commit: 2071124e11d18eb9d6da292d059b1dfac3108311 Author: Ultrabug <ultrabug <AT> gentoo <DOT> org> AuthorDate: Tue May 20 13:05:57 2014 +0000 Commit: Alexys Jacob <ultrabug <AT> gentoo <DOT> org> CommitDate: Tue May 20 13:05:57 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=dev/ultrabug.git;a=commit;h=2071124e
add rsyslog wrt bug #501988 --- app-admin/rsyslog/Manifest | 13 + app-admin/rsyslog/files/7-stable/50-default.conf | 95 ++++++ app-admin/rsyslog/files/7-stable/README.gentoo | 36 +++ app-admin/rsyslog/files/7-stable/bugfix_52.patch | 100 +++++++ app-admin/rsyslog/files/7-stable/bugfix_73.patch | 103 +++++++ .../7-stable/fix-omruleset-default-value.patch | 25 ++ .../files/7-stable/rsyslog-7.x-mmjsonparse.patch | 26 ++ app-admin/rsyslog/files/7-stable/rsyslog.conf | 61 ++++ app-admin/rsyslog/files/7-stable/rsyslog.confd-r1 | 30 ++ app-admin/rsyslog/files/7-stable/rsyslog.initd-r1 | 69 +++++ .../rsyslog/files/7-stable/rsyslog.logrotate-r1 | 37 +++ app-admin/rsyslog/metadata.xml | 41 +++ app-admin/rsyslog/rsyslog-7.6.3.ebuild | 327 +++++++++++++++++++++ 13 files changed, 963 insertions(+) diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest new file mode 100644 index 0000000..d06c4dd --- /dev/null +++ b/app-admin/rsyslog/Manifest @@ -0,0 +1,13 @@ +AUX 7-stable/50-default.conf 1701 SHA256 61c1dd1450f574a21a8d8375faaf3e42f9856df91011150ff13c0cfddc86ed41 SHA512 33e4e63239b9112fec1a37115ac80ab8dbd6e7189d9d29b1bc743c433e0124ea0d1a4cf6f7ada9e5b92e9b0025b6617a1a16f4c491e743bbf4327a5f376a1ea9 WHIRLPOOL d33b83bb690e78b5e5f7cfc090d21da03615c891a287b1f3a92a51514dcad1f5dfe8d2ceed867b3007768d47f48d207fac43a1ff33a85b24c21a5531cdf9d311 +AUX 7-stable/README.gentoo 1126 SHA256 29b4c68f521f2f1f138f44c4635da1a270fed9cbd4a780569754080987aa777c SHA512 46fdf3350e2005d3ef588d50dfc6d474a1b5d3010329b656879a43cbbd7be0cd91944b88d3838f45f69c830fc28c42e7fac2cd52e0a4b24bb6780562d59ae384 WHIRLPOOL a1a3ec8b887110a01e8c1c1320f25493dd8ff343e4b08780c30c9bc3bb842afa0ef79db08195db876697c1a69807f49a8b3793609d25f78559fa534507fc195e +AUX 7-stable/bugfix_52.patch 3776 SHA256 756f7630fa2c14d9605ce560f608acdc66277abb4592feec11dc05ef9ecc01cc SHA512 1b4fb7efd2a9e3a5b16003124e63ff5434512d9d103d938d2cfaf9ceb6087bad83d5141c21bd1d13b8dad7c67b58e0359fc836dc8263652eafd5404d181b0a4f WHIRLPOOL f0062ca640e11957da6621d8e73189e6be9eca275adfff32e3f701235682535cc42d34709a9c912541764af3d74073afd82c8d8048a3521eab9b70f8198ea02d +AUX 7-stable/bugfix_73.patch 3575 SHA256 f621d578f730c8d633e42af977077f3c67e894acd4e8c7702dd6a41e85232062 SHA512 67996a804673214e4c23ceaf8c0092a1cf8288024180c047b96b773ee55db05e95b8da4b73ea0db5cdfabc8b49a632d6b313cf54dad23a80d9fd1bf243590971 WHIRLPOOL 371ded4813d1f3b65e570eefd366c1ca9ffabf38b1b5b5b80d6d632b3574bea272a8a802ec2b956d69359ac8f44c5b66d0c0ed66d898dbe96784a9090c4585a3 +AUX 7-stable/fix-omruleset-default-value.patch 834 SHA256 9b9506a1141ef8619ba98e4bb8e2c8ad23e6a51e64d971db8ee461c073ef1ae0 SHA512 64113caf4ec31100f1ad4dbfef27ac39e6be09f0560b1a77ad54b2c7aaf8469780b4ba17ef892cbcf80931a4d7070b40b4ca22265553568d2302eaf5ab976e5e WHIRLPOOL 7aa020772813d2611c90f7605497ece6f1ed32c1e3b75f0fc7360492186dfe0b522275d128c185013c1849b64c7c1550f1752397239609f18583a475f44361cf +AUX 7-stable/rsyslog-7.x-mmjsonparse.patch 952 SHA256 8db6b4c0001ae53306ceb685ef245c6978e143c71c9642e634cbed98e6d2dde8 SHA512 4446349f75ff5726d1bffe261f607dd8710c31d1254925928ffcc825a0f86d96b281962150bfa8e85846b94610d0a15f0932ef6b041d390bd4402657ad0f47b7 WHIRLPOOL 1ba7a6db2cb753953f0ae8e701a9b7150b99bf553b653ba2b82c6f6d1bf76461efa1cbfb1d026e5e459069cbfc6e868d46743e38c9a01583b1ff4f7a4225ed69 +AUX 7-stable/rsyslog.conf 1562 SHA256 fc70a94213b5eb519febf9aa7d758ee9526433bcc5683bcb7451d16e65a2f5b0 SHA512 1720174fab020e2de590f3d6bbb03784aca1928fe05f7e75e02fb4597cb8b2ee755e6deb8e8f989060511044ae483f791f496f24e0eecaf27eb9e0b5e20a2c7a WHIRLPOOL 97cf3fdee62a9339b412ebe93b71b2d6804df60aad9cb7e71779fcaddb01d489e38bbb353557864ea38aba384e664e6da636812c3c078ed9e22e261ed7b78cba +AUX 7-stable/rsyslog.confd-r1 1140 SHA256 f0b15a0334f6177a6cf23cb9b169302c75745dc30857f24a7d11892feb6b1ee4 SHA512 8501be8d0abc166994863db61afa5a4ef120aaec601d86fb71711b557741d39b29b96a4d688e7af6ad8d5d15a1257821ca299c5f7391f2ce66cd95e33ea2ff7c WHIRLPOOL 0a3617defa10acfa693a3339e1f7ec69c9272b44aac6fda30b49452f32ea7037743acfd871cea025f1e584639725588286056db6e17663c2806ed47088600d35 +AUX 7-stable/rsyslog.initd-r1 1597 SHA256 30615d3d29155675e09fa1082a5851fb6e260e1f914d899b7fd23430a2b95249 SHA512 5dd92f557831e6ecd9c6acfea2a7168fbc40cca10c7dd9241097c58dd7369e39fab7c7f988d0e4450c258c18886e3769715d0b6feb632023daa8f6d178cae18f WHIRLPOOL 61ca87c8f21ccbabc449fe0dc4743cbaa259a12e903ae8ba5c01b04e7a21dc867fc37334350c78e1d3a5a2c7233b880c6affe00f205384c57fe79e0ed3a1512a +AUX 7-stable/rsyslog.logrotate-r1 682 SHA256 89cc8f13c1f7a3ae446b40da7b31cdf471e2c9e2d3d5b8f48e524f7a82fbff89 SHA512 6c58abd2f02157177a61695f53eccbf201c514821b0c551a4812621e8d3dd2da9b5cd651d93860cb51ebdbdc7056d0ef0dde99c2a57ac3c43aa968a141805912 WHIRLPOOL 9d29c2c9351252887c3dad78962df942bb1cd7387eb44e3c98764319f82d90c42d255a5642c55bb37811fb903e1c5314ca536bc9d32ccfd0535f0579f4e25ff0 +DIST rsyslog-7.6.3.tar.gz 3052448 SHA256 013359035f8b6e5a4328edaffbda1120974accaba36ddc5de66a582fa588f5ec SHA512 f5bafbf7e40011e583a01d20beb1a98b78512cd537128c8f925c27b1906b22471b98d11e58c41256570fc205ec7ca756219d5cf44041ffe4e613fbd802d1f309 WHIRLPOOL 23719d6451eec4d21b022dfc2701726a00adeb132f8fe7e93826fba8693edbf949d7b6a9f3fac358482ee86b65fbccfd25330a6bbbd522e92bfc659bf01ec243 +EBUILD rsyslog-7.6.3.ebuild 9198 SHA256 e477a6511cc50f29d0a124ff6c071ef3d44929b2366d4157f6c021a9cbd1e5be SHA512 04eb75d3667b357091e4189d258c45a71b7806df0edc4c3f17228e7253740e22337f93e682854ed15df17afd96bb6df0726e94c4b6974e1d9c6b718589534c80 WHIRLPOOL 4880f7e37d0a8651645958c5139dbf741f47e17ac3c8cd5448783c5392bf4d7071d30347d9d42fd8ce3063387053bc3bb4200e13bcceb5e7f94b8ac50f4bd35a +MISC metadata.xml 2941 SHA256 3d75473e17679907bf3170ec29f377f6eac2ee67408685015de41584713a68c1 SHA512 57b479b75864889ce2b143921c7e717229ba88f1eb470db0c6d2b151a5061b2b6fc5138b50c6e96c1d715ac0d05d48ed4c34375d42c0ea9cc3703c4f92625c44 WHIRLPOOL 70bfd3127b8f630e009d5226de5fc39b42a6f188069f68aead8986661516b171879bccb82cf1d444c150dd004cddddf9402e60e2d3ce43f1108171ffe84ec304 diff --git a/app-admin/rsyslog/files/7-stable/50-default.conf b/app-admin/rsyslog/files/7-stable/50-default.conf new file mode 100644 index 0000000..9ae8578 --- /dev/null +++ b/app-admin/rsyslog/files/7-stable/50-default.conf @@ -0,0 +1,95 @@ +####################### +### DEFAULT ACTIONS ### +####################### + +auth,authpriv.* action( + type="omfile" + File="/var/log/auth.log" + FileCreateMode="0600" + FileOwner="root" + FileGroup="adm" + Sync="off" +) + +cron.* action( + type="omfile" + File="/var/log/cron.log" + FileOwner="root" + FileGroup="adm" +) + +daemon.* action( + type="omfile" + File="/var/log/daemon.log" + FileOwner="root" + FileGroup="adm" +) + +kern.* action( + type="omfile" + File="/var/log/kern.log" + FileOwner="root" + FileGroup="adm" +) + +lpr.* action( + type="omfile" + File="/var/log/lpr.log" + FileOwner="root" + FileGroup="adm" +) + +mail.* action( + type="omfile" + File="/var/log/mail.log" + FileOwner="root" + FileGroup="adm" +) + +news.* action( + type="omfile" + File="/var/log/news.log" + FileOwner="root" + FileGroup="adm" +) + +user.* action( + type="omfile" + File="/var/log/user.log" + FileOwner="root" + FileGroup="adm" +) + +*.=debug;auth,authpriv,news,mail.none action( + type="omfile" + File="/var/log/debug.log" + FileOwner="root" + FileGroup="adm" +) + +*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action( + type="omfile" + File="/var/log/messages" + FileOwner="root" + FileGroup="adm" +) + +# Uncomment the following directive to re-enable the +# deprecated "/var/log/syslog" log file (don't forget to re-enable log +# rotation in "/etc/logrotate.d/rsyslog" if you do that!) +#*.*;auth,authpriv.none action( +# type="omfile" +# File="/var/log/syslog" +# FileOwner="root" +# FileGroup="adm" +#) + +*.emerg action( + type="omusrmsg" + Users="*" + action.execOnlyOnceEveryInterval="10" +) + +# Create an additional socket for the default chroot location +# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744) +input(type="imuxsock" Socket="/var/empty/dev/log") diff --git a/app-admin/rsyslog/files/7-stable/README.gentoo b/app-admin/rsyslog/files/7-stable/README.gentoo new file mode 100644 index 0000000..9f0666c --- /dev/null +++ b/app-admin/rsyslog/files/7-stable/README.gentoo @@ -0,0 +1,36 @@ +Introduction +============ + +Since rsyslog version 7.6 we are shipping a new default Gentoo +configuration. See bug #501982 to learn more about what we were trying to +achieve by rewriting the entire configuration. + + +Important changes +================= + +1. "/var/log/syslog" log file is now deprecated + + Beginning with rsyslog-7.6, the "/var/log/syslog" log file will no + longer being written per default. We are considering this file as + deprecated/obsolet for the typical user/system. + The content from this log file is still availble through other + (dedicated) log files, see + + - /var/log/cron.log + - /var/log/daemon.log + - /var/log/mail.log + - /var/log/messages + + If you really need the old "/var/log/syslog" log file, all you have to + do is uncommenting the corresponding configuration directive in + "/etc/rsyslog.d/50-default.conf". + + If you do so, don't forget to re-enable log rotation in + "/etc/logrotate.d/rsyslog", too. + + +2. An additional input socket in "/var/empty/dev/log" (default chroot + location) will be created per default + + See bug #490744 for further details. diff --git a/app-admin/rsyslog/files/7-stable/bugfix_52.patch b/app-admin/rsyslog/files/7-stable/bugfix_52.patch new file mode 100644 index 0000000..f5da7b9 --- /dev/null +++ b/app-admin/rsyslog/files/7-stable/bugfix_52.patch @@ -0,0 +1,100 @@ +From b017e29aad70702c69e6016b07a932b7825a83e5 Mon Sep 17 00:00:00 2001 +From: Thomas D <whi...@whissi.de> +Date: Sat, 3 May 2014 14:45:25 +0200 +Subject: [PATCH] Remove "--enable-cached-man-pages" switch and make rst2man + optional when required man pages already exist + +This commit backports the bugfix for issue #52 for the v7-stable branch. +--- + configure.ac | 61 +++++++++++++++++++++++++++++++++++------------------------- + 1 file changed, 36 insertions(+), 25 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 0dd40c2..07d96dd 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1087,30 +1087,6 @@ fi + AM_CONDITIONAL(ENABLE_GUARDTIME, test x$enable_guardtime = xyes) + + +-# Support using cached man file copies, to avoid the need for rst2man +-# in the build environment +-AC_ARG_ENABLE(cached_man_pages, +- [AS_HELP_STRING([--enable-cached-man-pages],[Enable using cached versions of man files (avoid rst2man) @<:@default=no@:>@])], +- [case "${enableval}" in +- yes) enable_cached_man_pages="yes" ;; +- no) enable_cached_man_pages="no" ;; +- *) AC_MSG_ERROR(bad value ${enableval} for --enable-cached-man-pages) ;; +- esac], +- [enable_cached_man_pages=no] +-) +-if test "x$enable_cached_man_pages" = "xno"; then +-# obtain path for rst2man +- if test "x$enable_libgcrypt" = "xyes" || \ +- test "x$enable_guardtime" = "xyes"; then +- AC_PATH_PROG([RST2MAN], [rst2man]) +- if test "x${RST2MAN}" == "x"; then +- AC_MSG_FAILURE([rst2man not found in PATH]) +- fi +- fi +-fi +- +- +- + # RFC 3195 support + AC_ARG_ENABLE(rfc3195, + [AS_HELP_STRING([--enable-rfc3195],[Enable RFC3195 support @<:@default=no@:>@])], +@@ -1519,6 +1495,41 @@ AM_CONDITIONAL(ENABLE_OMHIREDIS, test x$enable_omhiredis = xyes) + + # END HIREDIS SUPPORT + ++ ++AC_CHECKING([if required man pages already exist]) ++have_to_generate_man_pages="no" ++ ++# man pages for libgcrypt module ++if test "x$enable_usertools" = "xyes" && test "x$enable_libgcrypt" = "xyes"; then ++ AC_CHECK_FILES(["tools/rscryutil.1" "tools/rsgtutil.1"], ++ [], ++ [have_to_generate_man_pages="yes"] ++ ) ++fi ++ ++# man pages for GuardTime module ++if test "x$enable_usertools" = "xyes" && test "x$enable_guardtime" = "xyes"; then ++ AC_CHECK_FILES(["tools/rscryutil.1" "tools/rsgtutil.1"], ++ [], ++ [have_to_generate_man_pages="yes"] ++ ) ++fi ++ ++if test "x$have_to_generate_man_pages" = "xyes"; then ++ AC_MSG_RESULT([Some man pages are missing. We need rst2man to generate the missing man pages from source...]) ++else ++ AC_MSG_RESULT([All required man pages found. We don't need rst2man!]) ++fi ++ ++if test "x$have_to_generate_man_pages" = "xyes"; then ++ # We need rst2man to generate our man pages ++ AC_CHECK_PROGS([RST2MAN], [rst2man rst2man.py], []) ++ if test -z "$RST2MAN"; then ++ AC_MSG_ERROR([rst2man is required to build man pages. You can use the release tarball with pregenerated man pages to avoid this depedency.]) ++ fi ++fi ++ ++ + AC_CONFIG_FILES([Makefile \ + runtime/Makefile \ + compat/Makefile \ +@@ -1594,7 +1605,7 @@ echo " Zlib compression support enabled: $enable_zlib" + echo " rsyslog runtime will be built: $enable_rsyslogrt" + echo " rsyslogd will be built: $enable_rsyslogd" + echo " GUI components will be built: $enable_gui" +-echo " cached man files will be used: $enable_cached_man_pages" ++echo " have to generate man pages: $have_to_generate_man_pages" + echo " Unlimited select() support enabled: $enable_unlimited_select" + echo " uuid support enabled: $enable_uuid" + echo " Log file signing support: $enable_guardtime" +-- +1.9.2 + diff --git a/app-admin/rsyslog/files/7-stable/bugfix_73.patch b/app-admin/rsyslog/files/7-stable/bugfix_73.patch new file mode 100644 index 0000000..cc295d6 --- /dev/null +++ b/app-admin/rsyslog/files/7-stable/bugfix_73.patch @@ -0,0 +1,103 @@ +This patch will update the pre-generated rscryutil man page from the release +tarball so we don't need to depend on dev-python/docutils. + +https://github.com/rsyslog/rsyslog/issues/73 + +diff -rupN old/rsyslog-7.6.3/tools/rscryutil.1 new/rsyslog-7.6.3/tools/rscryutil.1 +--- old/rsyslog-7.6.3/tools/rscryutil.1 2013-10-29 16:31:21.000000000 +0100 ++++ new/rsyslog-7.6.3/tools/rscryutil.1 2014-05-03 20:41:46.143825094 +0200 +@@ -1,4 +1,4 @@ +-.\" Man page generated from reStructeredText. ++.\" Man page generated from reStructuredText. + . + .TH RSCRYUTIL 1 "2013-04-15" "" "" + .SH NAME +@@ -31,12 +31,16 @@ level margin: \\n[rst2man-indent\\n[rst2 + .in \\n[rst2man-indent\\n[rst2man-indent-level]]u + .. + .SH SYNOPSIS ++.INDENT 0.0 ++.INDENT 3.5 + .sp + .nf + .ft C + rscryutil [OPTIONS] [FILE] ... + .ft P + .fi ++.UNINDENT ++.UNINDENT + .SH DESCRIPTION + .sp + This tool performs various operations on encrypted log files. +@@ -44,46 +48,46 @@ Most importantly, it provides the abilit + .SH OPTIONS + .INDENT 0.0 + .TP +-.B \-d, \-\-decrypt ++.B \-d\fP,\fB \-\-decrypt + Select decryption mode. This is the default mode. + .TP +-.BI \-W, \-\-write\-keyfile \ <file> ++.BI \-W\fP,\fB \-\-write\-keyfile \ <file> + Utility function to write a key to a keyfile. The key can be obtained + via any method. + .TP +-.B \-v, \-\-verbose ++.B \-v\fP,\fB \-\-verbose + Select verbose mode. + .TP +-.B \-f, \-\-force ++.B \-f\fP,\fB \-\-force + Forces operations that otherwise would fail. + .TP +-.BI \-k, \-\-keyfile \ <file> ++.BI \-k\fP,\fB \-\-keyfile \ <file> + Reads the key from <file>. File _must_ contain the key, only, no headers + or other meta information. Keyfiles can be generated via the + \fI\-\-write\-keyfile\fP option. + .TP +-.BI \-p, \-\-key\-program \ <path\-to\-program> ++.BI \-p\fP,\fB \-\-key\-program \ <path\-to\-program> + In this mode, the key is provided by a so\-called "key program". This program + is executed and must return the key to (as well as some meta information) + via stdout. The core idea of key programs is that using this interface the + user can implement as complex (and secure) method to obtain keys as + desired, all without the need to make modifications to rsyslog. + .TP +-.BI \-K, \-\-key \ <KEY> ++.BI \-K\fP,\fB \-\-key \ <KEY> + TESTING AID, NOT FOR PRODUCTION USE. This uses the KEY specified + on the command line. This is the actual key, and as such this mode + is highly insecure. However, it can be useful for intial testing + steps. This option may be removed in the future. + .TP +-.BI \-a, \-\-algo \ <algo> ++.BI \-a\fP,\fB \-\-algo \ <algo> + Sets the encryption algorightm (cipher) to be used. See below + for supported algorithms. The default is "AES128". + .TP +-.BI \-m, \-\-mode \ <mode> ++.BI \-m\fP,\fB \-\-mode \ <mode> + Sets the ciphermode to be used. See below for supported modes. + The default is "CBC". + .TP +-.BI \-r, \-\-generate\-random\-key \ <bytes> ++.BI \-r\fP,\fB \-\-generate\-random\-key \ <bytes> + Generates a random key of length <bytes>. This option is + meant to be used together with \fI\-\-write\-keyfile\fP (and it is hard + to envision any other valid use for it). +@@ -97,7 +101,7 @@ multiple operations mode are set on the + unpredictable. + .SS decrypt + .sp +-The provided log files are decrypted. Note that the \fI.encinfo\fP side files ++The provided log files are decrypted. Note that the \fI\&.encinfo\fP side files + must exist and be accessible in order for decryption to to work. + .SS write\-keyfile + .sp +@@ -198,5 +202,4 @@ LGPLv2. + .SH AUTHOR + Rainer Gerhards <rgerha...@adiscon.com> + .\" Generated by docutils manpage writer. +-.\" + . diff --git a/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch b/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch new file mode 100644 index 0000000..816471c --- /dev/null +++ b/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch @@ -0,0 +1,25 @@ +From 14f3b45151864aa4170de515f406a69ad2931eba Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards <rgerha...@adiscon.com> +Date: Thu, 31 Oct 2013 18:21:47 +0100 +Subject: [PATCH] module omruleset is no longer enabled by default. + +Note that it has been deprecated in v7 and been replaced by the "call" +statement. Also, it can still be build without problems, the option must +just explicitely be given. +--- +diff --git a/configure.ac b/configure.ac +index 3abd559..de4c3ea 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1353,7 +1353,7 @@ AC_ARG_ENABLE(omruleset, + no) enable_omruleset="no" ;; + *) AC_MSG_ERROR(bad value ${enableval} for --enable-omruleset) ;; + esac], +- [enable_omruleset=yes] ++ [enable_omruleset=no] + ) + AM_CONDITIONAL(ENABLE_OMRULESET, test x$enable_omruleset = xyes) + +-- +1.9.1 + diff --git a/app-admin/rsyslog/files/7-stable/rsyslog-7.x-mmjsonparse.patch b/app-admin/rsyslog/files/7-stable/rsyslog-7.x-mmjsonparse.patch new file mode 100644 index 0000000..ad5c8ea --- /dev/null +++ b/app-admin/rsyslog/files/7-stable/rsyslog-7.x-mmjsonparse.patch @@ -0,0 +1,26 @@ +From d6f5d5aae579455badb2d546f8ef292956720824 Mon Sep 17 00:00:00 2001 +From: Thomas D <whi...@whissi.de> +Date: Tue, 15 Apr 2014 17:56:05 +0200 +Subject: [PATCH] Fix for https://github.com/rsyslog/rsyslog/issues/61 + +Based on Maxim Koltsov proposed patch from https://bugs.gentoo.org/show_bug.cgi?id=507730 +--- + plugins/mmjsonparse/mmjsonparse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/mmjsonparse/mmjsonparse.c b/plugins/mmjsonparse/mmjsonparse.c +index b16aef0..a5bfaa2 100644 +--- a/plugins/mmjsonparse/mmjsonparse.c ++++ b/plugins/mmjsonparse/mmjsonparse.c +@@ -146,7 +146,7 @@ processJSON(instanceData *pData, msg_t *pMsg, char *buf, size_t lenBuf) + + err = pData->tokener->err; + if(err != json_tokener_continue) +- errMsg = json_tokener_errors[err]; ++ errMsg = json_tokener_error_desc(err); + else + errMsg = "Unterminated input"; + } else if((size_t)pData->tokener->char_offset < lenBuf) +-- +1.9.1 + diff --git a/app-admin/rsyslog/files/7-stable/rsyslog.conf b/app-admin/rsyslog/files/7-stable/rsyslog.conf new file mode 100644 index 0000000..da48459 --- /dev/null +++ b/app-admin/rsyslog/files/7-stable/rsyslog.conf @@ -0,0 +1,61 @@ +# /etc/rsyslog.conf +# +# This configuration is based on RainerScript, the new recommended syntax +# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further +# details. +# +# But if you don't want to learn something new at moment, don't worry: The +# legacy syntax is still supported. +# +# You may want to use the new RSYSLOG configuration builder to create your +# own more advanced configuration: http://www.rsyslog.com/rsyslog-configuration-builder/ + +# Check config syntax on startup and abort if unclean (default: off) +#$AbortOnUncleanConfig on + + +############### +### MODULES ### +############### + +# Read syslog messages from default Unix socket /dev/log (e.g. via logger command) +module(load="imuxsock") + +# Read messages from the kernel log and submits them to the syslog engine +module(load="imklog") + +# Inject "--MARK--" messages every $Interval (seconds) +#module(load="immark" Interval="600") + +# Read syslog messages from UDP +#module(load="imudp") +#input(type="imudp" port="514") + +# Read syslog messages from TCP +#module(load="imtcp") +#input(type="imtcp" port="514") + + +######################### +### GLOBAL DIRECTIVES ### +######################### + +# Where to place spool and state files +$WorkDirectory /var/spool/rsyslog + +# Reduce repeating messages (default: off) +#$RepeatedMsgReduction on + +# Set defaults for every output file +$Umask 0022 + +module( + load="builtin:omfile" + Template="RSYSLOG_TraditionalFileFormat" + FileCreateMode="0644" + DirCreateMode="0755" +) + + +# Include all conf files in /etc/rsyslog.d/ +$IncludeConfig /etc/rsyslog.d/*.conf diff --git a/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1 b/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1 new file mode 100644 index 0000000..d8cbe87 --- /dev/null +++ b/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1 @@ -0,0 +1,30 @@ +# /etc/conf.d/rsyslog + +# Configuration file +RSYSLOG_CONFIGFILE="/etc/rsyslog.conf" + +# PID file +# If you should ever change this, remember to update +# "/etc/logrotate.d/rsyslog", too. +RSYSLOG_PIDFILE="/run/rsyslogd.pid" + +# You can use this configuration option to pass additional options to the +# start-stop-daemon, see start-stop-daemon(8) for more details. +# Per default we wait 1000ms after we have started the service to ensure +# that the daemon is really up and running. +RSYSLOG_SSDARGS="--wait 1000" + +# The termination timeout (start-stop-daemon parameter "retry") ensures +# that the service will be terminated within a given time (60 + 5 seconds +# per default) when you are stopping the service. +# You need to increase the value when you are working with a large queue. +# See http://www.rsyslog.com/doc/queues.html for further information. +RSYSLOG_TERMTIMEOUT="TERM/60/KILL/5" + + +# Options to rsyslogd +# See rsyslogd(8) for more details +# Notes: +# * Do not specify another PIDFILE but use the variable above to change the location +# * Do not specify another CONFIGFILE but use the variable above to change the location +RSYSLOG_OPTS="" diff --git a/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1 b/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1 new file mode 100644 index 0000000..bc326f4 --- /dev/null +++ b/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1 @@ -0,0 +1,69 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +RSYSLOG_CONFIGFILE=${RSYSLOG_CONFIGFILE:-"/etc/rsyslog.conf"} +RSYSLOG_PIDFILE=${RSYSLOG_PIDFILE:-"/run/rsyslogd.pid"} + +command="/usr/sbin/rsyslogd" +command_args="${RSYSLOG_OPTS} -f ${RSYSLOG_CONFIGFILE} -i ${RSYSLOG_PIDFILE}" +start_stop_daemon_args="${RSYSLOG_SSDARGS}" +pidfile="${RSYSLOG_PIDFILE}" +retry="${RSYSLOG_TERMTIMEOUT}" + +required_files=( "${RSYSLOG_CONFIGFILE}" ) + +description="RSYSLOG is the rocket-fast system for log processing (syslog replacement)." + +extra_commands="configtest" +extra_started_commands="rotate" + +description_configtest="Run rsyslogd's internal config check." + +description_rotate="Sends rsyslogd a signal to re-open its log files." + +depend() { + need clock hostname localmount + provide logger +} + +start_pre() { + if [ "${RC_CMD}" != "restart" ]; then + configtest || return 1 + fi +} + +stop_pre() { + if [ "${RC_CMD}" = "restart" ]; then + configtest || return 1 + fi +} + +stop_post() { + rm -f ${RSYSLOG_PIDFILE} +} + +configtest() { + # This will currently only detect fatal errors + # See https://github.com/rsyslog/rsyslog/issues/79 + + local _test_command="${command} -N 999 -f ${RSYSLOG_CONFIGFILE}" + local _retval=0 + + ebegin "Checking rsyslogd's configuration" + ${_test_command} &>/dev/null + _retval=$? + + if [ ${_retval} -ne 0 ]; then + ${_test_command} + fi + + eend ${_retval} "failed, please correct errors above" +} + +rotate() { + ebegin "Re-opening rsyslogd logs" + start-stop-daemon --signal SIGHUP --pidfile "${RSYSLOG_PIDFILE}" + eend $? +} diff --git a/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1 b/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1 new file mode 100644 index 0000000..1eae30e --- /dev/null +++ b/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1 @@ -0,0 +1,37 @@ +# Uncomment the following directive if you have re-enabled +# "/var/log/syslog" in "/etc/rsyslog.d/50-default.conf" +#/var/log/syslog +#{ +# rotate 7 +# daily +# missingok +# notifempty +# delaycompress +# compress +# postrotate +# test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null +# endscript +#} + +/var/log/auth.log +/var/log/cron.log +/var/log/daemon.log +/var/log/kern.log +/var/log/lpr.log +/var/log/mail.log +/var/log/news.log +/var/log/user.log +/var/log/debug.log +/var/log/messages +{ + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null + endscript +} diff --git a/app-admin/rsyslog/metadata.xml b/app-admin/rsyslog/metadata.xml new file mode 100644 index 0000000..6f23de3 --- /dev/null +++ b/app-admin/rsyslog/metadata.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer> + <email>ultra...@gentoo.org</email> + <name>Ultrabug</name> + <description>Primary Maintainer</description> + </maintainer> + <maintainer> + <email>whi...@whissi.de</email> + <name>Thomas D. (Whissi)</name> + <description>Proxy-Maintainer, CC. bugs</description> + </maintainer> + <use> + <flag name="dbi">Build the general database output module (requires <pkg>dev-db/libdbi</pkg>)</flag> + <flag name="elasticsearch">Build the Elasticsearch output module (requires <pkg>net-misc/curl</pkg>)</flag> + <flag name="extras">Add support for the UDP spoofing module (omudpspoof) using <pkg>net-libs/libnet</pkg></flag> + <flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag> + <flag name="kerberos">Build the GSSAPI input and output module (requires <pkg>virtual/krb5</pkg>)</flag> + <flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag> + <flag name="mysql">Build the MySQL databse output module (requires <pkg>virtual/mysql</pkg>)</flag> + <flag name="normalize">Build the normalize modify module (requires <pkg>dev-libs/libee</pkg> and <pkg>dev-libs/liblognorm</pkg>)</flag> + <flag name="omudpspoof">Build the udpspoof output module (requires <pkg>net-libs/libnet</pkg>)</flag> + <flag name="oracle">Build the Oracle database output module (requires <pkg>dev-db/oracle-instantclient-basic</pkg>)</flag> + <flag name="postgres">Build the PostgreSQL database output module (requires <pkg>dev-db/postgresql-base</pkg>)</flag> + <flag name="rabbitmq">Build the RabbitMQ output module (requires <pkg>net-libs/rabbitmq-c</pkg>)</flag> + <flag name="redis">Build the Redis output module using (requires <pkg>dev-libs/hiredis</pkg>)</flag> + <flag name="relp">Build the Reliable Event Logging Protocol (RELP) output module (requires <pkg>dev-libs/librelp</pkg>)</flag> + <flag name="rfc3195">Build the rfc3195 input module (requires <pkg>dev-libs/liblogging</pkg>)</flag> + <flag name="rfc5424hmac">Build the rfc5424hmac modify module (requires <pkg>dev-libs/openssl</pkg>)</flag> + <flag name="snmp">Build the snmp modify and output module (requires <pkg>net-analyzer/net-snmp</pkg>)</flag> + <flag name="ssl">Add support for encrypted client/server communication (requires <pkg>net-libs/gnutls</pkg>)</flag> + <flag name="systemd">Build the journal input and output module (requires <pkg>sys-apps/systemd</pkg>)</flag> + <flag name="usertools">Installs the user tools (rsgtutil, rscryutil...) corresponding to the set USE flags</flag> + <flag name="zeromq">Build the ZeroMQ input and output modules (requires <pkg>net-libs/zeromq</pkg>)</flag> + </use> + <upstream> + <bugs-to>https://github.com/rsyslog/rsyslog/issues</bugs-to> + <remote-id type="cpe">cpe:/a:rsyslog:rsyslog</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-admin/rsyslog/rsyslog-7.6.3.ebuild b/app-admin/rsyslog/rsyslog-7.6.3.ebuild new file mode 100644 index 0000000..c73667a --- /dev/null +++ b/app-admin/rsyslog/rsyslog-7.6.3.ebuild @@ -0,0 +1,327 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI=5 +AUTOTOOLS_AUTORECONF=1 + +inherit autotools-utils eutils systemd + +DESCRIPTION="An enhanced multi-threaded syslogd with database support and more" +HOMEPAGE="http://www.rsyslog.com/"; +SRC_URI="http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz"; + +LICENSE="GPL-3 LGPL-3 Apache-2.0" +KEYWORDS="~amd64 ~x86" +SLOT="0" +IUSE="dbi debug doc elasticsearch +gcrypt kerberos mongodb mysql normalize omudpspoof oracle postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd usertools zeromq" + +RDEPEND=" + >=dev-libs/json-c-0.11:= + >=dev-libs/libestr-0.1.9 + >=dev-libs/liblogging-1.0.1:=[stdlog] + >=sys-libs/zlib-1.2.5 + dbi? ( >=dev-db/libdbi-0.8.3 ) + elasticsearch? ( >=net-misc/curl-7.35.0 ) + gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= ) + kerberos? ( virtual/krb5 ) + mongodb? ( >=dev-libs/libmongo-client-0.1.4 ) + mysql? ( virtual/mysql ) + normalize? ( + >=dev-libs/libee-0.4.0 + >=dev-libs/liblognorm-0.3.1:= + !>=dev-libs/liblognorm-1.0.0 + ) + omudpspoof? ( >=net-libs/libnet-1.1.6 ) + oracle? ( >=dev-db/oracle-instantclient-basic-10.2 ) + postgres? ( >=dev-db/postgresql-base-8.4.20 ) + rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0 ) + redis? ( >=dev-libs/hiredis-0.11.0 ) + relp? ( >=dev-libs/librelp-1.2.5 ) + rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] ) + rfc5424hmac? ( >=dev-libs/openssl-0.9.8y ) + snmp? ( >=net-analyzer/net-snmp-5.7.2 ) + ssl? ( >=net-libs/gnutls-2.12.23 ) + systemd? ( >=sys-apps/systemd-208 ) + zeromq? ( >=net-libs/czmq-1.2.0 )" +DEPEND="${RDEPEND} + virtual/pkgconfig" + +BRANCH="7-stable" + +# Test suite requires a special setup or will always fail +RESTRICT="test" + +# Maitainer note : open a bug to upstream +# showing that building in a separate dir fails +AUTOTOOLS_IN_SOURCE_BUILD=1 + +AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules" + +DOCS=( + AUTHORS + ChangeLog + doc/rsyslog-example.conf + "${FILESDIR}"/${BRANCH}/README.gentoo +) + +PATCHES=( + "${FILESDIR}"/${BRANCH}/${PN}-7.x-mmjsonparse.patch + "${FILESDIR}"/${BRANCH}/fix-omruleset-default-value.patch + "${FILESDIR}"/${BRANCH}/bugfix_52.patch + "${FILESDIR}"/${BRANCH}/bugfix_73.patch +) + +src_configure() { + # Maintainer notes: + # * Guardtime support is missing because libgt isn't yet available + # in portage. + # * Hadoop's HDFS file system output module is currently not + # supported in Gentoo because nobody is able to test it + # (JAVA dependency). + # * dev-libs/hiredis doesn't provide pkg-config (see #504614, + # upstream PR 129 and 136) so we need to export HIREDIS_* + # variables because rsyslog's build system depends on pkg-config. + + if use redis; then + export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis" + export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include" + fi + + local myeconfargs=( + # Input Plugins without depedencies + --enable-imfile + --enable-impstats + --enable-imptcp + --enable-imttcp + # Message Modificiation Plugins without depedencies + --enable-mmanon + --enable-mmaudit + --enable-mmcount + --enable-mmfields + --enable-mmjsonparse + --enable-mmpstrucdata + --enable-mmsequence + --enable-mmutf8fix + # Output Modification Plugins without dependencies + --enable-mail + --enable-omprog + --enable-omruleset + --enable-omstdout + --enable-omuxsock + # Misc + --enable-pmaixforwardedfrom + --enable-pmcisconames + --enable-pmlastmsg + --enable-pmrfc3164sd + --enable-pmsnare + --enable-sm_cust_bindcdr + # DB + $(use_enable dbi libdbi) + $(use_enable mongodb ommongodb) + $(use_enable mysql) + $(use_enable oracle) + $(use_enable postgres pgsql) + $(use_enable redis omhiredis) + # Debug + $(use_enable debug) + $(use_enable debug diagtools) + $(use_enable debug imdiag) + $(use_enable debug memcheck) + $(use_enable debug rtinst) + $(use_enable debug valgrind) + # Misc + $(use_enable elasticsearch) + $(use_enable gcrypt libgcrypt) + $(use_enable kerberos gssapi-krb5) + $(use_enable normalize mmnormalize) + $(use_enable omudpspoof) + $(use_enable rabbitmq omrabbitmq) + $(use_enable relp) + $(use_enable rfc3195) + $(use_enable rfc5424hmac mmrfc5424addhmac) + $(use_enable snmp) + $(use_enable snmp mmsnmptrapd) + $(use_enable ssl gnutls) + $(use_enable systemd imjournal) + $(use_enable systemd omjournal) + $(use_enable usertools) + $(use_enable zeromq imzmq3) + $(use_enable zeromq omzmq3) + "$(systemd_with_unitdir)" + ) + + autotools-utils_src_configure +} + +src_install() { + use doc && HTML_DOCS=( "${S}"/doc/ ) + autotools-utils_src_install + + newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN} + newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN} + + keepdir /var/empty/dev + keepdir /var/spool/${PN} + keepdir /etc/ssl/${PN} + keepdir /etc/${PN}.d + + insinto /etc + newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf + + insinto /etc/rsyslog.d/ + doins "${FILESDIR}/${BRANCH}/50-default.conf" + + insinto /etc/logrotate.d/ + newins "${FILESDIR}/${BRANCH}/${PN}.logrotate-r1" ${PN} + + if use mysql; then + insinto /usr/share/doc/${PF}/scripts/mysql + doins plugins/ommysql/{createDB.sql,contrib/delete_mysql} + fi + + if use postgres; then + insinto /usr/share/doc/${PF}/scripts/pgsql + doins plugins/ompgsql/createDB.sql + fi +} + +pkg_postinst() { + local advertise_readme=0 + + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + advertise_readme=1 + + if use mysql || use postgres; then + echo + elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:" + elog " /usr/share/doc/${PF}/scripts" + fi + + if use ssl; then + echo + elog "To create a default CA and certificates for your server and clients, run:" + elog " emerge --config =${PF}" + elog "on your logging server. You can run it several times," + elog "once for each logging client. The client certificates will be signed" + elog "using the CA certificate generated during the first run." + fi + fi + + if [[ -z "${REPLACING_VERSIONS}" ]] || [[ ${REPLACING_VERSIONS} < 8.0 ]]; then + # Show this message until rsyslog-8.x + echo + elog "Since ${PN}-7.6.3 we no longer use the catch-all log target" + elog "\"/var/log/syslog\" due to its redundancy to the other log targets." + + advertise_readme=1 + fi + + if [[ ${advertise_readme} -gt 0 ]]; then + # We need to show the README file location + + echo "" + elog "Please read" + elog "" + elog " ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*" + elog "" + elog "for more details." + fi +} + +pkg_config() { + if ! use ssl ; then + einfo "There is nothing to configure for rsyslog unless you" + einfo "used USE=ssl to build it." + return 0 + fi + + # Make sure the certificates directory exists + CERTDIR="${EROOT}/etc/ssl/${PN}" + if [ ! -d "${CERTDIR}" ]; then + mkdir "${CERTDIR}" || die + fi + einfo "Your certificates will be stored in ${CERTDIR}" + + # Create a default CA if needed + if [ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]; then + einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = Portage automated CA + ca + cert_signing_key + expiration_days = 3650 + _EOF + + certtool --generate-self-signed \ + --load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --outfile "${CERTDIR}/${PN}_ca.cert.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem" + + # Create the server certificate + echo + einfon "Please type the Common Name of the SERVER you wish to create a certificate for: " + read -r CN + + einfo "Creating private key and certificate for server ${CN}..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = ${CN} + tls_www_server + dns_name = ${CN} + expiration_days = 3650 + _EOF + + certtool --generate-certificate \ + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" + + else + einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation." + fi + + # Create a client certificate + echo + einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: " + read -r CN + + einfo "Creating private key and certificate for client ${CN}..." + certtool --generate-privkey \ + --outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem" + + cat > "${T}/${PF}.$$" <<- _EOF + cn = ${CN} + tls_www_client + dns_name = ${CN} + expiration_days = 3650 + _EOF + + certtool --generate-certificate \ + --outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \ + --load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \ + --load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \ + --load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \ + --template "${T}/${PF}.$$" &>/dev/null + chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem" + + rm -f "${T}/${PF}.$$" + + echo + einfo "Here is the documentation on how to encrypt your log traffic:" + einfo " http://www.rsyslog.com/doc/rsyslog_tls.html"; +}
