[-- Attachment #1: Type: text/plain, Size: 641 bytes --] There is a new pull request by Goorzhel against master on the void-packages repository https://github.com/Goorzhel/void-packages vault https://github.com/void-linux/void-packages/pull/28200 vault: chown config dir to service user Dunno why I missed this before, but: ``` $ sudo -u _vault vault server -config=/etc/vault Password: error loading configuration from /etc/vault: open /etc/vault: permission denied $ sudo chown _vault:_vault /etc/vault $ sudo -u _vault vault server -config=/etc/vault ==> Vault server configuration: <...> ``` A patch file from https://github.com/void-linux/void-packages/pull/28200.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-vault-28200.patch --] [-- Type: text/x-diff, Size: 845 bytes --] From ed9df2935744a5e7092e994615e790227579193d Mon Sep 17 00:00:00 2001 From: Antonio Gurgel <antonio@goorzhel.com> Date: Sun, 24 Jan 2021 13:33:58 -0800 Subject: [PATCH] vault: chown config dir to service user --- srcpkgs/vault/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/vault/template b/srcpkgs/vault/template index edfa5c95a91..c8105958a70 100644 --- a/srcpkgs/vault/template +++ b/srcpkgs/vault/template @@ -16,7 +16,7 @@ distfiles="https://github.com/hashicorp/${pkgname}/archive/v${version}.tar.gz" checksum=fb5d96e682a48bfd421b13cdfffd710da0238dbded1988aab822dd5aae75b4c4 system_accounts="_vault" make_dirs="/var/lib/vault 0700 _vault _vault - /etc/vault 0700 root root" + /etc/vault 0700 _vault _vault" case "$XBPS_TARGET_MACHINE" in arm*) go_ldflags="$go_ldflags -linkmode=external";;
[-- Attachment #1: Type: text/plain, Size: 156 bytes --] New comment by Goorzhel on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-766437563 Comment: @the-maldridge
[-- Attachment #1: Type: text/plain, Size: 166 bytes --] New comment by ericonr on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-766454917 Comment: You're missing a revbump.
[-- Attachment #1: Type: text/plain, Size: 646 bytes --] There is an updated pull request by Goorzhel against master on the void-packages repository https://github.com/Goorzhel/void-packages vault https://github.com/void-linux/void-packages/pull/28200 vault: chown config dir to service user Dunno why I missed this before, but: ``` $ sudo -u _vault vault server -config=/etc/vault Password: error loading configuration from /etc/vault: open /etc/vault: permission denied $ sudo chown _vault:_vault /etc/vault $ sudo -u _vault vault server -config=/etc/vault ==> Vault server configuration: <...> ``` A patch file from https://github.com/void-linux/void-packages/pull/28200.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-vault-28200.patch --] [-- Type: text/x-diff, Size: 1039 bytes --] From 6733a94a3205851fa1e9e526cd684d3d4a23072c Mon Sep 17 00:00:00 2001 From: Antonio Gurgel <antonio@goorzhel.com> Date: Sun, 24 Jan 2021 13:33:58 -0800 Subject: [PATCH] vault: chown config dir to service user --- srcpkgs/vault/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/vault/template b/srcpkgs/vault/template index edfa5c95a91..5fc1ce8abaf 100644 --- a/srcpkgs/vault/template +++ b/srcpkgs/vault/template @@ -1,7 +1,7 @@ # Template file for 'vault' pkgname=vault version=1.6.1 -revision=1 +revision=2 build_style=go go_import_path="github.com/hashicorp/${pkgname}" go_build_tags="release" @@ -16,7 +16,7 @@ distfiles="https://github.com/hashicorp/${pkgname}/archive/v${version}.tar.gz" checksum=fb5d96e682a48bfd421b13cdfffd710da0238dbded1988aab822dd5aae75b4c4 system_accounts="_vault" make_dirs="/var/lib/vault 0700 _vault _vault - /etc/vault 0700 root root" + /etc/vault 0700 _vault _vault" case "$XBPS_TARGET_MACHINE" in arm*) go_ldflags="$go_ldflags -linkmode=external";;
[-- Attachment #1: Type: text/plain, Size: 241 bytes --] New comment by the-maldridge on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-766460491 Comment: Hmm, I'm not 100% sure this doesn't break the vault CLI. Can you verify that that's the case?
[-- Attachment #1: Type: text/plain, Size: 1176 bytes --] New comment by Goorzhel on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-766511811 Comment: CLI seems to work okay: ``` $ ./xbps-src pkg vault && xi vault <...> vault-1.6.1_1: updating to 1.6.1_2 ... <...> $ sudo sv start vault ok: run: vault: (pid 19733) 1s $ vault --version Vault v1.6.1 (6d2db3f033e02e70202bef9ec896360062b88b03) (cgo) $ vault operator unseal <...> $ vault login Token (will be hidden): Success! You are now authenticated. The token information displayed below is already stored in the token helper. You do NOT need to run "vault login" again. Future Vault requests will automatically use this token. <...> $ vault secrets list | sed -E 's/_[a-z0-9]+/_<...>/' Path Type Accessor Description ---- ---- -------- ----------- cubbyhole/ cubbyhole cubbyhole_<...> per-token private secret storage identity/ identity identity_<...> identity store secret/ kv kv_<...> n/a sys/ system system_<...> system endpoints used for control, policy and debugging ```
[-- Attachment #1: Type: text/plain, Size: 168 bytes --] New comment by ericonr on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-768786879 Comment: @the-maldridge ok to merge?
[-- Attachment #1: Type: text/plain, Size: 172 bytes --] New comment by Goorzhel on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-781768107 Comment: @the-maldridge: okay to merge?
[-- Attachment #1: Type: text/plain, Size: 646 bytes --] There is an updated pull request by Goorzhel against master on the void-packages repository https://github.com/Goorzhel/void-packages vault https://github.com/void-linux/void-packages/pull/28200 vault: chown config dir to service user Dunno why I missed this before, but: ``` $ sudo -u _vault vault server -config=/etc/vault Password: error loading configuration from /etc/vault: open /etc/vault: permission denied $ sudo chown _vault:_vault /etc/vault $ sudo -u _vault vault server -config=/etc/vault ==> Vault server configuration: <...> ``` A patch file from https://github.com/void-linux/void-packages/pull/28200.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-vault-28200.patch --] [-- Type: text/x-diff, Size: 1041 bytes --] From 6733a94a3205851fa1e9e526cd684d3d4a23072c Mon Sep 17 00:00:00 2001 From: Antonio Gurgel <antonio@goorzhel.com> Date: Sun, 24 Jan 2021 13:33:58 -0800 Subject: [PATCH] vault: chown config dir to service user --- srcpkgs/vault/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/vault/template b/srcpkgs/vault/template index edfa5c95a91c..5fc1ce8abafc 100644 --- a/srcpkgs/vault/template +++ b/srcpkgs/vault/template @@ -1,7 +1,7 @@ # Template file for 'vault' pkgname=vault version=1.6.1 -revision=1 +revision=2 build_style=go go_import_path="github.com/hashicorp/${pkgname}" go_build_tags="release" @@ -16,7 +16,7 @@ distfiles="https://github.com/hashicorp/${pkgname}/archive/v${version}.tar.gz" checksum=fb5d96e682a48bfd421b13cdfffd710da0238dbded1988aab822dd5aae75b4c4 system_accounts="_vault" make_dirs="/var/lib/vault 0700 _vault _vault - /etc/vault 0700 root root" + /etc/vault 0700 _vault _vault" case "$XBPS_TARGET_MACHINE" in arm*) go_ldflags="$go_ldflags -linkmode=external";;
[-- Attachment #1: Type: text/plain, Size: 434 bytes --] New comment by Goorzhel on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-899623945 Comment: > This branch cannot be rebased due to conflicts Hmm, I did [resolve said conflicts](https://github.com/void-linux/void-packages/pull/28200/commits/eac0d4fc653ec9c93fbaeb3a1deb16c1ac0f7030) through GitHub's UI, but there could be something else I'm missing. I'll just rebase my own branch.
[-- Attachment #1: Type: text/plain, Size: 646 bytes --] There is an updated pull request by Goorzhel against master on the void-packages repository https://github.com/Goorzhel/void-packages vault https://github.com/void-linux/void-packages/pull/28200 vault: chown config dir to service user Dunno why I missed this before, but: ``` $ sudo -u _vault vault server -config=/etc/vault Password: error loading configuration from /etc/vault: open /etc/vault: permission denied $ sudo chown _vault:_vault /etc/vault $ sudo -u _vault vault server -config=/etc/vault ==> Vault server configuration: <...> ``` A patch file from https://github.com/void-linux/void-packages/pull/28200.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-vault-28200.patch --] [-- Type: text/x-diff, Size: 1031 bytes --] From e9ccf90a354a2c275fd6d506a41af3a77cbf800a Mon Sep 17 00:00:00 2001 From: Antonio Gurgel <antonio@goorzhel.com> Date: Mon, 16 Aug 2021 09:01:42 -0700 Subject: [PATCH] vault: chown config dir to service user --- srcpkgs/vault/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/vault/template b/srcpkgs/vault/template index a0d4649a461f..5e7625c3e4d3 100644 --- a/srcpkgs/vault/template +++ b/srcpkgs/vault/template @@ -1,7 +1,7 @@ # Template file for 'vault' pkgname=vault version=1.8.1 -revision=1 +revision=2 build_style=go go_import_path="github.com/hashicorp/vault" go_build_tags="release" @@ -16,7 +16,7 @@ distfiles="https://github.com/hashicorp/vault/archive/v${version}.tar.gz" checksum=dbf389458fddeb5f8c567d00b6d17ce054f5b7667c226dbb598aa2c0f9048004 system_accounts="_vault" make_dirs="/var/lib/vault 0700 _vault _vault - /etc/vault 0700 root root" + /etc/vault 0700 _vault _vault" case "$XBPS_TARGET_MACHINE" in arm*) go_ldflags="$go_ldflags -linkmode=external";;
[-- Attachment #1: Type: text/plain, Size: 646 bytes --] There is an updated pull request by Goorzhel against master on the void-packages repository https://github.com/Goorzhel/void-packages vault https://github.com/void-linux/void-packages/pull/28200 vault: chown config dir to service user Dunno why I missed this before, but: ``` $ sudo -u _vault vault server -config=/etc/vault Password: error loading configuration from /etc/vault: open /etc/vault: permission denied $ sudo chown _vault:_vault /etc/vault $ sudo -u _vault vault server -config=/etc/vault ==> Vault server configuration: <...> ``` A patch file from https://github.com/void-linux/void-packages/pull/28200.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-vault-28200.patch --] [-- Type: text/x-diff, Size: 1031 bytes --] From 43ae60889ba57710a2ca0502018ad67e4509f433 Mon Sep 17 00:00:00 2001 From: Antonio Gurgel <antonio@goorzhel.com> Date: Mon, 16 Aug 2021 09:01:42 -0700 Subject: [PATCH] vault: chown config dir to service user --- srcpkgs/vault/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/vault/template b/srcpkgs/vault/template index 9d946c7c396e..ac7a2dcc891a 100644 --- a/srcpkgs/vault/template +++ b/srcpkgs/vault/template @@ -1,7 +1,7 @@ # Template file for 'vault' pkgname=vault version=1.8.2 -revision=1 +revision=2 build_style=go go_import_path="github.com/hashicorp/vault" go_build_tags="release" @@ -17,7 +17,7 @@ distfiles="https://github.com/hashicorp/vault/archive/v${version}.tar.gz" checksum=ead7e85a64d31a8e69ca9932f1c53cdc46ed813d9532a8a7a7f0d187ea4f01f3 system_accounts="_vault" make_dirs="/var/lib/vault 0700 _vault _vault - /etc/vault 0700 root root" + /etc/vault 0700 _vault _vault" case "$XBPS_TARGET_MACHINE" in arm*) go_ldflags="$go_ldflags -linkmode=external";;
[-- Attachment #1: Type: text/plain, Size: 228 bytes --] New comment by Goorzhel on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-941944913 Comment: @the-maldridge: okay to merge? I re-ran the previous steps on `1.8.2_2` without error.
[-- Attachment #1: Type: text/plain, Size: 255 bytes --] New comment by Goorzhel on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-941944913 Comment: @the-maldridge: okay to merge? I re-ran [the previous steps](#issuecomment-766511811) on `1.8.2_2` without error.
[-- Attachment #1: Type: text/plain, Size: 646 bytes --] There is an updated pull request by Goorzhel against master on the void-packages repository https://github.com/Goorzhel/void-packages vault https://github.com/void-linux/void-packages/pull/28200 vault: chown config dir to service user Dunno why I missed this before, but: ``` $ sudo -u _vault vault server -config=/etc/vault Password: error loading configuration from /etc/vault: open /etc/vault: permission denied $ sudo chown _vault:_vault /etc/vault $ sudo -u _vault vault server -config=/etc/vault ==> Vault server configuration: <...> ``` A patch file from https://github.com/void-linux/void-packages/pull/28200.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-vault-28200.patch --] [-- Type: text/x-diff, Size: 1031 bytes --] From 43ae60889ba57710a2ca0502018ad67e4509f433 Mon Sep 17 00:00:00 2001 From: Antonio Gurgel <antonio@goorzhel.com> Date: Mon, 16 Aug 2021 09:01:42 -0700 Subject: [PATCH] vault: chown config dir to service user --- srcpkgs/vault/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/vault/template b/srcpkgs/vault/template index 9d946c7c396e..ac7a2dcc891a 100644 --- a/srcpkgs/vault/template +++ b/srcpkgs/vault/template @@ -1,7 +1,7 @@ # Template file for 'vault' pkgname=vault version=1.8.2 -revision=1 +revision=2 build_style=go go_import_path="github.com/hashicorp/vault" go_build_tags="release" @@ -17,7 +17,7 @@ distfiles="https://github.com/hashicorp/vault/archive/v${version}.tar.gz" checksum=ead7e85a64d31a8e69ca9932f1c53cdc46ed813d9532a8a7a7f0d187ea4f01f3 system_accounts="_vault" make_dirs="/var/lib/vault 0700 _vault _vault - /etc/vault 0700 root root" + /etc/vault 0700 _vault _vault" case "$XBPS_TARGET_MACHINE" in arm*) go_ldflags="$go_ldflags -linkmode=external";;
[-- Attachment #1: Type: text/plain, Size: 646 bytes --] There is an updated pull request by Goorzhel against master on the void-packages repository https://github.com/Goorzhel/void-packages vault https://github.com/void-linux/void-packages/pull/28200 vault: chown config dir to service user Dunno why I missed this before, but: ``` $ sudo -u _vault vault server -config=/etc/vault Password: error loading configuration from /etc/vault: open /etc/vault: permission denied $ sudo chown _vault:_vault /etc/vault $ sudo -u _vault vault server -config=/etc/vault ==> Vault server configuration: <...> ``` A patch file from https://github.com/void-linux/void-packages/pull/28200.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-vault-28200.patch --] [-- Type: text/x-diff, Size: 1031 bytes --] From 43ae60889ba57710a2ca0502018ad67e4509f433 Mon Sep 17 00:00:00 2001 From: Antonio Gurgel <antonio@goorzhel.com> Date: Mon, 16 Aug 2021 09:01:42 -0700 Subject: [PATCH] vault: chown config dir to service user --- srcpkgs/vault/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/vault/template b/srcpkgs/vault/template index 9d946c7c396e..ac7a2dcc891a 100644 --- a/srcpkgs/vault/template +++ b/srcpkgs/vault/template @@ -1,7 +1,7 @@ # Template file for 'vault' pkgname=vault version=1.8.2 -revision=1 +revision=2 build_style=go go_import_path="github.com/hashicorp/vault" go_build_tags="release" @@ -17,7 +17,7 @@ distfiles="https://github.com/hashicorp/vault/archive/v${version}.tar.gz" checksum=ead7e85a64d31a8e69ca9932f1c53cdc46ed813d9532a8a7a7f0d187ea4f01f3 system_accounts="_vault" make_dirs="/var/lib/vault 0700 _vault _vault - /etc/vault 0700 root root" + /etc/vault 0700 _vault _vault" case "$XBPS_TARGET_MACHINE" in arm*) go_ldflags="$go_ldflags -linkmode=external";;
[-- Attachment #1: Type: text/plain, Size: 646 bytes --] There is an updated pull request by Goorzhel against master on the void-packages repository https://github.com/Goorzhel/void-packages vault https://github.com/void-linux/void-packages/pull/28200 vault: chown config dir to service user Dunno why I missed this before, but: ``` $ sudo -u _vault vault server -config=/etc/vault Password: error loading configuration from /etc/vault: open /etc/vault: permission denied $ sudo chown _vault:_vault /etc/vault $ sudo -u _vault vault server -config=/etc/vault ==> Vault server configuration: <...> ``` A patch file from https://github.com/void-linux/void-packages/pull/28200.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-vault-28200.patch --] [-- Type: text/x-diff, Size: 1031 bytes --] From 43ae60889ba57710a2ca0502018ad67e4509f433 Mon Sep 17 00:00:00 2001 From: Antonio Gurgel <antonio@goorzhel.com> Date: Mon, 16 Aug 2021 09:01:42 -0700 Subject: [PATCH] vault: chown config dir to service user --- srcpkgs/vault/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/vault/template b/srcpkgs/vault/template index 9d946c7c396e..ac7a2dcc891a 100644 --- a/srcpkgs/vault/template +++ b/srcpkgs/vault/template @@ -1,7 +1,7 @@ # Template file for 'vault' pkgname=vault version=1.8.2 -revision=1 +revision=2 build_style=go go_import_path="github.com/hashicorp/vault" go_build_tags="release" @@ -17,7 +17,7 @@ distfiles="https://github.com/hashicorp/vault/archive/v${version}.tar.gz" checksum=ead7e85a64d31a8e69ca9932f1c53cdc46ed813d9532a8a7a7f0d187ea4f01f3 system_accounts="_vault" make_dirs="/var/lib/vault 0700 _vault _vault - /etc/vault 0700 root root" + /etc/vault 0700 _vault _vault" case "$XBPS_TARGET_MACHINE" in arm*) go_ldflags="$go_ldflags -linkmode=external";;
[-- Attachment #1: Type: text/plain, Size: 646 bytes --] There is an updated pull request by Goorzhel against master on the void-packages repository https://github.com/Goorzhel/void-packages vault https://github.com/void-linux/void-packages/pull/28200 vault: chown config dir to service user Dunno why I missed this before, but: ``` $ sudo -u _vault vault server -config=/etc/vault Password: error loading configuration from /etc/vault: open /etc/vault: permission denied $ sudo chown _vault:_vault /etc/vault $ sudo -u _vault vault server -config=/etc/vault ==> Vault server configuration: <...> ``` A patch file from https://github.com/void-linux/void-packages/pull/28200.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-vault-28200.patch --] [-- Type: text/x-diff, Size: 842 bytes --] From 87a67b4a0a1063c1b984a78f4903bd89811d1471 Mon Sep 17 00:00:00 2001 From: Antonio Gurgel <antonio@goorzhel.com> Date: Mon, 16 Aug 2021 09:01:42 -0700 Subject: [PATCH] vault: chown config dir to service user --- srcpkgs/vault/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/vault/template b/srcpkgs/vault/template index 4796d0d95c01..b55e07b004cb 100644 --- a/srcpkgs/vault/template +++ b/srcpkgs/vault/template @@ -17,7 +17,7 @@ distfiles="https://github.com/hashicorp/vault/archive/v${version}.tar.gz" checksum=ff7fd9a1b33d19e3cb4743acd0139004e360bbffc04fa8e9598129530fc7118f system_accounts="_vault" make_dirs="/var/lib/vault 0700 _vault _vault - /etc/vault 0700 root root" + /etc/vault 0700 _vault _vault" case "$XBPS_TARGET_MACHINE" in arm*) go_ldflags="$go_ldflags -linkmode=external";;
[-- Attachment #1: Type: text/plain, Size: 181 bytes --] New comment by Duncaen on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-972863534 Comment: Does it actually need write permissions?
[-- Attachment #1: Type: text/plain, Size: 716 bytes --] New comment by Goorzhel on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-973655007 Comment: ``` $ sudo strace -u _vault -fo /tmp/uhhh vault server -config=/etc/vault &>/dev/null & [1] 17454 $ grep etc.vault /tmp/uhhh 17458 execve("/usr/bin/vault", ["vault", "server", "-config=/etc/vault"], 0x7ffe62e284c0 /* 14 vars */) = 0 17471 newfstatat(AT_FDCWD, "/etc/vault", <unfinished ...> 17471 openat(AT_FDCWD, "/etc/vault", O_RDONLY|O_CLOEXEC) = 8 17471 newfstatat(AT_FDCWD, "/etc/vault/config.hcl", {st_mode=S_IFREG|0644, st_size=194, ...}, AT_SYMLINK_NOFOLLOW) = 0 17471 openat(AT_FDCWD, "/etc/vault/config.hcl", O_RDONLY|O_CLOEXEC) = 9 ``` Hmmm. Might not.
[-- Attachment #1: Type: text/plain, Size: 191 bytes --] New comment by the-maldridge on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-973678189 Comment: No, vault only needs to read this directory.
[-- Attachment #1: Type: text/plain, Size: 646 bytes --] There is an updated pull request by Goorzhel against master on the void-packages repository https://github.com/Goorzhel/void-packages vault https://github.com/void-linux/void-packages/pull/28200 vault: chown config dir to service user Dunno why I missed this before, but: ``` $ sudo -u _vault vault server -config=/etc/vault Password: error loading configuration from /etc/vault: open /etc/vault: permission denied $ sudo chown _vault:_vault /etc/vault $ sudo -u _vault vault server -config=/etc/vault ==> Vault server configuration: <...> ``` A patch file from https://github.com/void-linux/void-packages/pull/28200.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-vault-28200.patch --] [-- Type: text/x-diff, Size: 842 bytes --] From 0df1243bc7fcdb733142ca45d2bdea4c73d80032 Mon Sep 17 00:00:00 2001 From: Antonio Gurgel <antonio@goorzhel.com> Date: Mon, 16 Aug 2021 09:01:42 -0700 Subject: [PATCH] vault: chown config dir to service user --- srcpkgs/vault/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/vault/template b/srcpkgs/vault/template index 4796d0d95c01..fa874399190a 100644 --- a/srcpkgs/vault/template +++ b/srcpkgs/vault/template @@ -17,7 +17,7 @@ distfiles="https://github.com/hashicorp/vault/archive/v${version}.tar.gz" checksum=ff7fd9a1b33d19e3cb4743acd0139004e360bbffc04fa8e9598129530fc7118f system_accounts="_vault" make_dirs="/var/lib/vault 0700 _vault _vault - /etc/vault 0700 root root" + /etc/vault 0500 _vault _vault" case "$XBPS_TARGET_MACHINE" in arm*) go_ldflags="$go_ldflags -linkmode=external";;
[-- Attachment #1: Type: text/plain, Size: 276 bytes --] New comment by Duncaen on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-973980715 Comment: I think I would go with 750 and make the owner root and the group _vault if those files are supposed to be only read by the vault user.
[-- Attachment #1: Type: text/plain, Size: 646 bytes --] There is an updated pull request by Goorzhel against master on the void-packages repository https://github.com/Goorzhel/void-packages vault https://github.com/void-linux/void-packages/pull/28200 vault: chown config dir to service user Dunno why I missed this before, but: ``` $ sudo -u _vault vault server -config=/etc/vault Password: error loading configuration from /etc/vault: open /etc/vault: permission denied $ sudo chown _vault:_vault /etc/vault $ sudo -u _vault vault server -config=/etc/vault ==> Vault server configuration: <...> ``` A patch file from https://github.com/void-linux/void-packages/pull/28200.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-vault-28200.patch --] [-- Type: text/x-diff, Size: 840 bytes --] From 9ee3faf6d2e1baad774511b686236e455772b526 Mon Sep 17 00:00:00 2001 From: Antonio Gurgel <antonio@goorzhel.com> Date: Fri, 19 Nov 2021 10:05:18 -0800 Subject: [PATCH] vault: chown config dir to service user --- srcpkgs/vault/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/vault/template b/srcpkgs/vault/template index 4796d0d95c01..987891acd7b3 100644 --- a/srcpkgs/vault/template +++ b/srcpkgs/vault/template @@ -17,7 +17,7 @@ distfiles="https://github.com/hashicorp/vault/archive/v${version}.tar.gz" checksum=ff7fd9a1b33d19e3cb4743acd0139004e360bbffc04fa8e9598129530fc7118f system_accounts="_vault" make_dirs="/var/lib/vault 0700 _vault _vault - /etc/vault 0700 root root" + /etc/vault 0750 root _vault" case "$XBPS_TARGET_MACHINE" in arm*) go_ldflags="$go_ldflags -linkmode=external";;
[-- Attachment #1: Type: text/plain, Size: 153 bytes --] New comment by ericonr on void-packages repository https://github.com/void-linux/void-packages/pull/28200#issuecomment-974878370 Comment: ok to merge?
[-- Attachment #1: Type: text/plain, Size: 490 bytes --] There's a merged pull request on the void-packages repository vault: chown config dir to service user https://github.com/void-linux/void-packages/pull/28200 Description: Dunno why I missed this before, but: ``` $ sudo -u _vault vault server -config=/etc/vault Password: error loading configuration from /etc/vault: open /etc/vault: permission denied $ sudo chown _vault:_vault /etc/vault $ sudo -u _vault vault server -config=/etc/vault ==> Vault server configuration: <...> ```