1 |
ultrabug 14/05/22 11:15:49 |
2 |
|
3 |
Modified: ChangeLog metadata.xml |
4 |
Added: rsyslog-7.6.3.ebuild |
5 |
Removed: rsyslog-7.4.3.ebuild rsyslog-7.4.6.ebuild |
6 |
rsyslog-7.4.7.ebuild |
7 |
Log: |
8 |
version bump fix #501988 #501982 #501986 #490744 thx to @Whissi |
9 |
|
10 |
(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key B658FA13) |
11 |
|
12 |
Revision Changes Path |
13 |
1.112 app-admin/rsyslog/ChangeLog |
14 |
|
15 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/ChangeLog?rev=1.112&view=markup |
16 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/ChangeLog?rev=1.112&content-type=text/plain |
17 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/ChangeLog?r1=1.111&r2=1.112 |
18 |
|
19 |
Index: ChangeLog |
20 |
=================================================================== |
21 |
RCS file: /var/cvsroot/gentoo-x86/app-admin/rsyslog/ChangeLog,v |
22 |
retrieving revision 1.111 |
23 |
retrieving revision 1.112 |
24 |
diff -u -r1.111 -r1.112 |
25 |
--- ChangeLog 16 Apr 2014 16:14:41 -0000 1.111 |
26 |
+++ ChangeLog 22 May 2014 11:15:49 -0000 1.112 |
27 |
@@ -1,6 +1,19 @@ |
28 |
# ChangeLog for app-admin/rsyslog |
29 |
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 |
30 |
-# $Header: /var/cvsroot/gentoo-x86/app-admin/rsyslog/ChangeLog,v 1.111 2014/04/16 16:14:41 maksbotan Exp $ |
31 |
+# $Header: /var/cvsroot/gentoo-x86/app-admin/rsyslog/ChangeLog,v 1.112 2014/05/22 11:15:49 ultrabug Exp $ |
32 |
+ |
33 |
+*rsyslog-7.6.3 (22 May 2014) |
34 |
+ |
35 |
+ 22 May 2014; Ultrabug <ultrabug@g.o> -rsyslog-7.4.3.ebuild, |
36 |
+ -rsyslog-7.4.6.ebuild, -rsyslog-7.4.7.ebuild, +rsyslog-7.6.3.ebuild, |
37 |
+ +files/7-stable/50-default.conf, +files/7-stable/README.gentoo, |
38 |
+ +files/7-stable/bugfix_52.patch, +files/7-stable/bugfix_73.patch, |
39 |
+ +files/7-stable/fix-omruleset-default-value.patch, |
40 |
+ +files/7-stable/rsyslog.conf, +files/7-stable/rsyslog.confd-r1, |
41 |
+ +files/7-stable/rsyslog.initd-r1, +files/7-stable/rsyslog.logrotate-r1, |
42 |
+ metadata.xml: |
43 |
+ version bump fix #501988 #501982 #501986 #490744 thx to @Whissi, drop old |
44 |
+ versions |
45 |
|
46 |
16 Apr 2014; Maxim Koltsov <maksbotan@g.o> |
47 |
+files/7-stable/rsyslog-7.x-mmjsonparse.patch, rsyslog-7.2.7.ebuild, |
48 |
|
49 |
|
50 |
|
51 |
1.16 app-admin/rsyslog/metadata.xml |
52 |
|
53 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/metadata.xml?rev=1.16&view=markup |
54 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/metadata.xml?rev=1.16&content-type=text/plain |
55 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/metadata.xml?r1=1.15&r2=1.16 |
56 |
|
57 |
Index: metadata.xml |
58 |
=================================================================== |
59 |
RCS file: /var/cvsroot/gentoo-x86/app-admin/rsyslog/metadata.xml,v |
60 |
retrieving revision 1.15 |
61 |
retrieving revision 1.16 |
62 |
diff -u -r1.15 -r1.16 |
63 |
--- metadata.xml 10 Mar 2014 13:00:19 -0000 1.15 |
64 |
+++ metadata.xml 22 May 2014 11:15:49 -0000 1.16 |
65 |
@@ -1,23 +1,41 @@ |
66 |
<?xml version="1.0" encoding="UTF-8"?> |
67 |
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
68 |
<pkgmetadata> |
69 |
- <maintainer> |
70 |
