2 # The Girocco installation script
3 # We will OVERWRITE basedir!
7 [ -n "$MAKE" ] || MAKE
="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
14 # Run perl module checker
15 if [ ! -x toolbox
/check-perl-modules.pl
]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF
=Girocco
::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
24 # First run Girocco::Config consistency checks
25 perl
-I.
-M$GIROCCO_CONF -e ''
29 "$var_perl_bin" toolbox
/check-perl-modules.pl
31 # $1 must exist and be a dir
32 # $2 may exist but must be a dir
34 # After call $2 will be renamed to $3 (if $2 existed)
35 # And $1 will be renamed to $2
37 [ -n "$1" ] && [ -n "$2" ] && [ -n "$3" ] ||
{ echo "fatal: quick_move: bad args: '$1' '$2' '$3'" >&2; exit 1; }
38 ! [ -e "$3" ] ||
{ echo "fatal: quick_move: already exists: $3" >&2; exit 1; }
39 [ -d "$1" ] ||
{ echo "fatal: quick_move: no such dir: $1" >&2; exit 1; }
40 [ ! -e "$2" -o -d "$2" ] ||
{ echo "fatal: quick_move: not a dir: $2" >&2; exit 1; }
41 perl
-e 'rename($ARGV[1], $ARGV[2]) or die "rename failed: $!\n" if -d $ARGV[1];
42 rename($ARGV[0], $ARGV[1]) or die "rename failed: $!\n"; exit 0;' "$1" "$2" "$3" ||
{
43 echo "fatal: quick_move: rename failed" >&2
46 ! [ -d "$1" ] && [ -d "$2" ] ||
{
47 echo "fatal: quick_move: rename failed" >&2
54 "command" "$var_sh_bin" -c '{ "unset" -f unalias command "$1" || :; "unalias" "$1" || :; } >/dev/null 2>&1; "command" -v "$1"' "$var_sh_bin" "$1"
58 [ -z "$cfg_owning_group" ] || owngroup
=":$cfg_owning_group"
59 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
60 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
61 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
66 # Check for extra required tools
67 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint
>/dev
/null
; then
68 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
73 echo "*** Checking for compiled utilities..."
74 if [ ! -x src
/can_user_push
]; then
75 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
76 echo "ERROR: perhaps you forgot to run make?" >&2
79 if [ ! -x src
/can_user_push_http
]; then
80 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
81 echo "ERROR: perhaps you forgot to run make?" >&2
84 if [ ! -x src
/getent
]; then
85 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
86 echo "ERROR: perhaps you forgot to run make?" >&2
89 if [ ! -x src
/get_user_uuid
]; then
90 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
91 echo "ERROR: perhaps you forgot to run make?" >&2
94 if [ ! -x src
/list_packs
]; then
95 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
96 echo "ERROR: perhaps you forgot to run make?" >&2
99 if [ ! -x src
/peek_packet
]; then
100 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
101 echo "ERROR: perhaps you forgot to run make?" >&2
104 if [ ! -x src
/rangecgi
]; then
105 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
106 echo "ERROR: perhaps you forgot to run make?" >&2
109 if [ ! -x src
/strftime
]; then
110 echo "ERROR: src/strftime is not built! Did you _REALLY_ read INSTALL?" >&2
111 echo "ERROR: perhaps you forgot to run make?" >&2
114 if [ ! -x src
/throttle
]; then
115 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
116 echo "ERROR: perhaps you forgot to run make?" >&2
121 echo "*** Checking for ezcert..."
122 if ! [ -f ezcert.git
/CACreateCert
-a -x ezcert.git
/CACreateCert
]; then
123 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
128 echo "*** Checking for git..."
