1 |
commit: ff1f50ddefed52f2aecdcb7e3810360821cb7ebc |
2 |
Author: Julian Ospald <hasufell <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Sep 20 13:14:36 2015 +0000 |
4 |
Commit: Julian Ospald <hasufell <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Sep 20 13:15:08 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff1f50dd |
7 |
|
8 |
app-admin/rsyslog: add libressl support |
9 |
|
10 |
app-admin/rsyslog/metadata.xml | 3 +- |
11 |
app-admin/rsyslog/rsyslog-8.12.0-r1.ebuild | 417 +++++++++++++++++++++++++++++ |
12 |
2 files changed, 419 insertions(+), 1 deletion(-) |
13 |
|
14 |
diff --git a/app-admin/rsyslog/metadata.xml b/app-admin/rsyslog/metadata.xml |
15 |
index 2be62ca..c032419 100644 |
16 |
--- a/app-admin/rsyslog/metadata.xml |
17 |
+++ b/app-admin/rsyslog/metadata.xml |
18 |
@@ -17,6 +17,7 @@ |
19 |
<flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag> |
20 |
<flag name="jemalloc">Use <pkg>dev-libs/jemalloc</pkg> for allocations.</flag> |
21 |
<flag name="kerberos">Build the GSSAPI input and output module (requires <pkg>virtual/krb5</pkg>)</flag> |
22 |
+ <flag name="libressl">Use <pkg>dev-libs/libressl</pkg> for building the rfc5424hmac modify module (requires rfc5424hmac USE flag)</flag> |
23 |
<flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag> |
24 |
<flag name="mysql">Build the MySQL databse output module (requires <pkg>virtual/mysql</pkg>)</flag> |
25 |
<flag name="normalize">Build the normalize modify module (requires <pkg>dev-libs/libee</pkg> and <pkg>dev-libs/liblognorm</pkg>)</flag> |
26 |
@@ -26,7 +27,7 @@ |
27 |
<flag name="redis">Build the Redis output module using (requires <pkg>dev-libs/hiredis</pkg>)</flag> |
28 |
<flag name="relp">Build the Reliable Event Logging Protocol (RELP) output module (requires <pkg>dev-libs/librelp</pkg>)</flag> |
29 |
<flag name="rfc3195">Build the rfc3195 input module (requires <pkg>dev-libs/liblogging</pkg>)</flag> |
30 |
- <flag name="rfc5424hmac">Build the rfc5424hmac modify module (requires <pkg>dev-libs/openssl</pkg>)</flag> |
31 |
+ <flag name="rfc5424hmac">Build the rfc5424hmac modify module (requires <pkg>dev-libs/openssl</pkg> or <pkg>dev-libs/libressl</pkg>)</flag> |
32 |
<flag name="snmp">Build the snmp modify and output module (requires <pkg>net-analyzer/net-snmp</pkg>)</flag> |
33 |
<flag name="ssl">Add support for encrypted client/server communication (requires <pkg>net-libs/gnutls</pkg>)</flag> |
34 |
<flag name="systemd">Build the journal input and output module (requires <pkg>sys-apps/systemd</pkg>)</flag> |
35 |
|
36 |
diff --git a/app-admin/rsyslog/rsyslog-8.12.0-r1.ebuild b/app-admin/rsyslog/rsyslog-8.12.0-r1.ebuild |
37 |
new file mode 100644 |
38 |
index 0000000..a7fac74 |
39 |
--- /dev/null |
40 |
+++ b/app-admin/rsyslog/rsyslog-8.12.0-r1.ebuild |
41 |
@@ -0,0 +1,417 @@ |
42 |
+# Copyright 1999-2015 Gentoo Foundation |
43 |
+# Distributed under the terms of the GNU General Public License v2 |
44 |
+# $Id$ |
45 |
+ |
46 |
+EAPI=5 |
47 |
+AUTOTOOLS_AUTORECONF=1 |
48 |
+ |
49 |
+inherit autotools-utils eutils systemd |
50 |
+ |
51 |
+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more" |
52 |
+HOMEPAGE="http://www.rsyslog.com/" |
53 |
+ |
54 |
+BRANCH="8-stable" |
55 |
+ |
56 |
+PATCHES=() |
57 |
+ |
58 |
+if [[ ${PV} == "9999" ]]; then |
59 |
+ EGIT_REPO_URI=" |
60 |
+ git://github.com/rsyslog/${PN}.git |
61 |
+ https://github.com/rsyslog/${PN}.git |
62 |
+ " |
63 |
+ |
64 |
+ DOC_REPO_URI=" |
65 |
+ git://github.com/rsyslog/${PN}-doc.git |
66 |
+ https://github.com/rsyslog/${PN}-doc.git |
67 |
+ " |
68 |
+ |
69 |
+ inherit git-r3 |
70 |
+else |
71 |
+ SRC_URI=" |
72 |
+ http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz |
73 |
+ doc? ( http://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz ) |
74 |
+ " |
75 |
+ KEYWORDS="~amd64 ~arm ~hppa ~x86" |
76 |
+ |
77 |
+ PATCHES+=( "${FILESDIR}"/8-stable/40-rsyslog-fix-parallel-build-issue-479.patch ) |
78 |
+fi |
79 |
+ |
80 |
+LICENSE="GPL-3 LGPL-3 Apache-2.0" |
81 |
+SLOT="0" |
82 |
+IUSE="dbi debug doc elasticsearch +gcrypt jemalloc kerberos libressl mongodb mysql normalize omudpspoof |
83 |
+postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools zeromq" |
84 |
+ |
85 |
+RDEPEND=" |
86 |
+ >=dev-libs/json-c-0.11:= |
87 |
+ >=dev-libs/libestr-0.1.9 |
88 |
+ >=dev-libs/liblogging-1.0.1:=[stdlog] |
89 |
+ >=sys-libs/zlib-1.2.5 |
90 |
+ dbi? ( >=dev-db/libdbi-0.8.3 ) |
91 |
+ elasticsearch? ( >=net-misc/curl-7.35.0 ) |
92 |
+ gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= ) |
93 |
+ jemalloc? ( >=dev-libs/jemalloc-3.3.1 ) |
94 |
+ kerberos? ( virtual/krb5 ) |
95 |
+ mongodb? ( >=dev-libs/libmongo-client-0.1.4 ) |
96 |
+ mysql? ( virtual/mysql ) |
97 |
+ normalize? ( |
98 |
+ >=dev-libs/libee-0.4.0 |
99 |
+ >=dev-libs/liblognorm-1.1.0:= |
100 |
+ ) |
101 |
+ omudpspoof? ( >=net-libs/libnet-1.1.6 ) |
102 |
+ postgres? ( >=dev-db/postgresql-8.4.20:= ) |
103 |
+ rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0 ) |
104 |
+ redis? ( >=dev-libs/hiredis-0.11.0 ) |
105 |
+ relp? ( >=dev-libs/librelp-1.2.5 ) |
106 |
+ rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] ) |
107 |
+ rfc5424hmac? ( |
108 |
+ !libressl? ( >=dev-libs/openssl-0.9.8y:0= ) |
109 |
+ libressl? ( dev-libs/libressl:= ) |
110 |
+ ) |
111 |
+ snmp? ( >=net-analyzer/net-snmp-5.7.2 ) |
112 |
+ ssl? ( >=net-libs/gnutls-2.12.23 ) |
113 |
+ systemd? ( >=sys-apps/systemd-208 ) |
114 |
+ zeromq? ( >=net-libs/czmq-1.2.0 )" |
115 |
+DEPEND="${RDEPEND} |
116 |
+ virtual/pkgconfig" |
117 |
+ |
118 |
+if [[ ${PV} == "9999" ]]; then |
119 |
+ DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )" |
120 |
+ DEPEND+=" >=sys-devel/flex-2.5.39-r1" |
121 |
+ DEPEND+=" >=sys-devel/bison-2.4.3" |
122 |
+ DEPEND+=" >=dev-python/docutils-0.12" |
123 |
+fi |
124 |
+ |
125 |
+# Maitainer note : open a bug to upstream |
126 |
+# showing that building in a separate dir fails |
127 |
+AUTOTOOLS_IN_SOURCE_BUILD=1 |
128 |
+ |
129 |
+AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules" |
130 |
+ |
131 |
+DOCS=( |
132 |
+ AUTHORS |
133 |
+ ChangeLog |
134 |
+ "${FILESDIR}"/${BRANCH}/README.gentoo |
135 |
+) |
136 |
+ |
137 |
+src_unpack() { |
138 |
+ if [[ ${PV} == "9999" ]]; then |
139 |
+ git-r3_fetch |
140 |
+ git-r3_checkout |
141 |
+ else |
142 |
+ unpack ${P}.tar.gz |
143 |
+ fi |
144 |
+ |
145 |
+ if use doc; then |
146 |
+ if [[ ${PV} == "9999" ]]; then |
147 |
+ local _EGIT_BRANCH= |
148 |
+ if [ -n "${EGIT_BRANCH}" ]; then |
149 |
+ # Cannot use rsyslog commits/branches for documentation repository |
150 |
+ _EGIT_BRANCH=${EGIT_BRANCH} |
151 |
+ unset EGIT_BRANCH |
152 |
+ fi |
153 |
+ |
154 |
+ git-r3_fetch "${DOC_REPO_URI}" |
155 |
+ git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs |
156 |
+ |
157 |
+ if [ -n "${_EGIT_BRANCH}" ]; then |
158 |
+ # Restore previous EGIT_BRANCH information |
159 |
+ EGIT_BRANCH=${_EGIT_BRANCH} |
160 |
+ fi |
161 |
+ else |
162 |
+ local doc_tarball="${PN}-doc-${PV}.tar.gz" |
163 |
+ |
164 |
+ cd "${S}" || die "Cannot change dir into '$S'" |
165 |
+ mkdir docs || die "Failed to create docs directory" |
166 |
+ cd docs || die "Failed to change dir into '${S}/docs'" |
167 |
+ unpack ${doc_tarball} |
168 |
+ fi |
169 |
+ fi |
170 |
+} |
171 |
+ |
172 |
+src_configure() { |
173 |
+ # Maintainer notes: |
174 |
+ # * Guardtime support is missing because libgt isn't yet available |
175 |
+ # in portage. |
176 |
+ # * Hadoop's HDFS file system output module is currently not |
177 |
+ # supported in Gentoo because nobody is able to test it |
178 |
+ # (JAVA dependency). |
179 |
+ # * dev-libs/hiredis doesn't provide pkg-config (see #504614, |
180 |
+ # upstream PR 129 and 136) so we need to export HIREDIS_* |
181 |
+ # variables because rsyslog's build system depends on pkg-config. |
182 |
+ |
183 |
+ if use redis; then |
184 |
+ export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis" |
185 |
+ export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include" |
186 |
+ fi |
187 |
+ |
188 |
+ local myeconfargs=( |
189 |
+ --disable-debug-symbols |
190 |
+ --disable-generate-man-pages |
191 |
+ --without-valgrind-testbench |
192 |
+ $(use_enable test testbench) |
193 |
+ # Input Plugins without depedencies |
194 |
+ --enable-imdiag |
195 |
+ --enable-imfile |
196 |
+ --enable-impstats |
197 |
+ --enable-imptcp |
198 |
+ # Message Modificiation Plugins without depedencies |
199 |
+ --enable-mmanon |
200 |
+ --enable-mmaudit |
201 |
+ --enable-mmfields |
202 |
+ --enable-mmjsonparse |
203 |
+ --enable-mmpstrucdata |
204 |
+ --enable-mmsequence |
205 |
+ --enable-mmutf8fix |
206 |
+ # Output Modification Plugins without dependencies |
207 |
+ --enable-mail |
208 |
+ --enable-omprog |
209 |
+ --enable-omruleset |
210 |
+ --enable-omstdout |
211 |
+ --enable-omuxsock |
212 |
+ # Misc |
213 |
+ --enable-pmaixforwardedfrom |
214 |
+ --enable-pmciscoios |
215 |
+ --enable-pmcisconames |
216 |
+ --enable-pmlastmsg |
217 |
+ --enable-pmsnare |
218 |
+ # DB |
219 |
+ $(use_enable dbi libdbi) |
220 |
+ $(use_enable mongodb ommongodb) |
221 |
+ $(use_enable mysql) |
222 |
+ $(use_enable postgres pgsql) |
223 |
+ $(use_enable redis omhiredis) |
224 |
+ # Debug |
225 |
+ $(use_enable debug) |
226 |
+ $(use_enable debug diagtools) |
227 |
+ $(use_enable debug memcheck) |
228 |
+ $(use_enable debug rtinst) |
229 |
+ $(use_enable debug valgrind) |
230 |
+ # Misc |
231 |
+ $(use_enable elasticsearch) |
232 |
+ $(use_enable gcrypt libgcrypt) |
233 |
+ $(use_enable jemalloc) |
234 |
+ $(use_enable kerberos gssapi-krb5) |
235 |
+ $(use_enable normalize mmnormalize) |
236 |
+ $(use_enable omudpspoof) |
237 |
+ $(use_enable rabbitmq omrabbitmq) |
238 |
+ $(use_enable relp) |
239 |
+ $(use_enable rfc3195) |
240 |
+ $(use_enable rfc5424hmac mmrfc5424addhmac) |
241 |
+ $(use_enable snmp) |
242 |
+ $(use_enable snmp mmsnmptrapd) |
243 |
+ $(use_enable ssl gnutls) |
244 |
+ $(use_enable systemd imjournal) |
245 |
+ $(use_enable systemd omjournal) |
246 |
+ $(use_enable usertools) |
247 |
+ $(use_enable zeromq imzmq3) |
248 |
+ $(use_enable zeromq omzmq3) |
249 |
+ "$(systemd_with_unitdir)" |
250 |
+ ) |
251 |
+ |
252 |
+ autotools-utils_src_configure |
253 |
+} |
254 |
+ |
255 |
+src_compile() { |
256 |
+ autotools-utils_src_compile |
257 |
+ |
258 |
+ if use doc && [[ "${PV}" == "9999" ]]; then |
259 |
+ einfo "Building documentation ..." |
260 |
+ local doc_dir="${S}/docs" |
261 |
+ cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!" |
262 |
+ sphinx-build -b html source build || die "Building documentation failed!" |
263 |
+ fi |
264 |
+} |
265 |
+ |
266 |
+src_test() { |
267 |
+ local _has_increased_ulimit= |
268 |
+ |
269 |
+ if ulimit -n 3072; then |
270 |
+ _has_increased_ulimit="true" |
271 |
+ fi |
272 |
+ |
273 |
+ if ! emake --jobs 1 check; then |
274 |
+ eerror "Test suite failed! :(" |
275 |
+ |
276 |
+ if [ -z "${_has_increased_ulimit}" ]; then |
277 |
+ eerror "Probably because open file limit couldn't be set to 3072." |
278 |
+ fi |
279 |
+ |
280 |
+ if has userpriv $FEATURES; then |
281 |
+ eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \ |
282 |
+ "before you submit a bug report." |
283 |
+ fi |
284 |
+ |
285 |
+ fi |
286 |
+} |
287 |
+ |
288 |
+src_install() { |
289 |
+ use doc && HTML_DOCS=( "${S}/docs/build/" ) |
290 |
+ autotools-utils_src_install |
291 |
+ |
292 |
+ newconfd "${FILESDIR}/${BRANCH}/${PN}.confd" ${PN} |
293 |
+ newinitd "${FILESDIR}/${BRANCH}/${PN}.initd" ${PN} |
294 |
+ |
295 |
+ keepdir /var/empty/dev |
296 |
+ keepdir /var/spool/${PN} |
297 |
+ keepdir /etc/ssl/${PN} |
298 |
+ keepdir /etc/${PN}.d |
299 |
+ |
300 |
+ insinto /etc |
301 |
+ newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf |
302 |
+ |
303 |
+ insinto /etc/rsyslog.d/ |
304 |
+ doins "${FILESDIR}/${BRANCH}/50-default.conf" |
305 |
+ |
306 |
+ insinto /etc/logrotate.d/ |
307 |
+ newins "${FILESDIR}/${BRANCH}/${PN}.logrotate" ${PN} |
308 |
+ |
309 |
+ if use mysql; then |
310 |
+ insinto /usr/share/doc/${PF}/scripts/mysql |
311 |
+ doins plugins/ommysql/createDB.sql |
312 |
+ fi |
313 |
+ |
314 |
+ if use postgres; then |
315 |
+ insinto /usr/share/doc/${PF}/scripts/pgsql |
316 |
+ doins plugins/ompgsql/createDB.sql |
317 |
+ fi |
318 |
+} |
319 |
+ |
320 |
+pkg_postinst() { |
321 |
+ local advertise_readme=0 |
322 |
+ |
323 |
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then |
324 |
+ # This is a new installation |
325 |
+ |
326 |
+ advertise_readme=1 |
327 |
+ |
328 |
+ if use mysql || use postgres; then |
329 |
+ echo |
330 |
+ elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:" |
331 |
+ elog " /usr/share/doc/${PF}/scripts" |
332 |
+ fi |
333 |
+ |
334 |
+ if use ssl; then |
335 |
+ echo |
336 |
+ elog "To create a default CA and certificates for your server and clients, run:" |
337 |
+ elog " emerge --config =${PF}" |
338 |
+ elog "on your logging server. You can run it several times," |
339 |
+ elog "once for each logging client. The client certificates will be signed" |
340 |
+ elog "using the CA certificate generated during the first run." |
341 |
+ fi |
342 |
+ fi |
343 |
+ |
344 |
+ if [[ -z "${REPLACING_VERSIONS}" ]] || [[ ${REPLACING_VERSIONS} < 8.0 ]]; then |
345 |
+ # Show this message until rsyslog-8.x |
346 |
+ echo |
347 |
+ elog "Since ${PN}-7.6.3 we no longer use the catch-all log target" |
348 |
+ elog "\"/var/log/syslog\" due to its redundancy to the other log targets." |
349 |
+ |
350 |
+ advertise_readme=1 |
351 |
+ fi |
352 |
+ |
353 |
+ if [[ ${advertise_readme} -gt 0 ]]; then |
354 |
+ # We need to show the README file location |
355 |
+ |
356 |
+ echo "" |
357 |
+ elog "Please read" |
358 |
+ elog "" |
359 |
+ elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*" |
360 |
+ elog "" |
361 |
+ elog "for more details." |
362 |
+ fi |
363 |
+} |
364 |
+ |
365 |
+pkg_config() { |
366 |
+ if ! use ssl ; then |
367 |
+ einfo "There is nothing to configure for rsyslog unless you" |
368 |
+ einfo "used USE=ssl to build it." |
369 |
+ return 0 |
