[gentoo-commits] repo/gentoo:master commit in: app-admin/rsyslog/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-admin/rsyslog/
Date:	Wed, 02 Oct 2019 23:10:26
Message-Id:	`1570057814.fbb231bfa84a623474e4dae04a873ecf251307d3.whissi@gentoo`

1

commit:     fbb231bfa84a623474e4dae04a873ecf251307d3

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Wed Oct  2 23:04:27 2019 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Wed Oct  2 23:10:14 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbb231bf

7

8

app-admin/rsyslog: bump to v8.1910.0

9

10

Package-Manager: Portage-2.3.76, Repoman-2.3.17

11

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

12

13

 app-admin/rsyslog/Manifest                |   2 +

14

 app-admin/rsyslog/rsyslog-8.1910.0.ebuild | 462 ++++++++++++++++++++++++++++++

15

 2 files changed, 464 insertions(+)

16

17

diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest

18

index 9f3976a6187..27081562136 100644

19

--- a/app-admin/rsyslog/Manifest

20

+++ b/app-admin/rsyslog/Manifest

21

@@ -1,6 +1,8 @@

22

 DIST rsyslog-8.1904.0.tar.gz 2902708 BLAKE2B 515d5e32c2dc6cdd8dd51fc595ad775503438603f28828e9f1a427b184a5a61de32af2ee90334b7d56a9404106d74da47386a18a370278d5a16422a6bb09f556 SHA512 cccb48f06508d7e7c2dd788903f4d7ddb3020cdf6079aea1d52387c56b920f10b08957a79b5d420ccdb54cae50d1da6e5eb80cde9498bceaeda4f6ce37f694fd

23

 DIST rsyslog-8.1907.0.tar.gz 2926855 BLAKE2B 65c674e53bfa960e3fe5c7f41a304cf8736fe72e2391895dde9fdc17fabeb2f92fccab48965d5e1689a5852136a43a3355f89c9fa9d1d1974335ce80204bb4ac SHA512 2aa3f6106e48fa63c6d4389f83e7a3212817c626d04881682236055792cf5c9d8a941638c9a508c470b6a24c934ef5cb0eda65ea25179d98831afbe2a27c1519

24

 DIST rsyslog-8.1908.0.tar.gz 2952939 BLAKE2B c6784753262a71f30f32fc35ad3e3e75fa2af271bdb0a62c2d4796d3d0413c7f619052a5e33c52c5f3b22aa474d14b7bb06e9c502944f914e708265835fd90ff SHA512 66b6755e1f5a610ed8ec3f8fad1ee227f8ff34618a8f2660a801e6f9aa734980190fbffd8144ac30d63f8297a06e86ada65ba838242d8a006bca8e30f56dce80

25

+DIST rsyslog-8.1910.0.tar.gz 2957635 BLAKE2B ea350d3fb923c2f7d2799942fec6a77ef893fa12bc95a5b1428b8e280d96b562cd864469ebf13ee57e9ea89787765a4bb13d155460defc73a3a85b17ad6a5ab1 SHA512 85f5df91a6357ecb38708b4d569d26804a50ca28c928a636ac7749595f1a7105c3450fbd521835a436ebdfdcac33a33986e09a09026745ea4d1a2897406770d5

26

 DIST rsyslog-doc-8.1904.0.tar.gz 8042650 BLAKE2B 585fe5c63eee1fb46f94dcd3d529045b3900e08c291e0e71ed9bf32a6200e6c7283820b262bd56e9aeb74cc227ecd518caafec5a8f87c1d8523d5d7fd95030aa SHA512 da0ff00fbe71756b3c27fd8b94e88611452c3ba611e583862556393faaaa596ca8f32f694ad40a3e1df67385d9f9ca80db6a58f5d2e336fe95639dd7cd0de828

27

 DIST rsyslog-doc-8.1907.0.tar.gz 8071764 BLAKE2B 90c18a93bb2f2c9158a4696245c44c36ab4c40597d1eb8df8af257f57aa17e71436bd60792c4f982ebc15395abacd53281046e4ae6df65c306f815e6599fb8bc SHA512 72dcddef6e36a92d2bdcf54072fff7516b6c731f43a53ef8f5d4ebdbe46bc7aeb63bbc3e739a6e5897602ea7705c4bdd8f57aa10796955ed772a6c7cf552c5e5

28

 DIST rsyslog-doc-8.1908.0.tar.gz 8082984 BLAKE2B 7f102a215b0c51b961a4e44e97c8a3cd9966215dba44a194a5ff925b8a2b1ad3389461e2de3dae6dfb770bc36c9a31747298bdb7e975d6fa86ca209c9e314ac3 SHA512 d826013de671c895be7becd2a7c5ce1fb218149c6128d486116be6a01fc69099026f5a277b30fc57e626aeb4038e00b17abcad9a45ea3c9838e7041de9d991a5

29

+DIST rsyslog-doc-8.1910.0.tar.gz 8158007 BLAKE2B 7a05cf7070ba350d0fb939350868ff0dd9d03be46ebd1b1261e54add70ab680afe0b356f563ea9e10148aed17667fc0b729e2fa8f7ff7cff3e4cec9d0da209a8 SHA512 e46f14e40ae690efbe3114a859c1c94c8f9573ca5ebdb533ad4b5ed76c3a930c887cc205e7279fcc546fda3ce624eae507ce08d5d10ee1eb167a957edd742bf2

30

31

diff --git a/app-admin/rsyslog/rsyslog-8.1910.0.ebuild b/app-admin/rsyslog/rsyslog-8.1910.0.ebuild

32

new file mode 100644

33

index 00000000000..09eed323e45

34

--- /dev/null

35

+++ b/app-admin/rsyslog/rsyslog-8.1910.0.ebuild

36

@@ -0,0 +1,462 @@

37

+# Copyright 1999-2019 Gentoo Authors

38

+# Distributed under the terms of the GNU General Public License v2

39

+

40

+EAPI="6"

41

+PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} )

42

+

43

+inherit autotools eutils linux-info python-any-r1 systemd

44

+

45

+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"

46

+HOMEPAGE="https://www.rsyslog.com/"

47

+

48

+if [[ ${PV} == "9999" ]]; then

49

+	EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"

50

+

51

+	DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"

52

+

53

+	inherit git-r3

54

+else

55

+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86"

56

+

57

+	SRC_URI="

58

+		https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz

59

+		doc? ( https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz )

60

+	"

61

+fi

62

+

63

+LICENSE="GPL-3 LGPL-3 Apache-2.0"

64

+SLOT="0"

65

+IUSE="curl dbi debug doc elasticsearch +gcrypt gnutls jemalloc kafka kerberos kubernetes libressl mdblookup"

66

+IUSE+=" mongodb mysql normalize clickhouse omhttp omhttpfs omudpspoof openssl postgres"

67

+IUSE+=" rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools +uuid xxhash zeromq"

68

+RESTRICT="!test? ( test )"

69

+

70

+RDEPEND="

71

+	>=dev-libs/libfastjson-0.99.8:=

72

+	>=dev-libs/libestr-0.1.9

73

+	>=sys-libs/zlib-1.2.5

74

+	curl? ( >=net-misc/curl-7.35.0 )

75

+	dbi? ( >=dev-db/libdbi-0.8.3 )

76

+	elasticsearch? ( >=net-misc/curl-7.35.0 )

77

+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )

78

+	jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )

79

+	kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )

80

+	kerberos? ( virtual/krb5 )

81

+	kubernetes? ( >=net-misc/curl-7.35.0 )

82

+	mdblookup? ( dev-libs/libmaxminddb:= )

83

+	mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )

84

+	mysql? ( dev-db/mysql-connector-c:= )

85

+	normalize? (

86

+		>=dev-libs/liblognorm-2.0.3:=

87

+	)

88

+	clickhouse? ( >=net-misc/curl-7.35.0 )

89

+	omhttpfs? ( >=net-misc/curl-7.35.0 )

90

+	omudpspoof? ( >=net-libs/libnet-1.1.6 )

91

+	postgres? ( >=dev-db/postgresql-8.4.20:= )

92

+	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )

93

+	redis? ( >=dev-libs/hiredis-0.11.0:= )

94

+	relp? ( >=dev-libs/librelp-1.2.17:= )

95

+	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )

96

+	rfc5424hmac? (

97

+		!libressl? ( >=dev-libs/openssl-0.9.8y:0= )

98

+		libressl? ( dev-libs/libressl:= )

99

+	)

100

+	snmp? ( >=net-analyzer/net-snmp-5.7.2 )

101

+	ssl? (

102

+		gnutls? ( >=net-libs/gnutls-2.12.23:0= )

103

+		openssl? (

104

+			!libressl? ( dev-libs/openssl:0= )

105

+			libressl? ( dev-libs/libressl:0= )

106

+		)

107

+	)

108

+	systemd? ( >=sys-apps/systemd-234 )

109

+	uuid? ( sys-apps/util-linux:0= )

110

+	xxhash? ( dev-libs/xxhash:= )

111

+	zeromq? (

112

+		>=net-libs/czmq-3.0.2

113

+	)"

114

+DEPEND="${RDEPEND}

115

+	>=sys-devel/autoconf-archive-2015.02.24

116

+	virtual/pkgconfig

117

+	elibc_musl? ( sys-libs/queue-standalone )

118

+	test? (

119

+		>=dev-libs/liblogging-1.0.1[stdlog]

120

+		jemalloc? ( <sys-libs/libfaketime-0.9.7 )

121

+		!jemalloc? ( sys-libs/libfaketime )

122

+		${PYTHON_DEPS}

123

+	)"

124

+

125

+REQUIRED_USE="

126

+	kubernetes? ( normalize )

127

+	ssl? ( || ( gnutls openssl ) )

128

+"

129

+

130

+if [[ ${PV} == "9999" ]]; then

131

+	DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"

132

+	DEPEND+=" >=sys-devel/flex-2.5.39-r1"

133

+	DEPEND+=" >=sys-devel/bison-2.4.3"

134

+	DEPEND+=" >=dev-python/docutils-0.12"

135

+fi

136

+

137

+CONFIG_CHECK="~INOTIFY_USER"

138

+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"

139

+

140

+pkg_setup() {

141

+	use test && python-any-r1_pkg_setup

142

+}

143

+

144

+src_unpack() {

145

+	if [[ ${PV} == "9999" ]]; then

146

+		git-r3_fetch

147

+		git-r3_checkout

148

+	else

149

+		unpack ${P}.tar.gz

150

+	fi

151

+

152

+	if use doc; then

153

+		if [[ ${PV} == "9999" ]]; then

154

+			local _EGIT_BRANCH=

155

+			if [[ -n "${EGIT_BRANCH}" ]]; then

156

+				# Cannot use rsyslog commits/branches for documentation repository

157

+				_EGIT_BRANCH=${EGIT_BRANCH}

158

+				unset EGIT_BRANCH

159

+			fi

160

+

161

+			git-r3_fetch "${DOC_REPO_URI}"

162

+			git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs

163

+

164

+			if [[ -n "${_EGIT_BRANCH}" ]]; then

165

+				# Restore previous EGIT_BRANCH information

166

+				EGIT_BRANCH=${_EGIT_BRANCH}

167

+			fi

168

+		else

169

+			cd "${S}" || die "Cannot change dir into '${S}'"

170

+			mkdir docs || die "Failed to create docs directory"

171

+			cd docs || die "Failed to change dir into '${S}/docs'"

172

+			unpack ${PN}-doc-${PV}.tar.gz

173

+		fi

174

+	fi

175

+}

176

+

177

+src_prepare() {

178

+	default

179

+

180

+	# https://github.com/rsyslog/rsyslog/issues/3626

181

+	sed -i \

182

+		-e '\|^#!/bin/bash$|a exit 77' \

183

+		tests/mmkubernetes-cache-expir*.sh \

184

+		|| die "Failed to disabled known test failure mmkubernetes-cache-expir*.sh"

185

+

186

+	eautoreconf

187

+}

188

+

189

+src_configure() {

190

+	# Maintainer notes:

191

+	# * Guardtime support is missing because libgt isn't yet available

192

+	#   in portage.

193

+	# * Hadoop's HDFS file system output module is currently not

194

+	#   supported in Gentoo because nobody is able to test it

195

+	#   (JAVA dependency).

196

+	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,

197

+	#   upstream PR 129 and 136) so we need to export HIREDIS_*

198

+	#   variables because rsyslog's build system depends on pkg-config.

199

+

200

+	if use redis; then

201

+		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"

202

+		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"

203

+	fi

204

+

205

+	local myeconfargs=(

206

+		--disable-debug-symbols

207

+		--disable-generate-man-pages

208

+		--without-valgrind-testbench

209

+		--disable-liblogging-stdlog

210

+		$(use_enable test testbench)

211

+		$(use_enable test libfaketime)

212

+		$(use_enable test extended-tests)

213

+		# Input Plugins without depedencies

214

+		--enable-imdiag

215

+		--enable-imfile

216

+		--enable-impstats

217

+		--enable-imptcp

218

+		# Message Modificiation Plugins without depedencies

219

+		--enable-mmanon

220

+		--enable-mmaudit

221

+		--enable-mmcount

222

+		--enable-mmfields

223

+		--enable-mmjsonparse

224

+		--enable-mmpstrucdata

225

+		--enable-mmrm1stspace

226

+		--enable-mmsequence

227

+		--enable-mmutf8fix

228

+		# Output Modification Plugins without dependencies

229

+		--enable-mail

230

+		--enable-omprog

231

+		--enable-omruleset

232

+		--enable-omstdout

233

+		--enable-omuxsock

234

+		# Misc

235

+		--enable-fmhash

236

+		$(use_enable xxhash fmhash-xxhash)

237

+		--enable-pmaixforwardedfrom

238

+		--enable-pmciscoios

239

+		--enable-pmcisconames

240

+		--enable-pmlastmsg

241

+		$(use_enable normalize pmnormalize)

242

+		--enable-pmnull

243

+		--enable-pmpanngfw

244

+		--enable-pmsnare

245

+		# DB

246

+		$(use_enable dbi libdbi)

247

+		$(use_enable mongodb ommongodb)

248

+		$(use_enable mysql)

249

+		$(use_enable postgres pgsql)

250

+		$(use_enable redis omhiredis)

251

+		# Debug

252

+		$(use_enable debug)

253

+		$(use_enable debug diagtools)

254

+		$(use_enable debug valgrind)

255

+		# Misc

256

+		$(use_enable clickhouse)

257

+		$(use_enable curl fmhttp)

258

+		$(use_enable elasticsearch)

259

+		$(use_enable gcrypt libgcrypt)

260

+		$(use_enable jemalloc)

261

+		$(use_enable kafka imkafka)

262

+		$(use_enable kafka omkafka)

263

+		$(use_enable kerberos gssapi-krb5)

264

+		$(use_enable kubernetes mmkubernetes)

265

+		$(use_enable normalize mmnormalize)

266

+		$(use_enable mdblookup mmdblookup)

267

+		$(use_enable omhttp)

268

+		$(use_enable omhttpfs)

269

+		$(use_enable omudpspoof)

270

+		$(use_enable rabbitmq omrabbitmq)

271

+		$(use_enable relp)

272

+		$(use_enable rfc3195)

273

+		$(use_enable rfc5424hmac mmrfc5424addhmac)

274

+		$(use_enable snmp)

275

+		$(use_enable snmp mmsnmptrapd)

276

+		$(use_enable gnutls)

277

+		$(use_enable openssl)

278

+		$(use_enable systemd imjournal)

279

+		$(use_enable systemd omjournal)

280

+		$(use_enable usertools)

281

+		$(use_enable uuid)

282

+		$(use_enable zeromq imczmq)

283

+		$(use_enable zeromq omczmq)

284

+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"

285

+	)

286

+

287

+	econf "${myeconfargs[@]}"

288

+}

289

+

290

+src_compile() {

291

+	default

292

+

293

+	if use doc && [[ "${PV}" == "9999" ]]; then

294

+		einfo "Building documentation ..."

295

+		local doc_dir="${S}/docs"

296

+		cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"

297

+		sphinx-build -b html source build || die "Building documentation failed!"

298

+	fi

299

+}

300

+

301

+src_test() {

302

+	local _has_increased_ulimit=

303

+

304

+	# Sometimes tests aren't executable (i.e. when added via patch)

305

+	einfo "Adjusting permissions of test scripts ..."

306

+	find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \

307

+		die "Failed to adjust test scripts permission"

308

+

309

+	if ulimit -n 3072; then

310

+		_has_increased_ulimit="true"

311

+	fi

312

+

313

+	if ! emake --jobs 1 check; then

314

+		eerror "Test suite failed! :("

315

+

316

+		if [[ -z "${_has_increased_ulimit}" ]]; then

317

+			eerror "Probably because open file limit couldn't be set to 3072."

318

+		fi

319

+

320

+		if has userpriv ${FEATURES}; then

321

+			eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \

322

+				"before you submit a bug report."

323

+		fi

324

+

325

+	fi

326

+}

327

+

328

+src_install() {

329

+	local DOCS=(

330

+		AUTHORS

331

+		ChangeLog

332

+		"${FILESDIR}"/README.gentoo

333

+	)

334

+

335

+	use doc && local HTML_DOCS=( "${S}/docs/build/." )

336

+

337

+	default

338

+

339

+	newconfd "${FILESDIR}/${PN}.confd-r1" ${PN}

340

+	newinitd "${FILESDIR}/${PN}.initd-r1" ${PN}

341

+

342

+	keepdir /var/empty/dev

343

+	keepdir /var/spool/${PN}

344

+	keepdir /etc/ssl/${PN}

345

+	keepdir /etc/${PN}.d

346

+

347

+	insinto /etc

348

+	newins "${FILESDIR}/${PN}.conf" ${PN}.conf

349

+

350

+	insinto /etc/rsyslog.d/

351

+	newins "${FILESDIR}/50-default-r1.conf" 50-default.conf

352

+

353

+	insinto /etc/logrotate.d/

354

+	newins "${FILESDIR}/${PN}-r1.logrotate" ${PN}

355

+

356

+	if use mysql; then

357

+		insinto /usr/share/doc/${PF}/scripts/mysql

358

+		doins plugins/ommysql/createDB.sql

359

+	fi

360

+

361

+	if use postgres; then

362

+		insinto /usr/share/doc/${PF}/scripts/pgsql

363

+		doins plugins/ompgsql/createDB.sql

364

+	fi

365

+

366

+	prune_libtool_files --modules

367

+}

368

+

369

+pkg_postinst() {

370

+	local advertise_readme=0

371

+

372

+	if [[ -z "${REPLACING_VERSIONS}" ]]; then

373

+		# This is a new installation

374

+

375

+		advertise_readme=1

376

+

377

+		if use mysql || use postgres; then

378

+			echo

379

+			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"

380

+			elog "  /usr/share/doc/${PF}/scripts"

381

+		fi

382

+

383

+		if use ssl; then

384

+			echo

385

+			elog "To create a default CA and certificates for your server and clients, run:"

386

+			elog "  emerge --config =${PF}"

387

+			elog "on your logging server. You can run it several times,"

388

+			elog "once for each logging client. The client certificates will be signed"

389

+			elog "using the CA certificate generated during the first run."

390

+		fi

391

+	fi

392

+

393

+	if [[ ${advertise_readme} -gt 0 ]]; then

394

+		# We need to show the README file location

395

+

396

+		echo ""

397

+		elog "Please read"

398

+		elog ""

399

+		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"

400

+		elog ""

401

+		elog "for more details."

402

+	fi

403

+}

404

+

405

+pkg_config() {

406

+	if ! use ssl ; then

407

+		einfo "There is nothing to configure for rsyslog unless you"

408

+		einfo "used USE=ssl to build it."

409

+		return 0

410

+	fi

411

+

412

+	# Make sure the certificates directory exists

413

+	local CERTDIR="${EROOT}/etc/ssl/${PN}"

414

+	if [[ ! -d "${CERTDIR}" ]]; then

415

+		mkdir "${CERTDIR}" || die

416

+	fi

417

+	einfo "Your certificates will be stored in ${CERTDIR}"

418

+

419

+	# Create a default CA if needed

420

+	if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then

421

+		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."

422

+		certtool --generate-privkey \

423

+			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null

424

+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"

425

+

426

+		cat > "${T}/${PF}.$$" <<- _EOF

427

+		cn = Portage automated CA

428

+		ca

429

+		cert_signing_key

430

+		expiration_days = 3650

431

+		_EOF

432

+

433

+		certtool --generate-self-signed \

434

+			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \

435

+			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \

436

+			--template "${T}/${PF}.$$" &>/dev/null

437

+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"

438

+

439

+		# Create the server certificate

440

+		echo

441

+		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "

442

+		read -r CN

443

+

444

+		einfo "Creating private key and certificate for server ${CN}..."

445

+		certtool --generate-privkey \

446

+			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null

447

+		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"

448

+

449

+		cat > "${T}/${PF}.$$" <<- _EOF

450

+		cn = ${CN}

451

+		tls_www_server

452

+		dns_name = ${CN}

453

+		expiration_days = 3650

454

+		_EOF

455

+

456

+		certtool --generate-certificate \

457

+			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \

458

+			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \

459

+			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \

460

+			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \

461

+			--template "${T}/${PF}.$$" &>/dev/null

462

+		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"

463

+

464

+	else

465

+		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."

466

+	fi

467

+

468

+	# Create a client certificate

469

+	echo

470

+	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "

471

+	read -r CN

472

+

473

+	einfo "Creating private key and certificate for client ${CN}..."

474

+	certtool --generate-privkey \

475

+		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null

476

+	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"

477

+

478

+	cat > "${T}/${PF}.$$" <<- _EOF

479

+	cn = ${CN}

480

+	tls_www_client

481

+	dns_name = ${CN}

482

+	expiration_days = 3650

483

+	_EOF

484

+

485

+	certtool --generate-certificate \

486

+		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \

487

+		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \

488

+		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \

489

+		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \

490

+		--template "${T}/${PF}.$$" &>/dev/null

491

+	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"

492

+

493

+	rm -f "${T}/${PF}.$$"

494

+

495

+	echo

496

+	einfo "Here is the documentation on how to encrypt your log traffic:"

497

+	einfo " https://www.rsyslog.com/doc/rsyslog_tls.html"

498

+}

1	commit: fbb231bfa84a623474e4dae04a873ecf251307d3
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Wed Oct 2 23:04:27 2019 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Wed Oct 2 23:10:14 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbb231bf
7
8	app-admin/rsyslog: bump to v8.1910.0
9
10	Package-Manager: Portage-2.3.76, Repoman-2.3.17
11	Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
12
13	app-admin/rsyslog/Manifest \| 2 +
14	app-admin/rsyslog/rsyslog-8.1910.0.ebuild \| 462 ++++++++++++++++++++++++++++++
15	2 files changed, 464 insertions(+)
16
17	diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest
18	index 9f3976a6187..27081562136 100644
19	--- a/app-admin/rsyslog/Manifest
20	+++ b/app-admin/rsyslog/Manifest
21	@@ -1,6 +1,8 @@
22	DIST rsyslog-8.1904.0.tar.gz 2902708 BLAKE2B 515d5e32c2dc6cdd8dd51fc595ad775503438603f28828e9f1a427b184a5a61de32af2ee90334b7d56a9404106d74da47386a18a370278d5a16422a6bb09f556 SHA512 cccb48f06508d7e7c2dd788903f4d7ddb3020cdf6079aea1d52387c56b920f10b08957a79b5d420ccdb54cae50d1da6e5eb80cde9498bceaeda4f6ce37f694fd
23	DIST rsyslog-8.1907.0.tar.gz 2926855 BLAKE2B 65c674e53bfa960e3fe5c7f41a304cf8736fe72e2391895dde9fdc17fabeb2f92fccab48965d5e1689a5852136a43a3355f89c9fa9d1d1974335ce80204bb4ac SHA512 2aa3f6106e48fa63c6d4389f83e7a3212817c626d04881682236055792cf5c9d8a941638c9a508c470b6a24c934ef5cb0eda65ea25179d98831afbe2a27c1519
24	DIST rsyslog-8.1908.0.tar.gz 2952939 BLAKE2B c6784753262a71f30f32fc35ad3e3e75fa2af271bdb0a62c2d4796d3d0413c7f619052a5e33c52c5f3b22aa474d14b7bb06e9c502944f914e708265835fd90ff SHA512 66b6755e1f5a610ed8ec3f8fad1ee227f8ff34618a8f2660a801e6f9aa734980190fbffd8144ac30d63f8297a06e86ada65ba838242d8a006bca8e30f56dce80
25	+DIST rsyslog-8.1910.0.tar.gz 2957635 BLAKE2B ea350d3fb923c2f7d2799942fec6a77ef893fa12bc95a5b1428b8e280d96b562cd864469ebf13ee57e9ea89787765a4bb13d155460defc73a3a85b17ad6a5ab1 SHA512 85f5df91a6357ecb38708b4d569d26804a50ca28c928a636ac7749595f1a7105c3450fbd521835a436ebdfdcac33a33986e09a09026745ea4d1a2897406770d5
26	DIST rsyslog-doc-8.1904.0.tar.gz 8042650 BLAKE2B 585fe5c63eee1fb46f94dcd3d529045b3900e08c291e0e71ed9bf32a6200e6c7283820b262bd56e9aeb74cc227ecd518caafec5a8f87c1d8523d5d7fd95030aa SHA512 da0ff00fbe71756b3c27fd8b94e88611452c3ba611e583862556393faaaa596ca8f32f694ad40a3e1df67385d9f9ca80db6a58f5d2e336fe95639dd7cd0de828
27	DIST rsyslog-doc-8.1907.0.tar.gz 8071764 BLAKE2B 90c18a93bb2f2c9158a4696245c44c36ab4c40597d1eb8df8af257f57aa17e71436bd60792c4f982ebc15395abacd53281046e4ae6df65c306f815e6599fb8bc SHA512 72dcddef6e36a92d2bdcf54072fff7516b6c731f43a53ef8f5d4ebdbe46bc7aeb63bbc3e739a6e5897602ea7705c4bdd8f57aa10796955ed772a6c7cf552c5e5
28	DIST rsyslog-doc-8.1908.0.tar.gz 8082984 BLAKE2B 7f102a215b0c51b961a4e44e97c8a3cd9966215dba44a194a5ff925b8a2b1ad3389461e2de3dae6dfb770bc36c9a31747298bdb7e975d6fa86ca209c9e314ac3 SHA512 d826013de671c895be7becd2a7c5ce1fb218149c6128d486116be6a01fc69099026f5a277b30fc57e626aeb4038e00b17abcad9a45ea3c9838e7041de9d991a5
29	+DIST rsyslog-doc-8.1910.0.tar.gz 8158007 BLAKE2B 7a05cf7070ba350d0fb939350868ff0dd9d03be46ebd1b1261e54add70ab680afe0b356f563ea9e10148aed17667fc0b729e2fa8f7ff7cff3e4cec9d0da209a8 SHA512 e46f14e40ae690efbe3114a859c1c94c8f9573ca5ebdb533ad4b5ed76c3a930c887cc205e7279fcc546fda3ce624eae507ce08d5d10ee1eb167a957edd742bf2
30
31	diff --git a/app-admin/rsyslog/rsyslog-8.1910.0.ebuild b/app-admin/rsyslog/rsyslog-8.1910.0.ebuild
32	new file mode 100644
33	index 00000000000..09eed323e45
34	--- /dev/null
35	+++ b/app-admin/rsyslog/rsyslog-8.1910.0.ebuild
36	@@ -0,0 +1,462 @@
37	+# Copyright 1999-2019 Gentoo Authors
38	+# Distributed under the terms of the GNU General Public License v2
39	+
40	+EAPI="6"
41	+PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} )
42	+
43	+inherit autotools eutils linux-info python-any-r1 systemd
44	+
45	+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
46	+HOMEPAGE="https://www.rsyslog.com/"
47	+
48	+if [[ ${PV} == "9999" ]]; then
49	+ EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"
50	+
51	+ DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"
52	+
53	+ inherit git-r3
54	+else
55	+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86"
56	+
57	+ SRC_URI="
58	+ https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz
59	+ doc? ( https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz )
60	+ "
61	+fi
62	+
63	+LICENSE="GPL-3 LGPL-3 Apache-2.0"
64	+SLOT="0"
65	+IUSE="curl dbi debug doc elasticsearch +gcrypt gnutls jemalloc kafka kerberos kubernetes libressl mdblookup"
66	+IUSE+=" mongodb mysql normalize clickhouse omhttp omhttpfs omudpspoof openssl postgres"
67	+IUSE+=" rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools +uuid xxhash zeromq"
68	+RESTRICT="!test? ( test )"
69	+
70	+RDEPEND="
71	+ >=dev-libs/libfastjson-0.99.8:=
72	+ >=dev-libs/libestr-0.1.9
73	+ >=sys-libs/zlib-1.2.5
74	+ curl? ( >=net-misc/curl-7.35.0 )
75	+ dbi? ( >=dev-db/libdbi-0.8.3 )
76	+ elasticsearch? ( >=net-misc/curl-7.35.0 )
77	+ gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
78	+ jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )
79	+ kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )
80	+ kerberos? ( virtual/krb5 )
81	+ kubernetes? ( >=net-misc/curl-7.35.0 )
82	+ mdblookup? ( dev-libs/libmaxminddb:= )
83	+ mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )
84	+ mysql? ( dev-db/mysql-connector-c:= )
85	+ normalize? (
86	+ >=dev-libs/liblognorm-2.0.3:=
87	+ )
88	+ clickhouse? ( >=net-misc/curl-7.35.0 )
89	+ omhttpfs? ( >=net-misc/curl-7.35.0 )
90	+ omudpspoof? ( >=net-libs/libnet-1.1.6 )
91	+ postgres? ( >=dev-db/postgresql-8.4.20:= )
92	+ rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )
93	+ redis? ( >=dev-libs/hiredis-0.11.0:= )
94	+ relp? ( >=dev-libs/librelp-1.2.17:= )
95	+ rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
96	+ rfc5424hmac? (
97	+ !libressl? ( >=dev-libs/openssl-0.9.8y:0= )
98	+ libressl? ( dev-libs/libressl:= )
99	+ )
100	+ snmp? ( >=net-analyzer/net-snmp-5.7.2 )
101	+ ssl? (
102	+ gnutls? ( >=net-libs/gnutls-2.12.23:0= )
103	+ openssl? (
104	+ !libressl? ( dev-libs/openssl:0= )
105	+ libressl? ( dev-libs/libressl:0= )
106	+ )
107	+ )
108	+ systemd? ( >=sys-apps/systemd-234 )
109	+ uuid? ( sys-apps/util-linux:0= )
110	+ xxhash? ( dev-libs/xxhash:= )
111	+ zeromq? (
112	+ >=net-libs/czmq-3.0.2
113	+ )"
114	+DEPEND="${RDEPEND}
115	+ >=sys-devel/autoconf-archive-2015.02.24
116	+ virtual/pkgconfig
117	+ elibc_musl? ( sys-libs/queue-standalone )
118	+ test? (
119	+ >=dev-libs/liblogging-1.0.1[stdlog]
120	+ jemalloc? ( <sys-libs/libfaketime-0.9.7 )
121	+ !jemalloc? ( sys-libs/libfaketime )
122	+ ${PYTHON_DEPS}
123	+ )"
124	+
125	+REQUIRED_USE="
126	+ kubernetes? ( normalize )
127	+ ssl? ( \|\| ( gnutls openssl ) )
128	+"
129	+
130	+if [[ ${PV} == "9999" ]]; then
131	+ DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
132	+ DEPEND+=" >=sys-devel/flex-2.5.39-r1"
133	+ DEPEND+=" >=sys-devel/bison-2.4.3"
134	+ DEPEND+=" >=dev-python/docutils-0.12"
135	+fi
136	+
137	+CONFIG_CHECK="~INOTIFY_USER"
138	+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"
139	+
140	+pkg_setup() {
141	+ use test && python-any-r1_pkg_setup
142	+}
143	+
144	+src_unpack() {
145	+ if [[ ${PV} == "9999" ]]; then
146	+ git-r3_fetch
147	+ git-r3_checkout
148	+ else
149	+ unpack ${P}.tar.gz
150	+ fi
151	+
152	+ if use doc; then
153	+ if [[ ${PV} == "9999" ]]; then
154	+ local _EGIT_BRANCH=
155	+ if [[ -n "${EGIT_BRANCH}" ]]; then
156	+ # Cannot use rsyslog commits/branches for documentation repository
157	+ _EGIT_BRANCH=${EGIT_BRANCH}
158	+ unset EGIT_BRANCH
159	+ fi
160	+
161	+ git-r3_fetch "${DOC_REPO_URI}"
162	+ git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
163	+
164	+ if [[ -n "${_EGIT_BRANCH}" ]]; then
165	+ # Restore previous EGIT_BRANCH information
166	+ EGIT_BRANCH=${_EGIT_BRANCH}
167	+ fi
168	+ else
169	+ cd "${S}" \|\| die "Cannot change dir into '${S}'"
170	+ mkdir docs \|\| die "Failed to create docs directory"
171	+ cd docs \|\| die "Failed to change dir into '${S}/docs'"
172	+ unpack ${PN}-doc-${PV}.tar.gz
173	+ fi
174	+ fi
175	+}
176	+
177	+src_prepare() {
178	+ default
179	+
180	+ # https://github.com/rsyslog/rsyslog/issues/3626
181	+ sed -i \
182	+ -e '\\|^#!/bin/bash$\|a exit 77' \
183	+ tests/mmkubernetes-cache-expir*.sh \
184	+ \|\| die "Failed to disabled known test failure mmkubernetes-cache-expir*.sh"
185	+
186	+ eautoreconf
187	+}
188	+
189	+src_configure() {
190	+ # Maintainer notes:
191	+ # * Guardtime support is missing because libgt isn't yet available
192	+ # in portage.
193	+ # * Hadoop's HDFS file system output module is currently not
194	+ # supported in Gentoo because nobody is able to test it
195	+ # (JAVA dependency).
196	+ # * dev-libs/hiredis doesn't provide pkg-config (see #504614,
197	+ # upstream PR 129 and 136) so we need to export HIREDIS_*
198	+ # variables because rsyslog's build system depends on pkg-config.
199	+
200	+ if use redis; then
201	+ export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
202	+ export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
203	+ fi
204	+
205	+ local myeconfargs=(
206	+ --disable-debug-symbols
207	+ --disable-generate-man-pages
208	+ --without-valgrind-testbench
209	+ --disable-liblogging-stdlog
210	+ $(use_enable test testbench)
211	+ $(use_enable test libfaketime)
212	+ $(use_enable test extended-tests)
213	+ # Input Plugins without depedencies
214	+ --enable-imdiag
215	+ --enable-imfile
216	+ --enable-impstats
217	+ --enable-imptcp
218	+ # Message Modificiation Plugins without depedencies
219	+ --enable-mmanon
220	+ --enable-mmaudit
221	+ --enable-mmcount
222	+ --enable-mmfields
223	+ --enable-mmjsonparse
224	+ --enable-mmpstrucdata
225	+ --enable-mmrm1stspace
226	+ --enable-mmsequence
227	+ --enable-mmutf8fix
228	+ # Output Modification Plugins without dependencies
229	+ --enable-mail
230	+ --enable-omprog
231	+ --enable-omruleset
232	+ --enable-omstdout
233	+ --enable-omuxsock
234	+ # Misc
235	+ --enable-fmhash
236	+ $(use_enable xxhash fmhash-xxhash)
237	+ --enable-pmaixforwardedfrom
238	+ --enable-pmciscoios
239	+ --enable-pmcisconames
240	+ --enable-pmlastmsg
241	+ $(use_enable normalize pmnormalize)
242	+ --enable-pmnull
243	+ --enable-pmpanngfw
244	+ --enable-pmsnare
245	+ # DB
246	+ $(use_enable dbi libdbi)
247	+ $(use_enable mongodb ommongodb)
248	+ $(use_enable mysql)
249	+ $(use_enable postgres pgsql)
250	+ $(use_enable redis omhiredis)
251	+ # Debug
252	+ $(use_enable debug)
253	+ $(use_enable debug diagtools)
254	+ $(use_enable debug valgrind)
255	+ # Misc
256	+ $(use_enable clickhouse)
257	+ $(use_enable curl fmhttp)
258	+ $(use_enable elasticsearch)
259	+ $(use_enable gcrypt libgcrypt)
260	+ $(use_enable jemalloc)
261	+ $(use_enable kafka imkafka)
262	+ $(use_enable kafka omkafka)
263	+ $(use_enable kerberos gssapi-krb5)
264	+ $(use_enable kubernetes mmkubernetes)
265	+ $(use_enable normalize mmnormalize)
266	+ $(use_enable mdblookup mmdblookup)
267	+ $(use_enable omhttp)
268	+ $(use_enable omhttpfs)
269	+ $(use_enable omudpspoof)
270	+ $(use_enable rabbitmq omrabbitmq)
271	+ $(use_enable relp)
272	+ $(use_enable rfc3195)
273	+ $(use_enable rfc5424hmac mmrfc5424addhmac)
274	+ $(use_enable snmp)
275	+ $(use_enable snmp mmsnmptrapd)
276	+ $(use_enable gnutls)
277	+ $(use_enable openssl)
278	+ $(use_enable systemd imjournal)
279	+ $(use_enable systemd omjournal)
280	+ $(use_enable usertools)
281	+ $(use_enable uuid)
282	+ $(use_enable zeromq imczmq)
283	+ $(use_enable zeromq omczmq)
284	+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
285	+ )
286	+
287	+ econf "${myeconfargs[@]}"
288	+}
289	+
290	+src_compile() {
291	+ default
292	+
293	+ if use doc && [[ "${PV}" == "9999" ]]; then
294	+ einfo "Building documentation ..."
295	+ local doc_dir="${S}/docs"
296	+ cd "${doc_dir}" \|\| die "Cannot chdir into \"${doc_dir}\"!"
297	+ sphinx-build -b html source build \|\| die "Building documentation failed!"
298	+ fi
299	+}
300	+
301	+src_test() {
302	+ local _has_increased_ulimit=
303	+
304	+ # Sometimes tests aren't executable (i.e. when added via patch)
305	+ einfo "Adjusting permissions of test scripts ..."
306	+ find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; \|\| \
307	+ die "Failed to adjust test scripts permission"
308	+
309	+ if ulimit -n 3072; then
310	+ _has_increased_ulimit="true"
311	+ fi
312	+
313	+ if ! emake --jobs 1 check; then
314	+ eerror "Test suite failed! :("
315	+
316	+ if [[ -z "${_has_increased_ulimit}" ]]; then
317	+ eerror "Probably because open file limit couldn't be set to 3072."
318	+ fi
319	+
320	+ if has userpriv ${FEATURES}; then
321	+ eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
322	+ "before you submit a bug report."
323	+ fi
324	+
325	+ fi
326	+}
327	+
328	+src_install() {
329	+ local DOCS=(
330	+ AUTHORS
331	+ ChangeLog
332	+ "${FILESDIR}"/README.gentoo
333	+ )
334	+
335	+ use doc && local HTML_DOCS=( "${S}/docs/build/." )
336	+
337	+ default
338	+
339	+ newconfd "${FILESDIR}/${PN}.confd-r1" ${PN}
340	+ newinitd "${FILESDIR}/${PN}.initd-r1" ${PN}
341	+
342	+ keepdir /var/empty/dev
343	+ keepdir /var/spool/${PN}
344	+ keepdir /etc/ssl/${PN}
345	+ keepdir /etc/${PN}.d
346	+
347	+ insinto /etc
348	+ newins "${FILESDIR}/${PN}.conf" ${PN}.conf
349	+
350	+ insinto /etc/rsyslog.d/
351	+ newins "${FILESDIR}/50-default-r1.conf" 50-default.conf
352	+
353	+ insinto /etc/logrotate.d/
354	+ newins "${FILESDIR}/${PN}-r1.logrotate" ${PN}
355	+
356	+ if use mysql; then
357	+ insinto /usr/share/doc/${PF}/scripts/mysql
358	+ doins plugins/ommysql/createDB.sql
359	+ fi
360	+
361	+ if use postgres; then
362	+ insinto /usr/share/doc/${PF}/scripts/pgsql
363	+ doins plugins/ompgsql/createDB.sql
364	+ fi
365	+
366	+ prune_libtool_files --modules
367	+}
368	+
369	+pkg_postinst() {
370	+ local advertise_readme=0
371	+
372	+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
373	+ # This is a new installation
374	+
375	+ advertise_readme=1
376	+
377	+ if use mysql \|\| use postgres; then
378	+ echo
379	+ elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
380	+ elog " /usr/share/doc/${PF}/scripts"
381	+ fi
382	+
383	+ if use ssl; then
384	+ echo
385	+ elog "To create a default CA and certificates for your server and clients, run:"
386	+ elog " emerge --config =${PF}"
387	+ elog "on your logging server. You can run it several times,"
388	+ elog "once for each logging client. The client certificates will be signed"
389	+ elog "using the CA certificate generated during the first run."
390	+ fi
391	+ fi
392	+
393	+ if [[ ${advertise_readme} -gt 0 ]]; then
394	+ # We need to show the README file location
395	+
396	+ echo ""
397	+ elog "Please read"
398	+ elog ""
399	+ elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
400	+ elog ""
401	+ elog "for more details."
402	+ fi
403	+}
404	+
405	+pkg_config() {
406	+ if ! use ssl ; then
407	+ einfo "There is nothing to configure for rsyslog unless you"
408	+ einfo "used USE=ssl to build it."
409	+ return 0
410	+ fi
411	+
412	+ # Make sure the certificates directory exists
413	+ local CERTDIR="${EROOT}/etc/ssl/${PN}"
414	+ if [[ ! -d "${CERTDIR}" ]]; then
415	+ mkdir "${CERTDIR}" \|\| die
416	+ fi
417	+ einfo "Your certificates will be stored in ${CERTDIR}"
418	+
419	+ # Create a default CA if needed
420	+ if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then
421	+ einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
422	+ certtool --generate-privkey \
423	+ --outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
424	+ chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
425	+
426	+ cat > "${T}/${PF}.$$" <<- _EOF
427	+ cn = Portage automated CA
428	+ ca
429	+ cert_signing_key
430	+ expiration_days = 3650
431	+ _EOF
432	+
433	+ certtool --generate-self-signed \
434	+ --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
435	+ --outfile "${CERTDIR}/${PN}_ca.cert.pem" \
436	+ --template "${T}/${PF}.$$" &>/dev/null
437	+ chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
438	+
439	+ # Create the server certificate
440	+ echo
441	+ einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
442	+ read -r CN
443	+
444	+ einfo "Creating private key and certificate for server ${CN}..."
445	+ certtool --generate-privkey \
446	+ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
447	+ chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
448	+
449	+ cat > "${T}/${PF}.$$" <<- _EOF
450	+ cn = ${CN}
451	+ tls_www_server
452	+ dns_name = ${CN}
453	+ expiration_days = 3650
454	+ _EOF
455	+
456	+ certtool --generate-certificate \
457	+ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
458	+ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
459	+ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
460	+ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
461	+ --template "${T}/${PF}.$$" &>/dev/null
462	+ chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
463	+
464	+ else
465	+ einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
466	+ fi
467	+
468	+ # Create a client certificate
469	+ echo
470	+ einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
471	+ read -r CN
472	+
473	+ einfo "Creating private key and certificate for client ${CN}..."
474	+ certtool --generate-privkey \
475	+ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
476	+ chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
477	+
478	+ cat > "${T}/${PF}.$$" <<- _EOF
479	+ cn = ${CN}
480	+ tls_www_client
481	+ dns_name = ${CN}
482	+ expiration_days = 3650
483	+ _EOF
484	+
485	+ certtool --generate-certificate \
486	+ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
487	+ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
488	+ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
489	+ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
490	+ --template "${T}/${PF}.$$" &>/dev/null
491	+ chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
492	+
493	+ rm -f "${T}/${PF}.$$"
494	+
495	+ echo
496	+ einfo "Here is the documentation on how to encrypt your log traffic:"
497	+ einfo " https://www.rsyslog.com/doc/rsyslog_tls.html"
498	+}

Gentoo Archives: gentoo-commits