Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Julian Ospald <hasufell@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-admin/rsyslog/
Date: Sun, 20 Sep 2015 13:15:20
Message-Id: 1442754908.ff1f50ddefed52f2aecdcb7e3810360821cb7ebc.hasufell@gentoo
1 commit: ff1f50ddefed52f2aecdcb7e3810360821cb7ebc
2 Author: Julian Ospald <hasufell <AT> gentoo <DOT> org>
3 AuthorDate: Sun Sep 20 13:14:36 2015 +0000
4 Commit: Julian Ospald <hasufell <AT> gentoo <DOT> org>
5 CommitDate: Sun Sep 20 13:15:08 2015 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff1f50dd
7
8 app-admin/rsyslog: add libressl support
9
10 app-admin/rsyslog/metadata.xml | 3 +-
11 app-admin/rsyslog/rsyslog-8.12.0-r1.ebuild | 417 +++++++++++++++++++++++++++++
12 2 files changed, 419 insertions(+), 1 deletion(-)
13
14 diff --git a/app-admin/rsyslog/metadata.xml b/app-admin/rsyslog/metadata.xml
15 index 2be62ca..c032419 100644
16 --- a/app-admin/rsyslog/metadata.xml
17 +++ b/app-admin/rsyslog/metadata.xml
18 @@ -17,6 +17,7 @@
19 <flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag>
20 <flag name="jemalloc">Use <pkg>dev-libs/jemalloc</pkg> for allocations.</flag>
21 <flag name="kerberos">Build the GSSAPI input and output module (requires <pkg>virtual/krb5</pkg>)</flag>
22 + <flag name="libressl">Use <pkg>dev-libs/libressl</pkg> for building the rfc5424hmac modify module (requires rfc5424hmac USE flag)</flag>
23 <flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag>
24 <flag name="mysql">Build the MySQL databse output module (requires <pkg>virtual/mysql</pkg>)</flag>
25 <flag name="normalize">Build the normalize modify module (requires <pkg>dev-libs/libee</pkg> and <pkg>dev-libs/liblognorm</pkg>)</flag>
26 @@ -26,7 +27,7 @@
27 <flag name="redis">Build the Redis output module using (requires <pkg>dev-libs/hiredis</pkg>)</flag>
28 <flag name="relp">Build the Reliable Event Logging Protocol (RELP) output module (requires <pkg>dev-libs/librelp</pkg>)</flag>
29 <flag name="rfc3195">Build the rfc3195 input module (requires <pkg>dev-libs/liblogging</pkg>)</flag>
30 - <flag name="rfc5424hmac">Build the rfc5424hmac modify module (requires <pkg>dev-libs/openssl</pkg>)</flag>
31 + <flag name="rfc5424hmac">Build the rfc5424hmac modify module (requires <pkg>dev-libs/openssl</pkg> or <pkg>dev-libs/libressl</pkg>)</flag>
32 <flag name="snmp">Build the snmp modify and output module (requires <pkg>net-analyzer/net-snmp</pkg>)</flag>
33 <flag name="ssl">Add support for encrypted client/server communication (requires <pkg>net-libs/gnutls</pkg>)</flag>
34 <flag name="systemd">Build the journal input and output module (requires <pkg>sys-apps/systemd</pkg>)</flag>
35
36 diff --git a/app-admin/rsyslog/rsyslog-8.12.0-r1.ebuild b/app-admin/rsyslog/rsyslog-8.12.0-r1.ebuild
37 new file mode 100644
38 index 0000000..a7fac74
39 --- /dev/null
40 +++ b/app-admin/rsyslog/rsyslog-8.12.0-r1.ebuild
41 @@ -0,0 +1,417 @@
42 +# Copyright 1999-2015 Gentoo Foundation
43 +# Distributed under the terms of the GNU General Public License v2
44 +# $Id$
45 +
46 +EAPI=5
47 +AUTOTOOLS_AUTORECONF=1
48 +
49 +inherit autotools-utils eutils systemd
50 +
51 +DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
52 +HOMEPAGE="http://www.rsyslog.com/"
53 +
54 +BRANCH="8-stable"
55 +
56 +PATCHES=()
57 +
58 +if [[ ${PV} == "9999" ]]; then
59 + EGIT_REPO_URI="
60 + git://github.com/rsyslog/${PN}.git
61 + https://github.com/rsyslog/${PN}.git
62 + "
63 +
64 + DOC_REPO_URI="
65 + git://github.com/rsyslog/${PN}-doc.git
66 + https://github.com/rsyslog/${PN}-doc.git
67 + "
68 +
69 + inherit git-r3
70 +else
71 + SRC_URI="
72 + http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz
73 + doc? ( http://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz )
74 + "
75 + KEYWORDS="~amd64 ~arm ~hppa ~x86"
76 +
77 + PATCHES+=( "${FILESDIR}"/8-stable/40-rsyslog-fix-parallel-build-issue-479.patch )
78 +fi
79 +
80 +LICENSE="GPL-3 LGPL-3 Apache-2.0"
81 +SLOT="0"
82 +IUSE="dbi debug doc elasticsearch +gcrypt jemalloc kerberos libressl mongodb mysql normalize omudpspoof
83 +postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools zeromq"
84 +
85 +RDEPEND="
86 + >=dev-libs/json-c-0.11:=
87 + >=dev-libs/libestr-0.1.9
88 + >=dev-libs/liblogging-1.0.1:=[stdlog]
89 + >=sys-libs/zlib-1.2.5
90 + dbi? ( >=dev-db/libdbi-0.8.3 )
91 + elasticsearch? ( >=net-misc/curl-7.35.0 )
92 + gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
93 + jemalloc? ( >=dev-libs/jemalloc-3.3.1 )
94 + kerberos? ( virtual/krb5 )
95 + mongodb? ( >=dev-libs/libmongo-client-0.1.4 )
96 + mysql? ( virtual/mysql )
97 + normalize? (
98 + >=dev-libs/libee-0.4.0
99 + >=dev-libs/liblognorm-1.1.0:=
100 + )
101 + omudpspoof? ( >=net-libs/libnet-1.1.6 )
102 + postgres? ( >=dev-db/postgresql-8.4.20:= )
103 + rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0 )
104 + redis? ( >=dev-libs/hiredis-0.11.0 )
105 + relp? ( >=dev-libs/librelp-1.2.5 )
106 + rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
107 + rfc5424hmac? (
108 + !libressl? ( >=dev-libs/openssl-0.9.8y:0= )
109 + libressl? ( dev-libs/libressl:= )
110 + )
111 + snmp? ( >=net-analyzer/net-snmp-5.7.2 )
112 + ssl? ( >=net-libs/gnutls-2.12.23 )
113 + systemd? ( >=sys-apps/systemd-208 )
114 + zeromq? ( >=net-libs/czmq-1.2.0 )"
115 +DEPEND="${RDEPEND}
116 + virtual/pkgconfig"
117 +
118 +if [[ ${PV} == "9999" ]]; then
119 + DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
120 + DEPEND+=" >=sys-devel/flex-2.5.39-r1"
121 + DEPEND+=" >=sys-devel/bison-2.4.3"
122 + DEPEND+=" >=dev-python/docutils-0.12"
123 +fi
124 +
125 +# Maitainer note : open a bug to upstream
126 +# showing that building in a separate dir fails
127 +AUTOTOOLS_IN_SOURCE_BUILD=1
128 +
129 +AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules"
130 +
131 +DOCS=(
132 + AUTHORS
133 + ChangeLog
134 + "${FILESDIR}"/${BRANCH}/README.gentoo
135 +)
136 +
137 +src_unpack() {
138 + if [[ ${PV} == "9999" ]]; then
139 + git-r3_fetch
140 + git-r3_checkout
141 + else
142 + unpack ${P}.tar.gz
143 + fi
144 +
145 + if use doc; then
146 + if [[ ${PV} == "9999" ]]; then
147 + local _EGIT_BRANCH=
148 + if [ -n "${EGIT_BRANCH}" ]; then
149 + # Cannot use rsyslog commits/branches for documentation repository
150 + _EGIT_BRANCH=${EGIT_BRANCH}
151 + unset EGIT_BRANCH
152 + fi
153 +
154 + git-r3_fetch "${DOC_REPO_URI}"
155 + git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
156 +
157 + if [ -n "${_EGIT_BRANCH}" ]; then
158 + # Restore previous EGIT_BRANCH information
159 + EGIT_BRANCH=${_EGIT_BRANCH}
160 + fi
161 + else
162 + local doc_tarball="${PN}-doc-${PV}.tar.gz"
163 +
164 + cd "${S}" || die "Cannot change dir into '$S'"
165 + mkdir docs || die "Failed to create docs directory"
166 + cd docs || die "Failed to change dir into '${S}/docs'"
167 + unpack ${doc_tarball}
168 + fi
169 + fi
170 +}
171 +
172 +src_configure() {
173 + # Maintainer notes:
174 + # * Guardtime support is missing because libgt isn't yet available
175 + # in portage.
176 + # * Hadoop's HDFS file system output module is currently not
177 + # supported in Gentoo because nobody is able to test it
178 + # (JAVA dependency).
179 + # * dev-libs/hiredis doesn't provide pkg-config (see #504614,
180 + # upstream PR 129 and 136) so we need to export HIREDIS_*
181 + # variables because rsyslog's build system depends on pkg-config.
182 +
183 + if use redis; then
184 + export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
185 + export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
186 + fi
187 +
188 + local myeconfargs=(
189 + --disable-debug-symbols
190 + --disable-generate-man-pages
191 + --without-valgrind-testbench
192 + $(use_enable test testbench)
193 + # Input Plugins without depedencies
194 + --enable-imdiag
195 + --enable-imfile
196 + --enable-impstats
197 + --enable-imptcp
198 + # Message Modificiation Plugins without depedencies
199 + --enable-mmanon
200 + --enable-mmaudit
201 + --enable-mmfields
202 + --enable-mmjsonparse
203 + --enable-mmpstrucdata
204 + --enable-mmsequence
205 + --enable-mmutf8fix
206 + # Output Modification Plugins without dependencies
207 + --enable-mail
208 + --enable-omprog
209 + --enable-omruleset
210 + --enable-omstdout
211 + --enable-omuxsock
212 + # Misc
213 + --enable-pmaixforwardedfrom
214 + --enable-pmciscoios
215 + --enable-pmcisconames
216 + --enable-pmlastmsg
217 + --enable-pmsnare
218 + # DB
219 + $(use_enable dbi libdbi)
220 + $(use_enable mongodb ommongodb)
221 + $(use_enable mysql)
222 + $(use_enable postgres pgsql)
223 + $(use_enable redis omhiredis)
224 + # Debug
225 + $(use_enable debug)
226 + $(use_enable debug diagtools)
227 + $(use_enable debug memcheck)
228 + $(use_enable debug rtinst)
229 + $(use_enable debug valgrind)
230 + # Misc
231 + $(use_enable elasticsearch)
232 + $(use_enable gcrypt libgcrypt)
233 + $(use_enable jemalloc)
234 + $(use_enable kerberos gssapi-krb5)
235 + $(use_enable normalize mmnormalize)
236 + $(use_enable omudpspoof)
237 + $(use_enable rabbitmq omrabbitmq)
238 + $(use_enable relp)
239 + $(use_enable rfc3195)
240 + $(use_enable rfc5424hmac mmrfc5424addhmac)
241 + $(use_enable snmp)
242 + $(use_enable snmp mmsnmptrapd)
243 + $(use_enable ssl gnutls)
244 + $(use_enable systemd imjournal)
245 + $(use_enable systemd omjournal)
246 + $(use_enable usertools)
247 + $(use_enable zeromq imzmq3)
248 + $(use_enable zeromq omzmq3)
249 + "$(systemd_with_unitdir)"
250 + )
251 +
252 + autotools-utils_src_configure
253 +}
254 +
255 +src_compile() {
256 + autotools-utils_src_compile
257 +
258 + if use doc && [[ "${PV}" == "9999" ]]; then
259 + einfo "Building documentation ..."
260 + local doc_dir="${S}/docs"
261 + cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"
262 + sphinx-build -b html source build || die "Building documentation failed!"
263 + fi
264 +}
265 +
266 +src_test() {
267 + local _has_increased_ulimit=
268 +
269 + if ulimit -n 3072; then
270 + _has_increased_ulimit="true"
271 + fi
272 +
273 + if ! emake --jobs 1 check; then
274 + eerror "Test suite failed! :("
275 +
276 + if [ -z "${_has_increased_ulimit}" ]; then
277 + eerror "Probably because open file limit couldn't be set to 3072."
278 + fi
279 +
280 + if has userpriv $FEATURES; then
281 + eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
282 + "before you submit a bug report."
