2 # The Girocco installation script
3 # We will OVERWRITE basedir!
7 [ -n "$MAKE" ] || MAKE
="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
14 # Run perl module checker
15 if [ ! -x toolbox
/check-perl-modules.pl
]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF
=Girocco
::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
24 # First run Girocco::Config consistency checks
25 perl
-I.
-M$GIROCCO_CONF -e ''
29 "$var_perl_bin" toolbox
/check-perl-modules.pl
31 # $1 must exist and be a dir
32 # $2 may exist but must be a dir
34 # After call $2 will be renamed to $3 (if $2 existed)
35 # And $1 will be renamed to $2
37 [ -n "$1" ] && [ -n "$2" ] && [ -n "$3" ] ||
{ echo "fatal: quick_move: bad args: '$1' '$2' '$3'" >&2; exit 1; }
38 ! [ -e "$3" ] ||
{ echo "fatal: quick_move: already exists: $3" >&2; exit 1; }
39 [ -d "$1" ] ||
{ echo "fatal: quick_move: no such dir: $1" >&2; exit 1; }
40 [ ! -e "$2" -o -d "$2" ] ||
{ echo "fatal: quick_move: not a dir: $2" >&2; exit 1; }
41 perl
-e 'rename($ARGV[1], $ARGV[2]) or die "rename failed: $!\n" if -d $ARGV[1];
42 rename($ARGV[0], $ARGV[1]) or die "rename failed: $!\n"; exit 0;' "$1" "$2" "$3" ||
{
43 echo "fatal: quick_move: rename failed" >&2
46 ! [ -d "$1" ] && [ -d "$2" ] ||
{
47 echo "fatal: quick_move: rename failed" >&2
53 [ -z "$cfg_owning_group" ] || owngroup
=":$cfg_owning_group"
54 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
55 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
56 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
61 # Check for extra required tools
62 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint
>/dev
/null
; then
63 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
68 echo "*** Checking for compiled utilities..."
69 if [ ! -x src
/can_user_push
]; then
70 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
71 echo "ERROR: perhaps you forgot to run make?" >&2
74 if [ ! -x src
/can_user_push_http
]; then
75 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
76 echo "ERROR: perhaps you forgot to run make?" >&2
79 if [ ! -x src
/getent
]; then
80 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
81 echo "ERROR: perhaps you forgot to run make?" >&2
84 if [ ! -x src
/get_user_uuid
]; then
85 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
86 echo "ERROR: perhaps you forgot to run make?" >&2
89 if [ ! -x src
/list_packs
]; then
90 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
91 echo "ERROR: perhaps you forgot to run make?" >&2
94 if [ ! -x src
/peek_packet
]; then
95 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
96 echo "ERROR: perhaps you forgot to run make?" >&2
99 if [ ! -x src
/rangecgi
]; then
100 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
101 echo "ERROR: perhaps you forgot to run make?" >&2
104 if [ ! -x src
/strftime
]; then
105 echo "ERROR: src/strftime is not built! Did you _REALLY_ read INSTALL?" >&2
106 echo "ERROR: perhaps you forgot to run make?" >&2
109 if [ ! -x src
/throttle
]; then
110 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
111 echo "ERROR: perhaps you forgot to run make?" >&2
116 echo "*** Checking for ezcert..."
117 if ! [ -f ezcert.git
/CACreateCert
-a -x ezcert.git
/CACreateCert
]; then
118 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
123 echo "*** Checking for git..."
124 case "$cfg_git_bin" in /*) :;; *)
125 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
128 if [ ! -x "$cfg_git_bin" ]; then
129 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
132 if ! git_version
="$("$cfg_git_bin" version)"; then
133 echo "ERROR: $cfg_git_bin version failed" >&2
136 case "$git_version" in
137 [Gg
]"it version "*) :;;
139 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
142 echo "Found $cfg_git_bin $git_version"
143 git_vernum
="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
144 echo "*** Checking Git $git_vernum for compatibility..."
145 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
146 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
149 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
150 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
152 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
156 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
159 Some Girocco functionality will be gracefully disabled and other things will
160 just not work at all such as race condition protection against simultaneous
161 client pushes and server garbage collections.
165 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
166 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
168 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
169 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
171 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
172 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
173 echo 'WARNING: See http://mid.mail-archive.com/20141222041944.GA441@peff.net for details'
175 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
176 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
177 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
179 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
180 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
182 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
183 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
185 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
186 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
188 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
192 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
195 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
196 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
197 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
199 In order to bypass this check you will have to modify install.sh in which case
200 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
205 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
206 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
208 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
209 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
212 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
213 secmsg
='prior to 2.4.11'
215 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
216 secmsg
='2.5.x prior to 2.5.5'
218 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
219 secmsg
='2.6.x prior to 2.6.6'
221 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
222 secmsg
='2.7.x prior to 2.7.4'
224 if [ -n "$secmsg" ]; then
228 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
231 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
232 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
234 Besides the security fixes included in later versions, versions prior to
235 2.2.0 may accidentally prune unreachable loose objects earlier than
236 intended. Since Git version 2.4.11 is the minimum version to include all
237 security fixes to date, it should be considered the absolute minimum
238 version of Git to use when running Girocco.
240 This is not enforced, but Git is easy to build from the git.git submodule
241 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
243 We will now pause for a moment so you can reflect on this warning.
248 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr
"$cfg_git_bin"; then
252 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
255 You appear to have enabled mirroring and the Git binary you have selected
256 appears to contain an experimental patch that cannot be disabled. This
257 patch can generate invalid network DNS traffic and/or cause long delays
258 when fetching using the "git:" protocol when no port number is specified.
259 It may also end up retrieving repsitory contents from a host other than
260 the one specified in the "git:" URL when the port is omitted.
262 You are advised to either build your own version of Git (the problem patch
263 is not part of the official Git repository) or disable mirroring (via the
264 $Girocco::Config:mirror setting) to avoid these potential problems.
266 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
273 [ -n "$1" ] ||
return 1
274 _cmdnc
="$(command -v "$1" 2>/dev/null || :)"
275 [ -n "$_cmdnc" ] && [ -x "$_cmdnc" ] ||
return 1
276 _tmpdir
="$(mktemp -d /tmp/nc-u-XXXXXX)"
277 [ -n "$_tmpdir" ] && [ -d "$_tmpdir" ] ||
return 1
279 (sleep 3 |
"$_cmdnc" -l -U "$_tmpdir/socket" 2>/dev
/null
>"$_tmpdir/output" ||
>"$_tmpdir/failed")&
282 echo "testing" |
"$_cmdnc" -w 1 -U "$_tmpdir/socket" >/dev
/null
2>&1 ||
>"$_tmpdir/failed"
284 kill "$_bgpid" >/dev
/null
2>&1 ||
:
285 read -r _result
<"$_tmpdir/output" ||
:
287 ! [ -e "$_tmpdir/failed" ] || _bad
=1
289 [ -z "$_bad" ] && [ "$_result" = "testing" ]
292 echo "*** Verifying \$Girocco::Config::nc_openbsd_bin supports -U option..."