370 |
+ fi |
371 |
+ |
372 |
+ # Make sure the certificates directory exists |
373 |
+ CERTDIR="${EROOT}/etc/ssl/${PN}" |
374 |
+ if [ ! -d "${CERTDIR}" ]; then |
375 |
+ mkdir "${CERTDIR}" || die |
376 |
+ fi |
377 |
+ einfo "Your certificates will be stored in ${CERTDIR}" |
378 |
+ |
379 |
+ # Create a default CA if needed |
380 |
+ if [ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]; then |
381 |
+ einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..." |
382 |
+ certtool --generate-privkey \ |
383 |
+ --outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null |
384 |
+ chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" |
385 |
+ |
386 |
+ cat > "${T}/${PF}.$$" <<- _EOF |
387 |
+ cn = Portage automated CA |
388 |
+ ca |
389 |
+ cert_signing_key |
390 |
+ expiration_days = 3650 |
391 |
+ _EOF |
392 |
+ |
393 |
+ certtool --generate-self-signed \ |
394 |
+ --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ |
395 |
+ --outfile "${CERTDIR}/${PN}_ca.cert.pem" \ |
396 |
+ --template "${T}/${PF}.$$" &>/dev/null |
397 |
+ chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" |
398 |
+ |
399 |
+ # Create the server certificate |
400 |
+ echo |
401 |
+ einfon "Please type the Common Name of the SERVER you wish to create a certificate for: " |
402 |
+ read -r CN |
403 |
+ |
404 |
+ einfo "Creating private key and certificate for server ${CN}..." |
405 |
+ certtool --generate-privkey \ |
406 |
+ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null |
407 |
+ chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" |
408 |
+ |
409 |
+ cat > "${T}/${PF}.$$" <<- _EOF |
410 |
+ cn = ${CN} |
411 |
+ tls_www_server |
412 |
+ dns_name = ${CN} |
413 |
+ expiration_days = 3650 |
414 |
+ _EOF |
415 |
+ |
416 |
+ certtool --generate-certificate \ |
417 |
+ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ |
418 |
+ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ |
419 |
+ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ |
420 |
+ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ |
421 |
+ --template "${T}/${PF}.$$" &>/dev/null |
422 |
+ chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" |
423 |
+ |
424 |
+ else |
425 |
+ einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation." |
426 |
+ fi |
427 |
+ |
428 |
+ # Create a client certificate |
429 |
+ echo |
430 |
+ einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: " |
431 |
+ read -r CN |
432 |
+ |
433 |
+ einfo "Creating private key and certificate for client ${CN}..." |
434 |
+ certtool --generate-privkey \ |
435 |
+ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null |
436 |
+ chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" |
437 |
+ |
438 |
+ cat > "${T}/${PF}.$$" <<- _EOF |
439 |
+ cn = ${CN} |
440 |
+ tls_www_client |
441 |
+ dns_name = ${CN} |
442 |
+ expiration_days = 3650 |
443 |
+ _EOF |
444 |
+ |
445 |
+ certtool --generate-certificate \ |
446 |
+ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ |
447 |
+ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ |
448 |
+ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ |
449 |
+ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ |
450 |
+ --template "${T}/${PF}.$$" &>/dev/null |
451 |
+ chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" |
452 |
+ |
453 |
+ rm -f "${T}/${PF}.$$" |
454 |
+ |
455 |
+ echo |
456 |
+ einfo "Here is the documentation on how to encrypt your log traffic:" |
457 |
+ einfo " http://www.rsyslog.com/doc/rsyslog_tls.html" |
458 |
+} |