search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
makefile: add some non-GNU compatibility updates
[girocco.git] / install.sh
blobd3d20fce31475abda292d2c9747f2207b5dabd7d
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19 toolbox/check-perl-modules.pl
20
21 # What Config should we use?
22 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
23 echo "*** Initializing using $GIROCCO_CONF..."
24
25 # First run Girocco::Config consistency checks
26 perl -I. -M$GIROCCO_CONF -e ''
27
28 . ./shlib.sh
29
30 owngroup=""
31 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
32 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
33 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
34 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
35 exit 1
36 fi
37
38
39 # Check for extra required tools
40 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint >/dev/null; then
41 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
42 exit 1
43 fi
44
45
46 echo "*** Checking for compiled utilities..."
47 if [ ! -x src/can_user_push ]; then
48 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
49 echo "ERROR: perhaps you forgot to run make?" >&2
50 exit 1
51 fi
52 if [ ! -x src/can_user_push_http ]; then
53 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
54 echo "ERROR: perhaps you forgot to run make?" >&2
55 exit 1
56 fi
57 if [ ! -x src/getent ]; then
58 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
59 echo "ERROR: perhaps you forgot to run make?" >&2
60 exit 1
61 fi
62 if [ ! -x src/get_user_uuid ]; then
63 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
64 echo "ERROR: perhaps you forgot to run make?" >&2
65 exit 1
66 fi
67 if [ ! -x src/peek_packet ]; then
68 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
69 echo "ERROR: perhaps you forgot to run make?" >&2
70 exit 1
71 fi
72 if [ ! -x src/rangecgi ]; then
73 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
74 echo "ERROR: perhaps you forgot to run make?" >&2
75 exit 1
76 fi
77 if [ ! -x src/throttle ]; then
78 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
79 echo "ERROR: perhaps you forgot to run make?" >&2
80 exit 1
81 fi
82
83
84 echo "*** Checking for ezcert..."
85 if [ ! -f ezcert.git/CACreateCert ]; then
86 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
87 exit 1
88 fi
89
90
91 echo "*** Checking for git..."
92 case "$cfg_git_bin" in /*) :;; *)
93 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
94 exit 1
95 esac
96 if [ ! -x "$cfg_git_bin" ]; then
97 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
98 exit 1
99 fi
100 if ! git_version="$("$cfg_git_bin" version)"; then
101 echo "ERROR: $cfg_git_bin version failed" >&2
102 exit 1
103 fi
104 case "$git_version" in
105 [Gg]"it version "*) :;;
106 *)
107 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
108 exit 1
109 esac
110 echo "Found $cfg_git_bin $git_version"
111 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
112 echo "*** Checking Git $git_vernum for compatibility..."
113 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
114 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
115 exit 1
116 fi
117 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
118 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
119 fi
120 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
121 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.3, some Girocco functionality will be disabled'
122 fi
123 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
124 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
125 fi
126 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
127 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
128 fi
129 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
130 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
131 echo 'WARNING: See http://thread.gmane.org/gmane.comp.version-control.git/261638 for details'
132 fi
133 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
134 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
135 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
136 fi
137 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
138 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
139 fi
140 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
141 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
142 fi
143 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
144 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
145 fi
146 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
147 cat <<'EOT'
148
149 ***
150 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
151 ***
152
153 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
154 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
155 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
156
157 In order to bypass this check you will have to modify install.sh in which case
158 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
159
160 EOT
161 exit 1
162 fi
163 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
164 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
165 fi
166 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
167 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
168 fi
169 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
170 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.11, security issues exist'
171 cat <<'EOT'
172
173 ***
174 *** IMPORTANT: $Girocco::Config::git_bin is set to a version of Git prior to 2.4.11
175 ***
176
177 Besides the security fixes included in 2.4.11, versions prior to 2.2.0
178 may accidentally prune unreachable loose objects earlier than intended.
179 Since Git version 2.4.11 is the minimum version to include all security
180 fixes to date, it should be considered the absolute minimum version of
181 Git to use when running Girocco.
182
183 This is not enforced, but Git is easy to build from the git.git submodule
184 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
185
186 EOT
187 fi
188 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
189 echo 'WARNING: $Girocco::Config::git_bin version >= 2.5.0 and < 2.5.5, security issues exist'
190 fi
191 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
192 echo 'WARNING: $Girocco::Config::git_bin version >= 2.6.0 and < 2.6.6, security issues exist'
193 fi
194 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
195 echo 'WARNING: $Girocco::Config::git_bin version >= 2.7.0 and < 2.7.4, security issues exist'
196 fi
197 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
198 cat <<'EOT'
199
200 ***
201 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
202 ***
203
204 You appear to have enabled mirroring and the Git binary you have selected
205 appears to contain an experimental patch that cannot be disabled. This
206 patch can generate invalid network DNS traffic and/or cause long delays
207 when fetching using the "git:" protocol when no port number is specified.
208 It may also end up retrieving repsitory contents from a host other than
209 the one specified in the "git:" URL when the port is omitted.
210
211 You are advised to either build your own version of Git (the problem patch
212 is not part of the official Git repository) or disable mirroring (via the
213 $Girocco::Config:mirror setting) to avoid these potential problems.
214
215 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
216
217 EOT
218 fi
219
220
221 chown_make() {
222 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
223 find "$@" -user root -print0 2>/dev/null | \
224 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
225 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
226 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
227 fi
228 }
229
230 echo "*** Setting up basedir..."
231 "$MAKE" --no-print-directory --silent apache.conf
232 chown_make apache.conf
233 "$MAKE" --no-print-directory --silent -C src
234 chown_make src
235 rm -fr "$cfg_basedir"
236 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb"
237 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
238 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/peek_packet src/rangecgi \
239 src/throttle ezcert.git/CACreateCert cgi/authrequired.cgi cgi/snapshot.cgi "$cfg_basedir/bin"
240 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
241 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
242 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
243
244 # Put the correct Config in place
245 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
246
247
248 echo "*** Preprocessing scripts..."
249 perl -I. -M$GIROCCO_CONF -i -p \
250 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
251 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
252 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
253 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
254 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
255 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
256 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
257 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
258 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
259 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
260 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
261 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
262 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
263 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
264 "$cfg_basedir"/toolbox/reports/*.sh \
265 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
266 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
267 "$cfg_basedir"/bin/*.cgi "$cfg_basedir"/screen/*
268
269 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
270 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
271
272 if [ -n "$cfg_mirror" ]; then
273 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
274 fi
275 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
276 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
277 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
278
279
280 echo "*** Setting up repository root..."
281 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
282 if [ "$cfg_owning_group" ]; then
283 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
284 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
285 fi
286 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
287 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
288
289
290 if [ -n "$cfg_chrooted" ]; then
291 echo "*** Setting up chroot jail for pushing..."
292 if [ "$(id -u)" -eq 0 ]; then
293 ./jailsetup.sh
294 else
295 echo "WARNING: Skipping jail setup, not root"
296 fi
297 fi
298
299
300 echo "*** Setting up jail configuration (project database)..."
301 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
302 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
303 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
304 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
305 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
306 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
307 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
308 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
309 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
310 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
311
312 echo "*** Setting up gitweb from git.git..."
313 if [ ! -f git.git/Makefile ]; then
314 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
315 exit 1
316 fi
317 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
318 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
319 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" gitweb && \
320 chown_make gitweb && \
321 perl -pe 's/^(\s*use\s+warnings\s*;.*)$/#$1/' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
322 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
323 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
324 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
325 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
326
327
328 echo "*** Setting up git-browser from git-browser.git..."
329 if [ ! -f git-browser.git/git-browser.cgi ]; then
330 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
331 exit 1
332 fi
333 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
334 (cd git-browser.git && \
335 CFG="$cfg_basedir/gitweb/git-browser.conf" perl -pe \
336 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
337 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
338 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
339 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
340 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
341 cp -r JSON "$cfg_cgiroot")
342 rm -f "$cfg_webroot"/git-browser/index.html
343 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
344 gitbin: $cfg_git_bin
345 warehouse: $cfg_reporoot
346 EOT
347 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
348 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
349 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
350 cfg_gitweb_url="$cfg_gitweburl/"
351 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
352 EOT
353 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
354 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
355
356
357 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
358 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
359 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
360 exit 1
361 fi
362 mkdir -p "$cfg_basedir"/bin
363 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
364
365
366 echo "*** Setting up hg-fast-export from fast-export.git..."
367 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
368 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
369 exit 1
370 fi
371 mkdir -p "$cfg_basedir"/bin
372 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
373
374
375 echo "*** Setting up markdown from markdown.git..."
376 if [ ! -f markdown.git/Markdown.pl ]; then
377 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
378 exit 1
379 fi
380 mkdir -p "$cfg_basedir"/bin
381 cp markdown.git/Markdown.pl "$cfg_basedir"/bin
382
383
384 echo "*** Setting up our part of the website..."
385 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
386 cp cgi/*.cgi "$cfg_cgiroot"
387 cp "$cfg_basedir"/bin/snapshot.cgi "$cfg_cgiroot"
388 rm -f "$cfg_cgiroot"/authrequired.cgi
389 [ -z "$cfg_httpspushurl" ] || cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_cgiroot"
390 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_cgiroot"/usercert.cgi
391 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
392 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
393 if [ -z "$cfg_httpspushurl" ]; then
394 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
395 else
396 cp gitweb/indextext.html "$cfg_basedir/gitweb"
397 fi
398 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
399 cp mootools.js "$cfg_webroot"
400 cp htaccess "$cfg_webroot/.htaccess"
401 cp cgi/htaccess "$cfg_cgiroot/.htaccess"
402 cp git-favicon.ico "$cfg_webroot/favicon.ico"
403 cp robots.txt "$cfg_webroot"
404 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
405
406
407 oldumask="$(umask)"
408 umask 0022
409 if [ -n "$cfg_httpspushurl" ]; then
410 echo "*** Setting up SSL certificates..."
411 bits=2048
412 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
413 bits="$cfg_rsakeylength"
414 fi
415 mkdir -p "$cfg_certsdir"
416 [ -d "$cfg_certsdir" ]
417 wwwcertcn=
418 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
419 wwwcertcn="$( \
420 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
421 sed -e 's,[^/]*,,' \
422 )"
423 fi
424 wwwcertdns=
425 if [ -n "$cfg_wwwcertaltnames" ]; then
426 for dnsopt in $cfg_wwwcertaltnames; do
427 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
428 done
429 fi
430 wwwcertdnsfile=
431 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
432 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
433 fi
434 needroot=
435 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
436 -e "$cfg_certsdir/girocco_client_key.pem" -a \
437 -e "$cfg_certsdir/girocco_www_key.pem" -a \
438 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
439 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
440 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
441 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
442 umask 0077
443 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
444 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
445 rm -f "$cfg_certsdir/girocco_root_crt.pem"
446 umask 0022
447 echo "Created new root key"
448 fi
449 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
450 ezcert.git/CACreateCert --root --key "$cfg_certsdir/girocco_root_key.pem" \
451 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
452 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
453 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
454 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
455 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
456 echo "Created new root certificate"
457 fi
458 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
459 umask 0077
460 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
461 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
462 rm -f "$cfg_certsdir/girocco_www_crt.pem"
463 umask 0022
464 echo "Created new www key"
465 fi
466 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
467 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
468 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
469 ezcert.git/CACreateCert --server --key "$cfg_certsdir/girocco_root_key.pem" \
470 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
471 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
472 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
473 echo "Created www certificate"
474 fi
475 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
476 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
477 echo "Created www certificate chain file"
478 fi
479 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
480 umask 0037
481 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
482 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
483 rm -f "$cfg_certsdir/girocco_client_crt.pem"
484 umask 0022
485 echo "Created new client key"
486 fi
487 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
488 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
489 ezcert.git/CACreateCert --subca --key "$cfg_certsdir/girocco_root_key.pem" \
490 --cert "$cfg_certsdir/girocco_root_crt.pem" \
491 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
492 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
493 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
494 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
495 echo "Created client certificate"
496 fi
497 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
498 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
499 echo "Created client certificate suffix file"
500 fi
501 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
502 if [ -n "$cfg_mob" ]; then
503 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
504 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
505 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
506 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
507 echo "Created new mob user key"
508 fi
509 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
510 openssl rsa -in "$cfg_mobuserkey" -pubout |
511 ezcert.git/CACreateCert --client --key "$cfg_clientkey" \
512 --cert "$cfg_clientcert" \
513 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
514 echo "Created mob user client certificate"
515 fi
516 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
517 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
518 else
519 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
520 fi
521 else
522 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
523 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
524 fi
525 umask "$oldumask"
526
527
528 echo "*** Finalizing permissions..."
529 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
530 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"