app-admin/rsyslog: bump to v8.36.0

Package-Manager: Portage-2.3.40, Repoman-2.3.9

3 files changed, 482 insertions, 1 deletions

diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest
index fe8ef0c90038..47c54f0481e7 100644
--- a/app-admin/rsyslog/Manifest
+++ b/app-admin/rsyslog/Manifest
@@ -3,8 +3,10 @@ DIST rsyslog-8.32.0.tar.gz 2478990 BLAKE2B 21bfc93b55da107bec2eddb89cb42d76990ce
 DIST rsyslog-8.33.1.tar.gz 2494338 BLAKE2B 680ad2c062386e4e3e6c6e1a83cf0001d63da305edae9df527d1079a2fa13b8715e3cbfa211ca908e0005f1762becfd88369a7cd1488134564980137f0e98d86 SHA512 c4b426409e89463a8e8f7f9d0267f2fa1df1a84e947ce7bf91255db88b4cad5b7e607c476ba2db0543af069c44cdbb35330e0839696bf83668200e8ac009c6a0
 DIST rsyslog-8.34.0.tar.gz 2545544 BLAKE2B 66caf277a814563027183ecf267d76067c384adf8d6d7b8543203df9a7c37242722dd35445e4446aacf1e680f5f3957cea40ece8a284ef2a393b4a71e3a2b49c SHA512 69eaececa2f8b98799deac8e6cb2cf635a5117da7a21cbb0b880b7df1d83c6ccf16133dab099a6e5fb865f34c2dad164a1bf1952d16ca116af3b1dd35d15065e
 DIST rsyslog-8.35.0.tar.gz 2590108 BLAKE2B e201c1366b8ab96c070829d51de079212e82216a793eb7622aa91c66e2330981de8be547b1ee7f102ed7d8c8de054d58ba151e95238146a61fba8fe908c5f929 SHA512 3b8845fc057147c2dd740b3bb432e7fb101ad60be5c6bc86a2c2796bcd3f3526c617d45b9e8301388d51047a125ca18ba4ac54f8be2a13eabbbe8fb9361beecc
+DIST rsyslog-8.36.0.tar.gz 2639477 BLAKE2B 9c7343d853f79e2955a8999e2871a2a9b008cb3ef75b94e2381a3a0ff3e49445593d852d7de3819851dc0d4c17a91d966ca2fbfd52e8215ebdbaf6b7ccd68bdf SHA512 b0c8689374b5b0fb5ad9675ad8983ce67bd04d34ad07d39cf8f91498fd2fd21a173f1077e5fa1b66a89a9d93ab011fc6345ac1a3be9961f4794fc9e152c32a50
 DIST rsyslog-docs-8.28.0.tar.gz 4424901 BLAKE2B 9753b1a48b9d3bb045f2d088de5df0bbe5bc9045a82a5cab98b27c2df7648ac312929a173ec34c81ced46cb0eba336d708204b73b57413686769afa882dceaa5 SHA512 c085e09149cfc27ce0cd22edf9ad3f81b111f491fbea79afbc3172882065bd8324e366e3b5d09c885c1a3aa63fe8fbbe154d66488319d4ffc0867f938e1ab07d
 DIST rsyslog-docs-8.32.0.tar.gz 5368254 BLAKE2B 6d1efb191698bb1cfb03660167e5dcf9eea8f2fd2e459c350cd55aa24afcc5fb44d2bc0ef5590c6951326fbd0215aecbd59a6122e88ff449f566b37d1ee00d56 SHA512 e64eba3c40eab35e266826fb7e183418f38eb008f2a21ddf2c523d1e42aacaa20f882a561e5df67a979463048b58232fa82759645a21dc6962f6836ac8f57bce
 DIST rsyslog-docs-8.33.1.tar.gz 6770438 BLAKE2B e076688d7559c16986241149c00f6df603e2c90771222f4f91dc944fbdeace3dbc6e47fc82602f852a7407e064fe31df0a1c2940d521ae6ae21f5663518bfeb7 SHA512 fcc8ffee372c0b0dc2ab1b76dcf68a66ce820996cf2d46a2b5c6fd40e6fad5ef3c33da97a2e88956751597c20cf0c4a9b6537c22db0b3b46d1a734a9d9f95df5
 DIST rsyslog-docs-8.34.0.tar.gz 7419160 BLAKE2B 928e6a4044d6d2161483f934e6c2cd5e489a3ec95b823419d7d57b98a7dd6c73f4d28d17c238471592fe1c692b626b57c7bf647e926c1c38ff5a774e5d2defd5 SHA512 edf9aa63c777624c3dc27dfd64b38893b9b4c9b56941df1d7a8c6bc3cb4cbbfb83e8c356cbefeab7c688ecb6017b66ed99931cb71b69b7c927b4743548dd40d4
 DIST rsyslog-docs-8.35.0.tar.gz 7427270 BLAKE2B 5441080c07a8398cd5d513ba6abe0335f62762f105354105549f0440c0429c62a4f28a4cc84a71d049bc8134cd64bda2c2210a2f30fd5b94f53e0bc783e7c8d1 SHA512 f78d0451eef789d60f7c5ae1eed46c4a9f7a6ade73b829f65aa2373aa786b00e84e8957089532b1b652838bd9f62b41d92530276a0d27e21b8e94d5f0e4728a6
+DIST rsyslog-docs-8.36.0.tar.gz 7570338 BLAKE2B 031f94b88fb97e6c8b01d224279138c371a5f54ecc5d7a9298b4ec6351c5d380065877888ab1969386b76b9e715937b7335bee59c3d5b8ddd4910392a58d08cb SHA512 a93f56c9c9464a9ca87f61169c6fcfaa94608f31210eaac77e882e64bf5f514c887765db6bb57e4defafeb2a6e552506f0274c1ed275306efc1656f5520b5efa
diff --git a/app-admin/rsyslog/metadata.xml b/app-admin/rsyslog/metadata.xml
index d785e232e0a9..5075171a3708 100644
--- a/app-admin/rsyslog/metadata.xml
+++ b/app-admin/rsyslog/metadata.xml
@@ -10,18 +10,20 @@
 		<flag name="dbi">Build the general database output module (requires <pkg>dev-db/libdbi</pkg>)</flag>
 		<flag name="elasticsearch">Build the Elasticsearch output module (requires <pkg>net-misc/curl</pkg>)</flag>
 		<flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag>
+		<flag name="gnutls">Build the GnuTLS network stream driver (requires <pkg>net-libs/gnutls</pkg>)</flag>
 		<flag name="grok">Build the grok modify module (requires <pkg>dev-libs/grok</pkg>)</flag>
 		<flag name="jemalloc">Use <pkg>dev-libs/jemalloc</pkg> for allocations.</flag>
 		<flag name="kafka">Build the Apache Kafka input/output module (requires <pkg>dev-libs/librdkafka</pkg>)</flag>
 		<flag name="kerberos">Build the GSSAPI input and output module (requires <pkg>virtual/krb5</pkg>)</flag>
 		<flag name="kubernetes">Build the kubernetes modify plugin (requires <pkg>net-misc/curl</pkg>)</flag>
-		<flag name="libressl">Use <pkg>dev-libs/libressl</pkg> for building the rfc5424hmac modify module (requires rfc5424hmac USE flag)</flag>
+		<flag name="libressl">Use <pkg>dev-libs/libressl</pkg> instead of <pkg>dev-libs/openssl</pkg> (you still need to enable functionality which requires OpenSSL)</flag>
 		<flag name="mdblookup">Build the MaxMind DB lookup message modify plugin using <pkg>dev-libs/libmaxminddb</pkg></flag>
 		<flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag>
 		<flag name="mysql">Build the MySQL database output module (requires <pkg>virtual/mysql</pkg>)</flag>
 		<flag name="normalize">Build the normalize modify module (requires <pkg>dev-libs/libee</pkg> and <pkg>dev-libs/liblognorm</pkg>)</flag>
 		<flag name="omhttpfs">Build the httpfs output module (requires <pkg>net-misc/curl</pkg>)</flag>
 		<flag name="omudpspoof">Build the udpspoof output module (requires <pkg>net-libs/libnet</pkg>)</flag>
+		<flag name="openssl">Build the OpenSSL network stream driver (requires <pkg>dev-libs/openssl</pkg>)</flag>
 		<flag name="postgres">Build the PostgreSQL database output module (requires <pkg>dev-db/postgresql</pkg>)</flag>
 		<flag name="rabbitmq">Build the RabbitMQ output module (requires <pkg>net-libs/rabbitmq-c</pkg>)</flag>
 		<flag name="redis">Build the Redis output module using (requires <pkg>dev-libs/hiredis</pkg>)</flag>
@@ -33,6 +35,7 @@
 		<flag name="systemd">Build the journal input and output module (requires <pkg>sys-apps/systemd</pkg>)</flag>
 		<flag name="uuid">Include UUIDs in messages (requires <pkg>sys-apps/util-linux</pkg>)</flag>
 		<flag name="usertools">Installs the user tools (rsgtutil, rscryutil...) corresponding to the set USE flags</flag>
+		<flag name="xxhash">Enable xxHash support in fmhash module (requires <pkg>dev-libs/xxhash</pkg>)</flag>
 		<flag name="zeromq">Build the ZeroMQ input and output modules (requires <pkg>net-libs/czmq</pkg>)</flag>
 	</use>
 	<upstream>
diff --git a/app-admin/rsyslog/rsyslog-8.36.0.ebuild b/app-admin/rsyslog/rsyslog-8.36.0.ebuild
new file mode 100644
index 000000000000..023b88252ce1
--- /dev/null
+++ b/app-admin/rsyslog/rsyslog-8.36.0.ebuild
@@ -0,0 +1,476 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit autotools eutils linux-info python-any-r1 systemd
+
+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
+HOMEPAGE="https://www.rsyslog.com/"
+
+BRANCH="8-stable"
+
+if [[ ${PV} == "9999" ]]; then
+	EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"
+
+	DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"
+
+	inherit git-r3
+else
+	MY_PV=${PV%_rc*}
+	MY_FILENAME="${PN}-${PV}.tar.gz"
+	MY_FILENAME_DOCS="${PN}-docs-${PV}.tar.gz"
+	S="${WORKDIR}/${PN}-${MY_PV}"
+
+	# Upstream URL schema:
+	# RC:      https://www.rsyslog.com/files/download/rsyslog/rc/rsyslog-8.18.0.tar.gz
+	#          https://www.rsyslog.com/files/download/rsyslog/rc2/rsyslog-8.18.0.tar.gz
+	# Release: https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.18.0.tar.gz
+
+	MY_URL_PREFIX=
+	if [[ ${PV} = *_rc* ]]; then
+		_tmp_last_index=$(($(get_last_version_component_index ${PV})+1))
+		_tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${PV})
+		if [[ ${_tmp_suffix} = *rc* ]]; then
+			MY_URL_PREFIX="${_tmp_suffix}/"
+		fi
+
+		# Cleaning up temporary variables
+		unset _tmp_last_index
+		unset _tmp_suffix
+	else
+		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86"
+	fi
+
+	SRC_URI="
+		https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-${MY_PV}.tar.gz -> ${MY_FILENAME}
+		doc? ( https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-doc-${MY_PV}.tar.gz -> ${MY_FILENAME_DOCS} )
+	"
+
+	PATCHES=()
+fi
+
+LICENSE="GPL-3 LGPL-3 Apache-2.0"
+SLOT="0"
+IUSE="curl dbi debug doc elasticsearch +gcrypt grok gnutls jemalloc kafka kerberos kubernetes libressl mdblookup"
+IUSE+=" mongodb mysql normalize omhttpfs omudpspoof openssl postgres rabbitmq redis relp rfc3195 rfc5424hmac"
+IUSE+=" snmp ssl systemd test usertools +uuid xxhash zeromq"
+
+RDEPEND="
+	>=dev-libs/libfastjson-0.99.8:=
+	>=dev-libs/libestr-0.1.9
+	>=sys-libs/zlib-1.2.5
+	curl? ( >=net-misc/curl-7.35.0 )
+	dbi? ( >=dev-db/libdbi-0.8.3 )
+	elasticsearch? ( >=net-misc/curl-7.35.0 )
+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
+	grok? ( >=dev-libs/grok-0.9.2 )
+	jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )
+	kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )
+	kerberos? ( virtual/krb5 )
+	kubernetes? ( >=net-misc/curl-7.35.0 )
+	mdblookup? ( dev-libs/libmaxminddb:= )
+	mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )
+	mysql? ( virtual/libmysqlclient:= )
+	normalize? (
+		>=dev-libs/libee-0.4.0
+		>=dev-libs/liblognorm-2.0.3:=
+	)
+	omhttpfs? ( >=net-misc/curl-7.35.0 )
+	omudpspoof? ( >=net-libs/libnet-1.1.6 )
+	postgres? ( >=dev-db/postgresql-8.4.20:= )
+	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )
+	redis? ( >=dev-libs/hiredis-0.11.0:= )
+	relp? ( >=dev-libs/librelp-1.2.14:= )
+	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
+	rfc5424hmac? (
+		!libressl? ( >=dev-libs/openssl-0.9.8y:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
+	ssl? (
+		gnutls? ( >=net-libs/gnutls-2.12.23:0= )
+		openssl? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:0= )
+		)
+	)
+	systemd? ( >=sys-apps/systemd-234 )
+	uuid? ( sys-apps/util-linux:0= )
+	xxhash? ( dev-libs/xxhash:= )
+	zeromq? (
+		>=net-libs/czmq-3.0.2
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/autoconf-archive-2015.02.24
+	virtual/pkgconfig
+	test? (
+		jemalloc? ( <sys-libs/libfaketime-0.9.7 )
+		!jemalloc? ( sys-libs/libfaketime )
+		${PYTHON_DEPS}
+	)"
+
+REQUIRED_USE="
+	kubernetes? ( normalize )
+	ssl ( || ( gnutls openssl ) )
+"
+
+if [[ ${PV} == "9999" ]]; then
+	DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
+	DEPEND+=" >=sys-devel/flex-2.5.39-r1"
+	DEPEND+=" >=sys-devel/bison-2.4.3"
+	DEPEND+=" >=dev-python/docutils-0.12"
+fi
+
+CONFIG_CHECK="~INOTIFY_USER"
+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == "9999" ]]; then
+		git-r3_fetch
+		git-r3_checkout
+	else
+		unpack ${P}.tar.gz
+	fi
+
+	if use doc; then
+		if [[ ${PV} == "9999" ]]; then
+			local _EGIT_BRANCH=
+			if [[ -n "${EGIT_BRANCH}" ]]; then
+				# Cannot use rsyslog commits/branches for documentation repository
+				_EGIT_BRANCH=${EGIT_BRANCH}
+				unset EGIT_BRANCH
+			fi
+
+			git-r3_fetch "${DOC_REPO_URI}"
+			git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
+
+			if [[ -n "${_EGIT_BRANCH}" ]]; then
+				# Restore previous EGIT_BRANCH information
+				EGIT_BRANCH=${_EGIT_BRANCH}
+			fi
+		else
+			cd "${S}" || die "Cannot change dir into '${S}'"
+			mkdir docs || die "Failed to create docs directory"
+			cd docs || die "Failed to change dir into '${S}/docs'"
+			unpack ${MY_FILENAME_DOCS}
+		fi
+	fi
+}
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+src_configure() {
+	# Maintainer notes:
+	# * Guardtime support is missing because libgt isn't yet available
+	#   in portage.
+	# * Hadoop's HDFS file system output module is currently not
+	#   supported in Gentoo because nobody is able to test it
+	#   (JAVA dependency).
+	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
+	#   upstream PR 129 and 136) so we need to export HIREDIS_*
+	#   variables because rsyslog's build system depends on pkg-config.
+
+	if use redis; then
+		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
+		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
+	fi
+
+	local myeconfargs=(
+		--disable-debug-symbols
+		--disable-generate-man-pages
+		--without-valgrind-testbench
+		--disable-liblogging-stdlog
+		$(use_enable test testbench)
+		# Input Plugins without depedencies
+		--enable-imdiag
+		--enable-imfile
+		--enable-impstats
+		--enable-imptcp
+		# Message Modificiation Plugins without depedencies
+		--enable-mmanon
+		--enable-mmaudit
+		--enable-mmcount
+		--enable-mmfields
+		--enable-mmjsonparse
+		--enable-mmpstrucdata
+		--enable-mmrm1stspace
+		--enable-mmsequence
+		--enable-mmutf8fix
+		# Output Modification Plugins without dependencies
+		--enable-mail
+		--enable-omprog
+		--enable-omruleset
+		--enable-omstdout
+		--enable-omuxsock
+		# Misc
+		--enable-fmhash
+		$(use_enable xxhash fmhash-xxhash)
+		--enable-pmaixforwardedfrom
+		--enable-pmciscoios
+		--enable-pmcisconames
+		--enable-pmlastmsg
+		--enable-pmsnare
+		# DB
+		$(use_enable dbi libdbi)
+		$(use_enable mongodb ommongodb)
+		$(use_enable mysql)
+		$(use_enable postgres pgsql)
+		$(use_enable redis omhiredis)
+		# Debug
+		$(use_enable debug)
+		$(use_enable debug diagtools)
+		$(use_enable debug memcheck)
+		$(use_enable debug valgrind)
+		# Misc
+		$(use_enable curl fmhttp)
+		$(use_enable elasticsearch)
+		$(use_enable gcrypt libgcrypt)
+		$(use_enable jemalloc)
+		$(use_enable kafka imkafka)
+		$(use_enable kafka omkafka)
+		$(use_enable kerberos gssapi-krb5)
+		$(use_enable kubernetes mmkubernetes)
+		$(use_enable normalize mmnormalize)
+		$(use_enable mdblookup mmdblookup)
+		$(use_enable grok mmgrok)
+		$(use_enable omhttpfs)
+		$(use_enable omudpspoof)
+		$(use_enable rabbitmq omrabbitmq)
+		$(use_enable relp)
+		$(use_enable rfc3195)
+		$(use_enable rfc5424hmac mmrfc5424addhmac)
+		$(use_enable snmp)
+		$(use_enable snmp mmsnmptrapd)
+		$(use_enable gnutls)
+		$(use_enable openssl)
+		$(use_enable systemd imjournal)
+		$(use_enable systemd omjournal)
+		$(use_enable usertools)
+		$(use_enable uuid)
+		$(use_enable zeromq imczmq)
+		$(use_enable zeromq omczmq)
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	if use doc && [[ "${PV}" == "9999" ]]; then
+		einfo "Building documentation ..."
+		local doc_dir="${S}/docs"
+		cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"
+		sphinx-build -b html source build || die "Building documentation failed!"
+	fi
+}
+
+src_test() {
+	local _has_increased_ulimit=
+
+	# Sometimes tests aren't executable (i.e. when added via patch)
+	einfo "Adjusting permissions of test scripts ..."
+	find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \
+		die "Failed to adjust test scripts permission"
+
+	if ulimit -n 3072; then
+		_has_increased_ulimit="true"
+	fi
+
+	if ! emake --jobs 1 check; then
+		eerror "Test suite failed! :("
+
+		if [[ -z "${_has_increased_ulimit}" ]]; then
+			eerror "Probably because open file limit couldn't be set to 3072."
+		fi
+
+		if has userpriv ${FEATURES}; then
+			eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
+				"before you submit a bug report."
+		fi
+
+	fi
+}
+
+src_install() {
+	local DOCS=(
+		AUTHORS
+		ChangeLog
+		"${FILESDIR}"/${BRANCH}/README.gentoo
+	)
+
+	use doc && local HTML_DOCS=( "${S}/docs/build/." )
+
+	default
+
+	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN}
+	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN}
+
+	keepdir /var/empty/dev
+	keepdir /var/spool/${PN}
+	keepdir /etc/ssl/${PN}
+	keepdir /etc/${PN}.d
+
+	insinto /etc
+	newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
+
+	insinto /etc/rsyslog.d/
+	newins "${FILESDIR}/${BRANCH}/50-default-r1.conf" 50-default.conf
+
+	insinto /etc/logrotate.d/
+	newins "${FILESDIR}/${BRANCH}/${PN}.logrotate" ${PN}
+
+	if use mysql; then
+		insinto /usr/share/doc/${PF}/scripts/mysql
+		doins plugins/ommysql/createDB.sql
+	fi
+
+	if use postgres; then
+		insinto /usr/share/doc/${PF}/scripts/pgsql
+		doins plugins/ompgsql/createDB.sql
+	fi
+
+	prune_libtool_files --modules
+}
+
+pkg_postinst() {
+	local advertise_readme=0
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+
+		advertise_readme=1
+
+		if use mysql || use postgres; then
+			echo
+			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
+			elog "  /usr/share/doc/${PF}/scripts"
+		fi
+
+		if use ssl; then
+			echo
+			elog "To create a default CA and certificates for your server and clients, run:"
+			elog "  emerge --config =${PF}"
+			elog "on your logging server. You can run it several times,"
+			elog "once for each logging client. The client certificates will be signed"
+			elog "using the CA certificate generated during the first run."
+		fi
+	fi
+
+	if [[ ${advertise_readme} -gt 0 ]]; then
+		# We need to show the README file location
+
+		echo ""
+		elog "Please read"
+		elog ""
+		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
+		elog ""
+		elog "for more details."
+	fi
+}
+
+pkg_config() {
+	if ! use ssl ; then
+		einfo "There is nothing to configure for rsyslog unless you"
+		einfo "used USE=ssl to build it."
+		return 0
+	fi
+
+	# Make sure the certificates directory exists
+	local CERTDIR="${EROOT}/etc/ssl/${PN}"
+	if [[ ! -d "${CERTDIR}" ]]; then
+		mkdir "${CERTDIR}" || die
+	fi
+	einfo "Your certificates will be stored in ${CERTDIR}"
+
+	# Create a default CA if needed
+	if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then
+		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = Portage automated CA
+		ca
+		cert_signing_key
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-self-signed \
+			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		# Create the server certificate
+		echo
+		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
+		read -r CN
+
+		einfo "Creating private key and certificate for server ${CN}..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = ${CN}
+		tls_www_server
+		dns_name = ${CN}
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-certificate \
+			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	else
+		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
+	fi
+
+	# Create a client certificate
+	echo
+	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
+	read -r CN
+
+	einfo "Creating private key and certificate for client ${CN}..."
+	certtool --generate-privkey \
+		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+	cat > "${T}/${PF}.$$" <<- _EOF
+	cn = ${CN}
+	tls_www_client
+	dns_name = ${CN}
+	expiration_days = 3650
+	_EOF
+
+	certtool --generate-certificate \
+		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+		--template "${T}/${PF}.$$" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	rm -f "${T}/${PF}.$$"
+
+	echo
+	einfo "Here is the documentation on how to encrypt your log traffic:"
+	einfo " https://www.rsyslog.com/doc/rsyslog_tls.html"
+}