core/rsyslog/rsyslog-5.8.6-r2.smage2

# $Id$

PNAME="rsyslog"
PVER="5.8.6"
PBUILD="r2"

PCATEGORIE="app-admin"

DESCRIPTION="An enhanced multi-threaded syslog daemon with a focus on security and reliability."
HOMEPAGE="http://www.rsyslog.com/"

DEPEND=">= app-admin/logrotate-3.8
	>= app-crypt/gnutls-2.12
	>= sys-libs/zlib-1.2.5"

PROVIDE="virtual/syslog"

SRCFILE="${PNAME}-${PVER}.tar.gz"
SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"

sminclude mbuild mtools

SRC_URI=(
	http://www.rsyslog.com/files/download/${PNAME}/${SRCFILE}
	mirror://${PNAME}/${SRCFILE}
	mirror://${PNAME}/rsyslog.conf
	mirror://${PNAME}/rsyslog.logrotate
	mirror://${PNAME}/rsyslog.confd
	mirror://${PNAME}/${PNAME}-5.8.1-systemd.patch
)

UP2DATE="updatecmd ${HOMEPAGE}/download/ | grep 'stable' | grep 'Download file' | sed 's:.*\:\ rsyslog\ \(.*\)\ (.*:\1:;q'"

src_prepare()
{
	munpack ${SRCFILE} || die
	cd ${SRCDIR}

	# support /etc/conf.d/rsyslog in systemd units
	mpatch ${PNAME}-5.8.1-systemd.patch || die
}

src_compile()
{
	cd ${SRCDIR}

	mconfigure \
		--with-systemdsystemunitdir=/lib/systemd/system \
		--enable-largefile \
		--enable-mail \
		--enable-imfile \
		--enable-imtemplate \
		--enable-zlib \
		--enable-gnutls \
		--enable-inet \
		--disable-gui \
		--disable-rfc3195 \
		--disable-mysql \
		--disable-pgsql \
		--disable-oracle \
		--disable-snmp \
		|| die

	mmake || die
}

src_install()
{
	cd ${SRCDIR}

	mmake DESTDIR=${BINDIR} install || die
	minstalldocs AUTHORS COPYING ChangeLog NEWS PORTS README* || die

	# rsyslog config
	minstalletc rsyslog.conf || die

	# logrotate config
	minstalletc rsyslog.logrotate rsyslog /etc/logrotate.d || die

	# conf.d
	minstallconf rsyslog.confd rsyslog || die

	# needed directories
	mkeepdir /var/spool/rsyslog || die
	mkeepdir /etc/ssl/rsyslog || die
	mkeepdir /etc/rsyslog.d || die
}

postinstall()
{
	local CERTDIR
	local CN
	local TMP=$(mktemp)

	# make sure the certificates directory exists
	CERTDIR="${MROOT}/etc/ssl/rsyslog"
	[ ! -d ${CERTDIR} ] && install -d ${CERTDIR}
	echo "Your certificates will be stored in ${CERTDIR}"

	# create a default CA if needed
	if [ ! -f ${CERTDIR}/rsyslog_ca.cert.pem ]
	then
		echo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
		certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_ca.privkey.pem &>/dev/null
		chmod 400 ${CERTDIR}/rsyslog_ca.privkey.pem

		cat > ${TMP} << EOF
cn = Portage automated CA
ca
cert_signing_key
expiration_days = 3650
EOF

		certtool --generate-self-signed \
			--load-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
			--outfile ${CERTDIR}/rsyslog_ca.cert.pem \
			--template ${TMP} &>/dev/null
		chmod 400 ${CERTDIR}/rsyslog_ca.privkey.pem

		# Create the server certificate

		# use server-hostname as CN!
		CN="server-$(hostname)"
		echo "Creating private key and certificate for server ${CN}..."
		certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_${CN}.key.pem &>/dev/null
		chmod 400 ${CERTDIR}/rsyslog_${CN}.key.pem

		cat > ${TMP} << EOF
cn = ${CN}
tls_www_server
dns_name = ${CN}
expiration_days = 3650
EOF

		certtool --generate-certificate \
			--outfile ${CERTDIR}/rsyslog_${CN}.cert.pem \
			--load-privkey ${CERTDIR}/rsyslog_${CN}.key.pem \
			--load-ca-certificate ${CERTDIR}/rsyslog_ca.cert.pem \
			--load-ca-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
			--template ${TMP} &>/dev/null
		chmod 400 ${CERTDIR}/rsyslog_${CN}.cert.pem
	else
		echo "Found existing ${CERTDIR}/rsyslog_ca.cert.pem, skipping CA and SERVER creation."
	fi

	# Create a client certificate
	# use client-hostname as CN!
	CN="client-$(hostname)"
	echo "Creating private key and certificate for client ${CN}..."
	certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_${CN}.key.pem &>/dev/null
	chmod 400 ${CERTDIR}/rsyslog_${CN}.key.pem

	cat > ${TMP} << EOF
cn = ${CN}
tls_www_client
dns_name = ${CN}
expiration_days = 3650
EOF

	certtool --generate-certificate \
		--outfile ${CERTDIR}/rsyslog_${CN}.cert.pem \
		--load-privkey ${CERTDIR}/rsyslog_${CN}.key.pem \
		--load-ca-certificate ${CERTDIR}/rsyslog_ca.cert.pem \
		--load-ca-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
		--template ${TMP} &>/dev/null
	chmod 400 ${CERTDIR}/rsyslog_${CN}.cert.pem

	if [ -f ${TMP} ]
	then
		rm -f ${TMP}
	fi

	echo
	echo "Here is the documentation on how to encrypt your log traffic:"
	echo " http://www.rsyslog.com/doc/rsyslog_tls.html"

	# enable systemd units
	mstartunit rsyslog.service rsyslogd
}

postremove()
{
	# disable systemd units
	mstopunit rsyslog.service rsyslogd
}
1	niro	9256	# $Id$
2
3			PNAME="rsyslog"
4			PVER="5.8.6"
5			PBUILD="r2"
6
7			PCATEGORIE="app-admin"
8
9			DESCRIPTION="An enhanced multi-threaded syslog daemon with a focus on security and reliability."
10			HOMEPAGE="http://www.rsyslog.com/"
11
12			DEPEND=">= app-admin/logrotate-3.8
13			>= app-crypt/gnutls-2.12
14			>= sys-libs/zlib-1.2.5"
15
16			PROVIDE="virtual/syslog"
17
18			SRCFILE="${PNAME}-${PVER}.tar.gz"
19			SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"
20
21			sminclude mbuild mtools
22
23			SRC_URI=(
24			http://www.rsyslog.com/files/download/${PNAME}/${SRCFILE}
25			mirror://${PNAME}/${SRCFILE}
26			mirror://${PNAME}/rsyslog.conf
27			mirror://${PNAME}/rsyslog.logrotate
28			mirror://${PNAME}/rsyslog.confd
29			mirror://${PNAME}/${PNAME}-5.8.1-systemd.patch
30			)
31
32			UP2DATE="updatecmd ${HOMEPAGE}/download/ \| grep 'stable' \| grep 'Download file' \| sed 's:.\:\ rsyslog\ \(.\)\ (.*:\1:;q'"
33
34			src_prepare()
35			{
36			munpack ${SRCFILE} \|\| die
37			cd ${SRCDIR}
38
39			# support /etc/conf.d/rsyslog in systemd units
40			mpatch ${PNAME}-5.8.1-systemd.patch \|\| die
41			}
42
43			src_compile()
44			{
45			cd ${SRCDIR}
46
47			mconfigure \
48			--with-systemdsystemunitdir=/lib/systemd/system \
49			--enable-largefile \
50			--enable-mail \
51			--enable-imfile \
52			--enable-imtemplate \
53			--enable-zlib \
54			--enable-gnutls \
55			--enable-inet \
56			--disable-gui \
57			--disable-rfc3195 \
58			--disable-mysql \
59			--disable-pgsql \
60			--disable-oracle \
61			--disable-snmp \
62			\|\| die
63
64			mmake \|\| die
65			}
66
67			src_install()
68			{
69			cd ${SRCDIR}
70
71			mmake DESTDIR=${BINDIR} install \|\| die
72			minstalldocs AUTHORS COPYING ChangeLog NEWS PORTS README* \|\| die
73
74			# rsyslog config
75			minstalletc rsyslog.conf \|\| die
76
77			# logrotate config
78			minstalletc rsyslog.logrotate rsyslog /etc/logrotate.d \|\| die
79
80			# conf.d
81			minstallconf rsyslog.confd rsyslog \|\| die
82
83			# needed directories
84			mkeepdir /var/spool/rsyslog \|\| die
85			mkeepdir /etc/ssl/rsyslog \|\| die
86			mkeepdir /etc/rsyslog.d \|\| die
87			}
88
89			postinstall()
90			{
91			local CERTDIR
92			local CN
93			local TMP=$(mktemp)
94
95			# make sure the certificates directory exists
96			CERTDIR="${MROOT}/etc/ssl/rsyslog"
97			[ ! -d ${CERTDIR} ] && install -d ${CERTDIR}
98			echo "Your certificates will be stored in ${CERTDIR}"
99
100			# create a default CA if needed
101			if [ ! -f ${CERTDIR}/rsyslog_ca.cert.pem ]
102			then
103			echo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
104			certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_ca.privkey.pem &>/dev/null
105			chmod 400 ${CERTDIR}/rsyslog_ca.privkey.pem
106
107			cat > ${TMP} << EOF
108			cn = Portage automated CA
109			ca
110			cert_signing_key
111			expiration_days = 3650
112			EOF
113
114			certtool --generate-self-signed \
115			--load-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
116			--outfile ${CERTDIR}/rsyslog_ca.cert.pem \
117			--template ${TMP} &>/dev/null
118			chmod 400 ${CERTDIR}/rsyslog_ca.privkey.pem
119
120			# Create the server certificate
121
122			# use server-hostname as CN!
123			CN="server-$(hostname)"
124			echo "Creating private key and certificate for server ${CN}..."
125			certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_${CN}.key.pem &>/dev/null
126			chmod 400 ${CERTDIR}/rsyslog_${CN}.key.pem
127
128			cat > ${TMP} << EOF
129			cn = ${CN}
130			tls_www_server
131			dns_name = ${CN}
132			expiration_days = 3650
133			EOF
134
135			certtool --generate-certificate \
136			--outfile ${CERTDIR}/rsyslog_${CN}.cert.pem \
137			--load-privkey ${CERTDIR}/rsyslog_${CN}.key.pem \
138			--load-ca-certificate ${CERTDIR}/rsyslog_ca.cert.pem \
139			--load-ca-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
140			--template ${TMP} &>/dev/null
141			chmod 400 ${CERTDIR}/rsyslog_${CN}.cert.pem
142			else
143			echo "Found existing ${CERTDIR}/rsyslog_ca.cert.pem, skipping CA and SERVER creation."
144			fi
145
146			# Create a client certificate
147			# use client-hostname as CN!
148			CN="client-$(hostname)"
149			echo "Creating private key and certificate for client ${CN}..."
150			certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_${CN}.key.pem &>/dev/null
151			chmod 400 ${CERTDIR}/rsyslog_${CN}.key.pem
152
153			cat > ${TMP} << EOF
154			cn = ${CN}
155			tls_www_client
156			dns_name = ${CN}
157			expiration_days = 3650
158			EOF
159
160			certtool --generate-certificate \
161			--outfile ${CERTDIR}/rsyslog_${CN}.cert.pem \
162			--load-privkey ${CERTDIR}/rsyslog_${CN}.key.pem \
163			--load-ca-certificate ${CERTDIR}/rsyslog_ca.cert.pem \
164			--load-ca-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
165			--template ${TMP} &>/dev/null
166			chmod 400 ${CERTDIR}/rsyslog_${CN}.cert.pem
167
168			if [ -f ${TMP} ]
169			then
170			rm -f ${TMP}
171			fi
172
173			echo
174			echo "Here is the documentation on how to encrypt your log traffic:"
175			echo " http://www.rsyslog.com/doc/rsyslog_tls.html"
176
177			# enable systemd units
178			mstartunit rsyslog.service rsyslogd
179			}
180
181			postremove()
182			{
183			# disable systemd units
184			mstopunit rsyslog.service rsyslogd
185			}