- <email>ultrabug@g.o</email> |
71 |
- <name>Ultrabug</name> |
72 |
- <description>Primary Maintainer</description> |
73 |
- </maintainer> |
74 |
- <maintainer> |
75 |
- <email>whissi@××××××.de</email> |
76 |
- <name>Thomas D. (Whissi)</name> |
77 |
- <description>Proxy-Maintainer, CC. bugs</description> |
78 |
- </maintainer> |
79 |
- <use> |
80 |
- <flag name="extras">Add support for the UDP spoofing module (omudpspoof) using <pkg>net-libs/libnet</pkg></flag> |
81 |
- <flag name="mongodb">Add support for the MongoDB output template module using <pkg>dev-libs/libmongo-client</pkg></flag> |
82 |
- <flag name="relp">Add support for the Reliable Event Logging Protocol using <pkg>dev-libs/librelp</pkg></flag> |
83 |
- <flag name="zeromq">Add support for the ZeroMQ input and output plugins using <pkg>net-libs/zeromq</pkg></flag> |
84 |
- </use> |
85 |
- <upstream> |
86 |
- <remote-id type="cpe">cpe:/a:rsyslog:rsyslog</remote-id> |
87 |
- </upstream> |
88 |
+ <maintainer> |
89 |
+ <email>ultrabug@g.o</email> |
90 |
+ <name>Ultrabug</name> |
91 |
+ <description>Primary Maintainer</description> |
92 |
+ </maintainer> |
93 |
+ <maintainer> |
94 |
+ <email>whissi@××××××.de</email> |
95 |
+ <name>Thomas D. (Whissi)</name> |
96 |
+ <description>Proxy-Maintainer, CC. bugs</description> |
97 |
+ </maintainer> |
98 |
+ <use> |
99 |
+ <flag name="dbi">Build the general database output module (requires <pkg>dev-db/libdbi</pkg>)</flag> |
100 |
+ <flag name="elasticsearch">Build the Elasticsearch output module (requires <pkg>net-misc/curl</pkg>)</flag> |
101 |
+ <flag name="extras">Add support for the UDP spoofing module (omudpspoof) using <pkg>net-libs/libnet</pkg></flag> |
102 |
+ <flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag> |
103 |
+ <flag name="kerberos">Build the GSSAPI input and output module (requires <pkg>virtual/krb5</pkg>)</flag> |
104 |
+ <flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag> |
105 |
+ <flag name="mysql">Build the MySQL databse output module (requires <pkg>virtual/mysql</pkg>)</flag> |
106 |
+ <flag name="normalize">Build the normalize modify module (requires <pkg>dev-libs/libee</pkg> and <pkg>dev-libs/liblognorm</pkg>)</flag> |
107 |
+ <flag name="omudpspoof">Build the udpspoof output module (requires <pkg>net-libs/libnet</pkg>)</flag> |
108 |
+ <flag name="oracle">Build the Oracle database output module (requires <pkg>dev-db/oracle-instantclient-basic</pkg>)</flag> |
109 |
+ <flag name="postgres">Build the PostgreSQL database output module (requires <pkg>dev-db/postgresql-base</pkg>)</flag> |
110 |
+ <flag name="rabbitmq">Build the RabbitMQ output module (requires <pkg>net-libs/rabbitmq-c</pkg>)</flag> |
111 |
+ <flag name="redis">Build the Redis output module using (requires <pkg>dev-libs/hiredis</pkg>)</flag> |
112 |
+ <flag name="relp">Build the Reliable Event Logging Protocol (RELP) output module (requires <pkg>dev-libs/librelp</pkg>)</flag> |
113 |
+ <flag name="rfc3195">Build the rfc3195 input module (requires <pkg>dev-libs/liblogging</pkg>)</flag> |
114 |
+ <flag name="rfc5424hmac">Build the rfc5424hmac modify module (requires <pkg>dev-libs/openssl</pkg>)</flag> |
115 |