293 test_nc_U
"$var_nc_openbsd_bin" ||
{
294 echo "ERROR: invalid Girocco::Config::nc_openbsd_bin setting" >&2
295 echo "ERROR: \"$var_nc_openbsd_bin\" does not grok the -U option" >&2
296 if [ "$(uname -s 2>/dev/null)" = "DragonFly" ]; then
297 echo "ERROR: see the src/dragonfly/README file for a solution" >&2
303 if [ "$LOGNAME" = root
-a -n "$SUDO_USER" -a "$SUDO_USER" != root
]; then
304 find "$@" -user root
-print0 2>/dev
/null | \
305 xargs -0 chown
"$SUDO_USER:$(id -gn "$SUDO_USER")"
306 elif [ "$LOGNAME" = root
-a -z "$SUDO_USER" -o "$SUDO_USER" = root
]; then
307 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
311 # Make sure $cfg_cgiroot, $cfg_webroot and $cfg_cgiroot are absolute paths
312 case "$cfg_basedir" in /*) :;; *)
313 echo "ERROR: invalid Girocco::Config::basedir setting" >&2
314 echo "ERROR: \"$cfg_basedir\" must be an absolute path (start with '/')" >&2
317 case "$cfg_webroot" in /*) :;; *)
318 echo "ERROR: invalid Girocco::Config::webroot setting" >&2
319 echo "ERROR: \"$cfg_webroot\" must be an absolute path (start with '/')" >&2
322 case "$cfg_cgiroot" in /*) :;; *)
323 echo "ERROR: invalid Girocco::Config::cgiroot setting" >&2
324 echo "ERROR: \"$cfg_cgiroot\" must be an absolute path (start with '/')" >&2
328 # return the input with trailing slashes stripped but return "/" for all "/"s
330 [ -n "$1" ] ||
return 0
332 [ "$_s" != "$1" ] || _s
="${_s#?}"
333 printf "%s\n" "${1%$_s}"
336 # a combination of realpath + dirname where the realpath of the deepest existing
337 # directory is returned with the rest of the non-existing components appended
338 # and trailing slashes and multiple slashes are removed
340 _d
="$(striptrsl "$1")"
341 if [ "$_d" = "/" ] ||
[ -z "$_d" ]; then
346 while ! [ -d "$_d" ]; do
347 _c
="/$(basename "$_d")$_c"
348 _d
="$(dirname "$_d")"
349 [ "$_d" != "/" ] || _c
="${_c#/}"
351 printf "%s%s\n" "$(cd "$_d" && pwd -P)" "$_c"
354 # Use basedir, webroot and cgiroot for easier control of filesystem locations
355 # Wherever we are writing/copying/installing files we use these, but where we
356 # are editing, adding config settings or printing advice we always stick to the
357 # cfg_xxx Config variable versions. These are like a set of DESTDIR variables.
358 # Only the file system directories that could be asynchronously accessed (by
359 # the web server, jobd.pl, taskd.pl or incoming pushes) get these special vars.
360 # The chroot is handled specially and does not need one of these.
361 # We must be careful to allow cgiroot and/or webroot to be under basedir in which
362 # case the prior contents of cgiroot and/or webroot are discarded.
363 rbasedir
="$(realdir "$cfg_basedir")"
364 rwebroot
="$(realdir "$cfg_webroot")"
365 rcgiroot
="$(realdir "$cfg_cgiroot")"
366 case "$rbasedir" in "$rwebroot"/?
*)
367 echo "ERROR: invalid Girocco::Config::basedir setting; must not be under webroot" >&2
370 case "$rbasedir" in "$rcgiroot"/?
*)
371 echo "ERROR: invalid Girocco::Config::basedir setting; must not be under cgiroot" >&2
374 if [ "$rwebroot" = "$rcgiroot" ]; then
375 echo "ERROR: invalid Girocco::Config::webroot and Girocco::Config::cgiroot settings; must not be the same" >&2
378 case "$rcgiroot" in "$rwebroot"/?
*)
379 echo "ERROR: invalid Girocco::Config::cgiroot setting; must not be under webroot" >&2
382 case "$rwebroot" in "$rcgiroot"/?
*)
383 echo "ERROR: invalid Girocco::Config::webroot setting; must not be under cgiroot" >&2
386 basedir
="$rbasedir-new"
389 webroot
="$basedir${rwebroot#$rbasedir}"
393 webroot
="$rwebroot-new"
399 cgiroot
="$basedir${rcgiroot#$rbasedir}"
403 cgiroot
="$rcgiroot-new"
408 echo "*** Setting up basedir..."
409 "$MAKE" --no-print-directory --silent apache.conf
410 chown_make apache.conf
411 "$MAKE" --no-print-directory --silent -C src
414 mkdir
-p "$basedir" "$basedir/gitweb" "$basedir/cgi"
415 cp cgi
/*.cgi
"$basedir/cgi"
416 cp -pR Girocco jobd taskd html
jobs toolbox hooks apache.conf shlib.sh bin screen
"$basedir"
417 cp -p src
/can_user_push src
/can_user_push_http src
/get_user_uuid src
/list_packs src
/peek_packet \
418 src
/rangecgi src
/strftime src
/throttle ezcert.git
/CACreateCert cgi
/authrequired.cgi \
419 cgi
/snapshot.cgi
"$basedir/bin"
420 cp -p gitweb
/*.sh gitweb
/*.perl
"$basedir/gitweb"
421 [ -n "$cfg_httpspushurl" ] ||
rm -f "$basedir"/html
/rootcert.html
"$basedir"/html
/httpspush.html
422 [ -n "$cfg_mob" ] ||
rm -f "$basedir"/html
/mob.html
424 # Put the correct Config in place
425 [ "$GIROCCO_CONF" = "Girocco::Config" ] ||
cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$basedir/Girocco/Config.pm"
427 ln -s "$cfg_git_bin" "$basedir/bin/git"
429 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] ||
{
430 echo "ERROR: invalid $Girocco::Config::posix_sh_bin setting" >&2
433 ln -s "$shbin" "$basedir/bin/sh"
434 perlbin
="$var_perl_bin"
435 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl
", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] ||
{
436 echo "ERROR: invalid $Girocco::Config::perl_bin setting" >&2
439 ln -s "$perlbin" "$basedir/bin/perl"
440 gzipbin
="$var_gzip_bin"
441 [ -n "$gzipbin" ] && [ -x "$gzipbin" ] && "$gzipbin" -V 2>&1 |
grep -q gzip && \
442 [ "$(echo Girocco | "$gzipbin" -c -n -9 | "$gzipbin" -c -d)" = "Girocco" ] ||
{
443 echo "ERROR: invalid $Girocco::Config::gzip_bin setting" >&2
446 ln -s "$gzipbin" "$basedir/bin/gzip"
448 echo "*** Preprocessing scripts..."
449 SHBIN
="$shbin" && export SHBIN
450 PERLBIN
="$perlbin" && export PERLBIN
451 perl
-I.
-M$GIROCCO_CONF -i -p \
452 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
453 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
454 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
455 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
456 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
457 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
458 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
459 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
460 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
461 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
462 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
463 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
464 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
465 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
466 -e 's/\@git_no_mmap\@/"$Girocco::Config::git_no_mmap"/g;' \
467 -e 's/\@var_xargs_r\@/"'"$var_xargs_r"'"/g;' \
468 -e 's/\@big_file_threshold\@/"'"$var_big_file_threshold"'"/g;' \
469 -e 's/\@upload_pack_window\@/"'"$var_upload_window"'"/g;' \
470 -e 'close ARGV if eof;' \
471 "$basedir"/jobs
/*.sh
"$basedir"/jobd
/*.sh \
472 "$basedir"/taskd
/*.sh
"$basedir"/gitweb
/*.sh \
473 "$basedir"/shlib.sh
"$basedir"/hooks
/* \
474 "$basedir"/toolbox
/*.sh
"$basedir"/toolbox
/*.pl \
475 "$basedir"/toolbox
/reports
/*.sh \
476 "$basedir"/bin
/git-
* "$basedir"/bin
/*.sh \
477 "$basedir"/bin
/create-
* "$basedir"/bin
/update-
* \
478 "$basedir"/bin
/*.cgi
"$basedir"/screen
/*
480 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
481 -e 'close ARGV if eof;' \
482 "$basedir"/jobd
/jobd.pl
"$basedir"/taskd
/taskd.pl \
483 "$basedir"/bin
/sendmail.pl
"$basedir"/bin
/CACreateCert
485 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
486 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
487 -e 'close ARGV if eof;' \
488 "$basedir"/bin
/format-readme
"$basedir/cgi"/*.cgi
492 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
493 get_girocco_config_var_list
> "$basedir"/shlib_vars.sh
495 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
496 if [ ! -d bzr-fastimport.git
/exporters
/darcs
/ ]; then
497 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
500 mkdir
-p "$basedir"/bin
501 cp bzr-fastimport.git
/exporters
/darcs
/darcs-fast-export
"$basedir"/bin
503 echo "*** Setting up hg-fast-export from fast-export.git..."
504 if [ ! -f fast-export.git
/hg-fast-export.py
-o ! -f fast-export.git
/hg2git.py
]; then
505 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
508 mkdir
-p "$basedir"/bin
509 cp fast-export.git
/hg-fast-export.py fast-export.git
/hg2git.py
"$basedir"/bin
511 echo "*** Setting up markdown from markdown.git..."
512 if [ ! -f markdown.git
/Markdown.pl
]; then
513 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
516 mkdir
-p "$basedir"/bin
517 (PERLBIN
="$perlbin" && export PERLBIN
&& \
518 perl
-p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
519 markdown.git
/Markdown.pl
> "$basedir"/bin
/Markdown.pl.$$
&& \
520 chmod a
+x
"$basedir"/bin
/Markdown.pl.$$
&& \
521 mv -f "$basedir"/bin
/Markdown.pl.$$
"$basedir"/bin
/Markdown.pl
)
524 # Some permission sanity on basedir/bin just in case
525 find "$basedir"/bin
-type f
-print0 |
xargs -0 chmod go-w
526 chown
-R -h "$cfg_mirror_user""$owngroup" "$basedir"/bin
528 if [ -n "$cfg_mirror" ]; then
529 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
531 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
532 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
533 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
536 echo "*** Setting up repository root..."
537 mkdir
-p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
538 if [ "$cfg_owning_group" ]; then
539 chgrp
"$cfg_owning_group" "$cfg_reporoot" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
540 chgrp
"$cfg_owning_group" "$cfg_reporoot/_recyclebin" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
542 chmod 02775 "$cfg_reporoot" ||
echo "WARNING: Cannot chmod $cfg_reporoot properly"
543 chmod 02775 "$cfg_reporoot/_recyclebin" ||
echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
546 if [ -n "$cfg_chrooted" ]; then
547 echo "*** Setting up chroot jail for pushing..."
548 if [ "$(id -u)" -eq 0 ]; then
549 # jailsetup may install things from $cfg_basedir/bin into the
550 # chroot so we do a mini-update of just that portion now
551 mkdir
-p "$cfg_basedir"
552 rm -rf "$cfg_basedir/bin-new"
553 cp -pR "$basedir/bin" "$cfg_basedir/bin-new" >/dev
/null
2>&1
554 rm -rf "$cfg_basedir/bin-old"
555 quick_move
"$cfg_basedir/bin-new" "$cfg_basedir/bin" "$cfg_basedir/bin-old"
556 rm -rf "$cfg_basedir/bin-old"
559 echo "WARNING: Skipping jail setup, not root"
564 echo "*** Setting up jail configuration (project database)..."
565 [ "$(id -u)" -eq 0 ] || .
/jailsetup.sh dbonly
566 mkdir
-p "$cfg_chroot" "$cfg_chroot/etc"
567 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
568 chown
"$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
569 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
570 chown
"$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
571 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
572 chmod g
+w
"$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
573 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
574 chmod 02775 "$cfg_chroot/etc" ||
echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
577 echo "*** Setting up gitweb from git.git..."
578 if [ ! -f git.git
/Makefile
]; then
579 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
583 # We do not wholesale replace either webroot or cgiroot unless they are under
584 # basedir so if they exist and are not we make a copy to start working on them.
585 # We make a copy using -p which can result in some warnings so we suppress
586 # error output as it's of no consequence in this case.
587 rm -rf "$webroot" "$cgiroot"
588 [ -n "$webrootsub" ] ||
! [ -d "$rwebroot" ] ||
cp -pR "$rwebroot" "$webroot" >/dev
/null
2>&1 ||
:
589 [ -n "$cgirootsub" ] ||
! [ -d "$rcgiroot" ] ||
cp -pR "$rcgiroot" "$cgiroot" >/dev
/null
2>&1 ||
:
590 mkdir
-p "$webroot" "$cgiroot"
592 (cd git.git
&& "$MAKE" --no-print-directory --silent NO_SUBDIR
=: bindir
="$(dirname "$cfg_git_bin")" \
593 GITWEB_CONFIG
="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH
="$shbin" gitweb
&& \
594 chown_make gitweb
&& \
595 PERLBIN
="$perlbin" && export PERLBIN
&& \
596 perl
-p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
597 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb
/gitweb.cgi
> "$cgiroot"/gitweb.cgi.$$
&& \
598 chmod a
+x
"$cgiroot"/gitweb.cgi.$$
&& \
599 chown_make
"$cgiroot"/gitweb.cgi.$$
&& \
600 mv -f "$cgiroot"/gitweb.cgi.$$
"$cgiroot"/gitweb.cgi
&& \
601 cp gitweb
/static
/*.png gitweb
/static
/*.css gitweb
/static
/*.js
"$webroot")
605 echo "*** Setting up git-browser from git-browser.git..."
606 if [ ! -f git-browser.git
/git-browser.cgi
]; then
607 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
610 mkdir
-p "$webroot"/git-browser
"$cgiroot"
611 (cd git-browser.git
&& \
612 CFG
="$cfg_basedir/gitweb/git-browser.conf" && export CFG
&& \
613 PERLBIN
="$perlbin" && export PERLBIN
&& perl
-p \
614 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
615 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi
> "$cgiroot"/git-browser.cgi.$$
&& \
616 chmod a
+x
"$cgiroot"/git-browser.cgi.$$
&& \
617 chown_make
"$cgiroot"/git-browser.cgi.$$
&& \
618 mv -f "$cgiroot"/git-browser.cgi.$$
"$cgiroot"/git-browser.cgi
&& \
619 cp -r *.html
*.js
*.css js.lib
"$webroot"/git-browser
&& \
620 cp -r JSON
"$cgiroot")
622 rm -f "$webroot"/git-browser
/index.html
623 cat >"$basedir/gitweb"/git-browser.conf.$$
<<EOT
625 warehouse: $cfg_reporoot
626 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
628 chown_make
"$basedir/gitweb"/git-browser.conf.$$
629 mv -f "$basedir/gitweb"/git-browser.conf.$$
"$basedir/gitweb"/git-browser.conf
630 cat >"$webroot"/git-browser
/GitConfig.js.$$
<<EOT
631 cfg_gitweb_url="$cfg_gitweburl/"
632 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
634 chown_make
"$webroot"/git-browser
/GitConfig.js.$$
635 mv -f "$webroot"/git-browser
/GitConfig.js.$$
"$webroot"/git-browser
/GitConfig.js
638 echo "*** Setting up our part of the website..."
639 mkdir
-p "$webroot" "$cgiroot"
640 cp "$basedir"/bin
/snapshot.cgi
"$basedir/cgi"
641 cp "$basedir"/bin
/authrequired.cgi
"$basedir/cgi"
642 [ -n "$cfg_httpspushurl" ] ||
rm -f "$basedir/cgi"/usercert.cgi
"$cgiroot"/usercert.cgi
643 cp "$basedir/cgi"/*.cgi
"$cgiroot"
644 rm -rf "$basedir/cgi"
645 ln -fs "$cfg_basedir"/Girocco
"$cgiroot"
646 [ -z "$cfg_webreporoot" ] ||
{ rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
647 if [ -z "$cfg_httpspushurl" ]; then
648 grep -v 'rootcert[.]html' gitweb
/indextext.html
> "$basedir/gitweb/indextext.html"
650 cp gitweb
/indextext.html
"$basedir/gitweb"
652 mv "$basedir"/html
/*.css
"$basedir"/html
/*.js
"$webroot"
653 cp mootools.js
"$webroot"
654 cp htaccess
"$webroot/.htaccess"
655 cp cgi
/htaccess
"$cgiroot/.htaccess"
656 cp git-favicon.ico
"$webroot/favicon.ico"
657 cp robots.txt
"$webroot"
658 cat gitweb
/gitweb.css
>>"$webroot"/gitweb.css
661 if [ -n "$cfg_httpspushurl" ]; then
662 echo "*** Setting up SSL certificates..."
664 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev
/null
; then
665 bits
="$cfg_rsakeylength"
667 mkdir
-p "$cfg_certsdir"
668 [ -d "$cfg_certsdir" ]
670 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
672 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem
" -noout -subject | \
677 if [ -n "$cfg_wwwcertaltnames" ]; then
678 for dnsopt
in $cfg_wwwcertaltnames; do
679 wwwcertdns
="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
683 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
684 wwwcertdnsfile
="$(cat "$cfg_certsdir/girocco_www_crt.dns
")"
687 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
688 -e "$cfg_certsdir/girocco_client_key.pem" -a \
689 -e "$cfg_certsdir/girocco_www_key.pem" -a \
690 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
691 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot
=1
692 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
693 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
695 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
696 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
697 rm -f "$cfg_certsdir/girocco_root_crt.pem"
699 echo "Created new root key"
701 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
702 "$basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
703 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
704 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
705 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
706 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
707 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
708 echo "Created new root certificate"
710 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
712 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
713 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
714 rm -f "$cfg_certsdir/girocco_www_crt.pem"
716 echo "Created new www key"
718 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
719 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] ||
[ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
720 openssl rsa
-in "$cfg_certsdir/girocco_www_key.pem" -pubout |
721 "$basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
722 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
723 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
724 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
725 echo "Created www certificate"
727 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
728 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
729 echo "Created www certificate chain file"
731 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
733 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
734 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
735 rm -f "$cfg_certsdir/girocco_client_crt.pem"
737 echo "Created new client key"
739 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
740 openssl rsa
-in "$cfg_certsdir/girocco_client_key.pem" -pubout |
741 "$basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
742 --cert "$cfg_certsdir/girocco_root_crt.pem" \
743 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
744 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
745 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
746 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
747 echo "Created client certificate"
749 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
750 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
751 echo "Created client certificate suffix file"
753 cat "$cfg_rootcert" > "$webroot/${cfg_nickname}_root_cert.pem"
754 if [ -n "$cfg_mob" ]; then
755 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
756 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
757 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
758 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
759 echo "Created new mob user key"
761 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
762 openssl rsa
-in "$cfg_mobuserkey" -pubout |
763 "$basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
764 --cert "$cfg_clientcert" \
765 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
766 echo "Created mob user client certificate"
768 cat "$cfg_mobuserkey" > "$webroot/${cfg_nickname}_mob_key.pem"
769 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$webroot/${cfg_nickname}_mob_user.pem"
771 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
774 rm -f "$webroot/${cfg_nickname}_root_cert.pem"
775 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
779 echo "*** Finalizing permissions and moving into place..."
780 chown
-R -h "$cfg_mirror_user""$owngroup" "$basedir" "$webroot" "$cgiroot"
781 [ -z "$cfg_httpspushurl" ] || chown
-R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
783 # This should always be the very last thing install.sh does
784 rm -rf "$rbasedir-old" "$rwebroot-old" "$rcgiroot-old"
785 quick_move
"$basedir" "$rbasedir" "$rbasedir-old"
786 [ -n "$webrootsub" ] || quick_move
"$webroot" "$rwebroot" "$rwebroot-old"
787 [ -n "$cgirootsub" ] || quick_move
"$cgiroot" "$rcgiroot" "$rcgiroot-old"
788 rm -rf "$rbasedir-old" "$rwebroot-old" "$rcgiroot-old"
789 ! [ -S "$cfg_chroot/etc/taskd.socket" ] ||
{
790 echo "*** Requesting graceful restart of running taskd (and, if running, jobd)..."
791 touch "$cfg_chroot/etc/taskd.restart"
792 echo "nop" | nc_openbsd
-w 5 -U "$cfg_chroot/etc/taskd.socket" ||
: