From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1646319-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id A9F7515802E
	for <garchives@archives.gentoo.org>; Mon, 24 Jun 2024 20:08:26 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id C9E3EE2A68;
	Mon, 24 Jun 2024 20:08:25 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 9FC62E2A68
	for <gentoo-commits@lists.gentoo.org>; Mon, 24 Jun 2024 20:08:25 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id A6226340988
	for <gentoo-commits@lists.gentoo.org>; Mon, 24 Jun 2024 20:08:24 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 200471D32
	for <gentoo-commits@lists.gentoo.org>; Mon, 24 Jun 2024 20:08:23 +0000 (UTC)
From: "Maciej Barć" <xgqt@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Maciej Barć" <xgqt@gentoo.org>
Message-ID: <1719259699.674ec4fbbe6745ff3a18e57fcbda464874495538.xgqt@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: app-admin/rsyslog/, app-admin/rsyslog/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: app-admin/rsyslog/files/50-default-r2.conf app-admin/rsyslog/files/README.gentoo-r1 app-admin/rsyslog/rsyslog-8.2404.0-r1.ebuild
X-VCS-Directories: app-admin/rsyslog/ app-admin/rsyslog/files/
X-VCS-Committer: xgqt
X-VCS-Committer-Name: Maciej Barć
X-VCS-Revision: 674ec4fbbe6745ff3a18e57fcbda464874495538
X-VCS-Branch: master
Date: Mon, 24 Jun 2024 20:08:23 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: f7078fff-55f2-432b-82f9-cfd7b90beb67
X-Archives-Hash: 2c97bddc1ef7a200d7e2f70d1a4cea58

commit:     674ec4fbbe6745ff3a18e57fcbda464874495538
Author:     Maciej Barć <xgqt <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 24 19:26:15 2024 +0000
Commit:     Maciej Barć <xgqt <AT> gentoo <DOT> org>
CommitDate: Mon Jun 24 20:08:19 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=674ec4fb

app-admin/rsyslog: remove /var/empty/dev/log sock

Signed-off-by: Maciej Barć <xgqt <AT> gentoo.org>

 app-admin/rsyslog/files/50-default-r2.conf   | 103 ++++++
 app-admin/rsyslog/files/README.gentoo-r1     |  39 ++
 app-admin/rsyslog/rsyslog-8.2404.0-r1.ebuild | 509 +++++++++++++++++++++++++++
 3 files changed, 651 insertions(+)

diff --git a/app-admin/rsyslog/files/50-default-r2.conf b/app-admin/rsyslog/files/50-default-r2.conf
new file mode 100644
index 000000000000..07f27b6820a1
--- /dev/null
+++ b/app-admin/rsyslog/files/50-default-r2.conf
@@ -0,0 +1,103 @@
+#######################
+### DEFAULT ACTIONS ###
+#######################
+
+auth,authpriv.* action(
+	name="action_auth"
+	type="omfile"
+	File="/var/log/auth.log"
+	FileCreateMode="0600"
+	FileOwner="root"
+	FileGroup="adm"
+	Sync="off"
+)
+
+cron.* action(
+	name="action_cron"
+	type="omfile"
+	File="/var/log/cron.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+daemon.* action(
+	name="action_daemon"
+	type="omfile"
+	File="/var/log/daemon.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+kern.* action(
+	name="action_kern"
+	type="omfile"
+	File="/var/log/kern.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+lpr.* action(
+	name="action_lpr"
+	type="omfile"
+	File="/var/log/lpr.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+mail.* action(
+	name="action_mail"
+	type="omfile"
+	File="/var/log/mail.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+news.* action(
+	name="action_news"
+	type="omfile"
+	File="/var/log/news.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+user.* action(
+	name="action_user"
+	type="omfile"
+	File="/var/log/user.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+*.=debug;auth,authpriv,news,mail.none action(
+	name="action_debug"
+	type="omfile"
+	File="/var/log/debug.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action(
+	name="action_messages"
+	type="omfile"
+	File="/var/log/messages"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+# Uncomment the following directive to re-enable the
+# deprecated "/var/log/syslog" log file (don't forget to re-enable log
+# rotation in "/etc/logrotate.d/rsyslog" if you do that!)
+#*.*;auth,authpriv.none action(
+#	name="action_syslog"
+#	type="omfile"
+#	File="/var/log/syslog"
+#	FileOwner="root"
+#	FileGroup="adm"
+#)
+
+*.emerg action(
+	name="action_emerge"
+	type="omusrmsg"
+	Users="*"
+	action.execOnlyOnceEveryInterval="10"
+)

diff --git a/app-admin/rsyslog/files/README.gentoo-r1 b/app-admin/rsyslog/files/README.gentoo-r1
new file mode 100644
index 000000000000..98f63a39cada
--- /dev/null
+++ b/app-admin/rsyslog/files/README.gentoo-r1
@@ -0,0 +1,39 @@
+Introduction
+============
+
+Since rsyslog version 7.6 we are shipping a new default Gentoo
+configuration. See bug #501982 to learn more about what we were trying to
+achieve by rewriting the entire configuration.
+
+
+Important changes
+=================
+
+1. "/var/log/syslog" log file is now deprecated
+
+   Beginning with rsyslog-7.6, the "/var/log/syslog" log file will no
+   longer being written per default. We are considering this file as
+   deprecated/obsolet for the typical user/system.
+   The content from this log file is still availble through other
+   (dedicated) log files, see
+
+     - /var/log/cron.log
+     - /var/log/daemon.log
+     - /var/log/mail.log
+     - /var/log/messages
+
+   If you really need the old "/var/log/syslog" log file, all you have to
+   do is uncommenting the corresponding configuration directive in
+   "/etc/rsyslog.d/50-default.conf".
+
+   If you do so, don't forget to re-enable log rotation in
+   "/etc/logrotate.d/rsyslog", too.
+
+
+2. "/var/empty/dev/log" no longer default
+
+   Before version 8.2404.0-r1 there was an additional input socket in
+   "/var/empty/dev/log" (default chroot location) in 8.2404.0-r1 that socket
+   was removed form the default configuration. Users can enable that socket
+   if they need to on their own but it shouldn't be necessary when running new
+   versions of openssh.

diff --git a/app-admin/rsyslog/rsyslog-8.2404.0-r1.ebuild b/app-admin/rsyslog/rsyslog-8.2404.0-r1.ebuild
new file mode 100644
index 000000000000..514cb65782b2
--- /dev/null
+++ b/app-admin/rsyslog/rsyslog-8.2404.0-r1.ebuild
@@ -0,0 +1,509 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit autotools linux-info python-any-r1 systemd
+
+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
+HOMEPAGE="https://www.rsyslog.com/
+	https://github.com/rsyslog/rsyslog/"
+
+if [[ "${PV}" == *9999* ]]; then
+	EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"
+	DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"
+
+	inherit git-r3
+else
+	SRC_URI="
+		https://www.rsyslog.com/files/download/${PN}/${P}.tar.gz
+		doc? (
+			https://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz
+		)
+	"
+
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+LICENSE="GPL-3 LGPL-3 Apache-2.0"
+SLOT="0"
+
+IUSE="clickhouse curl dbi debug doc elasticsearch +gcrypt gnutls imhttp"
+IUSE+=" impcap jemalloc kafka kerberos kubernetes mdblookup"
+IUSE+=" mongodb mysql normalize omhttp omhttpfs omudpspoof +openssl"
+IUSE+=" postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp +ssl"
+IUSE+=" systemd test usertools +uuid xxhash zeromq"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="
+	kubernetes? ( normalize )
+	ssl? ( || ( gnutls openssl ) )
+"
+
+BDEPEND=">=dev-build/autoconf-archive-2015.02.24
+	sys-apps/lsb-release
+	virtual/pkgconfig
+	test? (
+		jemalloc? ( <sys-libs/libfaketime-0.9.7 )
+		!jemalloc? ( sys-libs/libfaketime )
+		${PYTHON_DEPS}
+	)"
+
+RDEPEND="
+	>=dev-libs/libfastjson-0.99.8:=
+	>=dev-libs/libestr-0.1.9
+	>=sys-libs/zlib-1.2.5
+	curl? ( >=net-misc/curl-7.35.0 )
+	dbi? ( >=dev-db/libdbi-0.8.3 )
+	elasticsearch? ( >=net-misc/curl-7.35.0 )
+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
+	imhttp? (
+		dev-libs/apr-util
+		www-servers/civetweb
+		virtual/libcrypt:=
+	)
+	impcap? ( net-libs/libpcap )
+	jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )
+	kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )
+	kerberos? ( virtual/krb5 )
+	kubernetes? ( >=net-misc/curl-7.35.0 )
+	mdblookup? ( dev-libs/libmaxminddb:= )
+	mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )
+	mysql? ( dev-db/mysql-connector-c:= )
+	normalize? (
+		>=dev-libs/liblognorm-2.0.3:=
+	)
+	clickhouse? ( >=net-misc/curl-7.35.0 )
+	omhttpfs? ( >=net-misc/curl-7.35.0 )
+	omudpspoof? ( >=net-libs/libnet-1.1.6 )
+	postgres? ( >=dev-db/postgresql-8.4.20:= )
+	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )
+	redis? (
+		>=dev-libs/hiredis-0.11.0:=
+		dev-libs/libevent[threads(+)]
+	)
+	relp? ( >=dev-libs/librelp-1.2.17:= )
+	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
+	rfc5424hmac? (
+		>=dev-libs/openssl-0.9.8y:0=
+	)
+	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
+	ssl? (
+		gnutls? ( >=net-libs/gnutls-2.12.23:0= )
+		openssl? (
+			dev-libs/openssl:0=
+		)
+	)
+	systemd? ( >=sys-apps/systemd-234 )
+	uuid? ( sys-apps/util-linux:0= )
+	xxhash? ( dev-libs/xxhash:= )
+	zeromq? (
+		>=net-libs/czmq-4:=[drafts]
+	)"
+
+DEPEND="
+	${RDEPEND}
+	elibc_musl? ( sys-libs/queue-standalone )
+"
+
+if [[ "${PV}" == "9999" ]]; then
+	BDEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
+	BDEPEND+=" >=app-alternatives/lex-2.5.39-r1"
+	BDEPEND+=" >=app-alternatives/yacc-2.4.3"
+	BDEPEND+=" >=dev-python/docutils-0.12"
+fi
+
+CONFIG_CHECK="~INOTIFY_USER"
+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"
+
+PATCHES=( "${FILESDIR}/${PN}-8.2112.0-pr5024-configure.patch" )
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	if [[ "${PV}" == "9999" ]]; then
+		git-r3_fetch
+		git-r3_checkout
+	else
+		unpack "${P}.tar.gz"
+	fi
+
+	if use doc; then
+		if [[ "${PV}" == "9999" ]]; then
+			local _EGIT_BRANCH=
+			if [[ -n "${EGIT_BRANCH}" ]]; then
+				# Cannot use rsyslog commits/branches for documentation repository
+				_EGIT_BRANCH="${EGIT_BRANCH}"
+
+				unset EGIT_BRANCH
+			fi
+
+			git-r3_fetch "${DOC_REPO_URI}"
+			git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
+
+			if [[ -n "${_EGIT_BRANCH}" ]]; then
+				# Restore previous EGIT_BRANCH information
+				EGIT_BRANCH=${_EGIT_BRANCH}
+			fi
+		else
+			cd "${S}" || die "Cannot change dir into '${S}'"
+			mkdir docs || die "Failed to create docs directory"
+			cd docs || die "Failed to change dir into '${S}/docs'"
+
+			unpack "${PN}-doc-${PV}.tar.gz"
+		fi
+	fi
+}
+
+src_prepare() {
+	default
+
+	# Bug: https://github.com/rsyslog/rsyslog/issues/3626
+	sed -i \
+		-e '\|^#!/bin/bash$|a exit 77' \
+		tests/mmkubernetes-cache-expir*.sh \
+		|| die "Failed to disable known test failure mmkubernetes-cache-expir*.sh"
+
+	sed -i \
+		-e '\|^#!/bin/bash$|a exit 0' \
+		tests/omprog-close-unresponsive*.sh \
+		|| die "Failed to disable test omprog-close-unresponsive*.sh"
+
+	sed -i \
+		-e '\|^#!/bin/bash$|a exit 0' \
+		tests/uxsock_simple.sh \
+		|| die "Failed to disable test uxsock_simple.sh"
+
+	eautoreconf
+}
+
+src_configure() {
+	# Maintainer notes:
+	# * Guardtime support is missing because libgt isn't yet available
+	#   in portage.
+	# * Hadoop's HDFS file system output module is currently not
+	#   supported in Gentoo because nobody is able to test it
+	#   (JAVA dependency).
+	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
+	#   upstream PR 129 and 136) so we need to export HIREDIS_*
+	#   variables because rsyslog's build system depends on pkg-config.
+
+	if use redis ; then
+		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
+		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
+	fi
+
+	local -a myeconfargs=(
+		--disable-debug-symbols
+		--disable-generate-man-pages
+		--without-valgrind-testbench
+		--disable-liblogging-stdlog
+		--disable-imfile-tests  # Some imfile tests fail (noticed in version 8.2208.0)
+		$(use_enable test testbench)
+		$(use_enable test libfaketime)
+		$(use_enable test extended-tests)
+		# Input Plugins without dependencies
+		--enable-imbatchreport
+		--enable-imdiag
+		--enable-imdocker
+		--enable-imfile
+		--enable-improg
+		--enable-impstats
+		--enable-imptcp
+		# Message Modificiation Plugins without dependencies
+		--enable-mmanon
+		--enable-mmaudit
+		--enable-mmcount
+		--enable-mmfields
+		--enable-mmjsonparse
+		--enable-mmpstrucdata
+		--enable-mmrm1stspace
+		--enable-mmsequence
+		--enable-mmtaghostname
+		--enable-mmutf8fix
+		# Output Modification Plugins without dependencies
+		--enable-mail
+		--enable-omprog
+		--enable-omruleset
+		--enable-omstdout
+		--enable-omuxsock
+		# Misc
+		--enable-fmhash
+		--enable-fmunflatten
+		$(use_enable xxhash fmhash-xxhash)
+		--enable-pmaixforwardedfrom
+		--enable-pmciscoios
+		--enable-pmcisconames
+		--enable-pmdb2diag
+		--enable-pmlastmsg
+		$(use_enable normalize pmnormalize)
+		--enable-pmnull
+		--enable-pmpanngfw
+		--enable-pmsnare
+		# DB
+		$(use_enable dbi libdbi)
+		$(use_enable mongodb ommongodb)
+		$(use_enable mysql)
+		$(use_enable postgres pgsql)
+		$(use_enable redis imhiredis)
+		$(use_enable redis omhiredis)
+		# Debug
+		$(use_enable debug)
+		$(use_enable debug diagtools)
+		$(use_enable debug valgrind)
+		# Misc
+		$(use_enable clickhouse)
+		$(use_enable curl fmhttp)
+		$(use_enable elasticsearch)
+		$(use_enable gcrypt libgcrypt)
+		$(use_enable imhttp)
+		$(use_enable impcap)
+		$(use_enable jemalloc)
+		$(use_enable kafka imkafka)
+		$(use_enable kafka omkafka)
+		$(use_enable kerberos gssapi-krb5)
+		$(use_enable kubernetes mmkubernetes)
+		$(use_enable normalize mmnormalize)
+		$(use_enable mdblookup mmdblookup)
+		$(use_enable omhttp)
+		$(use_enable omhttpfs)
+		$(use_enable omudpspoof)
+		$(use_enable rabbitmq omrabbitmq)
+		$(use_enable relp)
+		$(use_enable rfc3195)
+		$(use_enable rfc5424hmac mmrfc5424addhmac)
+		$(use_enable snmp)
+		$(use_enable snmp mmsnmptrapd)
+		$(use_enable gnutls)
+		$(use_enable openssl)
+		$(use_enable systemd imjournal)
+		$(use_enable systemd omjournal)
+		$(use_enable usertools)
+		$(use_enable uuid)
+		$(use_enable zeromq imczmq)
+		$(use_enable zeromq omczmq)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	if use doc && [[ "${PV}" == "9999" ]]; then
+		einfo "Building documentation ..."
+		local doc_dir="${S}/docs"
+		cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"
+		sphinx-build -b html source build || die "Building documentation failed!"
+	fi
+}
+
+src_test() {
+	local _has_increased_ulimit=
+
+	# Sometimes tests aren't executable (i.e. when added via patch)
+	einfo "Adjusting permissions of test scripts ..."
+	find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \
+		die "Failed to adjust test scripts permission"
+
+	if ulimit -n 3072; then
+		_has_increased_ulimit="true"
+	fi
+
+	if ! emake --jobs 1 check; then
+		eerror "Test suite failed! :("
+
+		if [[ -z "${_has_increased_ulimit}" ]]; then
+			eerror "Probably because open file limit couldn't be set to 3072."
+		fi
+
+		if has userpriv ${FEATURES}; then
+			eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
+				"before you submit a bug report."
+		fi
+
+	fi
+}
+
+src_install() {
+	local -a DOCS=(
+		AUTHORS
+		ChangeLog
+		"${FILESDIR}"/README.gentoo-r1
+	)
+
+	use doc && local -a HTML_DOCS=( "${S}/docs/build/." )
+
+	default
+
+	newconfd "${FILESDIR}/${PN}.confd-r1" ${PN}
+	newinitd "${FILESDIR}/${PN}.initd-r1" ${PN}
+
+	systemd_newunit "${FILESDIR}/${PN}.service" ${PN}.service
+
+	keepdir /var/spool/${PN}
+	keepdir /etc/ssl/${PN}
+	keepdir /etc/${PN}.d
+
+	insinto /etc
+	newins "${FILESDIR}/${PN}.conf" ${PN}.conf
+
+	insinto /etc/rsyslog.d/
+	newins "${FILESDIR}/50-default-r2.conf" 50-default.conf
+
+	insinto /etc/logrotate.d/
+	newins "${FILESDIR}/${PN}-r1.logrotate" ${PN}
+
+	if use mysql; then
+		insinto /usr/share/${PN}/scripts/mysql
+		doins plugins/ommysql/createDB.sql
+	fi
+
+	if use postgres; then
+		insinto /usr/share/${PN}/scripts/pgsql
+		doins plugins/ompgsql/createDB.sql
+	fi
+
+	find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	local advertise_readme=0
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+
+		advertise_readme=1
+
+		if use mysql || use postgres; then
+			echo
+			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
+			elog "  /usr/share/doc/${PF}/scripts"
+		fi
+
+		if use ssl; then
+			echo
+			elog "To create a default CA and certificates for your server and clients, run:"
+			elog "  emerge --config =${PF}"
+			elog "on your logging server. You can run it several times,"
+			elog "once for each logging client. The client certificates will be signed"
+			elog "using the CA certificate generated during the first run."
+		fi
+	fi
+
+	if [[ ${advertise_readme} -gt 0 ]]; then
+		# We need to show the README file location
+
+		echo ""
+		elog "Please read"
+		elog ""
+		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
+		elog ""
+		elog "for more details."
+	fi
+}
+
+pkg_config() {
+	if ! use ssl ; then
+		einfo "There is nothing to configure for rsyslog unless you"
+		einfo "used USE=ssl to build it."
+
+		return 0
+	fi
+
+	if ! hash certtool &>/dev/null; then
+		die "certtool not found! Is net-libs/gnutls[tools] is installed?"
+	fi
+
+	# Make sure the certificates directory exists
+	local CERTDIR="${EROOT}/etc/ssl/${PN}"
+	if [[ ! -d "${CERTDIR}" ]]; then
+		mkdir "${CERTDIR}" || die
+	fi
+	einfo "Your certificates will be stored in ${CERTDIR}"
+
+	# Create a default CA if needed
+	if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then
+		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" || die
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = Portage automated CA
+		ca
+		cert_signing_key
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-self-signed \
+			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
+			--template "${T}/${PF}.$$" || die
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		# Create the server certificate
+		echo
+		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
+		read -r CN
+
+		einfo "Creating private key and certificate for server ${CN}..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" || die
+		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = ${CN}
+		tls_www_server
+		dns_name = ${CN}
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-certificate \
+			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	else
+		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
+	fi
+
+	# Create a client certificate
+	echo
+	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
+	read -r CN
+
+	einfo "Creating private key and certificate for client ${CN}..."
+	certtool --generate-privkey \
+		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" || die
+	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+	cat > "${T}/${PF}.$$" <<- _EOF
+	cn = ${CN}
+	tls_www_client
+	dns_name = ${CN}
+	expiration_days = 3650
+	_EOF
+
+	certtool --generate-certificate \
+		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+		--template "${T}/${PF}.$$" || die
+	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	rm -f "${T}/${PF}.$$"
+
+	echo
+	einfo "Here is the documentation on how to encrypt your log traffic:"
+	einfo " https://www.rsyslog.com/doc/rsyslog_tls.html"
+}