[BACK]Return to Makefile CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / security / vault

File: [cvs.NetBSD.org] / pkgsrc / security / vault / Makefile (download)

Revision 1.17, Wed Sep 6 11:44:07 2017 UTC (21 months, 1 week ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-
Changes since 1.16: +2 -2 lines

## 0.8.2 (September 5th, 2017)


- In prior versions of Vault, if authenticating via AWS IAM and
  requesting a periodic token, the period was not properly respected.
  This could lead to tokens expiring unexpectedly, or a token lifetime
  being longer than expected. Upon token renewal with Vault 0.8.2 the
  period will be properly enforced.


- `vault ssh` users should supply `-mode` and `-role` to reduce the
  number of API calls. A future version of Vault will mark these
  optional values are required. Failure to supply `-mode` or `-role`
  will result in a warning.
- Vault plugins will first briefly run a restricted version of the
  plugin to fetch metadata, and then lazy-load the plugin on first
  request to prevent crash/deadlock of Vault during the unseal process.
  Plugins will need to be built with the latest changes in order for them
  to run properly.


- Lazy Lease Loading: On startup, Vault will now load leases from
  storage in a lazy fashion (token checks and revocation/renewal
  requests still force an immediate load). For larger installations this
  can significantly reduce downtime when switching active nodes or
  bringing Vault up from cold start.
- SSH CA Login with `vault ssh`: `vault ssh` now supports the SSH CA
  backend for authenticating to machines. It also supports remote host
  key verification through the SSH CA backend, if enabled.
- Signing of Self-Issued Certs in PKI: The `pki` backend now supports
  signing self-issued CA certs. This is useful when switching root CAs.


- audit/file: Allow specifying `stdout` as the `file_path` to log to
  standard output
- auth/aws: Allow wildcards in `bound_iam_principal_id`
- auth/okta: Compare groups case-insensitively since Okta is only
- auth/okta: Standarize Okta configuration APIs across backends
- cli: Add subcommand autocompletion that can be enabled with `vault
- cli: Add ability to handle wrapped responses when using `vault auth`.
  What is output depends on the other given flags; see the help output
  for that command for more information.
- core: TLS cipher suites used for cluster behavior can now be set via
  `cluster_cipher_suites` in configuration
- core: The `plugin_name` can now either be specified directly as part
  of the parameter or within the `config` object when mounting a secret
  or auth backend via `sys/mounts/:path` or `sys/auth/:path` respectively
- core: It is now possible to update the `description` of a mount when
  mount-tuning, although this must be done through the HTTP layer
- secret/databases/mongo: If an EOF is encountered, attempt reconnecting
  and retrying the operation
- secret/pki: TTLs can now be specified as a string or an integer number
  of seconds
- secret/pki: Self-issued certs can now be signed via
- storage/gcp: Use application default credentials if they exist


- auth/aws: Properly use role-set period values for IAM-derived token
- auth/okta: Fix updating organization/ttl/max_ttl after initial setting
- core: Fix PROXY when underlying connection is TLS
- core: Policy-related commands would sometimes fail to act
- storage/consul: Fix parsing TLS configuration when using a bare IPv6
- plugins: Lazy-load plugins to prevent crash/deadlock during unseal
- plugins: Skip mounting plugin-based secret and credential mounts when
  setting up mounts if the plugin is no longer present in the catalog.

# $NetBSD: Makefile,v 1.17 2017/09/06 11:44:07 fhajny Exp $

DISTNAME=	vault-0.8.2
CATEGORIES=	security

MAINTAINER=	filip@joyent.com
HOMEPAGE=	https://www.vaultproject.io/
COMMENT=	Tool for managing secrets
LICENSE=	mpl-2.0


GO_SRCPATH=	github.com/hashicorp/vault

USE_TOOLS+=		bash gmake



	cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} go build -o bin/vault


.include "../../lang/go/go-package.mk"
.include "../../mk/bsd.pkg.mk"