diff options
Diffstat (limited to 'app-admin/rsyslog')
-rw-r--r-- | app-admin/rsyslog/Manifest | 3 | ||||
-rw-r--r-- | app-admin/rsyslog/rsyslog-8.1907.0.ebuild | 462 |
2 files changed, 465 insertions, 0 deletions
diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest index 3f40e392a5a5..a3685888c9ce 100644 --- a/app-admin/rsyslog/Manifest +++ b/app-admin/rsyslog/Manifest @@ -14,6 +14,7 @@ DIST rsyslog-8.1901.0.tar.gz 2750872 BLAKE2B 8bc07bd0c73cf309b5fb853e3bc66e555de DIST rsyslog-8.1903.0.tar.gz 2786605 BLAKE2B 2c60450b5f5a54f3d4fe4f9f51c81145cdebb1b0e1dd4b76f2ad23803c8bb417affbdcc9b4a0d8ccb65b0e98f5cb5cf187ce219be3e44e44c5bd253cae5f95dc SHA512 0f698c264a4afba56467b341c094be7357fba08a6ee7a24bb1b053c06da04e83eb1832ee46b68ea21f8f4de841cd97aaadc46e78bb4adfe23604c9fe95103fa9 DIST rsyslog-8.1904.0.tar.gz 2902708 BLAKE2B 515d5e32c2dc6cdd8dd51fc595ad775503438603f28828e9f1a427b184a5a61de32af2ee90334b7d56a9404106d74da47386a18a370278d5a16422a6bb09f556 SHA512 cccb48f06508d7e7c2dd788903f4d7ddb3020cdf6079aea1d52387c56b920f10b08957a79b5d420ccdb54cae50d1da6e5eb80cde9498bceaeda4f6ce37f694fd DIST rsyslog-8.1905.0.tar.gz 2911703 BLAKE2B 5767ff2e5f1104522bde2178ecadfacac3d0754fd746754b7b29509aea45c40b17cb37d0323e6b1116fc95f2e7b1f43277ef9c96695bdf89805f9ba90944f608 SHA512 e014d48c213723317b8d07e3083e32a480e2b896eccc0dc7a491798cf56fcc1e341acba64ab44c1d935e964082c405f2f1135bd420d821e163c148e736332d0b +DIST rsyslog-8.1907.0.tar.gz 2926855 BLAKE2B 65c674e53bfa960e3fe5c7f41a304cf8736fe72e2391895dde9fdc17fabeb2f92fccab48965d5e1689a5852136a43a3355f89c9fa9d1d1974335ce80204bb4ac SHA512 2aa3f6106e48fa63c6d4389f83e7a3212817c626d04881682236055792cf5c9d8a941638c9a508c470b6a24c934ef5cb0eda65ea25179d98831afbe2a27c1519 DIST rsyslog-8.38.0.tar.gz 2721798 BLAKE2B 578bc9eefce4893a9c1eb54ee7360cd9fa51b3c87ffe07a0fd5b122987f991835f603417243084de0b59286e993ad1c84237e61c44bc18457b3660668421101b SHA512 9dc3bdc4ef01c2af433478e182704694cb50849d811d476a03e4ce03b3c5aecfb506e7f1c1e51fadcd63da60b067d8011b92b8c9354a688fe66f7b6ffd8f9254 DIST rsyslog-8.39.0.tar.gz 2721560 BLAKE2B 0680cb31d0a07e5676a5c5626e46fa174b8df08ceec49b514624ff8ffeb750bbf199f73af1d89b9dfad121a292084d75b0a1218fb33138f1d7a149fd730cb3d9 SHA512 f46ead433f703df4af6ddc4bbb178ea145d7d2a35ee7749c32b9889f299ba20c83ed76c246530608198e84fef1f2bf10097344c31d5df38b9e0ae47cf4bee479 DIST rsyslog-8.40.0.tar.gz 2726022 BLAKE2B 33f7f2018200a20b01dbfabeeab592aa09d530edd313bb13f16c47cf3f67aebd9c465af3f1e468ca3d352cd83e4f4eee567c6fd54bbaee1723bee56f4631b440 SHA512 3d5d4f92e37ad9bf3767d5d7fc87fcb7956656f676a9495c78abd12fe9072ec8763b50543b198308a71d5d919721fb9b84b6725dd83a9d9b8a1639d81382c0dd @@ -21,6 +22,7 @@ DIST rsyslog-doc-8.1901.0.tar.gz 7768575 BLAKE2B 40bc8b038fd0210d0cac01704624d87 DIST rsyslog-doc-8.1903.0.tar.gz 7816457 BLAKE2B 0628a5e7f0a2c8229470f6b05c22fa0d01de12eace4f895e17a47e7003bf078be5f3b2df15cd13a4cf53384d285b558b0936308cb58e7c7e71796ca99447da3e SHA512 b42f950499798fd2bbf9e2ac2da074781955cc552628edcd928f25943b6b80d5f2e1a2eab3b8fb0fa2f6278f2b4366f096c3e976a91223e545b4306479ca4f5d DIST rsyslog-doc-8.1904.0.tar.gz 8042650 BLAKE2B 585fe5c63eee1fb46f94dcd3d529045b3900e08c291e0e71ed9bf32a6200e6c7283820b262bd56e9aeb74cc227ecd518caafec5a8f87c1d8523d5d7fd95030aa SHA512 da0ff00fbe71756b3c27fd8b94e88611452c3ba611e583862556393faaaa596ca8f32f694ad40a3e1df67385d9f9ca80db6a58f5d2e336fe95639dd7cd0de828 DIST rsyslog-doc-8.1905.0.tar.gz 8054440 BLAKE2B 76f832fcbb41d405240f7bce4796edf4a56da5ff809ed846edbbb1b780a35837a8d061519dbec2e7afbe46a71f617d5f92f431f45f6723c055bab2fdf0df28fb SHA512 7b468aaa79a2098746bc5592f2c03270aaacb07dd06fd3be7a8c62bfe531b266e27265d873290f9a6bfb26135a4a6c49be96177a3449ff7dba54f1193c452ad3 +DIST rsyslog-doc-8.1907.0.tar.gz 8071764 BLAKE2B 90c18a93bb2f2c9158a4696245c44c36ab4c40597d1eb8df8af257f57aa17e71436bd60792c4f982ebc15395abacd53281046e4ae6df65c306f815e6599fb8bc SHA512 72dcddef6e36a92d2bdcf54072fff7516b6c731f43a53ef8f5d4ebdbe46bc7aeb63bbc3e739a6e5897602ea7705c4bdd8f57aa10796955ed772a6c7cf552c5e5 DIST rsyslog-doc-8.38.0.tar.gz 7662314 BLAKE2B 57a121950a3f6630e4736a1ff998e93b543389107d146ddb148ecd2702bb208d21a7f4d77f2fd958f2a56e092341fc6a24ed1cc80a910cb1adb54c65b5b2da04 SHA512 e28a09ae2fcddc711d2cfd31207c9862192598e49964a47b41fc8fa3ae5b1e08b7e2589fb5af859d58d4bf028574eb56cac6514401aa56cb482fa1166863e6a5 DIST rsyslog-doc-8.39.0.tar.gz 7674833 BLAKE2B 1526e0637c3ab9846f447dcea48efbfd17aa517c2fc875c46ac190428db6aa2a0f81f8aaed6e5b0b6991a5c13f45bc818be76c0fe4444c0eb45628ebf48b4956 SHA512 a6d09d384616a264fdf6e09fa0f61bd82a42340bac426d93119e11158f293dd58f894623aca30f2137e51bf701531f07938d014c9b8ec97d0a796447de3089de DIST rsyslog-doc-8.40.0.tar.gz 7709769 BLAKE2B cda3bbd005120e7100bb36cf4c0f99d3a037525c5451ead5957f4dfe06eaceeba8fb2e266f53203bee6fae97898774ee17862a52ca1dae99aeb3534bbfadcd60 SHA512 2e2f37336948984a8cf0e098eb46e61fe4de6366d63a98204ecd558f4e21b7c1f222659f7bdecdd22e0a61d34c442b4734dbe72a72e8716c768a900b954d473f @@ -28,6 +30,7 @@ EBUILD rsyslog-8.1901.0.ebuild 12354 BLAKE2B a5907ced4f42a503ce63d19bdb2fdcca4db EBUILD rsyslog-8.1903.0.ebuild 12531 BLAKE2B e8ad30c6ca996894be5a84be8a8b19ec2354aaf44aaf915c8471c0cc51156080a45fd2c422d2dbef50904f8a820693ef5e1f93267ce9fa12b37cb863028dd91b SHA512 5918af3232e7d2bd9b6e8511a9f29f276b081ffe2a4f6b3c0773b737b97d104b0722a64a3506360ae8794c2b1aa7c8c6327d63a3fcf9385db6324a409b940060 EBUILD rsyslog-8.1904.0.ebuild 12568 BLAKE2B 6a94ed244881136b7cecd3ac1d6eeb71bbdd410e9b6f2365ae2058c713568089da38aca6f2d441c5c70edf8cc98940a2cafb1062bae6d02e90ee484d7c96d26c SHA512 3f70d0ae0380a5ec1831f70b9750613037add7921f6484d0f67dd91b7d89bc0e77cdbedd378d8f7f8d374407a054aff1fc735b4d5f05251563e7843b53596dc5 EBUILD rsyslog-8.1905.0.ebuild 12571 BLAKE2B 0d892e66f94d73b20c0addb444edd904d6961cd7918adcc024f813776d766775fad7c0a288df2656f1cee14387d33949bf1c85cb86f85158b1a700393aa3396e SHA512 2826e3eeff416a5673f8810673097a524ea34718af98d934a8eac7a3417167d167ea880bc3ec1ff0b984ab6d95bf3344566d557978c0cd04052d177ca55992f0 +EBUILD rsyslog-8.1907.0.ebuild 12546 BLAKE2B f4d18548e77429e8696925f7d3e16e9b3b16a9845ae3c118f6741d3f0d2b96243ef86436a5995f64591557e0e418647e4bbf53a2900278ac09a3c1a44569cc7f SHA512 703242178569e869bc3584486827c8a8401dd71532929da9d8f2ce56861774bc1fa0c04da4ebe9de48ff4060add22da35656c4d9f497409e3a76a742270db1c8 EBUILD rsyslog-8.38.0-r2.ebuild 12281 BLAKE2B 8debd0ba1551ece2c24fbfb8893204e592ed40682eeab26ea2b32febfbf1442aeabf3f7215bd5371fc9c6abfe6923da887f71d12be1e7e57193b03d6b65c4a21 SHA512 7c95fc07a96854386a611878a53b625b0d95615058c9c2c97dd2ad2e563bca1cb14e81be747dab108e7304734d2c2f86a8d626626ee52178dd769fefd8339260 EBUILD rsyslog-8.39.0-r1.ebuild 12357 BLAKE2B 0baadf35229801863b6f2dcbafed210d8d9503595bd9410969e52006cfc0d34c52b9c6dece38285d6674ae757b9c1d223405d02813fea4d0c2e0c15e50915c5d SHA512 b7568c5217593aa764645793a8d92c6c116f8108c0b7e55fe625c463cadb2ca0a2e71060686fb100cea87e870911862fb5770dea07e866b98763596be56ed3dd EBUILD rsyslog-8.40.0-r1.ebuild 12337 BLAKE2B f2c9a511505a4656c5d39fb81ff65687d062bd78338865d702248ce77cbc9e55fe9edb0139d8aade2d793b6ad725a2f3060249959eab8e7278ca56dfc936df76 SHA512 f26f3f622e2242e70185ef62ff995394fd6fff830d6c21392fa0ce4bb49986c1417e14f1befb5923e08f5a2a15396af417f0a1f63acd7256d3f577d31da814f0 diff --git a/app-admin/rsyslog/rsyslog-8.1907.0.ebuild b/app-admin/rsyslog/rsyslog-8.1907.0.ebuild new file mode 100644 index 000000000000..fcb04c2146f0 --- /dev/null +++ b/app-admin/rsyslog/rsyslog-8.1907.0.ebuild @@ -0,0 +1,462 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} ) + +inherit autotools eutils linux-info python-any-r1 systemd + +DESCRIPTION="An enhanced multi-threaded syslogd with database support and more" +HOMEPAGE="https://www.rsyslog.com/" + +if [[ ${PV} == "9999" ]]; then + EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git" + + DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git" + + inherit git-r3 +else + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86" + + SRC_URI=" + https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz + doc? ( https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz ) + " +fi + +LICENSE="GPL-3 LGPL-3 Apache-2.0" +SLOT="0" +IUSE="curl dbi debug doc elasticsearch +gcrypt gnutls jemalloc kafka kerberos kubernetes libressl mdblookup" +IUSE+=" mongodb mysql normalize clickhouse omhttp omhttpfs omudpspoof openssl postgres" +IUSE+=" rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools +uuid xxhash zeromq" +RESTRICT="!test? ( test )" + +RDEPEND=" + >=dev-libs/libfastjson-0.99.8:= + >=dev-libs/libestr-0.1.9 + >=sys-libs/zlib-1.2.5 + curl? ( >=net-misc/curl-7.35.0 ) + dbi? ( >=dev-db/libdbi-0.8.3 ) + elasticsearch? ( >=net-misc/curl-7.35.0 ) + gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= ) + jemalloc? ( >=dev-libs/jemalloc-3.3.1:= ) + kafka? ( >=dev-libs/librdkafka-0.9.0.99:= ) + kerberos? ( virtual/krb5 ) + kubernetes? ( >=net-misc/curl-7.35.0 ) + mdblookup? ( dev-libs/libmaxminddb:= ) + mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= ) + mysql? ( virtual/libmysqlclient:= ) + normalize? ( + >=dev-libs/liblognorm-2.0.3:= + ) + clickhouse? ( >=net-misc/curl-7.35.0 ) + omhttpfs? ( >=net-misc/curl-7.35.0 ) + omudpspoof? ( >=net-libs/libnet-1.1.6 ) + postgres? ( >=dev-db/postgresql-8.4.20:= ) + rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= ) + redis? ( >=dev-libs/hiredis-0.11.0:= ) + relp? ( >=dev-libs/librelp-1.2.17:= ) + rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] ) + rfc5424hmac? ( + !libressl? ( >=dev-libs/openssl-0.9.8y:0= ) + libressl? ( dev-libs/libressl:= ) + ) + snmp? ( >=net-analyzer/net-snmp-5.7.2 ) + ssl? ( + gnutls? ( >=net-libs/gnutls-2.12.23:0= ) + openssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + ) + ) + systemd? ( >=sys-apps/systemd-234 ) + uuid? ( sys-apps/util-linux:0= ) + xxhash? ( dev-libs/xxhash:= ) + zeromq? ( + >=net-libs/czmq-3.0.2 + )" +DEPEND="${RDEPEND} + >=sys-devel/autoconf-archive-2015.02.24 + virtual/pkgconfig + elibc_musl? ( sys-libs/queue-standalone ) + test? ( + >=dev-libs/liblogging-1.0.1[stdlog] + jemalloc? ( <sys-libs/libfaketime-0.9.7 ) + !jemalloc? ( sys-libs/libfaketime ) + ${PYTHON_DEPS} + )" + +REQUIRED_USE=" + kubernetes? ( normalize ) + ssl? ( || ( gnutls openssl ) ) +" + +if [[ ${PV} == "9999" ]]; then + DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )" + DEPEND+=" >=sys-devel/flex-2.5.39-r1" + DEPEND+=" >=sys-devel/bison-2.4.3" + DEPEND+=" >=dev-python/docutils-0.12" +fi + +CONFIG_CHECK="~INOTIFY_USER" +WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!" + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_unpack() { + if [[ ${PV} == "9999" ]]; then + git-r3_fetch + git-r3_checkout + else + unpack ${P}.tar.gz + fi + + if use doc; then + if [[ ${PV} == "9999" ]]; then + local _EGIT_BRANCH= + if [[ -n "${EGIT_BRANCH}" ]]; then + # Cannot use rsyslog commits/branches for documentation repository + _EGIT_BRANCH=${EGIT_BRANCH} + unset EGIT_BRANCH + fi + + git-r3_fetch "${DOC_REPO_URI}" + git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs + + if [[ -n "${_EGIT_BRANCH}" ]]; then + # Restore previous EGIT_BRANCH information + EGIT_BRANCH=${_EGIT_BRANCH} + fi + else + cd "${S}" || die "Cannot change dir into '${S}'" + mkdir docs || die "Failed to create docs directory" + cd docs || die "Failed to change dir into '${S}/docs'" + unpack ${PN}-doc-${PV}.tar.gz + fi + fi +} + +src_prepare() { + default + + # https://github.com/rsyslog/rsyslog/issues/3626 + sed -i \ + -e '\|^#!/bin/bash$|a exit 77' \ + tests/mmkubernetes-cache-expir*.sh \ + || die "Failed to disabled known test failure mmkubernetes-cache-expir*.sh" + + eautoreconf +} + +src_configure() { + # Maintainer notes: + # * Guardtime support is missing because libgt isn't yet available + # in portage. + # * Hadoop's HDFS file system output module is currently not + # supported in Gentoo because nobody is able to test it + # (JAVA dependency). + # * dev-libs/hiredis doesn't provide pkg-config (see #504614, + # upstream PR 129 and 136) so we need to export HIREDIS_* + # variables because rsyslog's build system depends on pkg-config. + + if use redis; then + export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis" + export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include" + fi + + local myeconfargs=( + --disable-debug-symbols + --disable-generate-man-pages + --without-valgrind-testbench + --disable-liblogging-stdlog + $(use_enable test testbench) + $(use_enable test libfaketime) + $(use_enable test extended-tests) + # Input Plugins without depedencies + --enable-imdiag + --enable-imfile + --enable-impstats + --enable-imptcp + # Message Modificiation Plugins without depedencies + --enable-mmanon + --enable-mmaudit + --enable-mmcount + --enable-mmfields + --enable-mmjsonparse + --enable-mmpstrucdata + --enable-mmrm1stspace + --enable-mmsequence + --enable-mmutf8fix + # Output Modification Plugins without dependencies + --enable-mail + --enable-omprog + --enable-omruleset + --enable-omstdout + --enable-omuxsock + # Misc + --enable-fmhash + $(use_enable xxhash fmhash-xxhash) + --enable-pmaixforwardedfrom + --enable-pmciscoios + --enable-pmcisconames + --enable-pmlastmsg + $(use_enable normalize pmnormalize) + --enable-pmnull + --enable-pmpanngfw + --enable-pmsnare + # DB + $(use_enable dbi libdbi) + $(use_enable mongodb ommongodb) + $(use_enable mysql) + $(use_enable postgres pgsql) + $(use_enable redis omhiredis) + # Debug + $(use_enable debug) + $(use_enable debug diagtools) + $(use_enable debug valgrind) + # Misc + $(use_enable clickhouse) + $(use_enable curl fmhttp) + $(use_enable elasticsearch) + $(use_enable gcrypt libgcrypt) + $(use_enable jemalloc) + $(use_enable kafka imkafka) + $(use_enable kafka omkafka) + $(use_enable kerberos gssapi-krb5) + $(use_enable kubernetes mmkubernetes) + $(use_enable normalize mmnormalize) + $(use_enable mdblookup mmdblookup) + $(use_enable omhttp) + $(use_enable omhttpfs) + $(use_enable omudpspoof) + $(use_enable rabbitmq omrabbitmq) + $(use_enable relp) + $(use_enable rfc3195) + $(use_enable rfc5424hmac mmrfc5424addhmac) + $(use_enable snmp) + $(use_enable snmp mmsnmptrapd) + $(use_enable gnutls) + $(use_enable openssl) + $(use_enable systemd imjournal) + $(use_enable systemd omjournal) + $(use_enable usertools) + $(use_enable uuid) + $(use_enable zeromq imczmq) + $(use_enable zeromq omczmq) + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + ) + + econf "${myeconfargs[@]}" +} + +src_compile() { + default + + if use doc && [[ "${PV}" == "9999" ]]; then + einfo "Building documentation ..." + local doc_dir="${S}/docs" + cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!" + sphinx-build -b html source build || die "Building documentation failed!" + fi +} + +src_test() { + local _has_increased_ulimit= + + # Sometimes tests aren't executable (i.e. when added via patch) + einfo "Adjusting permissions of test scripts ..." + find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \ + die "Failed to adjust test scripts permission" + + if ulimit -n 3072; then + _has_increased_ulimit="true" + fi + + if ! emake --jobs 1 check; then + eerror "Test suite failed! :(" + + if [[ -z "${_has_increased_ulimit}" ]]; then + eerror "Probably because open file limit couldn't be set to 3072." + fi + + if has userpriv ${FEATURES}; then + eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \ + "before you submit a bug report." + fi + + fi +} + +src_install() { + local DOCS=( + AUTHORS + ChangeLog + "${FILESDIR}"/README.gentoo + ) + + use doc && local HTML_DOCS=( "${S}/docs/build/." ) + + default + + newconfd "${FILESDIR}/${PN}.confd-r1" ${PN} + newinitd "${FILESDIR}/${PN}.initd-r1" ${PN} + + keepdir /var/empty/dev + keepdir /var/spool/${PN} + keepdir /etc/ssl/${PN} + keepdir /etc/${PN}.d + + insinto /etc + newins "${FILESDIR}/${PN}.conf" ${PN}.conf + + insinto /etc/rsyslog.d/ + newins "${FILESDIR}/50-default-r1.conf" 50-default.conf + + insinto /etc/logrotate.d/ + newins "${FILESDIR}/${PN}-r1.logrotate" ${PN} + + if use mysql; then + insinto /usr/share/doc/${PF}/scripts/mysql + doins plugins/ommysql/createDB.sql + fi + + if use postgres; then + insinto /usr/share/doc/${PF}/scripts/pgsql + doins plugins/ompgsql/createDB.sql + fi + + prune_libtool_files --modules +} + +pkg_postinst() { + local advertise_readme=0 + + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + advertise_readme=1 + + if use mysql || use postgres; then + echo + elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:" + elog " /usr/share/doc/${PF}/scripts" + fi + + if use ssl; then + echo + elog "To create a default CA and certificates for your server and clients, run:" + elog " emerge --config =${PF}" + elog "on your logging server. You can run it several times," + elog "once for each logging client. The client certificates will be signed" + elog "using the CA certificate generated during the first run." + fi + fi + + if [[ ${advertise_readme} -gt 0 ]]; then + # We need to show the README file location + + echo "" + elog "Please read" + elog "" + elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*" + elog "" + elog "for more details." + fi +} + +pkg_config() { + if ! use ssl ; then + einfo "There is nothing to configure for rsyslog unless you" + einfo "used USE=ssl to build it." + return 0 + fi + + # Make sure the certificates directory exists + local CERTDIR="${EROOT}/etc/ssl/${PN}" + if [[ ! -d "${CERTDIR}" ]]; then + mkdir "${CERTDIR}" || die + fi + einfo "Your certificates will be stored in ${CERTDIR}" + + # Create a default CA if needed + if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then + einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = Portage automated CA + ca + cert_signing_key + expiration_days = 3650 + _EOF + + certtool --generate-self-signed \ + --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --outfile "${CERTDIR}/${PN}_ca.cert.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" + + # Create the server certificate + echo + einfon "Please type the Common Name of the SERVER you wish to create a certificate for: " + read -r CN + + einfo "Creating private key and certificate for server ${CN}..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = ${CN} + tls_www_server + dns_name = ${CN} + expiration_days = 3650 + _EOF + + certtool --generate-certificate \ + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" + + else + einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation." + fi + + # Create a client certificate + echo + einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: " + read -r CN + + einfo "Creating private key and certificate for client ${CN}..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = ${CN} + tls_www_client + dns_name = ${CN} + expiration_days = 3650 + _EOF + + certtool --generate-certificate \ + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" + + rm -f "${T}/${PF}.$$" + + echo + einfo "Here is the documentation on how to encrypt your log traffic:" + einfo " https://www.rsyslog.com/doc/rsyslog_tls.html" +} |