diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-10-13 22:19:36 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-10-14 23:22:23 +0100 |
commit | 4b19be30aa626b327c885dae62c559ec0e9fb935 (patch) | |
tree | 76e74807bc479502e13866b581b6bf86734ec634 /app-admin/rsyslog | |
parent | 30d6f67c98d149508509d5e86f176d558793acc0 (diff) |
gentoo resync : 13.10.2019
Diffstat (limited to 'app-admin/rsyslog')
-rw-r--r-- | app-admin/rsyslog/Manifest | 5 | ||||
-rw-r--r-- | app-admin/rsyslog/metadata.xml | 2 | ||||
-rw-r--r-- | app-admin/rsyslog/rsyslog-8.1910.0.ebuild | 462 |
3 files changed, 467 insertions, 2 deletions
diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest index f0df7f53384f..b81d405238da 100644 --- a/app-admin/rsyslog/Manifest +++ b/app-admin/rsyslog/Manifest @@ -7,10 +7,13 @@ AUX rsyslog.initd-r1 1755 BLAKE2B 768dc0d2bcbf240b7a09e814d681ce65a319cd128ef40b DIST rsyslog-8.1904.0.tar.gz 2902708 BLAKE2B 515d5e32c2dc6cdd8dd51fc595ad775503438603f28828e9f1a427b184a5a61de32af2ee90334b7d56a9404106d74da47386a18a370278d5a16422a6bb09f556 SHA512 cccb48f06508d7e7c2dd788903f4d7ddb3020cdf6079aea1d52387c56b920f10b08957a79b5d420ccdb54cae50d1da6e5eb80cde9498bceaeda4f6ce37f694fd DIST rsyslog-8.1907.0.tar.gz 2926855 BLAKE2B 65c674e53bfa960e3fe5c7f41a304cf8736fe72e2391895dde9fdc17fabeb2f92fccab48965d5e1689a5852136a43a3355f89c9fa9d1d1974335ce80204bb4ac SHA512 2aa3f6106e48fa63c6d4389f83e7a3212817c626d04881682236055792cf5c9d8a941638c9a508c470b6a24c934ef5cb0eda65ea25179d98831afbe2a27c1519 DIST rsyslog-8.1908.0.tar.gz 2952939 BLAKE2B c6784753262a71f30f32fc35ad3e3e75fa2af271bdb0a62c2d4796d3d0413c7f619052a5e33c52c5f3b22aa474d14b7bb06e9c502944f914e708265835fd90ff SHA512 66b6755e1f5a610ed8ec3f8fad1ee227f8ff34618a8f2660a801e6f9aa734980190fbffd8144ac30d63f8297a06e86ada65ba838242d8a006bca8e30f56dce80 +DIST rsyslog-8.1910.0.tar.gz 2957635 BLAKE2B ea350d3fb923c2f7d2799942fec6a77ef893fa12bc95a5b1428b8e280d96b562cd864469ebf13ee57e9ea89787765a4bb13d155460defc73a3a85b17ad6a5ab1 SHA512 85f5df91a6357ecb38708b4d569d26804a50ca28c928a636ac7749595f1a7105c3450fbd521835a436ebdfdcac33a33986e09a09026745ea4d1a2897406770d5 DIST rsyslog-doc-8.1904.0.tar.gz 8042650 BLAKE2B 585fe5c63eee1fb46f94dcd3d529045b3900e08c291e0e71ed9bf32a6200e6c7283820b262bd56e9aeb74cc227ecd518caafec5a8f87c1d8523d5d7fd95030aa SHA512 da0ff00fbe71756b3c27fd8b94e88611452c3ba611e583862556393faaaa596ca8f32f694ad40a3e1df67385d9f9ca80db6a58f5d2e336fe95639dd7cd0de828 DIST rsyslog-doc-8.1907.0.tar.gz 8071764 BLAKE2B 90c18a93bb2f2c9158a4696245c44c36ab4c40597d1eb8df8af257f57aa17e71436bd60792c4f982ebc15395abacd53281046e4ae6df65c306f815e6599fb8bc SHA512 72dcddef6e36a92d2bdcf54072fff7516b6c731f43a53ef8f5d4ebdbe46bc7aeb63bbc3e739a6e5897602ea7705c4bdd8f57aa10796955ed772a6c7cf552c5e5 DIST rsyslog-doc-8.1908.0.tar.gz 8082984 BLAKE2B 7f102a215b0c51b961a4e44e97c8a3cd9966215dba44a194a5ff925b8a2b1ad3389461e2de3dae6dfb770bc36c9a31747298bdb7e975d6fa86ca209c9e314ac3 SHA512 d826013de671c895be7becd2a7c5ce1fb218149c6128d486116be6a01fc69099026f5a277b30fc57e626aeb4038e00b17abcad9a45ea3c9838e7041de9d991a5 +DIST rsyslog-doc-8.1910.0.tar.gz 8158007 BLAKE2B 7a05cf7070ba350d0fb939350868ff0dd9d03be46ebd1b1261e54add70ab680afe0b356f563ea9e10148aed17667fc0b729e2fa8f7ff7cff3e4cec9d0da209a8 SHA512 e46f14e40ae690efbe3114a859c1c94c8f9573ca5ebdb533ad4b5ed76c3a930c887cc205e7279fcc546fda3ce624eae507ce08d5d10ee1eb167a957edd742bf2 EBUILD rsyslog-8.1904.0-r1.ebuild 12569 BLAKE2B 119a617375da61a37962edddae9f20888fcac469325b77f07c15141d471a00e62f6647b94d9837990ad7bccc0e85fb071de8b63f411245f9759f2163677fa663 SHA512 