apache.conf.in: use ${APACHE_LOG_DIR} and nickname for log files
[girocco/readme.git] / install.sh
blob036c0521d23c469aa89f9e78044007e51f161e08
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
5 set -e
7 [ -n "$MAKE" ] || MAKE="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
14 # Run perl module checker
15 if [ ! -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
24 # First run Girocco::Config consistency checks
25 perl -I. -M$GIROCCO_CONF -e ''
27 . ./shlib.sh
28 umask 0022
29 "$var_perl_bin" toolbox/check-perl-modules.pl
31 owngroup=""
32 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
33 if [ -n "$cfg_httpspushurl" -a -z "$cfg_certsdir" ]; then
34 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
35 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
36 exit 1
40 # Check for extra required tools
41 if [ -n "$cfg_xmllint_readme" -a "$cfg_xmllint_readme" != "0" ] && ! command -v xmllint >/dev/null; then
42 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
43 exit 1
47 echo "*** Checking for compiled utilities..."
48 if [ ! -x src/can_user_push ]; then
49 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
50 echo "ERROR: perhaps you forgot to run make?" >&2
51 exit 1
53 if [ ! -x src/can_user_push_http ]; then
54 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
55 echo "ERROR: perhaps you forgot to run make?" >&2
56 exit 1
58 if [ ! -x src/getent ]; then
59 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
60 echo "ERROR: perhaps you forgot to run make?" >&2
61 exit 1
63 if [ ! -x src/get_user_uuid ]; then
64 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
65 echo "ERROR: perhaps you forgot to run make?" >&2
66 exit 1
68 if [ ! -x src/list_packs ]; then
69 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
70 echo "ERROR: perhaps you forgot to run make?" >&2
71 exit 1
73 if [ ! -x src/peek_packet ]; then
74 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
75 echo "ERROR: perhaps you forgot to run make?" >&2
76 exit 1
78 if [ ! -x src/rangecgi ]; then
79 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
80 echo "ERROR: perhaps you forgot to run make?" >&2
81 exit 1
83 if [ ! -x src/strftime ]; then
84 echo "ERROR: src/strftime is not built! Did you _REALLY_ read INSTALL?" >&2
85 echo "ERROR: perhaps you forgot to run make?" >&2
86 exit 1
88 if [ ! -x src/throttle ]; then
89 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
90 echo "ERROR: perhaps you forgot to run make?" >&2
91 exit 1
95 echo "*** Checking for ezcert..."
96 if ! [ -f ezcert.git/CACreateCert -a -x ezcert.git/CACreateCert ]; then
97 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
98 exit 1
102 echo "*** Checking for git..."
103 case "$cfg_git_bin" in /*) :;; *)
104 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
105 exit 1
106 esac
107 if [ ! -x "$cfg_git_bin" ]; then
108 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
109 exit 1
111 if ! git_version="$("$cfg_git_bin" version)"; then
112 echo "ERROR: $cfg_git_bin version failed" >&2
113 exit 1
115 case "$git_version" in
116 [Gg]"it version "*) :;;
118 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
119 exit 1
120 esac
121 echo "Found $cfg_git_bin $git_version"
122 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
123 echo "*** Checking Git $git_vernum for compatibility..."
124 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
125 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
126 exit 1
128 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
129 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
131 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
132 cat <<'EOT'
135 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
138 Some Girocco functionality will be gracefully disabled and other things will
139 just not work at all such as race condition protection against simultaneous
140 client pushes and server garbage collections.
144 if [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
145 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
147 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
148 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
150 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ]; then
151 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
152 echo 'WARNING: See http://mid.mail-archive.com/20141222041944.GA441@peff.net for details'
154 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" -a "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
155 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
156 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
158 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
159 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
161 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
162 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
164 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
165 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
167 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
168 cat <<'EOT'
171 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
174 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
175 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
176 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
178 In order to bypass this check you will have to modify install.sh in which case
179 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
182 exit 1
184 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
185 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
187 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
188 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
190 secmsg=
191 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
192 secmsg='prior to 2.4.11'
194 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
195 secmsg='2.5.x prior to 2.5.5'
197 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
198 secmsg='2.6.x prior to 2.6.6'
200 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
201 secmsg='2.7.x prior to 2.7.4'
203 if [ -n "$secmsg" ]; then
204 cat <<EOT
207 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
210 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
211 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
213 Besides the security fixes included in later versions, versions prior to
214 2.2.0 may accidentally prune unreachable loose objects earlier than
215 intended. Since Git version 2.4.11 is the minimum version to include all
216 security fixes to date, it should be considered the absolute minimum
217 version of Git to use when running Girocco.
