2 # The Girocco installation script
3 # We will OVERWRITE basedir!
7 [ -n "$MAKE" ] || MAKE
="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
14 # Run perl module checker
15 if [ ! -x toolbox
/check-perl-modules.pl
]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF
=Girocco
::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
24 # First run Girocco::Config consistency checks
25 perl
-I.
-M$GIROCCO_CONF -e ''
29 "$var_perl_bin" toolbox
/check-perl-modules.pl
31 # $1 must exist and be a dir
32 # $2 may exist but must be a dir
34 # After call $2 will be renamed to $3 (if $2 existed)
35 # And $1 will be renamed to $2
37 [ -n "$1" ] && [ -n "$2" ] && [ -n "$3" ] ||
{ echo "fatal: quick_move: bad args: '$1' '$2' '$3'" >&2; exit 1; }
38 ! [ -e "$3" ] ||
{ echo "fatal: quick_move: already exists: $3" >&2; exit 1; }
39 [ -d "$1" ] ||
{ echo "fatal: quick_move: no such dir: $1" >&2; exit 1; }
40 [ ! -e "$2" -o -d "$2" ] ||
{ echo "fatal: quick_move: not a dir: $2" >&2; exit 1; }
41 perl
-e 'rename($ARGV[1], $ARGV[2]) or die "rename failed: $!\n" if -d $ARGV[1];
42 rename($ARGV[0], $ARGV[1]) or die "rename failed: $!\n"; exit 0;' "$1" "$2" "$3" ||
{
43 echo "fatal: quick_move: rename failed" >&2
46 ! [ -d "$1" ] && [ -d "$2" ] ||
{
47 echo "fatal: quick_move: rename failed" >&2
53 [ -z "$cfg_owning_group" ] || owngroup
=":$cfg_owning_group"
54 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
55 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
56 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
61 # Check for extra required tools
62 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint
>/dev
/null
; then
63 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
68 echo "*** Checking for compiled utilities..."
69 if [ ! -x src
/can_user_push
]; then
70 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
71 echo "ERROR: perhaps you forgot to run make?" >&2
74 if [ ! -x src
/can_user_push_http
]; then
75 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
76 echo "ERROR: perhaps you forgot to run make?" >&2
79 if [ ! -x src
/getent
]; then
80 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
81 echo "ERROR: perhaps you forgot to run make?" >&2
84 if [ ! -x src
/get_user_uuid
]; then
85 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
86 echo "ERROR: perhaps you forgot to run make?" >&2
89 if [ ! -x src
/list_packs
]; then
90 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
91 echo "ERROR: perhaps you forgot to run make?" >&2
94 if [ ! -x src
/peek_packet
]; then
95 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
96 echo "ERROR: perhaps you forgot to run make?" >&2
99 if [ ! -x src
/rangecgi
]; then
100 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
101 echo "ERROR: perhaps you forgot to run make?" >&2
104 if [ ! -x src
/strftime
]; then
105 echo "ERROR: src/strftime is not built! Did you _REALLY_ read INSTALL?" >&2
106 echo "ERROR: perhaps you forgot to run make?" >&2
109 if [ ! -x src
/throttle
]; then
110 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
111 echo "ERROR: perhaps you forgot to run make?" >&2
116 echo "*** Checking for ezcert..."
117 if ! [ -f ezcert.git
/CACreateCert
-a -x ezcert.git
/CACreateCert
]; then
118 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
123 echo "*** Checking for git..."
124 case "$cfg_git_bin" in /*) :;; *)
125 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
128 if [ ! -x "$cfg_git_bin" ]; then
129 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
132 if ! git_version
="$("$cfg_git_bin" version)"; then
133 echo "ERROR: $cfg_git_bin version failed" >&2
136 case "$git_version" in
137 [Gg
]"it version "*) :;;
139 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
142 echo "Found $cfg_git_bin $git_version"
143 git_vernum
="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
144 echo "*** Checking Git $git_vernum for compatibility..."
145 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
146 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
149 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
150 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
152 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
156 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
159 Some Girocco functionality will be gracefully disabled and other things will
160 just not work at all such as race condition protection against simultaneous
161 client pushes and server garbage collections.
165 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
166 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
168 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
169 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
171 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
172 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
173 echo 'WARNING: See http://mid.mail-archive.com/20141222041944.GA441@peff.net for details'
175 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
176 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
177 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
179 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
180 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
182 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
183 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
185 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
186 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
188 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
192 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
195 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
196 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
197 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
199 In order to bypass this check you will have to modify install.sh in which case
200 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
205 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
206 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
208 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
209 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
212 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
213 secmsg
='prior to 2.4.11'
215 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
216 secmsg
='2.5.x prior to 2.5.5'
218 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
219 secmsg
='2.6.x prior to 2.6.6'
221 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
222 secmsg
='2.7.x prior to 2.7.4'
224 if [ -n "$secmsg" ]; then
228 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
231 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
232 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
234 Besides the security fixes included in later versions, versions prior to
235 2.2.0 may accidentally prune unreachable loose objects earlier than
236 intended. Since Git version 2.4.11 is the minimum version to include all
237 security fixes to date, it should be considered the absolute minimum
238 version of Git to use when running Girocco.
240 This is not enforced, but Git is easy to build from the git.git submodule
241 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
243 We will now pause for a moment so you can reflect on this warning.
248 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr
"$cfg_git_bin"; then
252 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
255 You appear to have enabled mirroring and the Git binary you have selected
256 appears to contain an experimental patch that cannot be disabled. This
257 patch can generate invalid network DNS traffic and/or cause long delays
258 when fetching using the "git:" protocol when no port number is specified.
259 It may also end up retrieving repsitory contents from a host other than
260 the one specified in the "git:" URL when the port is omitted.
262 You are advised to either build your own version of Git (the problem patch
263 is not part of the official Git repository) or disable mirroring (via the
264 $Girocco::Config:mirror setting) to avoid these potential problems.
266 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
273 [ -n "$1" ] ||
return 1
274 _cmdnc
="$(command -v "$1" 2>/dev/null || :)"
275 [ -n "$_cmdnc" ] && [ -x "$_cmdnc" ] ||
return 1
276 _tmpdir
="$(mktemp -d /tmp/nc-u-XXXXXX)"
277 [ -n "$_tmpdir" ] && [ -d "$_tmpdir" ] ||
return 1
279 (sleep 3 |
"$_cmdnc" -l -U "$_tmpdir/socket" 2>/dev
/null
>"$_tmpdir/output" ||
>"$_tmpdir/failed")&
282 echo "testing" |
"$_cmdnc" -w 1 -U "$_tmpdir/socket" >/dev
/null
2>&1 ||
>"$_tmpdir/failed"
284 kill "$_bgpid" >/dev
/null
2>&1 ||
:
285 read -r _result
<"$_tmpdir/output" ||
:
287 ! [ -e "$_tmpdir/failed" ] || _bad
=1
289 [ -z "$_bad" ] && [ "$_result" = "testing" ]
292 echo "*** Verifying \$Girocco::Config::nc_openbsd_bin supports -U option..."
293 test_nc_U
"$var_nc_openbsd_bin" ||
{
294 echo "ERROR: invalid Girocco::Config::nc_openbsd_bin setting" >&2
295 echo "ERROR: \"$var_nc_openbsd_bin\" does not grok the -U option" >&2
296 if [ "$(uname -s 2>/dev/null)" = "DragonFly" ]; then
297 echo "ERROR: see the src/dragonfly/README file for a solution" >&2
303 if [ "$LOGNAME" = root
-a -n "$SUDO_USER" -a "$SUDO_USER" != root
]; then
304 find "$@" -user root
-print0 2>/dev
/null | \
305 xargs -0 chown
"$SUDO_USER:$(id -gn "$SUDO_USER")"
306 elif [ "$LOGNAME" = root
-a -z "$SUDO_USER" -o "$SUDO_USER" = root
]; then
307 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
311 # Make sure $cfg_cgiroot, $cfg_webroot and $cfg_cgiroot are absolute paths
312 case "$cfg_basedir" in /*) :;; *)
313 echo "ERROR: invalid Girocco::Config::basedir setting" >&2
314 echo "ERROR: \"$cfg_basedir\" must be an absolute path (start with '/')" >&2
317 case "$cfg_webroot" in /*) :;; *)
318 echo "ERROR: invalid Girocco::Config::webroot setting" >&2
319 echo "ERROR: \"$cfg_webroot\" must be an absolute path (start with '/')" >&2
322 case "$cfg_cgiroot" in /*) :;; *)
323 echo "ERROR: invalid Girocco::Config::cgiroot setting" >&2
324 echo "ERROR: \"$cfg_cgiroot\" must be an absolute path (start with '/')" >&2
328 # Use basedir, webroot and cgiroot for easier control of filesystem locations
329 # Wherever we are writing/copying/installing files we use these, but where we
330 # are editing, adding config settings or printing advice we always stick to the
331 # cfg_xxx Config variable versions. These are like a set of DESTDIR variables.
332 # Only the file system directories that could be asynchronously accessed (by
333 # the web server, jobd.pl, taskd.pl or incoming pushes) get these special vars.
334 # The chroot is handled specially and does not need one of these.
335 basedir
="$cfg_basedir-new"
336 webroot
="$cfg_webroot-new"
337 cgiroot
="$cfg_cgiroot-new"
339 echo "*** Setting up basedir..."
340 "$MAKE" --no-print-directory --silent apache.conf
341 chown_make apache.conf
342 "$MAKE" --no-print-directory --silent -C src
345 mkdir
-p "$basedir" "$basedir/gitweb" "$basedir/cgi"
346 cp cgi
/*.cgi
"$basedir/cgi"
347 cp -pR Girocco jobd taskd html
jobs toolbox hooks apache.conf shlib.sh bin screen
"$basedir"
348 cp -p src
/can_user_push src
/can_user_push_http src
/get_user_uuid src
/list_packs src
/peek_packet \
349 src
/rangecgi src
/strftime src
/throttle ezcert.git
/CACreateCert cgi
/authrequired.cgi \
350 cgi
/snapshot.cgi
"$basedir/bin"
351 cp -p gitweb
/*.sh gitweb
/*.perl
"$basedir/gitweb"
352 [ -n "$cfg_httpspushurl" ] ||
rm -f "$basedir"/html
/rootcert.html
"$basedir"/html
/httpspush.html
353 [ -n "$cfg_mob" ] ||
rm -f "$basedir"/html
/mob.html
355 # Put the correct Config in place
356 [ "$GIROCCO_CONF" = "Girocco::Config" ] ||
cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$basedir/Girocco/Config.pm"
358 ln -s "$cfg_git_bin" "$basedir/bin/git"
360 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] ||
{
361 echo "ERROR: invalid $Girocco::Config::posix_sh_bin setting" >&2
364 ln -s "$shbin" "$basedir/bin/sh"
365 perlbin
="$var_perl_bin"
366 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl
", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] ||
{
367 echo "ERROR: invalid $Girocco::Config::perl_bin setting" >&2
370 ln -s "$perlbin" "$basedir/bin/perl"
371 gzipbin
="$var_gzip_bin"
372 [ -n "$gzipbin" ] && [ -x "$gzipbin" ] && "$gzipbin" -V 2>&1 |
grep -q gzip && \
373 [ "$(echo Girocco | "$gzipbin" -c -n -9 | "$gzipbin" -c -d)" = "Girocco" ] ||
{
374 echo "ERROR: invalid $Girocco::Config::gzip_bin setting" >&2
377 ln -s "$gzipbin" "$basedir/bin/gzip"
379 echo "*** Preprocessing scripts..."
380 SHBIN
="$shbin" && export SHBIN
381 PERLBIN
="$perlbin" && export PERLBIN
382 perl
-I.
-M$GIROCCO_CONF -i -p \
383 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
384 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
385 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
386 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
387 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
388 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
389 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
390 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
391 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
392 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
393 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
394 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
395 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
396 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
397 -e 's/\@git_no_mmap\@/"$Girocco::Config::git_no_mmap"/g;' \
398 -e 's/\@var_xargs_r\@/"'"$var_xargs_r"'"/g;' \
399 -e 's/\@big_file_threshold\@/"'"$var_big_file_threshold"'"/g;' \
400 -e 's/\@upload_pack_window\@/"'"$var_upload_window"'"/g;' \
401 -e 'close ARGV if eof;' \
402 "$basedir"/jobs
/*.sh
"$basedir"/jobd
/*.sh \
403 "$basedir"/taskd
/*.sh
"$basedir"/gitweb
/*.sh \
404 "$basedir"/shlib.sh
"$basedir"/hooks
/* \
405 "$basedir"/toolbox
/*.sh
"$basedir"/toolbox
/*.pl \
406 "$basedir"/toolbox
/reports
/*.sh \
407 "$basedir"/bin
/git-
* "$basedir"/bin
/*.sh \
408 "$basedir"/bin
/create-
* "$basedir"/bin
/update-
* \
409 "$basedir"/bin
/*.cgi
"$basedir"/screen
/*
411 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
412 -e 'close ARGV if eof;' \
413 "$basedir"/jobd
/jobd.pl
"$basedir"/taskd
/taskd.pl \
414 "$basedir"/bin
/sendmail.pl
"$basedir"/bin
/CACreateCert
416 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
417 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
418 -e 'close ARGV if eof;' \
419 "$basedir"/bin
/format-readme
"$basedir/cgi"/*.cgi
423 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
424 get_girocco_config_var_list
> "$basedir"/shlib_vars.sh
426 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
427 if [ ! -d bzr-fastimport.git
/exporters
/darcs
/ ]; then
428 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
431 mkdir
-p "$basedir"/bin
432 cp bzr-fastimport.git
/exporters
/darcs
/darcs-fast-export
"$basedir"/bin
434 echo "*** Setting up hg-fast-export from fast-export.git..."
435 if [ ! -f fast-export.git
/hg-fast-export.py
-o ! -f fast-export.git
/hg2git.py
]; then
436 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
439 mkdir
-p "$basedir"/bin
440 cp fast-export.git
/hg-fast-export.py fast-export.git
/hg2git.py
"$basedir"/bin
442 echo "*** Setting up markdown from markdown.git..."
443 if [ ! -f markdown.git
/Markdown.pl
]; then
444 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
447 mkdir
-p "$basedir"/bin
448 (PERLBIN
="$perlbin" && export PERLBIN
&& \
449 perl
-p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
450 markdown.git
/Markdown.pl
> "$basedir"/bin
/Markdown.pl.$$
&& \
451 chmod a
+x
"$basedir"/bin
/Markdown.pl.$$
&& \
452 mv -f "$basedir"/bin
/Markdown.pl.$$
"$basedir"/bin
/Markdown.pl
)
455 # Some permission sanity on basedir/bin just in case
456 find "$basedir"/bin
-type f
-print0 |
xargs -0 chmod go-w
457 chown
-R -h "$cfg_mirror_user""$owngroup" "$basedir"/bin
459 if [ -n "$cfg_mirror" ]; then
460 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
462 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
463 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
464 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
467 echo "*** Setting up repository root..."
468 mkdir
-p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
469 if [ "$cfg_owning_group" ]; then
470 chgrp
"$cfg_owning_group" "$cfg_reporoot" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
471 chgrp
"$cfg_owning_group" "$cfg_reporoot/_recyclebin" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
473 chmod 02775 "$cfg_reporoot" ||
echo "WARNING: Cannot chmod $cfg_reporoot properly"
474 chmod 02775 "$cfg_reporoot/_recyclebin" ||
echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
477 if [ -n "$cfg_chrooted" ]; then
478 echo "*** Setting up chroot jail for pushing..."
479 if [ "$(id -u)" -eq 0 ]; then
480 # jailsetup may install things from $cfg_basedir/bin into the
481 # chroot so we do a mini-update of just that portion now
482 mkdir
-p "$cfg_basedir"
483 rm -rf "$cfg_basedir/bin-new"
484 cp -pR "$basedir/bin" "$cfg_basedir/bin-new" >/dev
/null
2>&1
485 rm -rf "$cfg_basedir/bin-old"
486 quick_move
"$cfg_basedir/bin-new" "$cfg_basedir/bin" "$cfg_basedir/bin-old"
487 rm -rf "$cfg_basedir/bin-old"
490 echo "WARNING: Skipping jail setup, not root"
495 echo "*** Setting up jail configuration (project database)..."
496 [ "$(id -u)" -eq 0 ] || .
/jailsetup.sh dbonly
497 mkdir
-p "$cfg_chroot" "$cfg_chroot/etc"
498 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
499 chown
"$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
500 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
501 chown
"$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
502 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
503 chmod g
+w
"$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
504 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
505 chmod 02775 "$cfg_chroot/etc" ||
echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
508 echo "*** Setting up gitweb from git.git..."
509 if [ ! -f git.git
/Makefile
]; then
510 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
514 # We do not wholesale replace either webroot or cgiroot so if they exist we must
515 # make a copy to start working on them. We make a copy using -p which can result
516 # in some warnings so we suppress error output as it's of no consequence in this case.
517 rm -rf "$webroot" "$cgiroot"
518 ! [ -d "$cfg_webroot" ] ||
cp -pR "$cfg_webroot" "$webroot" >/dev
/null
2>&1
519 ! [ -d "$cfg_cgiroot" ] ||
cp -pR "$cfg_cgiroot" "$cgiroot" >/dev
/null
2>&1
520 mkdir
-p "$webroot" "$cgiroot"
522 (cd git.git
&& "$MAKE" --no-print-directory --silent NO_SUBDIR
=: bindir
="$(dirname "$cfg_git_bin")" \
523 GITWEB_CONFIG
="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH
="$shbin" gitweb
&& \
524 chown_make gitweb
&& \
525 PERLBIN
="$perlbin" && export PERLBIN
&& \
526 perl
-p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
527 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb
/gitweb.cgi
> "$cgiroot"/gitweb.cgi.$$
&& \
528 chmod a
+x
"$cgiroot"/gitweb.cgi.$$
&& \
529 chown_make
"$cgiroot"/gitweb.cgi.$$
&& \
530 mv -f "$cgiroot"/gitweb.cgi.$$
"$cgiroot"/gitweb.cgi
&& \
531 cp gitweb
/static
/*.png gitweb
/static
/*.css gitweb
/static
/*.js
"$webroot")
535 echo "*** Setting up git-browser from git-browser.git..."
536 if [ ! -f git-browser.git
/git-browser.cgi
]; then
537 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
540 mkdir
-p "$webroot"/git-browser
"$cgiroot"
541 (cd git-browser.git
&& \
542 CFG
="$cfg_basedir/gitweb/git-browser.conf" && export CFG
&& \
543 PERLBIN
="$perlbin" && export PERLBIN
&& perl
-p \
544 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
545 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi
> "$cgiroot"/git-browser.cgi.$$
&& \
546 chmod a
+x
"$cgiroot"/git-browser.cgi.$$
&& \
547 chown_make
"$cgiroot"/git-browser.cgi.$$
&& \
548 mv -f "$cgiroot"/git-browser.cgi.$$
"$cgiroot"/git-browser.cgi
&& \
549 cp -r *.html
*.js
*.css js.lib
"$webroot"/git-browser
&& \
550 cp -r JSON
"$cgiroot")
552 rm -f "$webroot"/git-browser
/index.html
553 cat >"$basedir/gitweb"/git-browser.conf.$$
<<EOT
555 warehouse: $cfg_reporoot
556 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
558 chown_make
"$basedir/gitweb"/git-browser.conf.$$
559 mv -f "$basedir/gitweb"/git-browser.conf.$$
"$basedir/gitweb"/git-browser.conf
560 cat >"$webroot"/git-browser
/GitConfig.js.$$
<<EOT
561 cfg_gitweb_url="$cfg_gitweburl/"
562 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
564 chown_make
"$webroot"/git-browser
/GitConfig.js.$$
565 mv -f "$webroot"/git-browser
/GitConfig.js.$$
"$webroot"/git-browser
/GitConfig.js
568 echo "*** Setting up our part of the website..."
569 mkdir
-p "$webroot" "$cgiroot"
570 cp "$basedir"/bin
/snapshot.cgi
"$basedir/cgi"
571 cp "$basedir"/bin
/authrequired.cgi
"$basedir/cgi"
572 [ -n "$cfg_httpspushurl" ] ||
rm -f "$basedir/cgi"/usercert.cgi
"$cgiroot"/usercert.cgi
573 cp "$basedir/cgi"/*.cgi
"$cgiroot"
574 rm -rf "$basedir/cgi"
575 ln -fs "$cfg_basedir"/Girocco
"$cgiroot"
576 [ -z "$cfg_webreporoot" ] ||
{ rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
577 if [ -z "$cfg_httpspushurl" ]; then
578 grep -v 'rootcert[.]html' gitweb
/indextext.html
> "$basedir/gitweb/indextext.html"
580 cp gitweb
/indextext.html
"$basedir/gitweb"
582 mv "$basedir"/html
/*.css
"$basedir"/html
/*.js
"$webroot"
583 cp mootools.js
"$webroot"
584 cp htaccess
"$webroot/.htaccess"
585 cp cgi
/htaccess
"$cgiroot/.htaccess"
586 cp git-favicon.ico
"$webroot/favicon.ico"
587 cp robots.txt
"$webroot"
588 cat gitweb
/gitweb.css
>>"$webroot"/gitweb.css
591 if [ -n "$cfg_httpspushurl" ]; then
592 echo "*** Setting up SSL certificates..."
594 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev
/null
; then
595 bits
="$cfg_rsakeylength"
597 mkdir
-p "$cfg_certsdir"
598 [ -d "$cfg_certsdir" ]
600 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
602 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem
" -noout -subject | \
607 if [ -n "$cfg_wwwcertaltnames" ]; then
608 for dnsopt
in $cfg_wwwcertaltnames; do
609 wwwcertdns
="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
613 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
614 wwwcertdnsfile
="$(cat "$cfg_certsdir/girocco_www_crt.dns
")"
617 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
618 -e "$cfg_certsdir/girocco_client_key.pem" -a \
619 -e "$cfg_certsdir/girocco_www_key.pem" -a \
620 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
621 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot
=1
622 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
623 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
625 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
626 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
627 rm -f "$cfg_certsdir/girocco_root_crt.pem"
629 echo "Created new root key"
631 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
632 "$basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
633 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
634 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
635 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
636 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
637 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
638 echo "Created new root certificate"
640 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
642 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
643 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
644 rm -f "$cfg_certsdir/girocco_www_crt.pem"
646 echo "Created new www key"
648 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
649 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] ||
[ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
650 openssl rsa
-in "$cfg_certsdir/girocco_www_key.pem" -pubout |
651 "$basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
652 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
653 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
654 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
655 echo "Created www certificate"
657 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
658 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
659 echo "Created www certificate chain file"
661 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
663 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
664 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
665 rm -f "$cfg_certsdir/girocco_client_crt.pem"
667 echo "Created new client key"
669 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
670 openssl rsa
-in "$cfg_certsdir/girocco_client_key.pem" -pubout |
671 "$basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
672 --cert "$cfg_certsdir/girocco_root_crt.pem" \
673 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
674 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
675 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
676 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
677 echo "Created client certificate"
679 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
680 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
681 echo "Created client certificate suffix file"
683 cat "$cfg_rootcert" > "$webroot/${cfg_nickname}_root_cert.pem"
684 if [ -n "$cfg_mob" ]; then
685 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
686 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
687 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
688 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
689 echo "Created new mob user key"
691 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
692 openssl rsa
-in "$cfg_mobuserkey" -pubout |
693 "$basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
694 --cert "$cfg_clientcert" \
695 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
696 echo "Created mob user client certificate"
698 cat "$cfg_mobuserkey" > "$webroot/${cfg_nickname}_mob_key.pem"
699 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$webroot/${cfg_nickname}_mob_user.pem"
701 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
704 rm -f "$webroot/${cfg_nickname}_root_cert.pem"
705 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
709 echo "*** Finalizing permissions and moving into place..."
710 chown
-R -h "$cfg_mirror_user""$owngroup" "$basedir" "$webroot" "$cgiroot"
711 [ -z "$cfg_httpspushurl" ] || chown
-R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
713 # This should always be the very last thing install.sh does
714 rm -rf "$cfg_basedir-old" "$cfg_webroot-old" "$cfg_cgiroot-old"
715 quick_move
"$basedir" "$cfg_basedir" "$cfg_basedir-old"
716 quick_move
"$webroot" "$cfg_webroot" "$cfg_webroot-old"
717 quick_move
"$cgiroot" "$cfg_cgiroot" "$cfg_cgiroot-old"
718 rm -rf "$cfg_basedir-old" "$cfg_webroot-old" "$cfg_cgiroot-old"
719 ! [ -S "$cfg_chroot/etc/taskd.socket" ] ||
{
720 echo "*** Requesting graceful restart of running taskd (and, if running, jobd)..."
721 touch "$cfg_chroot/etc/taskd.restart"
722 echo "nop" | nc_openbsd
-w 5 -U "$cfg_chroot/etc/taskd.socket" ||
: