# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/app-admin/rsyslog/rsyslog-7.4.4.ebuild,v 1.10 2014/04/16 16:14:41 maksbotan Exp $ EAPI=4 AUTOTOOLS_AUTORECONF=yes inherit autotools-utils eutils systemd DESCRIPTION="An enhanced multi-threaded syslogd with database support and more" HOMEPAGE="http://www.rsyslog.com/" SRC_URI="http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz" LICENSE="GPL-3 LGPL-3 Apache-2.0" KEYWORDS="amd64 ~arm hppa x86" SLOT="0" IUSE="dbi debug doc extras kerberos mysql oracle postgres relp snmp ssl static-libs systemd zeromq zlib" RDEPEND=" dev-libs/json-c dev-libs/libee >=dev-libs/libestr-0.1.5 dev-libs/libgcrypt:0 dev-libs/liblognorm dbi? ( dev-db/libdbi ) extras? ( net-libs/libnet ) kerberos? ( virtual/krb5 ) mysql? ( virtual/mysql ) postgres? ( dev-db/postgresql-base ) oracle? ( dev-db/oracle-instantclient-basic ) relp? ( >=dev-libs/librelp-1.0.3 ) snmp? ( net-analyzer/net-snmp ) ssl? ( net-libs/gnutls ) systemd? ( sys-apps/systemd ) zeromq? ( >=net-libs/zeromq-3 /dev/null chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" cat > "${T}/${PF}.$$" <<- _EOF cn = Portage automated CA ca cert_signing_key expiration_days = 3650 _EOF certtool --generate-self-signed \ --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ --outfile "${CERTDIR}/${PN}_ca.cert.pem" \ --template "${T}/${PF}.$$" &>/dev/null chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" # Create the server certificate echo einfon "Please type the Common Name of the SERVER you wish to create a certificate for: " read -r CN einfo "Creating private key and certificate for server ${CN}..." certtool --generate-privkey \ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" cat > "${T}/${PF}.$$" <<- _EOF cn = ${CN} tls_www_server dns_name = ${CN} expiration_days = 3650 _EOF certtool --generate-certificate \ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ --template "${T}/${PF}.$$" &>/dev/null chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" else einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation." fi # Create a client certificate echo einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: " read -r CN einfo "Creating private key and certificate for client ${CN}..." certtool --generate-privkey \ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" cat > "${T}/${PF}.$$" <<- _EOF cn = ${CN} tls_www_client dns_name = ${CN} expiration_days = 3650 _EOF certtool --generate-certificate \ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ --template "${T}/${PF}.$$" &>/dev/null chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" rm -f "${T}/${PF}.$$" echo einfo "Here is the documentation on how to encrypt your log traffic:" einfo " http://www.rsyslog.com/doc/rsyslog_tls.html" }