219 This is not enforced, but Git is easy to build from the git.git submodule
220 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
222 We will now pause for a moment so you can reflect on this warning.
225 sleep 60
227 if [ -n "$cfg_mirror" -a "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
228 cat <<'EOT'
231 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
234 You appear to have enabled mirroring and the Git binary you have selected
235 appears to contain an experimental patch that cannot be disabled. This
236 patch can generate invalid network DNS traffic and/or cause long delays
237 when fetching using the "git:" protocol when no port number is specified.
238 It may also end up retrieving repsitory contents from a host other than
239 the one specified in the "git:" URL when the port is omitted.
241 You are advised to either build your own version of Git (the problem patch
242 is not part of the official Git repository) or disable mirroring (via the
243 $Girocco::Config:mirror setting) to avoid these potential problems.
245 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
248 sleep 5
251 chown_make() {
252 if [ "$LOGNAME" = root -a -n "$SUDO_USER" -a "$SUDO_USER" != root ]; then
253 find "$@" -user root -print0 2>/dev/null | \
254 xargs -0 chown "$SUDO_USER:$(id -gn "$SUDO_USER")"
255 elif [ "$LOGNAME" = root -a -z "$SUDO_USER" -o "$SUDO_USER" = root ]; then
256 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
260 echo "*** Setting up basedir..."
261 "$MAKE" --no-print-directory --silent apache.conf
262 chown_make apache.conf
263 "$MAKE" --no-print-directory --silent -C src
264 chown_make src
265 rm -fr "$cfg_basedir"
266 mkdir -p "$cfg_basedir" "$cfg_basedir/gitweb" "$cfg_basedir/cgi"
267 cp cgi/*.cgi "$cfg_basedir/cgi"
268 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$cfg_basedir"
269 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/list_packs src/peek_packet \
270 src/rangecgi src/strftime src/throttle ezcert.git/CACreateCert cgi/authrequired.cgi \
271 cgi/snapshot.cgi "$cfg_basedir/bin"
272 cp -p gitweb/*.sh gitweb/*.perl "$cfg_basedir/gitweb"
273 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir"/html/rootcert.html "$cfg_basedir"/html/httpspush.html
274 [ -n "$cfg_mob" ] || rm -f "$cfg_basedir"/html/mob.html
276 # Put the correct Config in place
277 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$cfg_basedir/Girocco/Config.pm"
279 ln -s "$cfg_git_bin" "$cfg_basedir/bin/git"
280 shbin="$var_sh_bin"
281 [ -n "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] || {
282 echo "ERROR: invalid $Girocco::Config::posix_sh_bin setting" >&2
283 exit 1
285 ln -s "$shbin" "$cfg_basedir/bin/sh"
286 perlbin="$var_perl_bin"
287 [ -n "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl ", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] || {
288 echo "ERROR: invalid $Girocco::Config::perl_bin setting" >&2
289 exit 1
291 ln -s "$perlbin" "$cfg_basedir/bin/perl"
292 gzipbin="$var_gzip_bin"
293 [ -n "$gzipbin" ] && [ -x "$gzipbin" ] && "$gzipbin" -V 2>&1 | grep -q gzip && \
294 [ "$(echo Girocco | "$gzipbin" -c -n -9 | "$gzipbin" -c -d)" = "Girocco" ] || {
295 echo "ERROR: invalid $Girocco::Config::gzip_bin setting" >&2
296 exit 1
298 ln -s "$gzipbin" "$cfg_basedir/bin/gzip"
300 echo "*** Preprocessing scripts..."