2a6514fbe431f61c29a8f261f528458c05e82398a34b4cd810c36cadaf5d355f7678f530f52d9236269eab01c990703b2bdfe2c6b6b8d3ea0005f1f168587a54 EBUILD rsyslog-8.1907.0-r1.ebuild 12546 BLAKE2B d562cb749a8632d6399613667f786dabf472b65b112a5775a9f2977b3a513b25f50454419fb62ff02648e4dc1acf5fb226b7d01d62e70bdbcd1de69f6c6cbb97 SHA512 9d683b5267a57653bbc7f8caff1b8e60e78b6e7dbfc6cb2ba7f63ac80776b75cc1d3ba84c27a9659cfd48e568c01af97423f5450af6173e94a9bb9ae38eda95c EBUILD rsyslog-8.1908.0.ebuild 12548 BLAKE2B b8fb662688270ee92cc4382bbc39a78e8bf4db46f48e4dcbb4cb3efb0194eb8dffad999cff631199909573590842dd56efc5fb38c05cb88e72ea0bfe5040aa64 SHA512 fabfdc53abf6aab98f7ec7a0ee4381d73155df3a3f1e3dec5b9f8705fa83d336005de173bcbcf34d3a136f5c4565416d35e289c0a827d6fdde63ee5784c656f8 -MISC metadata.xml 3875 BLAKE2B 4281901c6e209ace8f89bf7ec7f036cbabff009da2f080c5b5d77a0639099c8d87ed9925d70e7e3edb6cad8204ebee3a4b74a688b6a22810473a22d90c441347 SHA512 039cd323565bc8e96762bef5b7b34747fffc6d70176397d4be8fd83d1f9dd094e77c21f7005f0d3dc47813ddd97bdbad1ce47ef71a2742ffdbd4145142d2d0b5 +EBUILD rsyslog-8.1910.0.ebuild 12548 BLAKE2B b8fb662688270ee92cc4382bbc39a78e8bf4db46f48e4dcbb4cb3efb0194eb8dffad999cff631199909573590842dd56efc5fb38c05cb88e72ea0bfe5040aa64 SHA512 fabfdc53abf6aab98f7ec7a0ee4381d73155df3a3f1e3dec5b9f8705fa83d336005de173bcbcf34d3a136f5c4565416d35e289c0a827d6fdde63ee5784c656f8 +MISC metadata.xml 3874 BLAKE2B c09a57dcbd88bda6c510ca741e1ee8c5207e5906843fe3ae21c8dd6575c7b104dae74e79e5a27c8bf9f0348673f5c33eb6c4b12fafbb1ba64f1a9f81bd374eaa SHA512 2f7a72017376018aa5d864deb33675d51ab50cd8481dffb7f1421b83d4e07f19a86a90705dbb6191686fc650284e2bcbe30ed0af07082b57eef46dd615778868 diff --git a/app-admin/rsyslog/metadata.xml b/app-admin/rsyslog/metadata.xml index 7334da40b164..44991a3a81a8 100644 --- a/app-admin/rsyslog/metadata.xml +++ b/app-admin/rsyslog/metadata.xml @@ -17,7 +17,7 @@ <flag name="kubernetes">Build the kubernetes modify plugin (requires <pkg>net-misc/curl</pkg>)</flag> <flag name="libressl">Use <pkg>dev-libs/libressl</pkg> instead of <pkg>dev-libs/openssl</pkg> (you still need to enable functionality which requires OpenSSL)</flag> <flag name="mdblookup">Build the MaxMind DB lookup message modify plugin using <pkg>dev-libs/libmaxminddb</pkg></flag> - <flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag> + <flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/mongo-c-driver</pkg>)</flag> <flag name="mysql">Build the MySQL database output module (requires <pkg>virtual/mysql</pkg>)</flag> <flag name="normalize">Build the normalize modify module (requires <pkg>dev-libs/libee</pkg> and <pkg>dev-libs/liblognorm</pkg>)</flag> <flag name="omhttp">Build the http output module (requires <pkg>net-misc/curl</pkg>)</flag> diff --git a/app-admin/rsyslog/rsyslog-8.1910.0.ebuild b/app-admin/rsyslog/rsyslog-8.1910.0.ebuild new file mode 100644 index 000000000000..09eed323e458 --- /dev/null +++ b/app-admin/rsyslog/rsyslog-8.1910.0.ebuild @@ -0,0 +1,462 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} ) + +inherit autotools eutils linux-info python-any-r1 systemd + +DESCRIPTION="An enhanced multi-threaded syslogd with database support and more" +HOMEPAGE="https://www.rsyslog.com/" + +if [[ ${PV} == "9999" ]]; then + EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git" + + DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git" + + inherit git-r3 +else + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86" + + SRC_URI=" + https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz + doc? ( https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz ) + " +fi + +LICENSE="GPL-3 LGPL-3 Apache-2.0" +SLOT="0" +IUSE="curl dbi debug doc elasticsearch +gcrypt gnutls jemalloc kafka kerberos kubernetes libressl mdblookup" +IUSE+=" mongodb mysql normalize clickhouse omhttp omhttpfs omudpspoof openssl postgres" +IUSE+=" rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools +uuid xxhash zeromq" +RESTRICT="!test? ( test )" + +RDEPEND=" + >=dev-libs/libfastjson-0.99.8:= + >=dev-libs/libestr-0.1.9 + >=sys-libs/zlib-1.2.5 + curl? ( >=net-misc/curl-7.35.0 ) + dbi? ( >=dev-db/libdbi-0.8.3 ) + elasticsearch? ( >=net-misc/curl-7.35.0 ) + gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= ) + jemalloc? ( >=dev-libs/jemalloc-3.3.1:= ) + kafka? ( >=dev-libs/librdkafka-0.9.0.99:= ) + kerberos? ( virtual/krb5 ) + kubernetes? ( >=net-misc/curl-7.35.0 ) + mdblookup? ( dev-libs/libmaxminddb:= ) + mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= ) + mysql? ( dev-db/mysql-connector-c:= ) + normalize? ( + >=dev-libs/liblognorm-2.0.3:= + ) + clickhouse? ( >=net-misc/curl-7.35.0 ) + omhttpfs? ( >=net-misc/curl-7.35.0 ) + omudpspoof? ( >=net-libs/libnet-1.1.6 ) + postgres? ( >=dev-db/postgresql-8.4.20:= ) + rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= ) + redis? ( >=dev-libs/hiredis-0.11.0:= ) + relp? ( >=dev-libs/librelp-1.2.17:= ) + rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] ) + rfc5424hmac? ( + !libressl? ( >=dev-libs/openssl-0.9.8y:0= ) + libressl? ( dev-libs/libressl:= ) + ) + snmp? ( >=net-analyzer/net-snmp-5.7.2 ) + ssl? ( + gnutls? ( >=net-libs/gnutls-2.12.23:0= ) + openssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + ) + ) + systemd? ( >=sys-apps/systemd-234 ) + uuid? ( sys-apps/util-linux:0= ) + xxhash? ( dev-libs/xxhash:= ) + zeromq? ( + >=net-libs/czmq-3.0.2 + )" +DEPEND="${RDEPEND} + >=sys-devel/autoconf-archive-2015.02.24 + virtual/pkgconfig + elibc_musl? ( sys-libs/queue-standalone ) + test? ( + >=dev-libs/liblogging-1.0.1[stdlog] + jemalloc? ( <sys-libs/libfaketime-0.9.7 ) + !jemalloc? ( sys-libs/libfaketime ) + ${PYTHON_DEPS} + )" + +REQUIRED_USE=" + kubernetes? ( normalize ) + ssl? ( || ( gnutls openssl ) ) +" + +if [[ ${PV} == "9999" ]]; then + DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )" + DEPEND+=" >=sys-devel/flex-2.5.39-r1" + DEPEND+=" >=sys-devel/bison-2.4.3" + DEPEND+=" >=dev-python/docutils-0.12" +fi + +CONFIG_CHECK="~INOTIFY_USER" +WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!" + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_unpack() { + if [[ ${PV} == "9999" ]]; then + git-r3_fetch + git-r3_checkout + else + unpack ${P}.tar.gz + fi + + if use doc; then + if [[ ${PV} == "9999" ]]; then + local _EGIT_BRANCH= + if [[ -n "${EGIT_BRANCH}" ]]; then + # Cannot use rsyslog commits/branches for documentation repository + _EGIT_BRANCH=${EGIT_BRANCH} + unset EGIT_BRANCH + fi + + git-r3_fetch "${DOC_REPO_URI}" + git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs + + if [[ -n "${_EGIT_BRANCH}" ]]; then + # Restore previous EGIT_BRANCH information + EGIT_BRANCH=${_EGIT_BRANCH} + fi + else + cd "${S}" || die "Cannot change dir into '${S}'" + mkdir docs || die "Failed to create docs directory" + cd docs || die "Failed to change dir into '${S}/docs'" + unpack ${PN}-doc-${PV}.tar.gz + fi + fi +} + +src_prepare() { + default + + # https://github.com/rsyslog/rsyslog/issues/3626 + sed -i \ + -e '\|^#!