search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ssh: enable fetches using "git" user
[girocco.git] / install.sh
blob9a63239ec4fa773557b48047ec31129911ccf422
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
23
24 # First run Girocco::Config consistency checks
25 perl -I. -M$GIROCCO_CONF -e ''
26
27 . ./shlib.sh
28 umask 0022
29 "$var_perl_bin" toolbox/check-perl-modules.pl
30
31 owngroup=""
32 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
33 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
34 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
35 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
36 exit 1
37 fi
38
39
40 # Check for extra required tools
41 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint >/dev/null; then
42 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
43 exit 1
44 fi
45
46
47 echo "*** Checking for compiled utilities..."
48 if [ ! -x src/can_user_push ]; then
49 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
50 echo "ERROR: perhaps you forgot to run make?" >&2
51 exit 1
52 fi
53 if [ ! -x src/can_user_push_http ]; then
54 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
55 echo "ERROR: perhaps you forgot to run make?" >&2
56 exit 1
57 fi
58 if [ ! -x src/getent ]; then
59 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
60 echo "ERROR: perhaps you forgot to run make?" >&2
61 exit 1
62 fi
63 if [ ! -x src/get_user_uuid ]; then
64 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
65 echo "ERROR: perhaps you forgot to run make?" >&2
66 exit 1
67 fi
68 if [ ! -x src/list_packs ]; then
69 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
70 echo "ERROR: perhaps you forgot to run make?" >&2
71 exit 1
72 fi
73 if [ ! -x src/peek_packet ]; then
74 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
75 echo "ERROR: perhaps you forgot to run make?" >&2
76 exit 1
77 fi
78 if [ ! -x src/rangecgi ]; then
79 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
80 echo "ERROR: perhaps you forgot to run make?" >&2
81 exit 1
82 fi
83 if [ ! -x src/strftime ]; then
84 echo "ERROR: src/strftime is not built! Did you _REALLY_ read INSTALL?" >&2
85 echo "ERROR: perhaps you forgot to run make?" >&2
86 exit 1
87 fi
88 if [ ! -x src/throttle ]; then
89 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
90 echo "ERROR: perhaps you forgot to run make?" >&2
91 exit 1
92 fi
93
94
95 echo "*** Checking for ezcert..."
96 if ! [ -f ezcert.git/CACreateCert -a -x ezcert.git/CACreateCert ]; then
97 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
98 exit 1
99 fi
100
101
102 echo "*** Checking for git..."
103 case "$cfg_git_bin" in /*) :;; *)
104 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
105 exit 1
106 esac
107 if [ ! -x "$cfg_git_bin" ]; then
108 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
109 exit 1
110 fi
111 if ! git_version="$("$cfg_git_bin" version)"; then
112 echo "ERROR: $cfg_git_bin version failed" >&2
113 exit 1
114 fi
115 case "$git_version" in
116 [Gg]"it version "*) :;;
117 *)
118 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
119 exit 1
120 esac
121 echo "Found $cfg_git_bin $git_version"
122 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
123 echo "*** Checking Git $git_vernum for compatibility..."
124 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
125 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
126 exit 1
127 fi
128 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
129 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
130 fi
131 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
132 cat <<'EOT'
133
134 ***
135 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
136 ***
137
138 Some Girocco functionality will be gracefully disabled and other things will
139 just not work at all such as race condition protection against simultaneous
140 client pushes and server garbage collections.
141
142 EOT
143 fi
144 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
145 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
146 fi
147 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
148 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
149 fi
150 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
151 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
152 echo 'WARNING: See http://mid.mail-archive.com/20141222041944.GA441@peff.net for details'
153 fi
154 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
155 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
156 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
157 fi
158 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
159 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
160 fi
161 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
162 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
163 fi
164 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
165 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
166 fi
167 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
168 cat <<'EOT'
169
170 ***
171 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
172 ***
173
174 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
175 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
176 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
177
178 In order to bypass this check you will have to modify install.sh in which case
179 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
180
181 EOT
182 exit 1
183 fi
184 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
185 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
186 fi
187 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
188 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
189 fi
190 secmsg=
191 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
192 secmsg='prior to 2.4.11'
193 fi
194 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
195 secmsg='2.5.x prior to 2.5.5'
196 fi
197 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
198 secmsg='2.6.x prior to 2.6.6'
199 fi
200 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
201 secmsg='2.7.x prior to 2.7.4'
202 fi
203 if [ -n "$secmsg" ]; then
204 cat <<EOT
205
206 ***
207 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
208 ***
209
210 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
211 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
212
213 Besides the security fixes included in later versions, versions prior to
214 2.2.0 may accidentally prune unreachable loose objects earlier than
215 intended. Since Git version 2.4.11 is the minimum version to include all
216 security fixes to date, it should be considered the absolute minimum
217 version of Git to use when running Girocco.
218
219 This is not enforced, but Git is easy to build from the git.git submodule
220 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
221
222 We will now pause for a moment so you can reflect on this warning.
223
224 EOT
225 sleep 60
226 fi
227 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
228 cat <<'EOT'
229
230 ***
231 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
232 ***
233
234 You appear to have enabled mirroring and the Git binary you have selected
235 appears to contain an experimental patch that cannot be disabled. This
236 patch can generate invalid network DNS traffic and/or cause long delays
237 when fetching using the "git:" protocol when no port number is specified.
238 It may also end up retrieving repsitory contents from a host other than
239 the one specified in the "git:" URL when the port is omitted.
240
241 You are advised to either build your own version of Git (the problem patch
242 is not part of the official Git repository) or disable mirroring (via the
243 $Girocco::Config:mirror setting) to avoid these potential problems.
244
245 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
246
247 EOT
248 sleep 5
249 fi
250
251 test_nc_U() {
252 [ -n "$1" ] || return 1
253 _cmdnc="$(command -v "$1" 2>/dev/null || :)"
254 [ -n "$_cmdnc" ] && [ -x "$_cmdnc" ] || return 1
255 _tmpdir="$(mktemp -d /tmp/nc-u-XXXXXX)"
256 [ -n "$_tmpdir" ] && [ -d "$_tmpdir" ] || return 1
257 >"$_tmpdir/output"
258 (sleep 3 | "$_cmdnc" -l -U "$_tmpdir/socket" 2>/dev/null >"$_tmpdir/output" || >"$_tmpdir/failed")&
259 _bgpid="$!"
260 sleep 1
261 echo "testing" | "$_cmdnc" -w 1 -U "$_tmpdir/socket" >/dev/null 2>&1 || >"$_tmpdir/failed"
262 sleep 1
263 kill "$_bgpid" >/dev/null 2>&1 || :
264 read -r _result <"$_tmpdir/output" || :
265 _bad=
266 ! [ -e "$_tmpdir/failed" ] || _bad=1
267 rm -rf "$_tmpdir"
268 [ -z "$_bad" ] && [ "$_result" = "testing" ]
269 } >/dev/null 2>&1
270
271 echo "*** Verifying \$Girocco::Config::nc_openbsd_bin supports -U option..."
272 test_nc_U "$var_nc_openbsd_bin" || {
273 echo "ERROR: invalid Girocco::Config::nc_openbsd_bin setting" >&2
274 echo "ERROR: \"$var_nc_openbsd_bin\" does not grok the -U option" >&2
275 if [ "$(uname -s 2>/dev/null)" = "DragonFly" ]; then
276 echo "ERROR: see the src/dragonfly/README file for a solution" >&2
277 fi
278 exit 1
279 }
280
281 chown_make() {
282 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
283 find "$@" -user root -print0 2>/dev/null | \
284 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
285 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
286 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
287 fi
288 }
289
290 echo "*** Setting up basedir..."
291 "$MAKE" --no-print-directory --silent apache.conf
292 chown_make apache.conf
293 "$MAKE" --no-print-directory --silent -C src
294 chown_make src
295 rm -fr "$cfg_basedir"
296 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb" "$cfg_basedir/cgi"
297 cp cgi/*.cgi "$cfg_basedir/cgi"
298 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
299 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/list_packs src/peek_packet \
300 src/rangecgi src/strftime src/throttle ezcert.git/CACreateCert cgi/authrequired.cgi \
301 cgi/snapshot.cgi "$cfg_basedir/bin"
302 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
303 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
304 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
305
306 # Put the correct Config in place
307 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
308
309 ln -s "$cfg_git_bin" "$cfg_basedir/bin/git"
310 shbin="$var_sh_bin"
311 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] || {
312 echo "ERROR: invalid $Girocco::Config::posix_sh_bin setting" >&2
313 exit 1
314 }
315 ln -s "$shbin" "$cfg_basedir/bin/sh"
316 perlbin="$var_perl_bin"
317 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl ", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] || {
318 echo "ERROR: invalid $Girocco::Config::perl_bin setting" >&2
319 exit 1
320 }
321 ln -s "$perlbin" "$cfg_basedir/bin/perl"
322 gzipbin="$var_gzip_bin"
323 [ -n "$gzipbin" ] && [ -x "$gzipbin" ] && "$gzipbin" -V 2>&1 | grep -q gzip && \
324 [ "$(echo Girocco | "$gzipbin" -c -n -9 | "$gzipbin" -c -d)" = "Girocco" ] || {
325 echo "ERROR: invalid $Girocco::Config::gzip_bin setting" >&2
326 exit 1
327 }
328 ln -s "$gzipbin" "$cfg_basedir/bin/gzip"
329
330 echo "*** Preprocessing scripts..."
331 SHBIN="$shbin" && export SHBIN
332 PERLBIN="$perlbin" && export PERLBIN
333 perl -I. -M$GIROCCO_CONF -i -p \
334 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
335 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
336 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
337 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
338 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
339 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
340 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
341 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
342 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
343 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
344 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
345 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
346 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
347 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
348 -e 's/\@git_no_mmap\@/"$Girocco::Config::git_no_mmap"/g;' \
349 -e 's/\@var_xargs_r\@/"'"$var_xargs_r"'"/g;' \
350 -e 's/\@big_file_threshold\@/"'"$var_big_file_threshold"'"/g;' \
351 -e 's/\@upload_pack_window\@/"'"$var_upload_window"'"/g;' \
352 -e 'close ARGV if eof;' \
353 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
354 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
355 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
356 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
357 "$cfg_basedir"/toolbox/reports/*.sh \
358 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
359 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
360 "$cfg_basedir"/bin/*.cgi "$cfg_basedir"/screen/*
361 perl -i -p \
362 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
363 -e 'close ARGV if eof;' \
364 "$cfg_basedir"/jobd/jobd.pl "$cfg_basedir"/taskd/taskd.pl \
365 "$cfg_basedir"/bin/sendmail.pl "$cfg_basedir"/bin/CACreateCert
366 perl -i -p \
367 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
368 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
369 -e 'close ARGV if eof;' \
370 "$cfg_basedir"/bin/format-readme "$cfg_basedir/cgi"/*.cgi
371 unset PERLBIN
372 unset SHBIN
373
374 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
375 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
376
377 if [ -n "$cfg_mirror" ]; then
378 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
379 fi
380 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
381 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
382 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
383
384
385 echo "*** Setting up repository root..."
386 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
387 if [ "$cfg_owning_group" ]; then
388 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
389 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
390 fi
391 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
392 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
393
394
395 if [ -n "$cfg_chrooted" ]; then
396 echo "*** Setting up chroot jail for pushing..."
397 if [ "$(id -u)" -eq 0 ]; then
398 ./jailsetup.sh
399 else
400 echo "WARNING: Skipping jail setup, not root"
401 fi
402 fi
403
404
405 echo "*** Setting up jail configuration (project database)..."
406 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
407 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
408 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
409 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
410 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
411 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
412 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
413 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
414 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
415 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
416
417 echo "*** Setting up gitweb from git.git..."
418 if [ ! -f git.git/Makefile ]; then
419 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
420 exit 1
421 fi
422 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
423 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
424 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH="$shbin" gitweb && \
425 chown_make gitweb && \
426 PERLBIN="$perlbin" && export PERLBIN && \
427 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
428 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
429 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
430 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
431 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
432 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
433 test $? -eq 0
434
435
436 echo "*** Setting up git-browser from git-browser.git..."
437 if [ ! -f git-browser.git/git-browser.cgi ]; then
438 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
439 exit 1
440 fi
441 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
442 (cd git-browser.git && \
443 CFG="$cfg_basedir/gitweb/git-browser.conf" && export CFG && \
444 PERLBIN="$perlbin" && export PERLBIN && perl -p \
445 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
446 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
447 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
448 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
449 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
450 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
451 cp -r JSON "$cfg_cgiroot")
452 test $? -eq 0
453 rm -f "$cfg_webroot"/git-browser/index.html
454 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
455 gitbin: $cfg_git_bin
456 warehouse: $cfg_reporoot
457 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
458 EOT
459 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
460 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
461 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
462 cfg_gitweb_url="$cfg_gitweburl/"
463 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
464 EOT
465 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
466 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
467
468
469 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
470 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
471 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
472 exit 1
473 fi
474 mkdir -p "$cfg_basedir"/bin
475 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
476
477
478 echo "*** Setting up hg-fast-export from fast-export.git..."
479 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
480 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
481 exit 1
482 fi
483 mkdir -p "$cfg_basedir"/bin
484 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
485
486
487 echo "*** Setting up markdown from markdown.git..."
488 if [ ! -f markdown.git/Markdown.pl ]; then
489 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
490 exit 1
491 fi
492 mkdir -p "$cfg_basedir"/bin
493 (PERLBIN="$perlbin" && export PERLBIN && \
494 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
495 markdown.git/Markdown.pl > "$cfg_basedir"/bin/Markdown.pl.$$ && \
496 chmod a+x "$cfg_basedir"/bin/Markdown.pl.$$ && \
497 mv -f "$cfg_basedir"/bin/Markdown.pl.$$ "$cfg_basedir"/bin/Markdown.pl)
498 test $? -eq 0
499
500
501 echo "*** Setting up our part of the website..."
502 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
503 cp "$cfg_basedir"/bin/snapshot.cgi "$cfg_basedir/cgi"
504 cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir/cgi"
505 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir/cgi"/usercert.cgi "$cfg_cgiroot"/usercert.cgi
506 cp "$cfg_basedir/cgi"/*.cgi "$cfg_cgiroot"
507 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
508 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
509 if [ -z "$cfg_httpspushurl" ]; then
510 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
511 else
512 cp gitweb/indextext.html "$cfg_basedir/gitweb"
513 fi
514 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
515 cp mootools.js "$cfg_webroot"
516 cp htaccess "$cfg_webroot/.htaccess"
517 cp cgi/htaccess "$cfg_cgiroot/.htaccess"
518 cp git-favicon.ico "$cfg_webroot/favicon.ico"
519 cp robots.txt "$cfg_webroot"
520 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
521
522
523 if [ -n "$cfg_httpspushurl" ]; then
524 echo "*** Setting up SSL certificates..."
525 bits=2048
526 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
527 bits="$cfg_rsakeylength"
528 fi
529 mkdir -p "$cfg_certsdir"
530 [ -d "$cfg_certsdir" ]
531 wwwcertcn=
532 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
533 wwwcertcn="$( \
534 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
535 sed -e 's,[^/]*,,' \
536 )"
537 fi
538 wwwcertdns=
539 if [ -n "$cfg_wwwcertaltnames" ]; then
540 for dnsopt in $cfg_wwwcertaltnames; do
541 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
542 done
543 fi
544 wwwcertdnsfile=
545 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
546 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
547 fi
548 needroot=
549 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
550 -e "$cfg_certsdir/girocco_client_key.pem" -a \
551 -e "$cfg_certsdir/girocco_www_key.pem" -a \
552 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
553 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
554 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
555 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
556 umask 0077
557 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
558 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
559 rm -f "$cfg_certsdir/girocco_root_crt.pem"
560 umask 0022
561 echo "Created new root key"
562 fi
563 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
564 "$cfg_basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
565 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
566 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
567 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
568 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
569 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
570 echo "Created new root certificate"
571 fi
572 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
573 umask 0077
574 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
575 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
576 rm -f "$cfg_certsdir/girocco_www_crt.pem"
577 umask 0022
578 echo "Created new www key"
579 fi
580 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
581 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
582 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
583 "$cfg_basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
584 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
585 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
586 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
587 echo "Created www certificate"
588 fi
589 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
590 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
591 echo "Created www certificate chain file"
592 fi
593 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
594 umask 0037
595 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
596 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
597 rm -f "$cfg_certsdir/girocco_client_crt.pem"
598 umask 0022
599 echo "Created new client key"
600 fi
601 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
602 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
603 "$cfg_basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
604 --cert "$cfg_certsdir/girocco_root_crt.pem" \
605 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
606 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
607 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
608 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
609 echo "Created client certificate"
610 fi
611 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
612 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
613 echo "Created client certificate suffix file"
614 fi
615 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
616 if [ -n "$cfg_mob" ]; then
617 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
618 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
619 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
620 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
621 echo "Created new mob user key"
622 fi
623 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
624 openssl rsa -in "$cfg_mobuserkey" -pubout |
625 "$cfg_basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
626 --cert "$cfg_clientcert" \
627 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
628 echo "Created mob user client certificate"
629 fi
630 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
631 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
632 else
633 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
634 fi
635 else
636 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
637 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
638 fi
639
640
641 echo "*** Finalizing permissions..."
642 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
643 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"