Attachment #377042 for bug #501988

View | Details | Raw Unified | Return to bug 501988 | Differences between
Collapse All | Expand All




From b017e29aad70702c69e6016b07a932b7825a83e5 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sat, 3 May 2014 14:45:25 +0200
Subject: [PATCH] Remove "--enable-cached-man-pages" switch and make rst2man
 optional when required man pages already exist

This commit backports the bugfix for issue #52 for the v7-stable branch.
---
 configure.ac | 61 +++++++++++++++++++++++++++++++++++-------------------------
 1 file changed, 36 insertions(+), 25 deletions(-)

diff --git a/configure.ac b/configure.ac
index 0dd40c2..07d96dd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1087,30 +1087,6 @@ fi
 AM_CONDITIONAL(ENABLE_GUARDTIME, test x$enable_guardtime = xyes)
 
 
-# Support using cached man file copies, to avoid the need for rst2man
-# in the build environment
-AC_ARG_ENABLE(cached_man_pages,
-        [AS_HELP_STRING([--enable-cached-man-pages],[Enable using cached versions of man files (avoid rst2man) @<:@default=no@:>@])],
-        [case "${enableval}" in
-         yes) enable_cached_man_pages="yes" ;;
-          no) enable_cached_man_pages="no" ;;
-           *) AC_MSG_ERROR(bad value ${enableval} for --enable-cached-man-pages) ;;
-         esac],
-        [enable_cached_man_pages=no]
-)
-if test "x$enable_cached_man_pages" = "xno"; then
-# obtain path for rst2man
-  if test "x$enable_libgcrypt" = "xyes" || \
-     test "x$enable_guardtime" = "xyes"; then
-        AC_PATH_PROG([RST2MAN], [rst2man])
-        if test "x${RST2MAN}" == "x"; then
-            AC_MSG_FAILURE([rst2man not found in PATH])
-        fi
-  fi
-fi
-
-
-
 # RFC 3195 support
 AC_ARG_ENABLE(rfc3195,
         [AS_HELP_STRING([--enable-rfc3195],[Enable RFC3195 support @<:@default=no@:>@])],
@@ -1519,6 +1495,41 @@ AM_CONDITIONAL(ENABLE_OMHIREDIS, test x$enable_omhiredis = xyes)
 
 # END HIREDIS SUPPORT
 
+
+AC_CHECKING([if required man pages already exist])
+have_to_generate_man_pages="no"
+
+# man pages for libgcrypt module
+if test "x$enable_usertools" = "xyes" && test "x$enable_libgcrypt" = "xyes"; then
+    AC_CHECK_FILES(["tools/rscryutil.1" "tools/rsgtutil.1"],
+        [],
+        [have_to_generate_man_pages="yes"]
+    )
+fi
+
+# man pages for GuardTime module
+if test "x$enable_usertools" = "xyes" && test "x$enable_guardtime" = "xyes"; then
+    AC_CHECK_FILES(["tools/rscryutil.1" "tools/rsgtutil.1"],
+        [],
+        [have_to_generate_man_pages="yes"]
+    )
+fi
+
+if test "x$have_to_generate_man_pages" = "xyes"; then
+    AC_MSG_RESULT([Some man pages are missing. We need rst2man to generate the missing man pages from source...])
+else
+    AC_MSG_RESULT([All required man pages found. We don't need rst2man!])
+fi
+
+if test "x$have_to_generate_man_pages" = "xyes"; then
+    # We need rst2man to generate our man pages
+    AC_CHECK_PROGS([RST2MAN], [rst2man rst2man.py], [])
+    if test -z "$RST2MAN"; then
+        AC_MSG_ERROR([rst2man is required to build man pages. You can use the release tarball with pregenerated man pages to avoid this depedency.])
+    fi
+fi
+
+
 AC_CONFIG_FILES([Makefile \
 		runtime/Makefile \
 		compat/Makefile \
@@ -1594,7 +1605,7 @@ echo "    Zlib compression support enabled:         $enable_zlib"
 echo "    rsyslog runtime will be built:            $enable_rsyslogrt"
 echo "    rsyslogd will be built:                   $enable_rsyslogd"
 echo "    GUI components will be built:             $enable_gui"
-echo "    cached man files will be used:            $enable_cached_man_pages"
+echo "    have to generate man pages:               $have_to_generate_man_pages"
 echo "    Unlimited select() support enabled:       $enable_unlimited_select"
 echo "    uuid support enabled:                     $enable_uuid"
 echo "    Log file signing support:                 $enable_guardtime"
-- 
1.9.2





This patch will update the pre-generated rscryutil man page from the release
tarball so we don't need to depend on dev-python/docutils.

https://github.com/rsyslog/rsyslog/issues/73

diff -rupN old/rsyslog-7.6.3/tools/rscryutil.1 new/rsyslog-7.6.3/tools/rscryutil.1
--- old/rsyslog-7.6.3/tools/rscryutil.1	2013-10-29 16:31:21.000000000 +0100

From 14f3b45151864aa4170de515f406a69ad2931eba Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 31 Oct 2013 18:21:47 +0100
Subject: [PATCH] module omruleset is no longer enabled by default.

Note that it has been deprecated in v7 and been replaced by the "call"
statement. Also, it can still be build without problems, the option must
just explicitely be given.
---
diff --git a/configure.ac b/configure.ac
index 3abd559..de4c3ea 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1353,7 +1353,7 @@ AC_ARG_ENABLE(omruleset,
           no) enable_omruleset="no" ;;
            *) AC_MSG_ERROR(bad value ${enableval} for --enable-omruleset) ;;
          esac],
-        [enable_omruleset=yes]
+        [enable_omruleset=no]
 )
 AM_CONDITIONAL(ENABLE_OMRULESET, test x$enable_omruleset = xyes)
 
-- 
1.9.1





Introduction
============

Since rsyslog version 7.6 we are shipping a new default Gentoo
configuration. See bug #501982 to learn more about what we were trying to
achieve by rewriting the entire configuration.


Important changes
=================

1. "/var/log/syslog" log file is now deprecated

   Beginning with rsyslog-7.6, the "/var/log/syslog" log file will no
   longer being written per default. We are considering this file as
   deprecated/obsolet for the typical user/system.
   The content from this log file is still availble through other
   (dedicated) log files, see
   
     - /var/log/cron.log
     - /var/log/daemon.log
     - /var/log/mail.log
     - /var/log/messages
   
   If you really need the old "/var/log/syslog" log file, all you have to
   do is uncommenting the corresponding configuration directive in
   "/etc/rsyslog.conf".
   
   If you do so, don't forget to re-enable log rotation in
   "/etc/logrotate.d/rsyslog", too.


2. Additional configurations must be named "*.pre.conf" or "*.post.conf"
   
   Beginning with rsyslog-7.6, we no longer include additional
   configuration files from "/etc/rsyslog.d/*.conf".
   
   Instead we are now including any "/etc/rsyslog.d/*.pre.conf" file
   before Gentoo's default actions. This still allows you to modify or
   discard messages which should or shouldn't be handled later by Gentoo's
   default actions.
   
   After the default Gentoo actions, we include any additional
   "/etc/rsyslog.d/*.post.conf" configuration file.
   
   This should be the default naming for any additional configuration
   files because this lowers the risk to manipulate the default log files
   without intention.
   
   Examples
   ========
   
   1. You setup your firewall (iptables) to log some traffic
      (...-J LOG --log-prefix "firewall: ", see `iptables -j LOG --help`
      for further details). Per default, these log messages will be logged
      into "/var/log/kern.log" and "/var/log/messages" which will clutter
      up these log files.
      
      To solve this problem, you would now simply create
      "/etc/rsyslog.d/firewall.pre.conf" with the following content:

        if ($programname == 'kernel') then {
          if ($msg contains 'firewall:') then {
            action(type="omfile"
              File="/var/log/firewall.log"
              FileOwner="root"
              FileGroup="adm"
            )
            stop
          }
        }

   
   2. You configured a program to use syslog facility "local6". You want
      to collect logs from your program in its own log file.
      
      To solve this problem, you would now simply create
      "/etc/rsyslog.d/yourProgram.post.conf" with the following content:
      
        if ($syslogfacility-text == 'local6') then {
          if ($programname == 'yourProgram') then {
            action(type="omfile"
              File="/var/log/yourProgram.log"
              FileOwner="root"
              FileGroup="adm"
            )
          }
        }

   
   Please read the RainerScript documentation at http://www.rsyslog.com if
   you don't understand the syntax from the examples above.
 

