2 # The Girocco installation script
3 # We will OVERWRITE basedir!
7 if [ -z "$MAKE" ]; then
8 echo "ERROR: MAKE not set" >&2
9 echo "Please run install.sh using 'make install'" >&2
10 echo "or set MAKE to the name of the GNU make executable" >&2
14 # Run perl module checker
15 if [ ! -x toolbox
/check-perl-modules.pl
]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
19 toolbox
/check-perl-modules.pl
21 # What Config should we use?
22 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF
=Girocco
::Config
23 echo "*** Initializing using $GIROCCO_CONF..."
25 # First run Girocco::Config consistency checks
26 perl
-I.
-M$GIROCCO_CONF -e ''
31 [ -z "$cfg_owning_group" ] || owngroup
=":$cfg_owning_group"
32 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
33 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
34 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
39 echo "*** Checking for compiled utilities..."
40 if [ ! -x src
/can_user_push
]; then
41 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
42 echo "ERROR: perhaps you forgot to run make?" >&2
45 if [ ! -x src
/can_user_push_http
]; then
46 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
47 echo "ERROR: perhaps you forgot to run make?" >&2
50 if [ ! -x src
/getent
]; then
51 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
52 echo "ERROR: perhaps you forgot to run make?" >&2
55 if [ ! -x src
/get_user_uuid
]; then
56 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
57 echo "ERROR: perhaps you forgot to run make?" >&2
60 if [ ! -x src
/peek_packet
]; then
61 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
62 echo "ERROR: perhaps you forgot to run make?" >&2
67 echo "*** Checking for ezcert..."
68 if [ ! -f ezcert.git
/CACreateCert
]; then
69 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
74 echo "*** Checking for git..."
75 if [ ! -x "$cfg_git_bin" ]; then
76 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
79 if ! git_version
="$("$cfg_git_bin" --version)"; then
80 echo "ERROR: $cfg_git_bin --version failed" >&2
83 case "$git_version" in
86 echo "ERROR: '$cfg_git_bin --version' output does not start with 'git version '" >&2
89 case "$cfg_git_bin" in /*) :;; *)
90 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
96 if [ "$LOGNAME" = root
-a -n "$SUDO_USER" -a "$SUDO_USER" != root
]; then
97 find "$@" -user root
-print0 2>/dev
/null | \
98 xargs $
(: |
xargs echo -r) -0 chown
"$SUDO_USER:$(id -gn "$SUDO_USER")"
99 elif [ "$LOGNAME" = root
-a -z "$SUDO_USER" -o "$SUDO_USER" = root
]; then
100 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
104 echo "*** Setting up basedir..."
105 "$MAKE" --no-print-directory --quiet apache.conf
106 chown_make apache.conf
107 "$MAKE" --no-print-directory --quiet -C src
109 rm -fr "$cfg_basedir"
110 mkdir
-p "$cfg_basedir"
111 cp -pR Girocco jobd taskd gitweb html
jobs toolbox hooks apache.conf shlib.sh bin screen
"$cfg_basedir"
112 cp -p src
/can_user_push src
/can_user_push_http src
/get_user_uuid src
/peek_packet \
113 ezcert.git
/CACreateCert cgi
/authrequired.cgi
"$cfg_basedir/bin"
114 [ -n "$cfg_httpspushurl" ] ||
rm -f "$cfg_basedir"/html
/rootcert.html
"$cfg_basedir"/html
/httpspush.html
115 [ -n "$cfg_mob" ] ||
rm -f "$cfg_basedir"/html
/mob.html
117 # Put the correct Config in place
118 [ "$GIROCCO_CONF" = "Girocco::Config" ] ||
cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
121 echo "*** Preprocessing scripts..."
122 perl
-I.
-M$GIROCCO_CONF -i -p \
123 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
124 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
125 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
126 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
127 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
128 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
129 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
130 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
131 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
132 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
133 "$cfg_basedir"/jobs
/*.sh
"$cfg_basedir"/jobd
/*.sh \
134 "$cfg_basedir"/taskd
/*.sh
"$cfg_basedir"/gitweb
/*.sh \
135 "$cfg_basedir"/shlib.sh
"$cfg_basedir"/hooks
/* \
136 "$cfg_basedir"/toolbox
/*.sh
"$cfg_basedir"/toolbox
/*.pl \
137 "$cfg_basedir"/toolbox
/reports
/*.sh \
138 "$cfg_basedir"/bin
/git-
* \
139 "$cfg_basedir"/bin
/create-
* "$cfg_basedir"/bin
/update-
* \
140 "$cfg_basedir"/bin
/authrequired.cgi
"$cfg_basedir"/screen
/*
142 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
143 get_girocco_config_var_list
> "$cfg_basedir"/shlib_vars.sh
145 if [ -n "$cfg_mirror" ]; then
146 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
148 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
149 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
150 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
153 echo "*** Setting up repository root..."
154 mkdir
-p "$cfg_reporoot" "$cfg_reporoot-recyclebin"
155 if [ "$cfg_owning_group" ]; then
156 chgrp
"$cfg_owning_group" "$cfg_reporoot" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
157 chgrp
"$cfg_owning_group" "$cfg_reporoot-recyclebin" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot-recyclebin"
159 chmod 02775 "$cfg_reporoot" ||
echo "WARNING: Cannot chmod $cfg_reporoot properly"
160 chmod 02775 "$cfg_reporoot-recyclebin" ||
echo "WARNING: Cannot chmod $cfg_reporoot-recyclebin properly"
163 if [ -n "$cfg_chrooted" ]; then
164 echo "*** Setting up chroot jail for pushing..."
165 if [ "$(id -u)" -eq 0 ]; then
168 echo "WARNING: Skipping jail setup, not root"
173 echo "*** Setting up jail configuration (project database)..."
174 [ "$(id -u)" -eq 0 ] || .
/jailsetup.sh dbonly
175 mkdir
-p "$cfg_chroot" "$cfg_chroot/etc"
176 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
177 chown
"$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
178 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
179 chown
"$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
180 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the files"
181 chmod g
+w
"$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
182 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
183 chmod 02775 "$cfg_chroot/etc" ||
echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
185 echo "*** Setting up gitweb from git.git..."
186 if [ ! -f git.git
/Makefile
]; then
187 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
190 mkdir
-p "$cfg_webroot" "$cfg_cgiroot"
191 (cd git.git
&& "$MAKE" --no-print-directory --quiet NO_SUBDIR
=: bindir
="$(dirname "$cfg_git_bin")" gitweb
&& \
192 chown_make gitweb
&& \
193 cp gitweb
/gitweb.cgi
"$cfg_cgiroot" && \
194 cp gitweb
/static
/*.png gitweb
/static
/*.css gitweb
/static
/*.js
"$cfg_webroot")
197 echo "*** Setting up git-browser from git-browser.git..."
198 if [ ! -f git-browser.git
/git-browser.cgi
]; then
199 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
202 mkdir
-p "$cfg_webroot"/git-browser
"$cfg_cgiroot"
203 (cd git-browser.git
&& cp git-browser.cgi
"$cfg_cgiroot" \
204 && cp -r *.html
*.js
*.css js.lib JSON
"$cfg_webroot"/git-browser
)
205 rm -f "$cfg_webroot"/git-browser
/index.html
206 ln -sf "$cfg_webroot/git-browser/JSON" "$cfg_cgiroot"
207 cat >"$cfg_cgiroot"/git-browser.conf
<<EOT
209 warehouse: $cfg_reporoot
211 cat >"$cfg_webroot"/git-browser
/GitConfig.js
<<EOT
212 cfg_gitweb_url="$cfg_gitweburl/"
213 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
217 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
218 if [ ! -d bzr-fastimport.git
/exporters
/darcs
/ ]; then
219 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
222 mkdir
-p "$cfg_basedir"/bin
223 cp bzr-fastimport.git
/exporters
/darcs
/darcs-fast-export
"$cfg_basedir"/bin
226 echo "*** Setting up hg-fast-export from fast-export.git..."
227 if [ ! -f fast-export.git
/hg-fast-export.py
-o ! -f fast-export.git
/hg2git.py
]; then
228 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
231 mkdir
-p "$cfg_basedir"/bin
232 cp fast-export.git
/hg-fast-export.py fast-export.git
/hg2git.py
"$cfg_basedir"/bin
235 echo "*** Setting up our part of the website..."
236 mkdir
-p "$cfg_webroot" "$cfg_cgiroot"
237 cp cgi
/*.cgi gitweb
/gitweb_config.perl
"$cfg_cgiroot"
238 rm -f "$cfg_cgiroot"/authrequired.cgi
239 [ -z "$cfg_httpspushurl" ] ||
cp "$cfg_basedir"/bin
/authrequired.cgi
"$cfg_cgiroot"
240 [ -n "$cfg_httpspushurl" ] ||
rm -f "$cfg_cgiroot"/usercert.cgi
241 ln -fs "$cfg_basedir"/Girocco
"$cfg_cgiroot"
242 [ -z "$cfg_webreporoot" ] ||
{ rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
243 if [ -z "$cfg_httpspushurl" ]; then
244 grep -v 'rootcert[.]html' gitweb
/indextext.html
> "$cfg_webroot/indextext.html"
246 cp gitweb
/indextext.html
"$cfg_webroot"
248 mv "$cfg_basedir"/html
/*.css
"$cfg_basedir"/html
/*.js
"$cfg_webroot"
249 cp mootools.js
"$cfg_webroot"
250 cp htaccess
"$cfg_webroot/.htaccess"
251 cp git-favicon.ico
"$cfg_webroot/favicon.ico"
252 cp robots.txt
"$cfg_webroot"
253 cat gitweb
/gitweb.css
>>"$cfg_webroot"/gitweb.css
256 if [ -n "$cfg_httpspushurl" ]; then
257 echo "*** Setting up SSL certificates..."
259 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev
/null
; then
260 bits
="$cfg_rsakeylength"
262 mkdir
-p "$cfg_certsdir"
263 [ -d "$cfg_certsdir" ]
265 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
267 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem
" -noout -subject | \
272 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
273 -e "$cfg_certsdir/girocco_client_key.pem" -a \
274 -e "$cfg_certsdir/girocco_www_key.pem" -a \
275 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
276 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot
=1
277 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
278 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
279 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
280 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
281 rm -f "$cfg_certsdir/girocco_root_crt.pem"
282 echo "Created new root key"
284 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
285 ezcert.git
/CACreateCert
--root --key "$cfg_certsdir/girocco_root_key.pem" \
286 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
287 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
288 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
289 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
290 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
291 echo "Created new root certificate"
293 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
294 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
295 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
296 rm -f "$cfg_certsdir/girocco_www_crt.pem"
297 echo "Created new www key"
299 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" -o "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ]; then
300 openssl rsa
-in "$cfg_certsdir/girocco_www_key.pem" -pubout |
301 ezcert.git
/CACreateCert
--server --key "$cfg_certsdir/girocco_root_key.pem" \
302 --cert "$cfg_certsdir/girocco_root_crt.pem" \
303 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
304 echo "Created www certificate"
306 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
307 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
308 echo "Created www certificate chain file"
310 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
311 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
312 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
313 rm -f "$cfg_certsdir/girocco_client_crt.pem"
314 echo "Created new client key"
316 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
317 openssl rsa
-in "$cfg_certsdir/girocco_client_key.pem" -pubout |
318 ezcert.git
/CACreateCert
--subca --key "$cfg_certsdir/girocco_root_key.pem" \
319 --cert "$cfg_certsdir/girocco_root_crt.pem" \
320 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
321 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
322 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
323 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
324 echo "Created client certificate"
326 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
327 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
328 echo "Created client certificate suffix file"
330 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
331 if [ -n "$cfg_mob" ]; then
332 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
333 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
334 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
335 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
336 echo "Created new mob user key"
338 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
339 openssl rsa
-in "$cfg_mobuserkey" -pubout |
340 ezcert.git
/CACreateCert
--client --key "$cfg_clientkey" \
341 --cert "$cfg_clientcert" \
342 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
343 echo "Created mob user client certificate"
345 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
346 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
348 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
351 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
352 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
356 echo "*** Finalizing permissions..."
357 chown
-R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
358 [ -z "$cfg_httpspushurl" ] || chown
-R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"