search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
perform-pre-gc-linking.sh: support --include-packs
[girocco.git] / install.sh
blob796d29425a12ef6e8bc47c171ba7b9fe6309da5f
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
23
24 # First run Girocco::Config consistency checks
25 perl -I. -M$GIROCCO_CONF -e ''
26
27 . ./shlib.sh
28 umask 0022
29 "$var_perl_bin" toolbox/check-perl-modules.pl
30
31 owngroup=""
32 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
33 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
34 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
35 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
36 exit 1
37 fi
38
39
40 # Check for extra required tools
41 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint >/dev/null; then
42 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
43 exit 1
44 fi
45
46
47 echo "*** Checking for compiled utilities..."
48 if [ ! -x src/can_user_push ]; then
49 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
50 echo "ERROR: perhaps you forgot to run make?" >&2
51 exit 1
52 fi
53 if [ ! -x src/can_user_push_http ]; then
54 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
55 echo "ERROR: perhaps you forgot to run make?" >&2
56 exit 1
57 fi
58 if [ ! -x src/getent ]; then
59 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
60 echo "ERROR: perhaps you forgot to run make?" >&2
61 exit 1
62 fi
63 if [ ! -x src/get_user_uuid ]; then
64 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
65 echo "ERROR: perhaps you forgot to run make?" >&2
66 exit 1
67 fi
68 if [ ! -x src/list_packs ]; then
69 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
70 echo "ERROR: perhaps you forgot to run make?" >&2
71 exit 1
72 fi
73 if [ ! -x src/peek_packet ]; then
74 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
75 echo "ERROR: perhaps you forgot to run make?" >&2
76 exit 1
77 fi
78 if [ ! -x src/rangecgi ]; then
79 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
80 echo "ERROR: perhaps you forgot to run make?" >&2
81 exit 1
82 fi
83 if [ ! -x src/strftime ]; then
84 echo "ERROR: src/strftime is not built! Did you _REALLY_ read INSTALL?" >&2
85 echo "ERROR: perhaps you forgot to run make?" >&2
86 exit 1
87 fi
88 if [ ! -x src/throttle ]; then
89 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
90 echo "ERROR: perhaps you forgot to run make?" >&2
91 exit 1
92 fi
93
94
95 echo "*** Checking for ezcert..."
96 if ! [ -f ezcert.git/CACreateCert -a -x ezcert.git/CACreateCert ]; then
97 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
98 exit 1
99 fi
100
101
102 echo "*** Checking for git..."
103 case "$cfg_git_bin" in /*) :;; *)
104 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
105 exit 1
106 esac
107 if [ ! -x "$cfg_git_bin" ]; then
108 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
109 exit 1
110 fi
111 if ! git_version="$("$cfg_git_bin" version)"; then
112 echo "ERROR: $cfg_git_bin version failed" >&2
113 exit 1
114 fi
115 case "$git_version" in
116 [Gg]"it version "*) :;;
117 *)
118 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
119 exit 1
120 esac
121 echo "Found $cfg_git_bin $git_version"
122 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
123 echo "*** Checking Git $git_vernum for compatibility..."
124 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
125 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
126 exit 1
127 fi
128 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
129 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
130 fi
131 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
132 cat <<'EOT'
133
134 ***
135 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
136 ***
137
138 Some Girocco functionality will be gracefully disabled and other things will
139 just not work at all such as race condition protection against simultaneous
140 client pushes and server garbage collections.
141
142 EOT
143 fi
144 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
145 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
146 fi
147 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
148 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
149 fi
150 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
151 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
152 echo 'WARNING: See http://mid.mail-archive.com/20141222041944.GA441@peff.net for details'
153 fi
154 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
155 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
156 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
157 fi
158 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
159 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
160 fi
161 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
162 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
163 fi
164 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
165 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
166 fi
167 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
168 cat <<'EOT'
169
170 ***
171 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
172 ***
173
174 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
175 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
176 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
177
178 In order to bypass this check you will have to modify install.sh in which case
179 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
180
181 EOT
182 exit 1
183 fi
184 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
185 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
186 fi
187 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
188 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
189 fi
190 secmsg=
191 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
192 secmsg='prior to 2.4.11'
193 fi
194 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
195 secmsg='2.5.x prior to 2.5.5'
196 fi
197 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
198 secmsg='2.6.x prior to 2.6.6'
199 fi
200 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
201 secmsg='2.7.x prior to 2.7.4'
202 fi
203 if [ -n "$secmsg" ]; then
204 cat <<EOT
205
206 ***
207 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
208 ***
209
210 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
211 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
212
213 Besides the security fixes included in later versions, versions prior to
214 2.2.0 may accidentally prune unreachable loose objects earlier than
215 intended. Since Git version 2.4.11 is the minimum version to include all
216 security fixes to date, it should be considered the absolute minimum
217 version of Git to use when running Girocco.
218
219 This is not enforced, but Git is easy to build from the git.git submodule
220 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
221
222 We will now pause for a moment so you can reflect on this warning.
223
224 EOT
225 sleep 60
226 fi
227 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
228 cat <<'EOT'
229
230 ***
231 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
232 ***
233
234 You appear to have enabled mirroring and the Git binary you have selected
235 appears to contain an experimental patch that cannot be disabled. This
236 patch can generate invalid network DNS traffic and/or cause long delays
237 when fetching using the "git:" protocol when no port number is specified.
238 It may also end up retrieving repsitory contents from a host other than
239 the one specified in the "git:" URL when the port is omitted.
240
241 You are advised to either build your own version of Git (the problem patch
242 is not part of the official Git repository) or disable mirroring (via the
243 $Girocco::Config:mirror setting) to avoid these potential problems.
244
245 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
246
247 EOT
248 sleep 5
249 fi
250
251 chown_make() {
252 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
253 find "$@" -user root -print0 2>/dev/null | \
254 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
255 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
256 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
257 fi
258 }
259
260 echo "*** Setting up basedir..."
261 "$MAKE" --no-print-directory --silent apache.conf
262 chown_make apache.conf
263 "$MAKE" --no-print-directory --silent -C src
264 chown_make src
265 rm -fr "$cfg_basedir"
266 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb" "$cfg_basedir/cgi"
267 cp cgi/*.cgi "$cfg_basedir/cgi"
268 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
269 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/list_packs src/peek_packet \
270 src/rangecgi src/strftime src/throttle ezcert.git/CACreateCert cgi/authrequired.cgi \
271 cgi/snapshot.cgi "$cfg_basedir/bin"
272 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
273 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
274 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
275
276 # Put the correct Config in place
277 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
278
279 ln -s "$cfg_git_bin" "$cfg_basedir/bin/git"
280 shbin="$var_sh_bin"
281 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] || {
282 echo "ERROR: invalid $Girocco::Config::posix_sh_bin setting" >&2
283 exit 1
284 }
285 ln -s "$shbin" "$cfg_basedir/bin/sh"
286 perlbin="$var_perl_bin"
287 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl ", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] || {
288 echo "ERROR: invalid $Girocco::Config::perl_bin setting" >&2
289 exit 1
290 }
291 ln -s "$perlbin" "$cfg_basedir/bin/perl"
292 gzipbin="$var_gzip_bin"
293 [ -n "$gzipbin" ] && [ -x "$gzipbin" ] && "$gzipbin" -V 2>&1 | grep -q gzip && \
294 [ "$(echo Girocco | "$gzipbin" -c -n -9 | "$gzipbin" -c -d)" = "Girocco" ] || {
295 echo "ERROR: invalid $Girocco::Config::gzip_bin setting" >&2
296 exit 1
297 }
298 ln -s "$gzipbin" "$cfg_basedir/bin/gzip"
299
300 echo "*** Preprocessing scripts..."
301 SHBIN="$shbin" && export SHBIN
302 PERLBIN="$perlbin" && export PERLBIN
303 perl -I. -M$GIROCCO_CONF -i -p \
304 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
305 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
306 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
307 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
308 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
309 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
310 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
311 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
312 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
313 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
314 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
315 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
316 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
317 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
318 -e 's/\@var_xargs_r\@/"'"$var_xargs_r"'"/g;' \
319 -e 'close ARGV if eof;' \
320 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
321 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
322 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
323 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
324 "$cfg_basedir"/toolbox/reports/*.sh \
325 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
326 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
327 "$cfg_basedir"/bin/*.cgi "$cfg_basedir"/screen/*
328 perl -i -p \
329 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
330 -e 'close ARGV if eof;' \
331 "$cfg_basedir"/jobd/jobd.pl "$cfg_basedir"/taskd/taskd.pl \
332 "$cfg_basedir"/bin/sendmail.pl "$cfg_basedir"/bin/CACreateCert
333 perl -i -p \
334 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
335 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
336 -e 'close ARGV if eof;' \
337 "$cfg_basedir"/bin/format-readme "$cfg_basedir/cgi"/*.cgi
338 unset PERLBIN
339 unset SHBIN
340
341 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
342 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
343
344 if [ -n "$cfg_mirror" ]; then
345 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
346 fi
347 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
348 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
349 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
350
351
352 echo "*** Setting up repository root..."
353 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
354 if [ "$cfg_owning_group" ]; then
355 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
356 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
357 fi
358 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
359 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
360
361
362 if [ -n "$cfg_chrooted" ]; then
363 echo "*** Setting up chroot jail for pushing..."
364 if [ "$(id -u)" -eq 0 ]; then
365 ./jailsetup.sh
366 else
367 echo "WARNING: Skipping jail setup, not root"
368 fi
369 fi
370
371
372 echo "*** Setting up jail configuration (project database)..."
373 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
374 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
375 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
376 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
377 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
378 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
379 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
380 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
381 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
382 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
383
384 echo "*** Setting up gitweb from git.git..."
385 if [ ! -f git.git/Makefile ]; then
386 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
387 exit 1
388 fi
389 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
390 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
391 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH="$shbin" gitweb && \
392 chown_make gitweb && \
393 PERLBIN="$perlbin" && export PERLBIN && \
394 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
395 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
396 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
397 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
398 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
399 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
400 test $? -eq 0
401
402
403 echo "*** Setting up git-browser from git-browser.git..."
404 if [ ! -f git-browser.git/git-browser.cgi ]; then
405 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
406 exit 1
407 fi
408 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
409 (cd git-browser.git && \
410 CFG="$cfg_basedir/gitweb/git-browser.conf" && export CFG && \
411 PERLBIN="$perlbin" && export PERLBIN && perl -p \
412 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
413 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
414 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
415 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
416 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
417 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
418 cp -r JSON "$cfg_cgiroot")
419 test $? -eq 0
420 rm -f "$cfg_webroot"/git-browser/index.html
421 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
422 gitbin: $cfg_git_bin
423 warehouse: $cfg_reporoot
424 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
425 EOT
426 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
427 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
428 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
429 cfg_gitweb_url="$cfg_gitweburl/"
430 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
431 EOT
432 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
433 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
434
435
436 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
437 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
438 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
439 exit 1
440 fi
441 mkdir -p "$cfg_basedir"/bin
442 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
443
444
445 echo "*** Setting up hg-fast-export from fast-export.git..."
446 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
447 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
448 exit 1
449 fi
450 mkdir -p "$cfg_basedir"/bin
451 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
452
453
454 echo "*** Setting up markdown from markdown.git..."
455 if [ ! -f markdown.git/Markdown.pl ]; then
456 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
457 exit 1
458 fi
459 mkdir -p "$cfg_basedir"/bin
460 (PERLBIN="$perlbin" && export PERLBIN && \
461 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
462 markdown.git/Markdown.pl > "$cfg_basedir"/bin/Markdown.pl.$$ && \
463 chmod a+x "$cfg_basedir"/bin/Markdown.pl.$$ && \
464 mv -f "$cfg_basedir"/bin/Markdown.pl.$$ "$cfg_basedir"/bin/Markdown.pl)
465 test $? -eq 0
466
467
468 echo "*** Setting up our part of the website..."
469 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
470 cp "$cfg_basedir"/bin/snapshot.cgi "$cfg_basedir/cgi"
471 cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir/cgi"
472 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir/cgi"/usercert.cgi "$cfg_cgiroot"/usercert.cgi
473 cp "$cfg_basedir/cgi"/*.cgi "$cfg_cgiroot"
474 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
475 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
476 if [ -z "$cfg_httpspushurl" ]; then
477 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
478 else
479 cp gitweb/indextext.html "$cfg_basedir/gitweb"
480 fi
481 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
482 cp mootools.js "$cfg_webroot"
483 cp htaccess "$cfg_webroot/.htaccess"
484 cp cgi/htaccess "$cfg_cgiroot/.htaccess"
485 cp git-favicon.ico "$cfg_webroot/favicon.ico"
486 cp robots.txt "$cfg_webroot"
487 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
488
489
490 if [ -n "$cfg_httpspushurl" ]; then
491 echo "*** Setting up SSL certificates..."
492 bits=2048
493 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
494 bits="$cfg_rsakeylength"
495 fi
496 mkdir -p "$cfg_certsdir"
497 [ -d "$cfg_certsdir" ]
498 wwwcertcn=
499 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
500 wwwcertcn="$( \
501 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
502 sed -e 's,[^/]*,,' \
503 )"
504 fi
505 wwwcertdns=
506 if [ -n "$cfg_wwwcertaltnames" ]; then
507 for dnsopt in $cfg_wwwcertaltnames; do
508 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
509 done
510 fi
511 wwwcertdnsfile=
512 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
513 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
514 fi
515 needroot=
516 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
517 -e "$cfg_certsdir/girocco_client_key.pem" -a \
518 -e "$cfg_certsdir/girocco_www_key.pem" -a \
519 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
520 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
521 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
522 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
523 umask 0077
524 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
525 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
526 rm -f "$cfg_certsdir/girocco_root_crt.pem"
527 umask 0022
528 echo "Created new root key"
529 fi
530 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
531 "$cfg_basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
532 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
533 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
534 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
535 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
536 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
537 echo "Created new root certificate"
538 fi
539 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
540 umask 0077
541 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
542 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
543 rm -f "$cfg_certsdir/girocco_www_crt.pem"
544 umask 0022
545 echo "Created new www key"
546 fi
547 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
548 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
549 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
550 "$cfg_basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
551 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
552 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
553 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
554 echo "Created www certificate"
555 fi
556 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
557 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
558 echo "Created www certificate chain file"
559 fi
560 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
561 umask 0037
562 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
563 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
564 rm -f "$cfg_certsdir/girocco_client_crt.pem"
565 umask 0022
566 echo "Created new client key"
567 fi
568 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
569 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
570 "$cfg_basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
571 --cert "$cfg_certsdir/girocco_root_crt.pem" \
572 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
573 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
574 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
575 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
576 echo "Created client certificate"
577 fi
578 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
579 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
580 echo "Created client certificate suffix file"
581 fi
582 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
583 if [ -n "$cfg_mob" ]; then
584 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
585 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
586 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
587 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
588 echo "Created new mob user key"
589 fi
590 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
591 openssl rsa -in "$cfg_mobuserkey" -pubout |
592 "$cfg_basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
593 --cert "$cfg_clientcert" \
594 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
595 echo "Created mob user client certificate"
596 fi
597 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
598 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
599 else
600 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
601 fi
602 else
603 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
604 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
605 fi
606
607
608 echo "*** Finalizing permissions..."
609 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
610 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"