129 case "$cfg_git_bin" in /*) :;; *)
130 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
133 if [ ! -x "$cfg_git_bin" ]; then
134 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
137 if ! git_version
="$("$cfg_git_bin" version)"; then
138 echo "ERROR: $cfg_git_bin version failed" >&2
141 case "$git_version" in
142 [Gg
]"it version "*) :;;
144 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
147 echo "Found $cfg_git_bin $git_version"
148 git_vernum
="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
149 echo "*** Checking Git $git_vernum for compatibility..."
150 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
151 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
154 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
155 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
157 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
161 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
164 Some Girocco functionality will be gracefully disabled and other things will
165 just not work at all such as race condition protection against simultaneous
166 client pushes and server garbage collections.
170 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
171 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
173 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
174 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
176 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
177 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
178 echo 'WARNING: See http://mid.mail-archive.com/20141222041944.GA441@peff.net for details'
180 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
181 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
182 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
184 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
185 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
187 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
188 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
190 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
191 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
193 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
197 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
200 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
201 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
202 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
204 In order to bypass this check you will have to modify install.sh in which case
205 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
210 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
211 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
213 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
214 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
217 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
218 secmsg
='prior to 2.4.11'
220 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
221 secmsg
='2.5.x prior to 2.5.5'
223 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
224 secmsg
='2.6.x prior to 2.6.6'
226 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
227 secmsg
='2.7.x prior to 2.7.4'
229 if [ -n "$secmsg" ]; then
233 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
236 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
237 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
239 Besides the security fixes included in later versions, versions prior to
240 2.2.0 may accidentally prune unreachable loose objects earlier than
241 intended. Since Git version 2.4.11 is the minimum version to include all
242 security fixes to date, it should be considered the absolute minimum
243 version of Git to use when running Girocco.
245 This is not enforced, but Git is easy to build from the git.git submodule
246 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
248 We will now pause for a moment so you can reflect on this warning.
253 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr
"$cfg_git_bin"; then
257 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
260 You appear to have enabled mirroring and the Git binary you have selected
261 appears to contain an experimental patch that cannot be disabled. This
262 patch can generate invalid network DNS traffic and/or cause long delays
263 when fetching using the "git:" protocol when no port number is specified.
264 It may also end up retrieving repsitory contents from a host other than
265 the one specified in the "git:" URL when the port is omitted.
267 You are advised to either build your own version of Git (the problem patch
268 is not part of the official Git repository) or disable mirroring (via the
269 $Girocco::Config:mirror setting) to avoid these potential problems.
271 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
278 [ -n "$1" ] ||
return 1
279 _cmdnc
="$(command -v "$1" 2>/dev/null || :)"
280 [ -n "$_cmdnc" ] && [ -x "$_cmdnc" ] ||
return 1
281 _tmpdir
="$(mktemp -d /tmp/nc-u-XXXXXX)"
282 [ -n "$_tmpdir" ] && [ -d "$_tmpdir" ] ||
return 1
284 (sleep 3 |
"$_cmdnc" -l -U "$_tmpdir/socket" 2>/dev
/null
>"$_tmpdir/output" ||
>"$_tmpdir/failed")&
287 echo "testing" |
"$_cmdnc" -w 1 -U "$_tmpdir/socket" >/dev
/null
2>&1 ||
>"$_tmpdir/failed"
289 kill "$_bgpid" >/dev
/null
2>&1 ||
:
290 read -r _result
<"$_tmpdir/output" ||
:
292 ! [ -e "$_tmpdir/failed" ] || _bad
=1
294 [ -z "$_bad" ] && [ "$_result" = "testing" ]
297 echo "*** Verifying \$Girocco::Config::nc_openbsd_bin supports -U option..."
298 test_nc_U
"$var_nc_openbsd_bin" ||
{
299 echo "ERROR: invalid Girocco::Config::nc_openbsd_bin setting" >&2
300 echo "ERROR: \"$var_nc_openbsd_bin\" does not grok the -U option" >&2
301 if [ "$(uname -s 2>/dev/null)" = "DragonFly" ]; then
302 echo "ERROR: see the src/dragonfly/README file for a solution" >&2
307 echo "*** Verifying selected POSIX sh is sane..."
309 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] ||
{
310 echo 'ERROR: invalid $Girocco::Config::posix_sh_bin setting' >&2
313 [ "$(check_sh_builtin command)" = "command" ] ||
{
314 echo 'ERROR: invalid $Girocco::Config::posix_sh_bin setting (does not understand command -v)' >&2
318 sh_extra_chroot_installs
=
320 for sbi
in cd pwd read umask unset unalias; do
321 if [ "$(check_sh_builtin "$sbi")" != "$sbi" ]; then
322 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (missing built-in $sbi)" >&2
326 [ -z "$badsh" ] ||
exit 1
327 for sbi
in '[' echo printf test; do
328 if ! extra
="$(check_sh_builtin "$sbi")"; then
329 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (missing command $sbi)" >&2
333 if [ "$extra" != "$sbi" ]; then
334 case "$extra" in /*) :;; *)
335 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (bad command -v $sbi result: $extra)" >&2
340 case "$extra" in *" "*) withspc
=1; esac
341 [ -z "$withspc" ] && [ -f "$extra" ] && [ -r "$extra" ] && [ -x "$extra" ] ||
{
342 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (unusable command -v $sbi result: $extra)" >&2
346 echo "WARNING: slow \$Girocco::Config::posix_sh_bin setting (not built-in $sbi)" >&2
347 sh_not_builtin
="$sh_not_builtin $sbi"
348 sh_extra_chroot_installs
="$sh_extra_chroot_installs $extra"
351 [ -z "$badsh" ] ||
exit 1
352 [ -z "$sh_extra_chroot_installs" ] ||
{
353 echo "WARNING: the selected POSIX sh implements these as non-built-in:$sh_not_builtin" >&2
354 echo "WARNING: as a result it will run slower than necessary" >&2
355 echo "WARNING: consider building and switching to dash which can be found at:" >&2
356 echo "WARNING: http://gondor.apana.org.au/~herbert/dash/" >&2
357 echo "WARNING: (download a tarball from the files section or clone the Git repository" >&2
358 echo "WARNING: and checkout the latest tag, run autogen.sh, configure and build)" >&2
359 echo "WARNING: dash is licensed under the 3-clause BSD license" >&2
362 echo "*** Verifying selected perl is sane..."
363 perlbin
="$var_perl_bin"
364 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl
", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] ||
{
365 echo 'ERROR: invalid $Girocco::Config::perl_bin setting' >&2
369 echo "*** Verifying selected gzip is sane..."
370 gzipbin
="$var_gzip_bin"
371 [ -n "$gzipbin" ] && [ -x "$gzipbin" ] && "$gzipbin" -V 2>&1 |
grep -q gzip && \
372 [ "$(echo Girocco | "$gzipbin" -c -n -9 | "$gzipbin" -c -d)" = "Girocco" ] ||
{
373 echo 'ERROR: invalid $Girocco::Config::gzip_bin setting' >&2
377 echo "*** Verifying basedir, webroot and cgiroot paths..."
378 # Make sure $cfg_basedir, $cfg_webroot and $cfg_cgiroot are absolute paths
379 case "$cfg_basedir" in /*) :;; *)
380 echo "ERROR: invalid Girocco::Config::basedir setting" >&2
381 echo "ERROR: \"$cfg_basedir\" must be an absolute path (start with '/')" >&2
384 case "$cfg_webroot" in /*) :;; *)
385 echo "ERROR: invalid Girocco::Config::webroot setting" >&2
386 echo "ERROR: \"$cfg_webroot\" must be an absolute path (start with '/')" >&2
389 case "$cfg_cgiroot" in /*) :;; *)
390 echo "ERROR: invalid Girocco::Config::cgiroot setting" >&2
391 echo "ERROR: \"$cfg_cgiroot\" must be an absolute path (start with '/')" >&2
395 # return the input with trailing slashes stripped but return "/" for all "/"s
397 [ -n "$1" ] ||
return 0
399 [ "$_s" != "$1" ] || _s
="${_s#?}"
400 printf "%s\n" "${1%$_s}"
403 # a combination of realpath + dirname where the realpath of the deepest existing
404 # directory is returned with the rest of the non-existing components appended
405 # and trailing slashes and multiple slashes are removed
407 _d
="$(striptrsl "$1")"
408 if [ "$_d" = "/" ] ||
[ -z "$_d" ]; then
413 while ! [ -d "$_d" ]; do
414 _c
="/$(basename "$_d")$_c"
415 _d
="$(dirname "$_d")"
416 [ "$_d" != "/" ] || _c
="${_c#/}"
418 printf "%s%s\n" "$(cd "$_d" && pwd -P)" "$_c"
421 # Use basedir, webroot and cgiroot for easier control of filesystem locations
422 # Wherever we are writing/copying/installing files we use these, but where we
423 # are editing, adding config settings or printing advice we always stick to the
424 # cfg_xxx Config variable versions. These are like a set of DESTDIR variables.
425 # Only the file system directories that could be asynchronously accessed (by
426 # the web server, jobd.pl, taskd.pl or incoming pushes) get these special vars.
427 # The chroot is handled specially and does not need one of these.
428 # We must be careful to allow cgiroot and/or webroot to be under basedir in which
429 # case the prior contents of cgiroot and/or webroot are discarded.
430 rbasedir
="$(realdir "$cfg_basedir")"
431 rwebroot
="$(realdir "$cfg_webroot")"
432 rcgiroot
="$(realdir "$cfg_cgiroot")"
433 case "$rbasedir" in "$rwebroot"/?
*)
434 echo "ERROR: invalid Girocco::Config::basedir setting; must not be under webroot" >&2
437 case "$rbasedir" in "$rcgiroot"/?
*)
438 echo "ERROR: invalid Girocco::Config::basedir setting; must not be under cgiroot" >&2
441 if [ "$rwebroot" = "$rcgiroot" ]; then
442 echo "ERROR: invalid Girocco::Config::webroot and Girocco::Config::cgiroot settings; must not be the same" >&2
445 case "$rcgiroot" in "$rwebroot"/?
*)
446 echo "ERROR: invalid Girocco::Config::cgiroot setting; must not be under webroot" >&2
449 case "$rwebroot" in "$rcgiroot"/?
*)
450 echo "ERROR: invalid Girocco::Config::webroot setting; must not be under cgiroot" >&2
453 basedir
="$rbasedir-new"
456 webroot
="$basedir${rwebroot#$rbasedir}"
460 webroot
="$rwebroot-new"
466 cgiroot
="$basedir${rcgiroot#$rbasedir}"
470 cgiroot
="$rcgiroot-new"
475 echo "*** Setting up basedir..."
