install.sh

   1 #!/bin/sh
   2 # The Girocco installation script
   3 # We will OVERWRITE basedir!
   4
   5 set -e
   6
   7 if [ -z "$MAKE" ]; then
   8         echo "ERROR: MAKE not set" >&2
   9         echo "Please run install.sh using 'make install'" >&2
  10         echo "or set MAKE to the name of the GNU make executable" >&2
  11         exit 1
  12 fi
  13
  14 # Run perl module checker
  15 if [ ! -x toolbox/check-perl-modules.pl ]; then
  16         echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
  17         exit 1
  18 fi
  19 toolbox/check-perl-modules.pl
  20
  21 # What Config should we use?
  22 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
  23 echo "*** Initializing using $GIROCCO_CONF..."
  24
  25 # First run Girocco::Config consistency checks
  26 perl -I. -M$GIROCCO_CONF -e ''
  27
  28 . ./shlib.sh
  29
  30 owngroup=""
  31 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
  32 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
  33         echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
  34         echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
  35         exit 1
  36 fi
  37
  38
  39 echo "*** Checking for compiled utilities..."
  40 if [ ! -x src/can_user_push ]; then
  41         echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
  42         echo "ERROR: perhaps you forgot to run make?" >&2
  43         exit 1
  44 fi
  45 if [ ! -x src/can_user_push_http ]; then
  46         echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
  47         echo "ERROR: perhaps you forgot to run make?" >&2
  48         exit 1
  49 fi
  50 if [ ! -x src/getent ]; then
  51         echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
  52         echo "ERROR: perhaps you forgot to run make?" >&2
  53         exit 1
  54 fi
  55 if [ ! -x src/get_user_uuid ]; then
  56         echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
  57         echo "ERROR: perhaps you forgot to run make?" >&2
  58         exit 1
  59 fi
  60
  61
  62 echo "*** Checking for ezcert..."
  63 if [ ! -f ezcert.git/CACreateCert ]; then
  64         echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
  65         exit 1
  66 fi
  67
  68
  69 echo "*** Checking for git..."
  70 if [ ! -x "$cfg_git_bin" ]; then
  71         echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
  72         exit 1
  73 fi
  74 if ! git_version="$("$cfg_git_bin" --version)"; then
  75         echo "ERROR: $cfg_git_bin --version failed" >&2
  76         exit 1
  77 fi
  78 case "$git_version" in
  79         "git version "*) :;;
  80         *)
  81                 echo "ERROR: '$cfg_git_bin --version' output does not start with 'git version '" >&2
  82                 exit 1
  83 esac
  84
  85
  86 echo "*** Setting up basedir..."
  87 "$MAKE" --quiet apache.conf
  88 "$MAKE" --quiet -C src
  89 rm -fr "$cfg_basedir"
  90 mkdir -p "$cfg_basedir"
  91 cp -pR Girocco jobd taskd gitweb html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
  92 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid ezcert.git/CACreateCert cgi/authrequired.cgi "$cfg_basedir/bin"
  93 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
  94 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
  95
  96 # Put the correct Config in place
  97 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
  98
  99
 100 echo "*** Preprocessing scripts..."
 101 perl -I. -M$GIROCCO_CONF -i -p \
 102         -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
 103         -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
 104         -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
 105         -e 's/\@mob\@/"$Girocco::Config::mob"/g;' "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
 106         "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
 107         "$cfg_basedir"/toolbox/* "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
 108         "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir"/screen/*
 109
 110 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
 111 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
 112
 113 if [ -n "$cfg_mirror" ]; then
 114         echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
 115 fi
 116 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
 117 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
 118 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
 119
 120
 121 echo "*** Setting up repository root..."
 122 mkdir -p "$cfg_reporoot" "$cfg_reporoot-recyclebin"
 123 if [ "$cfg_owning_group" ]; then
 124         chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
 125         chgrp "$cfg_owning_group" "$cfg_reporoot-recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot-recyclebin"
 126 fi
 127 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
 128 chmod 02775 "$cfg_reporoot-recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot-recyclebin properly"
 129
 130
 131 if [ -n "$cfg_chrooted" ]; then
 132         echo "*** Setting up chroot jail for pushing..."
 133         if [ "$(id -u)" -eq 0 ]; then
 134                 ./jailsetup.sh
 135         else
 136                 echo "WARNING: Skipping jail setup, not root"
 137         fi
 138 fi
 139
 140
 141 echo "*** Setting up jail configuration (project database)..."
 142 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
 143 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
 144 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
 145 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
 146         echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
 147 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
 148         echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the files"
 149 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
 150         echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
 151 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
 152
 153
 154 echo "*** Setting up gitweb from git.git..."
 155 if [ ! -f git.git/Makefile ]; then
 156         echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
 157         exit 1
 158 fi
 159 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
 160 (cd git.git && "$MAKE" --quiet gitweb && cp gitweb/gitweb.cgi "$cfg_cgiroot" \
 161         && cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
 162
 163
 164 echo "*** Setting up git-browser from git-browser.git..."
 165 if [ ! -f git-browser.git/git-browser.cgi ]; then
 166         echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
 167         exit 1
 168 fi
 169 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
 170 (cd git-browser.git && cp git-browser.cgi "$cfg_cgiroot" \
 171         && cp -r *.html *.js *.css js.lib JSON "$cfg_webroot"/git-browser)
 172 ln -sf "$cfg_webroot/git-browser/JSON" "$cfg_cgiroot"
 173 cat >"$cfg_cgiroot"/git-browser.conf <<EOT
 174 gitbin: $cfg_git_bin
 175 warehouse: $cfg_reporoot
 176 EOT
 177 cat >"$cfg_webroot"/git-browser/GitConfig.js <<EOT
 178 cfg_gitweb_url="$cfg_gitweburl/"
 179 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
 180 EOT
 181
 182
 183 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
 184 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
 185         echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
 186         exit 1
 187 fi
 188 mkdir -p "$cfg_basedir"/bin
 189 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
 190
 191
 192 echo "*** Setting up hg-fast-export from fast-export.git..."
 193 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
 194         echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
 195         exit 1
 196 fi
 197 mkdir -p "$cfg_basedir"/bin
 198 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
 199
 200
 201 echo "*** Setting up our part of the website..."
 202 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
 203 cp cgi/*.cgi gitweb/gitweb_config.perl "$cfg_cgiroot"
 204 rm -f "$cfg_cgiroot"/authrequired.cgi
 205 [ -z "$cfg_httpspushurl" ] || cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_cgiroot"
 206 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_cgiroot"/usercert.cgi
 207 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
 208 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
 209 if [ -z "$cfg_httpspushurl" ]; then
 210         grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_webroot/indextext.html"
 211 else
 212         cp gitweb/indextext.html "$cfg_webroot"
 213 fi
 214 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
 215 cp mootools.js "$cfg_webroot"
 216 cp htaccess "$cfg_webroot/.htaccess"
 217 cp git-favicon.ico "$cfg_webroot/favicon.ico"
 218 cp robots.txt "$cfg_webroot"
 219 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
 220
 221
 222 if [ -n "$cfg_httpspushurl" ]; then
 223         echo "*** Setting up SSL certificates..."
 224         bits=2048
 225         if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
 226             bits="$cfg_rsakeylength"
 227         fi
 228         mkdir -p "$cfg_certsdir"
 229         [ -d "$cfg_certsdir" ]
 230         wwwcertcn=
 231         if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
 232                 wwwcertcn="$( \
 233                         openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
 234                         sed -e 's,[^/]*,,' \
 235                 )"
 236         fi
 237         needroot=
 238         [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
 239         -e "$cfg_certsdir/girocco_client_key.pem" -a \
 240         -e "$cfg_certsdir/girocco_www_key.pem" -a \
 241         -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
 242         -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
 243         if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
 244                 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
 245                 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
 246                 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
 247                 rm -f "$cfg_certsdir/girocco_root_crt.pem"
 248                 echo "Created new root key"
 249         fi
 250         if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
 251                 ezcert.git/CACreateCert --root --key "$cfg_certsdir/girocco_root_key.pem" \
 252                         --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
 253                 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
 254                 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
 255                 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
 256                 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
 257                 echo "Created new root certificate"
 258         fi
 259         if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
 260                 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
 261                 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
 262                 rm -f "$cfg_certsdir/girocco_www_crt.pem"
 263                 echo "Created new www key"
 264         fi
 265         if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" -o "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ]; then
 266                 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
 267                 ezcert.git/CACreateCert --server --key "$cfg_certsdir/girocco_root_key.pem" \
 268                         --cert "$cfg_certsdir/girocco_root_crt.pem" \
 269                         --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
 270                 echo "Created www certificate"
 271         fi
 272         if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
 273                 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
 274                 echo "Created www certificate chain file"
 275         fi
 276         if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
 277                 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
 278                 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
 279                 rm -f "$cfg_certsdir/girocco_client_crt.pem"
 280                 echo "Created new client key"
 281         fi
 282         if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
 283                 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
 284                 ezcert.git/CACreateCert --subca --key "$cfg_certsdir/girocco_root_key.pem" \
 285                         --cert "$cfg_certsdir/girocco_root_crt.pem" \
 286                         --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
 287                 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
 288                 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
 289                 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
 290                 echo "Created client certificate"
 291         fi
 292         if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
 293                 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
 294                 echo "Created client certificate suffix file"
 295         fi
 296         cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
 297         if [ -n "$cfg_mob" ]; then
 298                 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
 299                         openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
 300                         chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
 301                         rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
 302                         echo "Created new mob user key"
 303                 fi
 304                 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
 305                         openssl rsa -in "$cfg_mobuserkey" -pubout |
 306                         ezcert.git/CACreateCert --client --key "$cfg_clientkey" \
 307                                 --cert "$cfg_clientcert" \
 308                                 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
 309                         echo "Created mob user client certificate"
 310                 fi
 311                 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
 312                 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
 313         else
 314                 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
 315         fi
 316 else
 317         rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
 318         rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
 319 fi
 320
 321
 322 echo "*** Finalizing permissions..."
 323 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
 324 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"