diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
commit | d934827bf44b7cfcf6711964418148fa60877668 (patch) | |
tree | 0625f358789b5e015e49db139cc1dbc9be00428f /app-admin/rsyslog | |
parent | 2e34d110f164bf74d55fced27fe0000201b3eec5 (diff) |
gentoo resync : 25.11.2020
Diffstat (limited to 'app-admin/rsyslog')
-rw-r--r-- | app-admin/rsyslog/Manifest | 7 | ||||
-rw-r--r-- | app-admin/rsyslog/metadata.xml | 2 | ||||
-rw-r--r-- | app-admin/rsyslog/rsyslog-8.2008.0.ebuild | 2 | ||||
-rw-r--r-- | app-admin/rsyslog/rsyslog-8.2010.0.ebuild | 481 |
4 files changed, 489 insertions, 3 deletions
diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest index 1f3d3602608b..2c90128f597d 100644 --- a/app-admin/rsyslog/Manifest +++ b/app-admin/rsyslog/Manifest @@ -8,10 +8,13 @@ AUX rsyslog.initd-r1 1755 BLAKE2B 768dc0d2bcbf240b7a09e814d681ce65a319cd128ef40b DIST rsyslog-8.2004.0.tar.gz 3002704 BLAKE2B b5049448e0d09e048a45f067b5f8de453721ac5d63233f251e6e24fe2a722469cb19a91e83aa405ffc21245942b824e0a28ecd4e6df431517c8775e7a322bcd3 SHA512 1d7fac65cc97975a6765a55732d413e892502e53566c6fb7c1bfc0107b173eae77dd04c0c9a7471296dff998ceb2fd5a2374368a5a8528f8eb0a89d1915b0214 DIST rsyslog-8.2006.0.tar.gz 3047140 BLAKE2B 00599341ae579b4d56388c27dd0f2b61dd8b335cfcbc130607d11f692b8b9943b36b377d0aeaed36966960dcd095cc22d03f6ebb4afb69abfac3011d58653f25 SHA512 576a2cfa21e89352de2750f0832bd84348822cc84ce67e1b51bf6a162414bdc7f5ac8320c503454789a576172060efc734c26fa305a7ce849c2ebb95dfb85a09 DIST rsyslog-8.2008.0.tar.gz 3051049 BLAKE2B abf9b7ec81cf62841c448f22c7aff45bc85ea6cdc7552e74295aac752c86380039bb28836e78e35e6eba3d0a062a0ae99ea22ba3d6e978175411a43ec9af6f9a SHA512 a077832de7076ac5e7d4c8f33edd044d0c18fd171a697ef68c1cd0f81f1938b3f008cddc1a61084181de512b643c15004744f0e79e6a44e9d239cec3d35f74fe +DIST rsyslog-8.2010.0.tar.gz 3097606 BLAKE2B 06bfd54edc2126567ff9a460c272583d388a16a4db6f56603c8b9d2dd54bf4fe3b3b402eb4a9523b68e9d3a7602759fad57b35351d7cadab0b7f02771db5c40c SHA512 e3c8ed6b631053e38abfe8ce183a1544d04a0207dc988d36f5141a7ea8c987915f4c0429ccd094b7e374c277b7ee5b50e65e7205c156af01ffe9bdf8338831c8 DIST rsyslog-doc-8.2004.0.tar.gz 8323570 BLAKE2B 76b6acc7614f1cbe0a4f99a2a27ff44e2706d1a570afb7d92c628154d49bde5b00a7a4ae1c7d9639f67270f3080a6637cbebb14eaa43484655b322def11b367f SHA512 1a95b334bfe4c2a1d4844983cf32e44205ec6b7cabf1a6914a9ebb335d3d8f78655caf2a55a8cf444352af7d9ae92daa09e8fdf36e520554ed4807a4ed5fd393 DIST rsyslog-doc-8.2006.0.tar.gz 8365252 BLAKE2B f7c6a2e153e84193b48481c9b7417170794fae0873bf9924eb6d4276f07955c2fecc78660a432dc82e23f6b3b575c81c157109a6f819ff57bda220411db36047 SHA512 03d16caef4fa77613eccd682247c1ce58b8c0ef794145c10f18da7bffad437b6b8231eb85cc0986f46b5795b6b24802b19ce0f59bec169ec67c9627e45266df7 DIST rsyslog-doc-8.2008.0.tar.gz 8378149 BLAKE2B 0f6bc116a03821899d33c7960e517725487b89ea2aabc7f5d0fbd4962d82a06558737bcee67af02105006c670ec736eb5ba0b7811b25a1e627a99555121b2999 SHA512 5b8bed19017c65469eb8ea7725ef162595b30f520605f37447498ab69b5cfe8f939cee7e7915ecbf3c025871408fd7af6d45ba960a83096f83a397df4cefef09 +DIST rsyslog-doc-8.2010.0.tar.gz 8428326 BLAKE2B ee8eb2bdbb1f6c7122559b63ddc1ae6ac7fbfb23d661410feb39d7ddce332851e785bb447fb67dd2de8ff62e91fe865fbf7dec8bf62d7fe51181e3c6bbbe64db SHA512 072fb05a0117dc0970a4e5e302abbaf5dc065c2a0962c4160e7efb86fedad89a2caa546cd2bf4af07b7f5e2fa5267cf02889d911f7a6916725e6aea1760ab253 EBUILD rsyslog-8.2004.0.ebuild 12621 BLAKE2B 253e27ebb4dd77748707be57581c480aaece89f2df6ef6a470ff39364abeb737f0acb218bf0ae678c37645149c67616799bd9cae6a149723eb96c15f19c41822 SHA512 904958441dfb287afaf43efc4d6b8feaa481171d2bedb312102d68da67d9dc80e97aa26fda1a130db1825b9dcf6c619691e97c9284725036e644e74bececa95b EBUILD rsyslog-8.2006.0.ebuild 12550 BLAKE2B 7823b49926d0b1f648181f60629d707f69f8b84350a189f2bad57266ba5d717b3d8d1ee14afec139b3f4d1f610998eda74c23c5de770a7ade7116474f4238217 SHA512 180285602372bbf5b6c5eb1efb3312ce435e7fcedf2c4168004e2775dc8159c59bbd00d8712c378268cd11b37e68da6ccd74261f73dfc69f53fa57a730351835 -EBUILD rsyslog-8.2008.0.ebuild 12550 BLAKE2B 7823b49926d0b1f648181f60629d707f69f8b84350a189f2bad57266ba5d717b3d8d1ee14afec139b3f4d1f610998eda74c23c5de770a7ade7116474f4238217 SHA512 180285602372bbf5b6c5eb1efb3312ce435e7fcedf2c4168004e2775dc8159c59bbd00d8712c378268cd11b37e68da6ccd74261f73dfc69f53fa57a730351835 -MISC metadata.xml 3874 BLAKE2B c09a57dcbd88bda6c510ca741e1ee8c5207e5906843fe3ae21c8dd6575c7b104dae74e79e5a27c8bf9f0348673f5c33eb6c4b12fafbb1ba64f1a9f81bd374eaa SHA512 2f7a72017376018aa5d864deb33675d51ab50cd8481dffb7f1421b83d4e07f19a86a90705dbb6191686fc650284e2bcbe30ed0af07082b57eef46dd615778868 +EBUILD rsyslog-8.2008.0.ebuild 12548 BLAKE2B 12912f550cc3b9eced70856a531d537273103e655d4fda67d178ee23788f96273268e8c40df36f6358a404ef1e36f858b4e97e0a1a58385a07c26dc3f1c97b33 SHA512 ea70a9b31e5f53418e144555b858e375ffcc36e9cc7b9dd903c6155d3edcd17c4e69db1962d7f440544e0708bed085e01201f4cc59695646326713342c2fd46f +EBUILD rsyslog-8.2010.0.ebuild 12887 BLAKE2B 592f765f2dadf2fb3276ffbc8e784429c1bf3c1269bf94c726884130ea590ef3102e86287c6e63cc0558043043c494694db9506cd871de8ace9e387ebb9aed9b SHA512 f8f1a023062f9f9db098f615d4b5b5d55df384db83af944dfa676a3865a9b93e194ae359da21e42c8e048ef6e7730f349192c9884dde050ac85418c3ea3583f7 +MISC metadata.xml 4070 BLAKE2B 3fde04df2bf0b93058d14787780f7f78b5014cdaa303101ef0fb637d1f0b165e453885ae307f137d98052719f992cd1a3f46da2f923bc97030ba629801190d5d SHA512 df868d04339eade02eb55b218f43c85c9efe2bf70cadf2ec1d59dc9f0d546ba9dbcd9ac5e3f9cbad05a8f4629ce5979668aba1fb8b027c51c7f8468b2e9b732a diff --git a/app-admin/rsyslog/metadata.xml b/app-admin/rsyslog/metadata.xml index 44991a3a81a8..8edddd33ee54 100644 --- a/app-admin/rsyslog/metadata.xml +++ b/app-admin/rsyslog/metadata.xml @@ -12,6 +12,8 @@ <flag name="elasticsearch">Build the Elasticsearch output module (requires <pkg>net-misc/curl</pkg>)</flag> <flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag> <flag name="gnutls">Build the GnuTLS network stream driver (requires <pkg>net-libs/gnutls</pkg>)</flag> + <flag name="imhttp">Build the http input module (requires <pkg>www-servers/civetweb</pkg>)</flag> + <flag name="impcap">Build the pcap input module (requires <pkg>net-libs/libpcap</pkg>)</flag> <flag name="kafka">Build the Apache Kafka input/output module (requires <pkg>dev-libs/librdkafka</pkg>)</flag> <flag name="kerberos">Build the GSSAPI input and output module (requires <pkg>virtual/krb5</pkg>)</flag> <flag name="kubernetes">Build the kubernetes modify plugin (requires <pkg>net-misc/curl</pkg>)</flag> diff --git a/app-admin/rsyslog/rsyslog-8.2008.0.ebuild b/app-admin/rsyslog/rsyslog-8.2008.0.ebuild index 7b351b3a3072..73a46f56b7d8 100644 --- a/app-admin/rsyslog/rsyslog-8.2008.0.ebuild +++ b/app-admin/rsyslog/rsyslog-8.2008.0.ebuild @@ -16,7 +16,7 @@ if [[ ${PV} == "9999" ]]; then inherit git-r3 else - KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86" + KEYWORDS="~amd64 arm ~arm64 ~hppa x86" SRC_URI=" https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz diff --git a/app-admin/rsyslog/rsyslog-8.2010.0.ebuild b/app-admin/rsyslog/rsyslog-8.2010.0.ebuild new file mode 100644 index 000000000000..6ab89acda633 --- /dev/null +++ b/app-admin/rsyslog/rsyslog-8.2010.0.ebuild @@ -0,0 +1,481 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" +PYTHON_COMPAT=( python3_{6..9} ) + +inherit autotools linux-info python-any-r1 systemd + +DESCRIPTION="An enhanced multi-threaded syslogd with database support and more" +HOMEPAGE="https://www.rsyslog.com/" + +if [[ ${PV} == "9999" ]]; then + EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git" + + DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git" + + inherit git-r3 +else + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86" + + SRC_URI=" + https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz + doc? ( https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz ) + " +fi + +LICENSE="GPL-3 LGPL-3 Apache-2.0" +SLOT="0" + +IUSE="clickhouse curl dbi debug doc elasticsearch +gcrypt gnutls imhttp" +IUSE+=" impcap jemalloc kafka kerberos kubernetes libressl mdblookup" +IUSE+=" mongodb mysql normalize omhttp omhttpfs omudpspoof +openssl" +IUSE+=" postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp +ssl" +IUSE+=" systemd test usertools +uuid xxhash zeromq" + +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + kubernetes? ( normalize ) + ssl? ( || ( gnutls openssl ) ) +" + +BDEPEND=">=sys-devel/autoconf-archive-2015.02.24 + virtual/pkgconfig + elibc_musl? ( sys-libs/queue-standalone ) + test? ( + jemalloc? ( <sys-libs/libfaketime-0.9.7 ) + !jemalloc? ( sys-libs/libfaketime ) + ${PYTHON_DEPS} + )" + +RDEPEND=" + >=dev-libs/libfastjson-0.99.8:= + >=dev-libs/libestr-0.1.9 + >=sys-libs/zlib-1.2.5 + curl? ( >=net-misc/curl-7.35.0 ) + dbi? ( >=dev-db/libdbi-0.8.3 ) + elasticsearch? ( >=net-misc/curl-7.35.0 ) + gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= ) + imhttp? ( www-servers/civetweb ) + impcap? ( net-libs/libpcap ) + jemalloc? ( >=dev-libs/jemalloc-3.3.1:= ) + kafka? ( >=dev-libs/librdkafka-0.9.0.99:= ) + kerberos? ( virtual/krb5 ) + kubernetes? ( >=net-misc/curl-7.35.0 ) + mdblookup? ( dev-libs/libmaxminddb:= ) + mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= ) + mysql? ( dev-db/mysql-connector-c:= ) + normalize? ( + >=dev-libs/liblognorm-2.0.3:= + ) + clickhouse? ( >=net-misc/curl-7.35.0 ) + omhttpfs? ( >=net-misc/curl-7.35.0 ) + omudpspoof? ( >=net-libs/libnet-1.1.6 ) + postgres? ( >=dev-db/postgresql-8.4.20:= ) + rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= ) + redis? ( >=dev-libs/hiredis-0.11.0:= ) + relp? ( >=dev-libs/librelp-1.2.17:= ) + rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] ) + rfc5424hmac? ( + !libressl? ( >=dev-libs/openssl-0.9.8y:0= ) + libressl? ( dev-libs/libressl:= ) + ) + snmp? ( >=net-analyzer/net-snmp-5.7.2 ) + ssl? ( + gnutls? ( >=net-libs/gnutls-2.12.23:0= ) + openssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + ) + ) + systemd? ( >=sys-apps/systemd-234 ) + uuid? ( sys-apps/util-linux:0= ) + xxhash? ( dev-libs/xxhash:= ) + zeromq? ( + >=net-libs/czmq-4:=[drafts] + )" +DEPEND="${RDEPEND} + test? ( + >=dev-libs/liblogging-1.0.1[stdlog] + )" + +if [[ ${PV} == "9999" ]]; then + BDEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )" + BDEPEND+=" >=sys-devel/flex-2.5.39-r1" + BDEPEND+=" >=sys-devel/bison-2.4.3" + BDEPEND+=" >=dev-python/docutils-0.12" +fi + +CONFIG_CHECK="~INOTIFY_USER" +WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!" + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_unpack() { + if [[ ${PV} == "9999" ]]; then + git-r3_fetch + git-r3_checkout + else + unpack ${P}.tar.gz + fi + + if use doc; then + if [[ ${PV} == "9999" ]]; then + local _EGIT_BRANCH= + if [[ -n "${EGIT_BRANCH}" ]]; then + # Cannot use rsyslog commits/branches for documentation repository + _EGIT_BRANCH=${EGIT_BRANCH} + unset EGIT_BRANCH + fi + + git-r3_fetch "${DOC_REPO_URI}" + git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs + + if [[ -n "${_EGIT_BRANCH}" ]]; then + # Restore previous EGIT_BRANCH information + EGIT_BRANCH=${_EGIT_BRANCH} + fi + else + cd "${S}" || die "Cannot change dir into '${S}'" + mkdir docs || die "Failed to create docs directory" + cd docs || die "Failed to change dir into '${S}/docs'" + unpack ${PN}-doc-${PV}.tar.gz + fi + fi +} + +src_prepare() { + default + + # https://github.com/rsyslog/rsyslog/issues/3626 + sed -i \ + -e '\|^#!/bin/bash$|a exit 77' \ + tests/mmkubernetes-cache-expir*.sh \ + || die "Failed to disabled known test failure mmkubernetes-cache-expir*.sh" + + eautoreconf +} + +src_configure() { + # Maintainer notes: + # * Guardtime support is missing because libgt isn't yet available + # in portage. + # * Hadoop's HDFS file system output module is currently not + # supported in Gentoo because nobody is able to test it + # (JAVA dependency). + # * dev-libs/hiredis doesn't provide pkg-config (see #504614, + # upstream PR 129 and 136) so we need to export HIREDIS_* + # variables because rsyslog's build system depends on pkg-config. + + if use redis; then + export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis" + export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include" + fi + + local myeconfargs=( + --disable-debug-symbols + --disable-generate-man-pages + --without-valgrind-testbench + --disable-liblogging-stdlog + $(use_enable test testbench) + $(use_enable test libfaketime) + $(use_enable test extended-tests) + # Input Plugins without depedencies + --enable-imbatchreport + --enable-imdiag + --enable-imfile + --enable-improg + --enable-impstats + --enable-imptcp + # Message Modificiation Plugins without depedencies + --enable-mmanon + --enable-mmaudit + --enable-mmcount + --enable-mmfields + --enable-mmjsonparse + --enable-mmpstrucdata + --enable-mmrm1stspace + --enable-mmsequence + --enable-mmtaghostname + --enable-mmutf8fix + # Output Modification Plugins without dependencies + --enable-mail + --enable-omprog + --enable-omruleset + --enable-omstdout + --enable-omuxsock + # Misc + --enable-fmhash + $(use_enable xxhash fmhash-xxhash) + --enable-pmaixforwardedfrom + --enable-pmciscoios + --enable-pmcisconames + --enable-pmdb2diag + --enable-pmlastmsg + $(use_enable normalize pmnormalize) + --enable-pmnull + --enable-pmpanngfw + --enable-pmsnare + # DB + $(use_enable dbi libdbi) + $(use_enable mongodb ommongodb) + $(use_enable mysql) + $(use_enable postgres pgsql) + $(use_enable redis omhiredis) + # Debug + $(use_enable debug) + $(use_enable debug diagtools) + $(use_enable debug valgrind) + # Misc + $(use_enable clickhouse) + $(use_enable curl fmhttp) + $(use_enable elasticsearch) + $(use_enable gcrypt libgcrypt) + $(use_enable imhttp) + $(use_enable impcap) + $(use_enable jemalloc) + $(use_enable kafka imkafka) + $(use_enable kafka omkafka) + $(use_enable kerberos gssapi-krb5) + $(use_enable kubernetes mmkubernetes) + $(use_enable normalize mmnormalize) + $(use_enable mdblookup mmdblookup) + $(use_enable omhttp) + $(use_enable omhttpfs) + $(use_enable omudpspoof) + $(use_enable rabbitmq omrabbitmq) + $(use_enable relp) + $(use_enable rfc3195) + $(use_enable rfc5424hmac mmrfc5424addhmac) + $(use_enable snmp) + $(use_enable snmp mmsnmptrapd) + $(use_enable gnutls) + $(use_enable openssl) + $(use_enable systemd imjournal) + $(use_enable systemd omjournal) + $(use_enable usertools) + $(use_enable uuid) + $(use_enable zeromq imczmq) + $(use_enable zeromq omczmq) + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + ) + + econf "${myeconfargs[@]}" +} + +src_compile() { + default + + if use doc && [[ "${PV}" == "9999" ]]; then + einfo "Building documentation ..." + local doc_dir="${S}/docs" + cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!" + sphinx-build -b html source build || die "Building documentation failed!" + fi +} + +src_test() { + local _has_increased_ulimit= + + # Sometimes tests aren't executable (i.e. when added via patch) + einfo "Adjusting permissions of test scripts ..." + find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \ + die "Failed to adjust test scripts permission" + + if ulimit -n 3072; then + _has_increased_ulimit="true" + fi + + if ! emake --jobs 1 check; then + eerror "Test suite failed! :(" + + if [[ -z "${_has_increased_ulimit}" ]]; then + eerror "Probably because open file limit couldn't be set to 3072." + fi + + if has userpriv ${FEATURES}; then + eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \ + "before you submit a bug report." + fi + + fi +} + +src_install() { + local DOCS=( + AUTHORS + ChangeLog + "${FILESDIR}"/README.gentoo + ) + + use doc && local HTML_DOCS=( "${S}/docs/build/." ) + + default + + newconfd "${FILESDIR}/${PN}.confd-r1" ${PN} + newinitd "${FILESDIR}/${PN}.initd-r1" ${PN} + + keepdir /var/empty/dev + keepdir /var/spool/${PN} + keepdir /etc/ssl/${PN} + keepdir /etc/${PN}.d + + insinto /etc + newins "${FILESDIR}/${PN}.conf" ${PN}.conf + + insinto /etc/rsyslog.d/ + newins "${FILESDIR}/50-default-r1.conf" 50-default.conf + + insinto /etc/logrotate.d/ + newins "${FILESDIR}/${PN}-r1.logrotate" ${PN} + + if use mysql; then + insinto /usr/share/${PN}/scripts/mysql + doins plugins/ommysql/createDB.sql + fi + + if use postgres; then + insinto /usr/share/${PN}/scripts/pgsql + doins plugins/ompgsql/createDB.sql + fi + + find "${ED}" -name '*.la' -delete || die +} + +pkg_postinst() { + local advertise_readme=0 + + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + advertise_readme=1 + + if use mysql || use postgres; then + echo + elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:" + elog " /usr/share/doc/${PF}/scripts" + fi + + if use ssl; then + echo + elog "To create a default CA and certificates for your server and clients, run:" + elog " emerge --config =${PF}" + elog "on your logging server. You can run it several times," + elog "once for each logging client. The client certificates will be signed" + elog "using the CA certificate generated during the first run." + fi + fi + + if [[ ${advertise_readme} -gt 0 ]]; then + # We need to show the README file location + + echo "" + elog "Please read" + elog "" + elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*" + elog "" + elog "for more details." + fi +} + +pkg_config() { + if ! use ssl; then + einfo "There is nothing to configure for rsyslog unless you" + einfo "used USE=ssl to build it." + return 0 + fi + + if ! hash certtool &>/dev/null; then + die "certtool not found! Is net-libs/gnutls[tools] is installed?" + fi + + # Make sure the certificates directory exists + local CERTDIR="${EROOT}/etc/ssl/${PN}" + if [[ ! -d "${CERTDIR}" ]]; then + mkdir "${CERTDIR}" || die + fi + einfo "Your certificates will be stored in ${CERTDIR}" + + # Create a default CA if needed + if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then + einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_ca.privkey.pem" || die + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = Portage automated CA + ca + cert_signing_key + expiration_days = 3650 + _EOF + + certtool --generate-self-signed \ + --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --outfile "${CERTDIR}/${PN}_ca.cert.pem" \ + --template "${T}/${PF}.$$" || die + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" + + # Create the server certificate + echo + einfon "Please type the Common Name of the SERVER you wish to create a certificate for: " + read -r CN + + einfo "Creating private key and certificate for server ${CN}..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" || die + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = ${CN} + tls_www_server + dns_name = ${CN} + expiration_days = 3650 + _EOF + + certtool --generate-certificate \ + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" + + else + einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation." + fi + + # Create a client certificate + echo + einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: " + read -r CN + + einfo "Creating private key and certificate for client ${CN}..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" || die + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = ${CN} + tls_www_client + dns_name = ${CN} + expiration_days = 3650 + _EOF + + certtool --generate-certificate \ + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --template "${T}/${PF}.$$" || die + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" + + rm -f "${T}/${PF}.$$" + + echo + einfo "Here is the documentation on how to encrypt your log traffic:" + einfo " https://www.rsyslog.com/doc/rsyslog_tls.html" +} |