diff -rupN old/app-admin/rsyslog/files/7-stable/bugfix_52.patch new/app-admin/rsyslog/files/7-stable/bugfix_52.patch --- old/app-admin/rsyslog/files/7-stable/bugfix_52.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/app-admin/rsyslog/files/7-stable/bugfix_52.patch 2014-05-03 14:51:38.206235319 +0200 @@ -0,0 +1,100 @@ +From b017e29aad70702c69e6016b07a932b7825a83e5 Mon Sep 17 00:00:00 2001 +From: Thomas D +Date: Sat, 3 May 2014 14:45:25 +0200 +Subject: [PATCH] Remove "--enable-cached-man-pages" switch and make rst2man + optional when required man pages already exist + +This commit backports the bugfix for issue #52 for the v7-stable branch. +--- + configure.ac | 61 +++++++++++++++++++++++++++++++++++------------------------- + 1 file changed, 36 insertions(+), 25 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 0dd40c2..07d96dd 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1087,30 +1087,6 @@ fi + AM_CONDITIONAL(ENABLE_GUARDTIME, test x$enable_guardtime = xyes) + + +-# Support using cached man file copies, to avoid the need for rst2man +-# in the build environment +-AC_ARG_ENABLE(cached_man_pages, +- [AS_HELP_STRING([--enable-cached-man-pages],[Enable using cached versions of man files (avoid rst2man) @<:@default=no@:>@])], +- [case "${enableval}" in +- yes) enable_cached_man_pages="yes" ;; +- no) enable_cached_man_pages="no" ;; +- *) AC_MSG_ERROR(bad value ${enableval} for --enable-cached-man-pages) ;; +- esac], +- [enable_cached_man_pages=no] +-) +-if test "x$enable_cached_man_pages" = "xno"; then +-# obtain path for rst2man +- if test "x$enable_libgcrypt" = "xyes" || \ +- test "x$enable_guardtime" = "xyes"; then +- AC_PATH_PROG([RST2MAN], [rst2man]) +- if test "x${RST2MAN}" == "x"; then +- AC_MSG_FAILURE([rst2man not found in PATH]) +- fi +- fi +-fi +- +- +- + # RFC 3195 support + AC_ARG_ENABLE(rfc3195, + [AS_HELP_STRING([--enable-rfc3195],[Enable RFC3195 support @<:@default=no@:>@])], +@@ -1519,6 +1495,41 @@ AM_CONDITIONAL(ENABLE_OMHIREDIS, test x$enable_omhiredis = xyes) + + # END HIREDIS SUPPORT + ++ ++AC_CHECKING([if required man pages already exist]) ++have_to_generate_man_pages="no" ++ ++# man pages for libgcrypt module ++if test "x$enable_usertools" = "xyes" && test "x$enable_libgcrypt" = "xyes"; then ++ AC_CHECK_FILES(["tools/rscryutil.1" "tools/rsgtutil.1"], ++ [], ++ [have_to_generate_man_pages="yes"] ++ ) ++fi ++ ++# man pages for GuardTime module ++if test "x$enable_usertools" = "xyes" && test "x$enable_guardtime" = "xyes"; then ++ AC_CHECK_FILES(["tools/rscryutil.1" "tools/rsgtutil.1"], ++ [], ++ [have_to_generate_man_pages="yes"] ++ ) ++fi ++ ++if test "x$have_to_generate_man_pages" = "xyes"; then ++ AC_MSG_RESULT([Some man pages are missing. We need rst2man to generate the missing man pages from source...]) ++else ++ AC_MSG_RESULT([All required man pages found. We don't need rst2man!]) ++fi ++ ++if test "x$have_to_generate_man_pages" = "xyes"; then ++ # We need rst2man to generate our man pages ++ AC_CHECK_PROGS([RST2MAN], [rst2man rst2man.py], []) ++ if test -z "$RST2MAN"; then ++ AC_MSG_ERROR([rst2man is required to build man pages. You can use the release tarball with pregenerated man pages to avoid this depedency.]) ++ fi ++fi ++ ++ + AC_CONFIG_FILES([Makefile \ + runtime/Makefile \ + compat/Makefile \ +@@ -1594,7 +1605,7 @@ echo " Zlib compression support enabled: $enable_zlib" + echo " rsyslog runtime will be built: $enable_rsyslogrt" + echo " rsyslogd will be built: $enable_rsyslogd" + echo " GUI components will be built: $enable_gui" +-echo " cached man files will be used: $enable_cached_man_pages" ++echo " have to generate man pages: $have_to_generate_man_pages" + echo " Unlimited select() support enabled: $enable_unlimited_select" + echo " uuid support enabled: $enable_uuid" + echo " Log file signing support: $enable_guardtime" +-- +1.9.2 + diff -rupN old/app-admin/rsyslog/files/7-stable/bugfix_73.patch new/app-admin/rsyslog/files/7-stable/bugfix_73.patch --- old/app-admin/rsyslog/files/7-stable/bugfix_73.