[BACK]Return to Makefile CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / security / vault

File: [cvs.NetBSD.org] / pkgsrc / security / vault / Makefile (download)

Revision 1.33, Sun Oct 7 20:19:38 2018 UTC (8 months, 1 week ago) by fhajny
Branch: MAIN
Changes since 1.32: +2 -2 lines

## 0.11.2 (October 2nd, 2018)

CHANGES:

- `sys/seal-status` now includes an `initialized` boolean in the
  output. If Vault is not initialized, it will return a `200` with
  this value set `false` instead of a `400`.
- `passthrough_request_headers` will now deny certain headers from
  being provided to backends based on a global denylist.

FEATURES:

- AWS Secret Engine Root Credential Rotation: The credential used by
  the AWS secret engine can now be rotated, to ensure that only Vault
  knows the credentials it is using.
- Storage Backend Migrator: A new `operator migrate` command allows
  offline migration of data between two storage backends.
- AliCloud KMS Auto Unseal and Seal Wrap Support (Enterprise):
  AliCloud KMS can now be used a support seal for  Auto Unseal and
  Seal Wrapping.

BUG FIXES:

- auth/okta: Fix reading deprecated `token` parameter if a token was
  previously set in the configuration
- core: Re-add deprecated capabilities information for now
- core: Fix handling of cyclic token relationships
- storage/mysql: Fix locking on MariaDB
- replication: Fix DR API when using a token
- identity: Ensure old group alias is removed when a new one is
  written
- storage/alicloud: Don't call uname on package init
- secrets/jwt: Fix issue where request context would be canceled too
  early
- ui: fix need to have update for aws iam creds generation
- ui: fix calculation of token expiry

IMPROVEMENTS:

- auth/aws: The identity alias name can now configured to be either
  IAM unique ID of the IAM Principal, or ARN of the caller identity
- auth/cert: Add allowed_organizational_units support
- cli: Format TTLs for non-secret responses
- identity: Support operating on entities and groups by their names
- plugins: Add `env` parameter when registering plugins to the catalog
  to allow operators to include environment variables during plugin
  execution.
- secrets/aws: WAL Rollback improvements
- secrets/aws: Allow specifying STS role-default TTLs
- secrets/pki: Add configuration support for setting NotBefore
- core: Support for passing the Vault token via an Authorization
  Bearer header
- replication: Reindex process now runs in the background and does not
  block other vault operations
- storage/zookeeper: Enable TLS based communication with Zookeeper
- ui: you can now init a cluster with a seal config
- ui: added the option to force promote replication clusters
- replication: Allow promotion of a secondary when data is syncing
  with a "force" flag

# $NetBSD: Makefile,v 1.33 2018/10/07 20:19:38 fhajny Exp $

DISTNAME=	vault-0.11.2
CATEGORIES=	security
MASTER_SITES=	${MASTER_SITE_GITHUB:=hashicorp/}

MAINTAINER=	filip@joyent.com
HOMEPAGE=	https://www.vaultproject.io/
COMMENT=	Tool for managing secrets
LICENSE=	mpl-2.0

GITHUB_TAG=	v${PKGVERSION_NOREV}

GO_DIST_BASE=	${DISTNAME}
GO_SRCPATH=	github.com/hashicorp/vault

USE_TOOLS+=		bash gmake

INSTALLATION_DIRS+=	bin

# Clumsy workaround for https://github.com/golang/go/issues/22409
pre-build:
	${RM} -rf ${WRKSRC}/vault/external_tests

do-install:
	${INSTALL_PROGRAM} ${WRKDIR}/bin/vault ${DESTDIR}${PREFIX}/bin

do-test:
	cd ${WRKSRC} && ${SETENV} GOPATH=${WRKDIR}:${BUILDLINK_DIR}/gopkg ${GO} test -v ./vault

.include "../../lang/go/go-package.mk"
.include "../../mk/bsd.pkg.mk"