search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
git-browser: pick up drawing drift fix
[girocco.git] / install.sh
blobaf85d57cf0f2d0f5147c456520efc8d752112e2d
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19 toolbox/check-perl-modules.pl
20
21 # What Config should we use?
22 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
23 echo "*** Initializing using $GIROCCO_CONF..."
24
25 # First run Girocco::Config consistency checks
26 perl -I. -M$GIROCCO_CONF -e ''
27
28 . ./shlib.sh
29
30 owngroup=""
31 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
32 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
33 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
34 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
35 exit 1
36 fi
37
38
39 # Check for extra required tools
40 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint >/dev/null; then
41 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
42 exit 1
43 fi
44
45
46 echo "*** Checking for compiled utilities..."
47 if [ ! -x src/can_user_push ]; then
48 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
49 echo "ERROR: perhaps you forgot to run make?" >&2
50 exit 1
51 fi
52 if [ ! -x src/can_user_push_http ]; then
53 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
54 echo "ERROR: perhaps you forgot to run make?" >&2
55 exit 1
56 fi
57 if [ ! -x src/getent ]; then
58 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
59 echo "ERROR: perhaps you forgot to run make?" >&2
60 exit 1
61 fi
62 if [ ! -x src/get_user_uuid ]; then
63 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
64 echo "ERROR: perhaps you forgot to run make?" >&2
65 exit 1
66 fi
67 if [ ! -x src/peek_packet ]; then
68 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
69 echo "ERROR: perhaps you forgot to run make?" >&2
70 exit 1
71 fi
72 if [ ! -x src/rangecgi ]; then
73 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
74 echo "ERROR: perhaps you forgot to run make?" >&2
75 exit 1
76 fi
77 if [ ! -x src/throttle ]; then
78 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
79 echo "ERROR: perhaps you forgot to run make?" >&2
80 exit 1
81 fi
82
83
84 echo "*** Checking for ezcert..."
85 if [ ! -f ezcert.git/CACreateCert ]; then
86 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
87 exit 1
88 fi
89
90
91 echo "*** Checking for git..."
92 case "$cfg_git_bin" in /*) :;; *)
93 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
94 exit 1
95 esac
96 if [ ! -x "$cfg_git_bin" ]; then
97 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
98 exit 1
99 fi
100 if ! git_version="$("$cfg_git_bin" version)"; then
101 echo "ERROR: $cfg_git_bin version failed" >&2
102 exit 1
103 fi
104 case "$git_version" in
105 [Gg]"it version "*) :;;
106 *)
107 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
108 exit 1
109 esac
110 echo "Found $cfg_git_bin $git_version"
111 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
112 echo "*** Checking Git $git_vernum for compatibility..."
113 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
114 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
115 exit 1
116 fi
117 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
118 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
119 fi
120 if [ "$(vcmp "$git_vernum" 1.7.2)" -lt 0 ]; then
121 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.2, some Girocco functionality will be disabled'
122 fi
123 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
124 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
125 fi
126 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
127 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
128 fi
129 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
130 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
131 echo 'WARNING: See http://thread.gmane.org/gmane.comp.version-control.git/261638 for details'
132 fi
133 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
134 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
135 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
136 fi
137 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
138 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
139 fi
140 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
141 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
142 fi
143 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
144 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
145 fi
146 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
147 cat <<'EOT'
148
149 ***
150 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
151 ***
152
153 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
154 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
155 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.3.10) or later.
156
157 In order to bypass this check you will have to modify install.sh in which case
158 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
159
160 EOT
161 exit 1
162 fi
163 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
164 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
165 fi
166 if [ "$(vcmp "$git_vernum" 2.3.10)" -lt 0 ]; then
167 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.10, security issues exist'
168 cat <<'EOT'
169
170 ***
171 *** IMPORTANT: $Girocco::Config::git_bin is set to a version of Git prior to 2.3.10
172 ***
173
174 Besides the security fixes included in 2.3.9 and 2.3.10, versions prior to
175 2.2.0 may accidentally prune unreachable loose objects earlier than intended.
176 Since Git versions 2.2.0 through 2.3.1 are incompatible with Girocco, 2.3.3
177 includes a performance improvement and the only significant changes between
178 2.3.3 and 2.3.10 are the inclusion of the security updates, Git version 2.3.10
179 should be considered the absolute minimum version of Git to use when running
180 Girocco.
181
182 This is not enforced, but Git is easy to build from the git.git submodule and
183 upgrading to GIT VERSION 2.3.10 OR LATER IS HIGHLY RECOMMENDED.
184
185 EOT
186 fi
187 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
188 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
189 fi
190 if [ "$(vcmp "$git_vernum" 2.4)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.4.10)" -lt 0 ]; then
191 echo 'WARNING: $Girocco::Config::git_bin version >= 2.4.0 and < 2.4.10, security issues exist'
192 fi
193 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.4)" -lt 0 ]; then
194 echo 'WARNING: $Girocco::Config::git_bin version >= 2.5.0 and < 2.5.4, security issues exist'
195 fi
196 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.1)" -lt 0 ]; then
197 echo 'WARNING: $Girocco::Config::git_bin version >= 2.6.0 and < 2.6.1, security issues exist'
198 fi
199 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
200 cat <<'EOT'
201
202 ***
203 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
204 ***
205
206 You appear to have enabled mirroring and the Git binary you have selected
207 appears to contain an experimental patch that cannot be disabled. This
208 patch can generate invalid network DNS traffic and/or cause long delays
209 when fetching using the "git:" protocol when no port number is specified.
210 It may also end up retrieving repsitory contents from a host other than
211 the one specified in the "git:" URL when the port is omitted.
212
213 You are advised to either build your own version of Git (the problem patch
214 is not part of the official Git repository) or disable mirroring (via the
215 $Girocco::Config:mirror setting) to avoid these potential problems.
216
217 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
218
219 EOT
220 fi
221
222
223 chown_make() {
224 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
225 find "$@" -user root -print0 2>/dev/null | \
226 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
227 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
228 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
229 fi
230 }
231
232 echo "*** Setting up basedir..."
233 "$MAKE" --no-print-directory --silent apache.conf
234 chown_make apache.conf
235 "$MAKE" --no-print-directory --silent -C src
236 chown_make src
237 rm -fr "$cfg_basedir"
238 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb"
239 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
240 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/peek_packet src/rangecgi \
241 src/throttle ezcert.git/CACreateCert cgi/authrequired.cgi cgi/snapshot.cgi "$cfg_basedir/bin"
242 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
243 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
244 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
245
246 # Put the correct Config in place
247 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
248
249
250 echo "*** Preprocessing scripts..."
251 perl -I. -M$GIROCCO_CONF -i -p \
252 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
253 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
254 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
255 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
256 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
257 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
258 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
259 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
260 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
261 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
262 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
263 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
264 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
265 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
266 "$cfg_basedir"/toolbox/reports/*.sh \
267 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
268 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
269 "$cfg_basedir"/bin/*.cgi "$cfg_basedir"/screen/*
270
271 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
272 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
273
274 if [ -n "$cfg_mirror" ]; then
275 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
276 fi
277 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
278 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
279 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
280
281
282 echo "*** Setting up repository root..."
283 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
284 if [ "$cfg_owning_group" ]; then
285 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
286 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
287 fi
288 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
289 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
290
291
292 if [ -n "$cfg_chrooted" ]; then
293 echo "*** Setting up chroot jail for pushing..."
294 if [ "$(id -u)" -eq 0 ]; then
295 ./jailsetup.sh
296 else
297 echo "WARNING: Skipping jail setup, not root"
298 fi
299 fi
300
301
302 echo "*** Setting up jail configuration (project database)..."
303 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
304 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
305 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
306 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
307 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
308 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
309 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the files"
310 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
311 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
312 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
313
314 echo "*** Setting up gitweb from git.git..."
315 if [ ! -f git.git/Makefile ]; then
316 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
317 exit 1
318 fi
319 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
320 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
321 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" gitweb && \
322 chown_make gitweb && \
323 perl -pe 's/^(\s*use\s+warnings\s*;.*)$/#$1/' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
324 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
325 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
326 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
327 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
328
329
330 echo "*** Setting up git-browser from git-browser.git..."
331 if [ ! -f git-browser.git/git-browser.cgi ]; then
332 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
333 exit 1
334 fi
335 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
336 (cd git-browser.git && \
337 CFG="$cfg_basedir/gitweb/git-browser.conf" perl -pe \
338 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
339 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
340 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
341 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
342 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
343 cp -r JSON "$cfg_cgiroot")
344 rm -f "$cfg_webroot"/git-browser/index.html
345 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
346 gitbin: $cfg_git_bin
347 warehouse: $cfg_reporoot
348 EOT
349 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
350 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
351 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
352 cfg_gitweb_url="$cfg_gitweburl/"
353 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
354 EOT
355 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
356 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
357
358
359 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
360 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
361 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
362 exit 1
363 fi
364 mkdir -p "$cfg_basedir"/bin
365 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
366
367
368 echo "*** Setting up hg-fast-export from fast-export.git..."
369 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
370 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
371 exit 1
372 fi
373 mkdir -p "$cfg_basedir"/bin
374 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
375
376
377 echo "*** Setting up markdown from markdown.git..."
378 if [ ! -f markdown.git/Markdown.pl ]; then
379 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
380 exit 1
381 fi
382 mkdir -p "$cfg_basedir"/bin
383 cp markdown.git/Markdown.pl "$cfg_basedir"/bin
384
385
386 echo "*** Setting up our part of the website..."
387 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
388 cp cgi/*.cgi "$cfg_cgiroot"
389 cp "$cfg_basedir"/bin/snapshot.cgi "$cfg_cgiroot"
390 rm -f "$cfg_cgiroot"/authrequired.cgi
391 [ -z "$cfg_httpspushurl" ] || cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_cgiroot"
392 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_cgiroot"/usercert.cgi
393 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
394 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
395 if [ -z "$cfg_httpspushurl" ]; then
396 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
397 else
398 cp gitweb/indextext.html "$cfg_basedir/gitweb"
399 fi
400 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
401 cp mootools.js "$cfg_webroot"
402 cp htaccess "$cfg_webroot/.htaccess"
403 cp cgi/htaccess "$cfg_cgiroot/.htaccess"
404 cp git-favicon.ico "$cfg_webroot/favicon.ico"
405 cp robots.txt "$cfg_webroot"
406 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
407
408
409 if [ -n "$cfg_httpspushurl" ]; then
410 echo "*** Setting up SSL certificates..."
411 bits=2048
412 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
413 bits="$cfg_rsakeylength"
414 fi
415 mkdir -p "$cfg_certsdir"
416 [ -d "$cfg_certsdir" ]
417 wwwcertcn=
418 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
419 wwwcertcn="$( \
420 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
421 sed -e 's,[^/]*,,' \
422 )"
423 fi
424 wwwcertdns=
425 if [ -n "$cfg_wwwcertaltnames" ]; then
426 for dnsopt in $cfg_wwwcertaltnames; do
427 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
428 done
429 fi
430 wwwcertdnsfile=
431 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
432 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
433 fi
434 needroot=
435 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
436 -e "$cfg_certsdir/girocco_client_key.pem" -a \
437 -e "$cfg_certsdir/girocco_www_key.pem" -a \
438 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
439 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
440 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
441 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
442 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
443 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
444 rm -f "$cfg_certsdir/girocco_root_crt.pem"
445 echo "Created new root key"
446 fi
447 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
448 ezcert.git/CACreateCert --root --key "$cfg_certsdir/girocco_root_key.pem" \
449 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
450 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
451 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
452 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
453 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
454 echo "Created new root certificate"
455 fi
456 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
457 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
458 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
459 rm -f "$cfg_certsdir/girocco_www_crt.pem"
460 echo "Created new www key"
461 fi
462 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
463 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
464 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
465 ezcert.git/CACreateCert --server --key "$cfg_certsdir/girocco_root_key.pem" \
466 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
467 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
468 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
469 echo "Created www certificate"
470 fi
471 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
472 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
473 echo "Created www certificate chain file"
474 fi
475 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
476 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
477 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
478 rm -f "$cfg_certsdir/girocco_client_crt.pem"
479 echo "Created new client key"
480 fi
481 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
482 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
483 ezcert.git/CACreateCert --subca --key "$cfg_certsdir/girocco_root_key.pem" \
484 --cert "$cfg_certsdir/girocco_root_crt.pem" \
485 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
486 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
487 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
488 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
489 echo "Created client certificate"
490 fi
491 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
492 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
493 echo "Created client certificate suffix file"
494 fi
495 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
496 if [ -n "$cfg_mob" ]; then
497 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
498 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
499 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
500 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
501 echo "Created new mob user key"
502 fi
503 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
504 openssl rsa -in "$cfg_mobuserkey" -pubout |
505 ezcert.git/CACreateCert --client --key "$cfg_clientkey" \
506 --cert "$cfg_clientcert" \
507 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
508 echo "Created mob user client certificate"
509 fi
510 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
511 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
512 else
513 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
514 fi
515 else
516 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
517 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
518 fi
519
520
521 echo "*** Finalizing permissions..."
522 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
523 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"