2 # The Girocco installation script
3 # We will OVERWRITE basedir!
7 [ -n "$MAKE" ] || MAKE
="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
14 # Run perl module checker
15 if ! [ -f toolbox
/check-perl-modules.pl
] ||
! [ -x toolbox
/check-perl-modules.pl
]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF
=Girocco
::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
24 # First run Girocco::Config consistency checks
25 perl
-I.
-M$GIROCCO_CONF -e ''
29 "$var_perl_bin" toolbox
/check-perl-modules.pl
31 # $1 must exist and be a dir
32 # $2 may exist but must be a dir
34 # After call $2 will be renamed to $3 (if $2 existed)
35 # And $1 will be renamed to $2
37 [ -n "$1" ] && [ -n "$2" ] && [ -n "$3" ] ||
{ echo "fatal: quick_move: bad args: '$1' '$2' '$3'" >&2; exit 1; }
38 ! [ -e "$3" ] ||
{ echo "fatal: quick_move: already exists: $3" >&2; exit 1; }
39 [ -d "$1" ] ||
{ echo "fatal: quick_move: no such dir: $1" >&2; exit 1; }
40 ! [ -e "$2" ] ||
[ -d "$2" ] ||
{ echo "fatal: quick_move: not a dir: $2" >&2; exit 1; }
41 perl
-e 'rename($ARGV[1], $ARGV[2]) or die "rename failed: $!\n" if -d $ARGV[1];
42 rename($ARGV[0], $ARGV[1]) or die "rename failed: $!\n"; exit 0;' "$1" "$2" "$3" ||
{
43 echo "fatal: quick_move: rename failed" >&2
46 ! [ -d "$1" ] && [ -d "$2" ] ||
{
47 echo "fatal: quick_move: rename failed" >&2
54 "command" "$var_sh_bin" -c '{ "unset" -f unalias command "$1" || :; "unalias" "$1" || :; } >/dev/null 2>&1; "command" -v "$1"' "$var_sh_bin" "$1"
58 [ -z "$cfg_owning_group" ] || owngroup
=":$cfg_owning_group"
59 if [ -n "$cfg_httpspushurl" ] && [ -z "$cfg_certsdir" ]; then
60 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
61 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
66 # Check for extra required tools
67 if [ "${cfg_xmllint_readme:-0}" != "0" ] && ! command -v xmllint
>/dev
/null
; then
68 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
73 echo "*** Checking for compiled utilities..."
74 if ! [ -f src
/can_user_push
] ||
! [ -x src
/can_user_push
]; then
75 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
76 echo "ERROR: perhaps you forgot to run make?" >&2
79 if ! [ -f src
/can_user_push_http
] ||
! [ -x src
/can_user_push_http
]; then
80 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
81 echo "ERROR: perhaps you forgot to run make?" >&2
84 if ! [ -f src
/getent
] ||
! [ -x src
/getent
]; then
85 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
86 echo "ERROR: perhaps you forgot to run make?" >&2
89 if ! [ -f src
/get_user_uuid
] ||
! [ -x src
/get_user_uuid
]; then
90 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
91 echo "ERROR: perhaps you forgot to run make?" >&2
94 if ! [ -f src
/list_packs
] ||
! [ -x src
/list_packs
]; then
95 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
96 echo "ERROR: perhaps you forgot to run make?" >&2
99 if ! [ -f src
/peek_packet
] ||
! [ -x src
/peek_packet
]; then
100 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
101 echo "ERROR: perhaps you forgot to run make?" >&2
104 if ! [ -f src
/rangecgi
] ||
! [ -x src
/rangecgi
]; then
105 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
106 echo "ERROR: perhaps you forgot to run make?" >&2
109 if ! [ -f src
/strftime
] ||
! [ -x src
/strftime
]; then
110 echo "ERROR: src/strftime is not built! Did you _REALLY_ read INSTALL?" >&2
111 echo "ERROR: perhaps you forgot to run make?" >&2
114 if ! [ -f src
/throttle
] ||
! [ -x src
/throttle
]; then
115 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
116 echo "ERROR: perhaps you forgot to run make?" >&2
121 echo "*** Checking for ezcert..."
122 if ! [ -f ezcert.git
/CACreateCert
] ||
! [ -x ezcert.git
/CACreateCert
]; then
123 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
128 echo "*** Checking for git..."