+ <flag name="snmp">Build the snmp modify and output module (requires <pkg>net-analyzer/net-snmp</pkg>)</flag> |
116 |
+ <flag name="ssl">Add support for encrypted client/server communication (requires <pkg>net-libs/gnutls</pkg>)</flag> |
117 |
+ <flag name="systemd">Build the journal input and output module (requires <pkg>sys-apps/systemd</pkg>)</flag> |
118 |
+ <flag name="usertools">Installs the user tools (rsgtutil, rscryutil...) corresponding to the set USE flags</flag> |
119 |
+ <flag name="zeromq">Build the ZeroMQ input and output modules (requires <pkg>net-libs/zeromq</pkg>)</flag> |
120 |
+ </use> |
121 |
+ <upstream> |
122 |
+ <bugs-to>https://github.com/rsyslog/rsyslog/issues</bugs-to> |
123 |
+ <remote-id type="cpe">cpe:/a:rsyslog:rsyslog</remote-id> |
124 |
+ </upstream> |
125 |
</pkgmetadata> |
126 |
|
127 |
|
128 |
|
129 |
1.1 app-admin/rsyslog/rsyslog-7.6.3.ebuild |
130 |
|
131 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/rsyslog-7.6.3.ebuild?rev=1.1&view=markup |
132 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/rsyslog-7.6.3.ebuild?rev=1.1&content-type=text/plain |
133 |
|
134 |
Index: rsyslog-7.6.3.ebuild |
135 |
=================================================================== |
136 |
# Copyright 1999-2014 Gentoo Foundation |
137 |
# Distributed under the terms of the GNU General Public License v2 |
138 |
# $Header: /var/cvsroot/gentoo-x86/app-admin/rsyslog/rsyslog-7.6.3.ebuild,v 1.1 2014/05/22 11:15:49 ultrabug Exp $ |
139 |
|
140 |
EAPI=5 |
141 |
AUTOTOOLS_AUTORECONF=1 |
142 |
|
143 |
inherit autotools-utils eutils systemd |
144 |
|
145 |
DESCRIPTION="An enhanced multi-threaded syslogd with database support and more" |
146 |
HOMEPAGE="http://www.rsyslog.com/" |
147 |
SRC_URI="http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz" |
148 |
|
149 |
LICENSE="GPL-3 LGPL-3 Apache-2.0" |
150 |
KEYWORDS="~amd64 ~x86" |
151 |
SLOT="0" |
152 |
IUSE="dbi debug doc elasticsearch +gcrypt kerberos mongodb mysql normalize omudpspoof oracle postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd usertools zeromq" |
153 |
|
154 |
RDEPEND=" |
155 |
>=dev-libs/json-c-0.11:= |
156 |
>=dev-libs/libestr-0.1.9 |
157 |
>=dev-libs/liblogging-1.0.1:=[stdlog] |
158 |
>=sys-libs/zlib-1.2.5 |
159 |
dbi? ( >=dev-db/libdbi-0.8.3 ) |
160 |
elasticsearch? ( >=net-misc/curl-7.35.0 ) |
161 |
gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= ) |
162 |
kerberos? ( virtual/krb5 ) |
163 |
mongodb? ( >=dev-libs/libmongo-client-0.1.4 ) |
164 |
mysql? ( virtual/mysql ) |
165 |
normalize? ( |
166 |
>=dev-libs/libee-0.4.0 |
167 |
>=dev-libs/liblognorm-0.3.1:= |
168 |
!>=dev-libs/liblognorm-1.0.0 |
169 |
) |
170 |
omudpspoof? ( >=net-libs/libnet-1.1.6 ) |
171 |
oracle? ( >=dev-db/oracle-instantclient-basic-10.2 ) |
172 |
postgres? ( >=dev-db/postgresql-base-8.4.20 ) |
173 |
rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0 ) |
174 |
redis? ( >=dev-libs/hiredis-0.11.0 ) |
175 |
relp? ( >=dev-libs/librelp-1.2.5 ) |
176 |
rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] ) |
177 |
rfc5424hmac? ( >=dev-libs/openssl-0.9.8y ) |
178 |
snmp? ( >=net-analyzer/net-snmp-5.7.2 ) |
179 |
ssl? ( >=net-libs/gnutls-2.12.23 ) |
180 |
systemd? ( >=sys-apps/systemd-208 ) |
181 |
zeromq? ( >=net-libs/czmq-1.2.0 )" |
182 |
DEPEND="${RDEPEND} |
183 |
virtual/pkgconfig" |
184 |
|
185 |
BRANCH="7-stable" |
186 |
|
187 |
# Test suite requires a special setup or will always fail |
188 |
RESTRICT="test" |
189 |
|
190 |
# Maitainer note : open a bug to upstream |
191 |
# showing that building in a separate dir fails |
192 |
AUTOTOOLS_IN_SOURCE_BUILD=1 |
193 |
|
194 |
AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules" |
195 |
|
196 |
DOCS=( |
197 |
AUTHORS |
198 |
ChangeLog |
199 |
doc/rsyslog-example.conf |
200 |
"${FILESDIR}"/${BRANCH}/README.gentoo |
201 |
) |
202 |
|
203 |
PATCHES=( |
204 |
"${FILESDIR}"/${BRANCH}/${PN}-7.x-mmjsonparse.patch |
205 |
"${FILESDIR}"/${BRANCH}/fix-omruleset-default-value.patch |
206 |
"${FILESDIR}"/${BRANCH}/bugfix_52.patch |
207 |
"${FILESDIR}"/${BRANCH}/bugfix_73.patch |
208 |
) |
209 |
|
210 |
src_configure() { |
211 |
# Maintainer notes: |
212 |
# * Guardtime support is missing because libgt isn't yet available |
213 |
# in portage. |
214 |
# * Hadoop's HDFS file system output module is currently not |
215 |
# supported in Gentoo because nobody is able to test it |
216 |
# (JAVA dependency). |
217 |
# * dev-libs/hiredis doesn't provide pkg-config (see #504614, |
218 |
# upstream PR 129 and 136) so we need to export HIREDIS_* |
219 |
# variables because rsyslog's build system depends on pkg-config. |
220 |
|
221 |
if use redis; then |
222 |
export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis" |
223 |
export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include" |
224 |
fi |
225 |
|
226 |
local myeconfargs=( |
227 |
# Input Plugins without depedencies |
228 |
--enable-imfile |
229 |
--enable-impstats |
230 |
--enable-imptcp |
231 |
--enable-imttcp |
232 |
# Message Modificiation Plugins without depedencies |
233 |
--enable-mmanon |
234 |
--enable-mmaudit |
235 |
--enable-mmcount |
236 |
--enable-mmfields |
237 |
--enable-mmjsonparse |
238 |
--enable-mmpstrucdata |
239 |
--enable-mmsequence |
240 |
--enable-mmutf8fix |
241 |
# Output Modification Plugins without dependencies |
242 |
--enable-mail |
243 |
--enable-omprog |
244 |
--enable-omruleset |
245 |
--enable-omstdout |
246 |
--enable-omuxsock |
247 |
# Misc |
248 |
--enable-pmaixforwardedfrom |
249 |
--enable-pmcisconames |
250 |
--enable-pmlastmsg |
251 |
--enable-pmrfc3164sd |
252 |
--enable-pmsnare |
253 |
--enable-sm_cust_bindcdr |
254 |
# DB |
255 |
$(use_enable dbi libdbi) |
256 |
$(use_enable mongodb ommongodb) |
257 |
$(use_enable mysql) |
258 |
$(use_enable oracle) |
259 |
$(use_enable postgres pgsql) |
260 |
$(use_enable redis omhiredis) |
261 |
# Debug |
262 |
$(use_enable debug) |
263 |
$(use_enable debug diagtools) |
264 |
$(use_enable debug imdiag) |
265 |
$(use_enable debug memcheck) |
266 |
$(use_enable debug rtinst) |
267 |
$(use_enable debug valgrind) |
268 |
# Misc |
269 |
$(use_enable elasticsearch) |
270 |
$(use_enable gcrypt libgcrypt) |
271 |
$(use_enable kerberos gssapi-krb5) |
272 |
$(use_enable normalize mmnormalize) |
273 |
$(use_enable omudpspoof) |
274 |
$(use_enable rabbitmq omrabbitmq) |
275 |
$(use_enable relp) |
276 |
$(use_enable rfc3195) |
277 |
$(use_enable rfc5424hmac mmrfc5424addhmac) |
