[BACK]Return to Makefile CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / security / vault

File: [cvs.NetBSD.org] / pkgsrc / security / vault / Makefile (download)

Revision 1.18, Tue Sep 26 07:41:14 2017 UTC (2 years ago) by fhajny
Branch: MAIN
Changes since 1.17: +2 -2 lines

Update security/vault to 0.8.3.

CHANGES:

- Policy input/output standardization: For all built-in authentication
  backends, policies can now be specified as a comma-delimited string or an
  array if using JSON as API input; on read, policies will be returned as an
  array; and the `default` policy will not be forcefully added to policies
  saved in configurations. Please note that the `default` policy will continue
  to be added to generated tokens, however, rather than backends adding
  `default` to the given set of input policies (in some cases, and not in
  others), the stored set will reflect the user-specified set.
- `sign-self-issued` modifies Issuer in generated certificates: In 0.8.2 the
  endpoint would not modify the Issuer in the generated certificate, leaving
  the output self-issued. Although theoretically valid, in practice crypto
  stacks were unhappy validating paths containing such certs. As a result,
  `sign-self-issued` now encodes the signing CA's Subject DN into the Issuer
  DN of the generated certificate.
- `sys/raw` requires enabling: While the `sys/raw` endpoint can be extremely
  useful in break-glass or support scenarios, it is also extremely dangerous.
  As of now, a configuration file option `raw_storage_endpoint` must be set in
  order to enable this API endpoint. Once set, the available functionality has
  been enhanced slightly; it now supports listing and decrypting most of
  Vault's core data structures, except for the encryption keyring itself.
- `generic` is now `kv`: To better reflect its actual use, the `generic`
  backend is now `kv`. Using `generic` will still work for backwards
  compatibility.

FEATURES:

- GCE Support for GCP Auth: GCE instances can now authenticate to Vault
  using machine credentials.
- Support for Kubernetes Service Account Auth: Kubernetes Service Accounts
  can now authenticate to vault using JWT tokens.

IMPROVEMENTS:

- configuration: Provide a config option to store Vault server's process ID
  (PID) in a file
- mfa (Enterprise): Add the ability to use identity metadata in username
  format
- mfa/okta (Enterprise): Add support for configuring base_url for API calls
- secret/pki: `sign-intermediate` will now allow specifying a `ttl` value
  longer than the signing CA certificate's NotAfter value.
- sys/raw: Raw storage access is now disabled by default

BUG FIXES:

- auth/okta: Fix regression that removed the ability to set base_url
- core: Fix panic while loading leases at startup on ARM processors
- secret/pki: Fix `sign-self-issued` encoding the wrong subject public key

# $NetBSD: Makefile,v 1.18 2017/09/26 07:41:14 fhajny Exp $

DISTNAME=	vault-0.8.3
CATEGORIES=	security
MASTER_SITES=	${MASTER_SITE_GITHUB:=hashicorp/}

MAINTAINER=	filip@joyent.com
HOMEPAGE=	https://www.vaultproject.io/
COMMENT=	Tool for managing secrets
LICENSE=	mpl-2.0

GITHUB_TAG=	v${PKGVERSION_NOREV}

GO_DIST_BASE=	${DISTNAME}
GO_SRCPATH=	github.com/hashicorp/vault

USE_TOOLS+=		bash gmake

MAKE_ENV+=		GOPATH=${WRKDIR}:${PREFIX}/gopkg

INSTALLATION_DIRS+=	bin

do-build:
	cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} go build -o bin/vault

do-install:
	${INSTALL_PROGRAM} ${WRKSRC}/bin/vault ${DESTDIR}${PREFIX}/bin

.include "../../lang/go/go-package.mk"
.include "../../mk/bsd.pkg.mk"