Attachment #383202 for bug #520328




From 6b47dd542d07ed557f02af9970d1004eb262e1c1 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 19 Aug 2014 11:33:41 +0200
Subject: [PATCH] bugfix: build failure on systems which don't have
 json_tokener_errors

Older versions of json-c need to use a different API (which don't exists
on newer versions, unfortunately...)
Thanks to Thomas D. for reporting this problem.
---
 ChangeLog     | 6 ++++++
 runtime/msg.c | 6 +++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 177387d..cb09b6c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,10 @@
 ---------------------------------------------------------------------------
+Version 8.4.1 [v8-stable] 2014-08-??
+- bugfix: build failure on systems which don't have json_tokener_errors
+  Older versions of json-c need to use a different API (which don't exists
+  on newer versions, unfortunately...)
+  Thanks to Thomas D. for reporting this problem.
+---------------------------------------------------------------------------
 Version 8.4.0 [v8-stable] 2014-08-18
 - this is the new stable branch, which incorporates all enhancements of
   rsyslog 8.3.
diff --git a/runtime/msg.c b/runtime/msg.c
index 66c3b7b..81b13f9 100644
--- a/runtime/msg.c
+++ b/runtime/msg.c
@@ -4074,7 +4074,11 @@ MsgSetPropsViaJSON(msg_t *__restrict__ const pMsg, const uchar *__restrict__ con
 
 			err = tokener->err;
 			if(err != json_tokener_continue)
-				errMsg = json_tokener_errors[err];
+#				if HAVE_JSON_TOKENER_ERROR_DESC
+					errMsg = json_tokener_error_desc(err);
+#				else
+					errMsg = json_tokener_errors[err];
+#				endif
 			else
 				errMsg = "Unterminated input";
 		} else if(!json_object_is_type(json, json_type_object))
-- 
2.0.3





#######################
### DEFAULT ACTIONS ###
#######################

auth,authpriv.* action(
	type="omfile"
	File="/var/log/auth.log"
	FileCreateMode="0600"
	FileOwner="root"
	FileGroup="adm"
	Sync="off"
)

cron.* action(
	type="omfile"
	File="/var/log/cron.log"
	FileOwner="root"
	FileGroup="adm"
)

daemon.* action(
	type="omfile"
	File="/var/log/daemon.log"
	FileOwner="root"
	FileGroup="adm"
)

kern.* action(
	type="omfile"
	File="/var/log/kern.log"
	FileOwner="root"
	FileGroup="adm"
)

lpr.* action(
	type="omfile"
	File="/var/log/lpr.log"
	FileOwner="root"
	FileGroup="adm"
)

mail.* action(
	type="omfile"
	File="/var/log/mail.log"
	FileOwner="root"
	FileGroup="adm"
)

news.* action(
	type="omfile"
	File="/var/log/news.log"
	FileOwner="root"
	FileGroup="adm"
)

user.* action(
	type="omfile"
	File="/var/log/user.log"
	FileOwner="root"
	FileGroup="adm"
)

*.=debug;auth,authpriv,news,mail.none action(
	type="omfile"
	File="/var/log/debug.log"
	FileOwner="root"
	FileGroup="adm"
)

*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action(
	type="omfile"
	File="/var/log/messages"
	FileOwner="root"
	FileGroup="adm"
)

# Uncomment the following directive to re-enable the
# deprecated "/var/log/syslog" log file (don't forget to re-enable log
# rotation in "/etc/logrotate.d/rsyslog" if you do that!)
#*.*;auth,authpriv.none action(
#	type="omfile"
#	File="/var/log/syslog"
#	FileOwner="root"
#	FileGroup="adm"
#)

*.emerg action(
	type="omusrmsg"
	Users="*"
	action.execOnlyOnceEveryInterval="10"
)

# Create an additional socket for the default chroot location
# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744)
input(type="imuxsock" Socket="/var/empty/dev/log")




Introduction
============

Since rsyslog version 7.6 we are shipping a new default Gentoo
configuration. See bug #501982 to learn more about what we were trying to
achieve by rewriting the entire configuration.


Important changes
=================

1. "/var/log/syslog" log file is now deprecated

   Beginning with rsyslog-7.6, the "/var/log/syslog" log file will no
   longer being written per default. We are considering this file as
   deprecated/obsolet for the typical user/system.
   The content from this log file is still availble through other
   (dedicated) log files, see
   
     - /var/log/cron.log
     - /var/log/daemon.log
     - /var/log/mail.log
     - /var/log/messages
   
   If you really need the old "/var/log/syslog" log file, all you have to
   do is uncommenting the corresponding configuration directive in
   "/etc/rsyslog.d/50-default.conf".
   
   If you do so, don't forget to re-enable log rotation in
   "/etc/logrotate.d/rsyslog", too.


2. An additional input socket in "/var/empty/dev/log" (default chroot
   location) will be created per default

   See bug #490744 for further details.




# /etc/rsyslog.conf
# 
# This configuration is based on RainerScript, the new recommended syntax
# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further
# details.
# 
# But if you don't want to learn something new at moment, don't worry: The
# legacy syntax is still supported.
# 
# You may want to use the new RSYSLOG configuration builder to create your
# own more advanced configuration: http://www.rsyslog.com/rsyslog-configuration-builder/

# Check config syntax on startup and abort if unclean (default: off)
#$AbortOnUncleanConfig on


###############
### MODULES ###
###############

# Read syslog messages from default Unix socket /dev/log (e.g. via logger command)
module(load="imuxsock")

# Read messages from the kernel log and submits them to the syslog engine
module(load="imklog")

# Inject "--MARK--" messages every $Interval (seconds)
#module(load="immark" Interval="600")

# Read syslog messages from UDP
#module(load="imudp")
#input(type="imudp" port="514")

# Read syslog messages from TCP
#module(load="imtcp")
#input(type="imtcp" port="514")


#########################
### GLOBAL DIRECTIVES ###
#########################

# Where to place spool and state files
$WorkDirectory /var/spool/rsyslog

# Reduce repeating messages (default: off)
#$RepeatedMsgReduction on

# Set defaults for every output file
$Umask 0022

module(
	load="builtin:omfile"
	Template="RSYSLOG_TraditionalFileFormat"
	FileCreateMode="0644"
	DirCreateMode="0755"
)


# Include all conf files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf




# /etc/conf.d/rsyslog

# Configuration file
RSYSLOG_CONFIGFILE="/etc/rsyslog.conf"

# PID file
# If you should ever change this, remember to update
# "/etc/logrotate.d/rsyslog", too.
RSYSLOG_PIDFILE="/run/rsyslogd.pid"

# You can use this configuration option to pass additional options to the
# start-stop-daemon, see start-stop-daemon(8) for more details.
# Per default we wait 1000ms after we have started the service to ensure
# that the daemon is really up and running.
RSYSLOG_SSDARGS="--wait 1000"

# The termination timeout (start-stop-daemon parameter "retry") ensures
# that the service will be terminated within a given time (60 + 5 seconds
# per default) when you are stopping the service.
# You need to increase the value when you are working with a large queue.
# See http://www.rsyslog.com/doc/queues.html for further information.
RSYSLOG_TERMTIMEOUT="TERM/60/KILL/5"


# Options to rsyslogd
# See rsyslogd(8) for more details
# Notes:
# * Do not specify another PIDFILE but use the variable above to change the location
# * Do not specify another CONFIGFILE but use the variable above to change the location
RSYSLOG_OPTS=""




#!/sbin/runscript
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

RSYSLOG_CONFIGFILE=${RSYSLOG_CONFIGFILE:-"/etc/rsyslog.conf"}
RSYSLOG_PIDFILE=${RSYSLOG_PIDFILE:-"/run/rsyslogd.pid"}

command="/usr/sbin/rsyslogd"
command_args="${RSYSLOG_OPTS} -f ${RSYSLOG_CONFIGFILE} -i ${RSYSLOG_PIDFILE}"
start_stop_daemon_args="${RSYSLOG_SSDARGS}"
pidfile="${RSYSLOG_PIDFILE}"
retry="${RSYSLOG_TERMTIMEOUT}"

required_files="${RSYSLOG_CONFIGFILE}"

description="RSYSLOG is the rocket-fast system for log processing (syslog replacement)."

extra_commands="configtest"
extra_started_commands="rotate"

description_configtest="Run rsyslogd's internal config check."

description_rotate="Sends rsyslogd a signal to re-open its log files."

depend() {
	need clock hostname localmount
	provide logger
}

start_pre() {
	if [ "${RC_CMD}" != "restart" ]; then
		configtest || return 1
	fi
}

stop_pre() {
	if [ "${RC_CMD}" = "restart" ]; then
		configtest || return 1
	fi
}

stop_post() {
	rm -f ${RSYSLOG_PIDFILE}
}

configtest() {
	# This will currently only detect fatal errors
	# See https://github.com/rsyslog/rsyslog/issues/79

	local _test_command="${command} -N 999 -f ${RSYSLOG_CONFIGFILE}"
	local _retval=0

	ebegin "Checking rsyslogd's configuration"
	${_test_command} >/dev/null 2>&1
	_retval=$?

	if [ ${_retval} -ne 0 ]; then
		${_test_command}
	fi

	eend ${_retval} "failed, please correct errors above"
}

rotate() {
	ebegin "Re-opening rsyslogd logs"
	start-stop-daemon --signal SIGHUP --pidfile "${RSYSLOG_PIDFILE}"
	eend $?
}




# Uncomment the following directive if you have re-enabled
# "/var/log/syslog" in "/etc/rsyslog.d/50-default.conf"
#/var/log/syslog
#{
#	rotate 7
#	daily
#	missingok
#	notifempty
#	delaycompress
#	compress
#	postrotate
#		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
#	endscript
#}

/var/log/auth.log
/var/log/cron.log
/var/log/daemon.log
/var/log/kern.log
/var/log/lpr.log
/var/log/mail.log
/var/log/news.log
/var/log/user.log
/var/log/debug.log
/var/log/messages
{
	rotate 4
	weekly
	missingok
	notifempty
	compress
	delaycompress
	sharedscripts
	postrotate
		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
	endscript
}

Lines 16-21 Link Here

(-)old/app-admin/rsyslog/metadata.xml (+1 lines)
16	<flag name="elasticsearch">Build the Elasticsearch output module (requires <pkg>net-misc/curl</pkg>)</flag>	16	<flag name="elasticsearch">Build the Elasticsearch output module (requires <pkg>net-misc/curl</pkg>)</flag>
17	<flag name="extras">Add support for the UDP spoofing module (omudpspoof) using <pkg>net-libs/libnet</pkg></flag>	17	<flag name="extras">Add support for the UDP spoofing module (omudpspoof) using <pkg>net-libs/libnet</pkg></flag>
18	<flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag>	18	<flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag>
		19	<flag name="jemalloc">Use <pkg>dev-libs/jemalloc</pkg> for allocations.</flag>
19	<flag name="kerberos">Build the GSSAPI input and output module (requires <pkg>virtual/krb5</pkg>)</flag>	20	<flag name="kerberos">Build the GSSAPI input and output module (requires <pkg>virtual/krb5</pkg>)</flag>
20	<flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag>	21	<flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag>
21	<flag name="mysql">Build the MySQL databse output module (requires <pkg>virtual/mysql</pkg>)</flag>	22	<flag name="mysql">Build the MySQL databse output module (requires <pkg>virtual/mysql</pkg>)</flag>




# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI=5
AUTOTOOLS_AUTORECONF=1

inherit autotools-utils eutils systemd

DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
HOMEPAGE="http://www.rsyslog.com/"
SRC_URI="
	http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz
	doc? ( http://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz )
"

LICENSE="GPL-3 LGPL-3 Apache-2.0"
KEYWORDS="~amd64 ~arm ~hppa ~x86"
SLOT="0"
IUSE="dbi debug doc elasticsearch +gcrypt jemalloc kerberos mongodb mysql normalize omudpspoof oracle postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd usertools zeromq"

RDEPEND="
	>=dev-libs/json-c-0.11:=
	>=dev-libs/libestr-0.1.9
	>=dev-libs/liblogging-1.0.1:=[stdlog]
	>=sys-libs/zlib-1.2.5
	dbi? ( >=dev-db/libdbi-0.8.3 )
	elasticsearch? ( >=net-misc/curl-7.35.0 )
	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
	jemalloc? ( >=dev-libs/jemalloc-3.3.1 )
	kerberos? ( virtual/krb5 )
	mongodb? ( >=dev-libs/libmongo-client-0.1.4 )
	mysql? ( virtual/mysql )
	normalize? (
		>=dev-libs/libee-0.4.0
		>=dev-libs/liblognorm-1.0.0:=
	)
	omudpspoof? ( >=net-libs/libnet-1.1.6 )
	oracle? ( >=dev-db/oracle-instantclient-basic-10.2 )
	postgres? ( >=dev-db/postgresql-base-8.4.20 )
	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0 )
	redis? ( >=dev-libs/hiredis-0.11.0 )
	relp? ( >=dev-libs/librelp-1.2.5 )
	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
	rfc5424hmac? ( >=dev-libs/openssl-0.9.8y )
	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
	ssl? ( >=net-libs/gnutls-2.12.23 )
	systemd? ( >=sys-apps/systemd-208 )
	zeromq? ( >=net-libs/czmq-1.2.0 )"
DEPEND="${RDEPEND}
	virtual/pkgconfig"

BRANCH="8-stable"

# Test suite requires a special setup or will always fail
RESTRICT="test"

# Maitainer note : open a bug to upstream
# showing that building in a separate dir fails
AUTOTOOLS_IN_SOURCE_BUILD=1

AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules"

DOCS=(
	AUTHORS
	ChangeLog
	"${FILESDIR}"/${BRANCH}/README.gentoo
)

src_unpack() {
	unpack ${P}.tar.gz

	if use doc; then
		local doc_tarball="${PN}-doc-${PV}.tar.gz"

		cd "${S}" || die "Cannot change dir into '$S'"
		mkdir docs || die "Failed to create docs directory"
		cd docs || die "Failed to change dir into '${S}/docs'"
		unpack ${doc_tarball}
	fi
}

src_prepare() {
	epatch "${FILESDIR}"/${BRANCH}/20-rsyslog-json_tokener_errors.patch
}

src_configure() {
	# Maintainer notes:
	# * Guardtime support is missing because libgt isn't yet available
	#   in portage.
	# * Hadoop's HDFS file system output module is currently not
	#   supported in Gentoo because nobody is able to test it
	#   (JAVA dependency).
	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
	#   upstream PR 129 and 136) so we need to export HIREDIS_*
	#   variables because rsyslog's build system depends on pkg-config.

	if use redis; then
		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
	fi

	local myeconfargs=(
		--disable-generate-man-pages
		# Input Plugins without depedencies
		--enable-imfile
		--enable-impstats
		--enable-imptcp
		--enable-imttcp
		# Message Modificiation Plugins without depedencies
		--enable-mmanon
		--enable-mmaudit
		--enable-mmcount
		--enable-mmfields
		--enable-mmjsonparse
		--enable-mmpstrucdata
		--enable-mmsequence
		--enable-mmutf8fix
		# Output Modification Plugins without dependencies
		--enable-mail
		--enable-omprog
		--enable-omruleset
		--enable-omstdout
		--enable-omuxsock
		# Misc
		--enable-pmaixforwardedfrom
		--enable-pmciscoios
		--enable-pmcisconames
		--enable-pmlastmsg
		--enable-pmrfc3164sd
		--enable-pmsnare
		# DB
		$(use_enable dbi libdbi)
		$(use_enable mongodb ommongodb)
		$(use_enable mysql)
		$(use_enable oracle)
		$(use_enable postgres pgsql)
		$(use_enable redis omhiredis)
		# Debug
		$(use_enable debug)
		$(use_enable debug diagtools)
		$(use_enable debug imdiag)
		$(use_enable debug memcheck)
		$(use_enable debug rtinst)
		$(use_enable debug valgrind)
		# Misc
		$(use_enable elasticsearch)
		$(use_enable gcrypt libgcrypt)
		$(use_enable jemalloc)
		$(use_enable kerberos gssapi-krb5)
		$(use_enable normalize mmnormalize)
		$(use_enable omudpspoof)
		$(use_enable rabbitmq omrabbitmq)
		$(use_enable relp)
		$(use_enable rfc3195)
		$(use_enable rfc5424hmac mmrfc5424addhmac)
		$(use_enable snmp)
		$(use_enable snmp mmsnmptrapd)
		$(use_enable ssl gnutls)
		$(use_enable systemd imjournal)
		$(use_enable systemd omjournal)
		$(use_enable usertools)
		$(use_enable zeromq imzmq3)
		$(use_enable zeromq omzmq3)
		"$(systemd_with_unitdir)"
	)

	autotools-utils_src_configure
}

src_install() {
	use doc && HTML_DOCS=( "${S}/docs/build/" )
	autotools-utils_src_install

