# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="6" PYTHON_COMPAT=( python{3_6,3_7,3_8} ) inherit autotools eutils linux-info ltprune python-any-r1 systemd DESCRIPTION="An enhanced multi-threaded syslogd with database support and more" HOMEPAGE="https://www.rsyslog.com/" if [[ ${PV} == "9999" ]]; then EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git" DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git" inherit git-r3 else KEYWORDS="~amd64 arm ~arm64 ~hppa x86" SRC_URI=" https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz doc? ( https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz ) " fi LICENSE="GPL-3 LGPL-3 Apache-2.0" SLOT="0" IUSE="curl dbi debug doc elasticsearch +gcrypt gnutls jemalloc kafka kerberos kubernetes libressl mdblookup" IUSE+=" mongodb mysql normalize clickhouse omhttp omhttpfs omudpspoof openssl postgres" IUSE+=" rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools +uuid xxhash zeromq" RESTRICT="!test? ( test )" RDEPEND=" >=dev-libs/libfastjson-0.99.8:= >=dev-libs/libestr-0.1.9 >=sys-libs/zlib-1.2.5 curl? ( >=net-misc/curl-7.35.0 ) dbi? ( >=dev-db/libdbi-0.8.3 ) elasticsearch? ( >=net-misc/curl-7.35.0 ) gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= ) jemalloc? ( >=dev-libs/jemalloc-3.3.1:= ) kafka? ( >=dev-libs/librdkafka-0.9.0.99:= ) kerberos? ( virtual/krb5 ) kubernetes? ( >=net-misc/curl-7.35.0 ) mdblookup? ( dev-libs/libmaxminddb:= ) mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= ) mysql? ( dev-db/mysql-connector-c:= ) normalize? ( >=dev-libs/liblognorm-2.0.3:= ) clickhouse? ( >=net-misc/curl-7.35.0 ) omhttpfs? ( >=net-misc/curl-7.35.0 ) omudpspoof? ( >=net-libs/libnet-1.1.6 ) postgres? ( >=dev-db/postgresql-8.4.20:= ) rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= ) redis? ( >=dev-libs/hiredis-0.11.0:= ) relp? ( >=dev-libs/librelp-1.2.17:= ) rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] ) rfc5424hmac? ( !libressl? ( >=dev-libs/openssl-0.9.8y:0= ) libressl? ( dev-libs/libressl:= ) ) snmp? ( >=net-analyzer/net-snmp-5.7.2 ) ssl? ( gnutls? ( >=net-libs/gnutls-2.12.23:0= ) openssl? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl:0= ) ) ) systemd? ( >=sys-apps/systemd-234 ) uuid? ( sys-apps/util-linux:0= ) xxhash? ( dev-libs/xxhash:= ) zeromq? ( >=net-libs/czmq-4:=[drafts] )" DEPEND="${RDEPEND} >=sys-devel/autoconf-archive-2015.02.24 virtual/pkgconfig elibc_musl? ( sys-libs/queue-standalone ) test? ( >=dev-libs/liblogging-1.0.1[stdlog] jemalloc? ( /dev/null chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" cat > "${T}/${PF}.$$" <<- _EOF cn = Portage automated CA ca cert_signing_key expiration_days = 3650 _EOF certtool --generate-self-signed \ --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ --outfile "${CERTDIR}/${PN}_ca.cert.pem" \ --template "${T}/${PF}.$$" &>/dev/null chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" # Create the server certificate echo einfon "Please type the Common Name of the SERVER you wish to create a certificate for: " read -r CN einfo "Creating private key and certificate for server ${CN}..." certtool --generate-privkey \ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" cat > "${T}/${PF}.$$" <<- _EOF cn = ${CN} tls_www_server dns_name = ${CN} expiration_days = 3650 _EOF certtool --generate-certificate \ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ --template "${T}/${PF}.$$" &>/dev/null chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" else einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation." fi # Create a client certificate echo einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: " read -r CN einfo "Creating private key and certificate for client ${CN}..." certtool --generate-privkey \ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" cat > "${T}/${PF}.$$" <<- _EOF cn = ${CN} tls_www_client dns_name = ${CN} expiration_days = 3650 _EOF certtool --generate-certificate \ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ --template "${T}/${PF}.$$" &>/dev/null chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" rm -f "${T}/${PF}.$$" echo einfo "Here is the documentation on how to encrypt your log traffic:" einfo " https://www.rsyslog.com/doc/rsyslog_tls.html" }