301 SHBIN="$shbin" && export SHBIN
302 PERLBIN="$perlbin" && export PERLBIN
303 perl -I. -M$GIROCCO_CONF -i -p \
304 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
305 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
306 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
307 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
308 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
309 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
310 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
311 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
312 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
313 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
314 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
315 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
316 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
317 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
318 -e 's/\@git_no_mmap\@/"$Girocco::Config::git_no_mmap"/g;' \
319 -e 's/\@var_xargs_r\@/"'"$var_xargs_r"'"/g;' \
320 -e 's/\@big_file_threshold\@/"'"$var_big_file_threshold"'"/g;' \
321 -e 's/\@upload_pack_window\@/"'"$var_upload_window"'"/g;' \
322 -e 'close ARGV if eof;' \
323 "$cfg_basedir"/jobs/*.sh "$cfg_basedir"/jobd/*.sh \
324 "$cfg_basedir"/taskd/*.sh "$cfg_basedir"/gitweb/*.sh \
325 "$cfg_basedir"/shlib.sh "$cfg_basedir"/hooks/* \
326 "$cfg_basedir"/toolbox/*.sh "$cfg_basedir"/toolbox/*.pl \
327 "$cfg_basedir"/toolbox/reports/*.sh \
328 "$cfg_basedir"/bin/git-* "$cfg_basedir"/bin/*.sh \
329 "$cfg_basedir"/bin/create-* "$cfg_basedir"/bin/update-* \
330 "$cfg_basedir"/bin/*.cgi "$cfg_basedir"/screen/*
331 perl -i -p \
332 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
333 -e 'close ARGV if eof;' \
334 "$cfg_basedir"/jobd/jobd.pl "$cfg_basedir"/taskd/taskd.pl \
335 "$cfg_basedir"/bin/sendmail.pl "$cfg_basedir"/bin/CACreateCert
336 perl -i -p \
337 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
338 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
339 -e 'close ARGV if eof;' \
340 "$cfg_basedir"/bin/format-readme "$cfg_basedir/cgi"/*.cgi
341 unset PERLBIN
342 unset SHBIN
344 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
345 get_girocco_config_var_list > "$cfg_basedir"/shlib_vars.sh
347 if [ -n "$cfg_mirror" ]; then
348 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
350 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.sh, or add this"
351 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
352 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.sh -q --all-once"
355 echo "*** Setting up repository root..."
356 mkdir -p "$cfg_reporoot" "$cfg_reporoot/_recyclebin"
357 if [ "$cfg_owning_group" ]; then
358 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
359 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
361 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
362 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
365 if [ -n "$cfg_chrooted" ]; then
366 echo "*** Setting up chroot jail for pushing..."
367 if [ "$(id -u)" -eq 0 ]; then
368 ./jailsetup.sh
369 else
370 echo "WARNING: Skipping jail setup, not root"
375 echo "*** Setting up jail configuration (project database)..."
376 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
377 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
378 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
379 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
380 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
381 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
382 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
383 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
384 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
385 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
387 echo "*** Setting up gitweb from git.git..."
388 if [ ! -f git.git/Makefile ]; then
389 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
390 exit 1
392 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
393 (cd git.git && "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
394 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH="$shbin" gitweb && \
395 chown_make gitweb && \
396 PERLBIN="$perlbin" && export PERLBIN && \
397 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
398 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb/gitweb.cgi > "$cfg_cgiroot"/gitweb.cgi.$$ && \
399 chmod a+x "$cfg_cgiroot"/gitweb.cgi.$$ && \
400 chown_make "$cfg_cgiroot"/gitweb.cgi.$$ && \
401 mv -f "$cfg_cgiroot"/gitweb.cgi.$$ "$cfg_cgiroot"/gitweb.cgi && \
402 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$cfg_webroot")
403 test $? -eq 0
406 echo "*** Setting up git-browser from git-browser.git..."