478 if [ "$LOGNAME" = root
-a -n "$SUDO_USER" -a "$SUDO_USER" != root
]; then
479 find "$@" -user root
-print0 2>/dev
/null | \
480 xargs -0 chown
"$SUDO_USER:$(id -gn "$SUDO_USER")"
481 elif [ "$LOGNAME" = root
-a -z "$SUDO_USER" -o "$SUDO_USER" = root
]; then
482 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
486 "$MAKE" --no-print-directory --silent apache.conf
487 chown_make apache.conf
488 "$MAKE" --no-print-directory --silent -C src
491 mkdir
-p "$basedir" "$basedir/gitweb" "$basedir/cgi"
492 cp cgi
/*.cgi
"$basedir/cgi"
493 cp -pR Girocco jobd taskd html
jobs toolbox hooks apache.conf shlib.sh bin screen
"$basedir"
494 cp -p src
/can_user_push src
/can_user_push_http src
/get_user_uuid src
/list_packs src
/peek_packet \
495 src
/rangecgi src
/strftime src
/throttle ezcert.git
/CACreateCert cgi
/authrequired.cgi \
496 cgi
/snapshot.cgi
"$basedir/bin"
497 cp -p gitweb
/*.sh gitweb
/*.perl
"$basedir/gitweb"
498 [ -n "$cfg_httpspushurl" ] ||
rm -f "$basedir"/html
/rootcert.html
"$basedir"/html
/httpspush.html
499 [ -n "$cfg_mob" ] ||
rm -f "$basedir"/html
/mob.html
501 # Put the correct Config in place
502 [ "$GIROCCO_CONF" = "Girocco::Config" ] ||
cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$basedir/Girocco/Config.pm"
504 # Create symbolic links to selected binaries
505 ln -s "$cfg_git_bin" "$basedir/bin/git"
506 ln -s "$shbin" "$basedir/bin/sh"
507 ln -s "$perlbin" "$basedir/bin/perl"
508 ln -s "$gzipbin" "$basedir/bin/gzip"
510 echo "*** Preprocessing scripts..."
511 SHBIN
="$shbin" && export SHBIN
512 PERLBIN
="$perlbin" && export PERLBIN
513 perl
-I.
-M$GIROCCO_CONF -i -p \
514 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
515 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
516 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
517 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
518 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
519 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
520 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
521 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
522 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
523 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
524 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
525 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
526 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
527 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
528 -e 's/\@git_no_mmap\@/"$Girocco::Config::git_no_mmap"/g;' \
529 -e 's/\@var_xargs_r\@/"'"$var_xargs_r"'"/g;' \
530 -e 's/\@big_file_threshold\@/"'"$var_big_file_threshold"'"/g;' \
531 -e 's/\@upload_pack_window\@/"'"$var_upload_window"'"/g;' \
532 -e 'close ARGV if eof;' \
533 "$basedir"/jobs
/*.sh
"$basedir"/jobd
/*.sh \
534 "$basedir"/taskd
/*.sh
"$basedir"/gitweb
/*.sh \
535 "$basedir"/shlib.sh
"$basedir"/hooks
/* \
536 "$basedir"/toolbox
/*.sh
"$basedir"/toolbox
/*.pl \
537 "$basedir"/toolbox
/reports
/*.sh \
538 "$basedir"/bin
/git-
* "$basedir"/bin
/*.sh \
539 "$basedir"/bin
/create-
* "$basedir"/bin
/update-
* \
540 "$basedir"/bin
/*.cgi
"$basedir"/screen
/*
542 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
543 -e 'close ARGV if eof;' \
544 "$basedir"/jobd
/jobd.pl
"$basedir"/taskd
/taskd.pl \
545 "$basedir"/bin
/sendmail.pl
"$basedir"/bin
/CACreateCert
547 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
548 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
549 -e 'close ARGV if eof;' \
550 "$basedir"/bin
/format-readme
"$basedir/cgi"/*.cgi
554 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
555 get_girocco_config_var_list
> "$basedir"/shlib_vars.sh
557 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
558 if [ ! -d bzr-fastimport.git
/exporters
/darcs
/ ]; then
559 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
562 mkdir
-p "$basedir"/bin
563 cp bzr-fastimport.git
/exporters
/darcs
/darcs-fast-export
"$basedir"/bin
565 echo "*** Setting up hg-fast-export from fast-export.git..."
566 if [ ! -f fast-export.git
/hg-fast-export.py
-o ! -f fast-export.git
/hg2git.py
]; then
567 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
570 mkdir
-p "$basedir"/bin
571 cp fast-export.git
/hg-fast-export.py fast-export.git
/hg2git.py
"$basedir"/bin
573 echo "*** Setting up markdown from markdown.git..."