278 |
$(use_enable snmp) |
279 |
$(use_enable snmp mmsnmptrapd) |
280 |
$(use_enable ssl gnutls) |
281 |
$(use_enable systemd imjournal) |
282 |
$(use_enable systemd omjournal) |
283 |
$(use_enable usertools) |
284 |
$(use_enable zeromq imzmq3) |
285 |
$(use_enable zeromq omzmq3) |
286 |
"$(systemd_with_unitdir)" |
287 |
) |
288 |
|
289 |
autotools-utils_src_configure |
290 |
} |
291 |
|
292 |
src_install() { |
293 |
use doc && HTML_DOCS=( "${S}"/doc/ ) |
294 |
autotools-utils_src_install |
295 |
|
296 |
newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN} |
297 |
newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN} |
298 |
|
299 |
keepdir /var/empty/dev |
300 |
keepdir /var/spool/${PN} |
301 |
keepdir /etc/ssl/${PN} |
302 |
keepdir /etc/${PN}.d |
303 |
|
304 |
insinto /etc |
305 |
newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf |
306 |
|
307 |
insinto /etc/rsyslog.d/ |
308 |
doins "${FILESDIR}/${BRANCH}/50-default.conf" |
309 |
|
310 |
insinto /etc/logrotate.d/ |
311 |
newins "${FILESDIR}/${BRANCH}/${PN}.logrotate-r1" ${PN} |
312 |
|
313 |
if use mysql; then |
314 |
insinto /usr/share/doc/${PF}/scripts/mysql |
315 |
doins plugins/ommysql/{createDB.sql,contrib/delete_mysql} |
316 |
fi |
317 |
|
318 |
if use postgres; then |
319 |
insinto /usr/share/doc/${PF}/scripts/pgsql |
320 |
doins plugins/ompgsql/createDB.sql |
321 |
fi |
322 |
} |
323 |
|
324 |
pkg_postinst() { |
325 |
local advertise_readme=0 |
326 |
|
327 |
if [[ -z "${REPLACING_VERSIONS}" ]]; then |
328 |
# This is a new installation |
329 |
|
330 |
advertise_readme=1 |
331 |
|
332 |
if use mysql || use postgres; then |
333 |
echo |
334 |
elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:" |
335 |
elog " /usr/share/doc/${PF}/scripts" |
336 |
fi |
337 |
|
338 |
if use ssl; then |
339 |
echo |
340 |
elog "To create a default CA and certificates for your server and clients, run:" |
341 |
elog " emerge --config =${PF}" |
342 |
elog "on your logging server. You can run it several times," |
343 |
elog "once for each logging client. The client certificates will be signed" |
344 |
elog "using the CA certificate generated during the first run." |
345 |
fi |
346 |
fi |
347 |
|
348 |
if [[ -z "${REPLACING_VERSIONS}" ]] || [[ ${REPLACING_VERSIONS} < 8.0 ]]; then |
349 |
# Show this message until rsyslog-8.x |
350 |
echo |
351 |
elog "Since ${PN}-7.6.3 we no longer use the catch-all log target" |
352 |
elog "\"/var/log/syslog\" due to its redundancy to the other log targets." |
353 |
|
354 |
advertise_readme=1 |
355 |
fi |
356 |
|
357 |
if [[ ${advertise_readme} -gt 0 ]]; then |
358 |
# We need to show the README file location |
359 |
|
360 |
echo "" |
361 |
elog "Please read" |
362 |
elog "" |
363 |
elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*" |
364 |
elog "" |
365 |
elog "for more details." |
366 |
fi |
367 |
} |
368 |
|
369 |
pkg_config() { |
370 |
if ! use ssl ; then |
371 |
einfo "There is nothing to configure for rsyslog unless you" |
372 |
einfo "used USE=ssl to build it." |
373 |
return 0 |
374 |
fi |
375 |
|
376 |
# Make sure the certificates directory exists |
377 |
CERTDIR="${EROOT}/etc/ssl/${PN}" |
378 |
if [ ! -d "${CERTDIR}" ]; then |
379 |
mkdir "${CERTDIR}" || die |
380 |
fi |
381 |
einfo "Your certificates will be stored in ${CERTDIR}" |
382 |
|
383 |
# Create a default CA if needed |
384 |
if [ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]; then |
385 |
einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..." |
386 |
certtool --generate-privkey \ |
387 |
--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null |
388 |
chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" |
389 |
|
390 |
cat > "${T}/${PF}.$$" <<- _EOF |
391 |
cn = Portage automated CA |
392 |
ca |
393 |
cert_signing_key |
394 |
expiration_days = 3650 |
395 |
_EOF |
396 |
|
397 |
certtool --generate-self-signed \ |
398 |
--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ |
399 |
--outfile "${CERTDIR}/${PN}_ca.cert.pem" \ |
400 |
--template "${T}/${PF}.$$" &>/dev/null |
401 |
chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" |
402 |
|
403 |
# Create the server certificate |
404 |
echo |
405 |
einfon "Please type the Common Name of the SERVER you wish to create a certificate for: " |
406 |
read -r CN |
407 |
|
408 |
einfo "Creating private key and certificate for server ${CN}..." |
409 |
certtool --generate-privkey \ |
410 |
--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null |
411 |
chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" |
412 |
|
413 |
cat > "${T}/${PF}.$$" <<- _EOF |
414 |
cn = ${CN} |
415 |
tls_www_server |
416 |
dns_name = ${CN} |
417 |
expiration_days = 3650 |
418 |
_EOF |
419 |
|
420 |
certtool --generate-certificate \ |
421 |
--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ |
422 |
--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ |
423 |
--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ |
424 |
--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ |
425 |
--template "${T}/${PF}.$$" &>/dev/null |
426 |
chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" |
427 |
|
428 |
else |
429 |
einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation." |
430 |
fi |
431 |
|
432 |
# Create a client certificate |
433 |
echo |
434 |
einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: " |
435 |
read -r CN |
436 |
|
437 |
einfo "Creating private key and certificate for client ${CN}..." |
438 |
certtool --generate-privkey \ |
439 |
--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null |
440 |
chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" |
441 |
|
442 |
cat > "${T}/${PF}.$$" <<- _EOF |
443 |
cn = ${CN} |
444 |
tls_www_client |
445 |
dns_name = ${CN} |
446 |
expiration_days = 3650 |
447 |
_EOF |
448 |
|
449 |
certtool --generate-certificate \ |
450 |
--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ |
451 |
--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ |
452 |
--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ |
453 |
--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ |
454 |
--template "${T}/${PF}.$$" &>/dev/null |
455 |
chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" |
456 |
|
457 |
rm -f "${T}/${PF}.$$" |
458 |
|
459 |
echo |
460 |
einfo "Here is the documentation on how to encrypt your log traffic:" |
461 |
einfo " http://www.rsyslog.com/doc/rsyslog_tls.html" |
462 |
} |