search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
taskd.pl: allow syslog facility to be specified
[girocco.git] / install.sh
blob0aa794c07d10d50c252c08f06ce1ef1a3c1da715
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19 toolbox/check-perl-modules.pl
20
21 # What Config should we use?
22 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
23 echo "*** Initializing using $GIROCCO_CONF..."
24
25 # First run Girocco::Config consistency checks
26 perl -I. -M$GIROCCO_CONF -e ''
27
28 . ./shlib.sh
29
30 owngroup=""
31 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
32 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
33 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
34 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
35 exit 1
36 fi
37
38
39 echo "*** Checking for compiled utilities..."
40 if [ ! -x src/can_user_push ]; then
41 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
42 echo "ERROR: perhaps you forgot to run make?" >&2
43 exit 1
44 fi
45 if [ ! -x src/can_user_push_http ]; then
46 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
47 echo "ERROR: perhaps you forgot to run make?" >&2
48 exit 1
49 fi
50 if [ ! -x src/getent ]; then
51 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
52 echo "ERROR: perhaps you forgot to run make?" >&2
53 exit 1
54 fi
55 if [ ! -x src/get_user_uuid ]; then
56 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
57 echo "ERROR: perhaps you forgot to run make?" >&2
58 exit 1
59 fi
60 if [ ! -x src/peek_packet ]; then
61 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
62 echo "ERROR: perhaps you forgot to run make?" >&2
63 exit 1
64 fi
65 if [ ! -x src/rangecgi ]; then
66 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
67 echo "ERROR: perhaps you forgot to run make?" >&2
68 exit 1
69 fi
70
71
72 echo "*** Checking for ezcert..."
73 if [ ! -f ezcert.git/CACreateCert ]; then
74 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
75 exit 1
76 fi
77
78
79 echo "*** Checking for git..."
80 case "$cfg_git_bin" in /*) :;; *)
81 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
82 exit 1
83 esac
84 if [ ! -x "$cfg_git_bin" ]; then
85 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
86 exit 1
87 fi
88 if ! git_version="$("$cfg_git_bin" version)"; then
89 echo "ERROR: $cfg_git_bin version failed" >&2
90 exit 1
91 fi
92 case "$git_version" in
93 [Gg]"it version "*) :;;
94 *)
95 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
96 exit 1
97 esac
98 echo "Found $cfg_git_bin $git_version"
99 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
100 echo "*** Checking Git $git_vernum for compatibility..."
101 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
102 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
103 exit 1
104 fi
105 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
106 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
107 fi
108 if [ "$(vcmp "$git_vernum" 1.7.2)" -lt 0 ]; then
109 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.2, some Girocco functionality will be disabled'
110 fi
111 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
112 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
113 fi
114 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
115 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
116 fi
117 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
118 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
119 echo 'WARNING: See http://thread.gmane.org/gmane.comp.version-control.git/261638 for details'
120 fi
121 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
122 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
123 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
124 fi
125 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
126 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
127 fi
128 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
129 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
130 fi
131 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
132 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
133 fi
134 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
135 cat <<'EOT'
136
137 ***
138 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
139 ***
140
141 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
142 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
143 or earlier or, more preferred, upgrade to 2.3.2 or later.
144
145 In order to bypass this check you will have to modify install.sh in which case
146 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
147
148 EOT
149 exit 1
150 fi
151 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
152 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
153 fi
154 if [ "$(vcmp "$git_vernum" 2.3.9)" -lt 0 ]; then
155 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.9, minor security issues exist'
156 fi
157 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
158 cat <<'EOT'
159
160 ***
161 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
162 ***
163
164 You appear to have enabled mirroring and the Git binary you have selected
165 appears to contain an experimental patch that cannot be disabled. This
166 patch can generate invalid network DNS traffic and/or cause long delays
167 when fetching using the "git:" protocol when no port number is specified.
168 It may also end up retrieving repsitory contents from a host other than
169 the one specified in the "git:" URL when the port is omitted.
170
171 You are advised to either build your own version of Git (the problem patch
172 is not part of the official Git repository) or disable mirroring (via the
173 $Girocco::Config:mirror setting) to avoid these potential problems.
174
175 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
176
177 EOT
178 fi
179
180
181 chown_make() {
182 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
183 find "$@" -user root -print0 2>/dev/null | \
184 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
185 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
186 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
187 fi
188 }
189
190 echo "*** Setting up basedir..."
191 "$MAKE" --no-print-directory --silent apache.conf
192 chown_make apache.conf
193 "$MAKE" --no-print-directory --silent -C src
194 chown_make src
195 rm -fr "$cfg_basedir"
196 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb"
197 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
198 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/peek_packet src/rangecgi \
199 ezcert.git/CACreateCert cgi/authrequired.cgi "$cfg_basedir/bin"
200 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
201 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
202 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
203
204 # Put the correct Config in place
205 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
206
207
208 echo "*** Preprocessing scripts..."
209 perl -I. -M$GIROCCO_CONF -i -p \
210 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
211 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
212 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
213 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
214 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
215 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
216 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
217 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
218 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
219 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
220 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
221 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
222 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
223 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
224 "$cfg_basedir"/toolbox/reports/*.sh \
225 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
226 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
227 "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir"/screen/*
228
229 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
230 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
231
232 if [ -n "$cfg_mirror" ]; then
233 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
234 fi
235 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
236 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
237 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
238
239
240 echo "*** Setting up repository root..."
241 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
242 if [ "$cfg_owning_group" ]; then
243 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
244 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
245 fi
246 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
247 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
248
249
250 if [ -n "$cfg_chrooted" ]; then
251 echo "*** Setting up chroot jail for pushing..."
252 if [ "$(id -u)" -eq 0 ]; then
253 ./jailsetup.sh
254 else
255 echo "WARNING: Skipping jail setup, not root"
256 fi
257 fi
258
259
260 echo "*** Setting up jail configuration (project database)..."
261 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
262 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
263 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
264 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
265 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
266 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
267 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the files"
268 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
269 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
270 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
271
272 echo "*** Setting up gitweb from git.git..."
273 if [ ! -f git.git/Makefile ]; then
274 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
275 exit 1
276 fi
277 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
278 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
279 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" gitweb && \
280 chown_make gitweb && \
281 perl -pe 's/^(\s*use\s+warnings\s*;.*)$/#$1/' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
282 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
283 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
284 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
285 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
286
287
288 echo "*** Setting up git-browser from git-browser.git..."
289 if [ ! -f git-browser.git/git-browser.cgi ]; then
290 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
291 exit 1
292 fi
293 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
294 (cd git-browser.git && \
295 CFG="$cfg_basedir/gitweb/git-browser.conf" perl -pe \
296 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
297 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
298 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
299 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
300 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
301 cp -r JSON "$cfg_cgiroot")
302 rm -f "$cfg_webroot"/git-browser/index.html
303 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
304 gitbin: $cfg_git_bin
305 warehouse: $cfg_reporoot
306 EOT
307 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
308 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
309 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
310 cfg_gitweb_url="$cfg_gitweburl/"
311 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
312 EOT
313 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
314 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
315
316
317 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
318 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
319 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
320 exit 1
321 fi
322 mkdir -p "$cfg_basedir"/bin
323 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
324
325
326 echo "*** Setting up hg-fast-export from fast-export.git..."
327 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
328 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
329 exit 1
330 fi
331 mkdir -p "$cfg_basedir"/bin
332 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
333
334
335 echo "*** Setting up markdown from markdown.git..."
336 if [ ! -f markdown.git/Markdown.pl ]; then
337 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
338 exit 1
339 fi
340 mkdir -p "$cfg_basedir"/bin
341 cp markdown.git/Markdown.pl "$cfg_basedir"/bin
342
343
344 echo "*** Setting up our part of the website..."
345 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
346 cp cgi/*.cgi "$cfg_cgiroot"
347 rm -f "$cfg_cgiroot"/authrequired.cgi
348 [ -z "$cfg_httpspushurl" ] || cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_cgiroot"
349 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_cgiroot"/usercert.cgi
350 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
351 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
352 if [ -z "$cfg_httpspushurl" ]; then
353 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
354 else
355 cp gitweb/indextext.html "$cfg_basedir/gitweb"
356 fi
357 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
358 cp mootools.js "$cfg_webroot"
359 cp htaccess "$cfg_webroot/.htaccess"
360 cp git-favicon.ico "$cfg_webroot/favicon.ico"
361 cp robots.txt "$cfg_webroot"
362 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
363
364
365 if [ -n "$cfg_httpspushurl" ]; then
366 echo "*** Setting up SSL certificates..."
367 bits=2048
368 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
369 bits="$cfg_rsakeylength"
370 fi
371 mkdir -p "$cfg_certsdir"
372 [ -d "$cfg_certsdir" ]
373 wwwcertcn=
374 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
375 wwwcertcn="$( \
376 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
377 sed -e 's,[^/]*,,' \
378 )"
379 fi
380 wwwcertdns=
381 if [ -n "$cfg_wwwcertaltnames" ]; then
382 for dnsopt in $cfg_wwwcertaltnames; do
383 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
384 done
385 fi
386 wwwcertdnsfile=
387 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
388 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
389 fi
390 needroot=
391 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
392 -e "$cfg_certsdir/girocco_client_key.pem" -a \
393 -e "$cfg_certsdir/girocco_www_key.pem" -a \
394 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
395 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
396 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
397 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
398 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
399 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
400 rm -f "$cfg_certsdir/girocco_root_crt.pem"
401 echo "Created new root key"
402 fi
403 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
404 ezcert.git/CACreateCert --root --key "$cfg_certsdir/girocco_root_key.pem" \
405 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
406 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
407 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
408 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
409 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
410 echo "Created new root certificate"
411 fi
412 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
413 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
414 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
415 rm -f "$cfg_certsdir/girocco_www_crt.pem"
416 echo "Created new www key"
417 fi
418 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
419 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
420 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
421 ezcert.git/CACreateCert --server --key "$cfg_certsdir/girocco_root_key.pem" \
422 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
423 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
424 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
425 echo "Created www certificate"
426 fi
427 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
428 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
429 echo "Created www certificate chain file"
430 fi
431 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
432 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
433 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
434 rm -f "$cfg_certsdir/girocco_client_crt.pem"
435 echo "Created new client key"
436 fi
437 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
438 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
439 ezcert.git/CACreateCert --subca --key "$cfg_certsdir/girocco_root_key.pem" \
440 --cert "$cfg_certsdir/girocco_root_crt.pem" \
441 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
442 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
443 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
444 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
445 echo "Created client certificate"
446 fi
447 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
448 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
449 echo "Created client certificate suffix file"
450 fi
451 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
452 if [ -n "$cfg_mob" ]; then
453 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
454 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
455 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
456 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
457 echo "Created new mob user key"
458 fi
459 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
460 openssl rsa -in "$cfg_mobuserkey" -pubout |
461 ezcert.git/CACreateCert --client --key "$cfg_clientkey" \
462 --cert "$cfg_clientcert" \
463 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
464 echo "Created mob user client certificate"
465 fi
466 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
467 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
468 else
469 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
470 fi
471 else
472 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
473 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
474 fi
475
476
477 echo "*** Finalizing permissions..."
478 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
479 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"