install.sh

   1 #!/bin/sh
   2 # The Girocco installation script
   3 # We will OVERWRITE basedir!
   4
   5 set -e
   6
   7 # What Config should we use?
   8 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
   9 echo "*** Initializing using $GIROCCO_CONF..."
  10
  11 # First run Girocco::Config consistency checks
  12 perl -I. -M$GIROCCO_CONF -e ''
  13
  14 . ./shlib.sh
  15
  16 owngroup=""
  17 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
  18 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
  19         echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
  20         echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
  21         exit 1
  22 fi
  23
  24
  25 echo "*** Checking for compiled utilities..."
  26 if [ ! -f src/can_user_push ]; then
  27         echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
  28         echo "ERROR: perhaps you forgot to run make?" >&2
  29         exit 1
  30 fi
  31
  32
  33 echo "*** Checking for ezcert..."
  34 if [ ! -f ezcert.git/CACreateCert ]; then
  35         echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
  36         exit 1
  37 fi
  38
  39
  40 echo "*** Checking for git..."
  41 if [ ! -x "$cfg_git_bin" ]; then
  42         echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
  43         exit 1
  44 fi
  45 if ! git_version="$("$cfg_git_bin" --version)"; then
  46         echo "ERROR: $cfg_git_bin --version failed" >&2
  47         exit 1
  48 fi
  49 case "$git_version" in
  50         "git version "*) :;;
  51         *)
  52                 echo "ERROR: '$cfg_git_bin --version' output does not start with 'git version '" >&2
  53                 exit 1
  54 esac
  55
  56
  57 echo "*** Setting up basedir..."
  58 rm -fr "$cfg_basedir"
  59 mkdir -p "$cfg_basedir"
  60 cp -pR Girocco jobd taskd gitweb html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
  61 cp -p src/can_user_push ezcert.git/CACreateCert "$cfg_basedir/bin"
  62 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
  63 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
  64
  65 # Put the correct Config in place
  66 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
  67
  68
  69 echo "*** Preprocessing scripts..."
  70 perl -I. -M$GIROCCO_CONF -i -p \
  71         -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
  72         -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
  73         -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
  74         -e 's/\@mob\@/"$Girocco::Config::mob"/g;' "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
  75         "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
  76         "$cfg_basedir"/toolbox/* "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/create-* "$cfg_basedir"/screen/*
  77
  78
  79 if [ -n "$cfg_mirror" ]; then
  80         echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
  81 fi
  82 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
  83 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
  84 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
  85
  86
  87 echo "*** Setting up repository root..."
  88 mkdir -p "$cfg_reporoot" "$cfg_reporoot-recyclebin"
  89 if [ "$cfg_owning_group" ]; then
  90         chown :"$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
  91         chown :"$cfg_owning_group" "$cfg_reporoot-recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot-recyclebin"
  92 fi
  93 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
  94 chmod 02775 "$cfg_reporoot-recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot-recyclebin properly"
  95
  96
  97 if [ -n "$cfg_chrooted" ]; then
  98         echo "*** Setting up chroot jail for pushing..."
  99         if [ "$(id -u)" -eq 0 ]; then
 100                 ./jailsetup.sh
 101         else
 102                 echo "WARNING: Skipping jail setup, not root"
 103         fi
 104 fi
 105
 106
 107 echo "*** Setting up jail configuration (project database)..."
 108 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
 109 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
 110 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
 111 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
 112         echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
 113 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
 114         echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the files"
 115 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
 116         echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
 117 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
 118
 119
 120 echo "*** Setting up gitweb from git.git..."
 121 if [ ! -f git.git/Makefile ]; then
 122         echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
 123         exit 1
 124 fi
 125 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
 126 (cd git.git && make --quiet gitweb/gitweb.cgi && cp gitweb/gitweb.cgi "$cfg_cgiroot" \
 127         && cp gitweb/*.png gitweb/*.css gitweb/*.js "$cfg_webroot")
 128
 129
 130 echo "*** Setting up git-browser from git-browser.git..."
 131 if [ ! -f git-browser.git/git-browser.cgi ]; then
 132         echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
 133         exit 1
 134 fi
 135 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
 136 (cd git-browser.git && cp git-browser.cgi "$cfg_cgiroot" \
 137         && cp -r *.html *.js *.css js.lib/ JSON/ "$cfg_webroot"/git-browser)
 138 ln -sf "$cfg_webroot/git-browser/JSON" "$cfg_cgiroot"
 139 cat >"$cfg_cgiroot"/git-browser.conf <<EOT
 140 gitbin: $cfg_git_bin
 141 warehouse: $cfg_reporoot
 142 EOT
 143 cat >"$cfg_webroot"/git-browser/GitConfig.js <<EOT
 144 cfg_gitweb_url="$cfg_gitweburl/"
 145 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
 146 EOT
 147
 148
 149 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
 150 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
 151         echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
 152         exit 1
 153 fi
 154 mkdir -p "$cfg_basedir"/bin
 155 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
 156
 157
 158 echo "*** Setting up our part of the website..."
 159 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
 160 cp cgi/*.cgi gitweb/gitweb_config.perl "$cfg_cgiroot"
 161 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_cgiroot/usercert.cgi"
 162 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
 163 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
 164 if [ -z "$cfg_httpspushurl" ]; then
 165         grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_webroot/indextext.html"
 166 else
 167         cp gitweb/indextext.html "$cfg_webroot"
 168 fi
 169 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
 170 cp mootools.js "$cfg_webroot"
 171 cp htaccess "$cfg_webroot/.htaccess"
 172 cp git-favicon.ico "$cfg_webroot/favicon.ico"
 173 cp robots.txt "$cfg_webroot"
 174 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
 175
 176
 177 if [ -n "$cfg_httpspushurl" ]; then
 178         echo "*** Setting up SSL certificates..."
 179         mkdir -p "$cfg_certsdir"
 180         [ -d "$cfg_certsdir" ]
 181         wwwcertcn=
 182         if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
 183                 wwwcertcn="$( \
 184                         openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
 185                         sed -e 's,[^/]*,,' \
 186                 )"
 187         fi
 188         needroot=
 189         [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
 190         -e "$cfg_certsdir/girocco_client_key.pem" -a \
 191         -e "$cfg_certsdir/girocco_www_key.pem" -a \
 192         -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
 193         -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
 194         if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
 195                 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
 196                 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" 2048
 197                 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
 198                 rm -f "$cfg_certsdir/girocco_root_crt.pem"
 199                 echo "Created new root key"
 200         fi
 201         if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
 202                 ezcert.git/CACreateCert --root --key "$cfg_certsdir/girocco_root_key.pem" \
 203                         --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
 204                 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
 205                 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
 206                 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
 207                 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
 208                 echo "Created new root certificate"
 209         fi
 210         if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
 211                 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" 2048
 212                 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
 213                 rm -f "$cfg_certsdir/girocco_www_crt.pem"
 214                 echo "Created new www key"
 215         fi
 216         if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" -o "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ]; then
 217                 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
 218                 ezcert.git/CACreateCert --server --key "$cfg_certsdir/girocco_root_key.pem" \
 219                         --cert "$cfg_certsdir/girocco_root_crt.pem" \
 220                         --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
 221                 echo "Created www certificate"
 222         fi
 223         if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
 224                 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
 225                 echo "Created www certificate chain file"
 226         fi
 227         if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
 228                 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" 2048
 229                 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
 230                 rm -f "$cfg_certsdir/girocco_client_crt.pem"
 231                 echo "Created new client key"
 232         fi
 233         if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
 234                 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
 235                 ezcert.git/CACreateCert --subca --key "$cfg_certsdir/girocco_root_key.pem" \
 236                         --cert "$cfg_certsdir/girocco_root_crt.pem" \
 237                         --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
 238                 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
 239                 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
 240                 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
 241                 echo "Created client certificate"
 242         fi
 243         if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
 244                 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
 245                 echo "Created client certificate suffix file"
 246         fi
 247         cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
 248         if [ -n "$cfg_mob" ]; then
 249                 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
 250                         openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" 2048
 251                         chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
 252                         rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
 253                         echo "Created new mob user key"
 254                 fi
 255                 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
 256                         openssl rsa -in "$cfg_mobuserkey" -pubout |
 257                         ezcert.git/CACreateCert --client --key "$cfg_clientkey" \
 258                                 --cert "$cfg_clientcert" \
 259                                 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
 260                         echo "Created mob user client certificate"
 261                 fi
 262                 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
 263                 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
 264         else
 265                 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
 266         fi
 267 else
 268         rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
 269         rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
 270 fi
 271
 272
 273 echo "*** Finalizing permissions..."
 274 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
 275 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"