3. An additional input socket in "/var/empty/dev/log" (default chroot
   location) will be created per default

   See bug #490744 for further details.




# /etc/rsyslog.conf
# 
# This configuration is based on RainerScript, the new recommended syntax
# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further
# details.
# 
# But if you don't want to learn something new at moment, don't worry: The
# legacy syntax is still supported.
# 
# You may want to use the new RSYSLOG configuration builder to create your
# own more advanced configuration: http://www.rsyslog.com/rsyslog-configuration-builder/

# Check config syntax on startup and abort if unclean (default: off)
#$AbortOnUncleanConfig on


###############
### MODULES ###
###############

# Read syslog messages from default Unix socket /dev/log (e.g. via logger command)
module(load="imuxsock")

# Read messages from the kernel log and submits them to the syslog engine
module(load="imklog")

# Inject "--MARK--" messages every $Interval (seconds)
#module(load="immark" Interval="600")

# Read syslog messages from UDP
#module(load="imudp")
#input(type="imudp" port="514")

# Read syslog messages from TCP
#module(load="imtcp")
#input(type="imtcp" port="514")


#########################
### GLOBAL DIRECTIVES ###
#########################

# Where to place spool and state files
$WorkDirectory /var/spool/rsyslog

# Reduce repeating messages (default: off)
#$RepeatedMsgReduction on

# Set defaults for every output file
$Umask 0022

module(
	load="builtin:omfile"
	Template="RSYSLOG_TraditionalFileFormat"
	FileCreateMode="0644"
	DirCreateMode="0755"
)


# Include additional configuration files which can modify/discard messages
# before Gentoo's default actions will handle them.
# See "/usr/share/doc/rsyslog-*/README.gentoo*" for more information.
$IncludeConfig /etc/rsyslog.d/*.pre.conf


##############################
### DEFAULT GENTOO ACTIONS ###
##############################

auth,authpriv.* action(
	type="omfile"
	File="/var/log/auth.log"
	FileCreateMode="0600"
	FileOwner="root"
	FileGroup="adm"
	Sync="off"
)

cron.* action(
	type="omfile"
	File="/var/log/cron.log"
	FileOwner="root"
	FileGroup="adm"
)

daemon.* action(
	type="omfile"
	File="/var/log/daemon.log"
	FileOwner="root"
	FileGroup="adm"
)

kern.* action(
	type="omfile"
	File="/var/log/kern.log"
	FileOwner="root"
	FileGroup="adm"
)

lpr.* action(
	type="omfile"
	File="/var/log/lpr.log"
	FileOwner="root"
	FileGroup="adm"
)

mail.* action(
	type="omfile"
	File="/var/log/mail.log"
	FileOwner="root"
	FileGroup="adm"
)

news.* action(
	type="omfile"
	File="/var/log/news.log"
	FileOwner="root"
	FileGroup="adm"
)

user.* action(
	type="omfile"
	File="/var/log/user.log"
	FileOwner="root"
	FileGroup="adm"
)

*.=debug;auth,authpriv,news,mail.none action(
	type="omfile"
	File="/var/log/debug.log"
	FileOwner="root"
	FileGroup="adm"
)

*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action(
	type="omfile"
	File="/var/log/messages"
	FileOwner="root"
	FileGroup="adm"
)

# Uncomment the following directive to re-enable the
# deprecated "/var/log/syslog" log file (don't forget to re-enable log
# rotation in "/etc/logrotate.d/rsyslog" if you do that!)
#*.*;auth,authpriv.none action(
#	type="omfile"
#	File="/var/log/syslog"
#	FileOwner="root"
#	FileGroup="adm"
#)

*.emerg action(
	type="omusrmsg"
	Users="*"
	action.execOnlyOnceEveryInterval="10"
)

# Create an additional socket for the default chroot location
# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744)
input(type="imuxsock" Socket="/var/empty/dev/log")


# Include additional configuration files which handle messages after they
# were processed by any "*.pre.conf" file and Gentoo's default actions.
# See "/usr/share/doc/rsyslog-*/README.gentoo*" for more information.
$IncludeConfig /etc/rsyslog.d/*.post.conf




# /etc/conf.d/rsyslog

# Configuration file
RSYSLOG_CONFIGFILE="/etc/rsyslog.conf"

# PID file
# If you should ever change this, remember to update
# "/etc/logrotate.d/rsyslog", too.
RSYSLOG_PIDFILE="/run/rsyslogd.pid"

# You can use this configuration option to pass additional options to the
# start-stop-daemon, see start-stop-daemon(8) for more details.
# Per default we wait 1000ms after we have started the service to ensure
# that the daemon is really up and running.
RSYSLOG_SSDARGS="--wait 1000"

# The termination timeout (start-stop-daemon parameter "retry") ensures
# that the service will be terminated within a given time (60 + 5 seconds
# per default) when you are stopping the service.
# You need to increase the value when you are working with a large queue.
# See http://www.rsyslog.com/doc/queues.html for further information.
RSYSLOG_TERMTIMEOUT="TERM/60/KILL/5"


# Options to rsyslogd
# See rsyslogd(8) for more details
# Notes:
# * Do not specify another PIDFILE but use the variable above to change the location
# * Do not specify another CONFIGFILE but use the variable above to change the location
RSYSLOG_OPTS=""




#!/sbin/runscript
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

RSYSLOG_CONFIGFILE=${RSYSLOG_CONFIGFILE:-"/etc/rsyslog.conf"}
RSYSLOG_PIDFILE=${RSYSLOG_PIDFILE:-"/run/rsyslogd.pid"}

command="/usr/sbin/rsyslogd"
command_args="${RSYSLOG_OPTS} -f ${RSYSLOG_CONFIGFILE} -i ${RSYSLOG_PIDFILE}"
start_stop_daemon_args="${RSYSLOG_SSDARGS}"
pidfile="${RSYSLOG_PIDFILE}"
retry="${RSYSLOG_TERMTIMEOUT}"

required_files=( "${RSYSLOG_CONFIGFILE}" )

description="RSYSLOG is the rocket-fast system for log processing (syslog replacement)."

extra_commands="configtest"
extra_started_commands="rotate"

description_configtest="Run rsyslogd's internal config check."

description_rotate="Sends rsyslogd a signal to re-open its log files."

depend() {
	need clock hostname localmount
	provide logger
}

start_pre() {
	if [ "${RC_CMD}" != "restart" ]; then
		configtest || return 1
	fi
}

stop_pre() {
	if [ "${RC_CMD}" = "restart" ]; then
		configtest || return 1
	fi
}

stop_post() {
	rm -f ${RSYSLOG_PIDFILE}
}

configtest() {
	# This will currently only detect fatal errors
	# See https://github.com/rsyslog/rsyslog/issues/79

	local _test_command="${command} -N 999 -f ${RSYSLOG_CONFIGFILE}"
	local _retval=0

	ebegin "Checking rsyslogd's configuration"
	${_test_command} &>/dev/null
	_retval=$?

	if [ ${_retval} -ne 0 ]; then
		${_test_command}
	fi

	eend ${_retval} "failed, please correct errors above"
}

rotate() {
	ebegin "Re-opening rsyslogd logs"
	start-stop-daemon --signal SIGHUP --pidfile "${RSYSLOG_PIDFILE}"
	eend $?
}




# Uncomment the following directive if you have re-enabled
# "/var/log/syslog" in "/etc/rsyslog.conf"
#/var/log/syslog
#{
#	rotate 7
#	daily
#	missingok
#	notifempty
#	delaycompress
#	compress
#	postrotate
#		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
#	endscript
#}

/var/log/auth.log
/var/log/cron.log
/var/log/daemon.log
/var/log/kern.log
/var/log/lpr.log
/var/log/mail.log
/var/log/news.log
/var/log/user.log
/var/log/debug.log
/var/log/messages
{
	rotate 4
	weekly
	missingok
	notifempty
	compress
	delaycompress
	sharedscripts
	postrotate
		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
	endscript
}




<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
	<maintainer>
		<email>ultrabug@gentoo.org</email>
		<name>Ultrabug</name>
		<description>Primary Maintainer</description>
	</maintainer>
	<maintainer>
		<email>whissi@whissi.de</email>
		<name>Thomas D. (Whissi)</name>
		<description>Proxy-Maintainer, CC. bugs</description>
	</maintainer>
	<use>
		<flag name="dbi">Build the general database output module (requires <pkg>dev-db/libdbi</pkg>)</flag>
		<flag name="elasticsearch">Build the Elasticsearch output module (requires <pkg>net-misc/curl</pkg>)</flag>
		<flag name="extras">Add support for the UDP spoofing module (omudpspoof) using <pkg>net-libs/libnet</pkg></flag>
		<flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag>
		<flag name="kerberos">Build the GSSAPI input and output module (requires <pkg>virtual/krb5</pkg>)</flag>
		<flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag>
		<flag name="mysql">Build the MySQL databse output module (requires <pkg>virtual/mysql</pkg>)</flag>
		<flag name="normalize">Build the normalize modify module (requires <pkg>dev-libs/libee</pkg> and <pkg>dev-libs/liblognorm</pkg>)</flag>
		<flag name="omudpspoof">Build the udpspoof output module (requires <pkg>net-libs/libnet</pkg>)</flag>
		<flag name="oracle">Build the Oracle database output module (requires <pkg>dev-db/oracle-instantclient-basic</pkg>)</flag>
		<flag name="postgres">Build the PostgreSQL database output module (requires <pkg>dev-db/postgresql-base</pkg>)</flag>
		<flag name="rabbitmq">Build the RabbitMQ output module (requires <pkg>net-libs/rabbitmq-c</pkg>)</flag>
		<flag name="redis">Build the Redis output module using (requires <pkg>dev-libs/hiredis</pkg>)</flag>
		<flag name="relp">Build the Reliable Event Logging Protocol (RELP) output module (requires <pkg>dev-libs/librelp</pkg>)</flag>
		<flag name="rfc3195">Build the rfc3195 input module (requires <pkg>dev-libs/liblogging</pkg>)</flag>
		<flag name="rfc5424hmac">Build the rfc5424hmac modify module (requires <pkg>dev-libs/openssl</pkg>)</flag>
		<flag name="snmp">Build the snmp modify and output module (requires <pkg>net-analyzer/net-snmp</pkg>)</flag>
		<flag name="ssl">Add support for encrypted client/server communication (requires <pkg>net-libs/gnutls</pkg>)</flag>
		<flag name="systemd">Build the journal input and output module (requires <pkg>sys-apps/systemd</pkg>)</flag>
		<flag name="usertools">Installs the user tools (rsgtutil, rscryutil...) corresponding to the set USE flags</flag>
		<flag name="zeromq">Build the ZeroMQ input and output modules (requires <pkg>net-libs/zeromq</pkg>)</flag>
	</use>
	<upstream>
		<bugs-to>https://github.com/rsyslog/rsyslog/issues</bugs-to>
		<remote-id type="cpe">cpe:/a:rsyslog:rsyslog</remote-id>
	</upstream>
</pkgmetadata>




# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI=5
AUTOTOOLS_AUTORECONF=1

inherit autotools-utils eutils systemd

DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
HOMEPAGE="http://www.rsyslog.com/"
SRC_URI="http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz"

LICENSE="GPL-3 LGPL-3 Apache-2.0"
KEYWORDS="~amd64 ~arm ~hppa ~x86"
SLOT="0"
IUSE="dbi debug doc elasticsearch +gcrypt kerberos mongodb mysql normalize omudpspoof oracle postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd usertools zeromq"

RDEPEND="
	>=dev-libs/json-c-0.11:=
	>=dev-libs/libestr-0.1.9
	>=dev-libs/liblogging-1.0.1:=[stdlog]
	>=sys-libs/zlib-1.2.5
	dbi? ( >=dev-db/libdbi-0.8.3 )
	elasticsearch? ( >=net-misc/curl-7.35.0 )
	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
	kerberos? ( virtual/krb5 )
	mongodb? ( >=dev-libs/libmongo-client-0.1.4 )
	mysql? ( virtual/mysql )
	normalize? (
		>=dev-libs/libee-0.4.0
		>=dev-libs/liblognorm-0.3.1:=
		!>=dev-libs/liblognorm-1.0.0
	)
	omudpspoof? ( >=net-libs/libnet-1.1.6 )
	oracle? ( >=dev-db/oracle-instantclient-basic-10.2 )
	postgres? ( >=dev-db/postgresql-base-8.4.20 )
	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0 )
	redis? ( >=dev-libs/hiredis-0.11.0 )
	relp? ( >=dev-libs/librelp-1.2.5 )
	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
	rfc5424hmac? ( >=dev-libs/openssl-0.9.8y )
	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
	ssl? ( >=net-libs/gnutls-2.12.23 )
	systemd? ( >=sys-apps/systemd-208 )
	zeromq? ( >=net-libs/czmq-1.2.0 )"
DEPEND="${RDEPEND}
	virtual/pkgconfig"

BRANCH="7-stable"

# Test suite requires a special setup or will always fail
RESTRICT="test"

# Maitainer note : open a bug to upstream
# showing that building in a separate dir fails
AUTOTOOLS_IN_SOURCE_BUILD=1

AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules"

DOCS=(
	AUTHORS
	ChangeLog
	doc/rsyslog-example.conf
	"${FILESDIR}"/${BRANCH}/README.gentoo
)

PATCHES=(
	"${FILESDIR}"/${BRANCH}/${PN}-7.x-mmjsonparse.patch
	"${FILESDIR}"/${BRANCH}/fix-omruleset-default-value.patch
	"${FILESDIR}"/${BRANCH}/bugfix_52.patch
	"${FILESDIR}"/${BRANCH}/bugfix_73.patch
)

src_configure() {
	# Maintainer notes:
	# * Guardtime support is missing because libgt isn't yet available
	#   in portage.
	# * Hadoop's HDFS file system output module is currently not
	#   supported in Gentoo because nobody is able to test it
	#   (JAVA dependency).
	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
	#   upstream PR 129 and 136) so we need to export HIREDIS_*
	#   variables because rsyslog's build system depends on pkg-config.

	if use redis; then
		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
	fi

	local myeconfargs=(
		# Input Plugins without depedencies
		--enable-imfile
		--enable-impstats
		--enable-imptcp
		--enable-imttcp
		# Message Modificiation Plugins without depedencies
		--enable-mmanon
		--enable-mmaudit
		--enable-mmcount
		--enable-mmfields
		--enable-mmjsonparse
		--enable-mmpstrucdata
		--enable-mmsequence
		--enable-mmutf8fix
		# Output Modification Plugins without dependencies
		--enable-mail
		--enable-omprog
		--enable-omruleset
		--enable-omstdout
		--enable-omuxsock
		# Misc
		--enable-pmaixforwardedfrom
		--enable-pmcisconames
		--enable-pmlastmsg
		--enable-pmrfc3164sd
		--enable-pmsnare
		--enable-sm_cust_bindcdr
		# DB
		$(use_enable dbi libdbi)
		$(use_enable mongodb ommongodb)
		$(use_enable mysql)
		$(use_enable oracle)
		$(use_enable postgres pgsql)
		$(use_enable redis omhiredis)
		# Debug
		$(use_enable debug)
		$(use_enable debug diagtools)
		$(use_enable debug imdiag)
		$(use_enable debug memcheck)
		$(use_enable debug rtinst)
		$(use_enable debug valgrind)
		# Misc
		$(use_enable elasticsearch)
		$(use_enable gcrypt libgcrypt)
		$(use_enable kerberos gssapi-krb5)
		$(use_enable normalize mmnormalize)
		$(use_enable omudpspoof)
		$(use_enable rabbitmq omrabbitmq)
		$(use_enable relp)
		$(use_enable rfc3195)
		$(use_enable rfc5424hmac mmrfc5424addhmac)
		$(use_enable snmp)
		$(use_enable snmp mmsnmptrapd)
		$(use_enable ssl gnutls)
		$(use_enable systemd imjournal)
		$(use_enable systemd omjournal)
		$(use_enable usertools)
		$(use_enable zeromq imzmq3)
		$(use_enable zeromq omzmq3)
		"$(systemd_with_unitdir)"
	)

	autotools-utils_src_configure
}

src_install() {
	use doc && HTML_DOCS=( "${S}"/doc/ )
	autotools-utils_src_install

	insinto /etc
	newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN}
	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN}
	keepdir /var/empty/dev
	keepdir /var/spool/${PN}
	keepdir /etc/ssl/${PN}
	keepdir /etc/${PN}.d

	if use mysql; then
		insinto /usr/share/doc/${PF}/scripts/mysql
		doins plugins/ommysql/{createDB.sql,contrib/delete_mysql}
	fi

	if use postgres; then
		insinto /usr/share/doc/${PF}/scripts/pgsql
		doins plugins/ompgsql/createDB.sql
	fi

	insinto /etc/logrotate.d/
	newins "${FILESDIR}/${BRANCH}/${PN}.logrotate-r1" ${PN}
}

pkg_postinst() {
	local advertise_readme=0

	if [[ -z "${REPLACING_VERSIONS}" ]]; then
		# This is a new installation

		advertise_readme=1

		if use mysql || use postgres; then
			echo
			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
			elog "  /usr/share/doc/${PF}/scripts"
		fi

		if use ssl; then
			echo
			elog "To create a default CA and certificates for your server and clients, run:"
			elog "  emerge --config =${PF}"
			elog "on your logging server. You can run it several times,"
			elog "once for each logging client. The client certificates will be signed"
			elog "using the CA certificate generated during the first run."
		fi
	fi

	if [[ -z "${REPLACING_VERSIONS}" ]] || [[ ${REPLACING_VERSIONS} < 8.0 ]]; then
		# Show this message until rsyslog-8.x
		echo
		elog "Since ${PN}-7.6.3 we no longer use the catch-all log target"
		elog "\"/var/log/syslog\" due to its redundancy to the other log targets."

		advertise_readme=1
	fi

	unset RSYSLOG_OLD_CONF_FILES
	declare -a RSYSLOG_OLD_CONF_FILES

	local i=0 RSYSLOG_OLD_CONF_FILE=
	while IFS= read -r -u 3 -d $'\0' RSYSLOG_OLD_CONF_FILE; do
		RSYSLOG_OLD_CONF_FILES[i++]="$RSYSLOG_OLD_CONF_FILE"
	done 3< <(find "${EPREFIX}/etc/rsyslog.d" -maxdepth 1 -type f \( -iname "*.conf" ! -iname "*.pre.conf" ! -iname "*.post.conf" \) -print0 2>/dev/null)

	if [[ ${#RSYSLOG_OLD_CONF_FILES[@]} -gt 0 ]]; then
		echo ""
		ewarn "Beginning with ${PN}-7.6.3 we changed the way we are including"
		ewarn "additional configuration files."
		ewarn ""
		ewarn "You have to adapt the new naming schema for the following files:"
		ewarn ""

		RSYSLOG_OLD_CONF_FILE=
		for RSYSLOG_OLD_CONF_FILE in "${RSYSLOG_OLD_CONF_FILES[@]}"; do
			ewarn "  - ${RSYSLOG_OLD_CONF_FILE}"
		done

		ewarn ""
		ewarn "To keep the old behavior, just change the suffix from \".conf\" to \".pre.conf\"."
		ewarn "If you don't do that, these configuration files won't be included anymore."

		advertise_readme=1
	fi
	unset i RSYSLOG_OLD_CONF_FILE RSYSLOG_OLD_CONF_FILES

	if [[ ${advertise_readme} -gt 0 ]]; then
		# We need to show the README file location

		echo ""
		elog "Please read"
		elog ""
		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
		elog ""
		elog "for more details."
	fi
}

pkg_config() {
	if ! use ssl ; then
		einfo "There is nothing to configure for rsyslog unless you"
		einfo "used USE=ssl to build it."
		return 0
	fi

	# Make sure the certificates directory exists
	CERTDIR="${EROOT}/etc/ssl/${PN}"
	if [ ! -d "${CERTDIR}" ]; then
		mkdir "${CERTDIR}" || die
	fi
	einfo "Your certificates will be stored in ${CERTDIR}"

	# Create a default CA if needed
	if [ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]; then
		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
		certtool --generate-privkey \
			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"

		cat > "${T}/${PF}.$$" <<- _EOF
		cn = Portage automated CA
		ca
		cert_signing_key
		expiration_days = 3650
		_EOF

		certtool --generate-self-signed \
			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
			--template "${T}/${PF}.$$" &>/dev/null
		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"

		# Create the server certificate
		echo
		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
		read -r CN

		einfo "Creating private key and certificate for server ${CN}..."
		certtool --generate-privkey \
			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"

		cat > "${T}/${PF}.$$" <<- _EOF
		cn = ${CN}
		tls_www_server
		dns_name = ${CN}
		expiration_days = 3650
		_EOF

		certtool --generate-certificate \
			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
			--template "${T}/${PF}.$$" &>/dev/null
		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"

	else
		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
	fi

	# Create a client certificate
	echo
	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
	read -r CN

	einfo "Creating private key and certificate for client ${CN}..."
	certtool --generate-privkey \
		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"

	cat > "${T}/${PF}.$$" <<- _EOF
	cn = ${CN}
	tls_www_client
	dns_name = ${CN}
	expiration_days = 3650
	_EOF

	certtool --generate-certificate \
		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
		--template "${T}/${PF}.$$" &>/dev/null
	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"

	rm -f "${T}/${PF}.$$"

	echo
	einfo "Here is the documentation on how to encrypt your log traffic:"
	einfo " http://www.rsyslog.com/doc/rsyslog_tls.html"
}

Return to bug 501988

Line 0 Link Here

(-)old/app-admin/rsyslog/files/7-stable/bugfix_52.patch (+100 lines)
		1	From b017e29aad70702c69e6016b07a932b7825a83e5 Mon Sep 17 00:00:00 2001
		2	From: Thomas D <whissi@whissi.de>
		3	Date: Sat, 3 May 2014 14:45:25 +0200
		4	Subject: [PATCH] Remove "--enable-cached-man-pages" switch and make rst2man
		5	optional when required man pages already exist
		6
		7	This commit backports the bugfix for issue #52 for the v7-stable branch.
		8	---
		9	configure.ac \| 61 +++++++++++++++++++++++++++++++++++-------------------------
		10	1 file changed, 36 insertions(+), 25 deletions(-)
		11
		12	diff --git a/configure.ac b/configure.ac
		13	index 0dd40c2..07d96dd 100644
		14	--- a/configure.ac
		15	+++ b/configure.ac
		16	@@ -1087,30 +1087,6 @@ fi
		17	AM_CONDITIONAL(ENABLE_GUARDTIME, test x$enable_guardtime = xyes)
		18
		19
		20	-# Support using cached man file copies, to avoid the need for rst2man
		21	-# in the build environment
		22	-AC_ARG_ENABLE(cached_man_pages,
		23	- [AS_HELP_STRING([--enable-cached-man-pages],[Enable using cached versions of man files (avoid rst2man) @<:@default=no@:>@])],
		24	- [case "${enableval}" in
		25	- yes) enable_cached_man_pages="yes" ;;
		26	- no) enable_cached_man_pages="no" ;;
		27	- *) AC_MSG_ERROR(bad value ${enableval} for --enable-cached-man-pages) ;;
		28	- esac],
		29	- [enable_cached_man_pages=no]
		30	-)
		31	-if test "x$enable_cached_man_pages" = "xno"; then
		32	-# obtain path for rst2man
		33	- if test "x$enable_libgcrypt" = "xyes" \|\| \
		34	- test "x$enable_guardtime" = "xyes"; then
		35	- AC_PATH_PROG([RST2MAN], [rst2man])
		36	- if test "x${RST2MAN}" == "x"; then
		37	- AC_MSG_FAILURE([rst2man not found in PATH])
		38	- fi
		39	- fi
		40	-fi
		41	-
		42	-
		43	-
		44	# RFC 3195 support
		45	AC_ARG_ENABLE(rfc3195,
		46	[AS_HELP_STRING([--enable-rfc3195],[Enable RFC3195 support @<:@default=no@:>@])],
		47	@@ -1519,6 +1495,41 @@ AM_CONDITIONAL(ENABLE_OMHIREDIS, test x$enable_omhiredis = xyes)
		48
		49	# END HIREDIS SUPPORT
		50
		51	+
		52	+AC_CHECKING([if required man pages already exist])
		53	+have_to_generate_man_pages="no"
		54	+
		55	+# man pages for libgcrypt module
		56	+if test "x$enable_usertools" = "xyes" && test "x$enable_libgcrypt" = "xyes"; then
		57	+ AC_CHECK_FILES(["tools/rscryutil.1" "tools/rsgtutil.1"],
		58	+ [],
		59	+ [have_to_generate_man_pages="yes"]
		60	+ )
		61	+fi
		62	+
		63	+# man pages for GuardTime module
		64	+if test "x$enable_usertools" = "xyes" && test "x$enable_guardtime" = "xyes"; then
65	+ AC_CHECK_FILES(["tools/rscryutil.1" "tools/rsgtutil.1"],
66	+ [],
67	+ [have_to_generate_man_pages="yes"]
68	+ )
69	+fi
70	+
71	+if test "x$have_to_generate_man_pages" = "xyes"; then
72	+ AC_MSG_RESULT([Some man pages are missing. We need rst2man to generate the missing man pages from source...])
73	+else
74	+ AC_MSG_RESULT([All required man pages found. We don't need rst2man!])
75	+fi
76	+
77	+if test "x$have_to_generate_man_pages" = "xyes"; then
78	+ # We need rst2man to generate our man pages
79	+ AC_CHECK_PROGS([RST2MAN], [rst2man rst2man.py], [])
80	+ if test -z "$RST2MAN"; then
81	+ AC_MSG_ERROR([rst2man is required to build man pages. You can use the release tarball with pregenerated man pages to avoid this depedency.])
82	+ fi
83	+fi
84	+
85	+
86	AC_CONFIG_FILES([Makefile \
87	runtime/Makefile \
88	compat/Makefile \
89	@@ -1594,7 +1605,7 @@ echo " Zlib compression support enabled: $enable_zlib"
90	echo " rsyslog runtime will be built: $enable_rsyslogrt"
91	echo " rsyslogd will be built: $enable_rsyslogd"
92	echo " GUI components will be built: $enable_gui"
93	-echo " cached man files will be used: $enable_cached_man_pages"
94	+echo " have to generate man pages: $have_to_generate_man_pages"
95	echo " Unlimited select() support enabled: $enable_unlimited_select"
96	echo " uuid support enabled: $enable_uuid"
97	echo " Log file signing support: $enable_guardtime"
98	--
99	1.9.2
100