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/app-admin/rsyslog/files/7-stable/bugfix_73.patch 2014-05-03 20:52:32.146268749 +0200 @@ -0,0 +1,103 @@ +This patch will update the pre-generated rscryutil man page from the release +tarball so we don't need to depend on dev-python/docutils. + +https://github.com/rsyslog/rsyslog/issues/73 + +diff -rupN old/rsyslog-7.6.3/tools/rscryutil.1 new/rsyslog-7.6.3/tools/rscryutil.1 +--- old/rsyslog-7.6.3/tools/rscryutil.1 2013-10-29 16:31:21.000000000 +0100 ++++ new/rsyslog-7.6.3/tools/rscryutil.1 2014-05-03 20:41:46.143825094 +0200 +@@ -1,4 +1,4 @@ +-.\" Man page generated from reStructeredText. ++.\" Man page generated from reStructuredText. + . + .TH RSCRYUTIL 1 "2013-04-15" "" "" + .SH NAME +@@ -31,12 +31,16 @@ level margin: \\n[rst2man-indent\\n[rst2 + .in \\n[rst2man-indent\\n[rst2man-indent-level]]u + .. + .SH SYNOPSIS ++.INDENT 0.0 ++.INDENT 3.5 + .sp + .nf + .ft C + rscryutil [OPTIONS] [FILE] ... + .ft P + .fi ++.UNINDENT ++.UNINDENT + .SH DESCRIPTION + .sp + This tool performs various operations on encrypted log files. +@@ -44,46 +48,46 @@ Most importantly, it provides the abilit + .SH OPTIONS + .INDENT 0.0 + .TP +-.B \-d, \-\-decrypt ++.B \-d\fP,\fB \-\-decrypt + Select decryption mode. This is the default mode. + .TP +-.BI \-W, \-\-write\-keyfile \ ++.BI \-W\fP,\fB \-\-write\-keyfile \ + Utility function to write a key to a keyfile. The key can be obtained + via any method. + .TP +-.B \-v, \-\-verbose ++.B \-v\fP,\fB \-\-verbose + Select verbose mode. + .TP +-.B \-f, \-\-force ++.B \-f\fP,\fB \-\-force + Forces operations that otherwise would fail. + .TP +-.BI \-k, \-\-keyfile \ ++.BI \-k\fP,\fB \-\-keyfile \ + Reads the key from . File _must_ contain the key, only, no headers + or other meta information. Keyfiles can be generated via the + \fI\-\-write\-keyfile\fP option. + .TP +-.BI \-p, \-\-key\-program \ ++.BI \-p\fP,\fB \-\-key\-program \ + In this mode, the key is provided by a so\-called "key program". This program + is executed and must return the key to (as well as some meta information) + via stdout. The core idea of key programs is that using this interface the + user can implement as complex (and secure) method to obtain keys as + desired, all without the need to make modifications to rsyslog. + .TP +-.BI \-K, \-\-key \ ++.BI \-K\fP,\fB \-\-key \ + TESTING AID, NOT FOR PRODUCTION USE. This uses the KEY specified + on the command line. This is the actual key, and as such this mode + is highly insecure. However, it can be useful for intial testing + steps. This option may be removed in the future. + .TP +-.BI \-a, \-\-algo \ ++.BI \-a\fP,\fB \-\-algo \ + Sets the encryption algorightm (cipher) to be used. See below + for supported algorithms. The default is "AES128". + .TP +-.BI \-m, \-\-mode \ ++.BI \-m\fP,\fB \-\-mode \ + Sets the ciphermode to be used. See below for supported modes. + The default is "CBC". + .TP +-.BI \-r, \-\-generate\-random\-key \ ++.BI \-r\fP,\fB \-\-generate\-random\-key \ + Generates a random key of length . This option is + meant to be used together with \fI\-\-write\-keyfile\fP (and it is hard + to envision any other valid use for it). +@@ -97,7 +101,7 @@ multiple operations mode are set on the + unpredictable. + .SS decrypt + .sp +-The provided log files are decrypted. Note that the \fI.encinfo\fP side files ++The provided log files are decrypted. Note that the \fI\&.encinfo\fP side files + must exist and be accessible in order for decryption to to work. + .SS write\-keyfile + .sp +@@ -198,5 +202,4 @@ LGPLv2. + .SH AUTHOR + Rainer Gerhards + .\" Generated by docutils manpage writer. +-.