1 |
commit: b2fc2901e8b2e08a19e8b2eca4b29c86e1a93e9b |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Oct 9 14:10:12 2015 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Oct 9 14:12:02 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2fc2901 |
7 |
|
8 |
app-admin/rsyslog: Bump to version 8.13.0 |
9 |
|
10 |
Package-Manager: portage-2.2.23 |
11 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
12 |
|
13 |
app-admin/rsyslog/Manifest | 2 + |
14 |
.../50-rsyslog-8.12.0-fix-re_extract.patch | 130 +++++++ |
15 |
...rsyslog-8.13.0-lookup-table-reload-bugfix.patch | 141 +++++++ |
16 |
app-admin/rsyslog/files/8-stable/rsyslog.confd-r1 | 30 ++ |
17 |
app-admin/rsyslog/files/8-stable/rsyslog.initd-r1 | 73 ++++ |
18 |
app-admin/rsyslog/rsyslog-8.13.0.ebuild | 423 +++++++++++++++++++++ |
19 |
6 files changed, 799 insertions(+) |
20 |
|
21 |
diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest |
22 |
index d8ba9f1..3af7b48 100644 |
23 |
--- a/app-admin/rsyslog/Manifest |
24 |
+++ b/app-admin/rsyslog/Manifest |
25 |
@@ -1,6 +1,8 @@ |
26 |
DIST rsyslog-8.12.0.tar.gz 2091620 SHA256 466bfeac8296e89de1eb9029880998ba7b5fc25694143197bb47167df6cb7e20 SHA512 7735f15f8a843ee41530d180d00ab3a6854ef28e9036db7ecfe0525549b3ab2b184149c2edc4553240dd4e3003ee12ebcdf47719669daa3cc6915d5a30888c72 WHIRLPOOL b96faab541fd8b53558738b7bd71d3b6acc7d66da4fb0552d781f0e214c00a11b4a74464f7b9c9a1d62bc359658f93d380a490ee78afc11d1702975a6edc6823 |
27 |
+DIST rsyslog-8.13.0.tar.gz 2077267 SHA256 b182bd0a7686bef093be570bfb850417191292522fb58e0ad32f2c824f754a33 SHA512 a3245e5b10ae96e6df981291f55a43fa9a8258db213e33a36d7b5a620ea7daaac04a1f93a56304105c4fd10e546f92789831f5b2188b418b4b3b248a4e7795c9 WHIRLPOOL 8473e2c272182d84c629175aafd185cfa6fcafad8a028fd212de118f2e9abf458e062c6065dc5ebb1df27e81546a37387944ad1b3f0d16a38ee25a409b51b1c7 |
28 |
DIST rsyslog-8.7.0.tar.gz 2003365 SHA256 c77125b67a623569c9bdca8136b9aac013f1c6fd82fb8595e3ea267e61800f9c SHA512 53feac42c14134d76f5592ee491bb56fb2c4c33822a7a5609a5267b6911a5c5c4e73c5d66a913a666967d8826ee3077b91d8d2a1d1b60bcb3d425b35ec4677b0 WHIRLPOOL c74c401de68bb59310e307a0d9859d2f58bcbf8126d637d23d4f3979a0d6c69bce8ca850c2942b43f311ea83f47c9554f34e5dc10623d32324da1b18023d357d |
29 |
DIST rsyslog-8.9.0.tar.gz 2022294 SHA256 eab00e8e758cd9dd33b3e2cf6af80297d1951dc7db37bd723a6488a35d577adc SHA512 942cccc2cbe147572cc2d346ac330d80c86915757b2b7a380829f0b40294d7e4afd4887d5066821af1e059cd78cdb38520fc9d28b55daa7afcd0e5b2e6bd9a5d WHIRLPOOL cc072a64364f38d98187e7102e5be0277011071ce90a510a641aea6a5b3573a436e6539c5688b24d12a9654786892070c1518093e0176e5a40bea57f7dded133 |
30 |
DIST rsyslog-doc-8.12.0.tar.gz 4212441 SHA256 f88517c1e5ae3a8ba129d531b5b4bb79e80f70898a8a5b72a0abd7a8a0feb8f0 SHA512 a1b3907e1a474076dd11e76b267eff35dadbd5abaf3ab802a187ce045eecc6028c854ed8e661650e10c74c79408c6ded341d16af94a05f10c529faaa8f606afb WHIRLPOOL aa21ea93536bab4c9761bdbe2e6c67f650bf181f64cb7c4a78c646d319a5472895be2a118c90d7c42548575b76f62e5dc6b0c4103cf373ab9e3704a6999c6c1b |
31 |
+DIST rsyslog-doc-8.13.0.tar.gz 4147364 SHA256 3da9a1446686d1cfa82c123a610f2c30f4dc1cbfa608f44ded2baf168e86b67b SHA512 6676533b1e4884f18e583be19c5a50b8f12017ecc2c6860d54dcc72d64e7eafe20a2af3a22817226df123a7a193c7090097502f287455488dd8806b7aac0a5cd WHIRLPOOL 1231580f2bf8af42a7dd34f0a88315ff56324eb64d1259a281a5266fdbe7a472f596d66a5b6d1f5cbf19fdb6f76a2083753e0de224a07653454178128de4fead |
32 |
DIST rsyslog-doc-8.7.0.tar.gz 4105507 SHA256 f131bfb963eed4fe74d7336ee5261876b436004b78994d47523a82c0f7d666a8 SHA512 9b5b6f28a55b58c956ca614301fc9667243d02c321f8b4071264e4040dd8fe79ba7eb5a08912e2a229bdcf12f68eec24f1c65ba7b82ccd60c8e70d34267b8405 WHIRLPOOL 386ad5164768a5a4919ba5acda29f3ef670b78cc9d6845e3c8ee252b43d6622c19c7f8ec1edd7d0f1d111bf2c06d29fb5dbf9af6b46c426932ae6caa0e63c30c |
33 |
DIST rsyslog-doc-8.9.0.tar.gz 4100654 SHA256 d3c6747439fabbfa976922ca26ffa695778668e757261e00103f2444cf153afa SHA512 dbc6dfc43f3a75ba671969d2fd59080d96e411a62a2ac91444d076acba548b2c87000f9822fa0af82f22b4f5c098273d407c1e665ce4b24a52dbddfdc9ab981f WHIRLPOOL 550d499ec556a75344d25331aa1df1855f6f70e2e702c086a8ecbf1817eb1f4bc3b94224b77491f3bc1f6c758a22475c248f8afdfc25816132dfedd81c6dfee0 |
34 |
|
35 |
diff --git a/app-admin/rsyslog/files/8-stable/50-rsyslog-8.12.0-fix-re_extract.patch b/app-admin/rsyslog/files/8-stable/50-rsyslog-8.12.0-fix-re_extract.patch |
36 |
new file mode 100644 |
37 |
index 0000000..f049d53 |
38 |
--- /dev/null |
39 |
+++ b/app-admin/rsyslog/files/8-stable/50-rsyslog-8.12.0-fix-re_extract.patch |
40 |
@@ -0,0 +1,130 @@ |
41 |
+From a88d67df6e55e0a5f484f6aff8aa6e9813c5c31a Mon Sep 17 00:00:00 2001 |
42 |
+From: Janmejay Singh <singh.janmejay@×××××.com> |
43 |
+Date: Mon, 28 Sep 2015 20:38:05 +0530 |
44 |
+Subject: [PATCH] fixed re_extract bug, which fails the regex-compile for |
45 |
+ extract as fn-init fails when fn does not have exactly 2 args |
46 |
+ |
47 |
+ |
48 |
+Fixes: https://github.com/rsyslog/rsyslog/issues/499 |
49 |
+ |
50 |
+--- |
51 |
+ grammar/rainerscript.c | 2 +- |
52 |
+ tests/Makefile.am | 6 ++++++ |
53 |
+ tests/rscript_re_extract.sh | 14 ++++++++++++++ |
54 |
+ tests/rscript_re_match.sh | 14 ++++++++++++++ |
55 |
+ tests/testsuites/rscript_re_extract.conf | 9 +++++++++ |
56 |
+ tests/testsuites/rscript_re_match.conf | 10 ++++++++++ |
57 |
+ 6 files changed, 54 insertions(+), 1 deletion(-) |
58 |
+ create mode 100755 tests/rscript_re_extract.sh |
59 |
+ create mode 100755 tests/rscript_re_match.sh |
60 |
+ create mode 100644 tests/testsuites/rscript_re_extract.conf |
61 |
+ create mode 100644 tests/testsuites/rscript_re_match.conf |
62 |
+ |
63 |
+diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c |
64 |
+index f02e1fe..17f785e 100644 |
65 |
+--- a/grammar/rainerscript.c |
66 |
++++ b/grammar/rainerscript.c |
67 |
+@@ -3747,7 +3747,7 @@ initFunc_re_match(struct cnffunc *func) |
68 |
+ regex_t *re; |
69 |
+ DEFiRet; |
70 |
+ |
71 |
+- if(func->nParams != 2) { |
72 |
++ if(func->nParams < 2) { |
73 |
+ parser_errmsg("rsyslog logic error in line %d of file %s\n", |
74 |
+ __LINE__, __FILE__); |
75 |
+ FINALIZE; |
76 |
+diff --git a/tests/Makefile.am b/tests/Makefile.am |
77 |
+index 914d947..d77728a 100644 |
78 |
+--- a/tests/Makefile.am |
79 |
++++ b/tests/Makefile.am |
80 |
+@@ -120,6 +120,8 @@ TESTS += \ |
81 |
+ rscript_replace_complex.sh \ |
82 |
+ rscript_wrap2.sh \ |
83 |
+ rscript_wrap3.sh \ |
84 |
++ rscript_re_extract.sh \ |
85 |
++ rscript_re_match.sh \ |
86 |
+ rs_optimizer_pri.sh \ |
87 |
+ cee_simple.sh \ |
88 |
+ cee_diskqueue.sh \ |
89 |
+@@ -854,6 +856,10 @@ EXTRA_DIST= \ |
90 |
+ testsuites/stop_when_array_has_element.conf \ |
91 |
+ key_dereference_on_uninitialized_variable_space.sh \ |
92 |
+ testsuites/key_dereference_on_uninitialized_variable_space.conf \ |
93 |
++ rscript_re_extract.sh \ |
94 |
++ testsuites/rscript_re_extract.conf \ |
95 |
++ rscript_re_match.sh \ |
96 |
++ testsuites/rscript_re_match.conf \ |
97 |
+ cfg.sh |
98 |
+ |
99 |
+ # TODO: re-enable |
100 |
+diff --git a/tests/rscript_re_extract.sh b/tests/rscript_re_extract.sh |
101 |
+new file mode 100755 |
102 |
+index 0000000..930448c |
103 |
+--- /dev/null |
104 |
++++ b/tests/rscript_re_extract.sh |
105 |
+@@ -0,0 +1,14 @@ |
106 |
++#!/bin/bash |
107 |
++# added 2015-09-29 by singh.janmejay |
108 |
++# This file is part of the rsyslog project, released under ASL 2.0 |
109 |
++echo =============================================================================== |
110 |
++echo \[rscript_re_extract.sh\]: test re_extract rscript-fn |
111 |
++. $srcdir/diag.sh init |
112 |
++. $srcdir/diag.sh startup rscript_re_extract.conf |
113 |
++. $srcdir/diag.sh tcpflood -m 1 -I $srcdir/testsuites/date_time_msg |
114 |
++echo doing shutdown |
115 |
++. $srcdir/diag.sh shutdown-when-empty |
116 |
++echo wait on shutdown |
117 |
++. $srcdir/diag.sh wait-shutdown |
118 |
++. $srcdir/diag.sh content-check "*Number is 19597*" |
119 |
++. $srcdir/diag.sh exit |
120 |
+diff --git a/tests/rscript_re_match.sh b/tests/rscript_re_match.sh |
121 |
+new file mode 100755 |
122 |
+index 0000000..d2e212d |
123 |
+--- /dev/null |
124 |
++++ b/tests/rscript_re_match.sh |
125 |
+@@ -0,0 +1,14 @@ |
126 |
++#!/bin/bash |
127 |
++# added 2015-09-29 by singh.janmejay |
128 |
++# This file is part of the rsyslog project, released under ASL 2.0 |
129 |
++echo =============================================================================== |
130 |
++echo \[rscript_re_match.sh\]: test re_match rscript-fn |
131 |
++. $srcdir/diag.sh init |
132 |
++. $srcdir/diag.sh startup rscript_re_match.conf |
133 |
++. $srcdir/diag.sh tcpflood -m 1 -I $srcdir/testsuites/date_time_msg |
134 |
++echo doing shutdown |
135 |
++. $srcdir/diag.sh shutdown-when-empty |
136 |
++echo wait on shutdown |
137 |
++. $srcdir/diag.sh wait-shutdown |
138 |
++. $srcdir/diag.sh content-check "*Matched*" |
139 |
++. $srcdir/diag.sh exit |
140 |
+diff --git a/tests/testsuites/rscript_re_extract.conf b/tests/testsuites/rscript_re_extract.conf |
141 |
+new file mode 100644 |
142 |
+index 0000000..6c71e53 |
143 |
+--- /dev/null |
144 |
++++ b/tests/testsuites/rscript_re_extract.conf |
145 |
+@@ -0,0 +1,9 @@ |
146 |
++$IncludeConfig diag-common.conf |
147 |
++template(name="outfmt" type="string" string="*Number is %$.number%*\n") |
148 |
++ |
149 |
++module(load="../plugins/imtcp/.libs/imtcp") |
150 |
++input(type="imtcp" port="13514") |
151 |
++ |
152 |
++set $.number = re_extract($msg, '.* ([0-9]+)$', 0, 1, 'none'); |
153 |
++ |
154 |
++action(type="omfile" file="./rsyslog.out.log" template="outfmt") |
155 |
+diff --git a/tests/testsuites/rscript_re_match.conf b/tests/testsuites/rscript_re_match.conf |
156 |
+new file mode 100644 |
157 |
+index 0000000..3e0f36f |
158 |
+--- /dev/null |
159 |
++++ b/tests/testsuites/rscript_re_match.conf |
160 |
+@@ -0,0 +1,10 @@ |
161 |
++$IncludeConfig diag-common.conf |
162 |
++template(name="outfmt" type="string" string="*Matched*\n") |
163 |
++ |
164 |
++module(load="../plugins/imtcp/.libs/imtcp") |
165 |
++input(type="imtcp" port="13514") |
166 |
++ |
167 |
++if (re_match($msg, '.* ([0-9]+)$')) then { |
168 |
++ action(type="omfile" file="./rsyslog.out.log" template="outfmt") |
169 |
++} |
170 |
++ |
171 |
|
172 |
diff --git a/app-admin/rsyslog/files/8-stable/50-rsyslog-8.13.0-lookup-table-reload-bugfix.patch b/app-admin/rsyslog/files/8-stable/50-rsyslog-8.13.0-lookup-table-reload-bugfix.patch |
173 |
new file mode 100644 |
174 |
index 0000000..b426180 |
175 |
--- /dev/null |
176 |
+++ b/app-admin/rsyslog/files/8-stable/50-rsyslog-8.13.0-lookup-table-reload-bugfix.patch |
177 |
@@ -0,0 +1,141 @@ |
178 |
+From 3a10a78edeef9725f69a24d633bb394e365145f0 Mon Sep 17 00:00:00 2001 |
179 |
+From: Janmejay Singh <singh.janmejay@×××××.com> |
180 |
+Date: Wed, 30 Sep 2015 17:24:38 +0530 |
181 |
+Subject: [PATCH] Fixed lookup-table reload bug, which ignored table-length of |
182 |
+ reloaded table, resulting in additional entries being invisible while |
183 |
+ looking-up (binary-search would work with old-table-length). This would be a |
184 |
+ security-issue or may cause a crash if reloaded table is actually smaller |
185 |
+ (memory access beyond table). |
186 |
+ |
187 |
+--- |
188 |
+ runtime/lookup.c | 1 + |
189 |
+ tests/Makefile.am | 5 +++++ |
190 |
+ tests/diag.sh | 4 ++++ |
191 |
+ tests/lookup_table.sh | 24 ++++++++++++++++++++++++ |
192 |
+ tests/testsuites/lookup_table.conf | 9 +++++++++ |
193 |
+ tests/testsuites/xlate.lkp_tbl | 5 +++++ |
194 |
+ tests/testsuites/xlate_more.lkp_tbl | 6 ++++++ |
195 |
+ 7 files changed, 55 insertions(+) |
196 |
+ create mode 100755 tests/lookup_table.sh |
197 |
+ create mode 100644 tests/testsuites/lookup_table.conf |
198 |
+ create mode 100644 tests/testsuites/xlate.lkp_tbl |
199 |
+ create mode 100644 tests/testsuites/xlate_more.lkp_tbl |
200 |
+ |
201 |
+diff --git a/runtime/lookup.c b/runtime/lookup.c |
202 |
+index 096bf09..5aa00b9 100644 |
203 |
+--- a/runtime/lookup.c |
204 |
++++ b/runtime/lookup.c |
205 |
+@@ -203,6 +203,7 @@ lookupReload(lookup_t *pThis) |
206 |
+ } |
207 |
+ free(pThis->d.strtab); |
208 |
+ pThis->d.strtab = newlu.d.strtab; /* hand table AND ALL STRINGS over! */ |
209 |
++ pThis->nmemb = newlu.nmemb; |
210 |
+ pthread_rwlock_unlock(&pThis->rwlock); |
211 |
+ errmsg.LogError(0, RS_RET_OK, "lookup table '%s' reloaded from file '%s'", |
212 |
+ pThis->name, pThis->filename); |
213 |
+diff --git a/tests/Makefile.am b/tests/Makefile.am |
214 |
+index d77728a..49cb641 100644 |
215 |
+--- a/tests/Makefile.am |
216 |
++++ b/tests/Makefile.am |
217 |
+@@ -130,6 +130,7 @@ TESTS += \ |
218 |
+ incltest_dir_wildcard.sh \ |
219 |
+ incltest_dir_empty_wildcard.sh \ |
220 |
+ linkedlistqueue.sh \ |
221 |
++ lookup_table.sh \ |
222 |
+ key_dereference_on_uninitialized_variable_space.sh |
223 |
+ |
224 |
+ |
225 |
+@@ -860,6 +861,10 @@ EXTRA_DIST= \ |
226 |
+ testsuites/rscript_re_extract.conf \ |
227 |
+ rscript_re_match.sh \ |
228 |
+ testsuites/rscript_re_match.conf \ |
229 |
++ lookup_table.sh \ |
230 |
++ testsuites/lookup_table.conf \ |
231 |
++ testsuites/xlate.lkp_tbl \ |
232 |
++ testsuites/xlate_more.lkp_tbl \ |
233 |
+ cfg.sh |
234 |
+ |
235 |
+ # TODO: re-enable |
236 |
+diff --git a/tests/diag.sh b/tests/diag.sh |
237 |
+index 95d6adb..c489fff 100755 |
238 |
+--- a/tests/diag.sh |
239 |
++++ b/tests/diag.sh |
240 |
+@@ -195,6 +195,10 @@ case $1 in |
241 |
+ echo WaitMainQueueEmpty | ./diagtalker || . $srcdir/diag.sh error-exit $? |
242 |
+ fi |
243 |
+ ;; |
244 |
++ 'issue-HUP') # shut rsyslogd down when main queue is empty. $2 is the instance. |
245 |
++ kill -HUP `cat rsyslog$2.pid` |
246 |
++ ./msleep 1000 |
247 |
++ ;; |
248 |
+ 'shutdown-when-empty') # shut rsyslogd down when main queue is empty. $2 is the instance. |