	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd" ${PN}
	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd" ${PN}

	keepdir /var/empty/dev
	keepdir /var/spool/${PN}
	keepdir /etc/ssl/${PN}
	keepdir /etc/${PN}.d

	insinto /etc
	newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf

	insinto /etc/rsyslog.d/
	doins "${FILESDIR}/${BRANCH}/50-default.conf"

	insinto /etc/logrotate.d/
	newins "${FILESDIR}/${BRANCH}/${PN}.logrotate" ${PN}

	if use mysql; then
		insinto /usr/share/doc/${PF}/scripts/mysql
		doins plugins/ommysql/{createDB.sql,contrib/delete_mysql}
	fi

	if use postgres; then
		insinto /usr/share/doc/${PF}/scripts/pgsql
		doins plugins/ompgsql/createDB.sql
	fi
}

pkg_postinst() {
	local advertise_readme=0

	if [[ -z "${REPLACING_VERSIONS}" ]]; then
		# This is a new installation

		advertise_readme=1

		if use mysql || use postgres; then
			echo
			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
			elog "  /usr/share/doc/${PF}/scripts"
		fi

		if use ssl; then
			echo
			elog "To create a default CA and certificates for your server and clients, run:"
			elog "  emerge --config =${PF}"
			elog "on your logging server. You can run it several times,"
			elog "once for each logging client. The client certificates will be signed"
			elog "using the CA certificate generated during the first run."
		fi
	fi

	if [[ -z "${REPLACING_VERSIONS}" ]] || [[ ${REPLACING_VERSIONS} < 8.0 ]]; then
		# Show this message until rsyslog-8.x
		echo
		elog "Since ${PN}-7.6.3 we no longer use the catch-all log target"
		elog "\"/var/log/syslog\" due to its redundancy to the other log targets."

		advertise_readme=1
	fi

	if [[ ${advertise_readme} -gt 0 ]]; then
		# We need to show the README file location

		echo ""
		elog "Please read"
		elog ""
		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
		elog ""
		elog "for more details."
	fi
}

pkg_config() {
	if ! use ssl ; then
		einfo "There is nothing to configure for rsyslog unless you"
		einfo "used USE=ssl to build it."
		return 0
	fi

	# Make sure the certificates directory exists
	CERTDIR="${EROOT}/etc/ssl/${PN}"
	if [ ! -d "${CERTDIR}" ]; then
		mkdir "${CERTDIR}" || die
	fi
	einfo "Your certificates will be stored in ${CERTDIR}"

	# Create a default CA if needed
	if [ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]; then
		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
		certtool --generate-privkey \
			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"

		cat > "${T}/${PF}.$$" <<- _EOF
		cn = Portage automated CA
		ca
		cert_signing_key
		expiration_days = 3650
		_EOF

		certtool --generate-self-signed \
			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
			--template "${T}/${PF}.$$" &>/dev/null
		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"

		# Create the server certificate
		echo
		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
		read -r CN

		einfo "Creating private key and certificate for server ${CN}..."
		certtool --generate-privkey \
			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"

		cat > "${T}/${PF}.$$" <<- _EOF
		cn = ${CN}
		tls_www_server
		dns_name = ${CN}
		expiration_days = 3650
		_EOF

		certtool --generate-certificate \
			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
			--template "${T}/${PF}.$$" &>/dev/null
		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"

	else
		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
	fi

	# Create a client certificate
	echo
	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
	read -r CN

	einfo "Creating private key and certificate for client ${CN}..."
	certtool --generate-privkey \
		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"

	cat > "${T}/${PF}.$$" <<- _EOF
	cn = ${CN}
	tls_www_client
	dns_name = ${CN}
	expiration_days = 3650
	_EOF

	certtool --generate-certificate \
		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
		--template "${T}/${PF}.$$" &>/dev/null
	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"

	rm -f "${T}/${PF}.$$"

	echo
	einfo "Here is the documentation on how to encrypt your log traffic:"
	einfo " http://www.rsyslog.com/doc/rsyslog_tls.html"
}

Return to bug 520328

Line 0 Link Here

(-)old/app-admin/rsyslog/files/8-stable/20-rsyslog-json_tokener_errors.patch (+49 lines)
	1	From 6b47dd542d07ed557f02af9970d1004eb262e1c1 Mon Sep 17 00:00:00 2001
	2	From: Rainer Gerhards <rgerhards@adiscon.com>
	3	Date: Tue, 19 Aug 2014 11:33:41 +0200
	4	Subject: [PATCH] bugfix: build failure on systems which don't have
	5	json_tokener_errors
	6
	7	Older versions of json-c need to use a different API (which don't exists
	8	on newer versions, unfortunately...)
	9	Thanks to Thomas D. for reporting this problem.
	10	---
	11	ChangeLog \| 6 ++++++
	12	runtime/msg.c \| 6 +++++-
	13	2 files changed, 11 insertions(+), 1 deletion(-)
	14
	15	diff --git a/ChangeLog b/ChangeLog
	16	index 177387d..cb09b6c 100644
	17	--- a/ChangeLog
	18	+++ b/ChangeLog
	19	@@ -1,4 +1,10 @@
	20	---------------------------------------------------------------------------
	21	+Version 8.4.1 [v8-stable] 2014-08-??
	22	+- bugfix: build failure on systems which don't have json_tokener_errors
	23	+ Older versions of json-c need to use a different API (which don't exists
	24	+ on newer versions, unfortunately...)
	25	+ Thanks to Thomas D. for reporting this problem.
	26	+---------------------------------------------------------------------------
	27	Version 8.4.0 [v8-stable] 2014-08-18
	28	- this is the new stable branch, which incorporates all enhancements of
	29	rsyslog 8.3.
	30	diff --git a/runtime/msg.c b/runtime/msg.c
	31	index 66c3b7b..81b13f9 100644
	32	--- a/runtime/msg.c
	33	+++ b/runtime/msg.c
	34	@@ -4074,7 +4074,11 @@ MsgSetPropsViaJSON(msg_t __restrict__ const pMsg, const uchar __restrict__ con
	35
	36	err = tokener->err;
	37	if(err != json_tokener_continue)
	38	- errMsg = json_tokener_errors[err];
	39	+# if HAVE_JSON_TOKENER_ERROR_DESC
	40	+ errMsg = json_tokener_error_desc(err);
	41	+# else
	42	+ errMsg = json_tokener_errors[err];
	43	+# endif
	44	else
	45	errMsg = "Unterminated input";
	46	} else if(!json_object_is_type(json, json_type_object))
	47	--
	48	2.0.3
	49

Line 0 Link Here

(-)old/app-admin/rsyslog/files/8-stable/50-default.conf (+95 lines)
		1	#######################
		2	### DEFAULT ACTIONS ###
		3	#######################
		4
		5	auth,authpriv.* action(
		6	type="omfile"
		7	File="/var/log/auth.log"
		8	FileCreateMode="0600"
		9	FileOwner="root"
		10	FileGroup="adm"
		11	Sync="off"
		12	)
		13
		14	cron.* action(
		15	type="omfile"
		16	File="/var/log/cron.log"
		17	FileOwner="root"
		18	FileGroup="adm"
		19	)
		20
		21	daemon.* action(
		22	type="omfile"
		23	File="/var/log/daemon.log"
		24	FileOwner="root"
		25	FileGroup="adm"
		26	)
		27
		28	kern.* action(
		29	type="omfile"
		30	File="/var/log/kern.log"
		31	FileOwner="root"
		32	FileGroup="adm"
		33	)
		34
		35	lpr.* action(
		36	type="omfile"
		37	File="/var/log/lpr.log"
		38	FileOwner="root"
		39	FileGroup="adm"
		40	)
		41
		42	mail.* action(
		43	type="omfile"
		44	File="/var/log/mail.log"
		45	FileOwner="root"
		46	FileGroup="adm"
		47	)
		48
		49	news.* action(
		50	type="omfile"
		51	File="/var/log/news.log"
		52	FileOwner="root"
		53	FileGroup="adm"
		54	)
		55
		56	user.* action(
		57	type="omfile"
		58	File="/var/log/user.log"
		59	FileOwner="root"
		60	FileGroup="adm"
		61	)
		62
		63	*.=debug;auth,authpriv,news,mail.none action(
		64	type="omfile"
65	File="/var/log/debug.log"
66	FileOwner="root"
67	FileGroup="adm"
68	)
69
70	*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action(
71	type="omfile"
72	File="/var/log/messages"
73	FileOwner="root"
74	FileGroup="adm"
75	)
76
77	# Uncomment the following directive to re-enable the
78	# deprecated "/var/log/syslog" log file (don't forget to re-enable log
79	# rotation in "/etc/logrotate.d/rsyslog" if you do that!)
80	#.;auth,authpriv.none action(
81	# type="omfile"
82	# File="/var/log/syslog"
83	# FileOwner="root"
84	# FileGroup="adm"
85	#)
86
87	*.emerg action(
88	type="omusrmsg"
89	Users="*"
90	action.execOnlyOnceEveryInterval="10"
91	)
92
93	# Create an additional socket for the default chroot location
94	# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744)
95	input(type="imuxsock" Socket="/var/empty/dev/log")

Line 0 Link Here

(-)old/app-admin/rsyslog/files/8-stable/README.gentoo (+36 lines)
	1	Introduction
	2	============
	3
	4	Since rsyslog version 7.6 we are shipping a new default Gentoo
	5	configuration. See bug #501982 to learn more about what we were trying to
	6	achieve by rewriting the entire configuration.
	7
	8
	9	Important changes
	10	=================
	11
	12	1. "/var/log/syslog" log file is now deprecated
	13
	14	Beginning with rsyslog-7.6, the "/var/log/syslog" log file will no
	15	longer being written per default. We are considering this file as
	16	deprecated/obsolet for the typical user/system.
	17	The content from this log file is still availble through other
	18	(dedicated) log files, see
	19
	20	- /var/log/cron.log
	21	- /var/log/daemon.log
	22	- /var/log/mail.log
	23	- /var/log/messages
	24
	25	If you really need the old "/var/log/syslog" log file, all you have to
	26	do is uncommenting the corresponding configuration directive in
	27	"/etc/rsyslog.d/50-default.conf".
	28
	29	If you do so, don't forget to re-enable log rotation in
	30	"/etc/logrotate.d/rsyslog", too.
	31
	32
	33	2. An additional input socket in "/var/empty/dev/log" (default chroot
	34	location) will be created per default
	35
	36	See bug #490744 for further details.

Line 0 Link Here

(-)old/app-admin/rsyslog/files/8-stable/rsyslog.conf (+61 lines)
	1	# /etc/rsyslog.conf
	2	#
	3	# This configuration is based on RainerScript, the new recommended syntax
	4	# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further
	5	# details.
	6	#
	7	# But if you don't want to learn something new at moment, don't worry: The
	8	# legacy syntax is still supported.
	9	#
	10	# You may want to use the new RSYSLOG configuration builder to create your
	11	# own more advanced configuration: http://www.rsyslog.com/rsyslog-configuration-builder/
	12
	13	# Check config syntax on startup and abort if unclean (default: off)
	14	#$AbortOnUncleanConfig on
	15
	16
	17	###############
	18	### MODULES ###
	19	###############
	20
	21	# Read syslog messages from default Unix socket /dev/log (e.g. via logger command)
	22	module(load="imuxsock")
	23
	24	# Read messages from the kernel log and submits them to the syslog engine
	25	module(load="imklog")
	26
	27	# Inject "--MARK--" messages every $Interval (seconds)
	28	#module(load="immark" Interval="600")
	29
	30	# Read syslog messages from UDP
	31	#module(load="imudp")
	32	#input(type="imudp" port="514")
	33
	34	# Read syslog messages from TCP
	35	#module(load="imtcp")
	36	#input(type="imtcp" port="514")
	37
	38
	39	#########################
	40	### GLOBAL DIRECTIVES ###
	41	#########################
	42
	43	# Where to place spool and state files
	44	$WorkDirectory /var/spool/rsyslog
	45
	46	# Reduce repeating messages (default: off)
	47	#$RepeatedMsgReduction on
	48
	49	# Set defaults for every output file
	50	$Umask 0022
	51
	52	module(
	53	load="builtin:omfile"
	54	Template="RSYSLOG_TraditionalFileFormat"
	55	FileCreateMode="0644"
	56	DirCreateMode="0755"
	57	)
	58
	59
	60	# Include all conf files in /etc/rsyslog.d/
	61	$IncludeConfig /etc/rsyslog.d/*.conf

Line 0 Link Here

(-)old/app-admin/rsyslog/files/8-stable/rsyslog.confd (+30 lines)
	1	# /etc/conf.d/rsyslog
	2
	3	# Configuration file
	4	RSYSLOG_CONFIGFILE="/etc/rsyslog.conf"
	5
	6	# PID file
	7	# If you should ever change this, remember to update
	8	# "/etc/logrotate.d/rsyslog", too.
	9	RSYSLOG_PIDFILE="/run/rsyslogd.pid"
	10
	11	# You can use this configuration option to pass additional options to the
	12	# start-stop-daemon, see start-stop-daemon(8) for more details.
	13	# Per default we wait 1000ms after we have started the service to ensure
	14	# that the daemon is really up and running.
	15	RSYSLOG_SSDARGS="--wait 1000"
	16
	17	# The termination timeout (start-stop-daemon parameter "retry") ensures
	18	# that the service will be terminated within a given time (60 + 5 seconds
	19	# per default) when you are stopping the service.
	20	# You need to increase the value when you are working with a large queue.
	21	# See http://www.rsyslog.com/doc/queues.html for further information.
	22	RSYSLOG_TERMTIMEOUT="TERM/60/KILL/5"
	23
	24
	25	# Options to rsyslogd
	26	# See rsyslogd(8) for more details
	27	# Notes:
	28	# * Do not specify another PIDFILE but use the variable above to change the location
	29	# * Do not specify another CONFIGFILE but use the variable above to change the location
	30	RSYSLOG_OPTS=""

Line 0 Link Here

(-)old/app-admin/rsyslog/files/8-stable/rsyslog.initd (+69 lines)
		1	#!/sbin/runscript
		2	# Copyright 1999-2014 Gentoo Foundation
		3	# Distributed under the terms of the GNU General Public License v2
		4	# $Header: $
		5
		6	RSYSLOG_CONFIGFILE=${RSYSLOG_CONFIGFILE:-"/etc/rsyslog.conf"}
		7	RSYSLOG_PIDFILE=${RSYSLOG_PIDFILE:-"/run/rsyslogd.pid"}
		8
		9	command="/usr/sbin/rsyslogd"
		10	command_args="${RSYSLOG_OPTS} -f ${RSYSLOG_CONFIGFILE} -i ${RSYSLOG_PIDFILE}"
		11	start_stop_daemon_args="${RSYSLOG_SSDARGS}"
		12	pidfile="${RSYSLOG_PIDFILE}"
		13	retry="${RSYSLOG_TERMTIMEOUT}"
		14
		15	required_files="${RSYSLOG_CONFIGFILE}"
		16
		17	description="RSYSLOG is the rocket-fast system for log processing (syslog replacement)."
		18
		19	extra_commands="configtest"
		20	extra_started_commands="rotate"
		21
		22	description_configtest="Run rsyslogd's internal config check."
		23
		24	description_rotate="Sends rsyslogd a signal to re-open its log files."
		25
		26	depend() {
		27	need clock hostname localmount
		28	provide logger
		29	}
		30
		31	start_pre() {
		32	if [ "${RC_CMD}" != "restart" ]; then
		33	configtest \|\| return 1
		34	fi
		35	}
		36
		37	stop_pre() {
		38	if [ "${RC_CMD}" = "restart" ]; then
		39	configtest \|\| return 1
		40	fi
		41	}
		42
		43	stop_post() {
		44	rm -f ${RSYSLOG_PIDFILE}
		45	}
		46
		47	configtest() {
		48	# This will currently only detect fatal errors
		49	# See https://github.com/rsyslog/rsyslog/issues/79
		50
		51	local _test_command="${command} -N 999 -f ${RSYSLOG_CONFIGFILE}"
		52	local _retval=0
		53
		54	ebegin "Checking rsyslogd's configuration"
		55	${_test_command} >/dev/null 2>&1
		56	_retval=$?
		57
		58	if [ ${_retval} -ne 0 ]; then
		59	${_test_command}
		60	fi
		61
		62	eend ${_retval} "failed, please correct errors above"
		63	}
		64
65	rotate() {
66	ebegin "Re-opening rsyslogd logs"
67	start-stop-daemon --signal SIGHUP --pidfile "${RSYSLOG_PIDFILE}"
68	eend $?
69	}

Line 0 Link Here

(-)old/app-admin/rsyslog/files/8-stable/rsyslog.logrotate (+37 lines)
	1	# Uncomment the following directive if you have re-enabled
	2	# "/var/log/syslog" in "/etc/rsyslog.d/50-default.conf"
	3	#/var/log/syslog
	4	#{
	5	# rotate 7
	6	# daily
	7	# missingok
	8	# notifempty
	9	# delaycompress
	10	# compress
	11	# postrotate
	12	# test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
	13	# endscript
	14	#}
	15
	16	/var/log/auth.log
	17	/var/log/cron.log
	18	/var/log/daemon.log
	19	/var/log/kern.log
	20	/var/log/lpr.log
	21	/var/log/mail.log
	22	/var/log/news.log
	23	/var/log/user.log
	24	/var/log/debug.log
	25	/var/log/messages
	26	{
	27	rotate 4
	28	weekly
	29	missingok
	30	notifempty
	31	compress
	32	delaycompress
	33	sharedscripts
	34	postrotate
	35	test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
	36	endscript
	37	}

Line 0 Link Here

(-)old/app-admin/rsyslog/rsyslog-8.4.0.ebuild (+341 lines)
		1	# Copyright 1999-2014 Gentoo Foundation
		2	# Distributed under the terms of the GNU General Public License v2
		3	# $Header: $
		4
		5	EAPI=5
		6	AUTOTOOLS_AUTORECONF=1
		7
		8	inherit autotools-utils eutils systemd
		9
		10	DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
		11	HOMEPAGE="http://www.rsyslog.com/"
		12	SRC_URI="
		13	http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz
		14	doc? ( http://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz )
		15	"
		16
		17	LICENSE="GPL-3 LGPL-3 Apache-2.0"
		18	KEYWORDS="~amd64 ~arm ~hppa ~x86"
		19	SLOT="0"
		20	IUSE="dbi debug doc elasticsearch +gcrypt jemalloc kerberos mongodb mysql normalize omudpspoof oracle postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd usertools zeromq"
		21
		22	RDEPEND="
		23	>=dev-libs/json-c-0.11:=
		24	>=dev-libs/libestr-0.1.9
		25	>=dev-libs/liblogging-1.0.1:=[stdlog]
		26	>=sys-libs/zlib-1.2.5
		27	dbi? ( >=dev-db/libdbi-0.8.3 )
		28	elasticsearch? ( >=net-misc/curl-7.35.0 )
		29	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
		30	jemalloc? ( >=dev-libs/jemalloc-3.3.1 )
		31	kerberos? ( virtual/krb5 )
		32	mongodb? ( >=dev-libs/libmongo-client-0.1.4 )
		33	mysql? ( virtual/mysql )
		34	normalize? (
		35	>=dev-libs/libee-0.4.0
		36	>=dev-libs/liblognorm-1.0.0:=
		37	)
		38	omudpspoof? ( >=net-libs/libnet-1.1.6 )
		39	oracle? ( >=dev-db/oracle-instantclient-basic-10.2 )
		40	postgres? ( >=dev-db/postgresql-base-8.4.20 )
		41	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0 )
		42	redis? ( >=dev-libs/hiredis-0.11.0 )
		43	relp? ( >=dev-libs/librelp-1.2.5 )
		44	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
		45	rfc5424hmac? ( >=dev-libs/openssl-0.9.8y )
		46	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
		47	ssl? ( >=net-libs/gnutls-2.12.23 )
		48	systemd? ( >=sys-apps/systemd-208 )
		49	zeromq? ( >=net-libs/czmq-1.2.0 )"
		50	DEPEND="${RDEPEND}
		51	virtual/pkgconfig"
		52
		53	BRANCH="8-stable"
		54
		55	# Test suite requires a special setup or will always fail
		56	RESTRICT="test"
		57
		58	# Maitainer note : open a bug to upstream
		59	# showing that building in a separate dir fails
		60	AUTOTOOLS_IN_SOURCE_BUILD=1
		61
		62	AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules"
		63
		64	DOCS=(
65	AUTHORS
66	ChangeLog
67	"${FILESDIR}"/${BRANCH}/README.gentoo
68	)
69
70	src_unpack() {
71	unpack ${P}.tar.gz
72
73	if use doc; then
74	local doc_tarball="${PN}-doc-${PV}.tar.gz"
75
76	cd "${S}" \|\| die "Cannot change dir into '$S'"
77	mkdir docs \|\| die "Failed to create docs directory"
78	cd docs \|\| die "Failed to change dir into '${S}/docs'"
79	unpack ${doc_tarball}
80	fi
81	}
82
83	src_prepare() {
84	epatch "${FILESDIR}"/${BRANCH}/20-rsyslog-json_tokener_errors.patch
85	}
86
87	src_configure() {
88	# Maintainer notes:
89	# * Guardtime support is missing because libgt isn't yet available
90	# in portage.
91	# * Hadoop's HDFS file system output module is currently not
92	# supported in Gentoo because nobody is able to test it
93	# (JAVA dependency).
94	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
95	# upstream PR 129 and 136) so we need to export HIREDIS_*
96	# variables because rsyslog's build system depends on pkg-config.
97
98	if use redis; then
99	export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
100	export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
101	fi
102
103	local myeconfargs=(
104	--disable-generate-man-pages
105	# Input Plugins without depedencies
106	--enable-imfile
107	--enable-impstats
108	--enable-imptcp
109	--enable-imttcp
110	# Message Modificiation Plugins without depedencies
111	--enable-mmanon
112	--enable-mmaudit
113	--enable-mmcount
114	--enable-mmfields
115	--enable-mmjsonparse
116	--enable-mmpstrucdata
117	--enable-mmsequence
118	--enable-mmutf8fix
119	# Output Modification Plugins without dependencies
120	--enable-mail
121	--enable-omprog
122	--enable-omruleset
123	--enable-omstdout
124	--enable-omuxsock
125	# Misc
126	--enable-pmaixforwardedfrom
127	--enable-pmciscoios
128	--enable-pmcisconames
129	--enable-pmlastmsg
130	--enable-pmrfc3164sd
131	--enable-pmsnare
132	# DB
133	$(use_enable dbi libdbi)
134	$(use_enable mongodb ommongodb)
135	$(use_enable mysql)
136	$(use_enable oracle)
137	$(use_enable postgres pgsql)
138	$(use_enable redis omhiredis)
139	# Debug
140	$(use_enable debug)
141	$(use_enable debug diagtools)
142	$(use_enable debug imdiag)
143	$(use_enable debug memcheck)
144	$(use_enable debug rtinst)
145	$(use_enable debug valgrind)
146	# Misc
147	$(use_enable elasticsearch)
148	$(use_enable gcrypt libgcrypt)
149	$(use_enable jemalloc)
150	$(use_enable kerberos gssapi-krb5)
151	$(use_enable normalize mmnormalize)
152	$(use_enable omudpspoof)
153	$(use_enable rabbitmq omrabbitmq)
154	$(use_enable relp)
155	$(use_enable rfc3195)
156	$(use_enable rfc5424hmac mmrfc5424addhmac)
157	$(use_enable snmp)
158	$(use_enable snmp mmsnmptrapd)
159	$(use_enable ssl gnutls)
160	$(use_enable systemd imjournal)
161	$(use_enable systemd omjournal)
162	$(use_enable usertools)
163	$(use_enable zeromq imzmq3)
164	$(use_enable zeromq omzmq3)
165	"$(systemd_with_unitdir)"
166	)
167
168	autotools-utils_src_configure
169	}
170
171	src_install() {
172	use doc && HTML_DOCS=( "${S}/docs/build/" )
173	autotools-utils_src_install
174
175	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd" ${PN}
176	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd" ${PN}
177
178	keepdir /var/empty/dev
179	keepdir /var/spool/${PN}
180	keepdir /etc/ssl/${PN}
181	keepdir /etc/${PN}.d
182
183	insinto /etc
184	newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
185
186	insinto /etc/rsyslog.d/
187	doins "${FILESDIR}/${BRANCH}/50-default.conf"
188
189	insinto /etc/logrotate.d/
190	newins "${FILESDIR}/${BRANCH}/${PN}.logrotate" ${PN}
191
192	if use mysql; then
193	insinto /usr/share/doc/${PF}/scripts/mysql
194	doins plugins/ommysql/{createDB.sql,contrib/delete_mysql}
195	fi
196
197	if use postgres; then
198	insinto /usr/share/doc/${PF}/scripts/pgsql
199	doins plugins/ompgsql/createDB.sql
200	fi
201	}
202
203	pkg_postinst() {
204	local advertise_readme=0
205
206	if [[ -z "${REPLACING_VERSIONS}" ]]; then
207	# This is a new installation
208
209	advertise_readme=1
210
211	if use mysql \|\| use postgres; then
212	echo
213	elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
214	elog " /usr/share/doc/${PF}/scripts"
215	fi
216
217	if use ssl; then
218	echo
219	elog "To create a default CA and certificates for your server and clients, run:"
220	elog " emerge --config =${PF}"
221	elog "on your logging server. You can run it several times,"
222	elog "once for each logging client. The client certificates will be signed"
223	elog "using the CA certificate generated during the first run."
224	fi
225	fi
226
227	if [[ -z "${REPLACING_VERSIONS}" ]] \|\| [[ ${REPLACING_VERSIONS} < 8.0 ]]; then
228	# Show this message until rsyslog-8.x
229	echo
230	elog "Since ${PN}-7.6.3 we no longer use the catch-all log target"
231	elog "\"/var/log/syslog\" due to its redundancy to the other log targets."
232
233	advertise_readme=1
234	fi
235
236	if [[ ${advertise_readme} -gt 0 ]]; then
237	# We need to show the README file location
238
239	echo ""
240	elog "Please read"
241	elog ""
242	elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
243	elog ""
244	elog "for more details."
245	fi
246	}
247
248	pkg_config() {
249	if ! use ssl ; then
250	einfo "There is nothing to configure for rsyslog unless you"
251	einfo "used USE=ssl to build it."
252	return 0
253	fi
254
255	# Make sure the certificates directory exists
256	CERTDIR="${EROOT}/etc/ssl/${PN}"
257	if [ ! -d "${CERTDIR}" ]; then
258	mkdir "${CERTDIR}" \|\| die
259	fi
260	einfo "Your certificates will be stored in ${CERTDIR}"
261
262	# Create a default CA if needed
263	if [ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]; then
264	einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
265	certtool --generate-privkey \
266	--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
267	chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
268
269	cat > "${T}/${PF}.$$" <<- _EOF
270	cn = Portage automated CA
271	ca
272	cert_signing_key
273	expiration_days = 3650
274	_EOF
275
276	certtool --generate-self-signed \
277	--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
278	--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
279	--template "${T}/${PF}.$$" &>/dev/null
280	chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
281
282	# Create the server certificate
283	echo
284	einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
285	read -r CN
286
287	einfo "Creating private key and certificate for server ${CN}..."
288	certtool --generate-privkey \
289	--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
290	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
291
292	cat > "${T}/${PF}.$$" <<- _EOF
293	cn = ${CN}
294	tls_www_server
295	dns_name = ${CN}
296	expiration_days = 3650
297	_EOF
298
299	certtool --generate-certificate \
300	--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
301	--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
302	--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
303	--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
304	--template "${T}/${PF}.$$" &>/dev/null
305	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
306
307	else
308	einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
309	fi
310
311	# Create a client certificate
312	echo
313	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
314	read -r CN
315
316	einfo "Creating private key and certificate for client ${CN}..."
317	certtool --generate-privkey \
318	--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
319	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
320
321	cat > "${T}/${PF}.$$" <<- _EOF
322	cn = ${CN}
323	tls_www_client
324	dns_name = ${CN}
325	expiration_days = 3650
326	_EOF
327
328	certtool --generate-certificate \
329	--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
330	--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
331	--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
332	--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
333	--template "${T}/${PF}.$$" &>/dev/null
334	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
335
336	rm -f "${T}/${PF}.$$"
337
338	echo
339	einfo "Here is the documentation on how to encrypt your log traffic:"
340	einfo " http://www.rsyslog.com/doc/rsyslog_tls.html"
341	}