search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
jailsetup.sh: include find and xargs in the jail
[girocco.git] / install.sh
blobc3423155476d618d69b9aa345f8fbfc71e1a3abe
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
23
24 # First run Girocco::Config consistency checks
25 perl -I. -M$GIROCCO_CONF -e ''
26
27 . ./shlib.sh
28 umask 0022
29 "$var_perl_bin" toolbox/check-perl-modules.pl
30
31 owngroup=""
32 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
33 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
34 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
35 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
36 exit 1
37 fi
38
39
40 # Check for extra required tools
41 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint >/dev/null; then
42 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
43 exit 1
44 fi
45
46
47 echo "*** Checking for compiled utilities..."
48 if [ ! -x src/can_user_push ]; then
49 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
50 echo "ERROR: perhaps you forgot to run make?" >&2
51 exit 1
52 fi
53 if [ ! -x src/can_user_push_http ]; then
54 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
55 echo "ERROR: perhaps you forgot to run make?" >&2
56 exit 1
57 fi
58 if [ ! -x src/getent ]; then
59 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
60 echo "ERROR: perhaps you forgot to run make?" >&2
61 exit 1
62 fi
63 if [ ! -x src/get_user_uuid ]; then
64 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
65 echo "ERROR: perhaps you forgot to run make?" >&2
66 exit 1
67 fi
68 if [ ! -x src/peek_packet ]; then
69 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
70 echo "ERROR: perhaps you forgot to run make?" >&2
71 exit 1
72 fi
73 if [ ! -x src/rangecgi ]; then
74 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
75 echo "ERROR: perhaps you forgot to run make?" >&2
76 exit 1
77 fi
78 if [ ! -x src/throttle ]; then
79 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
80 echo "ERROR: perhaps you forgot to run make?" >&2
81 exit 1
82 fi
83
84
85 echo "*** Checking for ezcert..."
86 if ! [ -f ezcert.git/CACreateCert -a -x ezcert.git/CACreateCert ]; then
87 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
88 exit 1
89 fi
90
91
92 echo "*** Checking for git..."
93 case "$cfg_git_bin" in /*) :;; *)
94 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
95 exit 1
96 esac
97 if [ ! -x "$cfg_git_bin" ]; then
98 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
99 exit 1
100 fi
101 if ! git_version="$("$cfg_git_bin" version)"; then
102 echo "ERROR: $cfg_git_bin version failed" >&2
103 exit 1
104 fi
105 case "$git_version" in
106 [Gg]"it version "*) :;;
107 *)
108 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
109 exit 1
110 esac
111 echo "Found $cfg_git_bin $git_version"
112 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
113 echo "*** Checking Git $git_vernum for compatibility..."
114 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
115 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
116 exit 1
117 fi
118 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
119 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
120 fi
121 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
122 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.3, some Girocco functionality will be disabled'
123 fi
124 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
125 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
126 fi
127 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
128 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
129 fi
130 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
131 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
132 echo 'WARNING: See http://thread.gmane.org/gmane.comp.version-control.git/261638 for details'
133 fi
134 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
135 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
136 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
137 fi
138 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
139 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
140 fi
141 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
142 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
143 fi
144 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
145 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
146 fi
147 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
148 cat <<'EOT'
149
150 ***
151 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
152 ***
153
154 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
155 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
156 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
157
158 In order to bypass this check you will have to modify install.sh in which case
159 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
160
161 EOT
162 exit 1
163 fi
164 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
165 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
166 fi
167 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
168 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
169 fi
170 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
171 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.11, security issues exist'
172 cat <<'EOT'
173
174 ***
175 *** IMPORTANT: $Girocco::Config::git_bin is set to a version of Git prior to 2.4.11
176 ***
177
178 Besides the security fixes included in 2.4.11, versions prior to 2.2.0
179 may accidentally prune unreachable loose objects earlier than intended.
180 Since Git version 2.4.11 is the minimum version to include all security
181 fixes to date, it should be considered the absolute minimum version of
182 Git to use when running Girocco.
183
184 This is not enforced, but Git is easy to build from the git.git submodule
185 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
186
187 EOT
188 fi
189 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
190 echo 'WARNING: $Girocco::Config::git_bin version >= 2.5.0 and < 2.5.5, security issues exist'
191 fi
192 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
193 echo 'WARNING: $Girocco::Config::git_bin version >= 2.6.0 and < 2.6.6, security issues exist'
194 fi
195 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
196 echo 'WARNING: $Girocco::Config::git_bin version >= 2.7.0 and < 2.7.4, security issues exist'
197 fi
198 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
199 cat <<'EOT'
200
201 ***
202 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
203 ***
204
205 You appear to have enabled mirroring and the Git binary you have selected
206 appears to contain an experimental patch that cannot be disabled. This
207 patch can generate invalid network DNS traffic and/or cause long delays
208 when fetching using the "git:" protocol when no port number is specified.
209 It may also end up retrieving repsitory contents from a host other than
210 the one specified in the "git:" URL when the port is omitted.
211
212 You are advised to either build your own version of Git (the problem patch
213 is not part of the official Git repository) or disable mirroring (via the
214 $Girocco::Config:mirror setting) to avoid these potential problems.
215
216 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
217
218 EOT
219 fi
220
221
222 chown_make() {
223 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
224 find "$@" -user root -print0 2>/dev/null | \
225 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
226 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
227 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
228 fi
229 }
230
231 echo "*** Setting up basedir..."
232 "$MAKE" --no-print-directory --silent apache.conf
233 chown_make apache.conf
234 "$MAKE" --no-print-directory --silent -C src
235 chown_make src
236 rm -fr "$cfg_basedir"
237 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb" "$cfg_basedir/cgi"
238 cp cgi/*.cgi "$cfg_basedir/cgi"
239 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
240 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/peek_packet src/rangecgi \
241 src/throttle ezcert.git/CACreateCert cgi/authrequired.cgi cgi/snapshot.cgi "$cfg_basedir/bin"
242 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
243 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
244 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
245
246 # Put the correct Config in place
247 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
248
249 shbin="${cfg_posix_sh_bin:-/bin/sh}"
250 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] || {
251 echo "ERROR: invalid $Girocco::Config::posix_sh_bin setting" >&2
252 exit 1
253 }
254 ln -s "$shbin" "$cfg_basedir/bin"
255 perlbin="$var_perl_bin"
256 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl ", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] || {
257 echo "ERROR: invalid $Girocco::Config::perl_bin setting" >&2
258 exit 1
259 }
260 ln -s "$perlbin" "$cfg_basedir/bin"
261
262 echo "*** Preprocessing scripts..."
263 SHBIN="$shbin" && export SHBIN
264 PERLBIN="$perlbin" && export PERLBIN
265 perl -I. -M$GIROCCO_CONF -i -p \
266 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
267 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
268 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
269 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
270 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
271 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
272 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
273 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
274 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
275 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
276 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
277 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
278 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
279 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
280 -e 'close ARGV if eof;' \
281 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
282 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
283 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
284 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
285 "$cfg_basedir"/toolbox/reports/*.sh \
286 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
287 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
288 "$cfg_basedir"/bin/*.cgi "$cfg_basedir"/screen/*
289 perl -i -p \
290 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
291 -e 'close ARGV if eof;' \
292 "$cfg_basedir"/jobd/jobd.pl "$cfg_basedir"/taskd/taskd.pl \
293 "$cfg_basedir"/bin/sendmail.pl "$cfg_basedir"/bin/CACreateCert
294 perl -i -p \
295 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
296 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
297 -e 'close ARGV if eof;' \
298 "$cfg_basedir"/bin/format-readme "$cfg_basedir/cgi"/*.cgi
299 unset PERLBIN
300 unset SHBIN
301
302 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
303 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
304
305 if [ -n "$cfg_mirror" ]; then
306 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
307 fi
308 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
309 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
310 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
311
312
313 echo "*** Setting up repository root..."
314 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
315 if [ "$cfg_owning_group" ]; then
316 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
317 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
318 fi
319 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
320 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
321
322
323 if [ -n "$cfg_chrooted" ]; then
324 echo "*** Setting up chroot jail for pushing..."
325 if [ "$(id -u)" -eq 0 ]; then
326 ./jailsetup.sh
327 else
328 echo "WARNING: Skipping jail setup, not root"
329 fi
330 fi
331
332
333 echo "*** Setting up jail configuration (project database)..."
334 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
335 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
336 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
337 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
338 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
339 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
340 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
341 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
342 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
343 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
344
345 echo "*** Setting up gitweb from git.git..."
346 if [ ! -f git.git/Makefile ]; then
347 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
348 exit 1
349 fi
350 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
351 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
352 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH="$shbin" gitweb && \
353 chown_make gitweb && \
354 PERLBIN="$perlbin" && export PERLBIN && \
355 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
356 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
357 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
358 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
359 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
360 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
361 test $? -eq 0
362
363
364 echo "*** Setting up git-browser from git-browser.git..."
365 if [ ! -f git-browser.git/git-browser.cgi ]; then
366 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
367 exit 1
368 fi
369 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
370 (cd git-browser.git && \
371 CFG="$cfg_basedir/gitweb/git-browser.conf" && export CFG && \
372 PERLBIN="$perlbin" && export PERLBIN && perl -p \
373 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
374 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
375 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
376 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
377 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
378 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
379 cp -r JSON "$cfg_cgiroot")
380 test $? -eq 0
381 rm -f "$cfg_webroot"/git-browser/index.html
382 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
383 gitbin: $cfg_git_bin
384 warehouse: $cfg_reporoot
385 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
386 EOT
387 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
388 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
389 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
390 cfg_gitweb_url="$cfg_gitweburl/"
391 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
392 EOT
393 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
394 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
395
396
397 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
398 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
399 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
400 exit 1
401 fi
402 mkdir -p "$cfg_basedir"/bin
403 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
404
405
406 echo "*** Setting up hg-fast-export from fast-export.git..."
407 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
408 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
409 exit 1
410 fi
411 mkdir -p "$cfg_basedir"/bin
412 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
413
414
415 echo "*** Setting up markdown from markdown.git..."
416 if [ ! -f markdown.git/Markdown.pl ]; then
417 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
418 exit 1
419 fi
420 mkdir -p "$cfg_basedir"/bin
421 (PERLBIN="$perlbin" && export PERLBIN && \
422 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
423 markdown.git/Markdown.pl > "$cfg_basedir"/bin/Markdown.pl.$$ && \
424 chmod a+x "$cfg_basedir"/bin/Markdown.pl.$$ && \
425 mv -f "$cfg_basedir"/bin/Markdown.pl.$$ "$cfg_basedir"/bin/Markdown.pl)
426 test $? -eq 0
427
428
429 echo "*** Setting up our part of the website..."
430 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
431 cp "$cfg_basedir"/bin/snapshot.cgi "$cfg_basedir/cgi"
432 cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir/cgi"
433 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir/cgi"/usercert.cgi "$cfg_cgiroot"/usercert.cgi
434 cp "$cfg_basedir/cgi"/*.cgi "$cfg_cgiroot"
435 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
436 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
437 if [ -z "$cfg_httpspushurl" ]; then
438 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
439 else
440 cp gitweb/indextext.html "$cfg_basedir/gitweb"
441 fi
442 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
443 cp mootools.js "$cfg_webroot"
444 cp htaccess "$cfg_webroot/.htaccess"
445 cp cgi/htaccess "$cfg_cgiroot/.htaccess"
446 cp git-favicon.ico "$cfg_webroot/favicon.ico"
447 cp robots.txt "$cfg_webroot"
448 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
449
450
451 if [ -n "$cfg_httpspushurl" ]; then
452 echo "*** Setting up SSL certificates..."
453 bits=2048
454 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
455 bits="$cfg_rsakeylength"
456 fi
457 mkdir -p "$cfg_certsdir"
458 [ -d "$cfg_certsdir" ]
459 wwwcertcn=
460 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
461 wwwcertcn="$( \
462 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
463 sed -e 's,[^/]*,,' \
464 )"
465 fi
466 wwwcertdns=
467 if [ -n "$cfg_wwwcertaltnames" ]; then
468 for dnsopt in $cfg_wwwcertaltnames; do
469 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
470 done
471 fi
472 wwwcertdnsfile=
473 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
474 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
475 fi
476 needroot=
477 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
478 -e "$cfg_certsdir/girocco_client_key.pem" -a \
479 -e "$cfg_certsdir/girocco_www_key.pem" -a \
480 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
481 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
482 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
483 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
484 umask 0077
485 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
486 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
487 rm -f "$cfg_certsdir/girocco_root_crt.pem"
488 umask 0022
489 echo "Created new root key"
490 fi
491 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
492 "$cfg_basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
493 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
494 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
495 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
496 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
497 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
498 echo "Created new root certificate"
499 fi
500 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
501 umask 0077
502 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
503 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
504 rm -f "$cfg_certsdir/girocco_www_crt.pem"
505 umask 0022
506 echo "Created new www key"
507 fi
508 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
509 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
510 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
511 "$cfg_basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
512 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
513 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
514 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
515 echo "Created www certificate"
516 fi
517 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
518 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
519 echo "Created www certificate chain file"
520 fi
521 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
522 umask 0037
523 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
524 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
525 rm -f "$cfg_certsdir/girocco_client_crt.pem"
526 umask 0022
527 echo "Created new client key"
528 fi
529 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
530 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
531 "$cfg_basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
532 --cert "$cfg_certsdir/girocco_root_crt.pem" \
533 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
534 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
535 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
536 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
537 echo "Created client certificate"
538 fi
539 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
540 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
541 echo "Created client certificate suffix file"
542 fi
543 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
544 if [ -n "$cfg_mob" ]; then
545 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
546 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
547 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
548 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
549 echo "Created new mob user key"
550 fi
551 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
552 openssl rsa -in "$cfg_mobuserkey" -pubout |
553 "$cfg_basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
554 --cert "$cfg_clientcert" \
555 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
556 echo "Created mob user client certificate"
557 fi
558 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
559 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
560 else
561 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
562 fi
563 else
564 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
565 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
566 fi
567
568
569 echo "*** Finalizing permissions..."
570 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
571 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
The repo.or.cz duct tape "Girocco"