249 |
+ if [ "$2" == "2" ] |
250 |
+ then |
251 |
+diff --git a/tests/lookup_table.sh b/tests/lookup_table.sh |
252 |
+new file mode 100755 |
253 |
+index 0000000..fae2fab |
254 |
+--- /dev/null |
255 |
++++ b/tests/lookup_table.sh |
256 |
+@@ -0,0 +1,24 @@ |
257 |
++#!/bin/bash |
258 |
++# added 2015-09-30 by singh.janmejay |
259 |
++# This file is part of the rsyslog project, released under ASL 2.0 |
260 |
++echo =============================================================================== |
261 |
++echo \[lookup_table_reload.sh\]: test for lookup-table and HUP based reloading of it |
262 |
++. $srcdir/diag.sh init |
263 |
++cp $srcdir/testsuites/xlate.lkp_tbl $srcdir/xlate.lkp_tbl |
264 |
++. $srcdir/diag.sh startup lookup_table.conf |
265 |
++. $srcdir/diag.sh injectmsg 0 3 |
266 |
++. $srcdir/diag.sh wait-queueempty |
267 |
++. $srcdir/diag.sh content-check "msgnum:00000000: foo_old" |
268 |
++. $srcdir/diag.sh content-check "msgnum:00000001: bar_old" |
269 |
++. $srcdir/diag.sh assert-content-missing "baz" |
270 |
++cp $srcdir/testsuites/xlate_more.lkp_tbl $srcdir/xlate.lkp_tbl |
271 |
++. $srcdir/diag.sh issue-HUP |
272 |
++. $srcdir/diag.sh injectmsg 0 3 |
273 |
++echo doing shutdown |
274 |
++. $srcdir/diag.sh shutdown-when-empty |
275 |
++echo wait on shutdown |
276 |
++. $srcdir/diag.sh wait-shutdown |
277 |
++. $srcdir/diag.sh content-check "msgnum:00000000: foo_new" |
278 |
++. $srcdir/diag.sh content-check "msgnum:00000001: bar_new" |
279 |
++. $srcdir/diag.sh content-check "msgnum:00000002: baz" |
280 |
++. $srcdir/diag.sh exit |
281 |
+diff --git a/tests/testsuites/lookup_table.conf b/tests/testsuites/lookup_table.conf |
282 |
+new file mode 100644 |
283 |
+index 0000000..29bd805 |
284 |
+--- /dev/null |
285 |
++++ b/tests/testsuites/lookup_table.conf |
286 |
+@@ -0,0 +1,9 @@ |
287 |
++$IncludeConfig diag-common.conf |
288 |
++ |
289 |
++lookup_table(name="xlate" file="xlate.lkp_tbl") |
290 |
++ |
291 |
++template(name="outfmt" type="string" string="- %msg% %$.lkp%\n") |
292 |
++ |
293 |
++set $.lkp = lookup("xlate", $msg); |
294 |
++ |
295 |
++action(type="omfile" file="./rsyslog.out.log" template="outfmt") |
296 |
+diff --git a/tests/testsuites/xlate.lkp_tbl b/tests/testsuites/xlate.lkp_tbl |
297 |
+new file mode 100644 |
298 |
+index 0000000..30e2796 |
299 |
+--- /dev/null |
300 |
++++ b/tests/testsuites/xlate.lkp_tbl |
301 |
+@@ -0,0 +1,5 @@ |
302 |
++{ |
303 |
++ "table":[ |
304 |
++ {"index":" msgnum:00000000:", "value":"foo_old" }, |
305 |
++ {"index":" msgnum:00000001:", "value":"bar_old" }] |
306 |
++} |
307 |
+diff --git a/tests/testsuites/xlate_more.lkp_tbl b/tests/testsuites/xlate_more.lkp_tbl |
308 |
+new file mode 100644 |
309 |
+index 0000000..2d3f452 |
310 |
+--- /dev/null |
311 |
++++ b/tests/testsuites/xlate_more.lkp_tbl |
312 |
+@@ -0,0 +1,6 @@ |
313 |
++{ |
314 |
++ "table":[ |
315 |
++ {"index":" msgnum:00000000:", "value":"foo_new" }, |
316 |
++ {"index":" msgnum:00000001:", "value":"bar_new" }, |
317 |
++ {"index":" msgnum:00000002:", "value":"baz" }] |
318 |
++} |
319 |
|
320 |
diff --git a/app-admin/rsyslog/files/8-stable/rsyslog.confd-r1 b/app-admin/rsyslog/files/8-stable/rsyslog.confd-r1 |
321 |
new file mode 100644 |
322 |
index 0000000..da48c01 |
323 |
--- /dev/null |
324 |
+++ b/app-admin/rsyslog/files/8-stable/rsyslog.confd-r1 |
325 |
@@ -0,0 +1,30 @@ |
326 |
+# /etc/conf.d/rsyslog |
327 |
+ |
328 |
+# Configuration file |
329 |
+#RSYSLOG_CONFIGFILE="/etc/rsyslog.conf" |
330 |
+ |
331 |
+# PID file |
332 |
+# If you should ever change this, remember to update |
333 |
+# "/etc/logrotate.d/rsyslog", too. |
334 |
+#RSYSLOG_PIDFILE="/run/rsyslogd.pid" |
335 |
+ |
336 |
+# You can use this configuration option to pass additional options to the |
337 |
+# start-stop-daemon, see start-stop-daemon(8) for more details. |
338 |
+# Per default we wait 1000ms after we have started the service to ensure |
339 |
+# that the daemon is really up and running. |
340 |
+#RSYSLOG_SSDARGS="--wait 1000" |
341 |
+ |
342 |
+# The termination timeout (start-stop-daemon parameter "retry") ensures |
343 |
+# that the service will be terminated within a given time (60 + 5 seconds |
344 |
+# per default) when you are stopping the service. |
345 |
+# You need to increase the value when you are working with a large queue. |
346 |
+# See http://www.rsyslog.com/doc/queues.html for further information. |
347 |
+#RSYSLOG_TERMTIMEOUT="TERM/60/KILL/5" |
348 |
+ |
349 |
+ |
350 |
+# Options to rsyslogd |
351 |
+# See rsyslogd(8) for more details |
352 |
+# Notes: |
353 |
+# * Do not specify another PIDFILE but use the variable above to change the location |
354 |
+# * Do not specify another CONFIGFILE but use the variable above to change the location |
355 |
+#RSYSLOG_OPTS="" |
356 |
|
357 |
diff --git a/app-admin/rsyslog/files/8-stable/rsyslog.initd-r1 b/app-admin/rsyslog/files/8-stable/rsyslog.initd-r1 |
358 |
new file mode 100644 |
359 |
index 0000000..078740d |
360 |
--- /dev/null |
361 |
+++ b/app-admin/rsyslog/files/8-stable/rsyslog.initd-r1 |
362 |
@@ -0,0 +1,73 @@ |
363 |
+#!/sbin/runscript |
364 |
+# Copyright 1999-2015 Gentoo Foundation |
365 |
+# Distributed under the terms of the GNU General Public License v2 |
366 |
+# $Id$ |
367 |
+ |
368 |
+RSYSLOG_CONFIGFILE=${RSYSLOG_CONFIGFILE:-"/etc/rsyslog.conf"} |
369 |
+RSYSLOG_PIDFILE=${RSYSLOG_PIDFILE:-"/run/rsyslogd.pid"} |
370 |
+RSYSLOG_SSDARGS=${RSYSLOG_SSDARGS:-"--wait 1000"} |
371 |
+RSYSLOG_TERMTIMEOUT=${RSYSLOG_TERMTIMEOUT:-"TERM/60/KILL/5"} |
372 |
+RSYSLOG_OPTS=${RSYSLOG_OPTS:-""} |
373 |
+ |
374 |
+command="/usr/sbin/rsyslogd" |
375 |
+command_args="${RSYSLOG_OPTS} -f \"${RSYSLOG_CONFIGFILE}\" -i \"${RSYSLOG_PIDFILE}\"" |
376 |
+start_stop_daemon_args="${RSYSLOG_SSDARGS}" |
377 |
+pidfile="${RSYSLOG_PIDFILE}" |
378 |
+retry="${RSYSLOG_TERMTIMEOUT}" |
379 |
+ |
380 |
+required_files="${RSYSLOG_CONFIGFILE}" |
381 |
+ |
382 |
+description="RSYSLOG is the rocket-fast system for log processing (syslog replacement)." |
383 |
+ |
384 |
+extra_commands="configtest" |
385 |
+extra_started_commands="rotate" |
386 |
+ |
387 |
+description_configtest="Run rsyslogd's internal config check." |
388 |
+ |
389 |
+description_rotate="Sends rsyslogd a signal to re-open its log files." |
390 |
+ |
391 |
+depend() { |
392 |
+ need clock hostname localmount |
393 |
+ provide logger |
394 |
+} |
395 |
+ |
396 |
+start_pre() { |
397 |
+ if [ "${RC_CMD}" != "restart" ]; then |
398 |
+ configtest || return 1 |
399 |
+ fi |
400 |
+} |
401 |
+ |
402 |
+stop_pre() { |
403 |
+ if [ "${RC_CMD}" = "restart" ]; then |
404 |
+ configtest || return 1 |
405 |
+ fi |
406 |
+} |
407 |
+ |
408 |
+stop_post() { |
409 |
+ if [ -f "${RSYSLOG_PIDFILE}" ]; then |
410 |
+ vebegin "Removing stale PID file" |
411 |
+ rm --force "${RSYSLOG_PIDFILE}" |
412 |
+ veend $? |
413 |
+ fi |
414 |
+} |
415 |
+ |
416 |
+configtest() { |
417 |
+ local _command_args="-N 999 -f \"${RSYSLOG_CONFIGFILE}\"" |
418 |
+ local _retval=0 |
419 |
+ |
420 |
+ ebegin "Checking rsyslogd's configuration" |
421 |
+ eval ${command} ${_command_args} >/dev/null 2>&1 |
422 |
+ _retval=$? |
423 |
+ |
424 |
+ if [ ${_retval} -ne 0 ]; then |
425 |
+ eval ${command} ${_command_args} |
426 |
+ fi |
427 |
+ |
428 |
+ eend ${_retval} "failed, please correct errors above" |
429 |
+} |
430 |
+ |
431 |
+rotate() { |
432 |
+ ebegin "Re-opening rsyslogd logs" |
433 |
+ start-stop-daemon --signal SIGHUP --pidfile "${RSYSLOG_PIDFILE}" |
434 |
+ eend $? |
435 |
+} |
436 |
|
437 |
diff --git a/app-admin/rsyslog/rsyslog-8.13.0.ebuild b/app-admin/rsyslog/rsyslog-8.13.0.ebuild |
438 |
new file mode 100644 |
439 |
index 0000000..34085ef |
440 |
--- /dev/null |
441 |
+++ b/app-admin/rsyslog/rsyslog-8.13.0.ebuild |
442 |
@@ -0,0 +1,423 @@ |
443 |
+# Copyright 1999-2015 Gentoo Foundation |
444 |
+# Distributed under the terms of the GNU General Public License v2 |
445 |
+# $Id$ |
446 |
+ |
447 |
+EAPI=5 |
448 |
+AUTOTOOLS_AUTORECONF=1 |
449 |
+ |
450 |
+inherit autotools-utils eutils systemd |
451 |
+ |
452 |
+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more" |
453 |
+HOMEPAGE="http://www.rsyslog.com/" |
454 |
+ |
455 |
+BRANCH="8-stable" |
456 |
+ |
457 |
+PATCHES=() |
458 |
+ |
459 |
+if [[ ${PV} == "9999" ]]; then |
460 |
+ EGIT_REPO_URI=" |
461 |
+ git://github.com/rsyslog/${PN}.git |
462 |
+ https://github.com/rsyslog/${PN}.git |
463 |
+ " |
464 |
+ |
465 |
+ DOC_REPO_URI=" |
466 |
+ git://github.com/rsyslog/${PN}-doc.git |
467 |
+ https://github.com/rsyslog/${PN}-doc.git |
468 |
+ " |
469 |
+ |
470 |
+ inherit git-r3 |
471 |
+else |
472 |
+ SRC_URI=" |
473 |
+ http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz |
474 |
+ doc? ( http://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz ) |
475 |
+ " |
476 |
+ KEYWORDS="~amd64 ~arm ~hppa ~x86" |
477 |
+ |
478 |
+ PATCHES+=( "${FILESDIR}"/${BRANCH}/50-${PN}-8.12.0-fix-re_extract.patch ) |
479 |
+ PATCHES+=( "${FILESDIR}"/${BRANCH}/50-${PN}-8.13.0-lookup-table-reload-bugfix.patch ) |
480 |
+fi |
481 |
+ |
482 |
+LICENSE="GPL-3 LGPL-3 Apache-2.0" |
483 |
+SLOT="0" |
484 |
+IUSE="dbi debug doc elasticsearch +gcrypt jemalloc kerberos libressl mongodb mysql normalize omudpspoof" |
