2 # The Girocco installation script
3 # We will OVERWRITE basedir!
7 [ -n "$MAKE" ] || MAKE
="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
14 # Run perl module checker
15 if [ ! -x toolbox
/check-perl-modules.pl
]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF
=Girocco
::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
24 # First run Girocco::Config consistency checks
25 perl
-I.
-M$GIROCCO_CONF -e ''
29 "$var_perl_bin" toolbox
/check-perl-modules.pl
32 [ -z "$cfg_owning_group" ] || owngroup
=":$cfg_owning_group"
33 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
34 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
35 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
40 # Check for extra required tools
41 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint
>/dev
/null
; then
42 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
47 echo "*** Checking for compiled utilities..."
48 if [ ! -x src
/can_user_push
]; then
49 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
50 echo "ERROR: perhaps you forgot to run make?" >&2
53 if [ ! -x src
/can_user_push_http
]; then
54 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
55 echo "ERROR: perhaps you forgot to run make?" >&2
58 if [ ! -x src
/getent
]; then
59 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
60 echo "ERROR: perhaps you forgot to run make?" >&2
63 if [ ! -x src
/get_user_uuid
]; then
64 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
65 echo "ERROR: perhaps you forgot to run make?" >&2
68 if [ ! -x src
/list_packs
]; then
69 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
70 echo "ERROR: perhaps you forgot to run make?" >&2
73 if [ ! -x src
/peek_packet
]; then
74 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
75 echo "ERROR: perhaps you forgot to run make?" >&2
78 if [ ! -x src
/rangecgi
]; then
79 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
80 echo "ERROR: perhaps you forgot to run make?" >&2
83 if [ ! -x src
/strftime
]; then
84 echo "ERROR: src/strftime is not built! Did you _REALLY_ read INSTALL?" >&2
85 echo "ERROR: perhaps you forgot to run make?" >&2
88 if [ ! -x src
/throttle
]; then
89 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
90 echo "ERROR: perhaps you forgot to run make?" >&2
95 echo "*** Checking for ezcert..."
96 if ! [ -f ezcert.git
/CACreateCert
-a -x ezcert.git
/CACreateCert
]; then
97 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
102 echo "*** Checking for git..."
103 case "$cfg_git_bin" in /*) :;; *)
104 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
107 if [ ! -x "$cfg_git_bin" ]; then
108 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
111 if ! git_version
="$("$cfg_git_bin" version)"; then
112 echo "ERROR: $cfg_git_bin version failed" >&2
115 case "$git_version" in
116 [Gg
]"it version "*) :;;
118 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
121 echo "Found $cfg_git_bin $git_version"
122 git_vernum
="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
123 echo "*** Checking Git $git_vernum for compatibility..."
124 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
125 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
128 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
129 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
131 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
135 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
138 Some Girocco functionality will be gracefully disabled and other things will
139 just not work at all such as race condition protection against simultaneous
140 client pushes and server garbage collections.
144 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
145 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
147 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
148 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
150 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
151 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
152 echo 'WARNING: See http://mid.mail-archive.com/20141222041944.GA441@peff.net for details'
154 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
155 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
156 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
158 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
159 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
161 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
162 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
164 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
165 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
167 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
171 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
174 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
175 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
176 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
178 In order to bypass this check you will have to modify install.sh in which case
179 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
184 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
185 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
187 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
188 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
191 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
192 secmsg
='prior to 2.4.11'
194 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
195 secmsg
='2.5.x prior to 2.5.5'
197 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
198 secmsg
='2.6.x prior to 2.6.6'
200 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
201 secmsg
='2.7.x prior to 2.7.4'
203 if [ -n "$secmsg" ]; then
207 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
210 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
211 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
213 Besides the security fixes included in later versions, versions prior to
214 2.2.0 may accidentally prune unreachable loose objects earlier than
215 intended. Since Git version 2.4.11 is the minimum version to include all
216 security fixes to date, it should be considered the absolute minimum
217 version of Git to use when running Girocco.
219 This is not enforced, but Git is easy to build from the git.git submodule
220 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
222 We will now pause for a moment so you can reflect on this warning.
227 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr
"$cfg_git_bin"; then
231 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
234 You appear to have enabled mirroring and the Git binary you have selected
235 appears to contain an experimental patch that cannot be disabled. This
236 patch can generate invalid network DNS traffic and/or cause long delays
237 when fetching using the "git:" protocol when no port number is specified.
238 It may also end up retrieving repsitory contents from a host other than
239 the one specified in the "git:" URL when the port is omitted.
241 You are advised to either build your own version of Git (the problem patch
242 is not part of the official Git repository) or disable mirroring (via the
243 $Girocco::Config:mirror setting) to avoid these potential problems.
245 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
252 [ -n "$1" ] ||
return 1
253 _cmdnc
="$(command -v "$1" 2>/dev/null || :)"
254 [ -n "$_cmdnc" ] && [ -x "$_cmdnc" ] ||
return 1
255 _tmpdir
="$(mktemp -d /tmp/nc-u-XXXXXX)"
256 [ -n "$_tmpdir" ] && [ -d "$_tmpdir" ] ||
return 1
258 (sleep 3 |
"$_cmdnc" -l -U "$_tmpdir/socket" 2>/dev
/null
>"$_tmpdir/output" ||
>"$_tmpdir/failed")&
261 echo "testing" |
"$_cmdnc" -w 1 -U "$_tmpdir/socket" >/dev
/null
2>&1 ||
>"$_tmpdir/failed"
263 kill "$_bgpid" >/dev
/null
2>&1 ||
:
264 read -r _result
<"$_tmpdir/output" ||
:
266 ! [ -e "$_tmpdir/failed" ] || _bad
=1
268 [ -z "$_bad" ] && [ "$_result" = "testing" ]
271 echo "*** Verifying \$Girocco::Config::nc_openbsd_bin supports -U option..."
272 test_nc_U
"$var_nc_openbsd_bin" ||
{
273 echo "ERROR: invalid Girocco::Config::nc_openbsd_bin setting" >&2
274 echo "ERROR: \"$var_nc_openbsd_bin\" does not grok the -U option" >&2
275 if [ "$(uname -s 2>/dev/null)" = "DragonFly" ]; then
276 echo "ERROR: see the src/dragonfly/README file for a solution" >&2
282 if [ "$LOGNAME" = root
-a -n "$SUDO_USER" -a "$SUDO_USER" != root
]; then
283 find "$@" -user root
-print0 2>/dev
/null | \
284 xargs -0 chown
"$SUDO_USER:$(id -gn "$SUDO_USER")"
285 elif [ "$LOGNAME" = root
-a -z "$SUDO_USER" -o "$SUDO_USER" = root
]; then
286 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
290 # Use basedir, webroot and cgiroot for easier control of filesystem locations
291 # Wherever we are writing/copying/installing files we use these, but where we
292 # are editing, adding config settings or printing advice we always stick to the
293 # cfg_xxx Config variable versions. These are like a set of DESTDIR variables.
294 # Only the file system directories that could be asynchronously accessed (by
295 # the web server, jobd.pl, taskd.pl or incoming pushes) get these special vars.
296 # The chroot is handled specially and does not need one of these.
297 basedir
="$cfg_basedir"
298 webroot
="$cfg_webroot"
299 cgiroot
="$cfg_cgiroot"
301 echo "*** Setting up basedir..."
302 "$MAKE" --no-print-directory --silent apache.conf
303 chown_make apache.conf
304 "$MAKE" --no-print-directory --silent -C src
307 mkdir
-p "$basedir" "$basedir/gitweb" "$basedir/cgi"
308 cp cgi
/*.cgi
"$basedir/cgi"
309 cp -pR Girocco jobd taskd html
jobs toolbox hooks apache.conf shlib.sh bin screen
"$basedir"
310 cp -p src
/can_user_push src
/can_user_push_http src
/get_user_uuid src
/list_packs src
/peek_packet \
311 src
/rangecgi src
/strftime src
/throttle ezcert.git
/CACreateCert cgi
/authrequired.cgi \
312 cgi
/snapshot.cgi
"$basedir/bin"
313 cp -p gitweb
/*.sh gitweb
/*.perl
"$basedir/gitweb"
314 [ -n "$cfg_httpspushurl" ] ||
rm -f "$basedir"/html
/rootcert.html
"$basedir"/html
/httpspush.html
315 [ -n "$cfg_mob" ] ||
rm -f "$basedir"/html
/mob.html
317 # Put the correct Config in place
318 [ "$GIROCCO_CONF" = "Girocco::Config" ] ||
cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$basedir/Girocco/Config.pm"
320 ln -s "$cfg_git_bin" "$basedir/bin/git"
322 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] ||
{
323 echo "ERROR: invalid $Girocco::Config::posix_sh_bin setting" >&2
326 ln -s "$shbin" "$basedir/bin/sh"
327 perlbin
="$var_perl_bin"
328 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl
", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] ||
{
329 echo "ERROR: invalid $Girocco::Config::perl_bin setting" >&2
332 ln -s "$perlbin" "$basedir/bin/perl"
333 gzipbin
="$var_gzip_bin"
334 [ -n "$gzipbin" ] && [ -x "$gzipbin" ] && "$gzipbin" -V 2>&1 |
grep -q gzip && \
335 [ "$(echo Girocco | "$gzipbin" -c -n -9 | "$gzipbin" -c -d)" = "Girocco" ] ||
{
336 echo "ERROR: invalid $Girocco::Config::gzip_bin setting" >&2
339 ln -s "$gzipbin" "$basedir/bin/gzip"
341 echo "*** Preprocessing scripts..."
342 SHBIN
="$shbin" && export SHBIN
343 PERLBIN
="$perlbin" && export PERLBIN
344 perl
-I.
-M$GIROCCO_CONF -i -p \
345 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
346 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
347 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
348 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
349 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
350 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
351 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
352 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
353 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
354 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
355 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
356 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
357 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
358 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
359 -e 's/\@git_no_mmap\@/"$Girocco::Config::git_no_mmap"/g;' \
360 -e 's/\@var_xargs_r\@/"'"$var_xargs_r"'"/g;' \
361 -e 's/\@big_file_threshold\@/"'"$var_big_file_threshold"'"/g;' \
362 -e 's/\@upload_pack_window\@/"'"$var_upload_window"'"/g;' \
363 -e 'close ARGV if eof;' \
364 "$basedir"/jobs
/*.sh
"$basedir"/jobd
/*.sh \
365 "$basedir"/taskd
/*.sh
"$basedir"/gitweb
/*.sh \
366 "$basedir"/shlib.sh
"$basedir"/hooks
/* \
367 "$basedir"/toolbox
/*.sh
"$basedir"/toolbox
/*.pl \
368 "$basedir"/toolbox
/reports
/*.sh \
369 "$basedir"/bin
/git-
* "$basedir"/bin
/*.sh \
370 "$basedir"/bin
/create-
* "$basedir"/bin
/update-
* \
371 "$basedir"/bin
/*.cgi
"$basedir"/screen
/*
373 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
374 -e 'close ARGV if eof;' \
375 "$basedir"/jobd
/jobd.pl
"$basedir"/taskd
/taskd.pl \
376 "$basedir"/bin
/sendmail.pl
"$basedir"/bin
/CACreateCert
378 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
379 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
380 -e 'close ARGV if eof;' \
381 "$basedir"/bin
/format-readme
"$basedir/cgi"/*.cgi
385 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
386 get_girocco_config_var_list
> "$basedir"/shlib_vars.sh
388 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
389 if [ ! -d bzr-fastimport.git
/exporters
/darcs
/ ]; then
390 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
393 mkdir
-p "$basedir"/bin
394 cp bzr-fastimport.git
/exporters
/darcs
/darcs-fast-export
"$basedir"/bin
396 echo "*** Setting up hg-fast-export from fast-export.git..."
397 if [ ! -f fast-export.git
/hg-fast-export.py
-o ! -f fast-export.git
/hg2git.py
]; then
398 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
401 mkdir
-p "$basedir"/bin
402 cp fast-export.git
/hg-fast-export.py fast-export.git
/hg2git.py
"$basedir"/bin
404 echo "*** Setting up markdown from markdown.git..."
405 if [ ! -f markdown.git
/Markdown.pl
]; then
406 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
409 mkdir
-p "$basedir"/bin
410 (PERLBIN
="$perlbin" && export PERLBIN
&& \
411 perl
-p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
412 markdown.git
/Markdown.pl
> "$basedir"/bin
/Markdown.pl.$$
&& \
413 chmod a
+x
"$basedir"/bin
/Markdown.pl.$$
&& \
414 mv -f "$basedir"/bin
/Markdown.pl.$$
"$basedir"/bin
/Markdown.pl
)
417 if [ -n "$cfg_mirror" ]; then
418 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
420 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
421 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
422 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
425 echo "*** Setting up repository root..."
426 mkdir
-p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
427 if [ "$cfg_owning_group" ]; then
428 chgrp
"$cfg_owning_group" "$cfg_reporoot" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
429 chgrp
"$cfg_owning_group" "$cfg_reporoot/_recyclebin" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
431 chmod 02775 "$cfg_reporoot" ||
echo "WARNING: Cannot chmod $cfg_reporoot properly"
432 chmod 02775 "$cfg_reporoot/_recyclebin" ||
echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
435 if [ -n "$cfg_chrooted" ]; then
436 echo "*** Setting up chroot jail for pushing..."
437 if [ "$(id -u)" -eq 0 ]; then
440 echo "WARNING: Skipping jail setup, not root"
445 echo "*** Setting up jail configuration (project database)..."
446 [ "$(id -u)" -eq 0 ] || .
/jailsetup.sh dbonly
447 mkdir
-p "$cfg_chroot" "$cfg_chroot/etc"
448 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
449 chown
"$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
450 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
451 chown
"$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
452 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
453 chmod g
+w
"$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
454 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
455 chmod 02775 "$cfg_chroot/etc" ||
echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
457 echo "*** Setting up gitweb from git.git..."
458 if [ ! -f git.git
/Makefile
]; then
459 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
462 mkdir
-p "$webroot" "$cgiroot"
463 (cd git.git
&& "$MAKE" --no-print-directory --silent NO_SUBDIR
=: bindir
="$(dirname "$cfg_git_bin")" \
464 GITWEB_CONFIG
="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH
="$shbin" gitweb
&& \
465 chown_make gitweb
&& \
466 PERLBIN
="$perlbin" && export PERLBIN
&& \
467 perl
-p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
468 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb
/gitweb.cgi
> "$cgiroot"/gitweb.cgi.$$
&& \
469 chmod a
+x
"$cgiroot"/gitweb.cgi.$$
&& \
470 chown_make
"$cgiroot"/gitweb.cgi.$$
&& \
471 mv -f "$cgiroot"/gitweb.cgi.$$
"$cgiroot"/gitweb.cgi
&& \
472 cp gitweb
/static
/*.png gitweb
/static
/*.css gitweb
/static
/*.js
"$webroot")
476 echo "*** Setting up git-browser from git-browser.git..."
477 if [ ! -f git-browser.git
/git-browser.cgi
]; then
478 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
481 mkdir
-p "$webroot"/git-browser
"$cgiroot"
482 (cd git-browser.git
&& \
483 CFG
="$cfg_basedir/gitweb/git-browser.conf" && export CFG
&& \
484 PERLBIN
="$perlbin" && export PERLBIN
&& perl
-p \
485 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
486 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi
> "$cgiroot"/git-browser.cgi.$$
&& \
487 chmod a
+x
"$cgiroot"/git-browser.cgi.$$
&& \
488 chown_make
"$cgiroot"/git-browser.cgi.$$
&& \
489 mv -f "$cgiroot"/git-browser.cgi.$$
"$cgiroot"/git-browser.cgi
&& \
490 cp -r *.html
*.js
*.css js.lib
"$webroot"/git-browser
&& \
491 cp -r JSON
"$cgiroot")
493 rm -f "$webroot"/git-browser
/index.html
494 cat >"$basedir/gitweb"/git-browser.conf.$$
<<EOT
496 warehouse: $cfg_reporoot
497 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
499 chown_make
"$basedir/gitweb"/git-browser.conf.$$
500 mv -f "$basedir/gitweb"/git-browser.conf.$$
"$basedir/gitweb"/git-browser.conf
501 cat >"$webroot"/git-browser
/GitConfig.js.$$
<<EOT
502 cfg_gitweb_url="$cfg_gitweburl/"
503 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
505 chown_make
"$webroot"/git-browser
/GitConfig.js.$$
506 mv -f "$webroot"/git-browser
/GitConfig.js.$$
"$webroot"/git-browser
/GitConfig.js
509 echo "*** Setting up our part of the website..."
510 mkdir
-p "$webroot" "$cgiroot"
511 cp "$basedir"/bin
/snapshot.cgi
"$basedir/cgi"
512 cp "$basedir"/bin
/authrequired.cgi
"$basedir/cgi"
513 [ -n "$cfg_httpspushurl" ] ||
rm -f "$basedir/cgi"/usercert.cgi
"$cgiroot"/usercert.cgi
514 cp "$basedir/cgi"/*.cgi
"$cgiroot"
515 ln -fs "$cfg_basedir"/Girocco
"$cgiroot"
516 [ -z "$cfg_webreporoot" ] ||
{ rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
517 if [ -z "$cfg_httpspushurl" ]; then
518 grep -v 'rootcert[.]html' gitweb
/indextext.html
> "$basedir/gitweb/indextext.html"
520 cp gitweb
/indextext.html
"$basedir/gitweb"
522 mv "$basedir"/html
/*.css
"$basedir"/html
/*.js
"$webroot"
523 cp mootools.js
"$webroot"
524 cp htaccess
"$webroot/.htaccess"
525 cp cgi
/htaccess
"$cgiroot/.htaccess"
526 cp git-favicon.ico
"$webroot/favicon.ico"
527 cp robots.txt
"$webroot"
528 cat gitweb
/gitweb.css
>>"$webroot"/gitweb.css
531 if [ -n "$cfg_httpspushurl" ]; then
532 echo "*** Setting up SSL certificates..."
534 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev
/null
; then
535 bits
="$cfg_rsakeylength"
537 mkdir
-p "$cfg_certsdir"
538 [ -d "$cfg_certsdir" ]
540 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
542 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem
" -noout -subject | \
547 if [ -n "$cfg_wwwcertaltnames" ]; then
548 for dnsopt
in $cfg_wwwcertaltnames; do
549 wwwcertdns
="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
553 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
554 wwwcertdnsfile
="$(cat "$cfg_certsdir/girocco_www_crt.dns
")"
557 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
558 -e "$cfg_certsdir/girocco_client_key.pem" -a \
559 -e "$cfg_certsdir/girocco_www_key.pem" -a \
560 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
561 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot
=1
562 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
563 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
565 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
566 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
567 rm -f "$cfg_certsdir/girocco_root_crt.pem"
569 echo "Created new root key"
571 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
572 "$basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
573 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
574 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
575 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
576 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
577 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
578 echo "Created new root certificate"
580 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
582 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
583 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
584 rm -f "$cfg_certsdir/girocco_www_crt.pem"
586 echo "Created new www key"
588 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
589 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] ||
[ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
590 openssl rsa
-in "$cfg_certsdir/girocco_www_key.pem" -pubout |
591 "$basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
592 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
593 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
594 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
595 echo "Created www certificate"
597 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
598 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
599 echo "Created www certificate chain file"
601 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
603 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
604 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
605 rm -f "$cfg_certsdir/girocco_client_crt.pem"
607 echo "Created new client key"
609 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
610 openssl rsa
-in "$cfg_certsdir/girocco_client_key.pem" -pubout |
611 "$basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
612 --cert "$cfg_certsdir/girocco_root_crt.pem" \
613 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
614 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
615 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
616 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
617 echo "Created client certificate"
619 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
620 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
621 echo "Created client certificate suffix file"
623 cat "$cfg_rootcert" > "$webroot/${cfg_nickname}_root_cert.pem"
624 if [ -n "$cfg_mob" ]; then
625 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
626 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
627 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
628 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
629 echo "Created new mob user key"
631 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
632 openssl rsa
-in "$cfg_mobuserkey" -pubout |
633 "$basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
634 --cert "$cfg_clientcert" \
635 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
636 echo "Created mob user client certificate"
638 cat "$cfg_mobuserkey" > "$webroot/${cfg_nickname}_mob_key.pem"
639 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$webroot/${cfg_nickname}_mob_user.pem"
641 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
644 rm -f "$webroot/${cfg_nickname}_root_cert.pem"
645 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
649 echo "*** Finalizing permissions..."
650 chown
-R -h "$cfg_mirror_user""$owngroup" "$basedir" "$webroot" "$cgiroot"
651 [ -z "$cfg_httpspushurl" ] || chown
-R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
