search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update-all-config: new utility to update projects' config
[girocco.git] / install.sh
blobbc5628ee5dbd264167ed43112d6a9b3d134cad13
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19 toolbox/check-perl-modules.pl
20
21 # What Config should we use?
22 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
23 echo "*** Initializing using $GIROCCO_CONF..."
24
25 # First run Girocco::Config consistency checks
26 perl -I. -M$GIROCCO_CONF -e ''
27
28 . ./shlib.sh
29
30 owngroup=""
31 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
32 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
33 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
34 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
35 exit 1
36 fi
37
38
39 echo "*** Checking for compiled utilities..."
40 if [ ! -x src/can_user_push ]; then
41 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
42 echo "ERROR: perhaps you forgot to run make?" >&2
43 exit 1
44 fi
45 if [ ! -x src/can_user_push_http ]; then
46 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
47 echo "ERROR: perhaps you forgot to run make?" >&2
48 exit 1
49 fi
50 if [ ! -x src/getent ]; then
51 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
52 echo "ERROR: perhaps you forgot to run make?" >&2
53 exit 1
54 fi
55 if [ ! -x src/get_user_uuid ]; then
56 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
57 echo "ERROR: perhaps you forgot to run make?" >&2
58 exit 1
59 fi
60 if [ ! -x src/peek_packet ]; then
61 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
62 echo "ERROR: perhaps you forgot to run make?" >&2
63 exit 1
64 fi
65 if [ ! -x src/rangecgi ]; then
66 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
67 echo "ERROR: perhaps you forgot to run make?" >&2
68 exit 1
69 fi
70
71
72 echo "*** Checking for ezcert..."
73 if [ ! -f ezcert.git/CACreateCert ]; then
74 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
75 exit 1
76 fi
77
78
79 echo "*** Checking for git..."
80 case "$cfg_git_bin" in /*) :;; *)
81 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
82 exit 1
83 esac
84 if [ ! -x "$cfg_git_bin" ]; then
85 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
86 exit 1
87 fi
88 if ! git_version="$("$cfg_git_bin" version)"; then
89 echo "ERROR: $cfg_git_bin version failed" >&2
90 exit 1
91 fi
92 case "$git_version" in
93 [Gg]"it version "*) :;;
94 *)
95 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
96 exit 1
97 esac
98 echo "Found $cfg_git_bin $git_version"
99 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
100 echo "*** Checking Git $git_vernum for compatibility..."
101 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
102 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
103 exit 1
104 fi
105 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
106 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
107 fi
108 if [ "$(vcmp "$git_vernum" 1.7.2)" -lt 0 ]; then
109 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.2, some Girocco functionality will be disabled'
110 fi
111 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
112 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
113 fi
114 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
115 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
116 fi
117 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
118 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
119 echo 'WARNING: See http://thread.gmane.org/gmane.comp.version-control.git/261638 for details'
120 fi
121 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
122 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
123 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
124 fi
125 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
126 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
127 fi
128 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
129 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
130 fi
131 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
132 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
133 fi
134 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
135 cat <<'EOT'
136
137 ***
138 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
139 ***
140
141 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
142 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
143 or earlier or, more preferred, upgrade to 2.3.2 or later.
144
145 In order to bypass this check you will have to modify install.sh in which case
146 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
147
148 EOT
149 exit 1
150 fi
151 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
152 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
153 fi
154 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
155 cat <<'EOT'
156
157 ***
158 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
159 ***
160
161 You appear to have enabled mirroring and the Git binary you have selected
162 appears to contain an experimental patch that cannot be disabled. This
163 patch can generate invalid network DNS traffic and/or cause long delays
164 when fetching using the "git:" protocol when no port number is specified.
165 It may also end up retrieving repsitory contents from a host other than
166 the one specified in the "git:" URL when the port is omitted.
167
168 You are advised to either build your own version of Git (the problem patch
169 is not part of the official Git repository) or disable mirroring (via the
170 $Girocco::Config:mirror setting) to avoid these potential problems.
171
172 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
173
174 EOT
175 fi
176
177
178 chown_make() {
179 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
180 find "$@" -user root -print0 2>/dev/null | \
181 xargs $(: | xargs echo -r) -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
182 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
183 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
184 fi
185 }
186
187 echo "*** Setting up basedir..."
188 "$MAKE" --no-print-directory --silent apache.conf
189 chown_make apache.conf
190 "$MAKE" --no-print-directory --silent -C src
191 chown_make src
192 rm -fr "$cfg_basedir"
193 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb"
194 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
195 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/peek_packet src/rangecgi \
196 ezcert.git/CACreateCert cgi/authrequired.cgi "$cfg_basedir/bin"
197 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
198 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
199 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
200
201 # Put the correct Config in place
202 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
203
204
205 echo "*** Preprocessing scripts..."
206 perl -I. -M$GIROCCO_CONF -i -p \
207 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
208 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
209 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
210 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
211 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
212 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
213 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
214 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
215 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
216 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
217 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
218 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
219 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
220 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
221 "$cfg_basedir"/toolbox/reports/*.sh \
222 "$cfg_basedir"/bin/git-* \
223 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
224 "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir"/screen/*
225
226 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
227 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
228
229 if [ -n "$cfg_mirror" ]; then
230 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
231 fi
232 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
233 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
234 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
235
236
237 echo "*** Setting up repository root..."
238 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
239 if [ "$cfg_owning_group" ]; then
240 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
241 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
242 fi
243 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
244 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
245
246
247 if [ -n "$cfg_chrooted" ]; then
248 echo "*** Setting up chroot jail for pushing..."
249 if [ "$(id -u)" -eq 0 ]; then
250 ./jailsetup.sh
251 else
252 echo "WARNING: Skipping jail setup, not root"
253 fi
254 fi
255
256
257 echo "*** Setting up jail configuration (project database)..."
258 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
259 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
260 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
261 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
262 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
263 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
264 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the files"
265 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
266 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
267 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
268
269 echo "*** Setting up gitweb from git.git..."
270 if [ ! -f git.git/Makefile ]; then
271 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
272 exit 1
273 fi
274 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
275 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
276 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" gitweb && \
277 chown_make gitweb && \
278 perl -pe 's/^(\s*use\s+warnings\s*;.*)$/#$1/' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
279 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
280 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
281 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
282 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
283
284
285 echo "*** Setting up git-browser from git-browser.git..."
286 if [ ! -f git-browser.git/git-browser.cgi ]; then
287 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
288 exit 1
289 fi
290 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
291 (cd git-browser.git && \
292 CFG="$cfg_basedir/gitweb/git-browser.conf" perl -pe \
293 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
294 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
295 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
296 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
297 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
298 cp -r JSON "$cfg_cgiroot")
299 rm -f "$cfg_webroot"/git-browser/index.html
300 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
301 gitbin: $cfg_git_bin
302 warehouse: $cfg_reporoot
303 EOT
304 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
305 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
306 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
307 cfg_gitweb_url="$cfg_gitweburl/"
308 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
309 EOT
310 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
311 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
312
313
314 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
315 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
316 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
317 exit 1
318 fi
319 mkdir -p "$cfg_basedir"/bin
320 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
321
322
323 echo "*** Setting up hg-fast-export from fast-export.git..."
324 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
325 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
326 exit 1
327 fi
328 mkdir -p "$cfg_basedir"/bin
329 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
330
331
332 echo "*** Setting up our part of the website..."
333 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
334 cp cgi/*.cgi "$cfg_cgiroot"
335 rm -f "$cfg_cgiroot"/authrequired.cgi
336 [ -z "$cfg_httpspushurl" ] || cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_cgiroot"
337 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_cgiroot"/usercert.cgi
338 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
339 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
340 if [ -z "$cfg_httpspushurl" ]; then
341 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
342 else
343 cp gitweb/indextext.html "$cfg_basedir/gitweb"
344 fi
345 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
346 cp mootools.js "$cfg_webroot"
347 cp htaccess "$cfg_webroot/.htaccess"
348 cp git-favicon.ico "$cfg_webroot/favicon.ico"
349 cp robots.txt "$cfg_webroot"
350 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
351
352
353 if [ -n "$cfg_httpspushurl" ]; then
354 echo "*** Setting up SSL certificates..."
355 bits=2048
356 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
357 bits="$cfg_rsakeylength"
358 fi
359 mkdir -p "$cfg_certsdir"
360 [ -d "$cfg_certsdir" ]
361 wwwcertcn=
362 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
363 wwwcertcn="$( \
364 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
365 sed -e 's,[^/]*,,' \
366 )"
367 fi
368 wwwcertdns=
369 if [ -n "$cfg_wwwcertaltnames" ]; then
370 for dnsopt in $cfg_wwwcertaltnames; do
371 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
372 done
373 fi
374 wwwcertdnsfile=
375 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
376 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
377 fi
378 needroot=
379 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
380 -e "$cfg_certsdir/girocco_client_key.pem" -a \
381 -e "$cfg_certsdir/girocco_www_key.pem" -a \
382 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
383 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
384 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
385 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
386 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
387 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
388 rm -f "$cfg_certsdir/girocco_root_crt.pem"
389 echo "Created new root key"
390 fi
391 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
392 ezcert.git/CACreateCert --root --key "$cfg_certsdir/girocco_root_key.pem" \
393 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
394 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
395 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
396 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
397 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
398 echo "Created new root certificate"
399 fi
400 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
401 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
402 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
403 rm -f "$cfg_certsdir/girocco_www_crt.pem"
404 echo "Created new www key"
405 fi
406 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
407 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
408 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
409 ezcert.git/CACreateCert --server --key "$cfg_certsdir/girocco_root_key.pem" \
410 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
411 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
412 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
413 echo "Created www certificate"
414 fi
415 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
416 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
417 echo "Created www certificate chain file"
418 fi
419 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
420 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
421 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
422 rm -f "$cfg_certsdir/girocco_client_crt.pem"
423 echo "Created new client key"
424 fi
425 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
426 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
427 ezcert.git/CACreateCert --subca --key "$cfg_certsdir/girocco_root_key.pem" \
428 --cert "$cfg_certsdir/girocco_root_crt.pem" \
429 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
430 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
431 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
432 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
433 echo "Created client certificate"
434 fi
435 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
436 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
437 echo "Created client certificate suffix file"
438 fi
439 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
440 if [ -n "$cfg_mob" ]; then
441 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
442 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
443 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
444 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
445 echo "Created new mob user key"
446 fi
447 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
448 openssl rsa -in "$cfg_mobuserkey" -pubout |
449 ezcert.git/CACreateCert --client --key "$cfg_clientkey" \
450 --cert "$cfg_clientcert" \
451 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
452 echo "Created mob user client certificate"
453 fi
454 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
455 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
456 else
457 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
458 fi
459 else
460 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
461 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
462 fi
463
464
465 echo "*** Finalizing permissions..."
466 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
467 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"