search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
combine-packs.sh: update to latest
[girocco.git] / install.sh
blob6555a6b3b326bea4850d01400abbae343cb622bd
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
23
24 # First run Girocco::Config consistency checks
25 perl -I. -M$GIROCCO_CONF -e ''
26
27 . ./shlib.sh
28 umask 0022
29 "$var_perl_bin" toolbox/check-perl-modules.pl
30
31 owngroup=""
32 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
33 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
34 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
35 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
36 exit 1
37 fi
38
39
40 # Check for extra required tools
41 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint >/dev/null; then
42 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
43 exit 1
44 fi
45
46
47 echo "*** Checking for compiled utilities..."
48 if [ ! -x src/can_user_push ]; then
49 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
50 echo "ERROR: perhaps you forgot to run make?" >&2
51 exit 1
52 fi
53 if [ ! -x src/can_user_push_http ]; then
54 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
55 echo "ERROR: perhaps you forgot to run make?" >&2
56 exit 1
57 fi
58 if [ ! -x src/getent ]; then
59 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
60 echo "ERROR: perhaps you forgot to run make?" >&2
61 exit 1
62 fi
63 if [ ! -x src/get_user_uuid ]; then
64 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
65 echo "ERROR: perhaps you forgot to run make?" >&2
66 exit 1
67 fi
68 if [ ! -x src/peek_packet ]; then
69 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
70 echo "ERROR: perhaps you forgot to run make?" >&2
71 exit 1
72 fi
73 if [ ! -x src/rangecgi ]; then
74 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
75 echo "ERROR: perhaps you forgot to run make?" >&2
76 exit 1
77 fi
78 if [ ! -x src/throttle ]; then
79 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
80 echo "ERROR: perhaps you forgot to run make?" >&2
81 exit 1
82 fi
83 if [ ! -x src/list_packs ]; then
84 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
85 echo "ERROR: perhaps you forgot to run make?" >&2
86 exit 1
87 fi
88
89
90 echo "*** Checking for ezcert..."
91 if ! [ -f ezcert.git/CACreateCert -a -x ezcert.git/CACreateCert ]; then
92 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
93 exit 1
94 fi
95
96
97 echo "*** Checking for git..."
98 case "$cfg_git_bin" in /*) :;; *)
99 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
100 exit 1
101 esac
102 if [ ! -x "$cfg_git_bin" ]; then
103 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
104 exit 1
105 fi
106 if ! git_version="$("$cfg_git_bin" version)"; then
107 echo "ERROR: $cfg_git_bin version failed" >&2
108 exit 1
109 fi
110 case "$git_version" in
111 [Gg]"it version "*) :;;
112 *)
113 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
114 exit 1
115 esac
116 echo "Found $cfg_git_bin $git_version"
117 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
118 echo "*** Checking Git $git_vernum for compatibility..."
119 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
120 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
121 exit 1
122 fi
123 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
124 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
125 fi
126 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
127 cat <<'EOT'
128
129 ***
130 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
131 ***
132
133 Some Girocco functionality will be gracefully disabled and other things will
134 just not work at all such as race condition protection against simultaneous
135 client pushes and server garbage collections.
136
137 EOT
138 fi
139 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
140 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
141 fi
142 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
143 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
144 fi
145 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
146 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
147 echo 'WARNING: See http://thread.gmane.org/gmane.comp.version-control.git/261638 for details'
148 fi
149 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
150 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
151 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
152 fi
153 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
154 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
155 fi
156 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
157 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
158 fi
159 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
160 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
161 fi
162 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
163 cat <<'EOT'
164
165 ***
166 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
167 ***
168
169 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
170 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
171 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
172
173 In order to bypass this check you will have to modify install.sh in which case
174 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
175
176 EOT
177 exit 1
178 fi
179 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
180 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
181 fi
182 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
183 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
184 fi
185 secmsg=
186 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
187 secmsg='prior to 2.4.11'
188 fi
189 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
190 secmsg='2.5.x prior to 2.5.5'
191 fi
192 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
193 secmsg='2.6.x prior to 2.6.6'
194 fi
195 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
196 secmsg='2.7.x prior to 2.7.4'
197 fi
198 if [ -n "$secmsg" ]; then
199 cat <<EOT
200
201 ***
202 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
203 ***
204
205 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
206 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
207
208 Besides the security fixes included in later versions, versions prior to
209 2.2.0 may accidentally prune unreachable loose objects earlier than
210 intended. Since Git version 2.4.11 is the minimum version to include all
211 security fixes to date, it should be considered the absolute minimum
212 version of Git to use when running Girocco.
213
214 This is not enforced, but Git is easy to build from the git.git submodule
215 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
216
217 We will now pause for a moment so you can reflect on this warning.
218
219 EOT
220 sleep 60
221 fi
222 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
223 cat <<'EOT'
224
225 ***
226 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
227 ***
228
229 You appear to have enabled mirroring and the Git binary you have selected
230 appears to contain an experimental patch that cannot be disabled. This
231 patch can generate invalid network DNS traffic and/or cause long delays
232 when fetching using the "git:" protocol when no port number is specified.
233 It may also end up retrieving repsitory contents from a host other than
234 the one specified in the "git:" URL when the port is omitted.
235
236 You are advised to either build your own version of Git (the problem patch
237 is not part of the official Git repository) or disable mirroring (via the
238 $Girocco::Config:mirror setting) to avoid these potential problems.
239
240 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
241
242 EOT
243 sleep 5
244 fi
245
246 chown_make() {
247 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
248 find "$@" -user root -print0 2>/dev/null | \
249 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
250 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
251 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
252 fi
253 }
254
255 echo "*** Setting up basedir..."
256 "$MAKE" --no-print-directory --silent apache.conf
257 chown_make apache.conf
258 "$MAKE" --no-print-directory --silent -C src
259 chown_make src
260 rm -fr "$cfg_basedir"
261 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb" "$cfg_basedir/cgi"
262 cp cgi/*.cgi "$cfg_basedir/cgi"
263 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
264 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/peek_packet src/rangecgi \
265 src/throttle src/list_packs ezcert.git/CACreateCert cgi/authrequired.cgi cgi/snapshot.cgi "$cfg_basedir/bin"
266 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
267 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
268 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
269
270 # Put the correct Config in place
271 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
272
273 ln -s "$cfg_git_bin" "$cfg_basedir/bin/git"
274 shbin="${cfg_posix_sh_bin:-/bin/sh}"
275 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] || {
276 echo "ERROR: invalid $Girocco::Config::posix_sh_bin setting" >&2
277 exit 1
278 }
279 ln -s "$shbin" "$cfg_basedir/bin/sh"
280 perlbin="$var_perl_bin"
281 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl ", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] || {
282 echo "ERROR: invalid $Girocco::Config::perl_bin setting" >&2
283 exit 1
284 }
285 ln -s "$perlbin" "$cfg_basedir/bin/perl"
286
287 echo "*** Preprocessing scripts..."
288 SHBIN="$shbin" && export SHBIN
289 PERLBIN="$perlbin" && export PERLBIN
290 perl -I. -M$GIROCCO_CONF -i -p \
291 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
292 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
293 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
294 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
295 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
296 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
297 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
298 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
299 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
300 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
301 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
302 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
303 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
304 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
305 -e 's/\@var_xargs_r\@/"'"$var_xargs_r"'"/g;' \
306 -e 'close ARGV if eof;' \
307 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
308 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
309 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
310 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
311 "$cfg_basedir"/toolbox/reports/*.sh \
312 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
313 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
314 "$cfg_basedir"/bin/*.cgi "$cfg_basedir"/screen/*
315 perl -i -p \
316 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
317 -e 'close ARGV if eof;' \
318 "$cfg_basedir"/jobd/jobd.pl "$cfg_basedir"/taskd/taskd.pl \
319 "$cfg_basedir"/bin/sendmail.pl "$cfg_basedir"/bin/CACreateCert
320 perl -i -p \
321 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
322 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
323 -e 'close ARGV if eof;' \
324 "$cfg_basedir"/bin/format-readme "$cfg_basedir/cgi"/*.cgi
325 unset PERLBIN
326 unset SHBIN
327
328 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
329 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
330
331 if [ -n "$cfg_mirror" ]; then
332 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
333 fi
334 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
335 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
336 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
337
338
339 echo "*** Setting up repository root..."
340 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
341 if [ "$cfg_owning_group" ]; then
342 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
343 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
344 fi
345 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
346 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
347
348
349 if [ -n "$cfg_chrooted" ]; then
350 echo "*** Setting up chroot jail for pushing..."
351 if [ "$(id -u)" -eq 0 ]; then
352 ./jailsetup.sh
353 else
354 echo "WARNING: Skipping jail setup, not root"
355 fi
356 fi
357
358
359 echo "*** Setting up jail configuration (project database)..."
360 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
361 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
362 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
363 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
364 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
365 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
366 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
367 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
368 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
369 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
370
371 echo "*** Setting up gitweb from git.git..."
372 if [ ! -f git.git/Makefile ]; then
373 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
374 exit 1
375 fi
376 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
377 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
378 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH="$shbin" gitweb && \
379 chown_make gitweb && \
380 PERLBIN="$perlbin" && export PERLBIN && \
381 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
382 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
383 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
384 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
385 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
386 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
387 test $? -eq 0
388
389
390 echo "*** Setting up git-browser from git-browser.git..."
391 if [ ! -f git-browser.git/git-browser.cgi ]; then
392 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
393 exit 1
394 fi
395 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
396 (cd git-browser.git && \
397 CFG="$cfg_basedir/gitweb/git-browser.conf" && export CFG && \
398 PERLBIN="$perlbin" && export PERLBIN && perl -p \
399 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
400 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
401 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
402 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
403 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
404 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
405 cp -r JSON "$cfg_cgiroot")
406 test $? -eq 0
407 rm -f "$cfg_webroot"/git-browser/index.html
408 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
409 gitbin: $cfg_git_bin
410 warehouse: $cfg_reporoot
411 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
412 EOT
413 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
414 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
415 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
416 cfg_gitweb_url="$cfg_gitweburl/"
417 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
418 EOT
419 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
420 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
421
422
423 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
424 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
425 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
426 exit 1
427 fi
428 mkdir -p "$cfg_basedir"/bin
429 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
430
431
432 echo "*** Setting up hg-fast-export from fast-export.git..."
433 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
434 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
435 exit 1
436 fi
437 mkdir -p "$cfg_basedir"/bin
438 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
439
440
441 echo "*** Setting up markdown from markdown.git..."
442 if [ ! -f markdown.git/Markdown.pl ]; then
443 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
444 exit 1
445 fi
446 mkdir -p "$cfg_basedir"/bin
447 (PERLBIN="$perlbin" && export PERLBIN && \
448 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
449 markdown.git/Markdown.pl > "$cfg_basedir"/bin/Markdown.pl.$$ && \
450 chmod a+x "$cfg_basedir"/bin/Markdown.pl.$$ && \
451 mv -f "$cfg_basedir"/bin/Markdown.pl.$$ "$cfg_basedir"/bin/Markdown.pl)
452 test $? -eq 0
453
454
455 echo "*** Setting up our part of the website..."
456 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
457 cp "$cfg_basedir"/bin/snapshot.cgi "$cfg_basedir/cgi"
458 cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir/cgi"
459 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir/cgi"/usercert.cgi "$cfg_cgiroot"/usercert.cgi
460 cp "$cfg_basedir/cgi"/*.cgi "$cfg_cgiroot"
461 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
462 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
463 if [ -z "$cfg_httpspushurl" ]; then
464 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
465 else
466 cp gitweb/indextext.html "$cfg_basedir/gitweb"
467 fi
468 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
469 cp mootools.js "$cfg_webroot"
470 cp htaccess "$cfg_webroot/.htaccess"
471 cp cgi/htaccess "$cfg_cgiroot/.htaccess"
472 cp git-favicon.ico "$cfg_webroot/favicon.ico"
473 cp robots.txt "$cfg_webroot"
474 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
475
476
477 if [ -n "$cfg_httpspushurl" ]; then
478 echo "*** Setting up SSL certificates..."
479 bits=2048
480 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
481 bits="$cfg_rsakeylength"
482 fi
483 mkdir -p "$cfg_certsdir"
484 [ -d "$cfg_certsdir" ]
485 wwwcertcn=
486 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
487 wwwcertcn="$( \
488 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
489 sed -e 's,[^/]*,,' \
490 )"
491 fi
492 wwwcertdns=
493 if [ -n "$cfg_wwwcertaltnames" ]; then
494 for dnsopt in $cfg_wwwcertaltnames; do
495 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
496 done
497 fi
498 wwwcertdnsfile=
499 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
500 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
501 fi
502 needroot=
503 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
504 -e "$cfg_certsdir/girocco_client_key.pem" -a \
505 -e "$cfg_certsdir/girocco_www_key.pem" -a \
506 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
507 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
508 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
509 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
510 umask 0077
511 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
512 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
513 rm -f "$cfg_certsdir/girocco_root_crt.pem"
514 umask 0022
515 echo "Created new root key"
516 fi
517 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
518 "$cfg_basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
519 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
520 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
521 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
522 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
523 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
524 echo "Created new root certificate"
525 fi
526 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
527 umask 0077
528 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
529 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
530 rm -f "$cfg_certsdir/girocco_www_crt.pem"
531 umask 0022
532 echo "Created new www key"
533 fi
534 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
535 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
536 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
537 "$cfg_basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
538 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
539 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
540 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
541 echo "Created www certificate"
542 fi
543 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
544 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
545 echo "Created www certificate chain file"
546 fi
547 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
548 umask 0037
549 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
550 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
551 rm -f "$cfg_certsdir/girocco_client_crt.pem"
552 umask 0022
553 echo "Created new client key"
554 fi
555 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
556 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
557 "$cfg_basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
558 --cert "$cfg_certsdir/girocco_root_crt.pem" \
559 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
560 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
561 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
562 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
563 echo "Created client certificate"
564 fi
565 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
566 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
567 echo "Created client certificate suffix file"
568 fi
569 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
570 if [ -n "$cfg_mob" ]; then
571 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
572 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
573 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
574 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
575 echo "Created new mob user key"
576 fi
577 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
578 openssl rsa -in "$cfg_mobuserkey" -pubout |
579 "$cfg_basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
580 --cert "$cfg_clientcert" \
581 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
582 echo "Created mob user client certificate"
583 fi
584 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
585 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
586 else
587 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
588 fi
589 else
590 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
591 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
592 fi
593
594
595 echo "*** Finalizing permissions..."
596 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
597 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"