From d95dca26ab7c7a0031df89e555515afa94e1d137 Mon Sep 17 00:00:00 2001 From: Danielle Lancashire Date: Wed, 28 Aug 2019 09:47:03 +0200 Subject: [PATCH 1/2] vault: 1.0.2 -> 1.2.2 This upgrades Vault to version 1.2.2. To accomplish this, we migrate to using the `buildGoModule` helper, as since 1.0.2 the Vault build process migrated to modules, and does not vendor its dependencies. We also stop using the vault build script, and gox, as it only really provides value for local development, where it configures GOOS/GOARCH and installs into some convenient dev locations. --- pkgs/tools/security/vault/default.nix | 33 +++++++++------------------ 1 file changed, 11 insertions(+), 22 deletions(-) diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 3f366a583204..dcded0652763 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -1,36 +1,25 @@ -{ stdenv, fetchFromGitHub, go, gox, removeReferencesTo }: +{ stdenv, fetchFromGitHub, buildGoModule }: -stdenv.mkDerivation rec { +buildGoModule rec { name = "vault-${version}"; - version = "1.1.3"; + version = "1.2.2"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "0dylwvs95crvn1p7pbyzib979rxzp4ivzvi5k4f5ivp4ygnp597s"; + sha256 = "1xljm7xmb4ldg3wx8s9kw1spffg4ywk4r1jqfa743czd2xxmqavl"; }; - nativeBuildInputs = [ go gox removeReferencesTo ]; + modSha256 = "13pr3piv6hrsc562qagpn1h5wckiziyfqraj13172hdglz3n2i7q"; - preBuild = '' - patchShebangs ./ - substituteInPlace scripts/build.sh --replace 'git rev-parse HEAD' 'echo ${src.rev}' - sed -i s/'^GIT_DIRTY=.*'/'GIT_DIRTY="+NixOS"'/ scripts/build.sh - - mkdir -p .git/hooks src/github.com/hashicorp - ln -s $(pwd) src/github.com/hashicorp/vault - - export GOPATH=$(pwd) - export GOCACHE="$TMPDIR/go-cache" - ''; - - installPhase = '' - mkdir -p $out/bin $out/share/bash-completion/completions - - cp pkg/*/* $out/bin/ - find $out/bin -type f -exec remove-references-to -t ${go} '{}' + + buildFlagsArray = [ + "-tags='vault'" + "-ldflags=\"-X github.com/hashicorp/vault/sdk/version.GitCommit='v${version}'\"" + ]; + postInstall = '' + mkdir -p $out/share/bash-completion/completions echo "complete -C $out/bin/vault vault" > $out/share/bash-completion/completions/vault ''; From 4b99f9ba0bac82b2d3391ad115d4941b483986f5 Mon Sep 17 00:00:00 2001 From: Danielle Lancashire Date: Wed, 28 Aug 2019 18:42:18 +0200 Subject: [PATCH 2/2] vault: add raft backend to vault service --- nixos/modules/services/security/vault.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/security/vault.nix b/nixos/modules/services/security/vault.nix index 8176c168ca94..d5962ba9af90 100644 --- a/nixos/modules/services/security/vault.nix +++ b/nixos/modules/services/security/vault.nix @@ -70,7 +70,7 @@ in }; storageBackend = mkOption { - type = types.enum [ "inmem" "file" "consul" "zookeeper" "s3" "azure" "dynamodb" "etcd" "mssql" "mysql" "postgresql" "swift" "gcs" ]; + type = types.enum [ "inmem" "file" "consul" "zookeeper" "s3" "azure" "dynamodb" "etcd" "mssql" "mysql" "postgresql" "swift" "gcs" "raft" ]; default = "inmem"; description = "The name of the type of storage backend"; };