# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 PYTHON_COMPAT=( python3_{10..12} ) inherit autotools flag-o-matic linux-info python-any-r1 systemd DESCRIPTION="An enhanced multi-threaded syslogd with database support and more" HOMEPAGE="https://www.rsyslog.com/ https://github.com/rsyslog/rsyslog/" if [[ "${PV}" == *9999* ]]; then EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git" DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git" inherit git-r3 else SRC_URI=" https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz doc? ( https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz ) " KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc64 ~riscv ~sparc ~x86" fi LICENSE="GPL-3 LGPL-3 Apache-2.0" SLOT="0" IUSE="clickhouse curl dbi debug doc elasticsearch +gcrypt gnutls imhttp" IUSE+=" impcap jemalloc kafka kerberos kubernetes mdblookup" IUSE+=" mongodb mysql normalize omhttp omhttpfs omudpspoof +openssl" IUSE+=" postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp +ssl" IUSE+=" systemd test usertools +uuid xxhash zeromq" RESTRICT="!test? ( test )" REQUIRED_USE=" kubernetes? ( normalize ) ssl? ( || ( gnutls openssl ) ) " BDEPEND=">=dev-build/autoconf-archive-2015.02.24 sys-apps/lsb-release virtual/pkgconfig test? ( jemalloc? ( /dev/null; then die "certtool not found! Is net-libs/gnutls[tools] is installed?" fi # Make sure the certificates directory exists local CERTDIR="${EROOT}/etc/ssl/${PN}" if [[ ! -d "${CERTDIR}" ]]; then mkdir "${CERTDIR}" || die fi einfo "Your certificates will be stored in ${CERTDIR}" # Create a default CA if needed if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..." certtool --generate-privkey \ --outfile "${CERTDIR}/${PN}_ca.privkey.pem" || die chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" cat > "${T}/${PF}.$$" <<- _EOF cn = Portage automated CA ca cert_signing_key expiration_days = 3650 _EOF certtool --generate-self-signed \ --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ --outfile "${CERTDIR}/${PN}_ca.cert.pem" \ --template "${T}/${PF}.$$" || die chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" # Create the server certificate echo einfon "Please type the Common Name of the SERVER you wish to create a certificate for: " read -r CN einfo "Creating private key and certificate for server ${CN}..." certtool --generate-privkey \ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" || die chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" cat > "${T}/${PF}.$$" <<- _EOF cn = ${CN} tls_www_server dns_name = ${CN} expiration_days = 3650 _EOF certtool --generate-certificate \ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ --template "${T}/${PF}.$$" &>/dev/null chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" else einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation." fi # Create a client certificate echo einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: " read -r CN einfo "Creating private key and certificate for client ${CN}..." certtool --generate-privkey \ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" || die chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" cat > "${T}/${PF}.$$" <<- _EOF cn = ${CN} tls_www_client dns_name = ${CN} expiration_days = 3650 _EOF certtool --generate-certificate \ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ --template "${T}/${PF}.$$" || die chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" rm -f "${T}/${PF}.$$" echo einfo "Here is the documentation on how to encrypt your log traffic:" einfo " https://www.rsyslog.com/doc/rsyslog_tls.html" }