485 |
+IUSE+=" postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools zeromq" |
486 |
+ |
487 |
+RDEPEND=" |
488 |
+ >=dev-libs/json-c-0.11:= |
489 |
+ >=dev-libs/libestr-0.1.9 |
490 |
+ >=dev-libs/liblogging-1.0.1:=[stdlog] |
491 |
+ >=sys-libs/zlib-1.2.5 |
492 |
+ dbi? ( >=dev-db/libdbi-0.8.3 ) |
493 |
+ elasticsearch? ( >=net-misc/curl-7.35.0 ) |
494 |
+ gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= ) |
495 |
+ jemalloc? ( >=dev-libs/jemalloc-3.3.1 ) |
496 |
+ kerberos? ( virtual/krb5 ) |
497 |
+ mongodb? ( >=dev-libs/libmongo-client-0.1.4 ) |
498 |
+ mysql? ( virtual/mysql ) |
499 |
+ normalize? ( |
500 |
+ >=dev-libs/libee-0.4.0 |
501 |
+ >=dev-libs/liblognorm-1.1.2:= |
502 |
+ ) |
503 |
+ omudpspoof? ( >=net-libs/libnet-1.1.6 ) |
504 |
+ postgres? ( >=dev-db/postgresql-8.4.20:= ) |
505 |
+ rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0 ) |
506 |
+ redis? ( >=dev-libs/hiredis-0.11.0 ) |
507 |
+ relp? ( >=dev-libs/librelp-1.2.5 ) |
508 |
+ rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] ) |
509 |
+ rfc5424hmac? ( |
510 |
+ !libressl? ( >=dev-libs/openssl-0.9.8y:0= ) |
511 |
+ libressl? ( dev-libs/libressl:= ) |
512 |
+ ) |
513 |
+ snmp? ( >=net-analyzer/net-snmp-5.7.2 ) |
514 |
+ ssl? ( >=net-libs/gnutls-2.12.23 ) |
515 |
+ systemd? ( >=sys-apps/systemd-208 ) |
516 |
+ zeromq? ( >=net-libs/czmq-1.2.0 )" |
517 |
+DEPEND="${RDEPEND} |
518 |
+ virtual/pkgconfig" |
519 |
+ |
520 |
+if [[ ${PV} == "9999" ]]; then |
521 |
+ DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )" |
522 |
+ DEPEND+=" >=sys-devel/flex-2.5.39-r1" |
523 |
+ DEPEND+=" >=sys-devel/bison-2.4.3" |
524 |
+ DEPEND+=" >=dev-python/docutils-0.12" |
525 |
+fi |
526 |
+ |
527 |
+# Maitainer note : open a bug to upstream |
528 |
+# showing that building in a separate dir fails |
529 |
+AUTOTOOLS_IN_SOURCE_BUILD=1 |
530 |
+ |
531 |
+AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules" |
532 |
+ |
533 |
+DOCS=( |
534 |
+ AUTHORS |
535 |
+ ChangeLog |
536 |
+ "${FILESDIR}"/${BRANCH}/README.gentoo |
537 |
+) |
538 |
+ |
539 |
+src_unpack() { |
540 |
+ if [[ ${PV} == "9999" ]]; then |
541 |
+ git-r3_fetch |
542 |
+ git-r3_checkout |
543 |
+ else |
544 |
+ unpack ${P}.tar.gz |
545 |
+ fi |
546 |
+ |
547 |
+ if use doc; then |
548 |
+ if [[ ${PV} == "9999" ]]; then |
549 |
+ local _EGIT_BRANCH= |
550 |
+ if [ -n "${EGIT_BRANCH}" ]; then |
551 |
+ # Cannot use rsyslog commits/branches for documentation repository |
552 |
+ _EGIT_BRANCH=${EGIT_BRANCH} |
553 |
+ unset EGIT_BRANCH |
554 |
+ fi |
555 |
+ |
556 |
+ git-r3_fetch "${DOC_REPO_URI}" |
557 |
+ git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs |
558 |
+ |
559 |
+ if [ -n "${_EGIT_BRANCH}" ]; then |
560 |
+ # Restore previous EGIT_BRANCH information |
561 |
+ EGIT_BRANCH=${_EGIT_BRANCH} |
562 |
+ fi |
563 |
+ else |
564 |
+ local doc_tarball="${PN}-doc-${PV}.tar.gz" |
565 |
+ |
566 |
+ cd "${S}" || die "Cannot change dir into '$S'" |
567 |
+ mkdir docs || die "Failed to create docs directory" |
568 |
+ cd docs || die "Failed to change dir into '${S}/docs'" |
569 |
+ unpack ${doc_tarball} |
570 |
+ fi |
571 |
+ fi |
572 |
+} |
573 |
+ |
574 |
+src_configure() { |
575 |
+ # Maintainer notes: |
576 |
+ # * Guardtime support is missing because libgt isn't yet available |
577 |
+ # in portage. |
578 |
+ # * Hadoop's HDFS file system output module is currently not |
579 |
+ # supported in Gentoo because nobody is able to test it |
580 |
+ # (JAVA dependency). |
581 |
+ # * dev-libs/hiredis doesn't provide pkg-config (see #504614, |
582 |
+ # upstream PR 129 and 136) so we need to export HIREDIS_* |
583 |
+ # variables because rsyslog's build system depends on pkg-config. |
584 |
+ |
585 |
+ if use redis; then |
586 |
+ export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis" |
587 |
+ export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include" |
588 |
+ fi |
589 |
+ |
590 |
+ local myeconfargs=( |
591 |
+ --disable-debug-symbols |
592 |
+ --disable-generate-man-pages |
593 |
+ --without-valgrind-testbench |
594 |
+ $(use_enable test testbench) |
595 |
+ # Input Plugins without depedencies |
596 |
+ --enable-imdiag |
597 |
+ --enable-imfile |
598 |
+ --enable-impstats |
599 |
+ --enable-imptcp |
600 |
+ # Message Modificiation Plugins without depedencies |
601 |
+ --enable-mmanon |
602 |
+ --enable-mmaudit |
603 |
+ --enable-mmfields |
604 |
+ --enable-mmjsonparse |
605 |
+ --enable-mmpstrucdata |
606 |
+ --enable-mmsequence |
607 |
+ --enable-mmutf8fix |
608 |