Line 0 Link Here

(-)old/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch (+32 lines)
	1	This patch will update the pre-generated rscryutil man page from the release
	2	tarball so we don't need to depend on dev-python/docutils.
	3
	4	https://github.com/rsyslog/rsyslog/issues/73
	5
	6	diff -rupN old/rsyslog-7.6.3/tools/rscryutil.1 new/rsyslog-7.6.3/tools/rscryutil.1
	7	--- old/rsyslog-7.6.3/tools/rscryutil.1 2013-10-29 16:31:21.000000000 +0100
Line 0 Link Here
	1	From 14f3b45151864aa4170de515f406a69ad2931eba Mon Sep 17 00:00:00 2001
	2	From: Rainer Gerhards <rgerhards@adiscon.com>
	3	Date: Thu, 31 Oct 2013 18:21:47 +0100
	4	Subject: [PATCH] module omruleset is no longer enabled by default.
	5
	6	Note that it has been deprecated in v7 and been replaced by the "call"
	7	statement. Also, it can still be build without problems, the option must
	8	just explicitely be given.
	9	---
	10	diff --git a/configure.ac b/configure.ac
	11	index 3abd559..de4c3ea 100644
	12	--- a/configure.ac
	13	+++ b/configure.ac
	14	@@ -1353,7 +1353,7 @@ AC_ARG_ENABLE(omruleset,
	15	no) enable_omruleset="no" ;;
	16	*) AC_MSG_ERROR(bad value ${enableval} for --enable-omruleset) ;;
	17	esac],
	18	- [enable_omruleset=yes]
	19	+ [enable_omruleset=no]
	20	)
	21	AM_CONDITIONAL(ENABLE_OMRULESET, test x$enable_omruleset = xyes)
	22
	23	--
	24	1.9.1
	25

Line 0 Link Here

(-)old/app-admin/rsyslog/files/7-stable/README.gentoo (+98 lines)
		1	Introduction
		2	============
		3
		4	Since rsyslog version 7.6 we are shipping a new default Gentoo
		5	configuration. See bug #501982 to learn more about what we were trying to
		6	achieve by rewriting the entire configuration.
		7
		8
		9	Important changes
		10	=================
		11
		12	1. "/var/log/syslog" log file is now deprecated
		13
		14	Beginning with rsyslog-7.6, the "/var/log/syslog" log file will no
		15	longer being written per default. We are considering this file as
		16	deprecated/obsolet for the typical user/system.
		17	The content from this log file is still availble through other
		18	(dedicated) log files, see
		19
		20	- /var/log/cron.log
		21	- /var/log/daemon.log
		22	- /var/log/mail.log
		23	- /var/log/messages
		24
		25	If you really need the old "/var/log/syslog" log file, all you have to
		26	do is uncommenting the corresponding configuration directive in
		27	"/etc/rsyslog.conf".
		28
		29	If you do so, don't forget to re-enable log rotation in
		30	"/etc/logrotate.d/rsyslog", too.
		31
		32
		33	2. Additional configurations must be named ".pre.conf" or ".post.conf"
		34
		35	Beginning with rsyslog-7.6, we no longer include additional
		36	configuration files from "/etc/rsyslog.d/*.conf".
		37
		38	Instead we are now including any "/etc/rsyslog.d/*.pre.conf" file
		39	before Gentoo's default actions. This still allows you to modify or
		40	discard messages which should or shouldn't be handled later by Gentoo's
		41	default actions.
		42
		43	After the default Gentoo actions, we include any additional
		44	"/etc/rsyslog.d/*.post.conf" configuration file.
		45
		46	This should be the default naming for any additional configuration
		47	files because this lowers the risk to manipulate the default log files
		48	without intention.
		49
		50	Examples
		51	========
		52
		53	1. You setup your firewall (iptables) to log some traffic
		54	(...-J LOG --log-prefix "firewall: ", see `iptables -j LOG --help`
		55	for further details). Per default, these log messages will be logged
		56	into "/var/log/kern.log" and "/var/log/messages" which will clutter
		57	up these log files.
		58
		59	To solve this problem, you would now simply create
		60	"/etc/rsyslog.d/firewall.pre.conf" with the following content:
		61
		62	if ($programname == 'kernel') then {
		63	if ($msg contains 'firewall:') then {
		64	action(type="omfile"
65	File="/var/log/firewall.log"
66	FileOwner="root"
67	FileGroup="adm"
68	)
69	stop
70	}
71	}
72
73
74	2. You configured a program to use syslog facility "local6". You want
75	to collect logs from your program in its own log file.
76
77	To solve this problem, you would now simply create
78	"/etc/rsyslog.d/yourProgram.post.conf" with the following content:
79
80	if ($syslogfacility-text == 'local6') then {
81	if ($programname == 'yourProgram') then {
82	action(type="omfile"
83	File="/var/log/yourProgram.log"
84	FileOwner="root"
85	FileGroup="adm"
86	)
87	}
88	}
89
90
91	Please read the RainerScript documentation at http://www.rsyslog.com if
92	you don't understand the syntax from the examples above.
93
94
95	3. An additional input socket in "/var/empty/dev/log" (default chroot
96	location) will be created per default
97
98	See bug #490744 for further details.

Line 0 Link Here

(-)old/app-admin/rsyslog/files/7-stable/rsyslog.conf (+166 lines)
		1	# /etc/rsyslog.conf
		2	#
		3	# This configuration is based on RainerScript, the new recommended syntax
		4	# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further
		5	# details.
		6	#
		7	# But if you don't want to learn something new at moment, don't worry: The
		8	# legacy syntax is still supported.
		9	#
		10	# You may want to use the new RSYSLOG configuration builder to create your
		11	# own more advanced configuration: http://www.rsyslog.com/rsyslog-configuration-builder/
		12
		13	# Check config syntax on startup and abort if unclean (default: off)
		14	#$AbortOnUncleanConfig on
		15
		16
		17	###############
		18	### MODULES ###
		19	###############
		20
		21	# Read syslog messages from default Unix socket /dev/log (e.g. via logger command)
		22	module(load="imuxsock")
		23
		24	# Read messages from the kernel log and submits them to the syslog engine
		25	module(load="imklog")
		26
		27	# Inject "--MARK--" messages every $Interval (seconds)
		28	#module(load="immark" Interval="600")
		29
		30	# Read syslog messages from UDP
		31	#module(load="imudp")
		32	#input(type="imudp" port="514")
		33
		34	# Read syslog messages from TCP
		35	#module(load="imtcp")
		36	#input(type="imtcp" port="514")
		37
		38
		39	#########################
		40	### GLOBAL DIRECTIVES ###
		41	#########################
		42
		43	# Where to place spool and state files
		44	$WorkDirectory /var/spool/rsyslog
		45
		46	# Reduce repeating messages (default: off)
		47	#$RepeatedMsgReduction on
		48
		49	# Set defaults for every output file
		50	$Umask 0022
		51
		52	module(
		53	load="builtin:omfile"
		54	Template="RSYSLOG_TraditionalFileFormat"
		55	FileCreateMode="0644"
		56	DirCreateMode="0755"
		57	)
		58
		59
		60	# Include additional configuration files which can modify/discard messages
		61	# before Gentoo's default actions will handle them.
		62	# See "/usr/share/doc/rsyslog-/README.gentoo" for more information.
		63	$IncludeConfig /etc/rsyslog.d/*.pre.conf
		64
65
66	##############################
67	### DEFAULT GENTOO ACTIONS ###
68	##############################
69
70	auth,authpriv.* action(
71	type="omfile"
72	File="/var/log/auth.log"
73	FileCreateMode="0600"
74	FileOwner="root"
75	FileGroup="adm"
76	Sync="off"
77	)
78
79	cron.* action(
80	type="omfile"
81	File="/var/log/cron.log"
82	FileOwner="root"
83	FileGroup="adm"
84	)
85
86	daemon.* action(
87	type="omfile"
88	File="/var/log/daemon.log"
89	FileOwner="root"
90	FileGroup="adm"
91	)
92
93	kern.* action(
94	type="omfile"
95	File="/var/log/kern.log"
96	FileOwner="root"
97	FileGroup="adm"
98	)
99
100	lpr.* action(
101	type="omfile"
102	File="/var/log/lpr.log"
103	FileOwner="root"
104	FileGroup="adm"
105	)
106
107	mail.* action(
108	type="omfile"
109	File="/var/log/mail.log"
110	FileOwner="root"
111	FileGroup="adm"
112	)
113
114	news.* action(
115	type="omfile"
116	File="/var/log/news.log"
117	FileOwner="root"
118	FileGroup="adm"
119	)
120
121	user.* action(
122	type="omfile"
123	File="/var/log/user.log"
124	FileOwner="root"
125	FileGroup="adm"
126	)
127
128	*.=debug;auth,authpriv,news,mail.none action(
129	type="omfile"
130	File="/var/log/debug.log"
131	FileOwner="root"
132	FileGroup="adm"
133	)
134
135	*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action(
136	type="omfile"
137	File="/var/log/messages"
138	FileOwner="root"
139	FileGroup="adm"
140	)
141
142	# Uncomment the following directive to re-enable the
143	# deprecated "/var/log/syslog" log file (don't forget to re-enable log
144	# rotation in "/etc/logrotate.d/rsyslog" if you do that!)
145	#.;auth,authpriv.none action(
146	# type="omfile"
147	# File="/var/log/syslog"
148	# FileOwner="root"
149	# FileGroup="adm"
150	#)
151
152	*.emerg action(
153	type="omusrmsg"
154	Users="*"
155	action.execOnlyOnceEveryInterval="10"
156	)
157
158	# Create an additional socket for the default chroot location
159	# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744)
160	input(type="imuxsock" Socket="/var/empty/dev/log")
161
162
163	# Include additional configuration files which handle messages after they
164	# were processed by any "*.pre.conf" file and Gentoo's default actions.
165	# See "/usr/share/doc/rsyslog-/README.gentoo" for more information.
166	$IncludeConfig /etc/rsyslog.d/*.post.conf

Line 0 Link Here

(-)old/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1 (+30 lines)
	1	# /etc/conf.d/rsyslog
	2
	3	# Configuration file
	4	RSYSLOG_CONFIGFILE="/etc/rsyslog.conf"
	5
	6	# PID file
	7	# If you should ever change this, remember to update
	8	# "/etc/logrotate.d/rsyslog", too.
	9	RSYSLOG_PIDFILE="/run/rsyslogd.pid"
	10
	11	# You can use this configuration option to pass additional options to the
	12	# start-stop-daemon, see start-stop-daemon(8) for more details.
	13	# Per default we wait 1000ms after we have started the service to ensure
	14	# that the daemon is really up and running.
	15	RSYSLOG_SSDARGS="--wait 1000"
	16
	17	# The termination timeout (start-stop-daemon parameter "retry") ensures
	18	# that the service will be terminated within a given time (60 + 5 seconds
	19	# per default) when you are stopping the service.
	20	# You need to increase the value when you are working with a large queue.
	21	# See http://www.rsyslog.com/doc/queues.html for further information.
	22	RSYSLOG_TERMTIMEOUT="TERM/60/KILL/5"
	23
	24
	25	# Options to rsyslogd
	26	# See rsyslogd(8) for more details
	27	# Notes:
	28	# * Do not specify another PIDFILE but use the variable above to change the location
	29	# * Do not specify another CONFIGFILE but use the variable above to change the location
	30	RSYSLOG_OPTS=""

Line 0 Link Here

(-)old/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1 (+69 lines)
		1	#!/sbin/runscript
		2	# Copyright 1999-2014 Gentoo Foundation
		3	# Distributed under the terms of the GNU General Public License v2
		4	# $Header: $
		5
		6	RSYSLOG_CONFIGFILE=${RSYSLOG_CONFIGFILE:-"/etc/rsyslog.conf"}
		7	RSYSLOG_PIDFILE=${RSYSLOG_PIDFILE:-"/run/rsyslogd.pid"}
		8
		9	command="/usr/sbin/rsyslogd"
		10	command_args="${RSYSLOG_OPTS} -f ${RSYSLOG_CONFIGFILE} -i ${RSYSLOG_PIDFILE}"
		11	start_stop_daemon_args="${RSYSLOG_SSDARGS}"
		12	pidfile="${RSYSLOG_PIDFILE}"
		13	retry="${RSYSLOG_TERMTIMEOUT}"
		14
		15	required_files=( "${RSYSLOG_CONFIGFILE}" )
		16
		17	description="RSYSLOG is the rocket-fast system for log processing (syslog replacement)."
		18
		19	extra_commands="configtest"
		20	extra_started_commands="rotate"
		21
		22	description_configtest="Run rsyslogd's internal config check."
		23
		24	description_rotate="Sends rsyslogd a signal to re-open its log files."
		25
		26	depend() {
		27	need clock hostname localmount
		28	provide logger
		29	}
		30
		31	start_pre() {
		32	if [ "${RC_CMD}" != "restart" ]; then
		33	configtest \|\| return 1
		34	fi
		35	}
		36
		37	stop_pre() {
		38	if [ "${RC_CMD}" = "restart" ]; then
		39	configtest \|\| return 1
		40	fi
		41	}
		42
		43	stop_post() {
		44	rm -f ${RSYSLOG_PIDFILE}
		45	}
		46
		47	configtest() {
		48	# This will currently only detect fatal errors
		49	# See https://github.com/rsyslog/rsyslog/issues/79
		50
		51	local _test_command="${command} -N 999 -f ${RSYSLOG_CONFIGFILE}"
		52	local _retval=0
		53
		54	ebegin "Checking rsyslogd's configuration"
		55	${_test_command} &>/dev/null
		56	_retval=$?
		57
		58	if [ ${_retval} -ne 0 ]; then
		59	${_test_command}
		60	fi
		61
		62	eend ${_retval} "failed, please correct errors above"
		63	}
		64
65	rotate() {
66	ebegin "Re-opening rsyslogd logs"
67	start-stop-daemon --signal SIGHUP --pidfile "${RSYSLOG_PIDFILE}"
68	eend $?
69	}

Line 0 Link Here

(-)old/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1 (+37 lines)
	1	# Uncomment the following directive if you have re-enabled
	2	# "/var/log/syslog" in "/etc/rsyslog.conf"
	3	#/var/log/syslog
	4	#{
	5	# rotate 7
	6	# daily
	7	# missingok
	8	# notifempty
	9	# delaycompress
	10	# compress
	11	# postrotate
	12	# test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
	13	# endscript
	14	#}
	15
	16	/var/log/auth.log
	17	/var/log/cron.log
	18	/var/log/daemon.log
	19	/var/log/kern.log
	20	/var/log/lpr.log
	21	/var/log/mail.log
	22	/var/log/news.log
	23	/var/log/user.log
	24	/var/log/debug.log
	25	/var/log/messages
	26	{
	27	rotate 4
	28	weekly
	29	missingok
	30	notifempty
	31	compress
	32	delaycompress
	33	sharedscripts
	34	postrotate
	35	test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
	36	endscript
	37	}

