https://www.vaultproject.io/
COMMENT=	Tool for managing secrets
LICENSE=	mpl-2.0

GITHUB_TAG=	v${PKGVERSION_NOREV}

GO_DIST_BASE=	${DISTNAME}
GO_SRCPATH=	github.com/hashicorp/vault

USE_TOOLS+=		bash gmake

MAKE_ENV+=		GOPATH=${WRKDIR}:${PREFIX}/gopkg

INSTALLATION_DIRS+=	bin

do-build:
	cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} go build -o bin/vault

do-install:
	${INSTALL_PROGRAM} ${WRKSRC}/bin/vault ${DESTDIR}${PREFIX}/bin

.include "../../lang/go/go-package.mk"
.include "../../mk/bsd.pkg.mk"