+ # Output Modification Plugins without dependencies |
609 |
+ --enable-mail |
610 |
+ --enable-omprog |
611 |
+ --enable-omruleset |
612 |
+ --enable-omstdout |
613 |
+ --enable-omuxsock |
614 |
+ # Misc |
615 |
+ --enable-pmaixforwardedfrom |
616 |
+ --enable-pmciscoios |
617 |
+ --enable-pmcisconames |
618 |
+ --enable-pmlastmsg |
619 |
+ --enable-pmsnare |
620 |
+ # DB |
621 |
+ $(use_enable dbi libdbi) |
622 |
+ $(use_enable mongodb ommongodb) |
623 |
+ $(use_enable mysql) |
624 |
+ $(use_enable postgres pgsql) |
625 |
+ $(use_enable redis omhiredis) |
626 |
+ # Debug |
627 |
+ $(use_enable debug) |
628 |
+ $(use_enable debug diagtools) |
629 |
+ $(use_enable debug memcheck) |
630 |
+ $(use_enable debug rtinst) |
631 |
+ $(use_enable debug valgrind) |
632 |
+ # Misc |
633 |
+ $(use_enable elasticsearch) |
634 |
+ $(use_enable gcrypt libgcrypt) |
635 |
+ $(use_enable jemalloc) |
636 |
+ $(use_enable kerberos gssapi-krb5) |
637 |
+ $(use_enable normalize mmnormalize) |
638 |
+ $(use_enable omudpspoof) |
639 |
+ $(use_enable rabbitmq omrabbitmq) |
640 |
+ $(use_enable relp) |
641 |
+ $(use_enable rfc3195) |
642 |
+ $(use_enable rfc5424hmac mmrfc5424addhmac) |
643 |
+ $(use_enable snmp) |
644 |
+ $(use_enable snmp mmsnmptrapd) |
645 |
+ $(use_enable ssl gnutls) |
646 |
+ $(use_enable systemd imjournal) |
647 |
+ $(use_enable systemd omjournal) |
648 |
+ $(use_enable usertools) |
649 |
+ $(use_enable zeromq imzmq3) |
650 |
+ $(use_enable zeromq omzmq3) |
651 |
+ "$(systemd_with_unitdir)" |
652 |
+ ) |
653 |
+ |
654 |
+ autotools-utils_src_configure |
655 |
+} |
656 |
+ |
657 |
+src_compile() { |
658 |
+ autotools-utils_src_compile |
659 |
+ |
660 |
+ if use doc && [[ "${PV}" == "9999" ]]; then |
661 |
+ einfo "Building documentation ..." |
662 |
+ local doc_dir="${S}/docs" |
663 |
+ cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!" |
664 |
+ sphinx-build -b html source build || die "Building documentation failed!" |
665 |
+ fi |
666 |
+} |
667 |
+ |
668 |
+src_test() { |
669 |
+ local _has_increased_ulimit= |
670 |
+ |
671 |
+ # When adding new tests via patches we have to make them executable |
672 |
+ einfo "Adjusting permissions of test scripts ..." |
673 |
+ find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \ |
674 |
+ die "Failed to adjust test scripts permission" |
675 |
+ |
676 |
+ if ulimit -n 3072; then |
677 |
+ _has_increased_ulimit="true" |
678 |
+ fi |
679 |
+ |
680 |
+ if ! emake --jobs 1 check; then |
681 |
+ eerror "Test suite failed! :(" |
682 |
+ |
683 |
+ if [ -z "${_has_increased_ulimit}" ]; then |
684 |
+ eerror "Probably because open file limit couldn't be set to 3072." |
685 |
+ fi |
686 |
+ |
687 |
+ if has userpriv $FEATURES; then |
688 |
+ eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \ |
689 |
+ "before you submit a bug report." |
690 |
+ fi |
691 |
+ |
692 |
+ fi |
693 |
+} |
694 |
+ |
695 |
+src_install() { |
696 |
+ use doc && HTML_DOCS=( "${S}/docs/build/" ) |
697 |
+ autotools-utils_src_install |
698 |
+ |
699 |
+ newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN} |
700 |
+ newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN} |
701 |
+ |
702 |
+ keepdir /var/empty/dev |
703 |
+ keepdir /var/spool/${PN} |
704 |
+ keepdir /etc/ssl/${PN} |
705 |
+ keepdir /etc/${PN}.d |
706 |
+ |
707 |
+ insinto /etc |
708 |
+ newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf |
709 |
+ |
710 |
+ insinto /etc/rsyslog.d/ |
711 |
+ doins "${FILESDIR}/${BRANCH}/50-default.conf" |
712 |
+ |
713 |
+ insinto /etc/logrotate.d/ |
714 |
+ newins "${FILESDIR}/${BRANCH}/${PN}.logrotate" ${PN} |
715 |
+ |
716 |
+ if use mysql; then |
717 |
+ insinto /usr/share/doc/${PF}/scripts/mysql |
718 |
+ doins plugins/ommysql/createDB.sql |
719 |
+ fi |
720 |
+ |
721 |
+ if use postgres; then |
722 |
+ insinto /usr/share/doc/${PF}/scripts/pgsql |
723 |
+ doins plugins/ompgsql/createDB.sql |
724 |
+ fi |
725 |
+} |
726 |
+ |
727 |
+pkg_postinst() { |
728 |
+ local advertise_readme=0 |
729 |
+ |
730 |
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then |
731 |
+ # This is a new installation |
732 |
+ |
733 |
+ advertise_readme=1 |
734 |
+ |
735 |
+ if use mysql || use postgres; then |
736 |
+ echo |
737 |
+ elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:" |
738 |
+ elog " /usr/share/doc/${PF}/scripts" |
739 |
+ fi |
740 |
+ |
741 |
+ if use ssl; then |
742 |
+ echo |
743 |
+ elog "To create a default CA and certificates for your server and clients, run:" |
744 |
+ elog " emerge --config =${PF}" |
745 |
+ elog "on your logging server. You can run it several times," |
746 |
+ elog "once for each logging client. The client certificates will be signed" |
747 |
+ elog "using the CA certificate generated during the first run." |
748 |
+ fi |
749 |
+ fi |
750 |
+ |
751 |
+ if [[ -z "${REPLACING_VERSIONS}" ]] || [[ ${REPLACING_VERSIONS} < 8.0 ]]; then |
752 |
+ # Show this message until rsyslog-8.x |
753 |
+ echo |
754 |
+ elog "Since ${PN}-7.6.3 we no longer use the catch-all log target" |
755 |
+ elog "\"/var/log/syslog\" due to its redundancy to the other log targets." |
756 |
+ |
757 |
+ advertise_readme=1 |
758 |
+ fi |
759 |
+ |
760 |
+ if [[ ${advertise_readme} -gt 0 ]]; then |
761 |
+ # We need to show the README file location |
762 |
+ |
763 |
+ echo "" |
764 |
+ elog "Please read" |
765 |
+ elog "" |
766 |
+ elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*" |
767 |
+ elog "" |
768 |
+ elog "for more details." |
769 |
+ fi |
770 |
+} |
771 |
+ |
772 |
+pkg_config() { |
773 |
+ if ! use ssl ; then |
774 |
+ einfo "There is nothing to configure for rsyslog unless you" |
775 |
+ einfo "used USE=ssl to build it." |
776 |
+ return 0 |
777 |
+ fi |
778 |
+ |
779 |
+ # Make sure the certificates directory exists |
780 |
+ CERTDIR="${EROOT}/etc/ssl/${PN}" |
781 |
+ if [ ! -d "${CERTDIR}" ]; then |
782 |
+ mkdir "${CERTDIR}" || die |
783 |
+ fi |
784 |
+ einfo "Your certificates will be stored in ${CERTDIR}" |
785 |
+ |
786 |
+ # Create a default CA if needed |
787 |
+ if [ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]; then |
788 |
+ einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..." |
789 |
+ certtool --generate-privkey \ |
790 |
+ --outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null |
791 |
+ chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" |
792 |
+ |
793 |
+ cat > "${T}/${PF}.$$" <<- _EOF |
794 |
+ cn = Portage automated CA |
795 |
+ ca |
796 |
+ cert_signing_key |
797 |
+ expiration_days = 3650 |
798 |
+ _EOF |
799 |
+ |
800 |
+ certtool --generate-self-signed \ |
801 |
+ --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ |
802 |
+ --outfile "${CERTDIR}/${PN}_ca.cert.pem" \ |
803 |
+ --template "${T}/${PF}.$$" &>/dev/null |
804 |
+ chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" |
805 |
+ |
806 |
+ # Create the server certificate |
807 |
+ echo |
808 |
+ einfon "Please type the Common Name of the SERVER you wish to create a certificate for: " |
809 |
+ read -r CN |
810 |
+ |
811 |
+ einfo "Creating private key and certificate for server ${CN}..." |
812 |
+ certtool --generate-privkey \ |
813 |
+ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null |
814 |
+ chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" |
815 |
+ |
816 |
+ cat > "${T}/${PF}.$$" <<- _EOF |
817 |
+ cn = ${CN} |
818 |
+ tls_www_server |
819 |
+ dns_name = ${CN} |
820 |
+ expiration_days = 3650 |
821 |
+ _EOF |
822 |
+ |
823 |
+ certtool --generate-certificate \ |
824 |
+ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ |
825 |
+ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ |
826 |
+ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ |
827 |
+ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ |
828 |
+ --template "${T}/${PF}.$$" &>/dev/null |
829 |
+ chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" |
830 |
+ |
831 |
+ else |
832 |
+ einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation." |
833 |
+ fi |
834 |
+ |
835 |
+ # Create a client certificate |
836 |
+ echo |
837 |
+ einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: " |
838 |
+ read -r CN |
839 |
+ |
840 |
+ einfo "Creating private key and certificate for client ${CN}..." |
841 |
+ certtool --generate-privkey \ |
842 |
+ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null |
843 |
+ chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" |
844 |
+ |
845 |
+ cat > "${T}/${PF}.$$" <<- _EOF |
846 |
+ cn = ${CN} |
847 |
+ tls_www_client |
848 |
+ dns_name = ${CN} |
849 |
+ expiration_days = 3650 |
850 |
+ _EOF |
851 |
+ |
852 |
+ certtool --generate-certificate \ |
853 |
+ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ |
854 |
+ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ |
855 |
+ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ |
856 |
+ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ |
857 |
+ --template "${T}/${PF}.$$" &>/dev/null |
858 |
+ chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" |
859 |
+ |
860 |
+ rm -f "${T}/${PF}.$$" |
861 |
+ |
862 |
+ echo |
863 |
+ einfo "Here is the documentation on how to encrypt your log traffic:" |
864 |
+ einfo " http://www.rsyslog.com/doc/rsyslog_tls.html" |
865 |
+} |