\" + . diff -rupN old/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch new/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch --- old/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch 2014-05-04 02:27:15.978228158 +0200 @@ -0,0 +1,25 @@ +From 14f3b45151864aa4170de515f406a69ad2931eba Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Thu, 31 Oct 2013 18:21:47 +0100 +Subject: [PATCH] module omruleset is no longer enabled by default. + +Note that it has been deprecated in v7 and been replaced by the "call" +statement. Also, it can still be build without problems, the option must +just explicitely be given. +--- +diff --git a/configure.ac b/configure.ac +index 3abd559..de4c3ea 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1353,7 +1353,7 @@ AC_ARG_ENABLE(omruleset, + no) enable_omruleset="no" ;; + *) AC_MSG_ERROR(bad value ${enableval} for --enable-omruleset) ;; + esac], +- [enable_omruleset=yes] ++ [enable_omruleset=no] + ) + AM_CONDITIONAL(ENABLE_OMRULESET, test x$enable_omruleset = xyes) + +-- +1.9.1 + diff -rupN old/app-admin/rsyslog/files/7-stable/rsyslog.conf new/app-admin/rsyslog/files/7-stable/rsyslog.conf --- old/app-admin/rsyslog/files/7-stable/rsyslog.conf 1970-01-01 01:00:00.000000000 +0100 +++ new/app-admin/rsyslog/files/7-stable/rsyslog.conf 2014-05-09 10:35:26.246134957 +0200 @@ -0,0 +1,158 @@ +# /etc/rsyslog.conf +# +# This configuration is based on RainerScript, the new recommended syntax +# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further +# details. +# +# But if you don't want to learn something new at moment, don't worry: The +# legacy syntax is still supported. +# +# You may want to use the new RSYSLOG configuration builder to create your +# own more advanced configuration: http://www.rsyslog.com/rsyslog-configuration-builder/ + +# Check config syntax on startup and abort if unclean (default: off) +#$AbortOnUncleanConfig on + + +############### +### MODULES ### +############### + +# Read syslog messages from default Unix socket /dev/log (e.g. via logger command) +module(load="imuxsock") + +# Read messages from the kernel log and submits them to the syslog engine +module(load="imklog") + +# Inject "--MARK--" messages every $Interval (seconds) +#module(load="immark" Interval="600") + +# Read syslog messages from UDP +#module(load="imudp") +#input(type="imudp" port="514") + +# Read syslog messages from TCP +#module(load="imtcp") +#input(type="imtcp" port="514") + + +######################### +### GLOBAL DIRECTIVES ### +######################### + +# Where to place spool and state files +$WorkDirectory /var/spool/rsyslog + +# Reduce repeating messages (default: off) +#$RepeatedMsgReduction on + +# Set defaults for every output file +$Umask 0022 + +module( + load="builtin:omfile" + Template="RSYSLOG_TraditionalFileFormat" + FileCreateMode="0644" + DirCreateMode="0755" +) + + +############### +### ACTIONS ### +############### + +auth,authpriv.* action( + type="omfile" + File="/var/log/auth.log" + FileCreateMode="0600" + FileOwner="root" + FileGroup="adm" + Sync="off" +) + +cron.* action( + type="omfile" + File="/var/log/cron.log" + FileOwner="root" + FileGroup="adm" +) + +daemon.* action( + type="omfile" + File="/var/log/daemon.log" + FileOwner="root" + FileGroup="adm" +) + +kern.* action( + type="omfile" + File="/var/log/kern.log" + FileOwner="root" + FileGroup="adm" +) + +lpr.* action( + type="omfile" + File="/var/log/lpr.log" + FileOwner="root" + FileGroup="adm" +) + +mail.* action( + type="omfile" + File="/var/log/mail.log" + FileOwner="root" + FileGroup="adm" +) + +news.* action( + type="omfile" + File="/var/log/news.log" + FileOwner="root" + FileGroup="adm" +) + +user.* action( + type="omfile" + File="/var/log/user.log" + FileOwner="root" + FileGroup="adm" +) + +*.=debug;auth,authpriv,news,mail.none action( + type="omfile" + File="/var/log/debug.log" + FileOwner="root" + FileGroup="adm" +) + +*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action( + type="omfile" + File="/var/log/messages" + FileOwner="root" + FileGroup="adm" +) + +# Uncomment the following directive to re-enable the +# deprecated "/var/log/syslog" log file (don't forget to re-enable log +# rotation in "/etc/logrotate.d/rsyslog" if you do that!) +#*.*;auth,authpriv.none action( +# type="omfile" +# File="/var/log/syslog" +# FileOwner="root" +# FileGroup="adm" +#) + +*.emerg action( + type="omusrmsg" + Users="*" + action.execOnlyOnceEveryInterval="10" +) + +# Create an additional socket for the default chroot location +# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744) +input(type="imuxsock" Socket="/var/empty/dev/log") + + +# Include all conf files in /etc/rsyslog.d/ +$IncludeConfig /etc/rsyslog.d/*.conf diff -rupN old/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1 new/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1 --- old/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1 1970-01-01 01:00:00.000000000 +0100 +++ new/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1 2014-05-06 17:26:23.070163573 +0200 @@ -0,0 +1,30 @@ +# /etc/conf.d/rsyslog + +# Configuration file +RSYSLOG_CONFIGFILE="/etc/rsyslog.conf" + +# PID file +# If you should ever change this, remember to update +# "/etc/logrotate.d/rsyslog", too. +RSYSLOG_PIDFILE="/run/rsyslogd.pid" + +# You can use this configuration option to pass additional options to the +# start-stop-daemon, see start-stop-daemon(8) for more details. +# Per default we wait 1000ms after we have started the service to ensure +# that the daemon is really up and running. +RSYSLOG_SSDARGS="--wait 1000" + +# The termination timeout (start-stop-daemon parameter "retry") ensures +# that the service will be terminated within a given time (60 + 5 seconds +# per default) when you are stopping the service. +# You need to increase the value when you are working with a large queue. +# See http://www.rsyslog.com/doc/queues.html for further information. +RSYSLOG_TERMTIMEOUT="TERM/60/KILL/5" + + +# Options to rsyslogd +# See rsyslogd(8) for more details +# Notes: +# * Do not specify another PIDFILE but use the variable above to change the location +# * Do not specify another CONFIGFILE but use the variable above to change the location +RSYSLOG_OPTS="" diff -rupN old/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1 new/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1 --- old/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1 1970-01-01 01:00:00.000000000 +0100 +++ new/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1 2014-05-06 18:02:06.768166225 +0200 @@ -0,0 +1,69 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +RSYSLOG_CONFIGFILE=${RSYSLOG_CONFIGFILE:-"/etc/rsyslog.conf"} +RSYSLOG_PIDFILE=${RSYSLOG_PIDFILE:-"/run/rsyslogd.pid"} + +command="/usr/sbin/rsyslogd" +command_args="${RSYSLOG_OPTS} -f ${RSYSLOG_CONFIGFILE} -i ${RSYSLOG_PIDFILE}" +start_stop_daemon_args="${RSYSLOG_SSDARGS}" +pidfile="${RSYSLOG_PIDFILE}" +retry="${RSYSLOG_TERMTIMEOUT}" + +required_files=( "${RSYSLOG_CONFIGFILE}" ) + +description="RSYSLOG is the rocket-fast system for log processing (syslog replacement)." + +extra_commands="configtest" +extra_started_commands="rotate" + +description_configtest="Run rsyslogd's internal config check." + +description_rotate="Sends rsyslogd a signal to re-open its log files." + +depend() { + need clock hostname localmount + provide logger +} + +start_pre() { + if [ "${RC_CMD}" != "restart" ]; then + configtest || return 1 + fi +} + +stop_pre() { + if [ "${RC_CMD}" = "restart" ]; then + configtest || return 1 + fi +} + +stop_post() { + rm -f ${RSYSLOG_PIDFILE} +} + +configtest() { + # This will currently only detect fatal errors + # See https://github.com/rsyslog/rsyslog/issues/79 + + local _test_command="${command} -N 999 -f ${RSYSLOG_CONFIGFILE}" + local _retval=0 + + ebegin "Checking rsyslogd's configuration" + ${_test_command} &>/dev/null + _retval=$? + + if [ ${_retval} -ne 0 ]; then + ${_test_command} + fi + + eend ${_retval} "failed, please correct errors above" +} + +rotate() { + ebegin "Re-opening rsyslogd