129 case "$cfg_git_bin" in /*) :;; *)
130 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
133 if ! [ -f "$cfg_git_bin" ] ||
! [ -x "$cfg_git_bin" ]; then
134 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
137 if ! git_version
="$("$cfg_git_bin" version)" ||
[ -z "$git_version" ]; then
138 echo "ERROR: $cfg_git_bin version failed" >&2
141 case "$git_version" in
142 [Gg
]"it version "*) :;;
144 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
147 echo "Found $cfg_git_bin $git_version"
148 git_vernum
="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
149 echo "*** Checking Git $git_vernum for compatibility..."
150 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
151 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
154 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
155 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
157 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
161 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
164 Some Girocco functionality will be gracefully disabled and other things will
165 just not work at all such as race condition protection against simultaneous
166 client pushes and server garbage collections.
170 if [ -n "$cfg_mirror" ] && [ "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
171 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
173 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
174 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
176 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
177 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
178 echo 'WARNING: See http://mid.mail-archive.com/20141222041944.GA441@peff.net for details'
180 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" ] && [ "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
181 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
182 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
184 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
185 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
187 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
188 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
190 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
191 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
193 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
197 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
200 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
201 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
202 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
204 In order to bypass this check you will have to modify install.sh in which case
205 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
210 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
211 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
213 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
214 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
217 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
218 secmsg
='prior to 2.4.11'
220 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
221 secmsg
='2.5.x prior to 2.5.5'
223 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
224 secmsg
='2.6.x prior to 2.6.6'
226 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
227 secmsg
='2.7.x prior to 2.7.4'
229 if [ -n "$secmsg" ]; then
233 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
236 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
237 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
239 Besides the security fixes included in later versions, versions prior to
240 2.2.0 may accidentally prune unreachable loose objects earlier than
241 intended. Since Git version 2.4.11 is the minimum version to include all
242 security fixes to date, it should be considered the absolute minimum
243 version of Git to use when running Girocco.
245 This is not enforced, but Git is easy to build from the git.git submodule
246 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
248 We will now pause for a moment so you can reflect on this warning.
253 if [ -n "$cfg_mirror" ] && [ "$cfg_mirror" != 0 ] && grep -q ns_parserr
"$cfg_git_bin"; then
257 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
260 You appear to have enabled mirroring and the Git binary you have selected
261 appears to contain an experimental patch that cannot be disabled. This
262 patch can generate invalid network DNS traffic and/or cause long delays
263 when fetching using the "git:" protocol when no port number is specified.
264 It may also end up retrieving repsitory contents from a host other than
265 the one specified in the "git:" URL when the port is omitted.
267 You are advised to either build your own version of Git (the problem patch
268 is not part of the official Git repository) or disable mirroring (via the
269 $Girocco::Config:mirror setting) to avoid these potential problems.
271 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
278 [ -n "$1" ] ||
return 1
279 _cmdnc
="$(command -v "$1" 2>/dev/null)" ||
:
280 [ -n "$_cmdnc" ] && [ -f "$_cmdnc" ] && [ -x "$_cmdnc" ] ||
return 1
281 _tmpdir
="$(mktemp -d /tmp/nc-u-XXXXXX)"
282 [ -n "$_tmpdir" ] && [ -d "$_tmpdir" ] ||
return 1
284 (sleep 3 |
"$_cmdnc" -l -U "$_tmpdir/socket" 2>/dev
/null
>"$_tmpdir/output" ||
>"$_tmpdir/failed")&
287 echo "testing" |
"$_cmdnc" -w 1 -U "$_tmpdir/socket" >/dev
/null
2>&1 ||
>"$_tmpdir/failed"
289 kill "$_bgpid" >/dev
/null
2>&1 ||
:
290 read -r _result
<"$_tmpdir/output" ||
:
292 ! [ -e "$_tmpdir/failed" ] || _bad
=1
294 [ -z "$_bad" ] && [ "$_result" = "testing" ]
297 echo "*** Verifying \$Girocco::Config::nc_openbsd_bin supports -U option..."
