Add a USE flag to support building mongodb with --ssl as described at http://docs.mongodb.org/manual/administration/ssl/ I attach a patch to support this in the ebuild. Reproducible: Always
Created attachment 315459 [details, diff] Patch ebuild to build with --ssl optionally
Created attachment 316115 [details] MongoDB 2.0.6 ssl overlay Issuing the following commands should create a local portage overlay and extract the modified MongoDB 2.0.6 ebuild into it. You should then be able to immediately issue a `emerge -av mongodb` and see the SSL ebuild ready to install. Assuming 2.0.6 is still the latest version. ######################## # if you already have an overlay in your make.conf you can skip this part # and just extract the attachment into <overlay_path>/dev-db/mongodb mkdir -p /usr/local/portage/dev-db/mongodb echo 'PORTDIR_OVERLAY="/usr/local/portage"' >> /etc/make.conf # download this attachment and extract it into /usr/local/portage/dev-db/mongodb tar xzf mongodb-2.0.6-r1.ebuild-ssl.tgz -C /usr/local/portage/dev-db/mongodb ######################### That's it! `emerge -av mongodb' should give you MongoDB 2.0.6 with SSL enabled. Don't forget to read up on creating certificates for your MongoDB to use. It requires a PEM file and key configured in /etc/conf.d/mongodb or mongos Also, most (if not all) MongoDB language drivers do not support SSL. So you will need net-misc/stunnel to connect your app to SSL enabled MongoDB. I've included stunnel instructions to be displayed on the console after a successful MongoDB compile with `ewarn` messages in the ebuild. Obviously, you'll want to install stunnel on the app server and not the server mongodb is installed (unless they are the same, buy why do you want ssl so badly then?) to prevent unencrypted data from leaving the machine. Additionally, enabling the `ssl` use flag with my overlay will create /etc/conf.d files for mongod and mongos that are set to listen on port 27020 (anticipating using stunnel) and have the correct options for telling mongo about your certificates. FYI: mongo does NOT validate the certs, so self CA signed is okay. As for Ultrabug not including this in the main portage tree. I talked to Ultrabug a few months ago about it and since it's not officially supported by MongoDB, I agree with him that it shouldn't be in the mainline portage tree. Until 10gen officially supports SSL for MongoDB, it's up to us to create portage overlays. Extra reading: https://github.com/guanqun/mongo/commit/d6df91708a3b2a70cfba17954175f66a35794153 http://serverfault.com/questions/373543/mongodb-ssl-encryption-and-springs-driver
Created attachment 316119 [details] MongoDB 2.0.6 ssl overlay +sharding Issuing the following commands should create a local portage overlay and extract the modified MongoDB 2.0.6 ebuild into it. You should then be able to immediately issue a `emerge -av mongodb` and see the SSL ebuild ready to install. Assuming 2.0.6 is still the latest version. ######################## # if you already have an overlay in your make.conf you can skip this part # and just extract the attachment into <overlay_path>/dev-db/mongodb mkdir -p /usr/local/portage/dev-db/mongodb echo 'PORTDIR_OVERLAY="/usr/local/portage"' >> /etc/make.conf # download this attachment and extract it into /usr/local/portage/dev-db/mongodb tar xzf mongodb-2.0.6-r1-ssl.tgz -C /usr/local/portage/dev-db/mongodb ######################### That's it! `emerge -av mongodb' should give you MongoDB 2.0.6 with SSL enabled. Don't forget to read up on creating certificates for your MongoDB to use. It requires a PEM file and key configured in /etc/conf.d/mongodb or mongos Also, most (if not all) MongoDB language drivers do not support SSL. So you will need net-misc/stunnel to connect your app to SSL enabled MongoDB. I've included stunnel instructions to be displayed on the console after a successful MongoDB compile with `ewarn` messages in the ebuild. Be sure to put run stunnel on the application server, and have your app connect to the local port as to prevent leaking unencrypted data. Additionally, enabling the `ssl` use flag with my overlay will create /etc/conf.d files for mongod and mongos that have the correct (undocumented) options for telling mongo about your certificates. As for Ultrabug not including this in the main portage tree. I talked to Ultrabug a few months ago about it and since it's not officially supported by MongoDB, I agree with him that it shouldn't be in the mainline portage tree. Until 10gen officially supports SSL for MongoDB, it's up to us to create portage overlays. Extra reading: https://github.com/guanqun/mongo/commit/d6df91708a3b2a70cfba17954175f66a35794153 http://serverfault.com/questions/373543/mongodb-ssl-encryption-and-springs-driver
Starting with mongodb-2.4.0, I will be adding a ssl USE flag. Stay tuned, this bug is soon over.
Done ! +*mongodb-2.4.0 (20 Mar 2013) + + 20 Mar 2013; Ultrabug <ultrabug@gentoo.org> +mongodb-2.4.0.ebuild, + metadata.xml: + Version bump, fix #461466 #421289, add ssl and sharedclient to IUSE +