logs" + start-stop-daemon --signal SIGHUP --pidfile "${RSYSLOG_PIDFILE}" + eend $? +} diff -rupN old/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1 new/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1 --- old/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1 1970-01-01 01:00:00.000000000 +0100 +++ new/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1 2014-05-06 17:33:07.079073912 +0200 @@ -0,0 +1,37 @@ +# Uncomment the following directive if you have re-enabled +# "/var/log/syslog" in "/etc/rsyslog.conf" +#/var/log/syslog +#{ +# rotate 7 +# daily +# missingok +# notifempty +# delaycompress +# compress +# postrotate +# test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null +# endscript +#} + +/var/log/auth.log +/var/log/cron.log +/var/log/daemon.log +/var/log/kern.log +/var/log/lpr.log +/var/log/mail.log +/var/log/news.log +/var/log/user.log +/var/log/debug.log +/var/log/messages +{ + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null + endscript +} diff -rupN old/app-admin/rsyslog/metadata.xml new/app-admin/rsyslog/metadata.xml --- old/app-admin/rsyslog/metadata.xml 2014-03-10 14:01:02.000000000 +0100 +++ new/app-admin/rsyslog/metadata.xml 2014-05-06 16:37:31.749568908 +0200 @@ -1,23 +1,41 @@ - - ultrabug@gentoo.org - Ultrabug - Primary Maintainer - - - whissi@whissi.de - Thomas D. (Whissi) - Proxy-Maintainer, CC. bugs - - - Add support for the UDP spoofing module (omudpspoof) using net-libs/libnet - Add support for the MongoDB output template module using dev-libs/libmongo-client - Add support for the Reliable Event Logging Protocol using dev-libs/librelp - Add support for the ZeroMQ input and output plugins using net-libs/zeromq - - - cpe:/a:rsyslog:rsyslog - + + ultrabug@gentoo.org + Ultrabug + Primary Maintainer + + + whissi@whissi.de + Thomas D. (Whissi) + Proxy-Maintainer, CC. bugs + + + Build the general database output module (requires dev-db/libdbi) + Build the Elasticsearch output module (requires net-misc/curl) + Add support for the UDP spoofing module (omudpspoof) using net-libs/libnet + Add support for encrypted log files using dev-libs/libgcrypt + Build the GSSAPI input and output module (requires virtual/krb5) + Build the MongoDB output module (requires dev-libs/libmongo-client) + Build the MySQL databse output module (requires virtual/mysql) + Build the normalize modify module (requires dev-libs/libee and dev-libs/liblognorm) + Build the udpspoof output module (requires net-libs/libnet) + Build the Oracle database output module (requires dev-db/oracle-instantclient-basic) + Build the PostgreSQL database output module (requires dev-db/postgresql-base) + Build the RabbitMQ output module (requires net-libs/rabbitmq-c) + Build the Redis output module using (requires dev-libs/hiredis) + Build the Reliable Event Logging Protocol (RELP) output module (requires dev-libs/librelp) + Build the rfc3195 input module (requires dev-libs/liblogging) + Build the rfc5424hmac modify module (requires dev-libs/openssl) + Build the snmp modify and output module (requires net-analyzer/net-snmp) + Add support for encrypted client/server communication (requires net-libs/gnutls) + Build the journal input and output module (requires sys-apps/systemd) + Installs the user tools (rsgtutil, rscryutil...) corresponding to the set USE flags + Build the ZeroMQ input and output modules (requires net-libs/zeromq) + + + https://github.com/rsyslog/rsyslog/issues + cpe:/a:rsyslog:rsyslog + diff -rupN old/app-admin/rsyslog/rsyslog-7.6.3.ebuild new/app-admin/rsyslog/rsyslog-7.6.3.ebuild --- old/app-admin/rsyslog/rsyslog-7.6.3.ebuild 1970-01-01 01:00:00.000000000 +0100 +++ new/app-admin/rsyslog/rsyslog-7.6.3.ebuild 2014-05-06 18:08:01.198304034 +0200 @@ -0,0 +1,304 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI=5 +AUTOTOOLS_AUTORECONF=1 + +inherit autotools-utils eutils systemd + +DESCRIPTION="An enhanced multi-threaded syslogd with database support and more" +HOMEPAGE="http://www.rsyslog.com/" +SRC_URI="http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz" + +LICENSE="GPL-3 LGPL-3 Apache-2.0" +KEYWORDS="~amd64 ~arm ~hppa ~x86" +SLOT="0" +IUSE="dbi debug doc elasticsearch +gcrypt kerberos mongodb mysql normalize omudpspoof oracle postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd usertools zeromq" + +RDEPEND=" + >=dev-libs/json-c-0.11:= + >=dev-libs/libestr-0.1.9 + >=dev-libs/liblogging-1.0.1:=[stdlog] + >=sys-libs/zlib-1.2.5 + dbi? ( >=dev-db/libdbi-0.8.3 ) + elasticsearch? ( >=net-misc/curl-7.35.0 ) + gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= ) + kerberos? ( virtual/krb5 ) + mongodb? ( >=dev-libs/libmongo-client-0.1.4 ) + mysql? ( virtual/mysql ) + normalize? ( + >=dev-libs/libee-0.4.0 + >=dev-libs/liblognorm-0.3.1:= + =net-libs/libnet-1.1.6 ) + oracle? ( >=dev-db/oracle-instantclient-basic-10.2 ) + postgres? ( >=dev-db/postgresql-base-8.4.20 ) + rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0 ) + redis? ( >=dev-libs/hiredis-0.11.0 ) + relp? ( >=dev-libs/librelp-1.2.5 ) + rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] ) + rfc5424hmac? ( >=dev-libs/openssl-0.9.8y ) + snmp? ( >=net-analyzer/net-snmp-5.7.2 ) + ssl? ( >=net-libs/gnutls-2.12.23 ) + systemd? ( >=sys-apps/systemd-208 ) + zeromq? ( >=net-libs/czmq-1.2.0 )" +DEPEND="${RDEPEND} + virtual/pkgconfig" + +BRANCH="7-stable" + +# Test suite requires a special setup or will always fail +RESTRICT="test" + +# Maitainer note : open a bug to upstream +# showing that building in a separate dir fails +AUTOTOOLS_IN_SOURCE_BUILD=1 + +AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules" + +DOCS=(AUTHORS ChangeLog doc/rsyslog-example.conf) + +PATCHES=( + "${FILESDIR}"/${BRANCH}/${PN}-7.x-mmjsonparse.patch + "${FILESDIR}"/${BRANCH}/fix-omruleset-default-value.patch + "${FILESDIR}"/${BRANCH}/bugfix_52.patch + "${FILESDIR}"/${BRANCH}/bugfix_73.patch +) + +src_configure() { + # Maintainer notes: + # * Guardtime support is missing because libgt isn't yet available + # in portage. + # * Hadoop's HDFS file system output module is currently not + # supported in Gentoo because nobody is able to test it + # (JAVA dependency). + # * dev-libs/hiredis doesn't provide pkg-config (see #504614, + # upstream PR 129 and 136) so we need to export HIREDIS_* + # variables because rsyslog's build system depends on pkg-config. + + if use redis; then + export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis" + export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include" + fi + + local myeconfargs=( + # Input Plugins without depedencies + --enable-imfile + --enable-impstats + --enable-imptcp + --enable-imttcp + # Message Modificiation Plugins without depedencies + --enable-mmanon + --enable-mmaudit + --enable-mmcount + --enable-mmfields + --enable-mmjsonparse + --enable-mmpstrucdata + --enable-mmsequence + --enable-mmutf8fix + # Output Modification Plugins without dependencies + --enable-mail + --enable-omprog + --enable-omruleset + --enable-omstdout + --enable-omuxsock + # Misc + --enable-pmaixforwardedfrom + --enable-pmcisconames + --enable-pmlastmsg + --enable-pmrfc3164sd + --enable-pmsnare + --enable-sm_cust_bindcdr + # DB + $(use_enable dbi libdbi) + $(use_enable mongodb ommongodb) + $(use_enable mysql) + $(use_enable oracle) + $(use_enable postgres pgsql) + $(use_enable redis omhiredis) + # Debug + $(use_enable debug) + $(use_enable debug diagtools) + $(use_enable debug imdiag) + $(use_enable debug memcheck) + $(use_enable debug rtinst) + $(use_enable debug valgrind) + # Misc + $(use_enable elasticsearch) + $(use_enable gcrypt libgcrypt) + $(use_enable kerberos gssapi-krb5) + $(use_enable normalize mmnormalize) + $(use_enable omudpspoof) + $(use_enable rabbitmq omrabbitmq) + $(use_enable relp) + $(use_enable rfc3195) + $(use_enable rfc5424hmac mmrfc5424addhmac) + $(use_enable snmp) + $(use_enable snmp mmsnmptrapd) + $(use_enable ssl gnutls) + $(use_enable systemd imjournal) + $(use_enable systemd omjournal) + $(use_enable usertools) + $(use_enable zeromq imzmq3) + $(use_enable zeromq omzmq3) + "$(systemd_with_unitdir)" + ) + + autotools-utils_src_configure +} + +src_install() { + use doc && HTML_DOCS=( "${S}"/doc/ ) + autotools-utils_src_install + + insinto /etc + newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf + newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN} + newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN} + keepdir /var/empty/dev + keepdir /var/spool/${PN} + keepdir /etc/ssl/${PN} + keepdir /etc/${PN}.d + + if use mysql; then + insinto /usr/share/doc/${PF}/scripts/mysql + doins plugins/ommysql/{createDB.sql,contrib/delete_mysql} + fi + + if use postgres; then + insinto /usr/share/doc/${PF}/scripts/pgsql + doins plugins/ompgsql/createDB.sql + fi + + insinto /etc/logrotate.d/ + newins "${FILESDIR}/${BRANCH}/${PN}.logrotate-r1" ${PN} +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + if use mysql || use postgres; then + echo + elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:" + elog " /usr/share/doc/${PF}/scripts" + fi + + if use ssl; then + echo + elog "To create a default CA and certificates for your server and clients, run:" + elog " emerge --config =${PF}" + elog "on your logging server. You can run it several times," + elog "once for each logging client. The client certificates will be signed" + elog "using the CA certificate generated during the first run." + fi + fi + + if [[ -z "${REPLACING_VERSIONS}" ]] || [[ ${REPLACING_VERSIONS} < 8.0 ]]; then + # Show this message until rsyslog-8.x + echo + elog "Since ${PN}-7.6.3 we no longer use the catch-all log target" + elog "\"/var/log/syslog\" due to its redundancy to the other log targets." + elog "" + elog "You can re-enable the deprecated log file by uncommenting the" + elog "corresponding directive in \"/etc/rsyslog.conf\"." + elog "If you decide to do that, don't forget to adjust \"/etc/logrotate.d/rsyslog\", too." + fi +} + +pkg_config() { + if ! use ssl ; then + einfo "There is nothing to configure for rsyslog unless you" + einfo "used USE=ssl to build it." + return 0 + fi + + # Make sure the certificates directory exists + CERTDIR="${EROOT}/etc/ssl/${PN}" + if [ ! -d "${CERTDIR}" ]; then + mkdir "${CERTDIR}" || die + fi + einfo "Your certificates will be stored in ${CERTDIR}" + + # Create a default CA if needed + if [ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]; then + einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = Portage automated CA + ca + cert_signing_key + expiration_days = 3650 + _EOF + + certtool --generate-self-signed \ + --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --outfile "${CERTDIR}/${PN}_ca.cert.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" + + # Create the server certificate + echo + einfon "Please type the Common Name of the SERVER you wish to create a certificate for: " + read -r CN + + einfo "Creating private key and certificate for server ${CN}..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = ${CN} + tls_www_server + dns_name = ${CN} + expiration_days = 3650 + _EOF + + certtool --generate-certificate \ + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" + + else + einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation." + fi + + # Create a client certificate + echo + einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: " + read -r CN + + einfo "Creating private key and certificate for client ${CN}..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = ${CN} + tls_www_client + dns_name = ${CN} + expiration_days = 3650 + _EOF + + certtool --generate-certificate \ + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" + + rm -f "${T}/${PF}.$$" + + echo + einfo "Here is the documentation on how to encrypt your log traffic:" + einfo " http://www.rsyslog.com/doc/rsyslog_tls.html" +}