574 if [ ! -f markdown.git
/Markdown.pl
]; then
575 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
578 mkdir
-p "$basedir"/bin
579 (PERLBIN
="$perlbin" && export PERLBIN
&& \
580 perl
-p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
581 markdown.git
/Markdown.pl
> "$basedir"/bin
/Markdown.pl.$$
&& \
582 chmod a
+x
"$basedir"/bin
/Markdown.pl.$$
&& \
583 mv -f "$basedir"/bin
/Markdown.pl.$$
"$basedir"/bin
/Markdown.pl
)
586 # Some permission sanity on basedir/bin just in case
587 find "$basedir"/bin
-type f
-print0 |
xargs -0 chmod go-w
588 chown
-R -h "$cfg_mirror_user""$owngroup" "$basedir"/bin
590 if [ -n "$cfg_mirror" ]; then
591 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
593 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
594 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
595 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
598 echo "*** Setting up repository root..."
599 mkdir
-p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
600 if [ "$cfg_owning_group" ]; then
601 chgrp
"$cfg_owning_group" "$cfg_reporoot" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
602 chgrp
"$cfg_owning_group" "$cfg_reporoot/_recyclebin" ||
echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
604 chmod 02775 "$cfg_reporoot" ||
echo "WARNING: Cannot chmod $cfg_reporoot properly"
605 chmod 02775 "$cfg_reporoot/_recyclebin" ||
echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
608 if [ -n "$cfg_chrooted" ]; then
609 echo "*** Setting up chroot jail for pushing..."
610 if [ "$(id -u)" -eq 0 ]; then
611 # jailsetup may install things from $cfg_basedir/bin into the
612 # chroot so we do a mini-update of just that portion now
613 mkdir
-p "$cfg_basedir"
614 rm -rf "$cfg_basedir/bin-new"
615 cp -pR "$basedir/bin" "$cfg_basedir/bin-new" >/dev
/null
2>&1
616 rm -rf "$cfg_basedir/bin-old"
617 quick_move
"$cfg_basedir/bin-new" "$cfg_basedir/bin" "$cfg_basedir/bin-old"
618 rm -rf "$cfg_basedir/bin-old"
619 if [ -n "$sh_extra_chroot_installs" ]; then
620 GIROCCO_CHROOT_EXTRA_INSTALLS
="$sh_extra_chroot_installs"
621 export GIROCCO_CHROOT_EXTRA_INSTALLS
624 unset GIROCCO_CHROOT_EXTRA_INSTALLS
626 echo "WARNING: Skipping jail setup, not root"
631 echo "*** Setting up jail configuration (project database)..."
632 [ "$(id -u)" -eq 0 ] || .
/jailsetup.sh dbonly
633 mkdir
-p "$cfg_chroot" "$cfg_chroot/etc"
634 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
635 chown
"$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
636 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
637 chown
"$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
638 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
639 chmod g
+w
"$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
640 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
641 chmod 02775 "$cfg_chroot/etc" ||
echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
644 echo "*** Setting up gitweb from git.git..."
645 if [ ! -f git.git
/Makefile
]; then
646 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
650 # We do not wholesale replace either webroot or cgiroot unless they are under
651 # basedir so if they exist and are not we make a copy to start working on them.
652 # We make a copy using -p which can result in some warnings so we suppress
653 # error output as it's of no consequence in this case.
654 rm -rf "$webroot" "$cgiroot"
655 [ -n "$webrootsub" ] ||
! [ -d "$rwebroot" ] ||
cp -pR "$rwebroot" "$webroot" >/dev
/null
2>&1 ||
:
656 [ -n "$cgirootsub" ] ||
! [ -d "$rcgiroot" ] ||
cp -pR "$rcgiroot" "$cgiroot" >/dev
/null
2>&1 ||
:
657 mkdir
-p "$webroot" "$cgiroot"
659 (cd git.git
&& "$MAKE" --no-print-directory --silent NO_SUBDIR
=: bindir
="$(dirname "$cfg_git_bin")" \
660 GITWEB_CONFIG
="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH
="$shbin" gitweb
&& \
661 chown_make gitweb
&& \
662 PERLBIN
="$perlbin" && export PERLBIN
&& \
663 perl
-p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
664 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb
/gitweb.cgi
> "$cgiroot"/gitweb.cgi.$$
&& \
665 chmod a
+x
"$cgiroot"/gitweb.cgi.$$
&& \
666 chown_make
"$cgiroot"/gitweb.cgi.$$
&& \
667 mv -f "$cgiroot"/gitweb.cgi.$$
"$cgiroot"/gitweb.cgi
&& \
668 cp gitweb
/static
/*.png gitweb
/static
/*.css gitweb
/static
/*.js
"$webroot")
672 echo "*** Setting up git-browser from git-browser.git..."
673 if [ ! -f git-browser.git
/git-browser.cgi
]; then
674 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
677 mkdir
-p "$webroot"/git-browser
"$cgiroot"
678 (cd git-browser.git
&& \
679 CFG
="$cfg_basedir/gitweb/git-browser.conf" && export CFG
&& \
680 PERLBIN
="$perlbin" && export PERLBIN
&& perl
-p \
681 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
682 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi
> "$cgiroot"/git-browser.cgi.$$
&& \
683 chmod a
+x
"$cgiroot"/git-browser.cgi.$$
&& \
684 chown_make
"$cgiroot"/git-browser.cgi.$$
&& \
685 mv -f "$cgiroot"/git-browser.cgi.$$
"$cgiroot"/git-browser.cgi
&& \
686 cp -r *.html
*.js
*.css js.lib
"$webroot"/git-browser
&& \
687 cp -r JSON
"$cgiroot")
689 rm -f "$webroot"/git-browser
/index.html
690 cat >"$basedir/gitweb"/git-browser.conf.$$
<<EOT
692 warehouse: $cfg_reporoot
693 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
695 chown_make
"$basedir/gitweb"/git-browser.conf.$$
696 mv -f "$basedir/gitweb"/git-browser.conf.$$
"$basedir/gitweb"/git-browser.conf
697 cat >"$webroot"/git-browser
/GitConfig.js.$$
<<EOT
698 cfg_gitweb_url="$cfg_gitweburl/"
699 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
701 chown_make
"$webroot"/git-browser
/GitConfig.js.$$
702 mv -f "$webroot"/git-browser
/GitConfig.js.$$
"$webroot"/git-browser
/GitConfig.js
705 echo "*** Setting up our part of the website..."
706 mkdir
-p "$webroot" "$cgiroot"
707 cp "$basedir"/bin
/snapshot.cgi
"$basedir/cgi"
708 cp "$basedir"/bin
/authrequired.cgi
"$basedir/cgi"
709 [ -n "$cfg_httpspushurl" ] ||
rm -f "$basedir/cgi"/usercert.cgi
"$cgiroot"/usercert.cgi
710 cp "$basedir/cgi"/*.cgi
"$cgiroot"
711 rm -rf "$basedir/cgi"
712 ln -fs "$cfg_basedir"/Girocco
"$cgiroot"
713 [ -z "$cfg_webreporoot" ] ||
{ rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
714 if [ -z "$cfg_httpspushurl" ]; then
715 grep -v 'rootcert[.]html' gitweb
/indextext.html
> "$basedir/gitweb/indextext.html"
717 cp gitweb
/indextext.html
"$basedir/gitweb"
719 mv "$basedir"/html
/*.css
"$basedir"/html
/*.js
"$webroot"
720 cp mootools.js
"$webroot"
721 cp htaccess
"$webroot/.htaccess"
722 cp cgi
/htaccess
"$cgiroot/.htaccess"
723 cp git-favicon.ico
"$webroot/favicon.ico"
724 cp robots.txt
"$webroot"
725 cat gitweb
/gitweb.css
>>"$webroot"/gitweb.css
728 if [ -n "$cfg_httpspushurl" ]; then
729 echo "*** Setting up SSL certificates..."
