search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
receive-pack: never unpack git-receive-pack packs
[girocco.git] / install.sh
bloba456b3bb9114354f68a0b1eb4e715ffae33db1fb
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
23
24 # First run Girocco::Config consistency checks
25 perl -I. -M$GIROCCO_CONF -e ''
26
27 . ./shlib.sh
28 umask 0022
29 "$var_perl_bin" toolbox/check-perl-modules.pl
30
31 owngroup=""
32 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
33 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
34 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
35 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
36 exit 1
37 fi
38
39
40 # Check for extra required tools
41 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint >/dev/null; then
42 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
43 exit 1
44 fi
45
46
47 echo "*** Checking for compiled utilities..."
48 if [ ! -x src/can_user_push ]; then
49 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
50 echo "ERROR: perhaps you forgot to run make?" >&2
51 exit 1
52 fi
53 if [ ! -x src/can_user_push_http ]; then
54 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
55 echo "ERROR: perhaps you forgot to run make?" >&2
56 exit 1
57 fi
58 if [ ! -x src/getent ]; then
59 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
60 echo "ERROR: perhaps you forgot to run make?" >&2
61 exit 1
62 fi
63 if [ ! -x src/get_user_uuid ]; then
64 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
65 echo "ERROR: perhaps you forgot to run make?" >&2
66 exit 1
67 fi
68 if [ ! -x src/peek_packet ]; then
69 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
70 echo "ERROR: perhaps you forgot to run make?" >&2
71 exit 1
72 fi
73 if [ ! -x src/rangecgi ]; then
74 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
75 echo "ERROR: perhaps you forgot to run make?" >&2
76 exit 1
77 fi
78 if [ ! -x src/throttle ]; then
79 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
80 echo "ERROR: perhaps you forgot to run make?" >&2
81 exit 1
82 fi
83
84
85 echo "*** Checking for ezcert..."
86 if ! [ -f ezcert.git/CACreateCert -a -x ezcert.git/CACreateCert ]; then
87 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
88 exit 1
89 fi
90
91
92 echo "*** Checking for git..."
93 case "$cfg_git_bin" in /*) :;; *)
94 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
95 exit 1
96 esac
97 if [ ! -x "$cfg_git_bin" ]; then
98 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
99 exit 1
100 fi
101 if ! git_version="$("$cfg_git_bin" version)"; then
102 echo "ERROR: $cfg_git_bin version failed" >&2
103 exit 1
104 fi
105 case "$git_version" in
106 [Gg]"it version "*) :;;
107 *)
108 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
109 exit 1
110 esac
111 echo "Found $cfg_git_bin $git_version"
112 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
113 echo "*** Checking Git $git_vernum for compatibility..."
114 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
115 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
116 exit 1
117 fi
118 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
119 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
120 fi
121 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
122 cat <<'EOT'
123
124 ***
125 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
126 ***
127
128 Some Girocco functionality will be gracefully disabled and other things will
129 just not work at all such as race condition protection against simultaneous
130 client pushes and server garbage collections.
131
132 EOT
133 fi
134 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
135 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
136 fi
137 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
138 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
139 fi
140 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
141 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
142 echo 'WARNING: See http://thread.gmane.org/gmane.comp.version-control.git/261638 for details'
143 fi
144 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
145 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
146 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
147 fi
148 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
149 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
150 fi
151 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
152 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
153 fi
154 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
155 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
156 fi
157 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
158 cat <<'EOT'
159
160 ***
161 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
162 ***
163
164 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
165 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
166 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
167
168 In order to bypass this check you will have to modify install.sh in which case
169 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
170
171 EOT
172 exit 1
173 fi
174 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
175 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
176 fi
177 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
178 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
179 fi
180 secmsg=
181 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
182 secmsg='prior to 2.4.11'
183 fi
184 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
185 secmsg='2.5.x prior to 2.5.5'
186 fi
187 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
188 secmsg='2.6.x prior to 2.6.6'
189 fi
190 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
191 secmsg='2.7.x prior to 2.7.4'
192 fi
193 if [ -n "$secmsg" ]; then
194 cat <<EOT
195
196 ***
197 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
198 ***
199
200 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
201 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
202
203 Besides the security fixes included in later versions, versions prior to
204 2.2.0 may accidentally prune unreachable loose objects earlier than
205 intended. Since Git version 2.4.11 is the minimum version to include all
206 security fixes to date, it should be considered the absolute minimum
207 version of Git to use when running Girocco.
208
209 This is not enforced, but Git is easy to build from the git.git submodule
210 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
211
212 We will now pause for a moment so you can reflect on this warning.
213
214 EOT
215 sleep 60
216 fi
217 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
218 cat <<'EOT'
219
220 ***
221 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
222 ***
223
224 You appear to have enabled mirroring and the Git binary you have selected
225 appears to contain an experimental patch that cannot be disabled. This
226 patch can generate invalid network DNS traffic and/or cause long delays
227 when fetching using the "git:" protocol when no port number is specified.
228 It may also end up retrieving repsitory contents from a host other than
229 the one specified in the "git:" URL when the port is omitted.
230
231 You are advised to either build your own version of Git (the problem patch
232 is not part of the official Git repository) or disable mirroring (via the
233 $Girocco::Config:mirror setting) to avoid these potential problems.
234
235 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
236
237 EOT
238 sleep 5
239 fi
240
241 chown_make() {
242 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
243 find "$@" -user root -print0 2>/dev/null | \
244 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
245 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
246 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
247 fi
248 }
249
250 echo "*** Setting up basedir..."
251 "$MAKE" --no-print-directory --silent apache.conf
252 chown_make apache.conf
253 "$MAKE" --no-print-directory --silent -C src
254 chown_make src
255 rm -fr "$cfg_basedir"
256 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb" "$cfg_basedir/cgi"
257 cp cgi/*.cgi "$cfg_basedir/cgi"
258 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
259 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/peek_packet src/rangecgi \
260 src/throttle ezcert.git/CACreateCert cgi/authrequired.cgi cgi/snapshot.cgi "$cfg_basedir/bin"
261 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
262 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
263 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
264
265 # Put the correct Config in place
266 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
267
268 shbin="${cfg_posix_sh_bin:-/bin/sh}"
269 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] || {
270 echo "ERROR: invalid $Girocco::Config::posix_sh_bin setting" >&2
271 exit 1
272 }
273 ln -s "$shbin" "$cfg_basedir/bin"
274 perlbin="$var_perl_bin"
275 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl ", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] || {
276 echo "ERROR: invalid $Girocco::Config::perl_bin setting" >&2
277 exit 1
278 }
279 ln -s "$perlbin" "$cfg_basedir/bin"
280
281 echo "*** Preprocessing scripts..."
282 SHBIN="$shbin" && export SHBIN
283 PERLBIN="$perlbin" && export PERLBIN
284 perl -I. -M$GIROCCO_CONF -i -p \
285 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
286 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
287 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
288 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
289 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
290 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
291 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
292 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
293 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
294 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
295 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
296 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
297 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
298 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
299 -e 's/\@var_xargs_r\@/"'"$var_xargs_r"'"/g;' \
300 -e 'close ARGV if eof;' \
301 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
302 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
303 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
304 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
305 "$cfg_basedir"/toolbox/reports/*.sh \
306 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
307 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
308 "$cfg_basedir"/bin/*.cgi "$cfg_basedir"/screen/*
309 perl -i -p \
310 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
311 -e 'close ARGV if eof;' \
312 "$cfg_basedir"/jobd/jobd.pl "$cfg_basedir"/taskd/taskd.pl \
313 "$cfg_basedir"/bin/sendmail.pl "$cfg_basedir"/bin/CACreateCert
314 perl -i -p \
315 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
316 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
317 -e 'close ARGV if eof;' \
318 "$cfg_basedir"/bin/format-readme "$cfg_basedir/cgi"/*.cgi
319 unset PERLBIN
320 unset SHBIN
321
322 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
323 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
324
325 if [ -n "$cfg_mirror" ]; then
326 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
327 fi
328 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
329 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
330 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
331
332
333 echo "*** Setting up repository root..."
334 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
335 if [ "$cfg_owning_group" ]; then
336 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
337 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
338 fi
339 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
340 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
341
342
343 if [ -n "$cfg_chrooted" ]; then
344 echo "*** Setting up chroot jail for pushing..."
345 if [ "$(id -u)" -eq 0 ]; then
346 ./jailsetup.sh
347 else
348 echo "WARNING: Skipping jail setup, not root"
349 fi
350 fi
351
352
353 echo "*** Setting up jail configuration (project database)..."
354 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
355 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
356 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
357 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
358 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
359 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
360 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
361 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
362 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
363 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
364
365 echo "*** Setting up gitweb from git.git..."
366 if [ ! -f git.git/Makefile ]; then
367 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
368 exit 1
369 fi
370 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
371 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
372 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH="$shbin" gitweb && \
373 chown_make gitweb && \
374 PERLBIN="$perlbin" && export PERLBIN && \
375 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
376 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
377 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
378 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
379 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
380 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
381 test $? -eq 0
382
383
384 echo "*** Setting up git-browser from git-browser.git..."
385 if [ ! -f git-browser.git/git-browser.cgi ]; then
386 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
387 exit 1
388 fi
389 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
390 (cd git-browser.git && \
391 CFG="$cfg_basedir/gitweb/git-browser.conf" && export CFG && \
392 PERLBIN="$perlbin" && export PERLBIN && perl -p \
393 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
394 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
395 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
396 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
397 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
398 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
399 cp -r JSON "$cfg_cgiroot")
400 test $? -eq 0
401 rm -f "$cfg_webroot"/git-browser/index.html
402 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
403 gitbin: $cfg_git_bin
404 warehouse: $cfg_reporoot
405 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
406 EOT
407 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
408 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
409 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
410 cfg_gitweb_url="$cfg_gitweburl/"
411 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
412 EOT
413 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
414 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
415
416
417 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
418 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
419 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
420 exit 1
421 fi
422 mkdir -p "$cfg_basedir"/bin
423 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
424
425
426 echo "*** Setting up hg-fast-export from fast-export.git..."
427 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
428 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
429 exit 1
430 fi
431 mkdir -p "$cfg_basedir"/bin
432 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
433
434
435 echo "*** Setting up markdown from markdown.git..."
436 if [ ! -f markdown.git/Markdown.pl ]; then
437 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
438 exit 1
439 fi
440 mkdir -p "$cfg_basedir"/bin
441 (PERLBIN="$perlbin" && export PERLBIN && \
442 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
443 markdown.git/Markdown.pl > "$cfg_basedir"/bin/Markdown.pl.$$ && \
444 chmod a+x "$cfg_basedir"/bin/Markdown.pl.$$ && \
445 mv -f "$cfg_basedir"/bin/Markdown.pl.$$ "$cfg_basedir"/bin/Markdown.pl)
446 test $? -eq 0
447
448
449 echo "*** Setting up our part of the website..."
450 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
451 cp "$cfg_basedir"/bin/snapshot.cgi "$cfg_basedir/cgi"
452 cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir/cgi"
453 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir/cgi"/usercert.cgi "$cfg_cgiroot"/usercert.cgi
454 cp "$cfg_basedir/cgi"/*.cgi "$cfg_cgiroot"
455 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
456 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
457 if [ -z "$cfg_httpspushurl" ]; then
458 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
459 else
460 cp gitweb/indextext.html "$cfg_basedir/gitweb"
461 fi
462 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
463 cp mootools.js "$cfg_webroot"
464 cp htaccess "$cfg_webroot/.htaccess"
465 cp cgi/htaccess "$cfg_cgiroot/.htaccess"
466 cp git-favicon.ico "$cfg_webroot/favicon.ico"
467 cp robots.txt "$cfg_webroot"
468 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
469
470
471 if [ -n "$cfg_httpspushurl" ]; then
472 echo "*** Setting up SSL certificates..."
473 bits=2048
474 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
475 bits="$cfg_rsakeylength"
476 fi
477 mkdir -p "$cfg_certsdir"
478 [ -d "$cfg_certsdir" ]
479 wwwcertcn=
480 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
481 wwwcertcn="$( \
482 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
483 sed -e 's,[^/]*,,' \
484 )"
485 fi
486 wwwcertdns=
487 if [ -n "$cfg_wwwcertaltnames" ]; then
488 for dnsopt in $cfg_wwwcertaltnames; do
489 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
490 done
491 fi
492 wwwcertdnsfile=
493 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
494 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
495 fi
496 needroot=
497 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
498 -e "$cfg_certsdir/girocco_client_key.pem" -a \
499 -e "$cfg_certsdir/girocco_www_key.pem" -a \
500 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
501 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
502 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
503 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
504 umask 0077
505 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
506 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
507 rm -f "$cfg_certsdir/girocco_root_crt.pem"
508 umask 0022
509 echo "Created new root key"
510 fi
511 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
512 "$cfg_basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
513 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
514 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
515 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
516 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
517 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
518 echo "Created new root certificate"
519 fi
520 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
521 umask 0077
522 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
523 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
524 rm -f "$cfg_certsdir/girocco_www_crt.pem"
525 umask 0022
526 echo "Created new www key"
527 fi
528 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
529 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
530 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
531 "$cfg_basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
532 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
533 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
534 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
535 echo "Created www certificate"
536 fi
537 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
538 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
539 echo "Created www certificate chain file"
540 fi
541 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
542 umask 0037
543 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
544 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
545 rm -f "$cfg_certsdir/girocco_client_crt.pem"
546 umask 0022
547 echo "Created new client key"
548 fi
549 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
550 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
551 "$cfg_basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
552 --cert "$cfg_certsdir/girocco_root_crt.pem" \
553 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
554 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
555 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
556 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
557 echo "Created client certificate"
558 fi
559 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
560 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
561 echo "Created client certificate suffix file"
562 fi
563 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
564 if [ -n "$cfg_mob" ]; then
565 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
566 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
567 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
568 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
569 echo "Created new mob user key"
570 fi
571 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
572 openssl rsa -in "$cfg_mobuserkey" -pubout |
573 "$cfg_basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
574 --cert "$cfg_clientcert" \
575 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
576 echo "Created mob user client certificate"
577 fi
578 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
579 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
580 else
581 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
582 fi
583 else
584 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
585 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
586 fi
587
588
589 echo "*** Finalizing permissions..."
590 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
591 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"