# $Id$

PNAME="rsyslog"
PVER="5.8.13"
PBUILD="r4"

PCAT="app-admin"

DESCRIPTION="An enhanced multi-threaded syslog daemon with a focus on security and reliability."
HOMEPAGE="http://www.rsyslog.com/"

DEPEND=">= app-admin/logrotate-3.8
	>= app-crypt/gnutls-2.12
	>= sys-libs/zlib-1.2.7"

PROVIDE="virtual/syslog"

SRCFILE="${PNAME}-${PVER}.tar.gz"
SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"

sminclude mbuild mtools systemd

LOG_REV="1.2"

SRC_URI=(
	http://www.rsyslog.com/files/download/${PNAME}/${SRCFILE}
	mirror://${PNAME}/${SRCFILE}
	mirror://${PNAME}/rsyslog.conf
	mirror://${PNAME}/rsyslog.logrotate-${LOG_REV}
	mirror://${PNAME}/rsyslog.confd
	mirror://${PNAME}/${PNAME}-5.8.1-systemd.patch
)

UP2DATE="updatecmd ${HOMEPAGE}/download/ | grep 'stable' | grep 'Download file' | sed 's:.*\:\ rsyslog\ \(.*\)\ (.*:\1:;q'"

src_prepare()
{
	munpack ${SRCFILE} || die
	cd ${SRCDIR}

	# support /etc/conf.d/rsyslog in systemd units
	mpatch ${PNAME}-5.8.1-systemd.patch || die

	# disable stop of systemd-kmsg-syslogd.service, as this service file does not exist anymore
	sed -i '/systemd-kmsg-syslogd.service/d' rsyslog.service.in || die
}

src_compile()
{
	cd ${SRCDIR}

	mconfigure \
		--with-systemdsystemunitdir=$(mget-systemd-unit-dir) \
		--enable-largefile \
		--enable-mail \
		--enable-imfile \
		--enable-imtemplate \
		--enable-zlib \
		--enable-gnutls \
		--enable-inet \
		--disable-gui \
		--disable-rfc3195 \
		--disable-mysql \
		--disable-pgsql \
		--disable-oracle \
		--disable-snmp \
		|| die

	mmake || die
}

src_install()
{
	cd ${SRCDIR}

	mmake DESTDIR=${BINDIR} install || die
	minstalldocs AUTHORS COPYING ChangeLog NEWS PORTS README* || die

	# rsyslog config
	minstalletc rsyslog.conf || die

	# logrotate config
	minstalllog rsyslog.logrotate-${LOG_REV} rsyslog || die

	# conf.d
	minstallconf rsyslog.confd rsyslog || die

	# needed directories
	mkeepdir /var/spool/rsyslog || die
	mkeepdir /etc/ssl/rsyslog || die
	mkeepdir /etc/rsyslog.d || die
}

postinstall()
{
	local CERTDIR
	local CN
	local TMP=$(mktemp)

	# make sure the certificates directory exists
	CERTDIR="${MROOT}/etc/ssl/rsyslog"
	[ ! -d ${CERTDIR} ] && install -d ${CERTDIR}
	echo "Your certificates will be stored in ${CERTDIR}"

	# create a default CA if needed
	if [ ! -f ${CERTDIR}/rsyslog_ca.cert.pem ]
	then
		echo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
		certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_ca.privkey.pem &>/dev/null
		chmod 400 ${CERTDIR}/rsyslog_ca.privkey.pem

		cat > ${TMP} << EOF
cn = Portage automated CA
ca
cert_signing_key
expiration_days = 3650
EOF

		certtool --generate-self-signed \
			--load-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
			--outfile ${CERTDIR}/rsyslog_ca.cert.pem \
			--template ${TMP} &>/dev/null
		chmod 400 ${CERTDIR}/rsyslog_ca.privkey.pem

		# Create the server certificate

		# use server-hostname as CN!
		CN="server-$(hostname)"
		echo "Creating private key and certificate for server ${CN}..."
		certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_${CN}.key.pem &>/dev/null
		chmod 400 ${CERTDIR}/rsyslog_${CN}.key.pem

		cat > ${TMP} << EOF
cn = ${CN}
tls_www_server
dns_name = ${CN}
expiration_days = 3650
EOF

		certtool --generate-certificate \
			--outfile ${CERTDIR}/rsyslog_${CN}.cert.pem \
			--load-privkey ${CERTDIR}/rsyslog_${CN}.key.pem \
			--load-ca-certificate ${CERTDIR}/rsyslog_ca.cert.pem \
			--load-ca-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
			--template ${TMP} &>/dev/null
		chmod 400 ${CERTDIR}/rsyslog_${CN}.cert.pem
	else
		echo "Found existing ${CERTDIR}/rsyslog_ca.cert.pem, skipping CA and SERVER creation."
	fi

	# Create a client certificate
	# use client-hostname as CN!
	CN="client-$(hostname)"
	echo "Creating private key and certificate for client ${CN}..."
	certtool --generate-privkey --outfile ${CERTDIR}/rsyslog_${CN}.key.pem &>/dev/null
	chmod 400 ${CERTDIR}/rsyslog_${CN}.key.pem

	cat > ${TMP} << EOF
cn = ${CN}
tls_www_client
dns_name = ${CN}
expiration_days = 3650
EOF

	certtool --generate-certificate \
		--outfile ${CERTDIR}/rsyslog_${CN}.cert.pem \
		--load-privkey ${CERTDIR}/rsyslog_${CN}.key.pem \
		--load-ca-certificate ${CERTDIR}/rsyslog_ca.cert.pem \
		--load-ca-privkey ${CERTDIR}/rsyslog_ca.privkey.pem \
		--template ${TMP} &>/dev/null
	chmod 400 ${CERTDIR}/rsyslog_${CN}.cert.pem

	if [ -f ${TMP} ]
	then
		rm -f ${TMP}
	fi

	echo
	echo "Here is the documentation on how to encrypt your log traffic:"
	echo " http://www.rsyslog.com/doc/rsyslog_tls.html"

	# enable systemd units
	mstartunit rsyslog.service rsyslogd
}

postremove()
{
	# disable systemd units
	mstopunit rsyslog.service rsyslogd
}