search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
pre-receive: tolerate an unlimited number of .pack files
[girocco.git] / install.sh
blobbf8bf32927e4dfdab633e7eaafe11892b7af62d2
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
23
24 # First run Girocco::Config consistency checks
25 perl -I. -M$GIROCCO_CONF -e ''
26
27 . ./shlib.sh
28 umask 0022
29 "$var_perl_bin" toolbox/check-perl-modules.pl
30
31 owngroup=""
32 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
33 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
34 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
35 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
36 exit 1
37 fi
38
39
40 # Check for extra required tools
41 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint >/dev/null; then
42 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
43 exit 1
44 fi
45
46
47 echo "*** Checking for compiled utilities..."
48 if [ ! -x src/can_user_push ]; then
49 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
50 echo "ERROR: perhaps you forgot to run make?" >&2
51 exit 1
52 fi
53 if [ ! -x src/can_user_push_http ]; then
54 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
55 echo "ERROR: perhaps you forgot to run make?" >&2
56 exit 1
57 fi
58 if [ ! -x src/getent ]; then
59 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
60 echo "ERROR: perhaps you forgot to run make?" >&2
61 exit 1
62 fi
63 if [ ! -x src/get_user_uuid ]; then
64 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
65 echo "ERROR: perhaps you forgot to run make?" >&2
66 exit 1
67 fi
68 if [ ! -x src/peek_packet ]; then
69 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
70 echo "ERROR: perhaps you forgot to run make?" >&2
71 exit 1
72 fi
73 if [ ! -x src/rangecgi ]; then
74 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
75 echo "ERROR: perhaps you forgot to run make?" >&2
76 exit 1
77 fi
78 if [ ! -x src/throttle ]; then
79 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
80 echo "ERROR: perhaps you forgot to run make?" >&2
81 exit 1
82 fi
83
84
85 echo "*** Checking for ezcert..."
86 if ! [ -f ezcert.git/CACreateCert -a -x ezcert.git/CACreateCert ]; then
87 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
88 exit 1
89 fi
90
91
92 echo "*** Checking for git..."
93 case "$cfg_git_bin" in /*) :;; *)
94 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
95 exit 1
96 esac
97 if [ ! -x "$cfg_git_bin" ]; then
98 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
99 exit 1
100 fi
101 if ! git_version="$("$cfg_git_bin" version)"; then
102 echo "ERROR: $cfg_git_bin version failed" >&2
103 exit 1
104 fi
105 case "$git_version" in
106 [Gg]"it version "*) :;;
107 *)
108 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
109 exit 1
110 esac
111 echo "Found $cfg_git_bin $git_version"
112 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
113 echo "*** Checking Git $git_vernum for compatibility..."
114 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
115 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
116 exit 1
117 fi
118 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
119 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
120 fi
121 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
122 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.3, some Girocco functionality will be disabled'
123 fi
124 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
125 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
126 fi
127 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
128 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
129 fi
130 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
131 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
132 echo 'WARNING: See http://thread.gmane.org/gmane.comp.version-control.git/261638 for details'
133 fi
134 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
135 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
136 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
137 fi
138 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
139 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
140 fi
141 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
142 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
143 fi
144 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
145 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
146 fi
147 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
148 cat <<'EOT'
149
150 ***
151 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
152 ***
153
154 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
155 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
156 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
157
158 In order to bypass this check you will have to modify install.sh in which case
159 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
160
161 EOT
162 exit 1
163 fi
164 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
165 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
166 fi
167 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
168 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
169 fi
170 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
171 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.11, security issues exist'
172 cat <<'EOT'
173
174 ***
175 *** IMPORTANT: $Girocco::Config::git_bin is set to a version of Git prior to 2.4.11
176 ***
177
178 Besides the security fixes included in 2.4.11, versions prior to 2.2.0
179 may accidentally prune unreachable loose objects earlier than intended.
180 Since Git version 2.4.11 is the minimum version to include all security
181 fixes to date, it should be considered the absolute minimum version of
182 Git to use when running Girocco.
183
184 This is not enforced, but Git is easy to build from the git.git submodule
185 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
186
187 EOT
188 fi
189 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
190 echo 'WARNING: $Girocco::Config::git_bin version >= 2.5.0 and < 2.5.5, security issues exist'
191 fi
192 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
193 echo 'WARNING: $Girocco::Config::git_bin version >= 2.6.0 and < 2.6.6, security issues exist'
194 fi
195 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
196 echo 'WARNING: $Girocco::Config::git_bin version >= 2.7.0 and < 2.7.4, security issues exist'
197 fi
198 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
199 cat <<'EOT'
200
201 ***
202 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
203 ***
204
205 You appear to have enabled mirroring and the Git binary you have selected
206 appears to contain an experimental patch that cannot be disabled. This
207 patch can generate invalid network DNS traffic and/or cause long delays
208 when fetching using the "git:" protocol when no port number is specified.
209 It may also end up retrieving repsitory contents from a host other than
210 the one specified in the "git:" URL when the port is omitted.
211
212 You are advised to either build your own version of Git (the problem patch
213 is not part of the official Git repository) or disable mirroring (via the
214 $Girocco::Config:mirror setting) to avoid these potential problems.
215
216 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
217
218 EOT
219 fi
220
221
222 chown_make() {
223 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
224 find "$@" -user root -print0 2>/dev/null | \
225 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
226 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
227 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
228 fi
229 }
230
231 echo "*** Setting up basedir..."
232 "$MAKE" --no-print-directory --silent apache.conf
233 chown_make apache.conf
234 "$MAKE" --no-print-directory --silent -C src
235 chown_make src
236 rm -fr "$cfg_basedir"
237 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb" "$cfg_basedir/cgi"
238 cp cgi/*.cgi "$cfg_basedir/cgi"
239 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
240 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/peek_packet src/rangecgi \
241 src/throttle ezcert.git/CACreateCert cgi/authrequired.cgi cgi/snapshot.cgi "$cfg_basedir/bin"
242 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
243 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
244 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
245
246 # Put the correct Config in place
247 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
248
249 shbin="${cfg_posix_sh_bin:-/bin/sh}"
250 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] || {
251 echo "ERROR: invalid $Girocco::Config::posix_sh_bin setting" >&2
252 exit 1
253 }
254 ln -s "$shbin" "$cfg_basedir/bin"
255 perlbin="$var_perl_bin"
256 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl ", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] || {
257 echo "ERROR: invalid $Girocco::Config::perl_bin setting" >&2
258 exit 1
259 }
260 ln -s "$perlbin" "$cfg_basedir/bin"
261
262 echo "*** Preprocessing scripts..."
263 SHBIN="$shbin" && export SHBIN
264 PERLBIN="$perlbin" && export PERLBIN
265 perl -I. -M$GIROCCO_CONF -i -p \
266 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
267 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
268 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
269 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
270 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
271 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
272 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
273 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
274 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
275 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
276 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
277 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
278 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
279 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
280 -e 's/\@var_xargs_r\@/"'"$var_xargs_r"'"/g;' \
281 -e 'close ARGV if eof;' \
282 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
283 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
284 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
285 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
286 "$cfg_basedir"/toolbox/reports/*.sh \
287 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
288 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
289 "$cfg_basedir"/bin/*.cgi "$cfg_basedir"/screen/*
290 perl -i -p \
291 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
292 -e 'close ARGV if eof;' \
293 "$cfg_basedir"/jobd/jobd.pl "$cfg_basedir"/taskd/taskd.pl \
294 "$cfg_basedir"/bin/sendmail.pl "$cfg_basedir"/bin/CACreateCert
295 perl -i -p \
296 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
297 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
298 -e 'close ARGV if eof;' \
299 "$cfg_basedir"/bin/format-readme "$cfg_basedir/cgi"/*.cgi
300 unset PERLBIN
301 unset SHBIN
302
303 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
304 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
305
306 if [ -n "$cfg_mirror" ]; then
307 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
308 fi
309 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
310 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
311 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
312
313
314 echo "*** Setting up repository root..."
315 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
316 if [ "$cfg_owning_group" ]; then
317 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
318 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
319 fi
320 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
321 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
322
323
324 if [ -n "$cfg_chrooted" ]; then
325 echo "*** Setting up chroot jail for pushing..."
326 if [ "$(id -u)" -eq 0 ]; then
327 ./jailsetup.sh
328 else
329 echo "WARNING: Skipping jail setup, not root"
330 fi
331 fi
332
333
334 echo "*** Setting up jail configuration (project database)..."
335 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
336 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
337 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
338 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
339 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
340 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
341 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
342 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
343 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
344 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
345
346 echo "*** Setting up gitweb from git.git..."
347 if [ ! -f git.git/Makefile ]; then
348 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
349 exit 1
350 fi
351 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
352 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
353 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH="$shbin" gitweb && \
354 chown_make gitweb && \
355 PERLBIN="$perlbin" && export PERLBIN && \
356 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
357 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
358 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
359 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
360 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
361 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
362 test $? -eq 0
363
364
365 echo "*** Setting up git-browser from git-browser.git..."
366 if [ ! -f git-browser.git/git-browser.cgi ]; then
367 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
368 exit 1
369 fi
370 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
371 (cd git-browser.git && \
372 CFG="$cfg_basedir/gitweb/git-browser.conf" && export CFG && \
373 PERLBIN="$perlbin" && export PERLBIN && perl -p \
374 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
375 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
376 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
377 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
378 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
379 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
380 cp -r JSON "$cfg_cgiroot")
381 test $? -eq 0
382 rm -f "$cfg_webroot"/git-browser/index.html
383 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
384 gitbin: $cfg_git_bin
385 warehouse: $cfg_reporoot
386 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
387 EOT
388 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
389 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
390 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
391 cfg_gitweb_url="$cfg_gitweburl/"
392 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
393 EOT
394 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
395 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
396
397
398 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
399 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
400 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
401 exit 1
402 fi
403 mkdir -p "$cfg_basedir"/bin
404 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
405
406
407 echo "*** Setting up hg-fast-export from fast-export.git..."
408 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
409 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
410 exit 1
411 fi
412 mkdir -p "$cfg_basedir"/bin
413 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
414
415
416 echo "*** Setting up markdown from markdown.git..."
417 if [ ! -f markdown.git/Markdown.pl ]; then
418 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
419 exit 1
420 fi
421 mkdir -p "$cfg_basedir"/bin
422 (PERLBIN="$perlbin" && export PERLBIN && \
423 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
424 markdown.git/Markdown.pl > "$cfg_basedir"/bin/Markdown.pl.$$ && \
425 chmod a+x "$cfg_basedir"/bin/Markdown.pl.$$ && \
426 mv -f "$cfg_basedir"/bin/Markdown.pl.$$ "$cfg_basedir"/bin/Markdown.pl)
427 test $? -eq 0
428
429
430 echo "*** Setting up our part of the website..."
431 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
432 cp "$cfg_basedir"/bin/snapshot.cgi "$cfg_basedir/cgi"
433 cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir/cgi"
434 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir/cgi"/usercert.cgi "$cfg_cgiroot"/usercert.cgi
435 cp "$cfg_basedir/cgi"/*.cgi "$cfg_cgiroot"
436 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
437 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
438 if [ -z "$cfg_httpspushurl" ]; then
439 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
440 else
441 cp gitweb/indextext.html "$cfg_basedir/gitweb"
442 fi
443 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
444 cp mootools.js "$cfg_webroot"
445 cp htaccess "$cfg_webroot/.htaccess"
446 cp cgi/htaccess "$cfg_cgiroot/.htaccess"
447 cp git-favicon.ico "$cfg_webroot/favicon.ico"
448 cp robots.txt "$cfg_webroot"
449 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
450
451
452 if [ -n "$cfg_httpspushurl" ]; then
453 echo "*** Setting up SSL certificates..."
454 bits=2048
455 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
456 bits="$cfg_rsakeylength"
457 fi
458 mkdir -p "$cfg_certsdir"
459 [ -d "$cfg_certsdir" ]
460 wwwcertcn=
461 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
462 wwwcertcn="$( \
463 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
464 sed -e 's,[^/]*,,' \
465 )"
466 fi
467 wwwcertdns=
468 if [ -n "$cfg_wwwcertaltnames" ]; then
469 for dnsopt in $cfg_wwwcertaltnames; do
470 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
471 done
472 fi
473 wwwcertdnsfile=
474 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
475 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
476 fi
477 needroot=
478 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
479 -e "$cfg_certsdir/girocco_client_key.pem" -a \
480 -e "$cfg_certsdir/girocco_www_key.pem" -a \
481 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
482 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
483 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
484 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
485 umask 0077
486 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
487 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
488 rm -f "$cfg_certsdir/girocco_root_crt.pem"
489 umask 0022
490 echo "Created new root key"
491 fi
492 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
493 "$cfg_basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
494 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
495 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
496 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
497 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
498 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
499 echo "Created new root certificate"
500 fi
501 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
502 umask 0077
503 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
504 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
505 rm -f "$cfg_certsdir/girocco_www_crt.pem"
506 umask 0022
507 echo "Created new www key"
508 fi
509 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
510 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
511 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
512 "$cfg_basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
513 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
514 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
515 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
516 echo "Created www certificate"
517 fi
518 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
519 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
520 echo "Created www certificate chain file"
521 fi
522 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
523 umask 0037
524 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
525 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
526 rm -f "$cfg_certsdir/girocco_client_crt.pem"
527 umask 0022
528 echo "Created new client key"
529 fi
530 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
531 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
532 "$cfg_basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
533 --cert "$cfg_certsdir/girocco_root_crt.pem" \
534 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
535 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
536 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
537 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
538 echo "Created client certificate"
539 fi
540 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
541 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
542 echo "Created client certificate suffix file"
543 fi
544 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
545 if [ -n "$cfg_mob" ]; then
546 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
547 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
548 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
549 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
550 echo "Created new mob user key"
551 fi
552 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
553 openssl rsa -in "$cfg_mobuserkey" -pubout |
554 "$cfg_basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
555 --cert "$cfg_clientcert" \
556 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
557 echo "Created mob user client certificate"
558 fi
559 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
560 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
561 else
562 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
563 fi
564 else
565 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
566 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
567 fi
568
569
570 echo "*** Finalizing permissions..."
571 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
572 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"