core/rsyslog/rsyslog-5.8.11-r1.smage2

# $Id$

PNAME="rsyslog"
PVER="5.8.11"
PBUILD="r1"

PCAT="app-admin"

DESCRIPTION="An enhanced multi-threaded syslog daemon with a focus on security and reliability."
HOMEPAGE="http://www.rsyslog.com/"

DEPEND=">= app-admin/logrotate-3.8
	>= app-crypt/gnutls-2.12
	>= sys-libs/zlib-1.2.5"

PROVIDE="virtual/syslog"

SRCFILE="${PNAME}-${PVER}.tar.gz"
SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"

sminclude mbuild mtools

SRC_URI=(
	http://www.rsyslog.com/files/download/${PNAME}/${SRCFILE}
	mirror://${PNAME}/${SRCFILE}
	mirror://${PNAME}/rsyslog.conf
	mirror://${PNAME}/rsyslog.logrotate
	mirror://${PNAME}/rsyslog.confd
	mirror://${PNAME}/${PNAME}-5.8.1-systemd.patch
)

UP2DATE="updatecmd ${HOMEPAGE}/download/ | grep 'stable' | grep 'Download file' | sed 's:.*\:\ rsyslog\ \(.*\)\ (.*:\1:;q'"

src_prepare()
{
	munpack ${SRCFILE} || die
	cd ${SRCDIR}

	# support /etc/conf.d/rsyslog in systemd units
	mpatch ${PNAME}-5.8.1-systemd.patch || die
	# systemd moved to /usr
	sed -i 's:=/bin/systemctl:=/usr/bin/systemctl:g' rsyslog.service.in || die
}

src_compile()
{
	cd ${SRCDIR}

	mconfigure \
		--with-systemdsystemunitdir=/usr/lib/systemd/system \
		--enable-largefile \
		--enable-mail \
		--enable-imfile \
		--enable-imtemplate \
		--enable-zlib \
		--enable-gnutls \
		--enable-inet \
		--disable-gui \
		--disable-rfc3195 \
		--disable-mysql \
		--disable-pgsql \
		--disable-oracle \
		--disable-snmp \
		|| die

	mmake || die
}

src_install()
{
	cd ${SRCDIR}

	mmake DESTDIR=${BINDIR} install || die
	minstalldocs AUTHORS COPYING ChangeLog NEWS PORTS README* || die

	# rsyslog config
	minstalletc rsyslog.conf || die

	# logrotate config
	minstalletc rsyslog.logrotate rsyslog /etc/logrotate.d || die

	# conf.d
	minstallconf rsyslog.confd rsyslog || die

	# needed directories
	mkeepdir /var/spool/rsyslog || die
	mkeepdir /etc/ssl/rsyslog || die
	mkeepdir /etc/rsyslog.d || die
}

postinstall()
{
	local CERTDIR
	local CN
	local TMP=$(mktemp)

	# make sure the certificates directory exists
	CERTDIR="${MROOT}/etc/ssl/rsyslog"
	[ ! -d ${CERTDIR} ] && install -d ${CERTDIR}
	echo "Your certificates will be stored in ${CERTDIR}"

	# create a default CA if needed
	if [ ! -f ${CERTDIR}/rsyslog_ca.cert.pem ]
	then
		echo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
		certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_ca.privkey.pem &>/dev/null
		chmod 400 ${CERTDIR}/rsyslog_ca.privkey.pem

		cat > ${TMP} << EOF
cn = Portage automated CA
ca
cert_signing_key
expiration_days = 3650
EOF

		certtool --generate-self-signed \
			--load-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
			--outfile ${CERTDIR}/rsyslog_ca.cert.pem \
			--template ${TMP} &>/dev/null
		chmod 400 ${CERTDIR}/rsyslog_ca.privkey.pem

		# Create the server certificate

		# use server-hostname as CN!
		CN="server-$(hostname)"
		echo "Creating private key and certificate for server ${CN}..."
		certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_${CN}.key.pem &>/dev/null
		chmod 400 ${CERTDIR}/rsyslog_${CN}.key.pem

		cat > ${TMP} << EOF
cn = ${CN}
tls_www_server
dns_name = ${CN}
expiration_days = 3650
EOF

		certtool --generate-certificate \
			--outfile ${CERTDIR}/rsyslog_${CN}.cert.pem \
			--load-privkey ${CERTDIR}/rsyslog_${CN}.key.pem \
			--load-ca-certificate ${CERTDIR}/rsyslog_ca.cert.pem \
			--load-ca-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
			--template ${TMP} &>/dev/null
		chmod 400 ${CERTDIR}/rsyslog_${CN}.cert.pem
	else
		echo "Found existing ${CERTDIR}/rsyslog_ca.cert.pem, skipping CA and SERVER creation."
	fi

	# Create a client certificate
	# use client-hostname as CN!
	CN="client-$(hostname)"
	echo "Creating private key and certificate for client ${CN}..."
	certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_${CN}.key.pem &>/dev/null
	chmod 400 ${CERTDIR}/rsyslog_${CN}.key.pem

	cat > ${TMP} << EOF
cn = ${CN}
tls_www_client
dns_name = ${CN}
expiration_days = 3650
EOF

	certtool --generate-certificate \
		--outfile ${CERTDIR}/rsyslog_${CN}.cert.pem \
		--load-privkey ${CERTDIR}/rsyslog_${CN}.key.pem \
		--load-ca-certificate ${CERTDIR}/rsyslog_ca.cert.pem \
		--load-ca-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
		--template ${TMP} &>/dev/null
	chmod 400 ${CERTDIR}/rsyslog_${CN}.cert.pem

	if [ -f ${TMP} ]
	then
		rm -f ${TMP}
	fi

	echo
	echo "Here is the documentation on how to encrypt your log traffic:"
	echo " http://www.rsyslog.com/doc/rsyslog_tls.html"

	# enable systemd units
	mstartunit rsyslog.service rsyslogd
}

postremove()
{
	# disable systemd units
	mstopunit rsyslog.service rsyslogd
}
1	# $Id$
2
3	PNAME="rsyslog"
4	PVER="5.8.11"
5	PBUILD="r1"
6
7	PCAT="app-admin"
8
9	DESCRIPTION="An enhanced multi-threaded syslog daemon with a focus on security and reliability."
10	HOMEPAGE="http://www.rsyslog.com/"
11
12	DEPEND=">= app-admin/logrotate-3.8
13	>= app-crypt/gnutls-2.12
14	>= sys-libs/zlib-1.2.5"
15
16	PROVIDE="virtual/syslog"
17
18	SRCFILE="${PNAME}-${PVER}.tar.gz"
19	SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"
20
21	sminclude mbuild mtools
22
23	SRC_URI=(
24	http://www.rsyslog.com/files/download/${PNAME}/${SRCFILE}
25	mirror://${PNAME}/${SRCFILE}
26	mirror://${PNAME}/rsyslog.conf
27	mirror://${PNAME}/rsyslog.logrotate
28	mirror://${PNAME}/rsyslog.confd
29	mirror://${PNAME}/${PNAME}-5.8.1-systemd.patch
30	)
31
32	UP2DATE="updatecmd ${HOMEPAGE}/download/ \| grep 'stable' \| grep 'Download file' \| sed 's:.\:\ rsyslog\ \(.\)\ (.*:\1:;q'"
33
34	src_prepare()
35	{
36	munpack ${SRCFILE} \|\| die
37	cd ${SRCDIR}
38
39	# support /etc/conf.d/rsyslog in systemd units
40	mpatch ${PNAME}-5.8.1-systemd.patch \|\| die
41	# systemd moved to /usr
42	sed -i 's:=/bin/systemctl:=/usr/bin/systemctl:g' rsyslog.service.in \|\| die
43	}
44
45	src_compile()
46	{
47	cd ${SRCDIR}
48
49	mconfigure \
50	--with-systemdsystemunitdir=/usr/lib/systemd/system \
51	--enable-largefile \
52	--enable-mail \
53	--enable-imfile \
54	--enable-imtemplate \
55	--enable-zlib \
56	--enable-gnutls \
57	--enable-inet \
58	--disable-gui \
59	--disable-rfc3195 \
60	--disable-mysql \
61	--disable-pgsql \
62	--disable-oracle \
63	--disable-snmp \
64	\|\| die
65
66	mmake \|\| die
67	}
68
69	src_install()
70	{
71	cd ${SRCDIR}
72
73	mmake DESTDIR=${BINDIR} install \|\| die
74	minstalldocs AUTHORS COPYING ChangeLog NEWS PORTS README* \|\| die
75
76	# rsyslog config
77	minstalletc rsyslog.conf \|\| die
78
79	# logrotate config
80	minstalletc rsyslog.logrotate rsyslog /etc/logrotate.d \|\| die
81
82	# conf.d
83	minstallconf rsyslog.confd rsyslog \|\| die
84
85	# needed directories
86	mkeepdir /var/spool/rsyslog \|\| die
87	mkeepdir /etc/ssl/rsyslog \|\| die
88	mkeepdir /etc/rsyslog.d \|\| die
89	}
90
91	postinstall()
92	{
93	local CERTDIR
94	local CN
95	local TMP=$(mktemp)
96
97	# make sure the certificates directory exists
98	CERTDIR="${MROOT}/etc/ssl/rsyslog"
99	[ ! -d ${CERTDIR} ] && install -d ${CERTDIR}
100	echo "Your certificates will be stored in ${CERTDIR}"
101
102	# create a default CA if needed
103	if [ ! -f ${CERTDIR}/rsyslog_ca.cert.pem ]
104	then
105	echo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
106	certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_ca.privkey.pem &>/dev/null
107	chmod 400 ${CERTDIR}/rsyslog_ca.privkey.pem
108
109	cat > ${TMP} << EOF
110	cn = Portage automated CA
111	ca
112	cert_signing_key
113	expiration_days = 3650
114	EOF
115
116	certtool --generate-self-signed \
117	--load-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
118	--outfile ${CERTDIR}/rsyslog_ca.cert.pem \
119	--template ${TMP} &>/dev/null
120	chmod 400 ${CERTDIR}/rsyslog_ca.privkey.pem
121
122	# Create the server certificate
123
124	# use server-hostname as CN!
125	CN="server-$(hostname)"
126	echo "Creating private key and certificate for server ${CN}..."
127	certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_${CN}.key.pem &>/dev/null
128	chmod 400 ${CERTDIR}/rsyslog_${CN}.key.pem
129
130	cat > ${TMP} << EOF
131	cn = ${CN}
132	tls_www_server
133	dns_name = ${CN}
134	expiration_days = 3650
135	EOF
136
137	certtool --generate-certificate \
138	--outfile ${CERTDIR}/rsyslog_${CN}.cert.pem \
139	--load-privkey ${CERTDIR}/rsyslog_${CN}.key.pem \
140	--load-ca-certificate ${CERTDIR}/rsyslog_ca.cert.pem \
141	--load-ca-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
142	--template ${TMP} &>/dev/null
143	chmod 400 ${CERTDIR}/rsyslog_${CN}.cert.pem
144	else
145	echo "Found existing ${CERTDIR}/rsyslog_ca.cert.pem, skipping CA and SERVER creation."
146	fi
147
148	# Create a client certificate
149	# use client-hostname as CN!
150	CN="client-$(hostname)"
151	echo "Creating private key and certificate for client ${CN}..."
152	certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_${CN}.key.pem &>/dev/null
153	chmod 400 ${CERTDIR}/rsyslog_${CN}.key.pem
154
155	cat > ${TMP} << EOF
156	cn = ${CN}
157	tls_www_client
158	dns_name = ${CN}
159	expiration_days = 3650
160	EOF
161
162	certtool --generate-certificate \
163	--outfile ${CERTDIR}/rsyslog_${CN}.cert.pem \
164	--load-privkey ${CERTDIR}/rsyslog_${CN}.key.pem \
165	--load-ca-certificate ${CERTDIR}/rsyslog_ca.cert.pem \
166	--load-ca-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
167	--template ${TMP} &>/dev/null
168	chmod 400 ${CERTDIR}/rsyslog_${CN}.cert.pem
169
170	if [ -f ${TMP} ]
171	then
172	rm -f ${TMP}
173	fi
174
175	echo
176	echo "Here is the documentation on how to encrypt your log traffic:"
177	echo " http://www.rsyslog.com/doc/rsyslog_tls.html"
178
179	# enable systemd units
180	mstartunit rsyslog.service rsyslogd
181	}
182
183	postremove()
184	{
185	# disable systemd units
186	mstopunit rsyslog.service rsyslogd
187	}