2 # The Girocco installation script
3 # We will OVERWRITE basedir!
7 [ -n "$MAKE" ] || MAKE
="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
14 # Run perl module checker
15 if [ ! -x toolbox
/check-perl-modules.pl
]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF
=Girocco
::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
24 # First run Girocco::Config consistency checks
25 perl
-I.
-M$GIROCCO_CONF -e ''
29 "$var_perl_bin" toolbox
/check-perl-modules.pl
32 [ -z "$cfg_owning_group" ] || owngroup
=":$cfg_owning_group"
33 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
34 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
35 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
40 # Check for extra required tools
41 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint
>/dev
/null
; then
42 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
47 echo "*** Checking for compiled utilities..."
48 if [ ! -x src
/can_user_push
]; then
49 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
50 echo "ERROR: perhaps you forgot to run make?" >&2
53 if [ ! -x src
/can_user_push_http
]; then
54 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
55 echo "ERROR: perhaps you forgot to run make?" >&2
58 if [ ! -x src
/getent
]; then
59 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
60 echo "ERROR: perhaps you forgot to run make?" >&2
63 if [ ! -x src
/get_user_uuid
]; then
64 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
65 echo "ERROR: perhaps you forgot to run make?" >&2
68 if [ ! -x src
/list_packs
]; then
69 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
70 echo "ERROR: perhaps you forgot to run make?" >&2
73 if [ ! -x src
/peek_packet
]; then
74 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
75 echo "ERROR: perhaps you forgot to run make?" >&2
78 if [ ! -x src
/rangecgi
]; then
79 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
80 echo "ERROR: perhaps you forgot to run make?" >&2
83 if [ ! -x src
/strftime
]; then
84 echo "ERROR: src/strftime is not built! Did you _REALLY_ read INSTALL?" >&2
85 echo "ERROR: perhaps you forgot to run make?" >&2
88 if [ ! -x src
/throttle
]; then
89 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
90 echo "ERROR: perhaps you forgot to run make?" >&2
95 echo "*** Checking for ezcert..."
96 if ! [ -f ezcert.git
/CACreateCert
-a -x ezcert.git
/CACreateCert
]; then
97 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
102 echo "*** Checking for git..."
103 case "$cfg_git_bin" in /*) :;; *)
104 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
107 if [ ! -x "$cfg_git_bin" ]; then
108 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
111 if ! git_version
="$("$cfg_git_bin" version)"; then
112 echo "ERROR: $cfg_git_bin version failed" >&2
115 case "$git_version" in
116 [Gg
]"it version "*) :;;
118 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
121 echo "Found $cfg_git_bin $git_version"
122 git_vernum
="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
123 echo "*** Checking Git $git_vernum for compatibility..."
124 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
125 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
128 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
129 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
131 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
135 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
138 Some Girocco functionality will be gracefully disabled and other things will
139 just not work at all such as race condition protection against simultaneous
140 client pushes and server garbage collections.
144 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
145 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
147 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
148 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
150 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
151 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
152 echo 'WARNING: See http://mid.mail-archive.com/20141222041944.GA441@peff.net for details'
154 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
155 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
156 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
158 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
159 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
161 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
162 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
164 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
165 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
167 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
171 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
174 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
175 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
176 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
178 In order to bypass this check you will have to modify install.sh in which case
179 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
184 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
185 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
187 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
188 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
191 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
192 secmsg
='prior to 2.4.11'
194 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
195 secmsg
='2.5.x prior to 2.5.5'
197 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
198 secmsg
='2.6.x prior to 2.6.6'
200 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
201 secmsg
='2.7.x prior to 2.7.4'
203 if [ -n "$secmsg" ]; then
207 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
210 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
211 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
213 Besides the security fixes included in later versions, versions prior to
214 2.2.0 may accidentally prune unreachable loose objects earlier than
215 intended. Since Git version 2.4.11 is the minimum version to include all
216 security fixes to date, it should be considered the absolute minimum
217 version of Git to use when running Girocco.
219 This is not enforced, but Git is easy to build from the git.git submodule
220 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
222 We will now pause for a moment so you can reflect on this warning.
227 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr
"$cfg_git_bin"; then
231 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
234 You appear to have enabled mirroring and the Git binary you have selected
235 appears to contain an experimental patch that cannot be disabled. This
236 patch can generate invalid network DNS traffic and/or cause long delays
237 when fetching using the "git:" protocol when no port number is specified.
238 It may also end up retrieving repsitory contents from a host other than
239 the one specified in the "git:" URL when the port is omitted.
241 You are advised to either build your own version of Git (the problem patch
242 is not part of the official Git repository) or disable mirroring (via the
243 $Girocco::Config:mirror setting) to avoid these potential problems.
245 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
252 [ -n "$1" ] ||
return 1
253 _cmdnc
="$(command -v "$1" 2>/dev/null || :)"
254 [ -n "$_cmdnc" ] && [ -x "$_cmdnc" ] ||
return 1
255 _tmpdir
="$(mktemp -d /tmp/nc-u-XXXXXX)"
256 [ -n "$_tmpdir" ] && [ -d "$_tmpdir" ] ||
return 1
258 (sleep 3 |
"$_cmdnc" -l -U "$_tmpdir/socket" 2>/dev
/null
>"$_tmpdir/output" ||
>"$_tmpdir/failed")&
261 echo "testing" |
"$_cmdnc" -w 1 -U "$_tmpdir/socket" >/dev
/null
2>&1 ||
>"$_tmpdir/failed"
263 kill "$_bgpid" >/dev
/null
2>&1 ||
:
264 read -r _result
<"$_tmpdir/output" ||
:
266 ! [ -e "$_tmpdir/failed" ] || _bad
=1
268 [ -z "$_bad" ] && [ "$_result" = "testing" ]
271 echo "*** Verifying \$Girocco::Config::nc_openbsd_bin supports -U option..."
272 test_nc_U
"$var_nc_openbsd_bin" ||
{
273 echo "ERROR: invalid Girocco::Config::nc_openbsd_bin setting" >&2
274 echo "ERROR: \"$var_nc_openbsd_bin\" does not grok the -U option" >&2
275 if [ "$(uname -s 2>/dev/null)" = "DragonFly" ]; then
276 echo "ERROR: see the src/dragonfly/README file for a solution" >&2
282 if [ "$LOGNAME" = root
-a -n "$SUDO_USER" -a "$SUDO_USER" != root
]; then
283 find "$@" -user root
-print0 2>/dev
/null | \
284 xargs -0 chown
"$SUDO_USER:$(id -gn "$SUDO_USER")"
285 elif [ "$LOGNAME" = root
-a -z "$SUDO_USER" -o "$SUDO_USER" = root
]; then
286 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
290 # Make sure $cfg_cgiroot, $cfg_webroot and $cfg_cgiroot are absolute paths
291 case "$cfg_basedir" in /*) :;; *)
292 echo "ERROR: invalid Girocco::Config::basedir setting" >&2
293 echo "ERROR: \"$cfg_basedir\" must be an absolute path (start with '/')" >&2
296 case "$cfg_webroot" in /*) :;; *)
297 echo "ERROR: invalid Girocco::Config::webroot setting" >&2
298 echo "ERROR: \"$cfg_webroot\" must be an absolute path (start with '/')" >&2
301 case "$cfg_cgiroot" in /*) :;; *)
302 echo "ERROR: invalid Girocco::Config::cgiroot setting" >&2
303 echo "ERROR: \"$cfg_cgiroot\" must be an absolute path (start with '/')" >&2
307 # Use basedir, webroot and cgiroot for easier control of filesystem locations
308 # Wherever we are writing/copying/installing files we use these, but where we
309 # are editing, adding config settings or printing advice we always stick to the
310 # cfg_xxx Config variable versions. These are like a set of DESTDIR variables.
311 # Only the file system directories that could be asynchronously accessed (by
312 # the web server, jobd.pl, taskd.pl or incoming pushes) get these special vars.
313 # The chroot is handled specially and does not need one of these.
314 basedir
="$cfg_basedir-new"
315 webroot
="$cfg_webroot-new"
316 cgiroot
="$cfg_cgiroot-new"
318 echo "*** Setting up basedir..."
319 "$MAKE" --no-print-directory --silent apache.conf
320 chown_make apache.conf
321 "$MAKE" --no-print-directory --silent -C src
324 mkdir
-p "$basedir" "$basedir/gitweb" "$basedir/cgi"
325 cp cgi
/*.cgi
"$basedir/cgi"
326 cp -pR Girocco jobd taskd html
jobs toolbox hooks apache.conf shlib.sh bin screen
"$basedir"
327 cp -p src
/can_user_push src
/can_user_push_http src
/get_user_uuid src
/list_packs src
/peek_packet \
328 src
/rangecgi src
/strftime src
/throttle ezcert.git
/CACreateCert cgi
/authrequired.cgi \
329 cgi
/snapshot.cgi
"$basedir/bin"
330 cp -p gitweb
/*.sh gitweb
/*.perl
"$basedir/gitweb"
331 [ -n "$cfg_httpspushurl" ] ||
rm -f "$basedir"/html
/rootcert.html
"$basedir"/html
/httpspush.html
332 [ -n "$cfg_mob" ] ||
rm -f "$basedir"/html
/mob.html
334 # Put the correct Config in place
335 [ "$GIROCCO_CONF" = "Girocco::Config" ] ||
cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$basedir/Girocco/Config.pm"
337 ln -s "$cfg_git_bin" "$basedir/bin/git"
339 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] ||
{
340 echo "ERROR: invalid $Girocco::Config::posix_sh_bin setting" >&2
343 ln -s "$shbin" "$basedir/bin/sh"
344 perlbin
="$var_perl_bin"
345 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl
", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] ||
{
346 echo "ERROR: invalid $Girocco::Config::perl_bin setting" >&2
349 ln -s "$perlbin" "$basedir/bin/perl"
350 gzipbin
="$var_gzip_bin"
351 [ -n "$gzipbin" ] && [ -x "$gzipbin" ] && "$gzipbin" -V 2>&1 |
grep -q gzip && \
352 [ "$(echo Girocco | "$gzipbin" -c -n -9 | "$gzipbin" -c -d)" = "Girocco" ] ||
{
353 echo "ERROR: invalid $Girocco::Config::gzip_bin setting" >&2
356 ln -s "$gzipbin" "$basedir/bin/gzip"
358 echo "*** Preprocessing scripts..."
359 SHBIN
="$shbin" && export SHBIN
360 PERLBIN
="$perlbin" && export PERLBIN
361 perl
-I.
-M$GIROCCO_CONF -i -p \
362 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
363 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
364 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
365 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
366 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
367 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
368 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
369 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
370 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
371 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
372 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
373 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
374 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
375 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
376 -e 's/\@git_no_mmap\@/"$Girocco::Config::git_no_mmap"/g;' \
377 -e 's/\@var_xargs_r\@/"'"$var_xargs_r"'"/g;' \
378 -e 's/\@big_file_threshold\@/"'"$var_big_file_threshold"'"/g;' \
379 -e 's/\@upload_pack_window\@/"'"$var_upload_window"'"/g;' \
380 -e 'close ARGV if eof;' \
381 "$basedir"/jobs
/*.sh
"$basedir"/jobd
/*.sh \
382 "$basedir"/taskd
/*.sh
"$basedir"/gitweb
/*.sh \
383 "$basedir"/shlib.sh
"$basedir"/hooks
/* \
384 "$basedir"/toolbox
/*.sh
"$basedir"/toolbox
/*.pl \
385 "$basedir"/toolbox
/reports
/*.sh \
386 "$basedir"/bin
/git-
* "$basedir"/bin
/*.sh \
387 "$basedir"/bin
/create-
* "$basedir"/bin
/update-
* \
388 "$basedir"/bin
/*.cgi
"$basedir"/screen
/*
390 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
391 -e 'close ARGV if eof;' \
392 "$basedir"/jobd
/jobd.pl
"$basedir"/taskd
/taskd.pl \
393 "$basedir"/bin
/sendmail.pl
"$basedir"/bin
/CACreateCert
395 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
396 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
397 -e 'close ARGV if eof;' \
398 "$basedir"/bin
/format-readme
"$basedir/cgi"/*.cgi
402 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
403 get_girocco_config_var_list
> "$basedir"/shlib_vars.sh
405 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
406 if [ ! -d bzr-fastimport.git
/exporters
/darcs
/ ]; then
407 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
410 mkdir
-p "$basedir"/bin
411 cp bzr-fastimport.git
/exporters
/darcs
/darcs-fast-export
"$basedir"/bin
413 echo "*** Setting up hg-fast-export from fast-export.git..."
414 if [ ! -f fast-export.git
/hg-fast-export.py
-o ! -f fast-export.git
/hg2git.py
]; then
415 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
418 mkdir
-p "$basedir"/bin
419 cp fast-export.git
/hg-fast-export.py fast-export.git
/hg2git.py
"$basedir"/bin
421 echo "*** Setting up markdown from markdown.git..."
422 if [ ! -f markdown.git
/Markdown.pl
]; then
423 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
426 mkdir
-p "$basedir"/bin
427 (PERLBIN
="$perlbin" && export PERLBIN
&& \
428 perl
-p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
429 markdown.git
/Markdown.pl
> "$basedir"/bin
/Markdown.pl.$$
&& \
430 chmod a
+x
"$basedir"/bin
/Markdown.pl.$$
&& \
431 mv -f "$basedir"/bin
/Markdown.pl.$$
"$basedir"/bin
/Markdown.pl
)
434 # Some permission sanity on basedir/bin just in case
435 find "$basedir"/bin
-type f
-print0 |
xargs -0 chmod go-w
436 chown
-R -h "$cfg_mirror_user""$owngroup" "$basedir"/bin
438 if [ -n "$cfg_mirror" ]; then
439 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
441 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
442 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
443 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
446 echo "*** Setting up repository root..."
447 mkdir
-p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
448 if [ "$cfg_owning_group" ]; then
449 chgrp
"$cfg_owning_group" "$cfg_reporoot" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
450 chgrp
"$cfg_owning_group" "$cfg_reporoot/_recyclebin" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
452 chmod 02775 "$cfg_reporoot" ||
echo "WARNING: Cannot chmod $cfg_reporoot properly"
453 chmod 02775 "$cfg_reporoot/_recyclebin" ||
echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
456 if [ -n "$cfg_chrooted" ]; then
457 echo "*** Setting up chroot jail for pushing..."
458 if [ "$(id -u)" -eq 0 ]; then
459 # jailsetup may install things from $cfg_basedir/bin into the
460 # chroot so we do a mini-update of just that portion now
461 mkdir
-p "$cfg_basedir"
462 rm -rf "$cfg_basedir/bin-new"
463 cp -pR "$basedir/bin" "$cfg_basedir/bin-new" >/dev
/null
2>&1
464 rm -rf "$cfg_basedir/bin-old"
465 ! [ -d "$cfg_basedir/bin" ] ||
mv -f "$cfg_basedir/bin" "$cfg_basedir/bin-old"
466 mv -f "$cfg_basedir/bin-new" "$cfg_basedir/bin"
467 rm -rf "$cfg_basedir/bin-old"
470 echo "WARNING: Skipping jail setup, not root"
475 echo "*** Setting up jail configuration (project database)..."
476 [ "$(id -u)" -eq 0 ] || .
/jailsetup.sh dbonly
477 mkdir
-p "$cfg_chroot" "$cfg_chroot/etc"
478 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
479 chown
"$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
480 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
481 chown
"$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
482 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
483 chmod g
+w
"$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
484 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
485 chmod 02775 "$cfg_chroot/etc" ||
echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
488 echo "*** Setting up gitweb from git.git..."
489 if [ ! -f git.git
/Makefile
]; then
490 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
494 # We do not wholesale replace either webroot or cgiroot so if they exist we must
495 # make a copy to start working on them. We make a copy using -p which can result
496 # in some warnings so we suppress error output as it's of no consequence in this case.
497 rm -rf "$webroot" "$cgiroot"
498 ! [ -d "$cfg_webroot" ] ||
cp -pR "$cfg_webroot" "$webroot" >/dev
/null
2>&1
499 ! [ -d "$cfg_cgiroot" ] ||
cp -pR "$cfg_cgiroot" "$cgiroot" >/dev
/null
2>&1
500 mkdir
-p "$webroot" "$cgiroot"
502 (cd git.git
&& "$MAKE" --no-print-directory --silent NO_SUBDIR
=: bindir
="$(dirname "$cfg_git_bin")" \
503 GITWEB_CONFIG
="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH
="$shbin" gitweb
&& \
504 chown_make gitweb
&& \
505 PERLBIN
="$perlbin" && export PERLBIN
&& \
506 perl
-p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
507 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb
/gitweb.cgi
> "$cgiroot"/gitweb.cgi.$$
&& \
508 chmod a
+x
"$cgiroot"/gitweb.cgi.$$
&& \
509 chown_make
"$cgiroot"/gitweb.cgi.$$
&& \
510 mv -f "$cgiroot"/gitweb.cgi.$$
"$cgiroot"/gitweb.cgi
&& \
511 cp gitweb
/static
/*.png gitweb
/static
/*.css gitweb
/static
/*.js
"$webroot")
515 echo "*** Setting up git-browser from git-browser.git..."
516 if [ ! -f git-browser.git
/git-browser.cgi
]; then
517 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
520 mkdir
-p "$webroot"/git-browser
"$cgiroot"
521 (cd git-browser.git
&& \
522 CFG
="$cfg_basedir/gitweb/git-browser.conf" && export CFG
&& \
523 PERLBIN
="$perlbin" && export PERLBIN
&& perl
-p \
524 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
525 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi
> "$cgiroot"/git-browser.cgi.$$
&& \
526 chmod a
+x
"$cgiroot"/git-browser.cgi.$$
&& \
527 chown_make
"$cgiroot"/git-browser.cgi.$$
&& \
528 mv -f "$cgiroot"/git-browser.cgi.$$
"$cgiroot"/git-browser.cgi
&& \
529 cp -r *.html
*.js
*.css js.lib
"$webroot"/git-browser
&& \
530 cp -r JSON
"$cgiroot")
532 rm -f "$webroot"/git-browser
/index.html
533 cat >"$basedir/gitweb"/git-browser.conf.$$
<<EOT
535 warehouse: $cfg_reporoot
536 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
538 chown_make
"$basedir/gitweb"/git-browser.conf.$$
539 mv -f "$basedir/gitweb"/git-browser.conf.$$
"$basedir/gitweb"/git-browser.conf
540 cat >"$webroot"/git-browser
/GitConfig.js.$$
<<EOT
541 cfg_gitweb_url="$cfg_gitweburl/"
542 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
544 chown_make
"$webroot"/git-browser
/GitConfig.js.$$
545 mv -f "$webroot"/git-browser
/GitConfig.js.$$
"$webroot"/git-browser
/GitConfig.js
548 echo "*** Setting up our part of the website..."
549 mkdir
-p "$webroot" "$cgiroot"
550 cp "$basedir"/bin
/snapshot.cgi
"$basedir/cgi"
551 cp "$basedir"/bin
/authrequired.cgi
"$basedir/cgi"
552 [ -n "$cfg_httpspushurl" ] ||
rm -f "$basedir/cgi"/usercert.cgi
"$cgiroot"/usercert.cgi
553 cp "$basedir/cgi"/*.cgi
"$cgiroot"
554 rm -rf "$basedir/cgi"
555 ln -fs "$cfg_basedir"/Girocco
"$cgiroot"
556 [ -z "$cfg_webreporoot" ] ||
{ rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
557 if [ -z "$cfg_httpspushurl" ]; then
558 grep -v 'rootcert[.]html' gitweb
/indextext.html
> "$basedir/gitweb/indextext.html"
560 cp gitweb
/indextext.html
"$basedir/gitweb"
562 mv "$basedir"/html
/*.css
"$basedir"/html
/*.js
"$webroot"
563 cp mootools.js
"$webroot"
564 cp htaccess
"$webroot/.htaccess"
565 cp cgi
/htaccess
"$cgiroot/.htaccess"
566 cp git-favicon.ico
"$webroot/favicon.ico"
567 cp robots.txt
"$webroot"
568 cat gitweb
/gitweb.css
>>"$webroot"/gitweb.css
571 if [ -n "$cfg_httpspushurl" ]; then
572 echo "*** Setting up SSL certificates..."
574 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev
/null
; then
575 bits
="$cfg_rsakeylength"
577 mkdir
-p "$cfg_certsdir"
578 [ -d "$cfg_certsdir" ]
580 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
582 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem
" -noout -subject | \
587 if [ -n "$cfg_wwwcertaltnames" ]; then
588 for dnsopt
in $cfg_wwwcertaltnames; do
589 wwwcertdns
="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
593 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
594 wwwcertdnsfile
="$(cat "$cfg_certsdir/girocco_www_crt.dns
")"
597 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
598 -e "$cfg_certsdir/girocco_client_key.pem" -a \
599 -e "$cfg_certsdir/girocco_www_key.pem" -a \
600 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
601 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot
=1
602 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
603 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
605 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
606 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
607 rm -f "$cfg_certsdir/girocco_root_crt.pem"
609 echo "Created new root key"
611 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
612 "$basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
613 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
614 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
615 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
616 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
617 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
618 echo "Created new root certificate"
620 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
622 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
623 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
624 rm -f "$cfg_certsdir/girocco_www_crt.pem"
626 echo "Created new www key"
628 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
629 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] ||
[ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
630 openssl rsa
-in "$cfg_certsdir/girocco_www_key.pem" -pubout |
631 "$basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
632 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
633 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
634 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
635 echo "Created www certificate"
637 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
638 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
639 echo "Created www certificate chain file"
641 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
643 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
644 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
645 rm -f "$cfg_certsdir/girocco_client_crt.pem"
647 echo "Created new client key"
649 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
650 openssl rsa
-in "$cfg_certsdir/girocco_client_key.pem" -pubout |
651 "$basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
652 --cert "$cfg_certsdir/girocco_root_crt.pem" \
653 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
654 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
655 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
656 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
657 echo "Created client certificate"
659 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
660 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
661 echo "Created client certificate suffix file"
663 cat "$cfg_rootcert" > "$webroot/${cfg_nickname}_root_cert.pem"
664 if [ -n "$cfg_mob" ]; then
665 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
666 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
667 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
668 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
669 echo "Created new mob user key"
671 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
672 openssl rsa
-in "$cfg_mobuserkey" -pubout |
673 "$basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
674 --cert "$cfg_clientcert" \
675 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
676 echo "Created mob user client certificate"
678 cat "$cfg_mobuserkey" > "$webroot/${cfg_nickname}_mob_key.pem"
679 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$webroot/${cfg_nickname}_mob_user.pem"
681 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
684 rm -f "$webroot/${cfg_nickname}_root_cert.pem"
685 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
689 echo "*** Finalizing permissions and moving into place..."
690 chown
-R -h "$cfg_mirror_user""$owngroup" "$basedir" "$webroot" "$cgiroot"
691 [ -z "$cfg_httpspushurl" ] || chown
-R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
693 # This should always be the very last thing install.sh does
694 rm -rf "$cfg_basedir-old" "$cfg_webroot-old" "$cfg_cgiroot-old"
695 ! [ -d "$cfg_basedir" ] ||
mv -f "$cfg_basedir" "$cfg_basedir-old"
696 mv -f "$basedir" "$cfg_basedir"
697 ! [ -d "$cfg_webroot" ] ||
mv -f "$cfg_webroot" "$cfg_webroot-old"
698 mv -f "$webroot" "$cfg_webroot"
699 ! [ -d "$cfg_cgiroot" ] ||
mv -f "$cfg_cgiroot" "$cfg_cgiroot-old"
700 mv -f "$cgiroot" "$cfg_cgiroot"
701 rm -rf "$cfg_basedir-old" "$cfg_webroot-old" "$cfg_cgiroot-old"
