summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUltrabug <ultrabug@gentoo.org>2014-05-20 15:05:57 +0200
committerUltrabug <ultrabug@gentoo.org>2014-05-20 15:05:57 +0200
commit2071124e11d18eb9d6da292d059b1dfac3108311 (patch)
tree16bbbb5b8b3689b8d96f9b0d3a21b03ef6155a1a /app-admin
parentbump manifest (diff)
downloadultrabug-2071124e11d18eb9d6da292d059b1dfac3108311.tar.gz
ultrabug-2071124e11d18eb9d6da292d059b1dfac3108311.tar.bz2
ultrabug-2071124e11d18eb9d6da292d059b1dfac3108311.zip
add rsyslog wrt bug #501988
Diffstat (limited to 'app-admin')
-rw-r--r--app-admin/rsyslog/Manifest13
-rw-r--r--app-admin/rsyslog/files/7-stable/50-default.conf95
-rw-r--r--app-admin/rsyslog/files/7-stable/README.gentoo36
-rw-r--r--app-admin/rsyslog/files/7-stable/bugfix_52.patch100
-rw-r--r--app-admin/rsyslog/files/7-stable/bugfix_73.patch103
-rw-r--r--app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch25
-rw-r--r--app-admin/rsyslog/files/7-stable/rsyslog-7.x-mmjsonparse.patch26
-rw-r--r--app-admin/rsyslog/files/7-stable/rsyslog.conf61
-rw-r--r--app-admin/rsyslog/files/7-stable/rsyslog.confd-r130
-rw-r--r--app-admin/rsyslog/files/7-stable/rsyslog.initd-r169
-rw-r--r--app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r137
-rw-r--r--app-admin/rsyslog/metadata.xml41
-rw-r--r--app-admin/rsyslog/rsyslog-7.6.3.ebuild327
13 files changed, 963 insertions, 0 deletions
diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest
new file mode 100644
index 0000000..d06c4dd
--- /dev/null
+++ b/app-admin/rsyslog/Manifest
@@ -0,0 +1,13 @@
+AUX 7-stable/50-default.conf 1701 SHA256 61c1dd1450f574a21a8d8375faaf3e42f9856df91011150ff13c0cfddc86ed41 SHA512 33e4e63239b9112fec1a37115ac80ab8dbd6e7189d9d29b1bc743c433e0124ea0d1a4cf6f7ada9e5b92e9b0025b6617a1a16f4c491e743bbf4327a5f376a1ea9 WHIRLPOOL d33b83bb690e78b5e5f7cfc090d21da03615c891a287b1f3a92a51514dcad1f5dfe8d2ceed867b3007768d47f48d207fac43a1ff33a85b24c21a5531cdf9d311
+AUX 7-stable/README.gentoo 1126 SHA256 29b4c68f521f2f1f138f44c4635da1a270fed9cbd4a780569754080987aa777c SHA512 46fdf3350e2005d3ef588d50dfc6d474a1b5d3010329b656879a43cbbd7be0cd91944b88d3838f45f69c830fc28c42e7fac2cd52e0a4b24bb6780562d59ae384 WHIRLPOOL a1a3ec8b887110a01e8c1c1320f25493dd8ff343e4b08780c30c9bc3bb842afa0ef79db08195db876697c1a69807f49a8b3793609d25f78559fa534507fc195e
+AUX 7-stable/bugfix_52.patch 3776 SHA256 756f7630fa2c14d9605ce560f608acdc66277abb4592feec11dc05ef9ecc01cc SHA512 1b4fb7efd2a9e3a5b16003124e63ff5434512d9d103d938d2cfaf9ceb6087bad83d5141c21bd1d13b8dad7c67b58e0359fc836dc8263652eafd5404d181b0a4f WHIRLPOOL f0062ca640e11957da6621d8e73189e6be9eca275adfff32e3f701235682535cc42d34709a9c912541764af3d74073afd82c8d8048a3521eab9b70f8198ea02d
+AUX 7-stable/bugfix_73.patch 3575 SHA256 f621d578f730c8d633e42af977077f3c67e894acd4e8c7702dd6a41e85232062 SHA512 67996a804673214e4c23ceaf8c0092a1cf8288024180c047b96b773ee55db05e95b8da4b73ea0db5cdfabc8b49a632d6b313cf54dad23a80d9fd1bf243590971 WHIRLPOOL 371ded4813d1f3b65e570eefd366c1ca9ffabf38b1b5b5b80d6d632b3574bea272a8a802ec2b956d69359ac8f44c5b66d0c0ed66d898dbe96784a9090c4585a3
+AUX 7-stable/fix-omruleset-default-value.patch 834 SHA256 9b9506a1141ef8619ba98e4bb8e2c8ad23e6a51e64d971db8ee461c073ef1ae0 SHA512 64113caf4ec31100f1ad4dbfef27ac39e6be09f0560b1a77ad54b2c7aaf8469780b4ba17ef892cbcf80931a4d7070b40b4ca22265553568d2302eaf5ab976e5e WHIRLPOOL 7aa020772813d2611c90f7605497ece6f1ed32c1e3b75f0fc7360492186dfe0b522275d128c185013c1849b64c7c1550f1752397239609f18583a475f44361cf
+AUX 7-stable/rsyslog-7.x-mmjsonparse.patch 952 SHA256 8db6b4c0001ae53306ceb685ef245c6978e143c71c9642e634cbed98e6d2dde8 SHA512 4446349f75ff5726d1bffe261f607dd8710c31d1254925928ffcc825a0f86d96b281962150bfa8e85846b94610d0a15f0932ef6b041d390bd4402657ad0f47b7 WHIRLPOOL 1ba7a6db2cb753953f0ae8e701a9b7150b99bf553b653ba2b82c6f6d1bf76461efa1cbfb1d026e5e459069cbfc6e868d46743e38c9a01583b1ff4f7a4225ed69
+AUX 7-stable/rsyslog.conf 1562 SHA256 fc70a94213b5eb519febf9aa7d758ee9526433bcc5683bcb7451d16e65a2f5b0 SHA512 1720174fab020e2de590f3d6bbb03784aca1928fe05f7e75e02fb4597cb8b2ee755e6deb8e8f989060511044ae483f791f496f24e0eecaf27eb9e0b5e20a2c7a WHIRLPOOL 97cf3fdee62a9339b412ebe93b71b2d6804df60aad9cb7e71779fcaddb01d489e38bbb353557864ea38aba384e664e6da636812c3c078ed9e22e261ed7b78cba
+AUX 7-stable/rsyslog.confd-r1 1140 SHA256 f0b15a0334f6177a6cf23cb9b169302c75745dc30857f24a7d11892feb6b1ee4 SHA512 8501be8d0abc166994863db61afa5a4ef120aaec601d86fb71711b557741d39b29b96a4d688e7af6ad8d5d15a1257821ca299c5f7391f2ce66cd95e33ea2ff7c WHIRLPOOL 0a3617defa10acfa693a3339e1f7ec69c9272b44aac6fda30b49452f32ea7037743acfd871cea025f1e584639725588286056db6e17663c2806ed47088600d35
+AUX 7-stable/rsyslog.initd-r1 1597 SHA256 30615d3d29155675e09fa1082a5851fb6e260e1f914d899b7fd23430a2b95249 SHA512 5dd92f557831e6ecd9c6acfea2a7168fbc40cca10c7dd9241097c58dd7369e39fab7c7f988d0e4450c258c18886e3769715d0b6feb632023daa8f6d178cae18f WHIRLPOOL 61ca87c8f21ccbabc449fe0dc4743cbaa259a12e903ae8ba5c01b04e7a21dc867fc37334350c78e1d3a5a2c7233b880c6affe00f205384c57fe79e0ed3a1512a
+AUX 7-stable/rsyslog.logrotate-r1 682 SHA256 89cc8f13c1f7a3ae446b40da7b31cdf471e2c9e2d3d5b8f48e524f7a82fbff89 SHA512 6c58abd2f02157177a61695f53eccbf201c514821b0c551a4812621e8d3dd2da9b5cd651d93860cb51ebdbdc7056d0ef0dde99c2a57ac3c43aa968a141805912 WHIRLPOOL 9d29c2c9351252887c3dad78962df942bb1cd7387eb44e3c98764319f82d90c42d255a5642c55bb37811fb903e1c5314ca536bc9d32ccfd0535f0579f4e25ff0
+DIST rsyslog-7.6.3.tar.gz 3052448 SHA256 013359035f8b6e5a4328edaffbda1120974accaba36ddc5de66a582fa588f5ec SHA512 f5bafbf7e40011e583a01d20beb1a98b78512cd537128c8f925c27b1906b22471b98d11e58c41256570fc205ec7ca756219d5cf44041ffe4e613fbd802d1f309 WHIRLPOOL 23719d6451eec4d21b022dfc2701726a00adeb132f8fe7e93826fba8693edbf949d7b6a9f3fac358482ee86b65fbccfd25330a6bbbd522e92bfc659bf01ec243
+EBUILD rsyslog-7.6.3.ebuild 9198 SHA256 e477a6511cc50f29d0a124ff6c071ef3d44929b2366d4157f6c021a9cbd1e5be SHA512 04eb75d3667b357091e4189d258c45a71b7806df0edc4c3f17228e7253740e22337f93e682854ed15df17afd96bb6df0726e94c4b6974e1d9c6b718589534c80 WHIRLPOOL 4880f7e37d0a8651645958c5139dbf741f47e17ac3c8cd5448783c5392bf4d7071d30347d9d42fd8ce3063387053bc3bb4200e13bcceb5e7f94b8ac50f4bd35a
+MISC metadata.xml 2941 SHA256 3d75473e17679907bf3170ec29f377f6eac2ee67408685015de41584713a68c1 SHA512 57b479b75864889ce2b143921c7e717229ba88f1eb470db0c6d2b151a5061b2b6fc5138b50c6e96c1d715ac0d05d48ed4c34375d42c0ea9cc3703c4f92625c44 WHIRLPOOL 70bfd3127b8f630e009d5226de5fc39b42a6f188069f68aead8986661516b171879bccb82cf1d444c150dd004cddddf9402e60e2d3ce43f1108171ffe84ec304
diff --git a/app-admin/rsyslog/files/7-stable/50-default.conf b/app-admin/rsyslog/files/7-stable/50-default.conf
new file mode 100644
index 0000000..9ae8578
--- /dev/null
+++ b/app-admin/rsyslog/files/7-stable/50-default.conf
@@ -0,0 +1,95 @@
+#######################
+### DEFAULT ACTIONS ###
+#######################
+
+auth,authpriv.* action(
+ type="omfile"
+ File="/var/log/auth.log"
+ FileCreateMode="0600"
+ FileOwner="root"
+ FileGroup="adm"
+ Sync="off"
+)
+
+cron.* action(
+ type="omfile"
+ File="/var/log/cron.log"
+ FileOwner="root"
+ FileGroup="adm"
+)
+
+daemon.* action(
+ type="omfile"
+ File="/var/log/daemon.log"
+ FileOwner="root"
+ FileGroup="adm"
+)
+
+kern.* action(
+ type="omfile"
+ File="/var/log/kern.log"
+ FileOwner="root"
+ FileGroup="adm"
+)
+
+lpr.* action(
+ type="omfile"
+ File="/var/log/lpr.log"
+ FileOwner="root"
+ FileGroup="adm"
+)
+
+mail.* action(
+ type="omfile"
+ File="/var/log/mail.log"
+ FileOwner="root"
+ FileGroup="adm"
+)
+
+news.* action(
+ type="omfile"
+ File="/var/log/news.log"
+ FileOwner="root"
+ FileGroup="adm"
+)
+
+user.* action(
+ type="omfile"
+ File="/var/log/user.log"
+ FileOwner="root"
+ FileGroup="adm"
+)
+
+*.=debug;auth,authpriv,news,mail.none action(
+ type="omfile"
+ File="/var/log/debug.log"
+ FileOwner="root"
+ FileGroup="adm"
+)
+
+*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action(
+ type="omfile"
+ File="/var/log/messages"
+ FileOwner="root"
+ FileGroup="adm"
+)
+
+# Uncomment the following directive to re-enable the
+# deprecated "/var/log/syslog" log file (don't forget to re-enable log
+# rotation in "/etc/logrotate.d/rsyslog" if you do that!)
+#*.*;auth,authpriv.none action(
+# type="omfile"
+# File="/var/log/syslog"
+# FileOwner="root"
+# FileGroup="adm"
+#)
+
+*.emerg action(
+ type="omusrmsg"
+ Users="*"
+ action.execOnlyOnceEveryInterval="10"
+)
+
+# Create an additional socket for the default chroot location
+# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744)
+input(type="imuxsock" Socket="/var/empty/dev/log")
diff --git a/app-admin/rsyslog/files/7-stable/README.gentoo b/app-admin/rsyslog/files/7-stable/README.gentoo
new file mode 100644
index 0000000..9f0666c
--- /dev/null
+++ b/app-admin/rsyslog/files/7-stable/README.gentoo
@@ -0,0 +1,36 @@
+Introduction
+============
+
+Since rsyslog version 7.6 we are shipping a new default Gentoo
+configuration. See bug #501982 to learn more about what we were trying to
+achieve by rewriting the entire configuration.
+
+
+Important changes
+=================
+
+1. "/var/log/syslog" log file is now deprecated
+
+ Beginning with rsyslog-7.6, the "/var/log/syslog" log file will no
+ longer being written per default. We are considering this file as
+ deprecated/obsolet for the typical user/system.
+ The content from this log file is still availble through other
+ (dedicated) log files, see
+
+ - /var/log/cron.log
+ - /var/log/daemon.log
+ - /var/log/mail.log
+ - /var/log/messages
+
+ If you really need the old "/var/log/syslog" log file, all you have to
+ do is uncommenting the corresponding configuration directive in
+ "/etc/rsyslog.d/50-default.conf".
+
+ If you do so, don't forget to re-enable log rotation in
+ "/etc/logrotate.d/rsyslog", too.
+
+
+2. An additional input socket in "/var/empty/dev/log" (default chroot
+ location) will be created per default
+
+ See bug #490744 for further details.
diff --git a/app-admin/rsyslog/files/7-stable/bugfix_52.patch b/app-admin/rsyslog/files/7-stable/bugfix_52.patch
new file mode 100644
index 0000000..f5da7b9
--- /dev/null
+++ b/app-admin/rsyslog/files/7-stable/bugfix_52.patch
@@ -0,0 +1,100 @@
+From b017e29aad70702c69e6016b07a932b7825a83e5 Mon Sep 17 00:00:00 2001
+From: Thomas D <whissi@whissi.de>
+Date: Sat, 3 May 2014 14:45:25 +0200
+Subject: [PATCH] Remove "--enable-cached-man-pages" switch and make rst2man
+ optional when required man pages already exist
+
+This commit backports the bugfix for issue #52 for the v7-stable branch.
+---
+ configure.ac | 61 +++++++++++++++++++++++++++++++++++-------------------------
+ 1 file changed, 36 insertions(+), 25 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 0dd40c2..07d96dd 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1087,30 +1087,6 @@ fi
+ AM_CONDITIONAL(ENABLE_GUARDTIME, test x$enable_guardtime = xyes)
+
+
+-# Support using cached man file copies, to avoid the need for rst2man
+-# in the build environment
+-AC_ARG_ENABLE(cached_man_pages,
+- [AS_HELP_STRING([--enable-cached-man-pages],[Enable using cached versions of man files (avoid rst2man) @<:@default=no@:>@])],
+- [case "${enableval}" in
+- yes) enable_cached_man_pages="yes" ;;
+- no) enable_cached_man_pages="no" ;;
+- *) AC_MSG_ERROR(bad value ${enableval} for --enable-cached-man-pages) ;;
+- esac],
+- [enable_cached_man_pages=no]
+-)
+-if test "x$enable_cached_man_pages" = "xno"; then
+-# obtain path for rst2man
+- if test "x$enable_libgcrypt" = "xyes" || \
+- test "x$enable_guardtime" = "xyes"; then
+- AC_PATH_PROG([RST2MAN], [rst2man])
+- if test "x${RST2MAN}" == "x"; then
+- AC_MSG_FAILURE([rst2man not found in PATH])
+- fi
+- fi
+-fi
+-
+-
+-
+ # RFC 3195 support
+ AC_ARG_ENABLE(rfc3195,
+ [AS_HELP_STRING([--enable-rfc3195],[Enable RFC3195 support @<:@default=no@:>@])],
+@@ -1519,6 +1495,41 @@ AM_CONDITIONAL(ENABLE_OMHIREDIS, test x$enable_omhiredis = xyes)
+
+ # END HIREDIS SUPPORT
+
++
++AC_CHECKING([if required man pages already exist])
++have_to_generate_man_pages="no"
++
++# man pages for libgcrypt module
++if test "x$enable_usertools" = "xyes" && test "x$enable_libgcrypt" = "xyes"; then
++ AC_CHECK_FILES(["tools/rscryutil.1" "tools/rsgtutil.1"],
++ [],
++ [have_to_generate_man_pages="yes"]
++ )
++fi
++
++# man pages for GuardTime module
++if test "x$enable_usertools" = "xyes" && test "x$enable_guardtime" = "xyes"; then
++ AC_CHECK_FILES(["tools/rscryutil.1" "tools/rsgtutil.1"],
++ [],
++ [have_to_generate_man_pages="yes"]
++ )
++fi
++
++if test "x$have_to_generate_man_pages" = "xyes"; then
++ AC_MSG_RESULT([Some man pages are missing. We need rst2man to generate the missing man pages from source...])
++else
++ AC_MSG_RESULT([All required man pages found. We don't need rst2man!])
++fi
++
++if test "x$have_to_generate_man_pages" = "xyes"; then
++ # We need rst2man to generate our man pages
++ AC_CHECK_PROGS([RST2MAN], [rst2man rst2man.py], [])
++ if test -z "$RST2MAN"; then
++ AC_MSG_ERROR([rst2man is required to build man pages. You can use the release tarball with pregenerated man pages to avoid this depedency.])
++ fi
++fi
++
++
+ AC_CONFIG_FILES([Makefile \
+ runtime/Makefile \
+ compat/Makefile \
+@@ -1594,7 +1605,7 @@ echo " Zlib compression support enabled: $enable_zlib"
+ echo " rsyslog runtime will be built: $enable_rsyslogrt"
+ echo " rsyslogd will be built: $enable_rsyslogd"
+ echo " GUI components will be built: $enable_gui"
+-echo " cached man files will be used: $enable_cached_man_pages"
++echo " have to generate man pages: $have_to_generate_man_pages"
+ echo " Unlimited select() support enabled: $enable_unlimited_select"
+ echo " uuid support enabled: $enable_uuid"
+ echo " Log file signing support: $enable_guardtime"
+--
+1.9.2
+
diff --git a/app-admin/rsyslog/files/7-stable/bugfix_73.patch b/app-admin/rsyslog/files/7-stable/bugfix_73.patch
new file mode 100644
index 0000000..cc295d6
--- /dev/null
+++ b/app-admin/rsyslog/files/7-stable/bugfix_73.patch
@@ -0,0 +1,103 @@
+This patch will update the pre-generated rscryutil man page from the release
+tarball so we don't need to depend on dev-python/docutils.
+
+https://github.com/rsyslog/rsyslog/issues/73
+
+diff -rupN old/rsyslog-7.6.3/tools/rscryutil.1 new/rsyslog-7.6.3/tools/rscryutil.1
+--- old/rsyslog-7.6.3/tools/rscryutil.1 2013-10-29 16:31:21.000000000 +0100
++++ new/rsyslog-7.6.3/tools/rscryutil.1 2014-05-03 20:41:46.143825094 +0200
+@@ -1,4 +1,4 @@
+-.\" Man page generated from reStructeredText.
++.\" Man page generated from reStructuredText.
+ .
+ .TH RSCRYUTIL 1 "2013-04-15" "" ""
+ .SH NAME
+@@ -31,12 +31,16 @@ level margin: \\n[rst2man-indent\\n[rst2
+ .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+ ..
+ .SH SYNOPSIS
++.INDENT 0.0
++.INDENT 3.5
+ .sp
+ .nf
+ .ft C
+ rscryutil [OPTIONS] [FILE] ...
+ .ft P
+ .fi
++.UNINDENT
++.UNINDENT
+ .SH DESCRIPTION
+ .sp
+ This tool performs various operations on encrypted log files.
+@@ -44,46 +48,46 @@ Most importantly, it provides the abilit
+ .SH OPTIONS
+ .INDENT 0.0
+ .TP
+-.B \-d, \-\-decrypt
++.B \-d\fP,\fB \-\-decrypt
+ Select decryption mode. This is the default mode.
+ .TP
+-.BI \-W, \-\-write\-keyfile \ <file>
++.BI \-W\fP,\fB \-\-write\-keyfile \ <file>
+ Utility function to write a key to a keyfile. The key can be obtained
+ via any method.
+ .TP
+-.B \-v, \-\-verbose
++.B \-v\fP,\fB \-\-verbose
+ Select verbose mode.
+ .TP
+-.B \-f, \-\-force
++.B \-f\fP,\fB \-\-force
+ Forces operations that otherwise would fail.
+ .TP
+-.BI \-k, \-\-keyfile \ <file>
++.BI \-k\fP,\fB \-\-keyfile \ <file>
+ Reads the key from <file>. File _must_ contain the key, only, no headers
+ or other meta information. Keyfiles can be generated via the
+ \fI\-\-write\-keyfile\fP option.
+ .TP
+-.BI \-p, \-\-key\-program \ <path\-to\-program>
++.BI \-p\fP,\fB \-\-key\-program \ <path\-to\-program>
+ In this mode, the key is provided by a so\-called "key program". This program
+ is executed and must return the key to (as well as some meta information)
+ via stdout. The core idea of key programs is that using this interface the
+ user can implement as complex (and secure) method to obtain keys as
+ desired, all without the need to make modifications to rsyslog.
+ .TP
+-.BI \-K, \-\-key \ <KEY>
++.BI \-K\fP,\fB \-\-key \ <KEY>
+ TESTING AID, NOT FOR PRODUCTION USE. This uses the KEY specified
+ on the command line. This is the actual key, and as such this mode
+ is highly insecure. However, it can be useful for intial testing
+ steps. This option may be removed in the future.
+ .TP
+-.BI \-a, \-\-algo \ <algo>
++.BI \-a\fP,\fB \-\-algo \ <algo>
+ Sets the encryption algorightm (cipher) to be used. See below
+ for supported algorithms. The default is "AES128".
+ .TP
+-.BI \-m, \-\-mode \ <mode>
++.BI \-m\fP,\fB \-\-mode \ <mode>
+ Sets the ciphermode to be used. See below for supported modes.
+ The default is "CBC".
+ .TP
+-.BI \-r, \-\-generate\-random\-key \ <bytes>
++.BI \-r\fP,\fB \-\-generate\-random\-key \ <bytes>
+ Generates a random key of length <bytes>. This option is
+ meant to be used together with \fI\-\-write\-keyfile\fP (and it is hard
+ to envision any other valid use for it).
+@@ -97,7 +101,7 @@ multiple operations mode are set on the
+ unpredictable.
+ .SS decrypt
+ .sp
+-The provided log files are decrypted. Note that the \fI.encinfo\fP side files
++The provided log files are decrypted. Note that the \fI\&.encinfo\fP side files
+ must exist and be accessible in order for decryption to to work.
+ .SS write\-keyfile
+ .sp
+@@ -198,5 +202,4 @@ LGPLv2.
+ .SH AUTHOR
+ Rainer Gerhards <rgerhards@adiscon.com>
+ .\" Generated by docutils manpage writer.
+-.\"
+ .
diff --git a/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch b/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch
new file mode 100644
index 0000000..816471c
--- /dev/null
+++ b/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch
@@ -0,0 +1,25 @@
+From 14f3b45151864aa4170de515f406a69ad2931eba Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards <rgerhards@adiscon.com>
+Date: Thu, 31 Oct 2013 18:21:47 +0100
+Subject: [PATCH] module omruleset is no longer enabled by default.
+
+Note that it has been deprecated in v7 and been replaced by the "call"
+statement. Also, it can still be build without problems, the option must
+just explicitely be given.
+---
+diff --git a/configure.ac b/configure.ac
+index 3abd559..de4c3ea 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1353,7 +1353,7 @@ AC_ARG_ENABLE(omruleset,
+ no) enable_omruleset="no" ;;
+ *) AC_MSG_ERROR(bad value ${enableval} for --enable-omruleset) ;;
+ esac],
+- [enable_omruleset=yes]
++ [enable_omruleset=no]
+ )
+ AM_CONDITIONAL(ENABLE_OMRULESET, test x$enable_omruleset = xyes)
+
+--
+1.9.1
+
diff --git a/app-admin/rsyslog/files/7-stable/rsyslog-7.x-mmjsonparse.patch b/app-admin/rsyslog/files/7-stable/rsyslog-7.x-mmjsonparse.patch
new file mode 100644
index 0000000..ad5c8ea
--- /dev/null
+++ b/app-admin/rsyslog/files/7-stable/rsyslog-7.x-mmjsonparse.patch
@@ -0,0 +1,26 @@
+From d6f5d5aae579455badb2d546f8ef292956720824 Mon Sep 17 00:00:00 2001
+From: Thomas D <whissi@whissi.de>
+Date: Tue, 15 Apr 2014 17:56:05 +0200
+Subject: [PATCH] Fix for https://github.com/rsyslog/rsyslog/issues/61
+
+Based on Maxim Koltsov proposed patch from https://bugs.gentoo.org/show_bug.cgi?id=507730
+---
+ plugins/mmjsonparse/mmjsonparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins/mmjsonparse/mmjsonparse.c b/plugins/mmjsonparse/mmjsonparse.c
+index b16aef0..a5bfaa2 100644
+--- a/plugins/mmjsonparse/mmjsonparse.c
++++ b/plugins/mmjsonparse/mmjsonparse.c
+@@ -146,7 +146,7 @@ processJSON(instanceData *pData, msg_t *pMsg, char *buf, size_t lenBuf)
+
+ err = pData->tokener->err;
+ if(err != json_tokener_continue)
+- errMsg = json_tokener_errors[err];
++ errMsg = json_tokener_error_desc(err);
+ else
+ errMsg = "Unterminated input";
+ } else if((size_t)pData->tokener->char_offset < lenBuf)
+--
+1.9.1
+
diff --git a/app-admin/rsyslog/files/7-stable/rsyslog.conf b/app-admin/rsyslog/files/7-stable/rsyslog.conf
new file mode 100644
index 0000000..da48459
--- /dev/null
+++ b/app-admin/rsyslog/files/7-stable/rsyslog.conf
@@ -0,0 +1,61 @@
+# /etc/rsyslog.conf
+#
+# This configuration is based on RainerScript, the new recommended syntax
+# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further
+# details.
+#
+# But if you don't want to learn something new at moment, don't worry: The
+# legacy syntax is still supported.
+#
+# You may want to use the new RSYSLOG configuration builder to create your
+# own more advanced configuration: http://www.rsyslog.com/rsyslog-configuration-builder/
+
+# Check config syntax on startup and abort if unclean (default: off)
+#$AbortOnUncleanConfig on
+
+
+###############
+### MODULES ###
+###############
+
+# Read syslog messages from default Unix socket /dev/log (e.g. via logger command)
+module(load="imuxsock")
+
+# Read messages from the kernel log and submits them to the syslog engine
+module(load="imklog")
+
+# Inject "--MARK--" messages every $Interval (seconds)
+#module(load="immark" Interval="600")
+
+# Read syslog messages from UDP
+#module(load="imudp")
+#input(type="imudp" port="514")
+
+# Read syslog messages from TCP
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+#########################
+### GLOBAL DIRECTIVES ###
+#########################
+
+# Where to place spool and state files
+$WorkDirectory /var/spool/rsyslog
+
+# Reduce repeating messages (default: off)
+#$RepeatedMsgReduction on
+
+# Set defaults for every output file
+$Umask 0022
+
+module(
+ load="builtin:omfile"
+ Template="RSYSLOG_TraditionalFileFormat"
+ FileCreateMode="0644"
+ DirCreateMode="0755"
+)
+
+
+# Include all conf files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
diff --git a/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1 b/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1
new file mode 100644
index 0000000..d8cbe87
--- /dev/null
+++ b/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1
@@ -0,0 +1,30 @@
+# /etc/conf.d/rsyslog
+
+# Configuration file
+RSYSLOG_CONFIGFILE="/etc/rsyslog.conf"
+
+# PID file
+# If you should ever change this, remember to update
+# "/etc/logrotate.d/rsyslog", too.
+RSYSLOG_PIDFILE="/run/rsyslogd.pid"
+
+# You can use this configuration option to pass additional options to the
+# start-stop-daemon, see start-stop-daemon(8) for more details.
+# Per default we wait 1000ms after we have started the service to ensure
+# that the daemon is really up and running.
+RSYSLOG_SSDARGS="--wait 1000"
+
+# The termination timeout (start-stop-daemon parameter "retry") ensures
+# that the service will be terminated within a given time (60 + 5 seconds
+# per default) when you are stopping the service.
+# You need to increase the value when you are working with a large queue.
+# See http://www.rsyslog.com/doc/queues.html for further information.
+RSYSLOG_TERMTIMEOUT="TERM/60/KILL/5"
+
+
+# Options to rsyslogd
+# See rsyslogd(8) for more details
+# Notes:
+# * Do not specify another PIDFILE but use the variable above to change the location
+# * Do not specify another CONFIGFILE but use the variable above to change the location
+RSYSLOG_OPTS=""
diff --git a/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1 b/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1
new file mode 100644
index 0000000..bc326f4
--- /dev/null
+++ b/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1
@@ -0,0 +1,69 @@
+#!/sbin/runscript
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+RSYSLOG_CONFIGFILE=${RSYSLOG_CONFIGFILE:-"/etc/rsyslog.conf"}
+RSYSLOG_PIDFILE=${RSYSLOG_PIDFILE:-"/run/rsyslogd.pid"}
+
+command="/usr/sbin/rsyslogd"
+command_args="${RSYSLOG_OPTS} -f ${RSYSLOG_CONFIGFILE} -i ${RSYSLOG_PIDFILE}"
+start_stop_daemon_args="${RSYSLOG_SSDARGS}"
+pidfile="${RSYSLOG_PIDFILE}"
+retry="${RSYSLOG_TERMTIMEOUT}"
+
+required_files=( "${RSYSLOG_CONFIGFILE}" )
+
+description="RSYSLOG is the rocket-fast system for log processing (syslog replacement)."
+
+extra_commands="configtest"
+extra_started_commands="rotate"
+
+description_configtest="Run rsyslogd's internal config check."
+
+description_rotate="Sends rsyslogd a signal to re-open its log files."
+
+depend() {
+ need clock hostname localmount
+ provide logger
+}
+
+start_pre() {
+ if [ "${RC_CMD}" != "restart" ]; then
+ configtest || return 1
+ fi
+}
+
+stop_pre() {
+ if [ "${RC_CMD}" = "restart" ]; then
+ configtest || return 1
+ fi
+}
+
+stop_post() {
+ rm -f ${RSYSLOG_PIDFILE}
+}
+
+configtest() {
+ # This will currently only detect fatal errors
+ # See https://github.com/rsyslog/rsyslog/issues/79
+
+ local _test_command="${command} -N 999 -f ${RSYSLOG_CONFIGFILE}"
+ local _retval=0
+
+ ebegin "Checking rsyslogd's configuration"
+ ${_test_command} &>/dev/null
+ _retval=$?
+
+ if [ ${_retval} -ne 0 ]; then
+ ${_test_command}
+ fi
+
+ eend ${_retval} "failed, please correct errors above"
+}
+
+rotate() {
+ ebegin "Re-opening rsyslogd logs"
+ start-stop-daemon --signal SIGHUP --pidfile "${RSYSLOG_PIDFILE}"
+ eend $?
+}
diff --git a/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1 b/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1
new file mode 100644
index 0000000..1eae30e
--- /dev/null
+++ b/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1
@@ -0,0 +1,37 @@
+# Uncomment the following directive if you have re-enabled
+# "/var/log/syslog" in "/etc/rsyslog.d/50-default.conf"
+#/var/log/syslog
+#{
+# rotate 7
+# daily
+# missingok
+# notifempty
+# delaycompress
+# compress
+# postrotate
+# test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
+# endscript
+#}
+
+/var/log/auth.log
+/var/log/cron.log
+/var/log/daemon.log
+/var/log/kern.log
+/var/log/lpr.log
+/var/log/mail.log
+/var/log/news.log
+/var/log/user.log
+/var/log/debug.log
+/var/log/messages
+{
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
+ endscript
+}
diff --git a/app-admin/rsyslog/metadata.xml b/app-admin/rsyslog/metadata.xml
new file mode 100644
index 0000000..6f23de3
--- /dev/null
+++ b/app-admin/rsyslog/metadata.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>ultrabug@gentoo.org</email>
+ <name>Ultrabug</name>
+ <description>Primary Maintainer</description>
+ </maintainer>
+ <maintainer>
+ <email>whissi@whissi.de</email>
+ <name>Thomas D. (Whissi)</name>
+ <description>Proxy-Maintainer, CC. bugs</description>
+ </maintainer>
+ <use>
+ <flag name="dbi">Build the general database output module (requires <pkg>dev-db/libdbi</pkg>)</flag>
+ <flag name="elasticsearch">Build the Elasticsearch output module (requires <pkg>net-misc/curl</pkg>)</flag>
+ <flag name="extras">Add support for the UDP spoofing module (omudpspoof) using <pkg>net-libs/libnet</pkg></flag>
+ <flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag>
+ <flag name="kerberos">Build the GSSAPI input and output module (requires <pkg>virtual/krb5</pkg>)</flag>
+ <flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag>
+ <flag name="mysql">Build the MySQL databse output module (requires <pkg>virtual/mysql</pkg>)</flag>
+ <flag name="normalize">Build the normalize modify module (requires <pkg>dev-libs/libee</pkg> and <pkg>dev-libs/liblognorm</pkg>)</flag>
+ <flag name="omudpspoof">Build the udpspoof output module (requires <pkg>net-libs/libnet</pkg>)</flag>
+ <flag name="oracle">Build the Oracle database output module (requires <pkg>dev-db/oracle-instantclient-basic</pkg>)</flag>
+ <flag name="postgres">Build the PostgreSQL database output module (requires <pkg>dev-db/postgresql-base</pkg>)</flag>
+ <flag name="rabbitmq">Build the RabbitMQ output module (requires <pkg>net-libs/rabbitmq-c</pkg>)</flag>
+ <flag name="redis">Build the Redis output module using (requires <pkg>dev-libs/hiredis</pkg>)</flag>
+ <flag name="relp">Build the Reliable Event Logging Protocol (RELP) output module (requires <pkg>dev-libs/librelp</pkg>)</flag>
+ <flag name="rfc3195">Build the rfc3195 input module (requires <pkg>dev-libs/liblogging</pkg>)</flag>
+ <flag name="rfc5424hmac">Build the rfc5424hmac modify module (requires <pkg>dev-libs/openssl</pkg>)</flag>
+ <flag name="snmp">Build the snmp modify and output module (requires <pkg>net-analyzer/net-snmp</pkg>)</flag>
+ <flag name="ssl">Add support for encrypted client/server communication (requires <pkg>net-libs/gnutls</pkg>)</flag>
+ <flag name="systemd">Build the journal input and output module (requires <pkg>sys-apps/systemd</pkg>)</flag>
+ <flag name="usertools">Installs the user tools (rsgtutil, rscryutil...) corresponding to the set USE flags</flag>
+ <flag name="zeromq">Build the ZeroMQ input and output modules (requires <pkg>net-libs/zeromq</pkg>)</flag>
+ </use>
+ <upstream>
+ <bugs-to>https://github.com/rsyslog/rsyslog/issues</bugs-to>
+ <remote-id type="cpe">cpe:/a:rsyslog:rsyslog</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/app-admin/rsyslog/rsyslog-7.6.3.ebuild b/app-admin/rsyslog/rsyslog-7.6.3.ebuild
new file mode 100644
index 0000000..c73667a
--- /dev/null
+++ b/app-admin/rsyslog/rsyslog-7.6.3.ebuild
@@ -0,0 +1,327 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI=5
+AUTOTOOLS_AUTORECONF=1
+
+inherit autotools-utils eutils systemd
+
+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
+HOMEPAGE="http://www.rsyslog.com/"
+SRC_URI="http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-3 LGPL-3 Apache-2.0"
+KEYWORDS="~amd64 ~x86"
+SLOT="0"
+IUSE="dbi debug doc elasticsearch +gcrypt kerberos mongodb mysql normalize omudpspoof oracle postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd usertools zeromq"
+
+RDEPEND="
+ >=dev-libs/json-c-0.11:=
+ >=dev-libs/libestr-0.1.9
+ >=dev-libs/liblogging-1.0.1:=[stdlog]
+ >=sys-libs/zlib-1.2.5
+ dbi? ( >=dev-db/libdbi-0.8.3 )
+ elasticsearch? ( >=net-misc/curl-7.35.0 )
+ gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
+ kerberos? ( virtual/krb5 )
+ mongodb? ( >=dev-libs/libmongo-client-0.1.4 )
+ mysql? ( virtual/mysql )
+ normalize? (
+ >=dev-libs/libee-0.4.0
+ >=dev-libs/liblognorm-0.3.1:=
+ !>=dev-libs/liblognorm-1.0.0
+ )
+ omudpspoof? ( >=net-libs/libnet-1.1.6 )
+ oracle? ( >=dev-db/oracle-instantclient-basic-10.2 )
+ postgres? ( >=dev-db/postgresql-base-8.4.20 )
+ rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0 )
+ redis? ( >=dev-libs/hiredis-0.11.0 )
+ relp? ( >=dev-libs/librelp-1.2.5 )
+ rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
+ rfc5424hmac? ( >=dev-libs/openssl-0.9.8y )
+ snmp? ( >=net-analyzer/net-snmp-5.7.2 )
+ ssl? ( >=net-libs/gnutls-2.12.23 )
+ systemd? ( >=sys-apps/systemd-208 )
+ zeromq? ( >=net-libs/czmq-1.2.0 )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+BRANCH="7-stable"
+
+# Test suite requires a special setup or will always fail
+RESTRICT="test"
+
+# Maitainer note : open a bug to upstream
+# showing that building in a separate dir fails
+AUTOTOOLS_IN_SOURCE_BUILD=1
+
+AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules"
+
+DOCS=(
+ AUTHORS
+ ChangeLog
+ doc/rsyslog-example.conf
+ "${FILESDIR}"/${BRANCH}/README.gentoo
+)
+
+PATCHES=(
+ "${FILESDIR}"/${BRANCH}/${PN}-7.x-mmjsonparse.patch
+ "${FILESDIR}"/${BRANCH}/fix-omruleset-default-value.patch
+ "${FILESDIR}"/${BRANCH}/bugfix_52.patch
+ "${FILESDIR}"/${BRANCH}/bugfix_73.patch
+)
+
+src_configure() {
+ # Maintainer notes:
+ # * Guardtime support is missing because libgt isn't yet available
+ # in portage.
+ # * Hadoop's HDFS file system output module is currently not
+ # supported in Gentoo because nobody is able to test it
+ # (JAVA dependency).
+ # * dev-libs/hiredis doesn't provide pkg-config (see #504614,
+ # upstream PR 129 and 136) so we need to export HIREDIS_*
+ # variables because rsyslog's build system depends on pkg-config.
+
+ if use redis; then
+ export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
+ export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
+ fi
+
+ local myeconfargs=(
+ # Input Plugins without depedencies
+ --enable-imfile
+ --enable-impstats
+ --enable-imptcp
+ --enable-imttcp
+ # Message Modificiation Plugins without depedencies
+ --enable-mmanon
+ --enable-mmaudit
+ --enable-mmcount
+ --enable-mmfields
+ --enable-mmjsonparse
+ --enable-mmpstrucdata
+ --enable-mmsequence
+ --enable-mmutf8fix
+ # Output Modification Plugins without dependencies
+ --enable-mail
+ --enable-omprog
+ --enable-omruleset
+ --enable-omstdout
+ --enable-omuxsock
+ # Misc
+ --enable-pmaixforwardedfrom
+ --enable-pmcisconames
+ --enable-pmlastmsg
+ --enable-pmrfc3164sd
+ --enable-pmsnare
+ --enable-sm_cust_bindcdr
+ # DB
+ $(use_enable dbi libdbi)
+ $(use_enable mongodb ommongodb)
+ $(use_enable mysql)
+ $(use_enable oracle)
+ $(use_enable postgres pgsql)
+ $(use_enable redis omhiredis)
+ # Debug
+ $(use_enable debug)
+ $(use_enable debug diagtools)
+ $(use_enable debug imdiag)
+ $(use_enable debug memcheck)
+ $(use_enable debug rtinst)
+ $(use_enable debug valgrind)
+ # Misc
+ $(use_enable elasticsearch)
+ $(use_enable gcrypt libgcrypt)
+ $(use_enable kerberos gssapi-krb5)
+ $(use_enable normalize mmnormalize)
+ $(use_enable omudpspoof)
+ $(use_enable rabbitmq omrabbitmq)
+ $(use_enable relp)
+ $(use_enable rfc3195)
+ $(use_enable rfc5424hmac mmrfc5424addhmac)
+ $(use_enable snmp)
+ $(use_enable snmp mmsnmptrapd)
+ $(use_enable ssl gnutls)
+ $(use_enable systemd imjournal)
+ $(use_enable systemd omjournal)
+ $(use_enable usertools)
+ $(use_enable zeromq imzmq3)
+ $(use_enable zeromq omzmq3)
+ "$(systemd_with_unitdir)"
+ )
+
+ autotools-utils_src_configure
+}
+
+src_install() {
+ use doc && HTML_DOCS=( "${S}"/doc/ )
+ autotools-utils_src_install
+
+ newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN}
+ newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN}
+
+ keepdir /var/empty/dev
+ keepdir /var/spool/${PN}
+ keepdir /etc/ssl/${PN}
+ keepdir /etc/${PN}.d
+
+ insinto /etc
+ newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
+
+ insinto /etc/rsyslog.d/
+ doins "${FILESDIR}/${BRANCH}/50-default.conf"
+
+ insinto /etc/logrotate.d/
+ newins "${FILESDIR}/${BRANCH}/${PN}.logrotate-r1" ${PN}
+
+ if use mysql; then
+ insinto /usr/share/doc/${PF}/scripts/mysql
+ doins plugins/ommysql/{createDB.sql,contrib/delete_mysql}
+ fi
+
+ if use postgres; then
+ insinto /usr/share/doc/${PF}/scripts/pgsql
+ doins plugins/ompgsql/createDB.sql
+ fi
+}
+
+pkg_postinst() {
+ local advertise_readme=0
+
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
+ # This is a new installation
+
+ advertise_readme=1
+
+ if use mysql || use postgres; then
+ echo
+ elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
+ elog " /usr/share/doc/${PF}/scripts"
+ fi
+
+ if use ssl; then
+ echo
+ elog "To create a default CA and certificates for your server and clients, run:"
+ elog " emerge --config =${PF}"
+ elog "on your logging server. You can run it several times,"
+ elog "once for each logging client. The client certificates will be signed"
+ elog "using the CA certificate generated during the first run."
+ fi
+ fi
+
+ if [[ -z "${REPLACING_VERSIONS}" ]] || [[ ${REPLACING_VERSIONS} < 8.0 ]]; then
+ # Show this message until rsyslog-8.x
+ echo
+ elog "Since ${PN}-7.6.3 we no longer use the catch-all log target"
+ elog "\"/var/log/syslog\" due to its redundancy to the other log targets."
+
+ advertise_readme=1
+ fi
+
+ if [[ ${advertise_readme} -gt 0 ]]; then
+ # We need to show the README file location
+
+ echo ""
+ elog "Please read"
+ elog ""
+ elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
+ elog ""
+ elog "for more details."
+ fi
+}
+
+pkg_config() {
+ if ! use ssl ; then
+ einfo "There is nothing to configure for rsyslog unless you"
+ einfo "used USE=ssl to build it."
+ return 0
+ fi
+
+ # Make sure the certificates directory exists
+ CERTDIR="${EROOT}/etc/ssl/${PN}"
+ if [ ! -d "${CERTDIR}" ]; then
+ mkdir "${CERTDIR}" || die
+ fi
+ einfo "Your certificates will be stored in ${CERTDIR}"
+
+ # Create a default CA if needed
+ if [ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]; then
+ einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
+ certtool --generate-privkey \
+ --outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
+ chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+ cat > "${T}/${PF}.$$" <<- _EOF
+ cn = Portage automated CA
+ ca
+ cert_signing_key
+ expiration_days = 3650
+ _EOF
+
+ certtool --generate-self-signed \
+ --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+ --outfile "${CERTDIR}/${PN}_ca.cert.pem" \
+ --template "${T}/${PF}.$$" &>/dev/null
+ chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+ # Create the server certificate
+ echo
+ einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
+ read -r CN
+
+ einfo "Creating private key and certificate for server ${CN}..."
+ certtool --generate-privkey \
+ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+ chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+ cat > "${T}/${PF}.$$" <<- _EOF
+ cn = ${CN}
+ tls_www_server
+ dns_name = ${CN}
+ expiration_days = 3650
+ _EOF
+
+ certtool --generate-certificate \
+ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+ --template "${T}/${PF}.$$" &>/dev/null
+ chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+ else
+ einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
+ fi
+
+ # Create a client certificate
+ echo
+ einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
+ read -r CN
+
+ einfo "Creating private key and certificate for client ${CN}..."
+ certtool --generate-privkey \
+ --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+ chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+ cat > "${T}/${PF}.$$" <<- _EOF
+ cn = ${CN}
+ tls_www_client
+ dns_name = ${CN}
+ expiration_days = 3650
+ _EOF
+
+ certtool --generate-certificate \
+ --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+ --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+ --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+ --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+ --template "${T}/${PF}.$$" &>/dev/null
+ chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+ rm -f "${T}/${PF}.$$"
+
+ echo
+ einfo "Here is the documentation on how to encrypt your log traffic:"
+ einfo " http://www.rsyslog.com/doc/rsyslog_tls.html"
+}