731 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev
/null
; then
732 bits
="$cfg_rsakeylength"
734 mkdir
-p "$cfg_certsdir"
735 [ -d "$cfg_certsdir" ]
737 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
739 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem
" -noout -subject | \
744 if [ -n "$cfg_wwwcertaltnames" ]; then
745 for dnsopt
in $cfg_wwwcertaltnames; do
746 wwwcertdns
="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
750 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
751 wwwcertdnsfile
="$(cat "$cfg_certsdir/girocco_www_crt.dns
")"
754 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
755 -e "$cfg_certsdir/girocco_client_key.pem" -a \
756 -e "$cfg_certsdir/girocco_www_key.pem" -a \
757 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
758 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot
=1
759 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
760 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
762 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
763 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
764 rm -f "$cfg_certsdir/girocco_root_crt.pem"
766 echo "Created new root key"
768 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
769 "$basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
770 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
771 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
772 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
773 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
774 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
775 echo "Created new root certificate"
777 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
779 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
780 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
781 rm -f "$cfg_certsdir/girocco_www_crt.pem"
783 echo "Created new www key"
785 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
786 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] ||
[ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
787 openssl rsa
-in "$cfg_certsdir/girocco_www_key.pem" -pubout |
788 "$basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
789 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
790 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
791 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
792 echo "Created www certificate"
794 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
795 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
796 echo "Created www certificate chain file"
798 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
800 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
801 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
802 rm -f "$cfg_certsdir/girocco_client_crt.pem"
804 echo "Created new client key"
806 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
807 openssl rsa
-in "$cfg_certsdir/girocco_client_key.pem" -pubout |
808 "$basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
809 --cert "$cfg_certsdir/girocco_root_crt.pem" \
810 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
811 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
812 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
813 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
814 echo "Created client certificate"
816 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
817 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
818 echo "Created client certificate suffix file"
820 cat "$cfg_rootcert" > "$webroot/${cfg_nickname}_root_cert.pem"
821 if [ -n "$cfg_mob" ]; then
822 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
823 openssl genrsa
-f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
824 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
825 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
826 echo "Created new mob user key"
828 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
829 openssl rsa
-in "$cfg_mobuserkey" -pubout |
830 "$basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
831 --cert "$cfg_clientcert" \
832 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
833 echo "Created mob user client certificate"
835 cat "$cfg_mobuserkey" > "$webroot/${cfg_nickname}_mob_key.pem"
836 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$webroot/${cfg_nickname}_mob_user.pem"
838 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
841 rm -f "$webroot/${cfg_nickname}_root_cert.pem"
842 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
846 echo "*** Finalizing permissions and moving into place..."
847 chown
-R -h "$cfg_mirror_user""$owngroup" "$basedir" "$webroot" "$cgiroot"
848 [ -z "$cfg_httpspushurl" ] || chown
-R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
850 # This should always be the very last thing install.sh does
851 rm -rf "$rbasedir-old" "$rwebroot-old" "$rcgiroot-old"
852 quick_move
"$basedir" "$rbasedir" "$rbasedir-old"
853 [ -n "$webrootsub" ] || quick_move
"$webroot" "$rwebroot" "$rwebroot-old"
854 [ -n "$cgirootsub" ] || quick_move
"$cgiroot" "$rcgiroot" "$rcgiroot-old"
855 rm -rf "$rbasedir-old" "$rwebroot-old" "$rcgiroot-old"
856 ! [ -S "$cfg_chroot/etc/taskd.socket" ] ||
{
857 echo "*** Requesting graceful restart of running taskd (and, if running, jobd)..."
858 touch "$cfg_chroot/etc/taskd.restart"
859 echo "nop" | nc_openbsd
-w 5 -U "$cfg_chroot/etc/taskd.socket" ||
: