2 # The Girocco installation script
3 # We will OVERWRITE basedir!
7 # What Config should we use?
8 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF
=Girocco
::Config
9 echo "*** Initializing using $GIROCCO_CONF..."
11 # First run Girocco::Config consistency checks
12 perl
-I.
-M$GIROCCO_CONF -e ''
17 [ -z "$cfg_owning_group" ] || owngroup
=":$cfg_owning_group"
18 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
19 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
20 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
25 echo "*** Checking for compiled utilities..."
26 if [ ! -f src
/can_user_push
]; then
27 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
28 echo "ERROR: perhaps you forgot to run make?" >&2
33 echo "*** Checking for ezcert..."
34 if [ ! -f ezcert.git
/CACreateCert
]; then
35 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
40 echo "*** Checking for git..."
41 if [ ! -x "$cfg_git_bin" ]; then
42 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
45 if ! git_version
="$("$cfg_git_bin" --version)"; then
46 echo "ERROR: $cfg_git_bin --version failed" >&2
49 case "$git_version" in
52 echo "ERROR: '$cfg_git_bin --version' output does not start with 'git version '" >&2
57 echo "*** Setting up basedir..."
59 mkdir
-p "$cfg_basedir"
60 cp -pR Girocco jobd taskd gitweb html
jobs toolbox hooks apache.conf shlib.sh bin screen
"$cfg_basedir"
61 cp -p src
/can_user_push ezcert.git
/CACreateCert
"$cfg_basedir/bin"
62 [ -n "$cfg_httpspushurl" ] ||
rm -f "$cfg_basedir"/html
/rootcert.html
"$cfg_basedir"/html
/httpspush.html
63 [ -n "$cfg_mob" ] ||
rm -f "$cfg_basedir"/html
/mob.html
65 # Put the correct Config in place
66 [ "$GIROCCO_CONF" = "Girocco::Config" ] ||
cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
69 echo "*** Preprocessing scripts..."
70 perl
-I.
-M$GIROCCO_CONF -i -p \
71 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
72 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
73 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
74 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' "$cfg_basedir"/jobs
/*.sh
"$cfg_basedir"/jobd
/*.sh \
75 "$cfg_basedir"/taskd
/*.sh
"$cfg_basedir"/gitweb
/*.sh
"$cfg_basedir"/shlib.sh
"$cfg_basedir"/hooks
/* \
76 "$cfg_basedir"/toolbox
/* "$cfg_basedir"/bin
/git-
* "$cfg_basedir"/bin
/create-
* "$cfg_basedir"/screen
/*
79 if [ -n "$cfg_mirror" ]; then
80 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
82 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
83 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
84 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
87 echo "*** Setting up repository root..."
88 mkdir
-p "$cfg_reporoot" "$cfg_reporoot-recyclebin"
89 if [ "$cfg_owning_group" ]; then
90 chown
:"$cfg_owning_group" "$cfg_reporoot" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
91 chown
:"$cfg_owning_group" "$cfg_reporoot-recyclebin" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot-recyclebin"
93 chmod 02775 "$cfg_reporoot" ||
echo "WARNING: Cannot chmod $cfg_reporoot properly"
94 chmod 02775 "$cfg_reporoot-recyclebin" ||
echo "WARNING: Cannot chmod $cfg_reporoot-recyclebin properly"
97 if [ -n "$cfg_chrooted" ]; then
98 echo "*** Setting up chroot jail for pushing..."
99 if [ "$(id -u)" -eq 0 ]; then
102 echo "WARNING: Skipping jail setup, not root"
107 echo "*** Setting up jail configuration (project database)..."
108 [ "$(id -u)" -eq 0 ] || .
/jailsetup.sh dbonly
109 mkdir
-p "$cfg_chroot" "$cfg_chroot/etc"
110 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
111 chown
"$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
112 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
113 chown
"$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
114 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the files"
115 chmod g
+w
"$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
116 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
117 chmod 02775 "$cfg_chroot/etc" ||
echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
120 echo "*** Setting up gitweb from git.git..."
121 if [ ! -f git.git
/Makefile
]; then
122 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
125 mkdir
-p "$cfg_webroot" "$cfg_cgiroot"
126 (cd git.git
&& make --quiet gitweb
/gitweb.cgi
&& cp gitweb
/gitweb.cgi
"$cfg_cgiroot" \
127 && cp gitweb
/*.png gitweb
/*.css gitweb
/*.js
"$cfg_webroot")
130 echo "*** Setting up git-browser from git-browser.git..."
131 if [ ! -f git-browser.git
/git-browser.cgi
]; then
132 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
135 mkdir
-p "$cfg_webroot"/git-browser
"$cfg_cgiroot"
136 (cd git-browser.git
&& cp git-browser.cgi
"$cfg_cgiroot" \
137 && cp -r *.html
*.js
*.css js.lib
/ JSON
/ "$cfg_webroot"/git-browser
)
138 ln -sf "$cfg_webroot/git-browser/JSON" "$cfg_cgiroot"
139 cat >"$cfg_cgiroot"/git-browser.conf
<<EOT
141 warehouse: $cfg_reporoot
143 cat >"$cfg_webroot"/git-browser
/GitConfig.js
<<EOT
144 cfg_gitweb_url="$cfg_gitweburl/"
145 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
149 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
150 if [ ! -d bzr-fastimport.git
/exporters
/darcs
/ ]; then
151 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
154 mkdir
-p "$cfg_basedir"/bin
155 cp bzr-fastimport.git
/exporters
/darcs
/darcs-fast-export
"$cfg_basedir"/bin
158 echo "*** Setting up our part of the website..."
159 mkdir
-p "$cfg_webroot" "$cfg_cgiroot"
160 cp cgi
/*.cgi gitweb
/gitweb_config.perl
"$cfg_cgiroot"
161 [ -n "$cfg_httpspushurl" ] ||
rm -f "$cfg_cgiroot/usercert.cgi"
162 ln -fs "$cfg_basedir"/Girocco
"$cfg_cgiroot"
163 [ -z "$cfg_webreporoot" ] ||
{ rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
164 if [ -z "$cfg_httpspushurl" ]; then
165 grep -v 'rootcert[.]html' gitweb
/indextext.html
> "$cfg_webroot/indextext.html"
167 cp gitweb
/indextext.html
"$cfg_webroot"
169 mv "$cfg_basedir"/html
/*.css
"$cfg_basedir"/html
/*.js
"$cfg_webroot"
170 cp mootools.js
"$cfg_webroot"
171 cp htaccess
"$cfg_webroot/.htaccess"
172 cp git-favicon.ico
"$cfg_webroot/favicon.ico"
173 cp robots.txt
"$cfg_webroot"
174 cat gitweb
/gitweb.css
>>"$cfg_webroot"/gitweb.css
177 if [ -n "$cfg_httpspushurl" ]; then
178 echo "*** Setting up SSL certificates..."
179 mkdir
-p "$cfg_certsdir"
180 [ -d "$cfg_certsdir" ]
182 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
184 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem
" -noout -subject | \
189 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
190 -e "$cfg_certsdir/girocco_client_key.pem" -a \
191 -e "$cfg_certsdir/girocco_www_key.pem" -a \
192 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
193 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot
=1
194 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
195 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
196 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_root_key.pem" 2048
197 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
198 rm -f "$cfg_certsdir/girocco_root_crt.pem"
199 echo "Created new root key"
201 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
202 ezcert.git
/CACreateCert
--root --key "$cfg_certsdir/girocco_root_key.pem" \
203 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
204 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
205 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
206 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
207 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
208 echo "Created new root certificate"
210 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
211 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_www_key.pem" 2048
212 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
213 rm -f "$cfg_certsdir/girocco_www_crt.pem"
214 echo "Created new www key"
216 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" -o "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ]; then
217 openssl rsa
-in "$cfg_certsdir/girocco_www_key.pem" -pubout |
218 ezcert.git
/CACreateCert
--server --key "$cfg_certsdir/girocco_root_key.pem" \
219 --cert "$cfg_certsdir/girocco_root_crt.pem" \
220 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
221 echo "Created www certificate"
223 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
224 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
225 echo "Created www certificate chain file"
227 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
228 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_client_key.pem" 2048
229 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
230 rm -f "$cfg_certsdir/girocco_client_crt.pem"
231 echo "Created new client key"
233 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
234 openssl rsa
-in "$cfg_certsdir/girocco_client_key.pem" -pubout |
235 ezcert.git
/CACreateCert
--subca --key "$cfg_certsdir/girocco_root_key.pem" \
236 --cert "$cfg_certsdir/girocco_root_crt.pem" \
237 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
238 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
239 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
240 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
241 echo "Created client certificate"
243 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
244 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
245 echo "Created client certificate suffix file"
247 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
248 if [ -n "$cfg_mob" ]; then
249 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
250 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" 2048
251 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
252 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
253 echo "Created new mob user key"
255 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
256 openssl rsa
-in "$cfg_mobuserkey" -pubout |
257 ezcert.git
/CACreateCert
--client --key "$cfg_clientkey" \
258 --cert "$cfg_clientcert" \
259 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
260 echo "Created mob user client certificate"
262 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
263 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
265 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
268 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
269 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
273 echo "*** Finalizing permissions..."
274 chown
-R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
275 [ -z "$cfg_httpspushurl" ] || chown
-R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"