search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
gc: reach out and touch some objects
[girocco.git] / install.sh
blobefd285e407be85eabba61c77260c35e73ed50b96
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19 toolbox/check-perl-modules.pl
20
21 # What Config should we use?
22 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
23 echo "*** Initializing using $GIROCCO_CONF..."
24
25 # First run Girocco::Config consistency checks
26 perl -I. -M$GIROCCO_CONF -e ''
27
28 . ./shlib.sh
29
30 owngroup=""
31 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
32 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
33 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
34 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
35 exit 1
36 fi
37
38
39 # Check for extra required tools
40 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint >/dev/null; then
41 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
42 exit 1
43 fi
44
45
46 echo "*** Checking for compiled utilities..."
47 if [ ! -x src/can_user_push ]; then
48 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
49 echo "ERROR: perhaps you forgot to run make?" >&2
50 exit 1
51 fi
52 if [ ! -x src/can_user_push_http ]; then
53 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
54 echo "ERROR: perhaps you forgot to run make?" >&2
55 exit 1
56 fi
57 if [ ! -x src/getent ]; then
58 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
59 echo "ERROR: perhaps you forgot to run make?" >&2
60 exit 1
61 fi
62 if [ ! -x src/get_user_uuid ]; then
63 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
64 echo "ERROR: perhaps you forgot to run make?" >&2
65 exit 1
66 fi
67 if [ ! -x src/peek_packet ]; then
68 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
69 echo "ERROR: perhaps you forgot to run make?" >&2
70 exit 1
71 fi
72 if [ ! -x src/rangecgi ]; then
73 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
74 echo "ERROR: perhaps you forgot to run make?" >&2
75 exit 1
76 fi
77 if [ ! -x src/throttle ]; then
78 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
79 echo "ERROR: perhaps you forgot to run make?" >&2
80 exit 1
81 fi
82
83
84 echo "*** Checking for ezcert..."
85 if [ ! -f ezcert.git/CACreateCert ]; then
86 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
87 exit 1
88 fi
89
90
91 echo "*** Checking for git..."
92 case "$cfg_git_bin" in /*) :;; *)
93 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
94 exit 1
95 esac
96 if [ ! -x "$cfg_git_bin" ]; then
97 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
98 exit 1
99 fi
100 if ! git_version="$("$cfg_git_bin" version)"; then
101 echo "ERROR: $cfg_git_bin version failed" >&2
102 exit 1
103 fi
104 case "$git_version" in
105 [Gg]"it version "*) :;;
106 *)
107 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
108 exit 1
109 esac
110 echo "Found $cfg_git_bin $git_version"
111 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
112 echo "*** Checking Git $git_vernum for compatibility..."
113 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
114 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
115 exit 1
116 fi
117 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
118 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
119 fi
120 if [ "$(vcmp "$git_vernum" 1.7.2)" -lt 0 ]; then
121 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.2, some Girocco functionality will be disabled'
122 fi
123 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
124 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
125 fi
126 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
127 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
128 fi
129 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
130 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
131 echo 'WARNING: See http://thread.gmane.org/gmane.comp.version-control.git/261638 for details'
132 fi
133 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
134 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
135 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
136 fi
137 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
138 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
139 fi
140 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
141 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
142 fi
143 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
144 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
145 fi
146 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
147 cat <<'EOT'
148
149 ***
150 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
151 ***
152
153 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
154 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
155 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.3.10) or later.
156
157 In order to bypass this check you will have to modify install.sh in which case
158 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
159
160 EOT
161 exit 1
162 fi
163 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
164 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
165 fi
166 if [ "$(vcmp "$git_vernum" 2.3.10)" -lt 0 ]; then
167 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.10, security issues exist'
168 cat <<'EOT'
169
170 ***
171 *** IMPORTANT: $Girocco::Config::git_bin is set to a version of Git prior to 2.3.10
172 ***
173
174 Besides the security fixes included in 2.3.9 and 2.3.10, versions prior to
175 2.2.0 may accidentally prune unreachable loose objects earlier than intended.
176 Since Git versions 2.2.0 through 2.3.1 are incompatible with Girocco, 2.3.3
177 includes a performance improvement and the only significant changes between
178 2.3.3 and 2.3.10 are the inclusion of the security updates, Git version 2.3.10
179 should be considered the absolute minimum version of Git to use when running
180 Girocco.
181
182 This is not enforced, but Git is easy to build from the git.git submodule and
183 upgrading to GIT VERSION 2.3.10 OR LATER IS HIGHLY RECOMMENDED.
184
185 EOT
186 fi
187 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
188 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
189 fi
190 if [ "$(vcmp "$git_vernum" 2.4)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.4.10)" -lt 0 ]; then
191 echo 'WARNING: $Girocco::Config::git_bin version >= 2.4.0 and < 2.4.10, security issues exist'
192 fi
193 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.4)" -lt 0 ]; then
194 echo 'WARNING: $Girocco::Config::git_bin version >= 2.5.0 and < 2.5.4, security issues exist'
195 fi
196 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.1)" -lt 0 ]; then
197 echo 'WARNING: $Girocco::Config::git_bin version >= 2.6.0 and < 2.6.1, security issues exist'
198 fi
199 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
200 cat <<'EOT'
201
202 ***
203 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
204 ***
205
206 You appear to have enabled mirroring and the Git binary you have selected
207 appears to contain an experimental patch that cannot be disabled. This
208 patch can generate invalid network DNS traffic and/or cause long delays
209 when fetching using the "git:" protocol when no port number is specified.
210 It may also end up retrieving repsitory contents from a host other than
211 the one specified in the "git:" URL when the port is omitted.
212
213 You are advised to either build your own version of Git (the problem patch
214 is not part of the official Git repository) or disable mirroring (via the
215 $Girocco::Config:mirror setting) to avoid these potential problems.
216
217 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
218
219 EOT
220 fi
221
222
223 chown_make() {
224 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
225 find "$@" -user root -print0 2>/dev/null | \
226 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
227 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
228 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
229 fi
230 }
231
232 echo "*** Setting up basedir..."
233 "$MAKE" --no-print-directory --silent apache.conf
234 chown_make apache.conf
235 "$MAKE" --no-print-directory --silent -C src
236 chown_make src
237 rm -fr "$cfg_basedir"
238 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb"
239 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
240 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/peek_packet src/rangecgi \
241 src/throttle ezcert.git/CACreateCert cgi/authrequired.cgi "$cfg_basedir/bin"
242 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
243 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
244 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
245
246 # Put the correct Config in place
247 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
248
249
250 echo "*** Preprocessing scripts..."
251 perl -I. -M$GIROCCO_CONF -i -p \
252 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
253 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
254 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
255 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
256 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
257 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
258 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
259 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
260 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
261 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
262 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
263 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
264 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
265 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
266 "$cfg_basedir"/toolbox/reports/*.sh \
267 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
268 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
269 "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir"/screen/*
270
271 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
272 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
273
274 if [ -n "$cfg_mirror" ]; then
275 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
276 fi
277 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
278 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
279 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
280
281
282 echo "*** Setting up repository root..."
283 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
284 if [ "$cfg_owning_group" ]; then
285 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
286 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
287 fi
288 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
289 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
290
291
292 if [ -n "$cfg_chrooted" ]; then
293 echo "*** Setting up chroot jail for pushing..."
294 if [ "$(id -u)" -eq 0 ]; then
295 ./jailsetup.sh
296 else
297 echo "WARNING: Skipping jail setup, not root"
298 fi
299 fi
300
301
302 echo "*** Setting up jail configuration (project database)..."
303 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
304 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
305 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
306 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
307 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
308 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
309 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the files"
310 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
311 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
312 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
313
314 echo "*** Setting up gitweb from git.git..."
315 if [ ! -f git.git/Makefile ]; then
316 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
317 exit 1
318 fi
319 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
320 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
321 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" gitweb && \
322 chown_make gitweb && \
323 perl -pe 's/^(\s*use\s+warnings\s*;.*)$/#$1/' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
324 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
325 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
326 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
327 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
328
329
330 echo "*** Setting up git-browser from git-browser.git..."
331 if [ ! -f git-browser.git/git-browser.cgi ]; then
332 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
333 exit 1
334 fi
335 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
336 (cd git-browser.git && \
337 CFG="$cfg_basedir/gitweb/git-browser.conf" perl -pe \
338 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
339 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
340 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
341 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
342 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
343 cp -r JSON "$cfg_cgiroot")
344 rm -f "$cfg_webroot"/git-browser/index.html
345 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
346 gitbin: $cfg_git_bin
347 warehouse: $cfg_reporoot
348 EOT
349 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
350 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
351 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
352 cfg_gitweb_url="$cfg_gitweburl/"
353 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
354 EOT
355 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
356 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
357
358
359 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
360 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
361 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
362 exit 1
363 fi
364 mkdir -p "$cfg_basedir"/bin
365 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
366
367
368 echo "*** Setting up hg-fast-export from fast-export.git..."
369 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
370 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
371 exit 1
372 fi
373 mkdir -p "$cfg_basedir"/bin
374 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
375
376
377 echo "*** Setting up markdown from markdown.git..."
378 if [ ! -f markdown.git/Markdown.pl ]; then
379 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
380 exit 1
381 fi
382 mkdir -p "$cfg_basedir"/bin
383 cp markdown.git/Markdown.pl "$cfg_basedir"/bin
384
385
386 echo "*** Setting up our part of the website..."
387 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
388 cp cgi/*.cgi "$cfg_cgiroot"
389 rm -f "$cfg_cgiroot"/authrequired.cgi
390 [ -z "$cfg_httpspushurl" ] || cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_cgiroot"
391 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_cgiroot"/usercert.cgi
392 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
393 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
394 if [ -z "$cfg_httpspushurl" ]; then
395 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
396 else
397 cp gitweb/indextext.html "$cfg_basedir/gitweb"
398 fi
399 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
400 cp mootools.js "$cfg_webroot"
401 cp htaccess "$cfg_webroot/.htaccess"
402 cp cgi/htaccess "$cfg_cgiroot/.htaccess"
403 cp git-favicon.ico "$cfg_webroot/favicon.ico"
404 cp robots.txt "$cfg_webroot"
405 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
406
407
408 if [ -n "$cfg_httpspushurl" ]; then
409 echo "*** Setting up SSL certificates..."
410 bits=2048
411 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
412 bits="$cfg_rsakeylength"
413 fi
414 mkdir -p "$cfg_certsdir"
415 [ -d "$cfg_certsdir" ]
416 wwwcertcn=
417 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
418 wwwcertcn="$( \
419 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
420 sed -e 's,[^/]*,,' \
421 )"
422 fi
423 wwwcertdns=
424 if [ -n "$cfg_wwwcertaltnames" ]; then
425 for dnsopt in $cfg_wwwcertaltnames; do
426 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
427 done
428 fi
429 wwwcertdnsfile=
430 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
431 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
432 fi
433 needroot=
434 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
435 -e "$cfg_certsdir/girocco_client_key.pem" -a \
436 -e "$cfg_certsdir/girocco_www_key.pem" -a \
437 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
438 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
439 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
440 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
441 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
442 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
443 rm -f "$cfg_certsdir/girocco_root_crt.pem"
444 echo "Created new root key"
445 fi
446 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
447 ezcert.git/CACreateCert --root --key "$cfg_certsdir/girocco_root_key.pem" \
448 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
449 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
450 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
451 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
452 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
453 echo "Created new root certificate"
454 fi
455 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
456 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
457 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
458 rm -f "$cfg_certsdir/girocco_www_crt.pem"
459 echo "Created new www key"
460 fi
461 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
462 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
463 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
464 ezcert.git/CACreateCert --server --key "$cfg_certsdir/girocco_root_key.pem" \
465 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
466 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
467 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
468 echo "Created www certificate"
469 fi
470 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
471 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
472 echo "Created www certificate chain file"
473 fi
474 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
475 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
476 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
477 rm -f "$cfg_certsdir/girocco_client_crt.pem"
478 echo "Created new client key"
479 fi
480 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
481 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
482 ezcert.git/CACreateCert --subca --key "$cfg_certsdir/girocco_root_key.pem" \
483 --cert "$cfg_certsdir/girocco_root_crt.pem" \
484 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
485 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
486 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
487 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
488 echo "Created client certificate"
489 fi
490 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
491 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
492 echo "Created client certificate suffix file"
493 fi
494 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
495 if [ -n "$cfg_mob" ]; then
496 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
497 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
498 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
499 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
500 echo "Created new mob user key"
501 fi
502 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
503 openssl rsa -in "$cfg_mobuserkey" -pubout |
504 ezcert.git/CACreateCert --client --key "$cfg_clientkey" \
505 --cert "$cfg_clientcert" \
506 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
507 echo "Created mob user client certificate"
508 fi
509 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
510 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
511 else
512 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
513 fi
514 else
515 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
516 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
517 fi
518
519
520 echo "*** Finalizing permissions..."
521 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
522 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"