Lines 1-23 Link Here

(-)old/app-admin/rsyslog/metadata.xml (-19 / +37 lines)
1	<?xml version="1.0" encoding="UTF-8"?>	1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">	2	<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
3	<pkgmetadata>	3	<pkgmetadata>
4	<maintainer>	4	<maintainer>
5	<email>ultrabug@gentoo.org</email>	5	<email>ultrabug@gentoo.org</email>
6	<name>Ultrabug</name>	6	<name>Ultrabug</name>
7	<description>Primary Maintainer</description>	7	<description>Primary Maintainer</description>
8	</maintainer>	8	</maintainer>
9	<maintainer>	9	<maintainer>
10	<email>whissi@whissi.de</email>	10	<email>whissi@whissi.de</email>
11	<name>Thomas D. (Whissi)</name>	11	<name>Thomas D. (Whissi)</name>
12	<description>Proxy-Maintainer, CC. bugs</description>	12	<description>Proxy-Maintainer, CC. bugs</description>
13	</maintainer>	13	</maintainer>
14	<use>	14	<use>
15	<flag name="extras">Add support for the UDP spoofing module (omudpspoof) using <pkg>net-libs/libnet</pkg></flag>	15	<flag name="dbi">Build the general database output module (requires <pkg>dev-db/libdbi</pkg>)</flag>
16	<flag name="mongodb">Add support for the MongoDB output template module using <pkg>dev-libs/libmongo-client</pkg></flag>	16	<flag name="elasticsearch">Build the Elasticsearch output module (requires <pkg>net-misc/curl</pkg>)</flag>
17	<flag name="relp">Add support for the Reliable Event Logging Protocol using <pkg>dev-libs/librelp</pkg></flag>	17	<flag name="extras">Add support for the UDP spoofing module (omudpspoof) using <pkg>net-libs/libnet</pkg></flag>
18	<flag name="zeromq">Add support for the ZeroMQ input and output plugins using <pkg>net-libs/zeromq</pkg></flag>	18	<flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag>
19	</use>	19	<flag name="kerberos">Build the GSSAPI input and output module (requires <pkg>virtual/krb5</pkg>)</flag>
20	<upstream>	20	<flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag>
21	<remote-id type="cpe">cpe:/a:rsyslog:rsyslog</remote-id>	21	<flag name="mysql">Build the MySQL databse output module (requires <pkg>virtual/mysql</pkg>)</flag>
22	</upstream>	22	<flag name="normalize">Build the normalize modify module (requires <pkg>dev-libs/libee</pkg> and <pkg>dev-libs/liblognorm</pkg>)</flag>
		23	<flag name="omudpspoof">Build the udpspoof output module (requires <pkg>net-libs/libnet</pkg>)</flag>
		24	<flag name="oracle">Build the Oracle database output module (requires <pkg>dev-db/oracle-instantclient-basic</pkg>)</flag>
		25	<flag name="postgres">Build the PostgreSQL database output module (requires <pkg>dev-db/postgresql-base</pkg>)</flag>
		26	<flag name="rabbitmq">Build the RabbitMQ output module (requires <pkg>net-libs/rabbitmq-c</pkg>)</flag>
		27	<flag name="redis">Build the Redis output module using (requires <pkg>dev-libs/hiredis</pkg>)</flag>
		28	<flag name="relp">Build the Reliable Event Logging Protocol (RELP) output module (requires <pkg>dev-libs/librelp</pkg>)</flag>
		29	<flag name="rfc3195">Build the rfc3195 input module (requires <pkg>dev-libs/liblogging</pkg>)</flag>
		30	<flag name="rfc5424hmac">Build the rfc5424hmac modify module (requires <pkg>dev-libs/openssl</pkg>)</flag>
		31	<flag name="snmp">Build the snmp modify and output module (requires <pkg>net-analyzer/net-snmp</pkg>)</flag>
		32	<flag name="ssl">Add support for encrypted client/server communication (requires <pkg>net-libs/gnutls</pkg>)</flag>
		33	<flag name="systemd">Build the journal input and output module (requires <pkg>sys-apps/systemd</pkg>)</flag>
		34	<flag name="usertools">Installs the user tools (rsgtutil, rscryutil...) corresponding to the set USE flags</flag>
		35	<flag name="zeromq">Build the ZeroMQ input and output modules (requires <pkg>net-libs/zeromq</pkg>)</flag>
		36	</use>
		37	<upstream>
		38	<bugs-to>https://github.com/rsyslog/rsyslog/issues</bugs-to>
		39	<remote-id type="cpe">cpe:/a:rsyslog:rsyslog</remote-id>
		40	</upstream>
23	</pkgmetadata>	41	</pkgmetadata>

Line 0 Link Here

(-)old/app-admin/rsyslog/rsyslog-7.6.3.ebuild (+351 lines)
		1	# Copyright 1999-2014 Gentoo Foundation
		2	# Distributed under the terms of the GNU General Public License v2
		3	# $Header: $
		4
		5	EAPI=5
		6	AUTOTOOLS_AUTORECONF=1
		7
		8	inherit autotools-utils eutils systemd
		9
		10	DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
		11	HOMEPAGE="http://www.rsyslog.com/"
		12	SRC_URI="http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz"
		13
		14	LICENSE="GPL-3 LGPL-3 Apache-2.0"
		15	KEYWORDS="~amd64 ~arm ~hppa ~x86"
		16	SLOT="0"
		17	IUSE="dbi debug doc elasticsearch +gcrypt kerberos mongodb mysql normalize omudpspoof oracle postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd usertools zeromq"
		18
		19	RDEPEND="
		20	>=dev-libs/json-c-0.11:=
		21	>=dev-libs/libestr-0.1.9
		22	>=dev-libs/liblogging-1.0.1:=[stdlog]
		23	>=sys-libs/zlib-1.2.5
		24	dbi? ( >=dev-db/libdbi-0.8.3 )
		25	elasticsearch? ( >=net-misc/curl-7.35.0 )
		26	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
		27	kerberos? ( virtual/krb5 )
		28	mongodb? ( >=dev-libs/libmongo-client-0.1.4 )
		29	mysql? ( virtual/mysql )
		30	normalize? (
		31	>=dev-libs/libee-0.4.0
		32	>=dev-libs/liblognorm-0.3.1:=
		33	!>=dev-libs/liblognorm-1.0.0
		34	)
		35	omudpspoof? ( >=net-libs/libnet-1.1.6 )
		36	oracle? ( >=dev-db/oracle-instantclient-basic-10.2 )
		37	postgres? ( >=dev-db/postgresql-base-8.4.20 )
		38	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0 )
		39	redis? ( >=dev-libs/hiredis-0.11.0 )
		40	relp? ( >=dev-libs/librelp-1.2.5 )
		41	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
		42	rfc5424hmac? ( >=dev-libs/openssl-0.9.8y )
		43	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
		44	ssl? ( >=net-libs/gnutls-2.12.23 )
		45	systemd? ( >=sys-apps/systemd-208 )
		46	zeromq? ( >=net-libs/czmq-1.2.0 )"
		47	DEPEND="${RDEPEND}
		48	virtual/pkgconfig"
		49
		50	BRANCH="7-stable"
		51
		52	# Test suite requires a special setup or will always fail
		53	RESTRICT="test"
		54
		55	# Maitainer note : open a bug to upstream
		56	# showing that building in a separate dir fails
		57	AUTOTOOLS_IN_SOURCE_BUILD=1
		58
		59	AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules"
		60
		61	DOCS=(
		62	AUTHORS
		63	ChangeLog
		64	doc/rsyslog-example.conf
65	"${FILESDIR}"/${BRANCH}/README.gentoo
66	)
67
68	PATCHES=(
69	"${FILESDIR}"/${BRANCH}/${PN}-7.x-mmjsonparse.patch
70	"${FILESDIR}"/${BRANCH}/fix-omruleset-default-value.patch
71	"${FILESDIR}"/${BRANCH}/bugfix_52.patch
72	"${FILESDIR}"/${BRANCH}/bugfix_73.patch
73	)
74
75	src_configure() {
76	# Maintainer notes:
77	# * Guardtime support is missing because libgt isn't yet available
78	# in portage.
79	# * Hadoop's HDFS file system output module is currently not
80	# supported in Gentoo because nobody is able to test it
81	# (JAVA dependency).
82	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
83	# upstream PR 129 and 136) so we need to export HIREDIS_*
84	# variables because rsyslog's build system depends on pkg-config.
85
86	if use redis; then
87	export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
88	export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
89	fi
90
91	local myeconfargs=(
92	# Input Plugins without depedencies
93	--enable-imfile
94	--enable-impstats
95	--enable-imptcp
96	--enable-imttcp
97	# Message Modificiation Plugins without depedencies
98	--enable-mmanon
99	--enable-mmaudit
100	--enable-mmcount
101	--enable-mmfields
102	--enable-mmjsonparse
103	--enable-mmpstrucdata
104	--enable-mmsequence
105	--enable-mmutf8fix
106	# Output Modification Plugins without dependencies
107	--enable-mail
108	--enable-omprog
109	--enable-omruleset
110	--enable-omstdout
111	--enable-omuxsock
112	# Misc
113	--enable-pmaixforwardedfrom
114	--enable-pmcisconames
115	--enable-pmlastmsg
116	--enable-pmrfc3164sd
117	--enable-pmsnare
118	--enable-sm_cust_bindcdr
119	# DB
120	$(use_enable dbi libdbi)
121	$(use_enable mongodb ommongodb)
122	$(use_enable mysql)
123	$(use_enable oracle)
124	$(use_enable postgres pgsql)
125	$(use_enable redis omhiredis)
126	# Debug
127	$(use_enable debug)
128	$(use_enable debug diagtools)
129	$(use_enable debug imdiag)
130	$(use_enable debug memcheck)
131	$(use_enable debug rtinst)
132	$(use_enable debug valgrind)
133	# Misc
134	$(use_enable elasticsearch)
135	$(use_enable gcrypt libgcrypt)
136	$(use_enable kerberos gssapi-krb5)
137	$(use_enable normalize mmnormalize)
138	$(use_enable omudpspoof)
139	$(use_enable rabbitmq omrabbitmq)
140	$(use_enable relp)
141	$(use_enable rfc3195)
142	$(use_enable rfc5424hmac mmrfc5424addhmac)
143	$(use_enable snmp)
144	$(use_enable snmp mmsnmptrapd)
145	$(use_enable ssl gnutls)
146	$(use_enable systemd imjournal)
147	$(use_enable systemd omjournal)
148	$(use_enable usertools)
149	$(use_enable zeromq imzmq3)
150	$(use_enable zeromq omzmq3)
151	"$(systemd_with_unitdir)"
152	)
153
154	autotools-utils_src_configure
155	}
156
157	src_install() {
158	use doc && HTML_DOCS=( "${S}"/doc/ )
159	autotools-utils_src_install
160
161	insinto /etc
162	newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
163	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN}
164	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN}
165	keepdir /var/empty/dev
166	keepdir /var/spool/${PN}
167	keepdir /etc/ssl/${PN}
168	keepdir /etc/${PN}.d
169
170	if use mysql; then
171	insinto /usr/share/doc/${PF}/scripts/mysql
172	doins plugins/ommysql/{createDB.sql,contrib/delete_mysql}
173	fi
174
175	if use postgres; then
176	insinto /usr/share/doc/${PF}/scripts/pgsql
177	doins plugins/ompgsql/createDB.sql
178	fi
179
180	insinto /etc/logrotate.d/
181	newins "${FILESDIR}/${BRANCH}/${PN}.logrotate-r1" ${PN}
182	}
183
184	pkg_postinst() {
185	local advertise_readme=0
186
187	if [[ -z "${REPLACING_VERSIONS}" ]]; then
188	# This is a new installation
189
190	advertise_readme=1
191
192	if use mysql \|\| use postgres; then
193	echo
194	elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
195	elog " /usr/share/doc/${PF}/scripts"
196	fi
197
198	if use ssl; then
199	echo
200	elog "To create a default CA and certificates for your server and clients, run:"
201	elog " emerge --config =${PF}"
202	elog "on your logging server. You can run it several times,"
203	elog "once for each logging client. The client certificates will be signed"
204	elog "using the CA certificate generated during the first run."
205	fi
206	fi
207
208	if [[ -z "${REPLACING_VERSIONS}" ]] \|\| [[ ${REPLACING_VERSIONS} < 8.0 ]]; then
209	# Show this message until rsyslog-8.x
210	echo
211	elog "Since ${PN}-7.6.3 we no longer use the catch-all log target"
212	elog "\"/var/log/syslog\" due to its redundancy to the other log targets."
213
214	advertise_readme=1
215	fi
216
217	unset RSYSLOG_OLD_CONF_FILES
218	declare -a RSYSLOG_OLD_CONF_FILES
219
220	local i=0 RSYSLOG_OLD_CONF_FILE=
221	while IFS= read -r -u 3 -d $'\0' RSYSLOG_OLD_CONF_FILE; do
222	RSYSLOG_OLD_CONF_FILES[i++]="$RSYSLOG_OLD_CONF_FILE"
223	done 3< <(find "${EPREFIX}/etc/rsyslog.d" -maxdepth 1 -type f \( -iname ".conf" ! -iname ".pre.conf" ! -iname "*.post.conf" \) -print0 2>/dev/null)
224
225	if [[ ${#RSYSLOG_OLD_CONF_FILES[@]} -gt 0 ]]; then
226	echo ""
227	ewarn "Beginning with ${PN}-7.6.3 we changed the way we are including"
228	ewarn "additional configuration files."
229	ewarn ""
230	ewarn "You have to adapt the new naming schema for the following files:"
231	ewarn ""
232
233	RSYSLOG_OLD_CONF_FILE=
234	for RSYSLOG_OLD_CONF_FILE in "${RSYSLOG_OLD_CONF_FILES[@]}"; do
235	ewarn " - ${RSYSLOG_OLD_CONF_FILE}"
236	done
237
238	ewarn ""
239	ewarn "To keep the old behavior, just change the suffix from \".conf\" to \".pre.conf\"."
240	ewarn "If you don't do that, these configuration files won't be included anymore."
241
242	advertise_readme=1
243	fi
244	unset i RSYSLOG_OLD_CONF_FILE RSYSLOG_OLD_CONF_FILES
245
246	if [[ ${advertise_readme} -gt 0 ]]; then
247	# We need to show the README file location
248
249	echo ""
250	elog "Please read"
251	elog ""
252	elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
253	elog ""
254	elog "for more details."
255	fi
256	}
257
258	pkg_config() {
259	if ! use ssl ; then
260	einfo "There is nothing to configure for rsyslog unless you"
261	einfo "used USE=ssl to build it."
262	return 0
263	fi
264
265	# Make sure the certificates directory exists
266	CERTDIR="${EROOT}/etc/ssl/${PN}"
267	if [ ! -d "${CERTDIR}" ]; then
268	mkdir "${CERTDIR}" \|\| die
269	fi
270	einfo "Your certificates will be stored in ${CERTDIR}"
271
272	# Create a default CA if needed
273	if [ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]; then
274	einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
275	certtool --generate-privkey \
276	--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
277	chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
278
279	cat > "${T}/${PF}.$$" <<- _EOF
280	cn = Portage automated CA
281	ca
282	cert_signing_key
283	expiration_days = 3650
284	_EOF
285
286	certtool --generate-self-signed \
287	--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
288	--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
289	--template "${T}/${PF}.$$" &>/dev/null
290	chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
291
292	# Create the server certificate
293	echo
294	einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
295	read -r CN
296
297	einfo "Creating private key and certificate for server ${CN}..."
298	certtool --generate-privkey \
299	--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
300	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
301
302	cat > "${T}/${PF}.$$" <<- _EOF
303	cn = ${CN}
304	tls_www_server
305	dns_name = ${CN}
306	expiration_days = 3650
307	_EOF
308
309	certtool --generate-certificate \
310	--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
311	--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
312	--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
313	--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
314	--template "${T}/${PF}.$$" &>/dev/null
315	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
316
317	else
318	einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
319	fi
320
321	# Create a client certificate
322	echo
323	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
324	read -r CN
325
326	einfo "Creating private key and certificate for client ${CN}..."
327	certtool --generate-privkey \
328	--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
329	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
330
331	cat > "${T}/${PF}.$$" <<- _EOF
332	cn = ${CN}
333	tls_www_client
334	dns_name = ${CN}
335	expiration_days = 3650
336	_EOF
337
338	certtool --generate-certificate \
339	--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
340	--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
341	--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
342	--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
343	--template "${T}/${PF}.$$" &>/dev/null
344	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
345
346	rm -f "${T}/${PF}.$$"
347
348	echo
349	einfo "Here is the documentation on how to encrypt your log traffic:"
350	einfo " http://www.rsyslog.com/doc/rsyslog_tls.html"
351	}