svn commit: r500070 - in head: . security/vault security/vault/files
Steve Wills
swills at FreeBSD.org
Thu Apr 25 21:00:53 UTC 2019
Author: swills
Date: Thu Apr 25 21:00:52 2019
New Revision: 500070
URL: https://svnweb.freebsd.org/changeset/ports/500070
Log:
security/vault: add vault user to daemon class
This allows use of mlock() when vault is started via rc script.
Submitted by: dch
Reviewed by: jrm
Differential Revision: https://reviews.freebsd.org/D20025
Added:
head/security/vault/files/pkg-message.in (contents, props changed)
Modified:
head/UIDs
head/security/vault/Makefile (contents, props changed)
Modified: head/UIDs
==============================================================================
--- head/UIDs Thu Apr 25 19:42:01 2019 (r500069)
+++ head/UIDs Thu Apr 25 21:00:52 2019 (r500070)
@@ -416,7 +416,7 @@ netmon:*:467:467::0:0:Network monitor account:/var/net
slurm:*:468:468::0:0:SLURM Daemon:/nonexistent:/usr/sbin/nologin
consul:*:469:469::0:0:Consul Daemon:/var/tmp/consul:/usr/sbin/nologin
serf:*:470:470::0:0:Serf Daemon:/nonexistent:/usr/sbin/nologin
-vault:*:471:471::0:0:Vault Daemon:/nonexistent:/usr/sbin/nologin
+vault:*:471:471:daemon:0:0:Vault Daemon:/nonexistent:/usr/sbin/nologin
nomad:*:472:472::0:0:Nomad Daemon:/var/tmp/nomad:/usr/sbin/nologin
minio:*:473:473::0:0:Minio Daemon:/var/tmp/minio:/usr/sbin/nologin
gitlab-runner:*:474:474::0:0:GitLab Runner Daemon:/var/tmp/gitlab_runner:/usr/sbin/nologin
Modified: head/security/vault/Makefile
==============================================================================
--- head/security/vault/Makefile Thu Apr 25 19:42:01 2019 (r500069)
+++ head/security/vault/Makefile Thu Apr 25 21:00:52 2019 (r500070)
@@ -2,6 +2,7 @@
PORTNAME= vault
PORTVERSION= 1.1.2
+PORTREVISION= 1
DISTVERSIONPREFIX= v
CATEGORIES= security
@@ -26,6 +27,7 @@ USERS= vault
GROUPS= vault
PLIST_FILES= bin/${PORTNAME}
+SUB_FILES= pkg-message
post-patch:
@${CP} ${WRKDIR}/vaultui-${PORTVERSION}/http/bindata_assetfs.go ${WRKDIR}/vault-${PORTVERSION}/http/bindata_assetfs.go
Added: head/security/vault/files/pkg-message.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/vault/files/pkg-message.in Thu Apr 25 21:00:52 2019 (r500070)
@@ -0,0 +1,19 @@
+The vault user created by the vault package is now a member of the daemon
+class, which will allow it to use mlock() when started by the rc script. This
+will not be reflected in systems where the user already exists. Please add the
+vault user to the daemon class manually by running:
+
+pw usermod -L daemon -n vault
+
+or delete the user and reinstall the package.
+
+You may also need to increase memorylocked for the daemon class in
+/etc/login.conf to 256M or more and run:
+
+cap_mkdb /etc/login.conf
+
+Or to disable mlock, add:
+
+disable_mlock = 1
+
+to %%PREFIX%%/etc/vault.hcl
More information about the svn-ports-all
mailing list