search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
format-readme: pick up GIT_DIR fix
[girocco.git] / install.sh
blob2b7f7693d0f2930d8f0b8c094baf5c49c5a70f32
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19 toolbox/check-perl-modules.pl
20
21 # What Config should we use?
22 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
23 echo "*** Initializing using $GIROCCO_CONF..."
24
25 # First run Girocco::Config consistency checks
26 perl -I. -M$GIROCCO_CONF -e ''
27
28 . ./shlib.sh
29
30 owngroup=""
31 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
32 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
33 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
34 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
35 exit 1
36 fi
37
38
39 echo "*** Checking for compiled utilities..."
40 if [ ! -x src/can_user_push ]; then
41 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
42 echo "ERROR: perhaps you forgot to run make?" >&2
43 exit 1
44 fi
45 if [ ! -x src/can_user_push_http ]; then
46 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
47 echo "ERROR: perhaps you forgot to run make?" >&2
48 exit 1
49 fi
50 if [ ! -x src/getent ]; then
51 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
52 echo "ERROR: perhaps you forgot to run make?" >&2
53 exit 1
54 fi
55 if [ ! -x src/get_user_uuid ]; then
56 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
57 echo "ERROR: perhaps you forgot to run make?" >&2
58 exit 1
59 fi
60 if [ ! -x src/peek_packet ]; then
61 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
62 echo "ERROR: perhaps you forgot to run make?" >&2
63 exit 1
64 fi
65 if [ ! -x src/rangecgi ]; then
66 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
67 echo "ERROR: perhaps you forgot to run make?" >&2
68 exit 1
69 fi
70
71
72 echo "*** Checking for ezcert..."
73 if [ ! -f ezcert.git/CACreateCert ]; then
74 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
75 exit 1
76 fi
77
78
79 echo "*** Checking for git..."
80 case "$cfg_git_bin" in /*) :;; *)
81 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
82 exit 1
83 esac
84 if [ ! -x "$cfg_git_bin" ]; then
85 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
86 exit 1
87 fi
88 if ! git_version="$("$cfg_git_bin" version)"; then
89 echo "ERROR: $cfg_git_bin version failed" >&2
90 exit 1
91 fi
92 case "$git_version" in
93 [Gg]"it version "*) :;;
94 *)
95 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
96 exit 1
97 esac
98 echo "Found $cfg_git_bin $git_version"
99 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
100 echo "*** Checking Git $git_vernum for compatibility..."
101 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
102 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
103 exit 1
104 fi
105 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
106 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
107 fi
108 if [ "$(vcmp "$git_vernum" 1.7.2)" -lt 0 ]; then
109 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.2, some Girocco functionality will be disabled'
110 fi
111 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
112 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
113 fi
114 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
115 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
116 fi
117 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
118 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
119 echo 'WARNING: See http://thread.gmane.org/gmane.comp.version-control.git/261638 for details'
120 fi
121 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
122 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
123 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
124 fi
125 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
126 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
127 fi
128 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
129 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
130 fi
131 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
132 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
133 fi
134 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
135 cat <<'EOT'
136
137 ***
138 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
139 ***
140
141 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
142 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
143 or earlier or, more preferred, upgrade to 2.3.2 or later.
144
145 In order to bypass this check you will have to modify install.sh in which case
146 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
147
148 EOT
149 exit 1
150 fi
151 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
152 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
153 fi
154 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
155 cat <<'EOT'
156
157 ***
158 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
159 ***
160
161 You appear to have enabled mirroring and the Git binary you have selected
162 appears to contain an experimental patch that cannot be disabled. This
163 patch can generate invalid network DNS traffic and/or cause long delays
164 when fetching using the "git:" protocol when no port number is specified.
165 It may also end up retrieving repsitory contents from a host other than
166 the one specified in the "git:" URL when the port is omitted.
167
168 You are advised to either build your own version of Git (the problem patch
169 is not part of the official Git repository) or disable mirroring (via the
170 $Girocco::Config:mirror setting) to avoid these potential problems.
171
172 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
173
174 EOT
175 fi
176
177
178 chown_make() {
179 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
180 find "$@" -user root -print0 2>/dev/null | \
181 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
182 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
183 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
184 fi
185 }
186
187 echo "*** Setting up basedir..."
188 "$MAKE" --no-print-directory --silent apache.conf
189 chown_make apache.conf
190 "$MAKE" --no-print-directory --silent -C src
191 chown_make src
192 rm -fr "$cfg_basedir"
193 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb"
194 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
195 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/peek_packet src/rangecgi \
196 ezcert.git/CACreateCert cgi/authrequired.cgi "$cfg_basedir/bin"
197 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
198 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
199 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
200
201 # Put the correct Config in place
202 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
203
204
205 echo "*** Preprocessing scripts..."
206 perl -I. -M$GIROCCO_CONF -i -p \
207 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
208 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
209 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
210 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
211 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
212 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
213 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
214 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
215 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
216 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
217 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
218 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
219 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
220 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
221 "$cfg_basedir"/toolbox/reports/*.sh \
222 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
223 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
224 "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir"/screen/*
225
226 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
227 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
228
229 if [ -n "$cfg_mirror" ]; then
230 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
231 fi
232 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
233 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
234 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
235
236
237 echo "*** Setting up repository root..."
238 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
239 if [ "$cfg_owning_group" ]; then
240 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
241 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
242 fi
243 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
244 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
245
246
247 if [ -n "$cfg_chrooted" ]; then
248 echo "*** Setting up chroot jail for pushing..."
249 if [ "$(id -u)" -eq 0 ]; then
250 ./jailsetup.sh
251 else
252 echo "WARNING: Skipping jail setup, not root"
253 fi
254 fi
255
256
257 echo "*** Setting up jail configuration (project database)..."
258 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
259 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
260 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
261 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
262 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
263 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
264 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the files"
265 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
266 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
267 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
268
269 echo "*** Setting up gitweb from git.git..."
270 if [ ! -f git.git/Makefile ]; then
271 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
272 exit 1
273 fi
274 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
275 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
276 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" gitweb && \
277 chown_make gitweb && \
278 perl -pe 's/^(\s*use\s+warnings\s*;.*)$/#$1/' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
279 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
280 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
281 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
282 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
283
284
285 echo "*** Setting up git-browser from git-browser.git..."
286 if [ ! -f git-browser.git/git-browser.cgi ]; then
287 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
288 exit 1
289 fi
290 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
291 (cd git-browser.git && \
292 CFG="$cfg_basedir/gitweb/git-browser.conf" perl -pe \
293 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
294 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
295 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
296 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
297 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
298 cp -r JSON "$cfg_cgiroot")
299 rm -f "$cfg_webroot"/git-browser/index.html
300 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
301 gitbin: $cfg_git_bin
302 warehouse: $cfg_reporoot
303 EOT
304 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
305 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
306 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
307 cfg_gitweb_url="$cfg_gitweburl/"
308 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
309 EOT
310 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
311 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
312
313
314 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
315 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
316 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
317 exit 1
318 fi
319 mkdir -p "$cfg_basedir"/bin
320 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
321
322
323 echo "*** Setting up hg-fast-export from fast-export.git..."
324 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
325 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
326 exit 1
327 fi
328 mkdir -p "$cfg_basedir"/bin
329 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
330
331
332 echo "*** Setting up markdown from markdown.git..."
333 if [ ! -f markdown.git/Markdown.pl ]; then
334 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
335 exit 1
336 fi
337 mkdir -p "$cfg_basedir"/bin
338 cp markdown.git/Markdown.pl "$cfg_basedir"/bin
339
340
341 echo "*** Setting up our part of the website..."
342 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
343 cp cgi/*.cgi "$cfg_cgiroot"
344 rm -f "$cfg_cgiroot"/authrequired.cgi
345 [ -z "$cfg_httpspushurl" ] || cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_cgiroot"
346 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_cgiroot"/usercert.cgi
347 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
348 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
349 if [ -z "$cfg_httpspushurl" ]; then
350 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
351 else
352 cp gitweb/indextext.html "$cfg_basedir/gitweb"
353 fi
354 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
355 cp mootools.js "$cfg_webroot"
356 cp htaccess "$cfg_webroot/.htaccess"
357 cp git-favicon.ico "$cfg_webroot/favicon.ico"
358 cp robots.txt "$cfg_webroot"
359 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
360
361
362 if [ -n "$cfg_httpspushurl" ]; then
363 echo "*** Setting up SSL certificates..."
364 bits=2048
365 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
366 bits="$cfg_rsakeylength"
367 fi
368 mkdir -p "$cfg_certsdir"
369 [ -d "$cfg_certsdir" ]
370 wwwcertcn=
371 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
372 wwwcertcn="$( \
373 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
374 sed -e 's,[^/]*,,' \
375 )"
376 fi
377 wwwcertdns=
378 if [ -n "$cfg_wwwcertaltnames" ]; then
379 for dnsopt in $cfg_wwwcertaltnames; do
380 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
381 done
382 fi
383 wwwcertdnsfile=
384 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
385 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
386 fi
387 needroot=
388 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
389 -e "$cfg_certsdir/girocco_client_key.pem" -a \
390 -e "$cfg_certsdir/girocco_www_key.pem" -a \
391 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
392 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
393 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
394 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
395 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
396 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
397 rm -f "$cfg_certsdir/girocco_root_crt.pem"
398 echo "Created new root key"
399 fi
400 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
401 ezcert.git/CACreateCert --root --key "$cfg_certsdir/girocco_root_key.pem" \
402 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
403 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
404 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
405 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
406 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
407 echo "Created new root certificate"
408 fi
409 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
410 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
411 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
412 rm -f "$cfg_certsdir/girocco_www_crt.pem"
413 echo "Created new www key"
414 fi
415 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
416 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
417 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
418 ezcert.git/CACreateCert --server --key "$cfg_certsdir/girocco_root_key.pem" \
419 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
420 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
421 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
422 echo "Created www certificate"
423 fi
424 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
425 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
426 echo "Created www certificate chain file"
427 fi
428 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
429 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
430 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
431 rm -f "$cfg_certsdir/girocco_client_crt.pem"
432 echo "Created new client key"
433 fi
434 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
435 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
436 ezcert.git/CACreateCert --subca --key "$cfg_certsdir/girocco_root_key.pem" \
437 --cert "$cfg_certsdir/girocco_root_crt.pem" \
438 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
439 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
440 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
441 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
442 echo "Created client certificate"
443 fi
444 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
445 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
446 echo "Created client certificate suffix file"
447 fi
448 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
449 if [ -n "$cfg_mob" ]; then
450 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
451 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
452 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
453 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
454 echo "Created new mob user key"
455 fi
456 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
457 openssl rsa -in "$cfg_mobuserkey" -pubout |
458 ezcert.git/CACreateCert --client --key "$cfg_clientkey" \
459 --cert "$cfg_clientcert" \
460 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
461 echo "Created mob user client certificate"
462 fi
463 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
464 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
465 else
466 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
467 fi
468 else
469 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
470 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
471 fi
472
473
474 echo "*** Finalizing permissions..."
475 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
476 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"