search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
git.git: pick up latest gitweb updates
[girocco.git] / install.sh
blobe31ef75d1b7b85025115976043ab44c434fa2020
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
23
24 # First run Girocco::Config consistency checks
25 perl -I. -M$GIROCCO_CONF -e ''
26
27 . ./shlib.sh
28 umask 0022
29 "$var_perl_bin" toolbox/check-perl-modules.pl
30
31 owngroup=""
32 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
33 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
34 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
35 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
36 exit 1
37 fi
38
39
40 # Check for extra required tools
41 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint >/dev/null; then
42 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
43 exit 1
44 fi
45
46
47 echo "*** Checking for compiled utilities..."
48 if [ ! -x src/can_user_push ]; then
49 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
50 echo "ERROR: perhaps you forgot to run make?" >&2
51 exit 1
52 fi
53 if [ ! -x src/can_user_push_http ]; then
54 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
55 echo "ERROR: perhaps you forgot to run make?" >&2
56 exit 1
57 fi
58 if [ ! -x src/getent ]; then
59 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
60 echo "ERROR: perhaps you forgot to run make?" >&2
61 exit 1
62 fi
63 if [ ! -x src/get_user_uuid ]; then
64 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
65 echo "ERROR: perhaps you forgot to run make?" >&2
66 exit 1
67 fi
68 if [ ! -x src/list_packs ]; then
69 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
70 echo "ERROR: perhaps you forgot to run make?" >&2
71 exit 1
72 fi
73 if [ ! -x src/peek_packet ]; then
74 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
75 echo "ERROR: perhaps you forgot to run make?" >&2
76 exit 1
77 fi
78 if [ ! -x src/rangecgi ]; then
79 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
80 echo "ERROR: perhaps you forgot to run make?" >&2
81 exit 1
82 fi
83 if [ ! -x src/strftime ]; then
84 echo "ERROR: src/strftime is not built! Did you _REALLY_ read INSTALL?" >&2
85 echo "ERROR: perhaps you forgot to run make?" >&2
86 exit 1
87 fi
88 if [ ! -x src/throttle ]; then
89 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
90 echo "ERROR: perhaps you forgot to run make?" >&2
91 exit 1
92 fi
93
94
95 echo "*** Checking for ezcert..."
96 if ! [ -f ezcert.git/CACreateCert -a -x ezcert.git/CACreateCert ]; then
97 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
98 exit 1
99 fi
100
101
102 echo "*** Checking for git..."
103 case "$cfg_git_bin" in /*) :;; *)
104 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
105 exit 1
106 esac
107 if [ ! -x "$cfg_git_bin" ]; then
108 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
109 exit 1
110 fi
111 if ! git_version="$("$cfg_git_bin" version)"; then
112 echo "ERROR: $cfg_git_bin version failed" >&2
113 exit 1
114 fi
115 case "$git_version" in
116 [Gg]"it version "*) :;;
117 *)
118 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
119 exit 1
120 esac
121 echo "Found $cfg_git_bin $git_version"
122 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
123 echo "*** Checking Git $git_vernum for compatibility..."
124 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
125 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
126 exit 1
127 fi
128 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
129 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
130 fi
131 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
132 cat <<'EOT'
133
134 ***
135 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
136 ***
137
138 Some Girocco functionality will be gracefully disabled and other things will
139 just not work at all such as race condition protection against simultaneous
140 client pushes and server garbage collections.
141
142 EOT
143 fi
144 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
145 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
146 fi
147 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
148 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
149 fi
150 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
151 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
152 echo 'WARNING: See http://thread.gmane.org/gmane.comp.version-control.git/261638 for details'
153 fi
154 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
155 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
156 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
157 fi
158 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
159 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
160 fi
161 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
162 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
163 fi
164 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
165 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
166 fi
167 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
168 cat <<'EOT'
169
170 ***
171 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
172 ***
173
174 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
175 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
176 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
177
178 In order to bypass this check you will have to modify install.sh in which case
179 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
180
181 EOT
182 exit 1
183 fi
184 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
185 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
186 fi
187 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
188 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
189 fi
190 secmsg=
191 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
192 secmsg='prior to 2.4.11'
193 fi
194 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
195 secmsg='2.5.x prior to 2.5.5'
196 fi
197 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
198 secmsg='2.6.x prior to 2.6.6'
199 fi
200 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
201 secmsg='2.7.x prior to 2.7.4'
202 fi
203 if [ -n "$secmsg" ]; then
204 cat <<EOT
205
206 ***
207 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
208 ***
209
210 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
211 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
212
213 Besides the security fixes included in later versions, versions prior to
214 2.2.0 may accidentally prune unreachable loose objects earlier than
215 intended. Since Git version 2.4.11 is the minimum version to include all
216 security fixes to date, it should be considered the absolute minimum
217 version of Git to use when running Girocco.
218
219 This is not enforced, but Git is easy to build from the git.git submodule
220 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
221
222 We will now pause for a moment so you can reflect on this warning.
223
224 EOT
225 sleep 60
226 fi
227 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
228 cat <<'EOT'
229
230 ***
231 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
232 ***
233
234 You appear to have enabled mirroring and the Git binary you have selected
235 appears to contain an experimental patch that cannot be disabled. This
236 patch can generate invalid network DNS traffic and/or cause long delays
237 when fetching using the "git:" protocol when no port number is specified.
238 It may also end up retrieving repsitory contents from a host other than
239 the one specified in the "git:" URL when the port is omitted.
240
241 You are advised to either build your own version of Git (the problem patch
242 is not part of the official Git repository) or disable mirroring (via the
243 $Girocco::Config:mirror setting) to avoid these potential problems.
244
245 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
246
247 EOT
248 sleep 5
249 fi
250
251 chown_make() {
252 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
253 find "$@" -user root -print0 2>/dev/null | \
254 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
255 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
256 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
257 fi
258 }
259
260 echo "*** Setting up basedir..."
261 "$MAKE" --no-print-directory --silent apache.conf
262 chown_make apache.conf
263 "$MAKE" --no-print-directory --silent -C src
264 chown_make src
265 rm -fr "$cfg_basedir"
266 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb" "$cfg_basedir/cgi"
267 cp cgi/*.cgi "$cfg_basedir/cgi"
268 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
269 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/list_packs src/peek_packet \
270 src/rangecgi src/strftime src/throttle ezcert.git/CACreateCert cgi/authrequired.cgi \
271 cgi/snapshot.cgi "$cfg_basedir/bin"
272 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
273 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
274 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
275
276 # Put the correct Config in place
277 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
278
279 ln -s "$cfg_git_bin" "$cfg_basedir/bin/git"
280 shbin="${cfg_posix_sh_bin:-/bin/sh}"
281 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] || {
282 echo "ERROR: invalid $Girocco::Config::posix_sh_bin setting" >&2
283 exit 1
284 }
285 ln -s "$shbin" "$cfg_basedir/bin/sh"
286 perlbin="$var_perl_bin"
287 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl ", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] || {
288 echo "ERROR: invalid $Girocco::Config::perl_bin setting" >&2
289 exit 1
290 }
291 ln -s "$perlbin" "$cfg_basedir/bin/perl"
292
293 echo "*** Preprocessing scripts..."
294 SHBIN="$shbin" && export SHBIN
295 PERLBIN="$perlbin" && export PERLBIN
296 perl -I. -M$GIROCCO_CONF -i -p \
297 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
298 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
299 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
300 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
301 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
302 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
303 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
304 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
305 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
306 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
307 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
308 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
309 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
310 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
311 -e 's/\@var_xargs_r\@/"'"$var_xargs_r"'"/g;' \
312 -e 'close ARGV if eof;' \
313 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
314 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
315 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
316 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
317 "$cfg_basedir"/toolbox/reports/*.sh \
318 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
319 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
320 "$cfg_basedir"/bin/*.cgi "$cfg_basedir"/screen/*
321 perl -i -p \
322 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
323 -e 'close ARGV if eof;' \
324 "$cfg_basedir"/jobd/jobd.pl "$cfg_basedir"/taskd/taskd.pl \
325 "$cfg_basedir"/bin/sendmail.pl "$cfg_basedir"/bin/CACreateCert
326 perl -i -p \
327 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
328 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
329 -e 'close ARGV if eof;' \
330 "$cfg_basedir"/bin/format-readme "$cfg_basedir/cgi"/*.cgi
331 unset PERLBIN
332 unset SHBIN
333
334 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
335 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
336
337 if [ -n "$cfg_mirror" ]; then
338 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
339 fi
340 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
341 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
342 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
343
344
345 echo "*** Setting up repository root..."
346 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
347 if [ "$cfg_owning_group" ]; then
348 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
349 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
350 fi
351 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
352 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
353
354
355 if [ -n "$cfg_chrooted" ]; then
356 echo "*** Setting up chroot jail for pushing..."
357 if [ "$(id -u)" -eq 0 ]; then
358 ./jailsetup.sh
359 else
360 echo "WARNING: Skipping jail setup, not root"
361 fi
362 fi
363
364
365 echo "*** Setting up jail configuration (project database)..."
366 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
367 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
368 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
369 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
370 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
371 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
372 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
373 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
374 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
375 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
376
377 echo "*** Setting up gitweb from git.git..."
378 if [ ! -f git.git/Makefile ]; then
379 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
380 exit 1
381 fi
382 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
383 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
384 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH="$shbin" gitweb && \
385 chown_make gitweb && \
386 PERLBIN="$perlbin" && export PERLBIN && \
387 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
388 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
389 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
390 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
391 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
392 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
393 test $? -eq 0
394
395
396 echo "*** Setting up git-browser from git-browser.git..."
397 if [ ! -f git-browser.git/git-browser.cgi ]; then
398 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
399 exit 1
400 fi
401 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
402 (cd git-browser.git && \
403 CFG="$cfg_basedir/gitweb/git-browser.conf" && export CFG && \
404 PERLBIN="$perlbin" && export PERLBIN && perl -p \
405 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
406 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
407 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
408 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
409 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
410 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
411 cp -r JSON "$cfg_cgiroot")
412 test $? -eq 0
413 rm -f "$cfg_webroot"/git-browser/index.html
414 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
415 gitbin: $cfg_git_bin
416 warehouse: $cfg_reporoot
417 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
418 EOT
419 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
420 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
421 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
422 cfg_gitweb_url="$cfg_gitweburl/"
423 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
424 EOT
425 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
426 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
427
428
429 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
430 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
431 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
432 exit 1
433 fi
434 mkdir -p "$cfg_basedir"/bin
435 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
436
437
438 echo "*** Setting up hg-fast-export from fast-export.git..."
439 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
440 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
441 exit 1
442 fi
443 mkdir -p "$cfg_basedir"/bin
444 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
445
446
447 echo "*** Setting up markdown from markdown.git..."
448 if [ ! -f markdown.git/Markdown.pl ]; then
449 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
450 exit 1
451 fi
452 mkdir -p "$cfg_basedir"/bin
453 (PERLBIN="$perlbin" && export PERLBIN && \
454 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
455 markdown.git/Markdown.pl > "$cfg_basedir"/bin/Markdown.pl.$$ && \
456 chmod a+x "$cfg_basedir"/bin/Markdown.pl.$$ && \
457 mv -f "$cfg_basedir"/bin/Markdown.pl.$$ "$cfg_basedir"/bin/Markdown.pl)
458 test $? -eq 0
459
460
461 echo "*** Setting up our part of the website..."
462 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
463 cp "$cfg_basedir"/bin/snapshot.cgi "$cfg_basedir/cgi"
464 cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir/cgi"
465 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir/cgi"/usercert.cgi "$cfg_cgiroot"/usercert.cgi
466 cp "$cfg_basedir/cgi"/*.cgi "$cfg_cgiroot"
467 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
468 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
469 if [ -z "$cfg_httpspushurl" ]; then
470 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
471 else
472 cp gitweb/indextext.html "$cfg_basedir/gitweb"
473 fi
474 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
475 cp mootools.js "$cfg_webroot"
476 cp htaccess "$cfg_webroot/.htaccess"
477 cp cgi/htaccess "$cfg_cgiroot/.htaccess"
478 cp git-favicon.ico "$cfg_webroot/favicon.ico"
479 cp robots.txt "$cfg_webroot"
480 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
481
482
483 if [ -n "$cfg_httpspushurl" ]; then
484 echo "*** Setting up SSL certificates..."
485 bits=2048
486 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
487 bits="$cfg_rsakeylength"
488 fi
489 mkdir -p "$cfg_certsdir"
490 [ -d "$cfg_certsdir" ]
491 wwwcertcn=
492 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
493 wwwcertcn="$( \
494 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
495 sed -e 's,[^/]*,,' \
496 )"
497 fi
498 wwwcertdns=
499 if [ -n "$cfg_wwwcertaltnames" ]; then
500 for dnsopt in $cfg_wwwcertaltnames; do
501 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
502 done
503 fi
504 wwwcertdnsfile=
505 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
506 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
507 fi
508 needroot=
509 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
510 -e "$cfg_certsdir/girocco_client_key.pem" -a \
511 -e "$cfg_certsdir/girocco_www_key.pem" -a \
512 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
513 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
514 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
515 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
516 umask 0077
517 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
518 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
519 rm -f "$cfg_certsdir/girocco_root_crt.pem"
520 umask 0022
521 echo "Created new root key"
522 fi
523 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
524 "$cfg_basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
525 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
526 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
527 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
528 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
529 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
530 echo "Created new root certificate"
531 fi
532 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
533 umask 0077
534 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
535 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
536 rm -f "$cfg_certsdir/girocco_www_crt.pem"
537 umask 0022
538 echo "Created new www key"
539 fi
540 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
541 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
542 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
543 "$cfg_basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
544 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
545 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
546 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
547 echo "Created www certificate"
548 fi
549 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
550 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
551 echo "Created www certificate chain file"
552 fi
553 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
554 umask 0037
555 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
556 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
557 rm -f "$cfg_certsdir/girocco_client_crt.pem"
558 umask 0022
559 echo "Created new client key"
560 fi
561 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
562 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
563 "$cfg_basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
564 --cert "$cfg_certsdir/girocco_root_crt.pem" \
565 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
566 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
567 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
568 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
569 echo "Created client certificate"
570 fi
571 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
572 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
573 echo "Created client certificate suffix file"
574 fi
575 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
576 if [ -n "$cfg_mob" ]; then
577 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
578 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
579 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
580 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
581 echo "Created new mob user key"
582 fi
583 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
584 openssl rsa -in "$cfg_mobuserkey" -pubout |
585 "$cfg_basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
586 --cert "$cfg_clientcert" \
587 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
588 echo "Created mob user client certificate"
589 fi
590 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
591 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
592 else
593 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
594 fi
595 else
596 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
597 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
598 fi
599
600
601 echo "*** Finalizing permissions..."
602 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
603 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"