File vault.spec of Package vault
%define realname vault
%define srcext tar.bz2
%if 0%{?suse_version} >= 1230 || 0%{?rhel} >= 7
%bcond_without systemd
%else
%bcond_with systemd
%endif
%define vaultconfdir %{_sysconfdir}/%{name}
%define vaultplugindir %{_libexecdir}/%{name}
%define vaultdatadir %{_localstatedir}/lib/%{name}
%define numcpus %(/usr/bin/getconf _NPROCESSORS_ONLN)
# Common info
Name: %{realname}
Version: 0
Release: wiz%{?extraver:0.}1%{?dist}
License: MPL-2.0
Group: Productivity/Security
URL: https://www.vaultproject.io/
Summary: A tool for secrets management, encryption as a service, and access management
# Build-time parameters
BuildRequires: go >= 1.13.7
BuildRequires: nodejs(engine) npm
BuildRoot: %{_tmppath}/%{name}-root
Source0: %{realname}-%{version}.%{srcext}
Source1: go-bindata-latest.%{srcext}
Source2: go-bindata-assetfs-latest.%{srcext}
Source11: static-assets.tar.bz2
Source99: vault.service
# To prepare static assets you need to have installed: nodejs, npm, yarn
# Then you can use make command to prepare assets:
#
# npm --no-save install yarn
# mv node_modules .yarn_exec
# YARN_CACHE_FOLDER=`pwd -P`/.yarn_cache YARN_REGISTRY=https://registry.yarnpkg.com PATH=`pwd -P`/.yarn_exec/.bin:$PATH make ember-dist
#
# Then you can archive folder `pkg` as static-assets.tar.bz2:
#
# tar -jcvf ../static-assets.tar.bz2 pkg && rm -rf .yarn_cache .yarn_exec node_modules pkg
#
%description
Vault is a tool for securely accessing secrets. A secret is anything that you
want to tightly control access to, such as API keys, passwords, certificates,
and more. Vault provides a unified interface to any secret, while providing
tight access control and recording a detailed audit log.
%package cassandra
Group: Productivity/Security
Summary: Cassandra database driver for HashiCorp Vault
Requires: vault = %{version}-%{release}
%description cassandra
Database driver for HashiCorp Vault to store data in Cassandra
%package hana
Group: Productivity/Security
Summary: Hana database driver for HashiCorp Vault
Requires: vault = %{version}-%{release}
%description hana
Database driver for HashiCorp Vault to store data in Hana
%package influxdb
Group: Productivity/Security
Summary: InfluxDB database driver for HashiCorp Vault
Requires: vault = %{version}-%{release}
%description influxdb
Database driver for HashiCorp Vault to store data in InfluxDB
%package mongodb
Group: Productivity/Security
Summary: MongoDB database driver for HashiCorp Vault
Requires: vault = %{version}-%{release}
%description mongodb
Database driver for HashiCorp Vault to store data in MongoDB
%package mssql
Group: Productivity/Security
Summary: MS SQL database driver for HashiCorp Vault
Requires: vault = %{version}-%{release}
%description mssql
Database driver for HashiCorp Vault to store data in MS SQL
%package mysql
Group: Productivity/Security
Summary: MySQL database driver for HashiCorp Vault
Requires: vault = %{version}-%{release}
%description mysql
Database driver for HashiCorp Vault to store data in MySQL
%package postgresql
Group: Productivity/Security
Summary: PostgreSQL database driver for HashiCorp Vault
Requires: vault = %{version}-%{release}
%description postgresql
Database driver for HashiCorp Vault to store data in PostgreSQL
%package redshift
Group: Productivity/Security
Summary: Amazon Redshift driver for HashiCorp Vault
Requires: vault = %{version}-%{release}
%description redshift
Storage driver for HashiCorp Vault to store data in Amazon Redshift.
# Preparation step (unpackung and patching if necessary)
%prep
%setup -q -n %{realname}-%{version}%{?extraver} -a1 -a2 -a11
# Build step (compile/build binaries, documentation, etc)
%build
export GOCACHE=$(pwd -P)/.gocache
export GOTRACEBACK=crash
export GOFLAGS='-v -mod=vendor -buildmode=pie -tags=ui -gcflags=all=-c=%{numcpus} -gcflags=all=-complete -gcflags=all=-dwarf=false -ldflags=all=-w'
export CGO_ENABLED=0
# Build static assets
go build -o bin/go-bindata ./go-bindata-latest/go-bindata
go build -o bin/go-bindata-assetfs ./go-bindata-assetfs-latest/go-bindata-assetfs
go build -o bin/goimports golang.org/x/tools/cmd/goimports
PATH=$(pwd -P)/bin:$PATH %{__make} static-assets
# Build vault
go build -o bin/vault
# Build database plugins
go build -o bin/cassandra-database-plugin ./plugins/database/cassandra/cassandra-database-plugin
go build -o bin/hana-database-plugin ./plugins/database/hana/hana-database-plugin
go build -o bin/influxdb-database-plugin ./plugins/database/influxdb/influxdb-database-plugin
go build -o bin/mongodb-database-plugin ./plugins/database/mongodb/mongodb-database-plugin
go build -o bin/mssql-database-plugin ./plugins/database/mssql/mssql-database-plugin
go build -o bin/mysql-database-plugin ./plugins/database/mysql/mysql-database-plugin
go build -o bin/postgresql-database-plugin ./plugins/database/postgresql/postgresql-database-plugin
go build -o bin/redshift-database-plugin ./plugins/database/redshift/redshift-database-plugin
%{__strip} -s -v bin/*
# Install built stuff
%install
%{__install} -d %{buildroot}%{_bindir}
%{__install} -d %{buildroot}%{vaultconfdir}
%{__install} -d %{buildroot}%{vaultplugindir}
%{__install} -d %{buildroot}%{vaultdatadir}
%{__install} -m 0755 bin/vault %{buildroot}%{_bindir}
%{__install} -m 0755 bin/cassandra-database-plugin %{buildroot}%{vaultplugindir}
%{__install} -m 0755 bin/hana-database-plugin %{buildroot}%{vaultplugindir}
%{__install} -m 0755 bin/influxdb-database-plugin %{buildroot}%{vaultplugindir}
%{__install} -m 0755 bin/mongodb-database-plugin %{buildroot}%{vaultplugindir}
%{__install} -m 0755 bin/mssql-database-plugin %{buildroot}%{vaultplugindir}
%{__install} -m 0755 bin/mysql-database-plugin %{buildroot}%{vaultplugindir}
%{__install} -m 0755 bin/postgresql-database-plugin %{buildroot}%{vaultplugindir}
%{__install} -m 0755 bin/redshift-database-plugin %{buildroot}%{vaultplugindir}
cat > %{buildroot}%{vaultconfdir}/vault.hcl <<EOF
plugin_directory = "%{vaultplugindir}"
storage "file" {
path = "%{vaultdatadir}"
}
EOF
# Systemd unit
%if %{with systemd}
%{__install} -D -m0644 %{S:99} %{buildroot}%{_unitdir}/vault.service
%endif
# Cleanup
%clean
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
# Files list
%files
%defattr(-,root,root)
%doc CHANGELOG.md LICENSE README.md
%{_bindir}/vault
%dir %{vaultconfdir}
%config(noreplace) %{vaultconfdir}/vault.hcl
%dir %{vaultplugindir}
%dir %attr(0750,vault,vault) %{vaultdatadir}
%if %{with systemd}
%{_unitdir}/vault.service
%endif
%files cassandra
%defattr(-,root,root)
%{vaultplugindir}/cassandra-database-plugin
%files hana
%defattr(-,root,root)
%{vaultplugindir}/hana-database-plugin
%files influxdb
%defattr(-,root,root)
%{vaultplugindir}/influxdb-database-plugin
%files mongodb
%defattr(-,root,root)
%{vaultplugindir}/mongodb-database-plugin
%files mssql
%defattr(-,root,root)
%{vaultplugindir}/mssql-database-plugin
%files mysql
%defattr(-,root,root)
%{vaultplugindir}/mysql-database-plugin
%files postgresql
%defattr(-,root,root)
%{vaultplugindir}/postgresql-database-plugin
%files redshift
%defattr(-,root,root)
%{vaultplugindir}/redshift-database-plugin
%pre
/usr/sbin/groupadd -r vault &>/dev/null ||:
/usr/sbin/useradd -g vault -s /bin/false -r -M \
-c "HashiCorp Vault" -d %{vaultdatadir} vault &>/dev/null ||:
%if "%{expand:%_vendor}" == "suse"
%{service_add_pre vault.service}
%endif
%if "%{expand:%_vendor}" == "suse"
%post
%{fillup_only}
%{service_add_post vault.service}
%preun
%{service_del_preun vault.service}
%{stop_on_removal vault.service}
%postun
%{service_del_postun vault.service}
%{restart_on_update vault.service}
%endif
%changelog