298 test_nc_U
"$var_nc_openbsd_bin" ||
{
299 echo "ERROR: invalid Girocco::Config::nc_openbsd_bin setting" >&2
300 echo "ERROR: \"$var_nc_openbsd_bin\" does not grok the -U option" >&2
301 if [ "$(uname -s 2>/dev/null)" = "DragonFly" ]; then
302 echo "ERROR: see the src/dragonfly/README file for a solution" >&2
307 echo "*** Verifying selected POSIX sh is sane..."
309 [ -n "$shbin" ] && [ -f "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] ||
{
310 echo 'ERROR: invalid $Girocco::Config::posix_sh_bin setting' >&2
313 [ "$(check_sh_builtin command)" = "command" ] ||
{
314 echo 'ERROR: invalid $Girocco::Config::posix_sh_bin setting (does not understand command -v)' >&2
318 sh_extra_chroot_installs
=
320 for sbi
in cd pwd read umask unset unalias; do
321 if [ "$(check_sh_builtin "$sbi")" != "$sbi" ]; then
322 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (missing built-in $sbi)" >&2
326 [ -z "$badsh" ] ||
exit 1
327 for sbi
in '[' echo printf test; do
328 if ! extra
="$(check_sh_builtin "$sbi")"; then
329 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (missing command $sbi)" >&2
333 if [ "$extra" != "$sbi" ]; then
334 case "$extra" in /*) :;; *)
335 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (bad command -v $sbi result: $extra)" >&2
340 case "$extra" in *" "*) withspc
=1; esac
341 [ -z "$withspc" ] && [ -f "$extra" ] && [ -r "$extra" ] && [ -x "$extra" ] ||
{
342 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (unusable command -v $sbi result: $extra)" >&2
346 echo "WARNING: slow \$Girocco::Config::posix_sh_bin setting (not built-in $sbi)" >&2
347 sh_not_builtin
="$sh_not_builtin $sbi"
348 sh_extra_chroot_installs
="$sh_extra_chroot_installs $extra"
351 [ -z "$badsh" ] ||
exit 1
352 [ -z "$sh_extra_chroot_installs" ] ||
{
353 echo "WARNING: the selected POSIX sh implements these as non-built-in:$sh_not_builtin" >&2
354 echo "WARNING: as a result it will run slower than necessary" >&2
355 echo "WARNING: consider building and switching to dash which can be found at:" >&2
356 echo "WARNING: http://gondor.apana.org.au/~herbert/dash/" >&2
357 echo "WARNING: (download a tarball from the files section or clone the Git repository" >&2
358 echo "WARNING: and checkout the latest tag, run autogen.sh, configure and build)" >&2
359 echo "WARNING: dash is licensed under the 3-clause BSD license" >&2
362 echo "*** Verifying xargs is sane..."
363 _xargsr
="$(</dev/null command xargs printf %s -r)" ||
:
364 xtest1
="$(</dev/null command xargs $_xargsr printf 'test %s ' 2>&1)" ||
:
365 xtest2
="$(printf '%s\n' one two | command xargs $_xargsr printf 'test %s ' 2>&1)" ||
:
366 [ -z "$xtest1" ] && [ "$xtest2" = "test one test two " ] ||
{
367 echo 'ERROR: xargs is unusable' >&2
368 echo 'ERROR: either `test -z "$(</dev/null xargs echo test 2>&1)"`' >&2
369 echo 'ERROR: or `test -z "$(</dev/null xargs -r echo test 2>&1)"`' >&2
370 echo 'ERROR: must be true, but neither is' >&2
374 echo "*** Verifying selected perl is sane..."
375 perlbin
="$var_perl_bin"
376 [ -n "$perlbin" ] && [ -f "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl
", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] ||
{
377 echo 'ERROR: invalid $Girocco::Config::perl_bin setting' >&2
381 echo "*** Verifying selected gzip is sane..."
382 gzipbin
="$var_gzip_bin"
383 [ -n "$gzipbin" ] && [ -f "$gzipbin" ] && [ -x "$gzipbin" ] && "$gzipbin" -V 2>&1 |
grep -q gzip &&
384 [ "$(echo Girocco | "$gzipbin" -c -n -9 | "$gzipbin" -c -d)" = "Girocco" ] ||
{
385 echo 'ERROR: invalid $Girocco::Config::gzip_bin setting' >&2
389 echo "*** Verifying basedir, webroot and cgiroot paths..."
390 # Make sure $cfg_basedir, $cfg_webroot and $cfg_cgiroot are absolute paths
391 case "$cfg_basedir" in /*) :;; *)
392 echo "ERROR: invalid Girocco::Config::basedir setting" >&2
393 echo "ERROR: \"$cfg_basedir\" must be an absolute path (start with '/')" >&2
396 case "$cfg_webroot" in /*) :;; *)
397 echo "ERROR: invalid Girocco::Config::webroot setting" >&2
398 echo "ERROR: \"$cfg_webroot\" must be an absolute path (start with '/')" >&2
401 case "$cfg_cgiroot" in /*) :;; *)
402 echo "ERROR: invalid Girocco::Config::cgiroot setting" >&2
403 echo "ERROR: \"$cfg_cgiroot\" must be an absolute path (start with '/')" >&2
407 # return the input with trailing slashes stripped but return "/" for all "/"s
409 [ -n "$1" ] ||
return 0
411 [ "$_s" != "$1" ] || _s
="${_s#?}"
412 printf "%s\n" "${1%$_s}"
415 # a combination of realpath + dirname where the realpath of the deepest existing
416 # directory is returned with the rest of the non-existing components appended
417 # and trailing slashes and multiple slashes are removed
419 _d
="$(striptrsl "$1")"
420 if [ "$_d" = "/" ] ||
[ -z "$_d" ]; then
425 while ! [ -d "$_d" ]; do
426 _c
="/$(basename "$_d")$_c"
427 _d
="$(dirname "$_d")"
428 [ "$_d" != "/" ] || _c
="${_c#/}"
430 printf "%s%s\n" "$(cd "$_d" && pwd -P)" "$_c"
433 # Use basedir, webroot and cgiroot for easier control of filesystem locations
434 # Wherever we are writing/copying/installing files we use these, but where we
435 # are editing, adding config settings or printing advice we always stick to the
436 # cfg_xxx Config variable versions. These are like a set of DESTDIR variables.
437 # Only the file system directories that could be asynchronously accessed (by
438 # the web server, jobd.pl, taskd.pl or incoming pushes) get these special vars.
439 # The chroot is handled specially and does not need one of these.
440 # We must be careful to allow cgiroot and/or webroot to be under basedir in which
441 # case the prior contents of cgiroot and/or webroot are discarded.
442 rbasedir
="$(realdir "$cfg_basedir")"
443 rwebroot
="$(realdir "$cfg_webroot")"
444 rcgiroot
="$(realdir "$cfg_cgiroot")"
445 case "$rbasedir" in "$rwebroot"/?
*)
446 echo "ERROR: invalid Girocco::Config::basedir setting; must not be under webroot" >&2
449 case "$rbasedir" in "$rcgiroot"/?
*)
450 echo "ERROR: invalid Girocco::Config::basedir setting; must not be under cgiroot" >&2
453 if [ "$rwebroot" = "$rcgiroot" ]; then
454 echo "ERROR: invalid Girocco::Config::webroot and Girocco::Config::cgiroot settings; must not be the same" >&2
457 case "$rcgiroot" in "$rwebroot"/?
*)
458 echo "ERROR: invalid Girocco::Config::cgiroot setting; must not be under webroot" >&2
461 case "$rwebroot" in "$rcgiroot"/?
*)
462 echo "ERROR: invalid Girocco::Config::webroot setting; must not be under cgiroot" >&2
465 basedir
="$rbasedir-new"
468 webroot
="$basedir${rwebroot#$rbasedir}"
472 webroot
="$rwebroot-new"
478 cgiroot
="$basedir${rcgiroot#$rbasedir}"
482 cgiroot
="$rcgiroot-new"
487 echo "*** Setting up basedir..."
490 if [ "$LOGNAME" = root
] && [ -n "$SUDO_USER" ] && [ "$SUDO_USER" != root
]; then
491 find "$@" -user root
-exec chown
"$SUDO_USER:$(id -gn "$SUDO_USER")" '{}' + 2>/dev
/null ||
:
492 elif [ "$LOGNAME" = root
] && { [ -z "$SUDO_USER" ] ||
[ "$SUDO_USER" = root
]; }; then
493 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
497 "$MAKE" --no-print-directory --silent apache.conf
498 chown_make apache.conf
499 "$MAKE" --no-print-directory --silent -C src
502 mkdir
-p "$basedir" "$basedir/gitweb" "$basedir/cgi"
503 cp cgi
/*.cgi
"$basedir/cgi"
504 cp -pR Girocco jobd taskd html
jobs toolbox hooks apache.conf shlib.sh bin screen
"$basedir"
505 cp -p src
/can_user_push src
/can_user_push_http src
/get_user_uuid src
/list_packs src
/peek_packet \
506 src
/rangecgi src
/strftime src
/throttle ezcert.git
/CACreateCert cgi
/authrequired.cgi \
507 cgi
/snapshot.cgi
"$basedir/bin"
508 cp -p gitweb
/*.sh gitweb
/*.perl
"$basedir/gitweb"
509 [ -n "$cfg_httpspushurl" ] ||
rm -f "$basedir"/html
/rootcert.html
"$basedir"/html
/httpspush.html
510 [ -n "$cfg_mob" ] ||
rm -f "$basedir"/html
/mob.html
512 # Put the correct Config in place
513 [ "$GIROCCO_CONF" = "Girocco::Config" ] ||
cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$basedir/Girocco/Config.pm"
515 # Create symbolic links to selected binaries
516 ln -s "$cfg_git_bin" "$basedir/bin/git"
517 ln -s "$shbin" "$basedir/bin/sh"
518 ln -s "$perlbin" "$basedir/bin/perl"
519 ln -s "$gzipbin" "$basedir/bin/gzip"
521 echo "*** Preprocessing scripts..."
522 SHBIN
="$shbin" && export SHBIN
523 PERLBIN
="$perlbin" && export PERLBIN
524 perl
-I.
-M$GIROCCO_CONF -i -p \
525 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
526 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
527 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
528 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
529 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
530 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
531 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
532 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
533 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
534 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
535 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
536 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
537 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
538 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
539 -e 's/\@git_no_mmap\@/"$Girocco::Config::git_no_mmap"/g;' \
540 -e 's/\@big_file_threshold\@/"'"$var_big_file_threshold"'"/g;' \
541 -e 's/\@upload_pack_window\@/"'"$var_upload_window"'"/g;' \
542 -e 'close ARGV if eof;' \
543 "$basedir"/jobs
/*.sh
"$basedir"/jobd
/*.sh \
544 "$basedir"/taskd
/*.sh
"$basedir"/gitweb
/*.sh \
545 "$basedir"/shlib.sh
"$basedir"/hooks
/* \
546 "$basedir"/toolbox
/*.sh
"$basedir"/toolbox
/*.pl \
547 "$basedir"/toolbox
/reports
/*.sh \
548 "$basedir"/bin
/git-
* "$basedir"/bin
/*.sh \
549 "$basedir"/bin
/create-
* "$basedir"/bin
/update-
* \
550 "$basedir"/bin
/*.cgi
"$basedir"/screen
/*
552 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
553 -e 'close ARGV if eof;' \
554 "$basedir"/jobd
/jobd.pl
"$basedir"/taskd
/taskd.pl \
555 "$basedir"/bin
/sendmail.pl
"$basedir"/bin
/CACreateCert
557 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
558 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
559 -e 'close ARGV if eof;' \
560 "$basedir"/bin
/format-readme
"$basedir/cgi"/*.cgi
564 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
565 get_girocco_config_var_list
>"$basedir"/shlib_vars.sh
567 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
568 if ! [ -f bzr-fastimport.git
/exporters
/darcs
/darcs-fast-export
] ||
569 ! [ -x bzr-fastimport.git
/exporters
/darcs
/darcs-fast-export
]; then
570 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
573 mkdir
-p "$basedir"/bin
574 cp bzr-fastimport.git
/exporters
/darcs
/darcs-fast-export
"$basedir"/bin
576 echo "*** Setting up hg-fast-export from fast-export.git..."
577 if ! [ -f fast-export.git
/hg-fast-export.py
] ||
! [ -f fast-export.git
/hg2git.py
]; then
578 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
581 mkdir
-p "$basedir"/bin
582 cp fast-export.git
/hg-fast-export.py fast-export.git
/hg2git.py
"$basedir"/bin
584 echo "*** Setting up markdown from markdown.git..."
585 if ! [ -f markdown.git
/Markdown.pl
]; then
586 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
589 mkdir
-p "$basedir"/bin
590 (PERLBIN
="$perlbin" && export PERLBIN
&&
591 perl
-p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
592 markdown.git
/Markdown.pl
>"$basedir"/bin
/Markdown.pl.$$
&&
593 chmod a
+x
"$basedir"/bin
/Markdown.pl.$$
&&
594 mv -f "$basedir"/bin
/Markdown.pl.$$
"$basedir"/bin
/Markdown.pl
)
597 # Some permission sanity on basedir/bin just in case
598 find "$basedir"/bin
-type f
-exec chmod go-w
'{}' +
599 chown
-R -h "$cfg_mirror_user""$owngroup" "$basedir"/bin
601 if [ -n "$cfg_mirror" ]; then
602 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
604 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
605 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
606 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
609 echo "*** Setting up repository root..."
610 mkdir
-p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
611 if [ "$cfg_owning_group" ]; then
612 chgrp
"$cfg_owning_group" "$cfg_reporoot" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
613 chgrp
"$cfg_owning_group" "$cfg_reporoot/_recyclebin" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
615 chmod 02775 "$cfg_reporoot" ||
echo "WARNING: Cannot chmod $cfg_reporoot properly"
616 chmod 02775 "$cfg_reporoot/_recyclebin" ||
echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
619 if [ -n "$cfg_chrooted" ]; then
620 echo "*** Setting up chroot jail for pushing..."
621 if [ "$(id -u)" -eq 0 ]; then
622 # jailsetup may install things from $cfg_basedir/bin into the
623 # chroot so we do a mini-update of just that portion now
624 mkdir
-p "$cfg_basedir"
625 rm -rf "$cfg_basedir/bin-new"
626 cp -pR "$basedir/bin" "$cfg_basedir/bin-new" >/dev
/null
2>&1
627 rm -rf "$cfg_basedir/bin-old"
628 quick_move
"$cfg_basedir/bin-new" "$cfg_basedir/bin" "$cfg_basedir/bin-old"
629 rm -rf "$cfg_basedir/bin-old"
630 if [ -n "$sh_extra_chroot_installs" ]; then
631 GIROCCO_CHROOT_EXTRA_INSTALLS
="$sh_extra_chroot_installs"
632 export GIROCCO_CHROOT_EXTRA_INSTALLS
635 unset GIROCCO_CHROOT_EXTRA_INSTALLS
637 echo "WARNING: Skipping jail setup, not root"
642 echo "*** Setting up jail configuration (project database)..."
643 [ "$(id -u)" -eq 0 ] || .
/jailsetup.sh dbonly
644 mkdir
-p "$cfg_chroot" "$cfg_chroot/etc"
645 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
646 chown
"$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
647 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
648 chown
"$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
649 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
650 chmod g
+w
"$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
651 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
652 chmod 02775 "$cfg_chroot/etc" ||
echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
655 echo "*** Setting up gitweb from git.git..."
656 if ! [ -f git.git
/Makefile
]; then
657 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
661 # We do not wholesale replace either webroot or cgiroot unless they are under
662 # basedir so if they exist and are not we make a copy to start working on them.
663 # We make a copy using -p which can result in some warnings so we suppress
664 # error output as it's of no consequence in this case.
665 rm -rf "$webroot" "$cgiroot"
666 [ -n "$webrootsub" ] ||
! [ -d "$rwebroot" ] ||
cp -pR "$rwebroot" "$webroot" >/dev
/null
2>&1 ||
:
667 [ -n "$cgirootsub" ] ||
! [ -d "$rcgiroot" ] ||
cp -pR "$rcgiroot" "$cgiroot" >/dev
/null
2>&1 ||
:
668 mkdir
-p "$webroot" "$cgiroot"
672 "$MAKE" --no-print-directory --silent NO_SUBDIR
=: bindir
="$(dirname "$cfg_git_bin")" \
673 GITWEB_CONFIG
="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH
="$shbin" gitweb
&&
675 PERLBIN
="$perlbin" && export PERLBIN
&&
676 perl
-p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
677 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb
/gitweb.cgi
>"$cgiroot"/gitweb.cgi.$$
&&
678 chmod a
+x
"$cgiroot"/gitweb.cgi.$$
&&
679 chown_make
"$cgiroot"/gitweb.cgi.$$
&&
680 mv -f "$cgiroot"/gitweb.cgi.$$
"$cgiroot"/gitweb.cgi
&&
681 cp gitweb
/static
/*.png gitweb
/static
/*.css gitweb
/static
/*.js
"$webroot"
686 echo "*** Setting up git-browser from git-browser.git..."
687 if ! [ -f git-browser.git
/git-browser.cgi
]; then
688 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
691 mkdir
-p "$webroot"/git-browser
"$cgiroot"
693 cd git-browser.git
&&
694 CFG
="$cfg_basedir/gitweb/git-browser.conf" && export CFG
&&
695 PERLBIN
="$perlbin" && export PERLBIN
&& perl
-p \
696 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
697 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi
>"$cgiroot"/git-browser.cgi.$$
&&
698 chmod a
+x
"$cgiroot"/git-browser.cgi.$$
&&
699 chown_make
"$cgiroot"/git-browser.cgi.$$
&&
700 mv -f "$cgiroot"/git-browser.cgi.$$
"$cgiroot"/git-browser.cgi
&&
701 cp -r *.html
*.js
*.css js.lib
"$webroot"/git-browser
&&
702 cp -r JSON
"$cgiroot"
705 rm -f "$webroot"/git-browser
/index.html
706 cat >"$basedir/gitweb"/git-browser.conf.$$
<<-EOT
708 warehouse: $cfg_reporoot
709 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
711 chown_make
"$basedir/gitweb"/git-browser.conf.$$
712 mv -f "$basedir/gitweb"/git-browser.conf.$$
"$basedir/gitweb"/git-browser.conf
713 cat >"$webroot"/git-browser
/GitConfig.js.$$
<<-EOT
714 cfg_gitweb_url="$cfg_gitweburl/"
715 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
717 chown_make
"$webroot"/git-browser
/GitConfig.js.$$
718 mv -f "$webroot"/git-browser
/GitConfig.js.$$
"$webroot"/git-browser
/GitConfig.js
721 echo "*** Setting up our part of the website..."
722 mkdir
-p "$webroot" "$cgiroot"
723 cp "$basedir"/bin
/snapshot.cgi
"$basedir/cgi"
724 cp "$basedir"/bin
/authrequired.cgi
"$basedir/cgi"
725 [ -n "$cfg_httpspushurl" ] ||
rm -f "$basedir/cgi"/usercert.cgi
"$cgiroot"/usercert.cgi
726 cp "$basedir/cgi"/*.cgi
"$cgiroot"
727 rm -rf "$basedir/cgi"
728 ln -fs "$cfg_basedir"/Girocco
"$cgiroot"
729 [ -z "$cfg_webreporoot" ] ||
{ rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
730 if [ -z "$cfg_httpspushurl" ]; then
731 grep -v 'rootcert[.]html' gitweb
/indextext.html
>"$basedir/gitweb/indextext.html"
733 cp gitweb
/indextext.html
"$basedir/gitweb"
735 mv "$basedir"/html
/*.css
"$basedir"/html
/*.js
"$webroot"
736 cp mootools.js
"$webroot"
737 cp htaccess
"$webroot/.htaccess"
738 cp cgi
/htaccess
"$cgiroot/.htaccess"
739 cp git-favicon.ico
"$webroot/favicon.ico"
740 cp robots.txt
"$webroot"
741 cat gitweb
/gitweb.css
>>"$webroot"/gitweb.css
744 if [ -n "$cfg_httpspushurl" ]; then
745 echo "*** Setting up SSL certificates..."
747 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev
/null
; then
748 bits
="$cfg_rsakeylength"
750 mkdir
-p "$cfg_certsdir"
751 [ -d "$cfg_certsdir" ]
753 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
755 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem
" -noout -subject |
760 if [ -n "$cfg_wwwcertaltnames" ]; then
761 for dnsopt
in $cfg_wwwcertaltnames; do
762 wwwcertdns
="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
766 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
767 wwwcertdnsfile
="$(cat "$cfg_certsdir/girocco_www_crt.dns
")"
770 [ -e "$cfg_certsdir/girocco_client_crt.pem" ] &&
771 [ -e "$cfg_certsdir/girocco_client_key.pem" ] &&
772 [ -e "$cfg_certsdir/girocco_www_key.pem" ] &&
773 [ -e "$cfg_certsdir/girocco_www_crt.pem" ] && [ "$wwwcertcn" = "/CN=$cfg_httpsdnsname" ] &&
774 [ -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot
=1
775 if [ -n "$needroot" ] && ! [ -e "$cfg_certsdir/girocco_root_key.pem" ]; then
776 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
778 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
779 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
780 rm -f "$cfg_certsdir/girocco_root_crt.pem"
782 echo "Created new root key"
784 if ! [ -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
785 "$basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
786 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
787 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
788 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
789 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
790 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
791 echo "Created new root certificate"
793 if ! [ -e "$cfg_certsdir/girocco_www_key.pem" ]; then
795 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
796 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
797 rm -f "$cfg_certsdir/girocco_www_crt.pem"
799 echo "Created new www key"
801 if ! [ -e "$cfg_certsdir/girocco_www_crt.pem" ] ||
802 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] ||
[ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
803 openssl rsa
-in "$cfg_certsdir/girocco_www_key.pem" -pubout |
804 "$basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
805 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
806 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
807 printf '%s\n' "$wwwcertdns" >"$cfg_certsdir/girocco_www_crt.dns"
808 echo "Created www certificate"
810 if ! [ -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
811 cat "$cfg_certsdir/girocco_root_crt.pem" >"$cfg_certsdir/girocco_www_chain.pem"
812 echo "Created www certificate chain file"
814 if ! [ -e "$cfg_certsdir/girocco_client_key.pem" ]; then
816 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
817 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
818 rm -f "$cfg_certsdir/girocco_client_crt.pem"
820 echo "Created new client key"
822 if ! [ -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
823 openssl rsa
-in "$cfg_certsdir/girocco_client_key.pem" -pubout |
824 "$basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
825 --cert "$cfg_certsdir/girocco_root_crt.pem" \
826 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
827 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
828 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
829 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
830 echo "Created client certificate"
832 if ! [ -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
833 cat "$cfg_certsdir/girocco_client_crt.pem" >"$cfg_certsdir/girocco_client_suffix.pem"
834 echo "Created client certificate suffix file"
836 cat "$cfg_rootcert" >"$webroot/${cfg_nickname}_root_cert.pem"
837 if [ -n "$cfg_mob" ]; then
838 if ! [ -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
839 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
840 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
841 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
842 echo "Created new mob user key"
844 if ! [ -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
845 openssl rsa
-in "$cfg_mobuserkey" -pubout |
846 "$basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
847 --cert "$cfg_clientcert" \
848 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
849 echo "Created mob user client certificate"
851 cat "$cfg_mobuserkey" >"$webroot/${cfg_nickname}_mob_key.pem"
852 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" >"$webroot/${cfg_nickname}_mob_user.pem"
854 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
857 rm -f "$webroot/${cfg_nickname}_root_cert.pem"
858 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
862 echo "*** Finalizing permissions and moving into place..."
863 chown
-R -h "$cfg_mirror_user""$owngroup" "$basedir" "$webroot" "$cgiroot"
864 [ -z "$cfg_httpspushurl" ] || chown
-R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
866 # This should always be the very last thing install.sh does
867 rm -rf "$rbasedir-old" "$rwebroot-old" "$rcgiroot-old"
868 quick_move
"$basedir" "$rbasedir" "$rbasedir-old"
869 [ -n "$webrootsub" ] || quick_move
"$webroot" "$rwebroot" "$rwebroot-old"
870 [ -n "$cgirootsub" ] || quick_move
"$cgiroot" "$rcgiroot" "$rcgiroot-old"
871 rm -rf "$rbasedir-old" "$rwebroot-old" "$rcgiroot-old"
872 ! [ -S "$cfg_chroot/etc/taskd.socket" ] ||
{
873 echo "*** Requesting graceful restart of running taskd (and, if running, jobd)..."
874 touch "$cfg_chroot/etc/taskd.restart"
875 echo "nop" | nc_openbsd
-w 5 -U "$cfg_chroot/etc/taskd.socket" ||
: