9 files changed, 367 insertions, 0 deletions

diff --git a/app-admin/vault/Manifest b/app-admin/vault/Manifest
new file mode 100644
index 000000000000..9b5f8e0d029e
--- /dev/null
+++ b/app-admin/vault/Manifest
@@ -0,0 +1,3 @@
+DIST gox-0.3.0.tar.gz 13735 SHA256 29dc6b689f670a5444cc54cd9111549ccb01501901bc9197d0e1325a35157802 SHA512 cbc737a780403d1233af10a85b30676e0fcfbfbe99a740d0eff69bef4fd557c65d102c43b3b0dde0b8b935967be8cb33fab50d2baf481d27fa53285be6b1aef2 WHIRLPOOL f3a10a965c4cfe0707bad2f8307162564b00d2b0279d61311445714f28a17d97a4ee4d5a442a7aaaf25b9f44eff656a8b84485bdb0e5776cc7a1014350cff216
+DIST iochan-b584a329b193e206025682ae6c10cdbe03b0cd77.tar.gz 1110 SHA256 27aa65991036fe736d3c383378e49758097f5a11a20b40f44cc434eac97659f7 SHA512 a4314506416d6ab84c9cd96aeadc8d08c88df8f2a146b1e6a51e5f756c2e2409f39adf274487998d0229a46d81b2d0899717064459966f4dbfa5571cc9e85400 WHIRLPOOL 9fd40b227de5452642696326b0b0a66d95e2ddf738a1b6e7e712e201101bb84cc854161609836cae82515ba95ba1e5efd331ce68abdf79c654a9d7a874f849f3
+DIST vault-0.1.2.tar.gz 1158880 SHA256 b8d56f1ebd11f5d80a6a6728b6c9ac399c7e507e3e9fe8830966be50ba15d1b3 SHA512 49488d4fac62521e485a623a3f5fa384643e84bb9aff616efec2169d84731f9892b5ffa1ae475ce905032f6f8e816a372535bc328daf4ee5caf0344a3cd2e9bc WHIRLPOOL f1d678145fad5b8a988dacb8aabf02394a81b267aeabdd2a2968c0efc9576997e980800fe0f08fb70d2f6052fce5d9d94c6d46ee0b50d97ca68b404a78c2c381
diff --git a/app-admin/vault/files/localhost.json.example b/app-admin/vault/files/localhost.json.example
new file mode 100644
index 000000000000..02c377e424a9
--- /dev/null
+++ b/app-admin/vault/files/localhost.json.example
@@ -0,0 +1,9 @@
+backend "consul" {
+	address = "127.0.0.1:8500"
+	path = "vault"
+}
+
+listener "tcp" {
+	address = "127.0.0.1:8200"
+	tls_disable = 1
+}
diff --git a/app-admin/vault/files/vault.confd b/app-admin/vault/files/vault.confd
new file mode 100644
index 000000000000..606095864e71
--- /dev/null
+++ b/app-admin/vault/files/vault.confd
@@ -0,0 +1,7 @@
+# you can change the init script behavior by setting those parameters
+# - group (default: vault)
+# - pidfile (default: /run/vault/vault.pid)
+# - user (default: vault)
+
+# extra arguments for the consul agent
+command_args="-config=/etc/consul.d"
diff --git a/app-admin/vault/files/vault.initd b/app-admin/vault/files/vault.initd
new file mode 100644
index 000000000000..e4fb31bfafe8
--- /dev/null
+++ b/app-admin/vault/files/vault.initd
@@ -0,0 +1,25 @@
+#!/sbin/openrc-run
+# Copyright 2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+description="vault server"
+group=${group:-${SVCNAME}}
+pidfile=${pidfile:-"/run/${SVCNAME}/${SVCNAME}.pid"}
+user=${user:-${SVCNAME}}
+
+command="/usr/sbin/${SVCNAME}"
+command_args="agent -config-dir=/etc/vault.d ${command_args}"
+command_background="true"
+start_stop_daemon_args="--user ${user} --group ${group} \
+	--stdout /var/log/${SVCNAME}/${SVCNAME}.log \
+	--stderr /var/log/${SVCNAME}/${SVCNAME}.log"
+
+depend() {
+	need net
+	after net
+}
+
+start_pre() {
+	checkpath -d -m 0755 -o "${user}":"${group}" "${pidfile%/*}"
+}
diff --git a/app-admin/vault/files/vault.service b/app-admin/vault/files/vault.service
new file mode 100644
index 000000000000..9a75a92a26d9
--- /dev/null
+++ b/app-admin/vault/files/vault.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=vault server
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+User=vault
+Environment=VAULT_SERVER_OPTS="-config=/etc/vault.d"
+ExecStart=/usr/bin/vault server $VAULT_SERVER_OPTS
+CapabilityBoundingSet=CAP_IPC_LOCK
+Capabilities=CAP_IPC_LOCK=eip
+SecureBits=keep-caps
+Restart=on-failure
+SuccessExitStatus=2
+
+[Install]
+WantedBy=default.target
diff --git a/app-admin/vault/metadata.xml b/app-admin/vault/metadata.xml
new file mode 100644
index 000000000000..059d713e41ed
--- /dev/null
+++ b/app-admin/vault/metadata.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer>
+    <email>zmedico@gentoo.org</email>
+  </maintainer>
+</pkgmetadata>
diff --git a/app-admin/vault/vault-0.1.2-r1.ebuild b/app-admin/vault/vault-0.1.2-r1.ebuild
new file mode 100644
index 000000000000..770c1bb3ae44
--- /dev/null
+++ b/app-admin/vault/vault-0.1.2-r1.ebuild
@@ -0,0 +1,101 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit fcaps systemd user
+
+KEYWORDS="~amd64"
+DESCRIPTION="A tool for managing secrets"
+HOMEPAGE="https://vaultproject.io/"
+GO_PN="github.com/hashicorp/${PN}"
+LICENSE="MPL-2.0"
+SLOT="0"
+IUSE=""
+
+DEPEND=">=dev-lang/go-1.4:=
+	dev-go/go-oauth2:="
+RDEPEND=""
+
+SRC_URI="https://${GO_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz
+https://github.com/mitchellh/gox/archive/v0.3.0.tar.gz -> gox-0.3.0.tar.gz
+https://github.com/mitchellh/iochan/archive/b584a329b193e206025682ae6c10cdbe03b0cd77.tar.gz -> iochan-b584a329b193e206025682ae6c10cdbe03b0cd77.tar.gz"
+STRIP_MASK="*.a"
+S="${WORKDIR}/src/${GO_PN}"
+
+FILECAPS=(
+	-m 755 'cap_ipc_lock=+ei' usr/bin/${PN}
+)
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 -1 ${PN}
+}
+
+src_unpack() {
+	local x
+
+	default
+	mkdir -p src/${GO_PN%/*} || die
+	mv ${P} src/${GO_PN} || die
+
+	# Create a writable GOROOT in order to avoid sandbox violations.
+	export GOROOT="${WORKDIR}/goroot"
+	cp -sR "${EPREFIX}"/usr/lib/go "${GOROOT}" || die
+	rm -rf "${GOROOT}/src/${GO_PN}" || die
+
+	export GOPATH=${WORKDIR}:${WORKDIR}/src/github.com/hashicorp/vault/Godeps/_workspace
+
+	while read -r -d '' x; do
+		rm -rf "${GOROOT}/src/${x}" "${GOROOT}/pkg/${KERNEL}_${ARCH}/${x}"{,.a} || die
+	done < <(find "${WORKDIR}/src/github.com/hashicorp/vault/Godeps/_workspace/src" -maxdepth 3 -mindepth 3 -type d -print0)
+
+	mkdir -p "${GOROOT}/src/github.com/mitchellh" || die
+	rm -rf "${GOROOT}/src/github.com/mitchellh/gox" || die
+	mv gox-0.3.0 "${GOROOT}/src/github.com/mitchellh/gox" || die
+	rm -rf "${GOROOT}/src/github.com/mitchellh/iochan" || die
+	mv iochan-* "${GOROOT}/src/github.com/mitchellh/iochan" || die
+}
+
+src_prepare() {
+	# Avoid the need to have a git checkout
+	sed -e 's:^GIT.*::' \
+		-e 's:-ldflags.*:\\:' \
+		-i scripts/build.sh || die
+}
+
+src_compile() {
+	go install -v -x github.com/mitchellh/gox || die
+	PATH=${GOROOT}/bin:${PATH} emake dev
+}
+
+src_install() {
+	local x
+
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+	systemd_dounit "${FILESDIR}/${PN}.service"
+
+	keepdir /etc/${PN}.d
+	insinto /etc/${PN}.d
+	doins "${FILESDIR}/"*.json.example
+
+	keepdir /var/log/${PN}
+	fowners ${PN}:${PN} /var/log/${PN}
+
+	dobin bin/${PN}
+	find "${WORKDIR}"/{pkg,src} -name '.git*' -exec rm -rf {} \; 2>/dev/null
+	find "${WORKDIR}"/src/${GO_PN} -mindepth 1 -maxdepth 1 -type f -delete
+	while read -r -d '' x; do
+		x=${x#${WORKDIR}/src}
+		[[ -d ${WORKDIR}/pkg/${KERNEL}_${ARCH}/${x} ||
+			-f ${WORKDIR}/pkg/${KERNEL}_${ARCH}/${x}.a ]] && continue
+		rm -rf "${WORKDIR}"/src/${x}
+	done < <(find "${WORKDIR}"/src/${GO_PN} -mindepth 1 -maxdepth 1 -type d -print0)
+	insopts -m0644 -p # preserve timestamps for bug 551486
+	insinto /usr/lib/go/pkg/${KERNEL}_${ARCH}/${GO_PN%/*}
+	doins -r "${WORKDIR}"/pkg/${KERNEL}_${ARCH}/${GO_PN}
+	insinto /usr/lib/go/src/${GO_PN%/*}
+	doins -r "${WORKDIR}"/src/${GO_PN}
+}
diff --git a/app-admin/vault/vault-0.1.2.ebuild b/app-admin/vault/vault-0.1.2.ebuild
new file mode 100644
index 000000000000..fad7f2eaf09f
--- /dev/null
+++ b/app-admin/vault/vault-0.1.2.ebuild
@@ -0,0 +1,101 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit fcaps systemd user
+
+KEYWORDS="~amd64"
+DESCRIPTION="A tool for managing secrets"
+HOMEPAGE="https://vaultproject.io/"
+GO_PN="github.com/hashicorp/${PN}"
+LICENSE="MPL-2.0"
+SLOT="0"
+IUSE=""
+
+DEPEND=">=dev-lang/go-1.4
+	dev-go/go-oauth2"
+RDEPEND=""
+
+SRC_URI="https://${GO_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz
+https://github.com/mitchellh/gox/archive/v0.3.0.tar.gz -> gox-0.3.0.tar.gz
+https://github.com/mitchellh/iochan/archive/b584a329b193e206025682ae6c10cdbe03b0cd77.tar.gz -> iochan-b584a329b193e206025682ae6c10cdbe03b0cd77.tar.gz"
+STRIP_MASK="*.a"
+S="${WORKDIR}/src/${GO_PN}"
+
+FILECAPS=(
+	-m 755 'cap_ipc_lock=+ei' usr/bin/${PN}
+)
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 -1 ${PN}
+}
+
+src_unpack() {
+	local x
+
+	default
+	mkdir -p src/${GO_PN%/*} || die
+	mv ${P} src/${GO_PN} || die
+
+	# Create a writable GOROOT in order to avoid sandbox violations.
+	export GOROOT="${WORKDIR}/goroot"
+	cp -sR "${EPREFIX}"/usr/lib/go "${GOROOT}" || die
+	rm -rf "${GOROOT}/src/${GO_PN}" || die
+
+	export GOPATH=${WORKDIR}:${WORKDIR}/src/github.com/hashicorp/vault/Godeps/_workspace
+
+	while read -r -d '' x; do
+		rm -rf "${GOROOT}/src/${x}" "${GOROOT}/pkg/${KERNEL}_${ARCH}/${x}"{,.a} || die
+	done < <(find "${WORKDIR}/src/github.com/hashicorp/vault/Godeps/_workspace/src" -maxdepth 3 -mindepth 3 -type d -print0)
+
+	mkdir -p "${GOROOT}/src/github.com/mitchellh" || die
+	rm -rf "${GOROOT}/src/github.com/mitchellh/gox" || die
+	mv gox-0.3.0 "${GOROOT}/src/github.com/mitchellh/gox" || die
+	rm -rf "${GOROOT}/src/github.com/mitchellh/iochan" || die
+	mv iochan-* "${GOROOT}/src/github.com/mitchellh/iochan" || die
+}
+
+src_prepare() {
+	# Avoid the need to have a git checkout
+	sed -e 's:^GIT.*::' \
+		-e 's:-ldflags.*:\\:' \
+		-i scripts/build.sh || die
+}
+
+src_compile() {
+	go install -v -x github.com/mitchellh/gox || die
+	PATH=${GOROOT}/bin:${PATH} emake dev
+}
+
+src_install() {
+	local x
+
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+	systemd_dounit "${FILESDIR}/${PN}.service"
+
+	keepdir /etc/${PN}.d
+	insinto /etc/${PN}.d
+	doins "${FILESDIR}/"*.json.example
+
+	keepdir /var/log/${PN}
+	fowners ${PN}:${PN} /var/log/${PN}
+
+	dobin bin/${PN}
+	find "${WORKDIR}"/{pkg,src} -name '.git*' -exec rm -rf {} \; 2>/dev/null
+	find "${WORKDIR}"/src/${GO_PN} -mindepth 1 -maxdepth 1 -type f -delete
+	while read -r -d '' x; do
+		x=${x#${WORKDIR}/src}
