[gentoo-commits] repo/gentoo:master commit in: app-admin/rsyslog/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-admin/rsyslog/
Date:	Tue, 28 Apr 2020 23:04:36
Message-Id:	`1588114847.13cda07a1548f8462232772219887a229bc3752c.whissi@gentoo`

1

commit:     13cda07a1548f8462232772219887a229bc3752c

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Tue Apr 28 23:00:08 2020 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Tue Apr 28 23:00:47 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13cda07a

7

8

app-admin/rsyslog: bump to v8.2004.0

9

10

Package-Manager: Portage-2.3.99, Repoman-2.3.22

11

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

12

13

 app-admin/rsyslog/Manifest                |   2 +

14

 app-admin/rsyslog/rsyslog-8.2004.0.ebuild | 462 ++++++++++++++++++++++++++++++

15

 2 files changed, 464 insertions(+)

16

17

diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest

18

index 307646e448c..7e52759762b 100644

19

--- a/app-admin/rsyslog/Manifest

20

+++ b/app-admin/rsyslog/Manifest

21

@@ -2,7 +2,9 @@ DIST rsyslog-8.1910.0.tar.gz 2957635 BLAKE2B ea350d3fb923c2f7d2799942fec6a77ef89

22

 DIST rsyslog-8.1911.0.tar.gz 2967162 BLAKE2B 6c15436cf6751267de38662b2c5d524dc7f90add4ed1aa7102811d197c2d86847316b58ed626fe0ab2b731c445fbcfb328464a2b1b7c4c3afedccb103267f772 SHA512 8414901a5072cb2cc28d35802c9e22d0f9c88f2ae15985a087a86b0e4053471b02d43bcc95d0c466719105e0a5ee683927af3842b9487f27ddddc1ca00ed713a

23

 DIST rsyslog-8.2001.0.tar.gz 2999701 BLAKE2B 8b0b0af6a9f8ea53540cd4869ad9ccc6f1adfea3349c4785222d72028101d8e095a7bb0c0496b5026b4144a64cd5d42f547294f03c75a205fa5724e67675ff6e SHA512 a68053630c43bea813cc3191ebff04473031df49899a6be2d5c331ac18882f373fc54fd7fb45c397fcbbcb269f246eeba5e9126911edd1bfe1c52f60921740d2

24

 DIST rsyslog-8.2002.0.tar.gz 3000861 BLAKE2B b05081eefc9a9c7a2a5815b472ebecb0214b1855c87e2428d2114c6d390e0251a71dda6ed80e8c4c8368e9a327a1c5d36a906b1eabd485a64078f490ad09a115 SHA512 a01bb2f67d21ab6d96dd1302bc351b509892834ef44956983db912a63ba23201653ca1e6b176a574c47568665b4d92579bb8bb0fe6911646bc841a3754c2754f

25

+DIST rsyslog-8.2004.0.tar.gz 3002704 BLAKE2B b5049448e0d09e048a45f067b5f8de453721ac5d63233f251e6e24fe2a722469cb19a91e83aa405ffc21245942b824e0a28ecd4e6df431517c8775e7a322bcd3 SHA512 1d7fac65cc97975a6765a55732d413e892502e53566c6fb7c1bfc0107b173eae77dd04c0c9a7471296dff998ceb2fd5a2374368a5a8528f8eb0a89d1915b0214

26

 DIST rsyslog-doc-8.1910.0.tar.gz 8158007 BLAKE2B 7a05cf7070ba350d0fb939350868ff0dd9d03be46ebd1b1261e54add70ab680afe0b356f563ea9e10148aed17667fc0b729e2fa8f7ff7cff3e4cec9d0da209a8 SHA512 e46f14e40ae690efbe3114a859c1c94c8f9573ca5ebdb533ad4b5ed76c3a930c887cc205e7279fcc546fda3ce624eae507ce08d5d10ee1eb167a957edd742bf2

27

 DIST rsyslog-doc-8.1911.0.tar.gz 8183360 BLAKE2B f5681945fb30ddf9c21a60ebafaf99698f10ef4790e76c9f6f329763215d5a1d47918008ade3e8ff8b7d4fb3ce1220cfc6f307ebc1dbf85697c3d92f7b855023 SHA512 2326550a0db108db407b701ff0b7b8545f94d06c1979bfbea3496a9a652de2a22bf49e9b95d4b2e6256bbf1f9db6a1c9822557c6ebd6a56bc00f096a642b19df

28

 DIST rsyslog-doc-8.2001.0.tar.gz 8200594 BLAKE2B ad0fda200749083a56fd4d731b03982e25ff32a7c6b4ff10f996ee42a46c6985f11fc8265e6992d1d5c86973541d0b0cf15c014460792a4658f45a1a310aee4f SHA512 6d58a67914f65d75eb77411e760b9e49be3723fb6e4ab8951ce28bf83372e3ec7805fac5aef49158fa47c6c4a9109e887bcc46ed3ca0cdc53de4e9b66472be14

29

 DIST rsyslog-doc-8.2002.0.tar.gz 8330832 BLAKE2B 1d27326dadcf06b158b28bbd66498559e4eb5012f84e073c63ab880b411e838550350b43cb0879f67f7b05541f6fcb659e406eaf5baf1d4d4b601d06e581d2bf SHA512 5d6bd8fe09b49644f000416c87c8600cd3df3facb07845afd85012279df203a44b234e94a7be90ad83709d5f2ad1a2bf8cb51571c5c0cd76383f76f81455945e

30

+DIST rsyslog-doc-8.2004.0.tar.gz 8323570 BLAKE2B 76b6acc7614f1cbe0a4f99a2a27ff44e2706d1a570afb7d92c628154d49bde5b00a7a4ae1c7d9639f67270f3080a6637cbebb14eaa43484655b322def11b367f SHA512 1a95b334bfe4c2a1d4844983cf32e44205ec6b7cabf1a6914a9ebb335d3d8f78655caf2a55a8cf444352af7d9ae92daa09e8fdf36e520554ed4807a4ed5fd393

31

32

diff --git a/app-admin/rsyslog/rsyslog-8.2004.0.ebuild b/app-admin/rsyslog/rsyslog-8.2004.0.ebuild

33

new file mode 100644

34

index 00000000000..e3157ed0808

35

--- /dev/null

36

+++ b/app-admin/rsyslog/rsyslog-8.2004.0.ebuild

37

@@ -0,0 +1,462 @@

38

+# Copyright 1999-2020 Gentoo Authors

39

+# Distributed under the terms of the GNU General Public License v2

40

+

41

+EAPI="6"

42

+PYTHON_COMPAT=( python{3_6,3_7,3_8} )

43

+

44

+inherit autotools eutils linux-info ltprune python-any-r1 systemd

45

+

46

+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"

47

+HOMEPAGE="https://www.rsyslog.com/"

48

+

49

+if [[ ${PV} == "9999" ]]; then

50

+	EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"

51

+

52

+	DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"

53

+

54

+	inherit git-r3

55

+else

56

+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86"

57

+

58

+	SRC_URI="

59

+		https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz

60

+		doc? ( https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz )

61

+	"

62

+fi

63

+

64

+LICENSE="GPL-3 LGPL-3 Apache-2.0"

65

+SLOT="0"

66

+IUSE="curl dbi debug doc elasticsearch +gcrypt gnutls jemalloc kafka kerberos kubernetes libressl mdblookup"

67

+IUSE+=" mongodb mysql normalize clickhouse omhttp omhttpfs omudpspoof openssl postgres"

68

+IUSE+=" rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools +uuid xxhash zeromq"

69

+RESTRICT="!test? ( test )"

70

+

71

+RDEPEND="

72

+	>=dev-libs/libfastjson-0.99.8:=

73

+	>=dev-libs/libestr-0.1.9

74

+	>=sys-libs/zlib-1.2.5

75

+	curl? ( >=net-misc/curl-7.35.0 )

76

+	dbi? ( >=dev-db/libdbi-0.8.3 )

77

+	elasticsearch? ( >=net-misc/curl-7.35.0 )

78

+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )

79

+	jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )

80

+	kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )

81

+	kerberos? ( virtual/krb5 )

82

+	kubernetes? ( >=net-misc/curl-7.35.0 )

83

+	mdblookup? ( dev-libs/libmaxminddb:= )

84

+	mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )

85

+	mysql? ( dev-db/mysql-connector-c:= )

86

+	normalize? (

87

+		>=dev-libs/liblognorm-2.0.3:=

88

+	)

89

+	clickhouse? ( >=net-misc/curl-7.35.0 )

90

+	omhttpfs? ( >=net-misc/curl-7.35.0 )

91

+	omudpspoof? ( >=net-libs/libnet-1.1.6 )

92

+	postgres? ( >=dev-db/postgresql-8.4.20:= )

93

+	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )

94

+	redis? ( >=dev-libs/hiredis-0.11.0:= )

95

+	relp? ( >=dev-libs/librelp-1.2.17:= )

96

+	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )

97

+	rfc5424hmac? (

98

+		!libressl? ( >=dev-libs/openssl-0.9.8y:0= )

99

+		libressl? ( dev-libs/libressl:= )

100

+	)

101

+	snmp? ( >=net-analyzer/net-snmp-5.7.2 )

102

+	ssl? (

103

+		gnutls? ( >=net-libs/gnutls-2.12.23:0= )

104

+		openssl? (

105

+			!libressl? ( dev-libs/openssl:0= )

106

+			libressl? ( dev-libs/libressl:0= )

107

+		)

108

+	)

109

+	systemd? ( >=sys-apps/systemd-234 )

110

+	uuid? ( sys-apps/util-linux:0= )

111

+	xxhash? ( dev-libs/xxhash:= )

112

+	zeromq? (

113

+		>=net-libs/czmq-3.0.2

114

+	)"

115

+DEPEND="${RDEPEND}

116

+	>=sys-devel/autoconf-archive-2015.02.24

117

+	virtual/pkgconfig

118

+	elibc_musl? ( sys-libs/queue-standalone )

119

+	test? (

120

+		>=dev-libs/liblogging-1.0.1[stdlog]

121

+		jemalloc? ( <sys-libs/libfaketime-0.9.7 )

122

+		!jemalloc? ( sys-libs/libfaketime )

123

+		${PYTHON_DEPS}

124

+	)"

125

+

126

+REQUIRED_USE="

127

+	kubernetes? ( normalize )

128

+	ssl? ( || ( gnutls openssl ) )

129

+"

130

+

131

+if [[ ${PV} == "9999" ]]; then

132

+	DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"

133

+	DEPEND+=" >=sys-devel/flex-2.5.39-r1"

134

+	DEPEND+=" >=sys-devel/bison-2.4.3"

135

+	DEPEND+=" >=dev-python/docutils-0.12"

136

+fi

137

+

138

+CONFIG_CHECK="~INOTIFY_USER"

139

+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"

140

+

141

+pkg_setup() {

142

+	use test && python-any-r1_pkg_setup

143

+}

144

+

145

+src_unpack() {

146

+	if [[ ${PV} == "9999" ]]; then

147

+		git-r3_fetch

148

+		git-r3_checkout

149

+	else

150

+		unpack ${P}.tar.gz

151

+	fi

152

+

153

+	if use doc; then

154

+		if [[ ${PV} == "9999" ]]; then

155

+			local _EGIT_BRANCH=

156

+			if [[ -n "${EGIT_BRANCH}" ]]; then

157

+				# Cannot use rsyslog commits/branches for documentation repository

158

+				_EGIT_BRANCH=${EGIT_BRANCH}

159

+				unset EGIT_BRANCH

160

+			fi

161

+

162

+			git-r3_fetch "${DOC_REPO_URI}"

163

+			git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs

164

+

165

+			if [[ -n "${_EGIT_BRANCH}" ]]; then

166

+				# Restore previous EGIT_BRANCH information

167

+				EGIT_BRANCH=${_EGIT_BRANCH}

168

+			fi

169

+		else

170

+			cd "${S}" || die "Cannot change dir into '${S}'"

171

+			mkdir docs || die "Failed to create docs directory"

172

+			cd docs || die "Failed to change dir into '${S}/docs'"

173

+			unpack ${PN}-doc-${PV}.tar.gz

174

+		fi

175

+	fi

176

+}

177

+

178

+src_prepare() {

179

+	default

180

+

181

+	# https://github.com/rsyslog/rsyslog/issues/3626

182

+	sed -i \

183

+		-e '\|^#!/bin/bash$|a exit 77' \

184

+		tests/mmkubernetes-cache-expir*.sh \

185

+		|| die "Failed to disabled known test failure mmkubernetes-cache-expir*.sh"

186

+

187

+	eautoreconf

188

+}

189

+

190

+src_configure() {

191

+	# Maintainer notes:

192

+	# * Guardtime support is missing because libgt isn't yet available

193

+	#   in portage.

194

+	# * Hadoop's HDFS file system output module is currently not

195

+	#   supported in Gentoo because nobody is able to test it

196

+	#   (JAVA dependency).

197

+	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,

198

+	#   upstream PR 129 and 136) so we need to export HIREDIS_*

199

+	#   variables because rsyslog's build system depends on pkg-config.

200

+

201

+	if use redis; then

202

+		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"

203

+		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"

204

+	fi

205

+

206

+	local myeconfargs=(

207

+		--disable-debug-symbols

208

+		--disable-generate-man-pages

209

+		--without-valgrind-testbench

210

+		--disable-liblogging-stdlog

211

+		$(use_enable test testbench)

212

+		$(use_enable test libfaketime)

213

+		$(use_enable test extended-tests)

214

+		# Input Plugins without depedencies

215

+		--enable-imdiag

216

+		--enable-imfile

217

+		--enable-impstats

218

+		--enable-imptcp

219

+		# Message Modificiation Plugins without depedencies

220

+		--enable-mmanon

221

+		--enable-mmaudit

222

+		--enable-mmcount

223

+		--enable-mmfields

224

+		--enable-mmjsonparse

225

+		--enable-mmpstrucdata

226

+		--enable-mmrm1stspace

227

+		--enable-mmsequence

228

+		--enable-mmutf8fix

229

+		# Output Modification Plugins without dependencies

230

+		--enable-mail

231

+		--enable-omprog

232

+		--enable-omruleset

233

+		--enable-omstdout

234

+		--enable-omuxsock

235

+		# Misc

236

+		--enable-fmhash

237

+		$(use_enable xxhash fmhash-xxhash)

238

+		--enable-pmaixforwardedfrom

239

+		--enable-pmciscoios

240

+		--enable-pmcisconames

241

+		--enable-pmlastmsg

242

+		$(use_enable normalize pmnormalize)

243

+		--enable-pmnull

244

+		--enable-pmpanngfw

245

+		--enable-pmsnare

246

+		# DB

247

+		$(use_enable dbi libdbi)

248

+		$(use_enable mongodb ommongodb)

249

+		$(use_enable mysql)

250

+		$(use_enable postgres pgsql)

251

+		$(use_enable redis omhiredis)

252

+		# Debug

253

+		$(use_enable debug)

254

+		$(use_enable debug diagtools)

255

+		$(use_enable debug valgrind)

256

+		# Misc

257

+		$(use_enable clickhouse)

258

+		$(use_enable curl fmhttp)

259

+		$(use_enable elasticsearch)

260

+		$(use_enable gcrypt libgcrypt)

261

+		$(use_enable jemalloc)

262

+		$(use_enable kafka imkafka)

263

+		$(use_enable kafka omkafka)

264

+		$(use_enable kerberos gssapi-krb5)

265

+		$(use_enable kubernetes mmkubernetes)

266

+		$(use_enable normalize mmnormalize)

267

+		$(use_enable mdblookup mmdblookup)

268

+		$(use_enable omhttp)

269

+		$(use_enable omhttpfs)

270

+		$(use_enable omudpspoof)

271

+		$(use_enable rabbitmq omrabbitmq)

272

+		$(use_enable relp)

273

+		$(use_enable rfc3195)

274

+		$(use_enable rfc5424hmac mmrfc5424addhmac)

275

+		$(use_enable snmp)

276

+		$(use_enable snmp mmsnmptrapd)

277

+		$(use_enable gnutls)

278

+		$(use_enable openssl)

279

+		$(use_enable systemd imjournal)

280

+		$(use_enable systemd omjournal)

281

+		$(use_enable usertools)

282

+		$(use_enable uuid)

283

+		$(use_enable zeromq imczmq)

284

+		$(use_enable zeromq omczmq)

285

+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"

286

+	)

287

+

288

+	econf "${myeconfargs[@]}"

289

+}

290

+

291

+src_compile() {

292

+	default

293

+

294

+	if use doc && [[ "${PV}" == "9999" ]]; then

295

+		einfo "Building documentation ..."

296

+		local doc_dir="${S}/docs"

297

+		cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"

298

+		sphinx-build -b html source build || die "Building documentation failed!"

299

+	fi

300

+}

301

+

302

+src_test() {

303

+	local _has_increased_ulimit=

304

+

305

+	# Sometimes tests aren't executable (i.e. when added via patch)

306

+	einfo "Adjusting permissions of test scripts ..."

307

+	find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \

308

+		die "Failed to adjust test scripts permission"

309

+

310

+	if ulimit -n 3072; then

311

+		_has_increased_ulimit="true"

312

+	fi

313

+

314

+	if ! emake --jobs 1 check; then

315

+		eerror "Test suite failed! :("

316

+

317

+		if [[ -z "${_has_increased_ulimit}" ]]; then

318

+			eerror "Probably because open file limit couldn't be set to 3072."

319

+		fi

320

+

321

+		if has userpriv ${FEATURES}; then

322

+			eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \

323

+				"before you submit a bug report."

324

+		fi

325

+

326

+	fi

327

+}

328

+

329

+src_install() {

330

+	local DOCS=(

331

+		AUTHORS

332

+		ChangeLog

333

+		"${FILESDIR}"/README.gentoo

334

+	)

335

+

336

+	use doc && local HTML_DOCS=( "${S}/docs/build/." )

337

+

338

+	default

339

+

340

+	newconfd "${FILESDIR}/${PN}.confd-r1" ${PN}

341

+	newinitd "${FILESDIR}/${PN}.initd-r1" ${PN}

342

+

343

+	keepdir /var/empty/dev

344

+	keepdir /var/spool/${PN}

345

+	keepdir /etc/ssl/${PN}

346

+	keepdir /etc/${PN}.d

347

+

348

+	insinto /etc

349

+	newins "${FILESDIR}/${PN}.conf" ${PN}.conf

350

+

351

+	insinto /etc/rsyslog.d/

352

+	newins "${FILESDIR}/50-default-r1.conf" 50-default.conf

353

+

354

+	insinto /etc/logrotate.d/

355

+	newins "${FILESDIR}/${PN}-r1.logrotate" ${PN}

356

+

357

+	if use mysql; then

358

+		insinto /usr/share/${PN}/scripts/mysql

359

+		doins plugins/ommysql/createDB.sql

360

+	fi

361

+

362

+	if use postgres; then

363

+		insinto /usr/share/${PN}/scripts/pgsql

364

+		doins plugins/ompgsql/createDB.sql

365

+	fi

366

+

367

+	prune_libtool_files --modules

368

+}

369

+

370

+pkg_postinst() {

371

+	local advertise_readme=0

372

+

373

+	if [[ -z "${REPLACING_VERSIONS}" ]]; then

374

+		# This is a new installation

375

+

376

+		advertise_readme=1

377

+

378

+		if use mysql || use postgres; then

379

+			echo

380

+			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"

381

+			elog "  /usr/share/doc/${PF}/scripts"

382

+		fi

383

+

384

+		if use ssl; then

385

+			echo

386

+			elog "To create a default CA and certificates for your server and clients, run:"

387

+			elog "  emerge --config =${PF}"

388

+			elog "on your logging server. You can run it several times,"

389

+			elog "once for each logging client. The client certificates will be signed"

390

+			elog "using the CA certificate generated during the first run."

391

+		fi

392

+	fi

393

+

394

+	if [[ ${advertise_readme} -gt 0 ]]; then

395

+		# We need to show the README file location

396

+

397

+		echo ""

398

+		elog "Please read"

399

+		elog ""

400

+		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"

401

+		elog ""

402

+		elog "for more details."

403

+	fi

404

+}

405

+

406

+pkg_config() {

407

+	if ! use ssl ; then

408

+		einfo "There is nothing to configure for rsyslog unless you"

409

+		einfo "used USE=ssl to build it."

410

+		return 0

411

+	fi

412

+

413

+	# Make sure the certificates directory exists

414

+	local CERTDIR="${EROOT}/etc/ssl/${PN}"

415

+	if [[ ! -d "${CERTDIR}" ]]; then

416

+		mkdir "${CERTDIR}" || die

417

+	fi

418

+	einfo "Your certificates will be stored in ${CERTDIR}"

419

+

420

+	# Create a default CA if needed

421

+	if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then

422

+		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."

423

+		certtool --generate-privkey \

424

+			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null

425

+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"

426

+

427

+		cat > "${T}/${PF}.$$" <<- _EOF

428

+		cn = Portage automated CA

429

+		ca

430

+		cert_signing_key

431

+		expiration_days = 3650

432

+		_EOF

433

+

434

+		certtool --generate-self-signed \

435

+			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \

436

+			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \

437

+			--template "${T}/${PF}.$$" &>/dev/null

438

+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"

439

+

440

+		# Create the server certificate

441

+		echo

442

+		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "

443

+		read -r CN

444

+

445

+		einfo "Creating private key and certificate for server ${CN}..."

446

+		certtool --generate-privkey \

447

+			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null

448

+		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"

449

+

450

+		cat > "${T}/${PF}.$$" <<- _EOF

451

+		cn = ${CN}

452

+		tls_www_server

453

+		dns_name = ${CN}

454

+		expiration_days = 3650

455

+		_EOF

456

+

457

+		certtool --generate-certificate \

458

+			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \

459

+			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \

460

+			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \

461

+			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \

462

+			--template "${T}/${PF}.$$" &>/dev/null

463

+		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"

464

+

465

+	else

466

+		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."

467

+	fi

468

+

469

+	# Create a client certificate

470

+	echo

471

+	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "

472

+	read -r CN

473

+

474

+	einfo "Creating private key and certificate for client ${CN}..."

475

+	certtool --generate-privkey \

476

+		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null

477

+	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"

478

+

479

+	cat > "${T}/${PF}.$$" <<- _EOF

480

+	cn = ${CN}

481

+	tls_www_client

482

+	dns_name = ${CN}

483

+	expiration_days = 3650

484

+	_EOF

485

+

486

+	certtool --generate-certificate \

487

+		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \

488

+		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \

489

+		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \

490

+		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \

491

+		--template "${T}/${PF}.$$" &>/dev/null

492

+	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"

493

+

494

+	rm -f "${T}/${PF}.$$"

495

+

496

+	echo

497

+	einfo "Here is the documentation on how to encrypt your log traffic:"

498

+	einfo " https://www.rsyslog.com/doc/rsyslog_tls.html"

499

+}

1	commit: 13cda07a1548f8462232772219887a229bc3752c
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Tue Apr 28 23:00:08 2020 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Tue Apr 28 23:00:47 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13cda07a
7
8	app-admin/rsyslog: bump to v8.2004.0
9
10	Package-Manager: Portage-2.3.99, Repoman-2.3.22
11	Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
12
13	app-admin/rsyslog/Manifest \| 2 +
14	app-admin/rsyslog/rsyslog-8.2004.0.ebuild \| 462 ++++++++++++++++++++++++++++++
15	2 files changed, 464 insertions(+)
16
17	diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest
18	index 307646e448c..7e52759762b 100644
19	--- a/app-admin/rsyslog/Manifest
20	+++ b/app-admin/rsyslog/Manifest
21	@@ -2,7 +2,9 @@ DIST rsyslog-8.1910.0.tar.gz 2957635 BLAKE2B ea350d3fb923c2f7d2799942fec6a77ef89
22	DIST rsyslog-8.1911.0.tar.gz 2967162 BLAKE2B 6c15436cf6751267de38662b2c5d524dc7f90add4ed1aa7102811d197c2d86847316b58ed626fe0ab2b731c445fbcfb328464a2b1b7c4c3afedccb103267f772 SHA512 8414901a5072cb2cc28d35802c9e22d0f9c88f2ae15985a087a86b0e4053471b02d43bcc95d0c466719105e0a5ee683927af3842b9487f27ddddc1ca00ed713a
23	DIST rsyslog-8.2001.0.tar.gz 2999701 BLAKE2B 8b0b0af6a9f8ea53540cd4869ad9ccc6f1adfea3349c4785222d72028101d8e095a7bb0c0496b5026b4144a64cd5d42f547294f03c75a205fa5724e67675ff6e SHA512 a68053630c43bea813cc3191ebff04473031df49899a6be2d5c331ac18882f373fc54fd7fb45c397fcbbcb269f246eeba5e9126911edd1bfe1c52f60921740d2
24	DIST rsyslog-8.2002.0.tar.gz 3000861 BLAKE2B b05081eefc9a9c7a2a5815b472ebecb0214b1855c87e2428d2114c6d390e0251a71dda6ed80e8c4c8368e9a327a1c5d36a906b1eabd485a64078f490ad09a115 SHA512 a01bb2f67d21ab6d96dd1302bc351b509892834ef44956983db912a63ba23201653ca1e6b176a574c47568665b4d92579bb8bb0fe6911646bc841a3754c2754f
25	+DIST rsyslog-8.2004.0.tar.gz 3002704 BLAKE2B b5049448e0d09e048a45f067b5f8de453721ac5d63233f251e6e24fe2a722469cb19a91e83aa405ffc21245942b824e0a28ecd4e6df431517c8775e7a322bcd3 SHA512 1d7fac65cc97975a6765a55732d413e892502e53566c6fb7c1bfc0107b173eae77dd04c0c9a7471296dff998ceb2fd5a2374368a5a8528f8eb0a89d1915b0214
26	DIST rsyslog-doc-8.1910.0.tar.gz 8158007 BLAKE2B 7a05cf7070ba350d0fb939350868ff0dd9d03be46ebd1b1261e54add70ab680afe0b356f563ea9e10148aed17667fc0b729e2fa8f7ff7cff3e4cec9d0da209a8 SHA512 e46f14e40ae690efbe3114a859c1c94c8f9573ca5ebdb533ad4b5ed76c3a930c887cc205e7279fcc546fda3ce624eae507ce08d5d10ee1eb167a957edd742bf2
27	DIST rsyslog-doc-8.1911.0.tar.gz 8183360 BLAKE2B f5681945fb30ddf9c21a60ebafaf99698f10ef4790e76c9f6f329763215d5a1d47918008ade3e8ff8b7d4fb3ce1220cfc6f307ebc1dbf85697c3d92f7b855023 SHA512 2326550a0db108db407b701ff0b7b8545f94d06c1979bfbea3496a9a652de2a22bf49e9b95d4b2e6256bbf1f9db6a1c9822557c6ebd6a56bc00f096a642b19df
28	DIST rsyslog-doc-8.2001.0.tar.gz 8200594 BLAKE2B ad0fda200749083a56fd4d731b03982e25ff32a7c6b4ff10f996ee42a46c6985f11fc8265e6992d1d5c86973541d0b0cf15c014460792a4658f45a1a310aee4f SHA512 6d58a67914f65d75eb77411e760b9e49be3723fb6e4ab8951ce28bf83372e3ec7805fac5aef49158fa47c6c4a9109e887bcc46ed3ca0cdc53de4e9b66472be14
29	DIST rsyslog-doc-8.2002.0.tar.gz 8330832 BLAKE2B 1d27326dadcf06b158b28bbd66498559e4eb5012f84e073c63ab880b411e838550350b43cb0879f67f7b05541f6fcb659e406eaf5baf1d4d4b601d06e581d2bf SHA512 5d6bd8fe09b49644f000416c87c8600cd3df3facb07845afd85012279df203a44b234e94a7be90ad83709d5f2ad1a2bf8cb51571c5c0cd76383f76f81455945e
30	+DIST rsyslog-doc-8.2004.0.tar.gz 8323570 BLAKE2B 76b6acc7614f1cbe0a4f99a2a27ff44e2706d1a570afb7d92c628154d49bde5b00a7a4ae1c7d9639f67270f3080a6637cbebb14eaa43484655b322def11b367f SHA512 1a95b334bfe4c2a1d4844983cf32e44205ec6b7cabf1a6914a9ebb335d3d8f78655caf2a55a8cf444352af7d9ae92daa09e8fdf36e520554ed4807a4ed5fd393
31
32	diff --git a/app-admin/rsyslog/rsyslog-8.2004.0.ebuild b/app-admin/rsyslog/rsyslog-8.2004.0.ebuild
33	new file mode 100644
34	index 00000000000..e3157ed0808
35	--- /dev/null
36	+++ b/app-admin/rsyslog/rsyslog-8.2004.0.ebuild
37	@@ -0,0 +1,462 @@
38	+# Copyright 1999-2020 Gentoo Authors
39	+# Distributed under the terms of the GNU General Public License v2
40	+
41	+EAPI="6"
42	+PYTHON_COMPAT=( python{3_6,3_7,3_8} )
43	+
44	+inherit autotools eutils linux-info ltprune python-any-r1 systemd
45	+
46	+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
47	+HOMEPAGE="https://www.rsyslog.com/"
48	+
49	+if [[ ${PV} == "9999" ]]; then
50	+ EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"
51	+
52	+ DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"
53	+
54	+ inherit git-r3
55	+else
56	+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86"
57	+
58	+ SRC_URI="
59	+ https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz
60	+ doc? ( https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz )
61	+ "
62	+fi
63	+
64	+LICENSE="GPL-3 LGPL-3 Apache-2.0"
65	+SLOT="0"
66	+IUSE="curl dbi debug doc elasticsearch +gcrypt gnutls jemalloc kafka kerberos kubernetes libressl mdblookup"
67	+IUSE+=" mongodb mysql normalize clickhouse omhttp omhttpfs omudpspoof openssl postgres"
68	+IUSE+=" rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools +uuid xxhash zeromq"
69	+RESTRICT="!test? ( test )"
70	+
71	+RDEPEND="
72	+ >=dev-libs/libfastjson-0.99.8:=
73	+ >=dev-libs/libestr-0.1.9
74	+ >=sys-libs/zlib-1.2.5
75	+ curl? ( >=net-misc/curl-7.35.0 )
76	+ dbi? ( >=dev-db/libdbi-0.8.3 )
77	+ elasticsearch? ( >=net-misc/curl-7.35.0 )
78	+ gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
79	+ jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )
80	+ kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )
81	+ kerberos? ( virtual/krb5 )
82	+ kubernetes? ( >=net-misc/curl-7.35.0 )
83	+ mdblookup? ( dev-libs/libmaxminddb:= )
84	+ mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )
85	+ mysql? ( dev-db/mysql-connector-c:= )
86	+ normalize? (
87	+ >=dev-libs/liblognorm-2.0.3:=
88	+ )
89	+ clickhouse? ( >=net-misc/curl-7.35.0 )
90	+ omhttpfs? ( >=net-misc/curl-7.35.0 )
91	+ omudpspoof? ( >=net-libs/libnet-1.1.6 )
92	+ postgres? ( >=dev-db/postgresql-8.4.20:= )
93	+ rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )
94	+ redis? ( >=dev-libs/hiredis-0.11.0:= )
95	+ relp? ( >=dev-libs/librelp-1.2.17:= )
96	+ rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
97	+ rfc5424hmac? (
98	+ !libressl? ( >=dev-libs/openssl-0.9.8y:0= )
99	+ libressl? ( dev-libs/libressl:= )
100	+ )
101	+ snmp? ( >=net-analyzer/net-snmp-5.7.2 )
102	+ ssl? (
103	+ gnutls? ( >=net-libs/gnutls-2.12.23:0= )
104	+ openssl? (
105	+ !libressl? ( dev-libs/openssl:0= )
106	+ libressl? ( dev-libs/libressl:0= )
107	+ )
108	+ )
109	+ systemd? ( >=sys-apps/systemd-234 )
110	+ uuid? ( sys-apps/util-linux:0= )
111	+ xxhash? ( dev-libs/xxhash:= )
112	+ zeromq? (
113	+ >=net-libs/czmq-3.0.2
114	+ )"
115	+DEPEND="${RDEPEND}
116	+ >=sys-devel/autoconf-archive-2015.02.24
117	+ virtual/pkgconfig
118	+ elibc_musl? ( sys-libs/queue-standalone )
119	+ test? (
120	+ >=dev-libs/liblogging-1.0.1[stdlog]
121	+ jemalloc? ( <sys-libs/libfaketime-0.9.7 )
122	+ !jemalloc? ( sys-libs/libfaketime )
123	+ ${PYTHON_DEPS}
124	+ )"
125	+
126	+REQUIRED_USE="
127	+ kubernetes? ( normalize )
128	+ ssl? ( \|\| ( gnutls openssl ) )
129	+"
130	+
131	+if [[ ${PV} == "9999" ]]; then
132	+ DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
133	+ DEPEND+=" >=sys-devel/flex-2.5.39-r1"
134	+ DEPEND+=" >=sys-devel/bison-2.4.3"
135	+ DEPEND+=" >=dev-python/docutils-0.12"
136	+fi
137	+
138	+CONFIG_CHECK="~INOTIFY_USER"
139	+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"
140	+
141	+pkg_setup() {
142	+ use test && python-any-r1_pkg_setup
143	+}
144	+
145	+src_unpack() {
146	+ if [[ ${PV} == "9999" ]]; then
147	+ git-r3_fetch
148	+ git-r3_checkout
149	+ else
150	+ unpack ${P}.tar.gz
151	+ fi
152	+
153	+ if use doc; then
154	+ if [[ ${PV} == "9999" ]]; then
155	+ local _EGIT_BRANCH=
156	+ if [[ -n "${EGIT_BRANCH}" ]]; then
157	+ # Cannot use rsyslog commits/branches for documentation repository
158	+ _EGIT_BRANCH=${EGIT_BRANCH}
159	+ unset EGIT_BRANCH
160	+ fi
161	+
162	+ git-r3_fetch "${DOC_REPO_URI}"
163	+ git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
164	+
165	+ if [[ -n "${_EGIT_BRANCH}" ]]; then
166	+ # Restore previous EGIT_BRANCH information
167	+ EGIT_BRANCH=${_EGIT_BRANCH}
168	+ fi
169	+ else
170	+ cd "${S}" \|\| die "Cannot change dir into '${S}'"
171	+ mkdir docs \|\| die "Failed to create docs directory"
172	+ cd docs \|\| die "Failed to change dir into '${S}/docs'"
173	+ unpack ${PN}-doc-${PV}.tar.gz
174	+ fi
175	+ fi
176	+}
177	+
178	+src_prepare() {
179	+ default
180	+
181	+ # https://github.com/rsyslog/rsyslog/issues/3626
182	+ sed -i \
183	+ -e '\\|^#!/bin/bash$\|a exit 77' \
184	+ tests/mmkubernetes-cache-expir*.sh \
185	+ \|\| die "Failed to disabled known test failure mmkubernetes-cache-expir*.sh"
186	+
187	+ eautoreconf
188	+}
189	+
190	+src_configure() {
191	+ # Maintainer notes:
192	+ # * Guardtime support is missing because libgt isn't yet available
193	+ # in portage.
194	+ # * Hadoop's HDFS file system output module is currently not
195	+ # supported in Gentoo because nobody is able to test it
196	+ # (JAVA dependency).
197	+ # * dev-libs/hiredis doesn't provide pkg-config (see #504614,
198	+ # upstream PR 129 and 136) so we need to export HIREDIS_*
199	+ # variables because rsyslog's build system depends on pkg-config.
200	+
201	+ if use redis; then
202	+ export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
203	+ export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
204	+ fi
205	+
206	+ local myeconfargs=(
207	+ --disable-debug-symbols
208	+ --disable-generate-man-pages
209	+ --without-valgrind-testbench
210	+ --disable-liblogging-stdlog
211	+ $(use_enable test testbench)
212	+ $(use_enable test libfaketime)
213	+ $(use_enable test extended-tests)
214	+ # Input Plugins without depedencies
215	+ --enable-imdiag
216	+ --enable-imfile
217	+ --enable-impstats
218	+ --enable-imptcp
219	+ # Message Modificiation Plugins without depedencies
220	+ --enable-mmanon
221	+ --enable-mmaudit
222	+ --enable-mmcount
223	+ --enable-mmfields
224	+ --enable-mmjsonparse
225	+ --enable-mmpstrucdata
226	+ --enable-mmrm1stspace
227	+ --enable-mmsequence
228	+ --enable-mmutf8fix
229	+ # Output Modification Plugins without dependencies
230	+ --enable-mail
231	+ --enable-omprog
232	+ --enable-omruleset
233	+ --enable-omstdout
234	+ --enable-omuxsock
235	+ # Misc
236	+ --enable-fmhash
237	+ $(use_enable xxhash fmhash-xxhash)
238	+ --enable-pmaixforwardedfrom
239	+ --enable-pmciscoios
240	+ --enable-pmcisconames
241	+ --enable-pmlastmsg
242	+ $(use_enable normalize pmnormalize)
243	+ --enable-pmnull
244	+ --enable-pmpanngfw
245	+ --enable-pmsnare
246	+ # DB
247	+ $(use_enable dbi libdbi)
248	+ $(use_enable mongodb ommongodb)
249	+ $(use_enable mysql)
250	+ $(use_enable postgres pgsql)
251	+ $(use_enable redis omhiredis)
252	+ # Debug
253	+ $(use_enable debug)
254	+ $(use_enable debug diagtools)
255	+ $(use_enable debug valgrind)
256	+ # Misc
257	+ $(use_enable clickhouse)
258	+ $(use_enable curl fmhttp)
259	+ $(use_enable elasticsearch)
260	+ $(use_enable gcrypt libgcrypt)
261	+ $(use_enable jemalloc)
262	+ $(use_enable kafka imkafka)
263	+ $(use_enable kafka omkafka)
264	+ $(use_enable kerberos gssapi-krb5)
265	+ $(use_enable kubernetes mmkubernetes)
266	+ $(use_enable normalize mmnormalize)
267	+ $(use_enable mdblookup mmdblookup)
268	+ $(use_enable omhttp)
269	+ $(use_enable omhttpfs)
270	+ $(use_enable omudpspoof)
271	+ $(use_enable rabbitmq omrabbitmq)
272	+ $(use_enable relp)
273	+ $(use_enable rfc3195)
274	+ $(use_enable rfc5424hmac mmrfc5424addhmac)
275	+ $(use_enable snmp)
276	+ $(use_enable snmp mmsnmptrapd)
277	+ $(use_enable gnutls)
278	+ $(use_enable openssl)
279	+ $(use_enable systemd imjournal)
280	+ $(use_enable systemd omjournal)
281	+ $(use_enable usertools)
282	+ $(use_enable uuid)
283	+ $(use_enable zeromq imczmq)
284	+ $(use_enable zeromq omczmq)
285	+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
286	+ )
287	+
288	+ econf "${myeconfargs[@]}"
289	+}
290	+
291	+src_compile() {
292	+ default
293	+
294	+ if use doc && [[ "${PV}" == "9999" ]]; then
295	+ einfo "Building documentation ..."
296	+ local doc_dir="${S}/docs"
297	+ cd "${doc_dir}" \|\| die "Cannot chdir into \"${doc_dir}\"!"
298	+ sphinx-build -b html source build \|\| die "Building documentation failed!"
299	+ fi
300	+}
301	+
302	+src_test() {
303	+ local _has_increased_ulimit=
304	+
305	+ # Sometimes tests aren't executable (i.e. when added via patch)
306	+ einfo "Adjusting permissions of test scripts ..."
307	+ find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; \|\| \
308	+ die "Failed to adjust test scripts permission"
309	+
310	+ if ulimit -n 3072; then
311	+ _has_increased_ulimit="true"
312	+ fi
313	+
314	+ if ! emake --jobs 1 check; then
315	+ eerror "Test suite failed! :("
316	+
317	+ if [[ -z "${_has_increased_ulimit}" ]]; then
318	+ eerror "Probably because open file limit couldn't be set to 3072."
319	+ fi
320	+
321	+ if has userpriv ${FEATURES}; then
322	+ eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
323	+ "before you submit a bug report."
324	+ fi
325	+
326	+ fi
327	+}
328	+
329	+src_install() {
330	+ local DOCS=(
331	+ AUTHORS
332	+ ChangeLog
333	+ "${FILESDIR}"/README.gentoo
334	+ )
335	+
336	+ use doc && local HTML_DOCS=( "${S}/docs/build/." )
337	+
338	+ default
339	+
340	+ newconfd "${FILESDIR}/${PN}.confd-r1" ${PN}
341	+ newinitd "${FILESDIR}/${PN}.initd-r1" ${PN}
342	+
343	+ keepdir /var/empty/dev
344	+ keepdir /var/spool/${PN}
345	+ keepdir /etc/ssl/${PN}
346	+ keepdir /etc/${PN}.d
347	+
348	+ insinto /etc
349	+ newins "${FILESDIR}/${PN}.conf" ${PN}.conf
350	+
351	+ insinto /etc/rsyslog.d/
352	+ newins "${FILESDIR}/50-default-r1.conf" 50-default.conf
353	+
354	+ insinto /etc/logrotate.d/
355	+ newins "${FILESDIR}/${PN}-r1.logrotate" ${PN}
356	+
357	+ if use mysql; then
358	+ insinto /usr/share/${PN}/scripts/mysql
359	+ doins plugins/ommysql/createDB.sql
360	+ fi
361	+
362	+ if use postgres; then
363	+ insinto /usr/share/${PN}/scripts/pgsql
364	+ doins plugins/ompgsql/createDB.sql
365	+ fi
366	+
367	+ prune_libtool_files --modules
368	+}
369	+
370	+pkg_postinst() {
371	+ local advertise_readme=0
372	+
373	+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
374	+ # This is a new installation
375	+
376	+ advertise_readme=1
377	+
378	+ if use mysql \|\| use postgres; then
379	+ echo
380	+ elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
381	+ elog " /usr/share/doc/${PF}/scripts"
382	+ fi
383	+
384	+ if use ssl; then
385	+ echo
386	+ elog "To create a default CA and certificates for your server and clients, run:"
387	+ elog " emerge --config =${PF}"
388	+ elog "on your logging server. You can run it several times,"
389	+ elog "once for each logging client. The client certificates will be signed"
390	+ elog "using the CA certificate generated during the first run."
391	+ fi
392	+ fi
393	+
394	+ if [[ ${advertise_readme} -gt 0 ]]; then
395	+ # We need to show the README file location
396	+
397	+ echo ""
398	+ elog "Please read"
399	+ elog ""
400	+ elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
401	+ elog ""
402	+ elog "for more details."
403	+ fi
404	+}
405	+
406	+pkg_config() {
407	+ if ! use ssl ; then
408	+ einfo "There is nothing to configure for rsyslog unless you"
409	+ einfo "used USE=ssl to build it."
410	+ return 0
411	+ fi
412	+
413	+ # Make sure the certificates directory exists
414	+ local CERTDIR="${EROOT}/etc/ssl/${PN}"
415	+ if [[ ! -d "${CERTDIR}" ]]; then
416	+ mkdir "${CERTDIR}" \|\| die
417	+ fi
418	+ einfo "Your certificates will be stored in ${CERTDIR}"
419	+
420	+ # Create a default CA if needed
421	+ if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then
422	+ einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
423	+ certtool --generate-privkey \
424	+ --outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
425	+ chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
426	+
427	+ cat > "${T}/${PF}.$$" <<- _EOF
428	+ cn = Portage automated CA
429	+ ca
430	+ cert_signing_key
431	+ expiration_days = 3650
432	+ _EOF
433	+
434	+ certtool --generate-self-signed \
435	+ --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
436	+ --outfile "${CERTDIR}/${PN}_ca.cert.pem" \
437	+ --template "${T}/${PF}.$$" &>/dev/null
438	+ chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
439	+
440	+ # Create the server certificate
441	+ echo
442	+ einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
443	+ read -r CN
444	+
445	+ einfo "Creating private key and certificate for server ${CN}..."
446	+ certtool --generate-privkey \
447	+ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
448	+ chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
449	+
450	+ cat > "${T}/${PF}.$$" <<- _EOF
451	+ cn = ${CN}
452	+ tls_www_server
453	+ dns_name = ${CN}
454	+ expiration_days = 3650
455	+ _EOF
456	+
457	+ certtool --generate-certificate \
458	+ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
459	+ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
460	+ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
461	+ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
462	+ --template "${T}/${PF}.$$" &>/dev/null
463	+ chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
464	+
465	+ else
466	+ einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
467	+ fi
468	+
469	+ # Create a client certificate
470	+ echo
471	+ einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
472	+ read -r CN
473	+
474	+ einfo "Creating private key and certificate for client ${CN}..."
475	+ certtool --generate-privkey \
476	+ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
477	+ chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
478	+
479	+ cat > "${T}/${PF}.$$" <<- _EOF
480	+ cn = ${CN}
481	+ tls_www_client
482	+ dns_name = ${CN}
483	+ expiration_days = 3650
484	+ _EOF
485	+
486	+ certtool --generate-certificate \
487	+ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
488	+ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
489	+ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
490	+ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
491	+ --template "${T}/${PF}.$$" &>/dev/null
492	+ chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
493	+
494	+ rm -f "${T}/${PF}.$$"
495	+
496	+ echo
497	+ einfo "Here is the documentation on how to encrypt your log traffic:"
498	+ einfo " https://www.rsyslog.com/doc/rsyslog_tls.html"
499	+}

Gentoo Archives: gentoo-commits