install.sh

   1 #!/bin/sh
   2 # The Girocco installation script
   3 # We will OVERWRITE basedir!
   4
   5 set -e
   6
   7 if [ -z "$MAKE" ]; then
   8         echo "ERROR: MAKE not set" >&2
   9         echo "Please run install.sh using 'make install'" >&2
  10         echo "or set MAKE to the name of the GNU make executable" >&2
  11         exit 1
  12 fi
  13
  14 # Run perl module checker
  15 if [ ! -x toolbox/check-perl-modules.pl ]; then
  16         echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
  17         exit 1
  18 fi
  19 toolbox/check-perl-modules.pl
  20
  21 # What Config should we use?
  22 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
  23 echo "*** Initializing using $GIROCCO_CONF..."
  24
  25 # First run Girocco::Config consistency checks
  26 perl -I. -M$GIROCCO_CONF -e ''
  27
  28 . ./shlib.sh
  29
  30 owngroup=""
  31 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
  32 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
  33         echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
  34         echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
  35         exit 1
  36 fi
  37
  38
  39 echo "*** Checking for compiled utilities..."
  40 if [ ! -x src/can_user_push ]; then
  41         echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
  42         echo "ERROR: perhaps you forgot to run make?" >&2
  43         exit 1
  44 fi
  45 if [ ! -x src/can_user_push_http ]; then
  46         echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
  47         echo "ERROR: perhaps you forgot to run make?" >&2
  48         exit 1
  49 fi
  50 if [ ! -x src/getent ]; then
  51         echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
  52         echo "ERROR: perhaps you forgot to run make?" >&2
  53         exit 1
  54 fi
  55 if [ ! -x src/get_user_uuid ]; then
  56         echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
  57         echo "ERROR: perhaps you forgot to run make?" >&2
  58         exit 1
  59 fi
  60 if [ ! -x src/peek_packet ]; then
  61         echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
  62         echo "ERROR: perhaps you forgot to run make?" >&2
  63         exit 1
  64 fi
  65 if [ ! -x src/rangecgi ]; then
  66         echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
  67         echo "ERROR: perhaps you forgot to run make?" >&2
  68         exit 1
  69 fi
  70
  71
  72 echo "*** Checking for ezcert..."
  73 if [ ! -f ezcert.git/CACreateCert ]; then
  74         echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
  75         exit 1
  76 fi
  77
  78
  79 echo "*** Checking for git..."
  80 case "$cfg_git_bin" in /*) :;; *)
  81         echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
  82         exit 1
  83 esac
  84 if [ ! -x "$cfg_git_bin" ]; then
  85         echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
  86         exit 1
  87 fi
  88 if ! git_version="$("$cfg_git_bin" version)"; then
  89         echo "ERROR: $cfg_git_bin version failed" >&2
  90         exit 1
  91 fi
  92 case "$git_version" in
  93         [Gg]"it version "*) :;;
  94         *)
  95                 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
  96                 exit 1
  97 esac
  98 echo "Found $cfg_git_bin $git_version"
  99 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
 100 echo "*** Checking Git $git_vernum for compatibility..."
 101 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
 102         echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
 103         exit 1
 104 fi
 105 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
 106         echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
 107 fi
 108 if [ "$(vcmp "$git_vernum" 1.7.2)" -lt 0 ]; then
 109         echo 'WARNING: $Girocco::Config::git_bin version < 1.7.2, some Girocco functionality will be disabled'
 110 fi
 111 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
 112         echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
 113 fi
 114 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
 115         echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
 116 fi
 117 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
 118         echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
 119         echo 'WARNING: See http://thread.gmane.org/gmane.comp.version-control.git/261638 for details'
 120 fi
 121 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
 122         echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
 123         echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
 124 fi
 125 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
 126         echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
 127 fi
 128 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
 129         echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
 130 fi
 131 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
 132         echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
 133 fi
 134 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
 135         cat <<'EOT'
 136
 137 ***
 138 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
 139 ***
 140
 141 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
 142 with Girocco due to various unresolved issues.  Please either downgrade to 2.1.4
 143 or earlier or, more preferred, upgrade to 2.3.2 or later.
 144
 145 In order to bypass this check you will have to modify install.sh in which case
 146 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
 147
 148 EOT
 149         exit 1
 150 fi
 151 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
 152         echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
 153 fi
 154 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
 155         cat <<'EOT'
 156
 157 ***
 158 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
 159 ***
 160
 161 You appear to have enabled mirroring and the Git binary you have selected
 162 appears to contain an experimental patch that cannot be disabled.  This
 163 patch can generate invalid network DNS traffic and/or cause long delays
 164 when fetching using the "git:" protocol when no port number is specified.
 165 It may also end up retrieving repsitory contents from a host other than
 166 the one specified in the "git:" URL when the port is omitted.
 167
 168 You are advised to either build your own version of Git (the problem patch
 169 is not part of the official Git repository) or disable mirroring (via the
 170 $Girocco::Config:mirror setting) to avoid these potential problems.
 171
 172 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
 173
 174 EOT
 175 fi
 176
 177
 178 chown_make() {
 179         if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
 180                 find "$@" -user root -print0 2>/dev/null | \
 181                 xargs $(: | xargs echo -r) -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
 182         elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
 183                 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
 184         fi
 185 }
 186
 187 echo "*** Setting up basedir..."
 188 "$MAKE" --no-print-directory --quiet apache.conf
 189 chown_make apache.conf
 190 "$MAKE" --no-print-directory --quiet -C src
 191 chown_make src
 192 rm -fr "$cfg_basedir"
 193 mkdir -p "$cfg_basedir"
 194 cp -pR Girocco jobd taskd gitweb html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
 195 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/peek_packet src/rangecgi \
 196         ezcert.git/CACreateCert cgi/authrequired.cgi "$cfg_basedir/bin"
 197 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
 198 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
 199
 200 # Put the correct Config in place
 201 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
 202
 203
 204 echo "*** Preprocessing scripts..."
 205 perl -I. -M$GIROCCO_CONF -i -p \
 206         -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
 207         -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
 208         -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
 209         -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
 210         -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
 211         -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
 212         -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
 213         -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
 214         -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
 215         -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
 216         "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
 217         "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
 218         "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
 219         "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
 220         "$cfg_basedir"/toolbox/reports/*.sh \
 221         "$cfg_basedir"/bin/git-* \
 222         "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
 223         "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir"/screen/*
 224
 225 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
 226 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
 227
 228 if [ -n "$cfg_mirror" ]; then
 229         echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
 230 fi
 231 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
 232 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
 233 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
 234
 235
 236 echo "*** Setting up repository root..."
 237 mkdir -p "$cfg_reporoot" "$cfg_reporoot-recyclebin"
 238 if [ "$cfg_owning_group" ]; then
 239         chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
 240         chgrp "$cfg_owning_group" "$cfg_reporoot-recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot-recyclebin"
 241 fi
 242 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
 243 chmod 02775 "$cfg_reporoot-recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot-recyclebin properly"
 244
 245
 246 if [ -n "$cfg_chrooted" ]; then
 247         echo "*** Setting up chroot jail for pushing..."
 248         if [ "$(id -u)" -eq 0 ]; then
 249                 ./jailsetup.sh
 250         else
 251                 echo "WARNING: Skipping jail setup, not root"
 252         fi
 253 fi
 254
 255
 256 echo "*** Setting up jail configuration (project database)..."
 257 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
 258 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
 259 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
 260 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
 261         echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
 262 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
 263         echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the files"
 264 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
 265         echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
 266 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
 267
 268 echo "*** Setting up gitweb from git.git..."
 269 if [ ! -f git.git/Makefile ]; then
 270         echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
 271         exit 1
 272 fi
 273 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
 274 (cd git.git && "$MAKE" --no-print-directory --quiet NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" gitweb && \
 275         chown_make gitweb && \
 276         perl -pe 's/^(\s*use\s+warnings\s*;.*)$/#$1/' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
 277         chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
 278         chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
 279         mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
 280         cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
 281
 282
 283 echo "*** Setting up git-browser from git-browser.git..."
 284 if [ ! -f git-browser.git/git-browser.cgi ]; then
 285         echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
 286         exit 1
 287 fi
 288 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
 289 (cd git-browser.git && cp git-browser.cgi "$cfg_cgiroot" \
 290         && cp -r *.html *.js *.css js.lib JSON "$cfg_webroot"/git-browser)
 291 rm -f "$cfg_webroot"/git-browser/index.html
 292 ln -sf "$cfg_webroot/git-browser/JSON" "$cfg_cgiroot"
 293 cat >"$cfg_cgiroot"/git-browser.conf <<EOT
 294 gitbin: $cfg_git_bin
 295 warehouse: $cfg_reporoot
 296 EOT
 297 cat >"$cfg_webroot"/git-browser/GitConfig.js <<EOT
 298 cfg_gitweb_url="$cfg_gitweburl/"
 299 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
 300 EOT
 301
 302
 303 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
 304 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
 305         echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
 306         exit 1
 307 fi
 308 mkdir -p "$cfg_basedir"/bin
 309 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
 310
 311
 312 echo "*** Setting up hg-fast-export from fast-export.git..."
 313 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
 314         echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
 315         exit 1
 316 fi
 317 mkdir -p "$cfg_basedir"/bin
 318 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
 319
 320
 321 echo "*** Setting up our part of the website..."
 322 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
 323 cp cgi/*.cgi gitweb/gitweb_config.perl "$cfg_cgiroot"
 324 rm -f "$cfg_cgiroot"/authrequired.cgi
 325 [ -z "$cfg_httpspushurl" ] || cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_cgiroot"
 326 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_cgiroot"/usercert.cgi
 327 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
 328 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
 329 if [ -z "$cfg_httpspushurl" ]; then
 330         grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_webroot/indextext.html"
 331 else
 332         cp gitweb/indextext.html "$cfg_webroot"
 333 fi
 334 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
 335 cp mootools.js "$cfg_webroot"
 336 cp htaccess "$cfg_webroot/.htaccess"
 337 cp git-favicon.ico "$cfg_webroot/favicon.ico"
 338 cp robots.txt "$cfg_webroot"
 339 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
 340
 341
 342 if [ -n "$cfg_httpspushurl" ]; then
 343         echo "*** Setting up SSL certificates..."
 344         bits=2048
 345         if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
 346             bits="$cfg_rsakeylength"
 347         fi
 348         mkdir -p "$cfg_certsdir"
 349         [ -d "$cfg_certsdir" ]
 350         wwwcertcn=
 351         if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
 352                 wwwcertcn="$( \
 353                         openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
 354                         sed -e 's,[^/]*,,' \
 355                 )"
 356         fi
 357         wwwcertdns=
 358         if [ -n "$cfg_wwwcertaltnames" ]; then
 359                 for dnsopt in $cfg_wwwcertaltnames; do
 360                         wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
 361                 done
 362         fi
 363         wwwcertdnsfile=
 364         if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
 365                 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
 366         fi
 367         needroot=
 368         [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
 369         -e "$cfg_certsdir/girocco_client_key.pem" -a \
 370         -e "$cfg_certsdir/girocco_www_key.pem" -a \
 371         -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
 372         -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
 373         if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
 374                 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
 375                 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
 376                 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
 377                 rm -f "$cfg_certsdir/girocco_root_crt.pem"
 378                 echo "Created new root key"
 379         fi
 380         if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
 381                 ezcert.git/CACreateCert --root --key "$cfg_certsdir/girocco_root_key.pem" \
 382                         --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
 383                 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
 384                 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
 385                 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
 386                 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
 387                 echo "Created new root certificate"
 388         fi
 389         if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
 390                 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
 391                 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
 392                 rm -f "$cfg_certsdir/girocco_www_crt.pem"
 393                 echo "Created new www key"
 394         fi
 395         if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
 396                 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
 397                 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
 398                 ezcert.git/CACreateCert --server --key "$cfg_certsdir/girocco_root_key.pem" \
 399                         --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
 400                         --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
 401                 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
 402                 echo "Created www certificate"
 403         fi
 404         if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
 405                 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
 406                 echo "Created www certificate chain file"
 407         fi
 408         if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
 409                 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
 410                 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
 411                 rm -f "$cfg_certsdir/girocco_client_crt.pem"
 412                 echo "Created new client key"
 413         fi
 414         if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
 415                 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
 416                 ezcert.git/CACreateCert --subca --key "$cfg_certsdir/girocco_root_key.pem" \
 417                         --cert "$cfg_certsdir/girocco_root_crt.pem" \
 418                         --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
 419                 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
 420                 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
 421                 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
 422                 echo "Created client certificate"
 423         fi
 424         if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
 425                 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
 426                 echo "Created client certificate suffix file"
 427         fi
 428         cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
 429         if [ -n "$cfg_mob" ]; then
 430                 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
 431                         openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
 432                         chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
 433                         rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
 434                         echo "Created new mob user key"
 435                 fi
 436                 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
 437                         openssl rsa -in "$cfg_mobuserkey" -pubout |
 438                         ezcert.git/CACreateCert --client --key "$cfg_clientkey" \
 439                                 --cert "$cfg_clientcert" \
 440                                 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
 441                         echo "Created mob user client certificate"
 442                 fi
 443                 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
 444                 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
 445         else
 446                 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
 447         fi
 448 else
 449         rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
 450         rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
 451 fi
 452
 453
 454 echo "*** Finalizing permissions..."
 455 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
 456 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"