+		[[ -d ${WORKDIR}/pkg/${KERNEL}_${ARCH}/${x} ||
+			-f ${WORKDIR}/pkg/${KERNEL}_${ARCH}/${x}.a ]] && continue
+		rm -rf "${WORKDIR}"/src/${x}
+	done < <(find "${WORKDIR}"/src/${GO_PN} -mindepth 1 -maxdepth 1 -type d -print0)
+	insopts -m0644 -p # preserve timestamps for bug 551486
+	insinto /usr/lib/go/pkg/${KERNEL}_${ARCH}/${GO_PN%/*}
+	doins -r "${WORKDIR}"/pkg/${KERNEL}_${ARCH}/${GO_PN}
+	insinto /usr/lib/go/src/${GO_PN%/*}
+	doins -r "${WORKDIR}"/src/${GO_PN}
+}
diff --git a/app-admin/vault/vault-9999.ebuild b/app-admin/vault/vault-9999.ebuild
new file mode 100644
index 000000000000..f315b8c60689
--- /dev/null
+++ b/app-admin/vault/vault-9999.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit fcaps git-r3 systemd user
+
+KEYWORDS=""
+DESCRIPTION="A tool for managing secrets"
+HOMEPAGE="https://vaultproject.io/"
+GO_PN="github.com/hashicorp/${PN}"
+EGIT_REPO_URI="git://${GO_PN}.git"
+LICENSE="MPL-2.0"
+SLOT="0"
+IUSE=""
+
+DEPEND=">=dev-lang/go-1.4:=
+	dev-go/go-oauth2:="
+RDEPEND=""
+
+SRC_URI=""
+STRIP_MASK="*.a"
+S="${WORKDIR}/src/${GO_PN}"
+EGIT_CHECKOUT_DIR="${S}"
+
+FILECAPS=(
+	-m 755 'cap_ipc_lock=+ei' usr/bin/${PN}
+)
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 -1 ${PN}
+}
+
+src_unpack() {
+	local x
+
+	git-r3_src_unpack
+
+	# Create a writable GOROOT in order to avoid sandbox violations.
+	export GOROOT="${WORKDIR}/goroot"
+	cp -sR "${EPREFIX}"/usr/lib/go "${GOROOT}" || die
+	rm -rf "${GOROOT}/src/${GO_PN}" || die
+
+	export GOPATH=${WORKDIR}:${WORKDIR}/src/github.com/hashicorp/vault/Godeps/_workspace
+
+	while read -r -d '' x; do
+		rm -rf "${GOROOT}/src/${x}" "${GOROOT}/pkg/${KERNEL}_${ARCH}/${x}"{,.a} || die
+	done < <(find "${WORKDIR}/src/github.com/hashicorp/vault/Godeps/_workspace/src" -maxdepth 3 -mindepth 3 -type d -print0)
+
+	rm -rf "${WORKDIR}/src/github.com/hashicorp/vault/Godeps/_workspace/src/github.com/awslabs"
+	go get -d -v -x github.com/awslabs/aws-sdk-go || die
+
+	if ! type -P gox >/dev/null; then
+		pushd "${S}" >/dev/null || die
+		go get -d -v -x github.com/mitchellh/gox || die
+	fi
+}
+
+src_compile() {
+	go install -v -x github.com/awslabs/aws-sdk-go || die
+	if ! type -P gox >/dev/null; then
+		go install -v -x github.com/mitchellh/gox || die
+	fi
+	PATH=${WORKDIR}/bin:${GOROOT}/bin:${PATH} emake dev
+}
+
+src_install() {
+	local x
+
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+	systemd_dounit "${FILESDIR}/${PN}.service"
+
+	keepdir /etc/${PN}.d
+	insinto /etc/${PN}.d
+	doins "${FILESDIR}/"*.json.example
+
+	keepdir /var/log/${PN}
+	fowners ${PN}:${PN} /var/log/${PN}
+
+	dobin bin/${PN}
+	find "${WORKDIR}"/{pkg,src} -name '.git*' -exec rm -rf {} \; 2>/dev/null
+	find "${WORKDIR}"/src/${GO_PN} -mindepth 1 -maxdepth 1 -type f -delete
+	while read -r -d '' x; do
+		x=${x#${WORKDIR}/src}
+		[[ -d ${WORKDIR}/pkg/${KERNEL}_${ARCH}/${x} ||
+			-f ${WORKDIR}/pkg/${KERNEL}_${ARCH}/${x}.a ]] && continue
+		rm -rf "${WORKDIR}"/src/${x}
+	done < <(find "${WORKDIR}"/src/${GO_PN} -mindepth 1 -maxdepth 1 -type d -print0)
+	insopts -m0644 -p # preserve timestamps for bug 551486
+	insinto /usr/lib/go/pkg/${KERNEL}_${ARCH}/${GO_PN%/*}
+	doins -r "${WORKDIR}"/pkg/${KERNEL}_${ARCH}/${GO_PN}
+	insinto /usr/lib/go/src/${GO_PN%/*}
+	doins -r "${WORKDIR}"/src/${GO_PN}
+}