* [gentoo-commits] repo/gentoo:master commit in: app-admin/vault/files/, app-admin/vault/
@ 2016-06-06 6:37 Zac Medico
0 siblings, 0 replies; 2+ messages in thread
From: Zac Medico @ 2016-06-06 6:37 UTC (permalink / raw
To: gentoo-commits
commit: 05d7c50d3b5161217e4b21ea254fac4156705511
Author: Georg Hopp <georg <AT> steffers <DOT> org>
AuthorDate: Mon Jun 6 06:04:48 2016 +0000
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Mon Jun 6 06:37:38 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05d7c50d
app-admin/vault: replace inherited capabilities with inherited, bug 584644
Package-Manager: portage-2.3.0_rc1
app-admin/vault/files/vault.service | 2 +-
app-admin/vault/vault-0.4.1.ebuild | 2 +-
app-admin/vault/vault-0.5.2.ebuild | 2 +-
app-admin/vault/vault-9999.ebuild | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/app-admin/vault/files/vault.service b/app-admin/vault/files/vault.service
index 9a75a92..cee34e2 100644
--- a/app-admin/vault/files/vault.service
+++ b/app-admin/vault/files/vault.service
@@ -8,7 +8,7 @@ User=vault
Environment=VAULT_SERVER_OPTS="-config=/etc/vault.d"
ExecStart=/usr/bin/vault server $VAULT_SERVER_OPTS
CapabilityBoundingSet=CAP_IPC_LOCK
-Capabilities=CAP_IPC_LOCK=eip
+Capabilities=CAP_IPC_LOCK=ep
SecureBits=keep-caps
Restart=on-failure
SuccessExitStatus=2
diff --git a/app-admin/vault/vault-0.4.1.ebuild b/app-admin/vault/vault-0.4.1.ebuild
index 87e58ca..3103267 100644
--- a/app-admin/vault/vault-0.4.1.ebuild
+++ b/app-admin/vault/vault-0.4.1.ebuild
@@ -25,7 +25,7 @@ STRIP_MASK="*.a"
S="${WORKDIR}/${P}"
FILECAPS=(
- -m 755 'cap_ipc_lock=+ei' usr/bin/${PN}
+ -m 755 'cap_ipc_lock=+ep' usr/bin/${PN}
)
pkg_setup() {
diff --git a/app-admin/vault/vault-0.5.2.ebuild b/app-admin/vault/vault-0.5.2.ebuild
index 43475f7..7fc4cd1 100644
--- a/app-admin/vault/vault-0.5.2.ebuild
+++ b/app-admin/vault/vault-0.5.2.ebuild
@@ -25,7 +25,7 @@ STRIP_MASK="*.a"
S="${WORKDIR}/${P}"
FILECAPS=(
- -m 755 'cap_ipc_lock=+ei' usr/bin/${PN}
+ -m 755 'cap_ipc_lock=+ep' usr/bin/${PN}
)
pkg_setup() {
diff --git a/app-admin/vault/vault-9999.ebuild b/app-admin/vault/vault-9999.ebuild
index 2ad654b..3601048 100644
--- a/app-admin/vault/vault-9999.ebuild
+++ b/app-admin/vault/vault-9999.ebuild
@@ -30,7 +30,7 @@ S="${WORKDIR}/src/${GO_PN}"
EGIT_CHECKOUT_DIR="${S}"
FILECAPS=(
- -m 755 'cap_ipc_lock=+ei' usr/bin/${PN}
+ -m 755 'cap_ipc_lock=+ep' usr/bin/${PN}
)
pkg_setup() {
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-admin/vault/files/, app-admin/vault/
@ 2019-07-15 20:51 Zac Medico
0 siblings, 0 replies; 2+ messages in thread
From: Zac Medico @ 2019-07-15 20:51 UTC (permalink / raw
To: gentoo-commits
commit: b2cc4c52499d3a6cf509d7372a603bc265423c9e
Author: Zac Medico <zachary.medico <AT> sony <DOT> com>
AuthorDate: Mon Jul 15 20:42:47 2019 +0000
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Mon Jul 15 20:51:48 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2cc4c52
app-admin/vault: increase max open files
See: https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd
Package-Manager: Portage-2.3.69, Repoman-2.3.16
Copyright: Sony Interactive Entertainment Inc.
Signed-off-by: Zac Medico <zmedico <AT> gentoo.org>
app-admin/vault/files/vault.initd | 3 ++-
app-admin/vault/files/vault.service | 25 ++++++++++++++++------
.../{vault-1.1.2.ebuild => vault-1.1.2-r1.ebuild} | 0
3 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/app-admin/vault/files/vault.initd b/app-admin/vault/files/vault.initd
index d430bb8d39a..e4bd3e7c13d 100644
--- a/app-admin/vault/files/vault.initd
+++ b/app-admin/vault/files/vault.initd
@@ -1,10 +1,11 @@
#!/sbin/openrc-run
-# Copyright 2015-2017 Gentoo Foundation
+# Copyright 2015-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
description="vault server"
group=${group:-${RC_SVCNAME}}
pidfile=${pidfile:-"/run/${RC_SVCNAME}.pid"}
+rc_ulimit=${rc_ulimit-"-n 65536"}
user=${user:-${RC_SVCNAME}}
command="/usr/bin/${RC_SVCNAME}"
diff --git a/app-admin/vault/files/vault.service b/app-admin/vault/files/vault.service
index 3071d034627..939d8cafc24 100644
--- a/app-admin/vault/files/vault.service
+++ b/app-admin/vault/files/vault.service
@@ -4,15 +4,28 @@ Requires=network-online.target
After=network-online.target
[Service]
-User=vault
Environment=VAULT_SERVER_OPTS="-config=/etc/vault.d"
-ExecStart=/usr/bin/vault server $VAULT_SERVER_OPTS
-CapabilityBoundingSet=CAP_IPC_LOCK
-AmbientCapabilities=CAP_IPC_LOCK
-Capabilities=CAP_IPC_LOCK=ep
+User=vault
+Group=vault
+ProtectSystem=full
+ProtectHome=read-only
+PrivateTmp=yes
+PrivateDevices=yes
SecureBits=keep-caps
+AmbientCapabilities=CAP_IPC_LOCK
+Capabilities=CAP_IPC_LOCK+ep
+CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
+NoNewPrivileges=yes
+ExecStart=/usr/bin/vault server $VAULT_SERVER_OPTS
+ExecReload=/bin/kill --signal HUP $MAINPID
+KillMode=process
+KillSignal=SIGINT
Restart=on-failure
-SuccessExitStatus=2
+RestartSec=5
+TimeoutStopSec=30
+StartLimitIntervalSec=60
+StartLimitBurst=3
+LimitNOFILE=65536
[Install]
WantedBy=default.target
diff --git a/app-admin/vault/vault-1.1.2.ebuild b/app-admin/vault/vault-1.1.2-r1.ebuild
similarity index 100%
rename from app-admin/vault/vault-1.1.2.ebuild
rename to app-admin/vault/vault-1.1.2-r1.ebuild
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-07-15 20:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-06 6:37 [gentoo-commits] repo/gentoo:master commit in: app-admin/vault/files/, app-admin/vault/ Zac Medico
-- strict thread matches above, loose matches on Subject: below --
2019-07-15 20:51 Zac Medico
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox