[gentoo-commits] repo/gentoo:master commit in: app-admin/rsyslog/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-admin/rsyslog/
Date:	Tue, 24 Aug 2021 13:17:58
Message-Id:	`1629810987.bde9393d1e2740593552cd7432b2af610e72a1ec.whissi@gentoo`

1

commit:     bde9393d1e2740593552cd7432b2af610e72a1ec

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Tue Aug 24 13:16:27 2021 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Tue Aug 24 13:16:27 2021 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bde9393d

7

8

app-admin/rsyslog: bump to v8.2108.0

9

10

Package-Manager: Portage-3.0.22, Repoman-3.0.3

11

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

12

13

 app-admin/rsyslog/Manifest                |   2 +

14

 app-admin/rsyslog/rsyslog-8.2108.0.ebuild | 483 ++++++++++++++++++++++++++++++

15

 2 files changed, 485 insertions(+)

16

17

diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest

18

index a47191519f0..e17168bc042 100644

19

--- a/app-admin/rsyslog/Manifest

20

+++ b/app-admin/rsyslog/Manifest

21

@@ -1,6 +1,8 @@

22

 DIST rsyslog-8.2102.0.tar.gz 3123684 BLAKE2B f5c4e00d68ec82ed3f7b89dd5e888bebda9c4eb38185dfd8ecd96c1bf77380385aaddac73ab1de8364e1239a3de746f160c18b0f135d006f473f9e40be2c18a1 SHA512 281b0e5d5cb548c39a6e514e5fd5b1bdbe8ca0bdd9234f4fea581ed7679f76d2d75b65d14c3c5e799f86f91600074ff75b467aa1ff27cdbec0f4197261c5aec0

23

 DIST rsyslog-8.2104.0.tar.gz 3175254 BLAKE2B ed772d4e460105b8406305574fdbe4aeca7ba57ba975b78f91d279460fee0faa767fcda3d2d8a4ba6d543bf9e920f9b7cf5ddf9e4d3ccfc9ae3b08c318a6c5b0 SHA512 15ded57f32259bb12b3378d10bc2d4d6eff39623f1195357dafa58e5c1154aedc0d60ff0746599707f380cf3bfc5ca955f15f1213572fa447cc333d479e0eefc

24

 DIST rsyslog-8.2106.0.tar.gz 3180745 BLAKE2B a949c36e0c5251fa3cd7748387990b667564561a5fcf0250bb19ebf62bf88f367814f86d743c64e0b5e5a184e2160ec0c2cd2600ac0ffc655e41d651495e9311 SHA512 309bba7e53f0dc6462f8cac781f567ce879f31bc020b233e80aa4461cc4c6e9279ca1c65c910ce3015fcab9ed663020db84ff4073c03a436b5be66e57a99164f

25

+DIST rsyslog-8.2108.0.tar.gz 3204178 BLAKE2B d120f2b20521a40fbe985a4ba751edd51ed5917fcd0db5d7abb35ecada3ada31f99d34f74cd3278736356e8f09f13b79ca2166e4732676a97655c189d257e3fa SHA512 95096660bc93f7808d22c39549d7429deb340ef8d706f08dc8be35f48d1c7e3d389907fdf18ba04dd54fb59c9780fdb267eef7985184f0e5932bf11f46c5423b

26

 DIST rsyslog-doc-8.2102.0.tar.gz 6419104 BLAKE2B 134c7ccde6f7435b35840fa37f5774223ac1ebd7dc10db961900a7b1600483156518433c7f70d0981e96ea750e1916ab53e346abacf58066bf141e85c719ae00 SHA512 a5dc4fb9bd8892fac693c5692b926c8d7d9fa36667d6b4c6eccba750713af88d4317f6232efc2a16de38c2e58c4a8bc4d04c9ebb2e7ebc3b0878d53eef20dd2e

27

 DIST rsyslog-doc-8.2104.0.tar.gz 6451275 BLAKE2B cb8a38b28caec17babd190e463070b862071a75c4c63a7208e56f039f84ae7a5c6045112697c61635d328e56d9427f692e67a9d6fefc94b59ad28481210f1481 SHA512 6c898fa606190c5cf214822503f060b1692cd907731858736a395511b66d7b0d1cf6dfcc90c4cecbe21b099197ae2187db53d719f44f85f26a1bd34971539d36

28

 DIST rsyslog-doc-8.2106.0.tar.gz 6500747 BLAKE2B d004af40dfc82577fe262993b10497cbf50142295ccfc046126e0d8cc85dd964cca7798732d2f41ef9d776096b3ec99a8c835bb037a78c9030ea6cd596d1e057 SHA512 04c205ea463f7487baedf60d0469f3752edfb60a0833954a3f208d52ed6495152c785a4a8ea47396ac85b581ced0657f7b51d313c2d4295e26d547b996ff4ca3

29

+DIST rsyslog-doc-8.2108.0.tar.gz 6527584 BLAKE2B b7974d2f723603017f1c725f820e03f355af1805d77143e6ff9eeb02e54a991ba4c143fc45b48b3e1625328e68113df36d71abd0763983a8db655081c5d81abc SHA512 d4ca8c91cbdd7be458083ffec9d933e5d1e175dff93fdf9274f5ca444c9cfe8710349c16de6edfd3e12cf97fc889a9e71059ef1d0b85fda4ed335fb107b98a9f

30

31

diff --git a/app-admin/rsyslog/rsyslog-8.2108.0.ebuild b/app-admin/rsyslog/rsyslog-8.2108.0.ebuild

32

new file mode 100644

33

index 00000000000..c03f64233c7

34

--- /dev/null

35

+++ b/app-admin/rsyslog/rsyslog-8.2108.0.ebuild

36

@@ -0,0 +1,483 @@

37

+# Copyright 1999-2021 Gentoo Authors

38

+# Distributed under the terms of the GNU General Public License v2

39

+

40

+EAPI="7"

41

+PYTHON_COMPAT=( python3_{7..10} )

42

+

43

+inherit autotools linux-info python-any-r1 systemd

44

+

45

+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"

46

+HOMEPAGE="https://www.rsyslog.com/"

47

+

48

+if [[ ${PV} == "9999" ]]; then

49

+	EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"

50

+

51

+	DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"

52

+

53

+	inherit git-r3

54

+else

55

+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86"

56

+

57

+	SRC_URI="

58

+		https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz

59

+		doc? ( https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz )

60

+	"

61

+fi

62

+

63

+LICENSE="GPL-3 LGPL-3 Apache-2.0"

64

+SLOT="0"

65

+

66

+IUSE="clickhouse curl dbi debug doc elasticsearch +gcrypt gnutls imhttp"

67

+IUSE+=" impcap jemalloc kafka kerberos kubernetes mdblookup"

68

+IUSE+=" mongodb mysql normalize omhttp omhttpfs omudpspoof +openssl"

69

+IUSE+=" postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp +ssl"

70

+IUSE+=" systemd test usertools +uuid xxhash zeromq"

71

+

72

+RESTRICT="!test? ( test )"

73

+

74

+REQUIRED_USE="

75

+	kubernetes? ( normalize )

76

+	ssl? ( || ( gnutls openssl ) )

77

+"

78

+

79

+BDEPEND=">=sys-devel/autoconf-archive-2015.02.24

80

+	virtual/pkgconfig

81

+	elibc_musl? ( sys-libs/queue-standalone )

82

+	test? (

83

+		jemalloc? ( <sys-libs/libfaketime-0.9.7 )

84

+		!jemalloc? ( sys-libs/libfaketime )

85

+		${PYTHON_DEPS}

86

+	)"

87

+

88

+RDEPEND="

89

+	>=dev-libs/libfastjson-0.99.8:=

90

+	>=dev-libs/libestr-0.1.9

91

+	>=sys-libs/zlib-1.2.5

92

+	curl? ( >=net-misc/curl-7.35.0 )

93

+	dbi? ( >=dev-db/libdbi-0.8.3 )

94

+	elasticsearch? ( >=net-misc/curl-7.35.0 )

95

+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )

96

+	imhttp? ( www-servers/civetweb )

97

+	impcap? ( net-libs/libpcap )

98

+	jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )

99

+	kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )

100

+	kerberos? ( virtual/krb5 )

101

+	kubernetes? ( >=net-misc/curl-7.35.0 )

102

+	mdblookup? ( dev-libs/libmaxminddb:= )

103

+	mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )

104

+	mysql? ( dev-db/mysql-connector-c:= )

105

+	normalize? (

106

+		>=dev-libs/liblognorm-2.0.3:=

107

+	)

108

+	clickhouse? ( >=net-misc/curl-7.35.0 )

109

+	omhttpfs? ( >=net-misc/curl-7.35.0 )

110

+	omudpspoof? ( >=net-libs/libnet-1.1.6 )

111

+	postgres? ( >=dev-db/postgresql-8.4.20:= )

112

+	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )

113

+	redis? ( >=dev-libs/hiredis-0.11.0:= )

114

+	relp? ( >=dev-libs/librelp-1.2.17:= )

115

+	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )

116

+	rfc5424hmac? (

117

+		>=dev-libs/openssl-0.9.8y:0=

118

+	)

119

+	snmp? ( >=net-analyzer/net-snmp-5.7.2 )

120

+	ssl? (

121

+		gnutls? ( >=net-libs/gnutls-2.12.23:0= )

122

+		openssl? (

123

+			dev-libs/openssl:0=

124

+		)

125

+	)

126

+	systemd? ( >=sys-apps/systemd-234 )

127

+	uuid? ( sys-apps/util-linux:0= )

128

+	xxhash? ( dev-libs/xxhash:= )

129

+	zeromq? (

130

+		>=net-libs/czmq-4:=[drafts]

131

+	)"

132

+DEPEND="${RDEPEND}

133

+	test? (

134

+		>=dev-libs/liblogging-1.0.1[stdlog]

135

+	)"

136

+

137

+if [[ ${PV} == "9999" ]]; then

138

+	BDEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"

139

+	BDEPEND+=" >=sys-devel/flex-2.5.39-r1"

140

+	BDEPEND+=" >=sys-devel/bison-2.4.3"

141

+	BDEPEND+=" >=dev-python/docutils-0.12"

142

+fi

143

+

144

+CONFIG_CHECK="~INOTIFY_USER"

145

+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"

146

+

147

+pkg_setup() {

148

+	use test && python-any-r1_pkg_setup

149

+}

150

+

151

+src_unpack() {

152

+	if [[ ${PV} == "9999" ]]; then

153

+		git-r3_fetch

154

+		git-r3_checkout

155

+	else

156

+		unpack ${P}.tar.gz

157

+	fi

158

+

159

+	if use doc; then

160

+		if [[ ${PV} == "9999" ]]; then

161

+			local _EGIT_BRANCH=

162

+			if [[ -n "${EGIT_BRANCH}" ]]; then

163

+				# Cannot use rsyslog commits/branches for documentation repository

164

+				_EGIT_BRANCH=${EGIT_BRANCH}

165

+				unset EGIT_BRANCH

166

+			fi

167

+

168

+			git-r3_fetch "${DOC_REPO_URI}"

169

+			git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs

170

+

171

+			if [[ -n "${_EGIT_BRANCH}" ]]; then

172

+				# Restore previous EGIT_BRANCH information

173

+				EGIT_BRANCH=${_EGIT_BRANCH}

174

+			fi

175

+		else

176

+			cd "${S}" || die "Cannot change dir into '${S}'"

177

+			mkdir docs || die "Failed to create docs directory"

178

+			cd docs || die "Failed to change dir into '${S}/docs'"

179

+			unpack ${PN}-doc-${PV}.tar.gz

180

+		fi

181

+	fi

182

+}

183

+

184

+src_prepare() {

185

+	default

186

+

187

+	# https://github.com/rsyslog/rsyslog/issues/3626

188

+	sed -i \

189

+		-e '\|^#!/bin/bash$|a exit 77' \

190

+		tests/mmkubernetes-cache-expir*.sh \

191

+		|| die "Failed to disabled known test failure mmkubernetes-cache-expir*.sh"

192

+

193

+	eautoreconf

194

+}

195

+

196

+src_configure() {

197

+	# Maintainer notes:

198

+	# * Guardtime support is missing because libgt isn't yet available

199

+	#   in portage.

200

+	# * Hadoop's HDFS file system output module is currently not

201

+	#   supported in Gentoo because nobody is able to test it

202

+	#   (JAVA dependency).

203

+	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,

204

+	#   upstream PR 129 and 136) so we need to export HIREDIS_*

205

+	#   variables because rsyslog's build system depends on pkg-config.

206

+

207

+	if use redis; then

208

+		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"

209

+		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"

210

+	fi

211

+

212

+	local myeconfargs=(

213

+		--disable-debug-symbols

214

+		--disable-generate-man-pages

215

+		--without-valgrind-testbench

216

+		--disable-liblogging-stdlog

217

+		$(use_enable test testbench)

218

+		$(use_enable test libfaketime)

219

+		$(use_enable test extended-tests)

220

+		# Input Plugins without dependencies

221

+		--enable-imbatchreport

222

+		--enable-imdiag

223

+		--enable-imfile

224

+		--enable-improg

225

+		--enable-impstats

226

+		--enable-imptcp

227

+		# Message Modificiation Plugins without dependencies

228

+		--enable-mmanon

229

+		--enable-mmaudit

230

+		--enable-mmcount

231

+		--enable-mmfields

232

+		--enable-mmjsonparse

233

+		--enable-mmpstrucdata

234

+		--enable-mmrm1stspace

235

+		--enable-mmsequence

236

+		--enable-mmtaghostname

237

+		--enable-mmutf8fix

238

+		# Output Modification Plugins without dependencies

239

+		--enable-mail

240

+		--enable-omprog

241

+		--enable-omruleset

242

+		--enable-omstdout

243

+		--enable-omuxsock

244

+		# Misc

245

+		--enable-fmhash

246

+		--enable-fmunflatten

247

+		$(use_enable xxhash fmhash-xxhash)

248

+		--enable-pmaixforwardedfrom

249

+		--enable-pmciscoios

250

+		--enable-pmcisconames

251

+		--enable-pmdb2diag

252

+		--enable-pmlastmsg

253

+		$(use_enable normalize pmnormalize)

254

+		--enable-pmnull

255

+		--enable-pmpanngfw

256

+		--enable-pmsnare

257

+		# DB

258

+		$(use_enable dbi libdbi)

259

+		$(use_enable mongodb ommongodb)

260

+		$(use_enable mysql)

261

+		$(use_enable postgres pgsql)

262

+		$(use_enable redis imhiredis)

263

+		$(use_enable redis omhiredis)

264

+		# Debug

265

+		$(use_enable debug)

266

+		$(use_enable debug diagtools)

267

+		$(use_enable debug valgrind)

268

+		# Misc

269

+		$(use_enable clickhouse)

270

+		$(use_enable curl fmhttp)

271

+		$(use_enable elasticsearch)

272

+		$(use_enable gcrypt libgcrypt)

273

+		$(use_enable imhttp)

274

+		$(use_enable impcap)

275

+		$(use_enable jemalloc)

276

+		$(use_enable kafka imkafka)

277

+		$(use_enable kafka omkafka)

278

+		$(use_enable kerberos gssapi-krb5)

279

+		$(use_enable kubernetes mmkubernetes)

280

+		$(use_enable normalize mmnormalize)

281

+		$(use_enable mdblookup mmdblookup)

282

+		$(use_enable omhttp)

283

+		$(use_enable omhttpfs)

284

+		$(use_enable omudpspoof)

285

+		$(use_enable rabbitmq omrabbitmq)

286

+		$(use_enable relp)

287

+		$(use_enable rfc3195)

288

+		$(use_enable rfc5424hmac mmrfc5424addhmac)

289

+		$(use_enable snmp)

290

+		$(use_enable snmp mmsnmptrapd)

291

+		$(use_enable gnutls)

292

+		$(use_enable openssl)

293

+		$(use_enable systemd imjournal)

294

+		$(use_enable systemd omjournal)

295

+		$(use_enable usertools)

296

+		$(use_enable uuid)

297

+		$(use_enable zeromq imczmq)

298

+		$(use_enable zeromq omczmq)

299

+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"

300

+	)

301

+

302

+	econf "${myeconfargs[@]}"

303

+}

304

+

305

+src_compile() {

306

+	default

307

+

308

+	if use doc && [[ "${PV}" == "9999" ]]; then

309

+		einfo "Building documentation ..."

310

+		local doc_dir="${S}/docs"

311

+		cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"

312

+		sphinx-build -b html source build || die "Building documentation failed!"

313

+	fi

314

+}

315

+

316

+src_test() {

317

+	local _has_increased_ulimit=

318

+

319

+	# Sometimes tests aren't executable (i.e. when added via patch)

320

+	einfo "Adjusting permissions of test scripts ..."

321

+	find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \

322

+		die "Failed to adjust test scripts permission"

323

+

324

+	if ulimit -n 3072; then

325

+		_has_increased_ulimit="true"

326

+	fi

327

+

328

+	if ! emake --jobs 1 check; then

329

+		eerror "Test suite failed! :("

330

+

331

+		if [[ -z "${_has_increased_ulimit}" ]]; then

332

+			eerror "Probably because open file limit couldn't be set to 3072."

333

+		fi

334

+

335

+		if has userpriv ${FEATURES}; then

336

+			eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \

337

+				"before you submit a bug report."

338

+		fi

339

+

340

+	fi

341

+}

342

+

343

+src_install() {

344

+	local DOCS=(

345

+		AUTHORS

346

+		ChangeLog

347

+		"${FILESDIR}"/README.gentoo

348

+	)

349

+

350

+	use doc && local HTML_DOCS=( "${S}/docs/build/." )

351

+

352

+	default

353

+

354

+	newconfd "${FILESDIR}/${PN}.confd-r1" ${PN}

355

+	newinitd "${FILESDIR}/${PN}.initd-r1" ${PN}

356

+

357

+	systemd_newunit "${FILESDIR}/${PN}.service" ${PN}.service

358

+

359

+	keepdir /var/empty/dev

360

+	keepdir /var/spool/${PN}

361

+	keepdir /etc/ssl/${PN}

362

+	keepdir /etc/${PN}.d

363

+

364

+	insinto /etc

365

+	newins "${FILESDIR}/${PN}.conf" ${PN}.conf

366

+

367

+	insinto /etc/rsyslog.d/

368

+	newins "${FILESDIR}/50-default-r1.conf" 50-default.conf

369

+

370

+	insinto /etc/logrotate.d/

371

+	newins "${FILESDIR}/${PN}-r1.logrotate" ${PN}

372

+

373

+	if use mysql; then

374

+		insinto /usr/share/${PN}/scripts/mysql

375

+		doins plugins/ommysql/createDB.sql

376

+	fi

377

+

378

+	if use postgres; then

379

+		insinto /usr/share/${PN}/scripts/pgsql

380

+		doins plugins/ompgsql/createDB.sql

381

+	fi

382

+

383

+	find "${ED}" -name '*.la' -delete || die

384

+}

385

+

386

+pkg_postinst() {

387

+	local advertise_readme=0

388

+

389

+	if [[ -z "${REPLACING_VERSIONS}" ]]; then

390

+		# This is a new installation

391

+

392

+		advertise_readme=1

393

+

394

+		if use mysql || use postgres; then

395

+			echo

396

+			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"

397

+			elog "  /usr/share/doc/${PF}/scripts"

398

+		fi

399

+

400

+		if use ssl; then

401

+			echo

402

+			elog "To create a default CA and certificates for your server and clients, run:"

403

+			elog "  emerge --config =${PF}"

404

+			elog "on your logging server. You can run it several times,"

405

+			elog "once for each logging client. The client certificates will be signed"

406

+			elog "using the CA certificate generated during the first run."

407

+		fi

408

+	fi

409

+

410

+	if [[ ${advertise_readme} -gt 0 ]]; then

411

+		# We need to show the README file location

412

+

413

+		echo ""

414

+		elog "Please read"

415

+		elog ""

416

+		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"

417

+		elog ""

418

+		elog "for more details."

419

+	fi

420

+}

421

+

422

+pkg_config() {

423

+	if ! use ssl; then

424

+		einfo "There is nothing to configure for rsyslog unless you"

425

+		einfo "used USE=ssl to build it."

426

+		return 0

427

+	fi

428

+

429

+	if ! hash certtool &>/dev/null; then

430

+		die "certtool not found! Is net-libs/gnutls[tools] is installed?"

431

+	fi

432

+

433

+	# Make sure the certificates directory exists

434

+	local CERTDIR="${EROOT}/etc/ssl/${PN}"

435

+	if [[ ! -d "${CERTDIR}" ]]; then

436

+		mkdir "${CERTDIR}" || die

437

+	fi

438

+	einfo "Your certificates will be stored in ${CERTDIR}"

439

+

440

+	# Create a default CA if needed

441

+	if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then

442

+		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."

443

+		certtool --generate-privkey \

444

+			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" || die

445

+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"

446

+

447

+		cat > "${T}/${PF}.$$" <<- _EOF

448

+		cn = Portage automated CA

449

+		ca

450

+		cert_signing_key

451

+		expiration_days = 3650

452

+		_EOF

453

+

454

+		certtool --generate-self-signed \

455

+			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \

456

+			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \

457

+			--template "${T}/${PF}.$$" || die

458

+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"

459

+

460

+		# Create the server certificate

461

+		echo

462

+		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "

463

+		read -r CN

464

+

465

+		einfo "Creating private key and certificate for server ${CN}..."

466

+		certtool --generate-privkey \

467

+			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" || die

468

+		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"

469

+

470

+		cat > "${T}/${PF}.$$" <<- _EOF

471

+		cn = ${CN}

472

+		tls_www_server

473

+		dns_name = ${CN}

474

+		expiration_days = 3650

475

+		_EOF

476

+

477

+		certtool --generate-certificate \

478

+			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \

479

+			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \

480

+			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \

481

+			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \

482

+			--template "${T}/${PF}.$$" &>/dev/null

483

+		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"

484

+

485

+	else

486

+		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."

487

+	fi

488

+

489

+	# Create a client certificate

490

+	echo

491

+	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "

492

+	read -r CN

493

+

494

+	einfo "Creating private key and certificate for client ${CN}..."

495

+	certtool --generate-privkey \

496

+		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" || die

497

+	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"

498

+

499

+	cat > "${T}/${PF}.$$" <<- _EOF

500

+	cn = ${CN}

501

+	tls_www_client

502

+	dns_name = ${CN}

503

+	expiration_days = 3650

504

+	_EOF

505

+

506

+	certtool --generate-certificate \

507

+		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \

508

+		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \

509

+		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \

510

+		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \

511

+		--template "${T}/${PF}.$$" || die

512

+	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"

513

+

514

+	rm -f "${T}/${PF}.$$"

515

+

516

+	echo

517

+	einfo "Here is the documentation on how to encrypt your log traffic:"

518

+	einfo " https://www.rsyslog.com/doc/rsyslog_tls.html"

519

+}

1	commit: bde9393d1e2740593552cd7432b2af610e72a1ec
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Tue Aug 24 13:16:27 2021 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Tue Aug 24 13:16:27 2021 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bde9393d
7
8	app-admin/rsyslog: bump to v8.2108.0
9
10	Package-Manager: Portage-3.0.22, Repoman-3.0.3
11	Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
12
13	app-admin/rsyslog/Manifest \| 2 +
14	app-admin/rsyslog/rsyslog-8.2108.0.ebuild \| 483 ++++++++++++++++++++++++++++++
15	2 files changed, 485 insertions(+)
16
17	diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest
18	index a47191519f0..e17168bc042 100644
19	--- a/app-admin/rsyslog/Manifest
20	+++ b/app-admin/rsyslog/Manifest
21	@@ -1,6 +1,8 @@
22	DIST rsyslog-8.2102.0.tar.gz 3123684 BLAKE2B f5c4e00d68ec82ed3f7b89dd5e888bebda9c4eb38185dfd8ecd96c1bf77380385aaddac73ab1de8364e1239a3de746f160c18b0f135d006f473f9e40be2c18a1 SHA512 281b0e5d5cb548c39a6e514e5fd5b1bdbe8ca0bdd9234f4fea581ed7679f76d2d75b65d14c3c5e799f86f91600074ff75b467aa1ff27cdbec0f4197261c5aec0
23	DIST rsyslog-8.2104.0.tar.gz 3175254 BLAKE2B ed772d4e460105b8406305574fdbe4aeca7ba57ba975b78f91d279460fee0faa767fcda3d2d8a4ba6d543bf9e920f9b7cf5ddf9e4d3ccfc9ae3b08c318a6c5b0 SHA512 15ded57f32259bb12b3378d10bc2d4d6eff39623f1195357dafa58e5c1154aedc0d60ff0746599707f380cf3bfc5ca955f15f1213572fa447cc333d479e0eefc
24	DIST rsyslog-8.2106.0.tar.gz 3180745 BLAKE2B a949c36e0c5251fa3cd7748387990b667564561a5fcf0250bb19ebf62bf88f367814f86d743c64e0b5e5a184e2160ec0c2cd2600ac0ffc655e41d651495e9311 SHA512 309bba7e53f0dc6462f8cac781f567ce879f31bc020b233e80aa4461cc4c6e9279ca1c65c910ce3015fcab9ed663020db84ff4073c03a436b5be66e57a99164f
25	+DIST rsyslog-8.2108.0.tar.gz 3204178 BLAKE2B d120f2b20521a40fbe985a4ba751edd51ed5917fcd0db5d7abb35ecada3ada31f99d34f74cd3278736356e8f09f13b79ca2166e4732676a97655c189d257e3fa SHA512 95096660bc93f7808d22c39549d7429deb340ef8d706f08dc8be35f48d1c7e3d389907fdf18ba04dd54fb59c9780fdb267eef7985184f0e5932bf11f46c5423b
26	DIST rsyslog-doc-8.2102.0.tar.gz 6419104 BLAKE2B 134c7ccde6f7435b35840fa37f5774223ac1ebd7dc10db961900a7b1600483156518433c7f70d0981e96ea750e1916ab53e346abacf58066bf141e85c719ae00 SHA512 a5dc4fb9bd8892fac693c5692b926c8d7d9fa36667d6b4c6eccba750713af88d4317f6232efc2a16de38c2e58c4a8bc4d04c9ebb2e7ebc3b0878d53eef20dd2e
27	DIST rsyslog-doc-8.2104.0.tar.gz 6451275 BLAKE2B cb8a38b28caec17babd190e463070b862071a75c4c63a7208e56f039f84ae7a5c6045112697c61635d328e56d9427f692e67a9d6fefc94b59ad28481210f1481 SHA512 6c898fa606190c5cf214822503f060b1692cd907731858736a395511b66d7b0d1cf6dfcc90c4cecbe21b099197ae2187db53d719f44f85f26a1bd34971539d36
28	DIST rsyslog-doc-8.2106.0.tar.gz 6500747 BLAKE2B d004af40dfc82577fe262993b10497cbf50142295ccfc046126e0d8cc85dd964cca7798732d2f41ef9d776096b3ec99a8c835bb037a78c9030ea6cd596d1e057 SHA512 04c205ea463f7487baedf60d0469f3752edfb60a0833954a3f208d52ed6495152c785a4a8ea47396ac85b581ced0657f7b51d313c2d4295e26d547b996ff4ca3
29	+DIST rsyslog-doc-8.2108.0.tar.gz 6527584 BLAKE2B b7974d2f723603017f1c725f820e03f355af1805d77143e6ff9eeb02e54a991ba4c143fc45b48b3e1625328e68113df36d71abd0763983a8db655081c5d81abc SHA512 d4ca8c91cbdd7be458083ffec9d933e5d1e175dff93fdf9274f5ca444c9cfe8710349c16de6edfd3e12cf97fc889a9e71059ef1d0b85fda4ed335fb107b98a9f
30
31	diff --git a/app-admin/rsyslog/rsyslog-8.2108.0.ebuild b/app-admin/rsyslog/rsyslog-8.2108.0.ebuild
32	new file mode 100644
33	index 00000000000..c03f64233c7
34	--- /dev/null
35	+++ b/app-admin/rsyslog/rsyslog-8.2108.0.ebuild
36	@@ -0,0 +1,483 @@
37	+# Copyright 1999-2021 Gentoo Authors
38	+# Distributed under the terms of the GNU General Public License v2
39	+
40	+EAPI="7"
41	+PYTHON_COMPAT=( python3_{7..10} )
42	+
43	+inherit autotools linux-info python-any-r1 systemd
44	+
45	+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
46	+HOMEPAGE="https://www.rsyslog.com/"
47	+
48	+if [[ ${PV} == "9999" ]]; then
49	+ EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"
50	+
51	+ DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"
52	+
53	+ inherit git-r3
54	+else
55	+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86"
56	+
57	+ SRC_URI="
58	+ https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz
59	+ doc? ( https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz )
60	+ "
61	+fi
62	+
63	+LICENSE="GPL-3 LGPL-3 Apache-2.0"
64	+SLOT="0"
65	+
66	+IUSE="clickhouse curl dbi debug doc elasticsearch +gcrypt gnutls imhttp"
67	+IUSE+=" impcap jemalloc kafka kerberos kubernetes mdblookup"
68	+IUSE+=" mongodb mysql normalize omhttp omhttpfs omudpspoof +openssl"
69	+IUSE+=" postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp +ssl"
70	+IUSE+=" systemd test usertools +uuid xxhash zeromq"
71	+
72	+RESTRICT="!test? ( test )"
73	+
74	+REQUIRED_USE="
75	+ kubernetes? ( normalize )
76	+ ssl? ( \|\| ( gnutls openssl ) )
77	+"
78	+
79	+BDEPEND=">=sys-devel/autoconf-archive-2015.02.24
80	+ virtual/pkgconfig
81	+ elibc_musl? ( sys-libs/queue-standalone )
82	+ test? (
83	+ jemalloc? ( <sys-libs/libfaketime-0.9.7 )
84	+ !jemalloc? ( sys-libs/libfaketime )
85	+ ${PYTHON_DEPS}
86	+ )"
87	+
88	+RDEPEND="
89	+ >=dev-libs/libfastjson-0.99.8:=
90	+ >=dev-libs/libestr-0.1.9
91	+ >=sys-libs/zlib-1.2.5
92	+ curl? ( >=net-misc/curl-7.35.0 )
93	+ dbi? ( >=dev-db/libdbi-0.8.3 )
94	+ elasticsearch? ( >=net-misc/curl-7.35.0 )
95	+ gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
96	+ imhttp? ( www-servers/civetweb )
97	+ impcap? ( net-libs/libpcap )
98	+ jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )
99	+ kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )
100	+ kerberos? ( virtual/krb5 )
101	+ kubernetes? ( >=net-misc/curl-7.35.0 )
102	+ mdblookup? ( dev-libs/libmaxminddb:= )
103	+ mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )
104	+ mysql? ( dev-db/mysql-connector-c:= )
105	+ normalize? (
106	+ >=dev-libs/liblognorm-2.0.3:=
107	+ )
108	+ clickhouse? ( >=net-misc/curl-7.35.0 )
109	+ omhttpfs? ( >=net-misc/curl-7.35.0 )
110	+ omudpspoof? ( >=net-libs/libnet-1.1.6 )
111	+ postgres? ( >=dev-db/postgresql-8.4.20:= )
112	+ rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )
113	+ redis? ( >=dev-libs/hiredis-0.11.0:= )
114	+ relp? ( >=dev-libs/librelp-1.2.17:= )
115	+ rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
116	+ rfc5424hmac? (
117	+ >=dev-libs/openssl-0.9.8y:0=
118	+ )
119	+ snmp? ( >=net-analyzer/net-snmp-5.7.2 )
120	+ ssl? (
121	+ gnutls? ( >=net-libs/gnutls-2.12.23:0= )
122	+ openssl? (
123	+ dev-libs/openssl:0=
124	+ )
125	+ )
126	+ systemd? ( >=sys-apps/systemd-234 )
127	+ uuid? ( sys-apps/util-linux:0= )
128	+ xxhash? ( dev-libs/xxhash:= )
129	+ zeromq? (
130	+ >=net-libs/czmq-4:=[drafts]
131	+ )"
132	+DEPEND="${RDEPEND}
133	+ test? (
134	+ >=dev-libs/liblogging-1.0.1[stdlog]
135	+ )"
136	+
137	+if [[ ${PV} == "9999" ]]; then
138	+ BDEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
139	+ BDEPEND+=" >=sys-devel/flex-2.5.39-r1"
140	+ BDEPEND+=" >=sys-devel/bison-2.4.3"
141	+ BDEPEND+=" >=dev-python/docutils-0.12"
142	+fi
143	+
144	+CONFIG_CHECK="~INOTIFY_USER"
145	+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"
146	+
147	+pkg_setup() {
148	+ use test && python-any-r1_pkg_setup
149	+}
150	+
151	+src_unpack() {
152	+ if [[ ${PV} == "9999" ]]; then
153	+ git-r3_fetch
154	+ git-r3_checkout
155	+ else
156	+ unpack ${P}.tar.gz
157	+ fi
158	+
159	+ if use doc; then
160	+ if [[ ${PV} == "9999" ]]; then
161	+ local _EGIT_BRANCH=
162	+ if [[ -n "${EGIT_BRANCH}" ]]; then
163	+ # Cannot use rsyslog commits/branches for documentation repository
164	+ _EGIT_BRANCH=${EGIT_BRANCH}
165	+ unset EGIT_BRANCH
166	+ fi
167	+
168	+ git-r3_fetch "${DOC_REPO_URI}"
169	+ git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
170	+
171	+ if [[ -n "${_EGIT_BRANCH}" ]]; then
172	+ # Restore previous EGIT_BRANCH information
173	+ EGIT_BRANCH=${_EGIT_BRANCH}
174	+ fi
175	+ else
176	+ cd "${S}" \|\| die "Cannot change dir into '${S}'"
177	+ mkdir docs \|\| die "Failed to create docs directory"
178	+ cd docs \|\| die "Failed to change dir into '${S}/docs'"
179	+ unpack ${PN}-doc-${PV}.tar.gz
180	+ fi
181	+ fi
182	+}
183	+
184	+src_prepare() {
185	+ default
186	+
187	+ # https://github.com/rsyslog/rsyslog/issues/3626
188	+ sed -i \
189	+ -e '\\|^#!/bin/bash$\|a exit 77' \
190	+ tests/mmkubernetes-cache-expir*.sh \
191	+ \|\| die "Failed to disabled known test failure mmkubernetes-cache-expir*.sh"
192	+
193	+ eautoreconf
194	+}
195	+
196	+src_configure() {
197	+ # Maintainer notes:
198	+ # * Guardtime support is missing because libgt isn't yet available
199	+ # in portage.
200	+ # * Hadoop's HDFS file system output module is currently not
201	+ # supported in Gentoo because nobody is able to test it
202	+ # (JAVA dependency).
203	+ # * dev-libs/hiredis doesn't provide pkg-config (see #504614,
204	+ # upstream PR 129 and 136) so we need to export HIREDIS_*
205	+ # variables because rsyslog's build system depends on pkg-config.
206	+
207	+ if use redis; then
208	+ export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
209	+ export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
210	+ fi
211	+
212	+ local myeconfargs=(
213	+ --disable-debug-symbols
214	+ --disable-generate-man-pages
215	+ --without-valgrind-testbench
216	+ --disable-liblogging-stdlog
217	+ $(use_enable test testbench)
218	+ $(use_enable test libfaketime)
219	+ $(use_enable test extended-tests)
220	+ # Input Plugins without dependencies
221	+ --enable-imbatchreport
222	+ --enable-imdiag
223	+ --enable-imfile
224	+ --enable-improg
225	+ --enable-impstats
226	+ --enable-imptcp
227	+ # Message Modificiation Plugins without dependencies
228	+ --enable-mmanon
229	+ --enable-mmaudit
230	+ --enable-mmcount
231	+ --enable-mmfields
232	+ --enable-mmjsonparse
233	+ --enable-mmpstrucdata
234	+ --enable-mmrm1stspace
235	+ --enable-mmsequence
236	+ --enable-mmtaghostname
237	+ --enable-mmutf8fix
238	+ # Output Modification Plugins without dependencies
239	+ --enable-mail
240	+ --enable-omprog
241	+ --enable-omruleset
242	+ --enable-omstdout
243	+ --enable-omuxsock
244	+ # Misc
245	+ --enable-fmhash
246	+ --enable-fmunflatten
247	+ $(use_enable xxhash fmhash-xxhash)
248	+ --enable-pmaixforwardedfrom
249	+ --enable-pmciscoios
250	+ --enable-pmcisconames
251	+ --enable-pmdb2diag
252	+ --enable-pmlastmsg
253	+ $(use_enable normalize pmnormalize)
254	+ --enable-pmnull
255	+ --enable-pmpanngfw
256	+ --enable-pmsnare
257	+ # DB
258	+ $(use_enable dbi libdbi)
259	+ $(use_enable mongodb ommongodb)
260	+ $(use_enable mysql)
261	+ $(use_enable postgres pgsql)
262	+ $(use_enable redis imhiredis)
263	+ $(use_enable redis omhiredis)
264	+ # Debug
265	+ $(use_enable debug)
266	+ $(use_enable debug diagtools)
267	+ $(use_enable debug valgrind)
268	+ # Misc
269	+ $(use_enable clickhouse)
270	+ $(use_enable curl fmhttp)
271	+ $(use_enable elasticsearch)
272	+ $(use_enable gcrypt libgcrypt)
273	+ $(use_enable imhttp)
274	+ $(use_enable impcap)
275	+ $(use_enable jemalloc)
276	+ $(use_enable kafka imkafka)
277	+ $(use_enable kafka omkafka)
278	+ $(use_enable kerberos gssapi-krb5)
279	+ $(use_enable kubernetes mmkubernetes)
280	+ $(use_enable normalize mmnormalize)
281	+ $(use_enable mdblookup mmdblookup)
282	+ $(use_enable omhttp)
283	+ $(use_enable omhttpfs)
284	+ $(use_enable omudpspoof)
285	+ $(use_enable rabbitmq omrabbitmq)
286	+ $(use_enable relp)
287	+ $(use_enable rfc3195)
288	+ $(use_enable rfc5424hmac mmrfc5424addhmac)
289	+ $(use_enable snmp)
290	+ $(use_enable snmp mmsnmptrapd)
291	+ $(use_enable gnutls)
292	+ $(use_enable openssl)
293	+ $(use_enable systemd imjournal)
294	+ $(use_enable systemd omjournal)
295	+ $(use_enable usertools)
296	+ $(use_enable uuid)
297	+ $(use_enable zeromq imczmq)
298	+ $(use_enable zeromq omczmq)
299	+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
300	+ )
301	+
302	+ econf "${myeconfargs[@]}"
303	+}
304	+
305	+src_compile() {
306	+ default
307	+
308	+ if use doc && [[ "${PV}" == "9999" ]]; then
309	+ einfo "Building documentation ..."
310	+ local doc_dir="${S}/docs"
311	+ cd "${doc_dir}" \|\| die "Cannot chdir into \"${doc_dir}\"!"
312	+ sphinx-build -b html source build \|\| die "Building documentation failed!"
313	+ fi
314	+}
315	+
316	+src_test() {
317	+ local _has_increased_ulimit=
318	+
319	+ # Sometimes tests aren't executable (i.e. when added via patch)
320	+ einfo "Adjusting permissions of test scripts ..."
321	+ find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; \|\| \
322	+ die "Failed to adjust test scripts permission"
323	+
324	+ if ulimit -n 3072; then
325	+ _has_increased_ulimit="true"
326	+ fi
327	+
328	+ if ! emake --jobs 1 check; then
329	+ eerror "Test suite failed! :("
330	+
331	+ if [[ -z "${_has_increased_ulimit}" ]]; then
332	+ eerror "Probably because open file limit couldn't be set to 3072."
333	+ fi
334	+
335	+ if has userpriv ${FEATURES}; then
336	+ eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
337	+ "before you submit a bug report."
338	+ fi
339	+
340	+ fi
341	+}
342	+
343	+src_install() {
344	+ local DOCS=(
345	+ AUTHORS
346	+ ChangeLog
347	+ "${FILESDIR}"/README.gentoo
348	+ )
349	+
350	+ use doc && local HTML_DOCS=( "${S}/docs/build/." )
351	+
352	+ default
353	+
354	+ newconfd "${FILESDIR}/${PN}.confd-r1" ${PN}
355	+ newinitd "${FILESDIR}/${PN}.initd-r1" ${PN}
356	+
357	+ systemd_newunit "${FILESDIR}/${PN}.service" ${PN}.service
358	+
359	+ keepdir /var/empty/dev
360	+ keepdir /var/spool/${PN}
361	+ keepdir /etc/ssl/${PN}
362	+ keepdir /etc/${PN}.d
363	+
364	+ insinto /etc
365	+ newins "${FILESDIR}/${PN}.conf" ${PN}.conf
366	+
367	+ insinto /etc/rsyslog.d/
368	+ newins "${FILESDIR}/50-default-r1.conf" 50-default.conf
369	+
370	+ insinto /etc/logrotate.d/
371	+ newins "${FILESDIR}/${PN}-r1.logrotate" ${PN}
372	+
373	+ if use mysql; then
374	+ insinto /usr/share/${PN}/scripts/mysql
375	+ doins plugins/ommysql/createDB.sql
376	+ fi
377	+
378	+ if use postgres; then
379	+ insinto /usr/share/${PN}/scripts/pgsql
380	+ doins plugins/ompgsql/createDB.sql
381	+ fi
382	+
383	+ find "${ED}" -name '*.la' -delete \|\| die
384	+}
385	+
386	+pkg_postinst() {
387	+ local advertise_readme=0
388	+
389	+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
390	+ # This is a new installation
391	+
392	+ advertise_readme=1
393	+
394	+ if use mysql \|\| use postgres; then
395	+ echo
396	+ elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
397	+ elog " /usr/share/doc/${PF}/scripts"
398	+ fi
399	+
400	+ if use ssl; then
401	+ echo
402	+ elog "To create a default CA and certificates for your server and clients, run:"
403	+ elog " emerge --config =${PF}"
404	+ elog "on your logging server. You can run it several times,"
405	+ elog "once for each logging client. The client certificates will be signed"
406	+ elog "using the CA certificate generated during the first run."
407	+ fi
408	+ fi
409	+
410	+ if [[ ${advertise_readme} -gt 0 ]]; then
411	+ # We need to show the README file location
412	+
413	+ echo ""
414	+ elog "Please read"
415	+ elog ""
416	+ elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
417	+ elog ""
418	+ elog "for more details."
419	+ fi
420	+}
421	+
422	+pkg_config() {
423	+ if ! use ssl; then
424	+ einfo "There is nothing to configure for rsyslog unless you"
425	+ einfo "used USE=ssl to build it."
426	+ return 0
427	+ fi
428	+
429	+ if ! hash certtool &>/dev/null; then
430	+ die "certtool not found! Is net-libs/gnutls[tools] is installed?"
431	+ fi
432	+
433	+ # Make sure the certificates directory exists
434	+ local CERTDIR="${EROOT}/etc/ssl/${PN}"
435	+ if [[ ! -d "${CERTDIR}" ]]; then
436	+ mkdir "${CERTDIR}" \|\| die
437	+ fi
438	+ einfo "Your certificates will be stored in ${CERTDIR}"
439	+
440	+ # Create a default CA if needed
441	+ if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then
442	+ einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
443	+ certtool --generate-privkey \
444	+ --outfile "${CERTDIR}/${PN}_ca.privkey.pem" \|\| die
445	+ chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
446	+
447	+ cat > "${T}/${PF}.$$" <<- _EOF
448	+ cn = Portage automated CA
449	+ ca
450	+ cert_signing_key
451	+ expiration_days = 3650
452	+ _EOF
453	+
454	+ certtool --generate-self-signed \
455	+ --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
456	+ --outfile "${CERTDIR}/${PN}_ca.cert.pem" \
457	+ --template "${T}/${PF}.$$" \|\| die
458	+ chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
459	+
460	+ # Create the server certificate
461	+ echo
462	+ einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
463	+ read -r CN
464	+
465	+ einfo "Creating private key and certificate for server ${CN}..."
466	+ certtool --generate-privkey \
467	+ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" \|\| die
468	+ chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
469	+
470	+ cat > "${T}/${PF}.$$" <<- _EOF
471	+ cn = ${CN}
472	+ tls_www_server
473	+ dns_name = ${CN}
474	+ expiration_days = 3650
475	+ _EOF
476	+
477	+ certtool --generate-certificate \
478	+ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
479	+ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
480	+ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
481	+ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
482	+ --template "${T}/${PF}.$$" &>/dev/null
483	+ chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
484	+
485	+ else
486	+ einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
487	+ fi
488	+
489	+ # Create a client certificate
490	+ echo
491	+ einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
492	+ read -r CN
493	+
494	+ einfo "Creating private key and certificate for client ${CN}..."
495	+ certtool --generate-privkey \
496	+ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" \|\| die
497	+ chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
498	+
499	+ cat > "${T}/${PF}.$$" <<- _EOF
500	+ cn = ${CN}
501	+ tls_www_client
502	+ dns_name = ${CN}
503	+ expiration_days = 3650
504	+ _EOF
505	+
506	+ certtool --generate-certificate \
507	+ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
508	+ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
509	+ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
510	+ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
511	+ --template "${T}/${PF}.$$" \|\| die
512	+ chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
513	+
514	+ rm -f "${T}/${PF}.$$"
515	+
516	+ echo
517	+ einfo "Here is the documentation on how to encrypt your log traffic:"
518	+ einfo " https://www.rsyslog.com/doc/rsyslog_tls.html"
519	+}

Gentoo Archives: gentoo-commits