Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-admin/rsyslog/
Date: Wed, 19 Sep 2018 00:49:43
Message-Id: 1537317988.84a1e4a826372f64a9fb6b31006730945f4c179c.whissi@gentoo
1 commit: 84a1e4a826372f64a9fb6b31006730945f4c179c
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Wed Sep 19 00:44:02 2018 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Wed Sep 19 00:46:28 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84a1e4a8
7
8 app-admin/rsyslog: bump to v8.38.0
9
10 Package-Manager: Portage-2.3.49, Repoman-2.3.10
11
12 app-admin/rsyslog/Manifest | 2 +
13 app-admin/rsyslog/metadata.xml | 1 +
14 app-admin/rsyslog/rsyslog-8.38.0.ebuild | 455 ++++++++++++++++++++++++++++++++
15 3 files changed, 458 insertions(+)
16
17 diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest
18 index c43d25535ad..9a7bf96e70e 100644
19 --- a/app-admin/rsyslog/Manifest
20 +++ b/app-admin/rsyslog/Manifest
21 @@ -1,6 +1,8 @@
22 DIST rsyslog-8.35.0.tar.gz 2590108 BLAKE2B e201c1366b8ab96c070829d51de079212e82216a793eb7622aa91c66e2330981de8be547b1ee7f102ed7d8c8de054d58ba151e95238146a61fba8fe908c5f929 SHA512 3b8845fc057147c2dd740b3bb432e7fb101ad60be5c6bc86a2c2796bcd3f3526c617d45b9e8301388d51047a125ca18ba4ac54f8be2a13eabbbe8fb9361beecc
23 DIST rsyslog-8.36.0.tar.gz 2639477 BLAKE2B 9c7343d853f79e2955a8999e2871a2a9b008cb3ef75b94e2381a3a0ff3e49445593d852d7de3819851dc0d4c17a91d966ca2fbfd52e8215ebdbaf6b7ccd68bdf SHA512 b0c8689374b5b0fb5ad9675ad8983ce67bd04d34ad07d39cf8f91498fd2fd21a173f1077e5fa1b66a89a9d93ab011fc6345ac1a3be9961f4794fc9e152c32a50
24 DIST rsyslog-8.37.0.tar.gz 2697435 BLAKE2B d88a06e8a5da15ed88d0d6c92032f71be10c2b77970e26b8fe5258e116f8f635c2e359408260b8e486401b8d9ea0e234e22070f520d42bb7884923df4f216ee3 SHA512 2989eb7ed3333151e979a720fa0e95e330bda9b40f65009f7969069bcbbeee8f493c6a3189f67bbbc2529d3a2ac14a022d7e8c4f2d0dae42b67d7508d7611fa0
25 +DIST rsyslog-8.38.0.tar.gz 2721798 BLAKE2B 578bc9eefce4893a9c1eb54ee7360cd9fa51b3c87ffe07a0fd5b122987f991835f603417243084de0b59286e993ad1c84237e61c44bc18457b3660668421101b SHA512 9dc3bdc4ef01c2af433478e182704694cb50849d811d476a03e4ce03b3c5aecfb506e7f1c1e51fadcd63da60b067d8011b92b8c9354a688fe66f7b6ffd8f9254
26 DIST rsyslog-doc-8.35.0.tar.gz 7427270 BLAKE2B 5441080c07a8398cd5d513ba6abe0335f62762f105354105549f0440c0429c62a4f28a4cc84a71d049bc8134cd64bda2c2210a2f30fd5b94f53e0bc783e7c8d1 SHA512 f78d0451eef789d60f7c5ae1eed46c4a9f7a6ade73b829f65aa2373aa786b00e84e8957089532b1b652838bd9f62b41d92530276a0d27e21b8e94d5f0e4728a6
27 DIST rsyslog-doc-8.36.0.tar.gz 7570338 BLAKE2B 031f94b88fb97e6c8b01d224279138c371a5f54ecc5d7a9298b4ec6351c5d380065877888ab1969386b76b9e715937b7335bee59c3d5b8ddd4910392a58d08cb SHA512 a93f56c9c9464a9ca87f61169c6fcfaa94608f31210eaac77e882e64bf5f514c887765db6bb57e4defafeb2a6e552506f0274c1ed275306efc1656f5520b5efa
28 DIST rsyslog-doc-8.37.0.tar.gz 7587722 BLAKE2B 266e5be77e4ca91e3777ee4f2c999986ee7318287546c1fb84ee21f1f4995907fa8caac84ef47cec2665ef29f34151b4b22ed6c35ea1ffe0c4ddff8d05e23136 SHA512 827ac6762ad9257d9499201d5dc3d110c65f11891ab58d36dce568ffa5f8b57fe10505bc2c7b0743dcca319f294ba6418a880b7ca787eb19dcc1f262ba0f3b59
29 +DIST rsyslog-doc-8.38.0.tar.gz 7662314 BLAKE2B 57a121950a3f6630e4736a1ff998e93b543389107d146ddb148ecd2702bb208d21a7f4d77f2fd958f2a56e092341fc6a24ed1cc80a910cb1adb54c65b5b2da04 SHA512 e28a09ae2fcddc711d2cfd31207c9862192598e49964a47b41fc8fa3ae5b1e08b7e2589fb5af859d58d4bf028574eb56cac6514401aa56cb482fa1166863e6a5
30
31 diff --git a/app-admin/rsyslog/metadata.xml b/app-admin/rsyslog/metadata.xml
32 index 5075171a370..6abc65f4fb4 100644
33 --- a/app-admin/rsyslog/metadata.xml
34 +++ b/app-admin/rsyslog/metadata.xml
35 @@ -21,6 +21,7 @@
36 <flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag>
37 <flag name="mysql">Build the MySQL database output module (requires <pkg>virtual/mysql</pkg>)</flag>
38 <flag name="normalize">Build the normalize modify module (requires <pkg>dev-libs/libee</pkg> and <pkg>dev-libs/liblognorm</pkg>)</flag>
39 + <flag name="omhttp">Build the http output module (requires <pkg>net-misc/curl</pkg>)</flag>
40 <flag name="omhttpfs">Build the httpfs output module (requires <pkg>net-misc/curl</pkg>)</flag>
41 <flag name="omudpspoof">Build the udpspoof output module (requires <pkg>net-libs/libnet</pkg>)</flag>
42 <flag name="openssl">Build the OpenSSL network stream driver (requires <pkg>dev-libs/openssl</pkg>)</flag>
43
44 diff --git a/app-admin/rsyslog/rsyslog-8.38.0.ebuild b/app-admin/rsyslog/rsyslog-8.38.0.ebuild
45 new file mode 100644
46 index 00000000000..6df02d0bab4
47 --- /dev/null
48 +++ b/app-admin/rsyslog/rsyslog-8.38.0.ebuild
49 @@ -0,0 +1,455 @@
50 +# Copyright 1999-2018 Gentoo Foundation
51 +# Distributed under the terms of the GNU General Public License v2
52 +
53 +EAPI="6"
54 +PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6,3_7} )
55 +
56 +inherit autotools eutils linux-info python-any-r1 systemd
57 +
58 +DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
59 +HOMEPAGE="https://www.rsyslog.com/"
60 +
61 +if [[ ${PV} == "9999" ]]; then
62 + EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"
63 +
64 + DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"
65 +
66 + inherit git-r3
67 +else
68 + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86"
69 +
70 + SRC_URI="
71 + https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz
72 + doc? ( https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz )
73 + "
74 +
75 + PATCHES=()
76 +fi
77 +
78 +LICENSE="GPL-3 LGPL-3 Apache-2.0"
79 +SLOT="0"
80 +IUSE="curl dbi debug doc elasticsearch +gcrypt grok gnutls jemalloc kafka kerberos kubernetes libressl mdblookup"
81 +IUSE+=" mongodb mysql normalize omhttp omhttpfs omudpspoof openssl postgres rabbitmq redis relp rfc3195 rfc5424hmac"
82 +IUSE+=" snmp ssl systemd test usertools +uuid xxhash zeromq"
83 +RESTRICT="!test? ( test )"
84 +
85 +RDEPEND="
86 + >=dev-libs/libfastjson-0.99.8:=
87 + >=dev-libs/libestr-0.1.9
88 + >=sys-libs/zlib-1.2.5
89 + curl? ( >=net-misc/curl-7.35.0 )
90 + dbi? ( >=dev-db/libdbi-0.8.3 )
91 + elasticsearch? ( >=net-misc/curl-7.35.0 )
92 + gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
93 + grok? ( >=dev-libs/grok-0.9.2 )
94 + jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )
95 + kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )
96 + kerberos? ( virtual/krb5 )
97 + kubernetes? ( >=net-misc/curl-7.35.0 )
98 + mdblookup? ( dev-libs/libmaxminddb:= )
99 + mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )
100 + mysql? ( virtual/libmysqlclient:= )
101 + normalize? (
102 + >=dev-libs/libee-0.4.0
103 + >=dev-libs/liblognorm-2.0.3:=
104 + )
105 + omhttpfs? ( >=net-misc/curl-7.35.0 )
106 + omudpspoof? ( >=net-libs/libnet-1.1.6 )
107 + postgres? ( >=dev-db/postgresql-8.4.20:= )
108 + rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )
109 + redis? ( >=dev-libs/hiredis-0.11.0:= )
110 + relp? ( >=dev-libs/librelp-1.2.17:= )
111 + rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
112 + rfc5424hmac? (
113 + !libressl? ( >=dev-libs/openssl-0.9.8y:0= )
114 + libressl? ( dev-libs/libressl:= )
115 + )
116 + snmp? ( >=net-analyzer/net-snmp-5.7.2 )
117 + ssl? (
118 + gnutls? ( >=net-libs/gnutls-2.12.23:0= )
119 + openssl? (
120 + !libressl? ( dev-libs/openssl:0= )
121 + libressl? ( dev-libs/libressl:0= )
122 + )
123 + )
124 + systemd? ( >=sys-apps/systemd-234 )
125 + uuid? ( sys-apps/util-linux:0= )
126 + xxhash? ( dev-libs/xxhash:= )
127 + zeromq? (
128 + >=net-libs/czmq-3.0.2
129 + )"
130 +DEPEND="${RDEPEND}
131 + >=sys-devel/autoconf-archive-2015.02.24
132 + virtual/pkgconfig
133 + test? (
134 + jemalloc? ( <sys-libs/libfaketime-0.9.7 )
135 + !jemalloc? ( sys-libs/libfaketime )
136 + ${PYTHON_DEPS}
137 + )"
138 +
139 +REQUIRED_USE="
140 + kubernetes? ( normalize )
141 + ssl? ( || ( gnutls openssl ) )
142 +"
143 +
144 +if [[ ${PV} == "9999" ]]; then
145 + DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
146 + DEPEND+=" >=sys-devel/flex-2.5.39-r1"
147 + DEPEND+=" >=sys-devel/bison-2.4.3"
148 + DEPEND+=" >=dev-python/docutils-0.12"
149 +fi
150 +
151 +CONFIG_CHECK="~INOTIFY_USER"
152 +WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"
153 +
154 +pkg_setup() {
155 + use test && python-any-r1_pkg_setup
156 +}
157 +
158 +src_unpack() {
159 + if [[ ${PV} == "9999" ]]; then
160 + git-r3_fetch
161 + git-r3_checkout
162 + else
163 + unpack ${P}.tar.gz
164 + fi
165 +
166 + if use doc; then
167 + if [[ ${PV} == "9999" ]]; then
168 + local _EGIT_BRANCH=
169 + if [[ -n "${EGIT_BRANCH}" ]]; then
170 + # Cannot use rsyslog commits/branches for documentation repository
171 + _EGIT_BRANCH=${EGIT_BRANCH}
172 + unset EGIT_BRANCH
173 + fi
174 +
175 + git-r3_fetch "${DOC_REPO_URI}"
176 + git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
177 +
178 + if [[ -n "${_EGIT_BRANCH}" ]]; then
179 + # Restore previous EGIT_BRANCH information
180 + EGIT_BRANCH=${_EGIT_BRANCH}
181 + fi
182 + else
183 + cd "${S}" || die "Cannot change dir into '${S}'"
184 + mkdir docs || die "Failed to create docs directory"
185 + cd docs || die "Failed to change dir into '${S}/docs'"
186 + unpack ${PN}-doc-${PV}.tar.gz
187 + fi
188 + fi
189 +}
190 +
191 +src_prepare() {
192 + default
193 +
194 + eautoreconf
195 +}
196 +
197 +src_configure() {
198 + # Maintainer notes:
199 + # * Guardtime support is missing because libgt isn't yet available
200 + # in portage.
201 + # * Hadoop's HDFS file system output module is currently not
202 + # supported in Gentoo because nobody is able to test it
203 + # (JAVA dependency).
204 + # * dev-libs/hiredis doesn't provide pkg-config (see #504614,
205 + # upstream PR 129 and 136) so we need to export HIREDIS_*
206 + # variables because rsyslog's build system depends on pkg-config.
207 +
208 + if use redis; then
209 + export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
210 + export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
211 + fi
212 +
213 + local myeconfargs=(
214 + --disable-debug-symbols
215 + --disable-generate-man-pages
216 + --without-valgrind-testbench
217 + --disable-liblogging-stdlog
218 + $(use_enable test testbench)
219 + $(use_enable test libfaketime)
220 + $(use_enable test extended-tests)
221 + # Input Plugins without depedencies
222 + --enable-imdiag
223 + --enable-imfile
224 + --enable-impstats
225 + --enable-imptcp
226 + # Message Modificiation Plugins without depedencies
227 + --enable-mmanon
228 + --enable-mmaudit
229 + --enable-mmcount
230 + --enable-mmfields
231 + --enable-mmjsonparse
232 + --enable-mmpstrucdata
233 + --enable-mmrm1stspace
234 + --enable-mmsequence
235 + --enable-mmutf8fix
236 + # Output Modification Plugins without dependencies
237 + --enable-mail
238 + --enable-omprog
239 + --enable-omruleset
240 + --enable-omstdout
241 + --enable-omuxsock
242 + # Misc
243 + --enable-fmhash
244 + $(use_enable xxhash fmhash-xxhash)
245 + --enable-pmaixforwardedfrom
246 + --enable-pmciscoios
247 + --enable-pmcisconames
248 + --enable-pmlastmsg
249 + --enable-pmsnare
250 + # DB
251 + $(use_enable dbi libdbi)
252 + $(use_enable mongodb ommongodb)
253 + $(use_enable mysql)
254 + $(use_enable postgres pgsql)
255 + $(use_enable redis omhiredis)
256 + # Debug
257 + $(use_enable debug)
258 + $(use_enable debug diagtools)
259 + $(use_enable debug memcheck)
260 + $(use_enable debug valgrind)
261 + # Misc
262 + $(use_enable curl fmhttp)
263 + $(use_enable elasticsearch)
264 + $(use_enable gcrypt libgcrypt)
265 + $(use_enable jemalloc)
266 + $(use_enable kafka imkafka)
267 + $(use_enable kafka omkafka)
268 + $(use_enable kerberos gssapi-krb5)
269 + $(use_enable kubernetes mmkubernetes)
270 + $(use_enable normalize mmnormalize)
271 + $(use_enable mdblookup mmdblookup)
272 + $(use_enable grok mmgrok)
273 + $(use_enable omhttp)
274 + $(use_enable omhttpfs)
275 + $(use_enable omudpspoof)
276 + $(use_enable rabbitmq omrabbitmq)
277 + $(use_enable relp)
278 + $(use_enable rfc3195)
279 + $(use_enable rfc5424hmac mmrfc5424addhmac)
280 + $(use_enable snmp)
281 + $(use_enable snmp mmsnmptrapd)
282 + $(use_enable gnutls)
283 + $(use_enable openssl)
284 + $(use_enable systemd imjournal)
285 + $(use_enable systemd omjournal)
286 + $(use_enable usertools)
287 + $(use_enable uuid)
288 + $(use_enable zeromq imczmq)
289 + $(use_enable zeromq omczmq)
290 + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
291 + )
292 +
293 + econf "${myeconfargs[@]}"
294 +}
295 +
296 +src_compile() {
297 + default
298 +
299 + if use doc && [[ "${PV}" == "9999" ]]; then
300 + einfo "Building documentation ..."
301 + local doc_dir="${S}/docs"
302 + cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"
303 + sphinx-build -b html source build || die "Building documentation failed!"
304 + fi
305 +}
306 +
307 +src_test() {
308 + local _has_increased_ulimit=
309 +
310 + # Sometimes tests aren't executable (i.e. when added via patch)
311 + einfo "Adjusting permissions of test scripts ..."
312 + find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \
313 + die "Failed to adjust test scripts permission"
314 +
315 + if ulimit -n 3072; then
316 + _has_increased_ulimit="true"
317 + fi
318 +
319 + if ! emake --jobs 1 check; then
320 + eerror "Test suite failed! :("
321 +
322 + if [[ -z "${_has_increased_ulimit}" ]]; then
323 + eerror "Probably because open file limit couldn't be set to 3072."
324 + fi
325 +
326 + if has userpriv ${FEATURES}; then
327 + eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
328 + "before you submit a bug report."
329 + fi
330 +
331 + fi
332 +}
333 +
334 +src_install() {
335 + local DOCS=(
336 + AUTHORS
337 + ChangeLog
338 + "${FILESDIR}"/README.gentoo
339 + )
340 +
341 + use doc && local HTML_DOCS=( "${S}/docs/build/." )
342 +
343 + default
344 +
345 + newconfd "${FILESDIR}/${PN}.confd-r1" ${PN}
346 + newinitd "${FILESDIR}/${PN}.initd-r1" ${PN}
347 +
348 + keepdir /var/empty/dev
349 + keepdir /var/spool/${PN}
350 + keepdir /etc/ssl/${PN}
351 + keepdir /etc/${PN}.d
352 +
353 + insinto /etc
354 + newins "${FILESDIR}/${PN}.conf" ${PN}.conf
355 +
356 + insinto /etc/rsyslog.d/
357 + newins "${FILESDIR}/50-default-r1.conf" 50-default.conf
358 +
359 + insinto /etc/logrotate.d/
360 + newins "${FILESDIR}/${PN}-r1.logrotate" ${PN}
361 +
362 + if use mysql; then
363 + insinto /usr/share/doc/${PF}/scripts/mysql
364 + doins plugins/ommysql/createDB.sql
365 + fi
366 +
367 + if use postgres; then
368 + insinto /usr/share/doc/${PF}/scripts/pgsql
369 + doins plugins/ompgsql/createDB.sql
370 + fi
371 +
372 + prune_libtool_files --modules
373 +}
374 +
375 +pkg_postinst() {
376 + local advertise_readme=0
377 +
378 + if [[ -z "${REPLACING_VERSIONS}" ]]; then
379 + # This is a new installation
380 +
381 + advertise_readme=1
382 +
383 + if use mysql || use postgres; then
384 + echo
385 + elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
386 + elog " /usr/share/doc/${PF}/scripts"
387 + fi
388 +
389 + if use ssl; then
390 + echo
391 + elog "To create a default CA and certificates for your server and clients, run:"
392 + elog " emerge --config =${PF}"
393 + elog "on your logging server. You can run it several times,"
394 + elog "once for each logging client. The client certificates will be signed"
395 + elog "using the CA certificate generated during the first run."
396 + fi
397 + fi
398 +
399 + if [[ ${advertise_readme} -gt 0 ]]; then
400 + # We need to show the README file location
401 +
402 + echo ""
403 + elog "Please read"
404 + elog ""
405 + elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
406 + elog ""
407 + elog "for more details."
408 + fi
409 +}
410 +
411 +pkg_config() {
412 + if ! use ssl ; then
413 + einfo "There is nothing to configure for rsyslog unless you"
414 + einfo "used USE=ssl to build it."
415 + return 0
416 + fi
417 +
418 + # Make sure the certificates directory exists
419 + local CERTDIR="${EROOT}/etc/ssl/${PN}"
420 + if [[ ! -d "${CERTDIR}" ]]; then
421 + mkdir "${CERTDIR}" || die
422 + fi
423 + einfo "Your certificates will be stored in ${CERTDIR}"
424 +
425 + # Create a default CA if needed
426 + if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then
427 + einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
428 + certtool --generate-privkey \
429 + --outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
430 + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
431 +
432 + cat > "${T}/${PF}.$$" <<- _EOF
433 + cn = Portage automated CA
434 + ca
435 + cert_signing_key
436 + expiration_days = 3650
437 + _EOF
438 +
439 + certtool --generate-self-signed \
440 + --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
441 + --outfile "${CERTDIR}/${PN}_ca.cert.pem" \
442 + --template "${T}/${PF}.$$" &>/dev/null
443 + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
444 +
445 + # Create the server certificate
446 + echo
447 + einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
448 + read -r CN
449 +
450 + einfo "Creating private key and certificate for server ${CN}..."
451 + certtool --generate-privkey \
452 + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
453 + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
454 +
455 + cat > "${T}/${PF}.$$" <<- _EOF
456 + cn = ${CN}
457 + tls_www_server
458 + dns_name = ${CN}
459 + expiration_days = 3650
460 + _EOF
461 +
462 + certtool --generate-certificate \
463 + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
464 + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
465 + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
466 + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
467 + --template "${T}/${PF}.$$" &>/dev/null
468 + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
469 +
470 + else
471 + einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
472 + fi
473 +
474 + # Create a client certificate
475 + echo
476 + einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
477 + read -r CN
478 +
479 + einfo "Creating private key and certificate for client ${CN}..."
480 + certtool --generate-privkey \
481 + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
482 + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
483 +
484 + cat > "${T}/${PF}.$$" <<- _EOF
485 + cn = ${CN}
486 + tls_www_client
487 + dns_name = ${CN}
488 + expiration_days = 3650
489 + _EOF
490 +
491 + certtool --generate-certificate \
492 + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
493 + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
494 + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
495 + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
496 + --template "${T}/${PF}.$$" &>/dev/null
497 + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
498 +
499 + rm -f "${T}/${PF}.$$"
500 +
501 + echo
502 + einfo "Here is the documentation on how to encrypt your log traffic:"
503 + einfo " https://www.rsyslog.com/doc/rsyslog_tls.html"
504 +}
Report Message
Find on MARC Find on Google Groups