283 + fi
284 +
285 + fi
286 +}
287 +
288 +src_install() {
289 + use doc && HTML_DOCS=( "${S}/docs/build/" )
290 + autotools-utils_src_install
291 +
292 + newconfd "${FILESDIR}/${BRANCH}/${PN}.confd" ${PN}
293 + newinitd "${FILESDIR}/${BRANCH}/${PN}.initd" ${PN}
294 +
295 + keepdir /var/empty/dev
296 + keepdir /var/spool/${PN}
297 + keepdir /etc/ssl/${PN}
298 + keepdir /etc/${PN}.d
299 +
300 + insinto /etc
301 + newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
302 +
303 + insinto /etc/rsyslog.d/
304 + doins "${FILESDIR}/${BRANCH}/50-default.conf"
305 +
306 + insinto /etc/logrotate.d/
307 + newins "${FILESDIR}/${BRANCH}/${PN}.logrotate" ${PN}
308 +
309 + if use mysql; then
310 + insinto /usr/share/doc/${PF}/scripts/mysql
311 + doins plugins/ommysql/createDB.sql
312 + fi
313 +
314 + if use postgres; then
315 + insinto /usr/share/doc/${PF}/scripts/pgsql
316 + doins plugins/ompgsql/createDB.sql
317 + fi
318 +}
319 +
320 +pkg_postinst() {
321 + local advertise_readme=0
322 +
323 + if [[ -z "${REPLACING_VERSIONS}" ]]; then
324 + # This is a new installation
325 +
326 + advertise_readme=1
327 +
328 + if use mysql || use postgres; then
329 + echo
330 + elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
331 + elog " /usr/share/doc/${PF}/scripts"
332 + fi
333 +
334 + if use ssl; then
335 + echo
336 + elog "To create a default CA and certificates for your server and clients, run:"
337 + elog " emerge --config =${PF}"
338 + elog "on your logging server. You can run it several times,"
339 + elog "once for each logging client. The client certificates will be signed"
340 + elog "using the CA certificate generated during the first run."
341 + fi
342 + fi
343 +
344 + if [[ -z "${REPLACING_VERSIONS}" ]] || [[ ${REPLACING_VERSIONS} < 8.0 ]]; then
345 + # Show this message until rsyslog-8.x
346 + echo
347 + elog "Since ${PN}-7.6.3 we no longer use the catch-all log target"
348 + elog "\"/var/log/syslog\" due to its redundancy to the other log targets."
349 +
350 + advertise_readme=1
351 + fi
352 +
353 + if [[ ${advertise_readme} -gt 0 ]]; then
354 + # We need to show the README file location
355 +
356 + echo ""
357 + elog "Please read"
358 + elog ""
359 + elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
360 + elog ""
361 + elog "for more details."
362 + fi
363 +}
364 +
365 +pkg_config() {
366 + if ! use ssl ; then
367 + einfo "There is nothing to configure for rsyslog unless you"
368 + einfo "used USE=ssl to build it."
369 + return 0
370 + fi
371 +
372 + # Make sure the certificates directory exists
373 + CERTDIR="${EROOT}/etc/ssl/${PN}"
374 + if [ ! -d "${CERTDIR}" ]; then
375 + mkdir "${CERTDIR}" || die
376 + fi
377 + einfo "Your certificates will be stored in ${CERTDIR}"
378 +
379 + # Create a default CA if needed
380 + if [ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]; then
381 + einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
382 + certtool --generate-privkey \
383 + --outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
384 + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
385 +
386 + cat > "${T}/${PF}.$$" <<- _EOF
387 + cn = Portage automated CA
388 + ca
389 + cert_signing_key
390 + expiration_days = 3650
391 + _EOF
392 +
393 + certtool --generate-self-signed \
394 + --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
395 + --outfile "${CERTDIR}/${PN}_ca.cert.pem" \
396 + --template "${T}/${PF}.$$" &>/dev/null
397 + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
398 +
399 + # Create the server certificate
400 + echo
401 + einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
402 + read -r CN
403 +
404 + einfo "Creating private key and certificate for server ${CN}..."
405 + certtool --generate-privkey \
406 + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
407 + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
408 +
409 + cat > "${T}/${PF}.$$" <<- _EOF
410 + cn = ${CN}
411 + tls_www_server
412 + dns_name = ${CN}
413 + expiration_days = 3650
414 + _EOF
415 +
416 + certtool --generate-certificate \
417 + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
418 + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
419 + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
420 + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
421 + --template "${T}/${PF}.$$" &>/dev/null
422 + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
423 +
424 + else
425 + einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
426 + fi
427 +
428 + # Create a client certificate
429 + echo
430 + einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
431 + read -r CN
432 +
433 + einfo "Creating private key and certificate for client ${CN}..."
434 + certtool --generate-privkey \
435 + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
436 + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
437 +
438 + cat > "${T}/${PF}.$$" <<- _EOF
439 + cn = ${CN}
440 + tls_www_client
441 + dns_name = ${CN}
442 + expiration_days = 3650
443 + _EOF
444 +
445 + certtool --generate-certificate \
446 + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
447 + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
448 + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
449 + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
450 + --template "${T}/${PF}.$$" &>/dev/null
451 + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
452 +
453 + rm -f "${T}/${PF}.$$"
454 +
455 + echo
456 + einfo "Here is the documentation on how to encrypt your log traffic:"
457 + einfo " http://www.rsyslog.com/doc/rsyslog_tls.html"
458 +}
Report Message
Find on MARC Find on Google Groups