/bin/bash$|a exit 77' \ + tests/mmkubernetes-cache-expir*.sh \ + || die "Failed to disabled known test failure mmkubernetes-cache-expir*.sh" + + eautoreconf +} + +src_configure() { + # Maintainer notes: + # * Guardtime support is missing because libgt isn't yet available + # in portage. + # * Hadoop's HDFS file system output module is currently not + # supported in Gentoo because nobody is able to test it + # (JAVA dependency). + # * dev-libs/hiredis doesn't provide pkg-config (see #504614, + # upstream PR 129 and 136) so we need to export HIREDIS_* + # variables because rsyslog's build system depends on pkg-config. + + if use redis; then + export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis" + export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include" + fi + + local myeconfargs=( + --disable-debug-symbols + --disable-generate-man-pages + --without-valgrind-testbench + --disable-liblogging-stdlog + $(use_enable test testbench) + $(use_enable test libfaketime) + $(use_enable test extended-tests) + # Input Plugins without depedencies + --enable-imdiag + --enable-imfile + --enable-impstats + --enable-imptcp + # Message Modificiation Plugins without depedencies + --enable-mmanon + --enable-mmaudit + --enable-mmcount + --enable-mmfields + --enable-mmjsonparse + --enable-mmpstrucdata + --enable-mmrm1stspace + --enable-mmsequence + --enable-mmutf8fix + # Output Modification Plugins without dependencies + --enable-mail + --enable-omprog + --enable-omruleset + --enable-omstdout + --enable-omuxsock + # Misc + --enable-fmhash + $(use_enable xxhash fmhash-xxhash) + --enable-pmaixforwardedfrom + --enable-pmciscoios + --enable-pmcisconames + --enable-pmlastmsg + $(use_enable normalize pmnormalize) + --enable-pmnull + --enable-pmpanngfw + --enable-pmsnare + # DB + $(use_enable dbi libdbi) + $(use_enable mongodb ommongodb) + $(use_enable mysql) + $(use_enable postgres pgsql) + $(use_enable redis omhiredis) + # Debug + $(use_enable debug) + $(use_enable debug diagtools) + $(use_enable debug valgrind) + # Misc + $(use_enable clickhouse) + $(use_enable curl fmhttp) + $(use_enable elasticsearch) + $(use_enable gcrypt libgcrypt) + $(use_enable jemalloc) + $(use_enable kafka imkafka) + $(use_enable kafka omkafka) + $(use_enable kerberos gssapi-krb5) + $(use_enable kubernetes mmkubernetes) + $(use_enable normalize mmnormalize) + $(use_enable mdblookup mmdblookup) + $(use_enable omhttp) + $(use_enable omhttpfs) + $(use_enable omudpspoof) + $(use_enable rabbitmq omrabbitmq) + $(use_enable relp) + $(use_enable rfc3195) + $(use_enable rfc5424hmac mmrfc5424addhmac) + $(use_enable snmp) + $(use_enable snmp mmsnmptrapd) + $(use_enable gnutls) + $(use_enable openssl) + $(use_enable systemd imjournal) + $(use_enable systemd omjournal) + $(use_enable usertools) + $(use_enable uuid) + $(use_enable zeromq imczmq) + $(use_enable zeromq omczmq) + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + ) + + econf "${myeconfargs[@]}" +} + +src_compile() { + default + + if use doc && [[ "${PV}" == "9999" ]]; then + einfo "Building documentation ..." + local doc_dir="${S}/docs" + cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!" + sphinx-build -b html source build || die "Building documentation failed!" + fi +} + +src_test() { + local _has_increased_ulimit= + + # Sometimes tests aren't executable (i.e. when added via patch) + einfo "Adjusting permissions of test scripts ..." + find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \ + die "Failed to adjust test scripts permission" + + if ulimit -n 3072; then + _has_increased_ulimit="true" + fi + + if ! emake --jobs 1 check; then + eerror "Test suite failed! :(" + + if [[ -z "${_has_increased_ulimit}" ]]; then + eerror "Probably because open file limit couldn't be set to 3072." + fi + + if has userpriv ${FEATURES}; then + eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \ + "before you submit a bug report." + fi + + fi +} + +src_install() { + local DOCS=( + AUTHORS + ChangeLog + "${FILESDIR}"/README.gentoo + ) + + use doc && local HTML_DOCS=( "${S}/docs/build/." ) + + default + + newconfd "${FILESDIR}/${PN}.confd-r1" ${PN} + newinitd "${FILESDIR}/${PN}.initd-r1" ${PN} + + keepdir /var/empty/dev + keepdir /var/spool/${PN} + keepdir /etc/ssl/${PN} + keepdir /etc/${PN}.d + + insinto /etc + newins "${FILESDIR}/${PN}.conf" ${PN}.conf + + insinto /etc/rsyslog.d/ + newins "${FILESDIR}/50-default-r1.conf" 50-default.conf + + insinto /etc/logrotate.d/ + newins "${FILESDIR}/${PN}-r1.logrotate" ${PN} + + if use mysql; then + insinto /usr/share/doc/${PF}/scripts/mysql + doins plugins/ommysql/createDB.sql + fi + + if use postgres; then + insinto /usr/share/doc/${PF}/scripts/pgsql + doins plugins/ompgsql/createDB.sql + fi + + prune_libtool_files --modules +} + +pkg_postinst() { + local advertise_readme=0 + + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + advertise_readme=1 + + if use mysql || use postgres; then + echo + elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:" + elog " /usr/share/doc/${PF}/scripts" + fi + + if use ssl; then + echo + elog "To create a default CA and certificates for your server and clients, run:" + elog " emerge --config =${PF}" + elog "on your logging server. You can run it several times," + elog "once for each logging client. The client certificates will be signed" + elog "using the CA certificate generated during the first run." + fi + fi + + if [[ ${advertise_readme} -gt 0 ]]; then + # We need to show the README file location + + echo "" + elog "Please read" + elog "" + elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*" + elog "" + elog "for more details." + fi +} + +pkg_config() { + if ! use ssl ; then + einfo "There is nothing to configure for rsyslog unless you" + einfo "used USE=ssl to build it." + return 0 + fi + + # Make sure the certificates directory exists + local CERTDIR="${EROOT}/etc/ssl/${PN}" + if [[ ! -d "${CERTDIR}" ]]; then + mkdir "${CERTDIR}" || die + fi + einfo "Your certificates will be stored in ${CERTDIR}" + + # Create a default CA if needed + if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then + einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = Portage automated CA + ca + cert_signing_key + expiration_days = 3650 + _EOF + + certtool --generate-self-signed \ + --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --outfile "${CERTDIR}/${PN}_ca.cert.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" + + # Create the server certificate + echo + einfon "Please type the Common Name of the SERVER you wish to create a certificate for: " + read -r CN + + einfo "Creating private key and certificate for server ${CN}..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = ${CN} + tls_www_server + dns_name = ${CN} + expiration_days = 3650 + _EOF + + certtool --generate-certificate \ + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" + + else + einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation." + fi + + # Create a client certificate + echo + einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: " + read -r CN + + einfo "Creating private key and certificate for client ${CN}..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = ${CN} + tls_www_client + dns_name = ${CN} + expiration_days = 3650 + _EOF + + certtool --generate-certificate \ + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" + + rm -f "${T}/${PF}.$$" + + echo + einfo "Here is the documentation on how to encrypt your log traffic:" + einfo " https://www.rsyslog.com/doc/rsyslog_tls.html" +} |