407 if [ ! -f git-browser.git/git-browser.cgi ]; then
408 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
409 exit 1
411 mkdir -p "$cfg_webroot"/git-browser "$cfg_cgiroot"
412 (cd git-browser.git && \
413 CFG="$cfg_basedir/gitweb/git-browser.conf" && export CFG && \
414 PERLBIN="$perlbin" && export PERLBIN && perl -p \
415 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
416 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi > "$cfg_cgiroot"/git-browser.cgi.$$ && \
417 chmod a+x "$cfg_cgiroot"/git-browser.cgi.$$ && \
418 chown_make "$cfg_cgiroot"/git-browser.cgi.$$ && \
419 mv -f "$cfg_cgiroot"/git-browser.cgi.$$ "$cfg_cgiroot"/git-browser.cgi && \
420 cp -r *.html *.js *.css js.lib "$cfg_webroot"/git-browser && \
421 cp -r JSON "$cfg_cgiroot")
422 test $? -eq 0
423 rm -f "$cfg_webroot"/git-browser/index.html
424 cat >"$cfg_basedir/gitweb"/git-browser.conf.$$ <<EOT
425 gitbin: $cfg_git_bin
426 warehouse: $cfg_reporoot
427 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
429 chown_make "$cfg_basedir/gitweb"/git-browser.conf.$$
430 mv -f "$cfg_basedir/gitweb"/git-browser.conf.$$ "$cfg_basedir/gitweb"/git-browser.conf
431 cat >"$cfg_webroot"/git-browser/GitConfig.js.$$ <<EOT
432 cfg_gitweb_url="$cfg_gitweburl/"
433 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
435 chown_make "$cfg_webroot"/git-browser/GitConfig.js.$$
436 mv -f "$cfg_webroot"/git-browser/GitConfig.js.$$ "$cfg_webroot"/git-browser/GitConfig.js
439 echo "*** Setting up darcs-fast-export from bzr-fastimport.git..."
440 if [ ! -d bzr-fastimport.git/exporters/darcs/ ]; then
441 echo "ERROR: bzr-fastimport.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
442 exit 1
444 mkdir -p "$cfg_basedir"/bin
445 cp bzr-fastimport.git/exporters/darcs/darcs-fast-export "$cfg_basedir"/bin
448 echo "*** Setting up hg-fast-export from fast-export.git..."
449 if [ ! -f fast-export.git/hg-fast-export.py -o ! -f fast-export.git/hg2git.py ]; then
450 echo "ERROR: fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
451 exit 1
453 mkdir -p "$cfg_basedir"/bin
454 cp fast-export.git/hg-fast-export.py fast-export.git/hg2git.py "$cfg_basedir"/bin
457 echo "*** Setting up markdown from markdown.git..."
458 if [ ! -f markdown.git/Markdown.pl ]; then
459 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
460 exit 1
462 mkdir -p "$cfg_basedir"/bin
463 (PERLBIN="$perlbin" && export PERLBIN && \
464 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
465 markdown.git/Markdown.pl > "$cfg_basedir"/bin/Markdown.pl.$$ && \
466 chmod a+x "$cfg_basedir"/bin/Markdown.pl.$$ && \
467 mv -f "$cfg_basedir"/bin/Markdown.pl.$$ "$cfg_basedir"/bin/Markdown.pl)
468 test $? -eq 0
471 echo "*** Setting up our part of the website..."
472 mkdir -p "$cfg_webroot" "$cfg_cgiroot"
473 cp "$cfg_basedir"/bin/snapshot.cgi "$cfg_basedir/cgi"
474 cp "$cfg_basedir"/bin/authrequired.cgi "$cfg_basedir/cgi"
475 [ -n "$cfg_httpspushurl" ] || rm -f "$cfg_basedir/cgi"/usercert.cgi "$cfg_cgiroot"/usercert.cgi
476 cp "$cfg_basedir/cgi"/*.cgi "$cfg_cgiroot"
477 ln -fs "$cfg_basedir"/Girocco "$cfg_cgiroot"
478 [ -z "$cfg_webreporoot" ] || { rm -f "$cfg_webreporoot" && ln -s "$cfg_reporoot" "$cfg_webreporoot"; }
479 if [ -z "$cfg_httpspushurl" ]; then
480 grep -v 'rootcert[.]html' gitweb/indextext.html > "$cfg_basedir/gitweb/indextext.html"
481 else
482 cp gitweb/indextext.html "$cfg_basedir/gitweb"
484 mv "$cfg_basedir"/html/*.css "$cfg_basedir"/html/*.js "$cfg_webroot"
485 cp mootools.js "$cfg_webroot"
486 cp htaccess "$cfg_webroot/.htaccess"
487 cp cgi/htaccess "$cfg_cgiroot/.htaccess"
488 cp git-favicon.ico "$cfg_webroot/favicon.ico"
489 cp robots.txt "$cfg_webroot"
490 cat gitweb/gitweb.css >>"$cfg_webroot"/gitweb.css
493 if [ -n "$cfg_httpspushurl" ]; then
494 echo "*** Setting up SSL certificates..."
495 bits=2048
496 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
497 bits="$cfg_rsakeylength"
499 mkdir -p "$cfg_certsdir"
500 [ -d "$cfg_certsdir" ]
501 wwwcertcn=
502 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
503 wwwcertcn="$( \
504 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | \
505 sed -e 's,[^/]*,,' \
508 wwwcertdns=
509 if [ -n "$cfg_wwwcertaltnames" ]; then
510 for dnsopt in $cfg_wwwcertaltnames; do
511 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
512 done
514 wwwcertdnsfile=
515 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
516 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
518 needroot=
519 [ -e "$cfg_certsdir/girocco_client_crt.pem" -a \
520 -e "$cfg_certsdir/girocco_client_key.pem" -a \
521 -e "$cfg_certsdir/girocco_www_key.pem" -a \
522 -e "$cfg_certsdir/girocco_www_crt.pem" -a "$wwwcertcn" = "/CN=$cfg_httpsdnsname" -a \
523 -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
524 if [ -n "$needroot" -a ! -e "$cfg_certsdir/girocco_root_key.pem" ]; then
525 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
526 umask 0077
527 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
528 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
529 rm -f "$cfg_certsdir/girocco_root_crt.pem"
530 umask 0022
531 echo "Created new root key"
533 if [ ! -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
534 "$cfg_basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
535 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
536 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
537 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
538 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
539 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
540 echo "Created new root certificate"
542 if [ ! -e "$cfg_certsdir/girocco_www_key.pem" ]; then
543 umask 0077
544 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
545 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
546 rm -f "$cfg_certsdir/girocco_www_crt.pem"
547 umask 0022
548 echo "Created new www key"
550 if [ ! -e "$cfg_certsdir/girocco_www_crt.pem" ] || \
551 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
552 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
553 "$cfg_basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
554 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
555 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
556 printf '%s\n' "$wwwcertdns" > "$cfg_certsdir/girocco_www_crt.dns"
557 echo "Created www certificate"
559 if [ ! -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
560 cat "$cfg_certsdir/girocco_root_crt.pem" > "$cfg_certsdir/girocco_www_chain.pem"
561 echo "Created www certificate chain file"
563 if [ ! -e "$cfg_certsdir/girocco_client_key.pem" ]; then
564 umask 0037
565 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
566 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
567 rm -f "$cfg_certsdir/girocco_client_crt.pem"
568 umask 0022
569 echo "Created new client key"
571 if [ ! -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
572 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
573 "$cfg_basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
574 --cert "$cfg_certsdir/girocco_root_crt.pem" \
575 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
576 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
577 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
578 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
579 echo "Created client certificate"
581 if [ ! -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
582 cat "$cfg_certsdir/girocco_client_crt.pem" > "$cfg_certsdir/girocco_client_suffix.pem"
583 echo "Created client certificate suffix file"
585 cat "$cfg_rootcert" > "$cfg_webroot/${cfg_nickname}_root_cert.pem"
586 if [ -n "$cfg_mob" ]; then
587 if [ ! -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
588 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
589 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
590 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
591 echo "Created new mob user key"
593 if [ ! -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
594 openssl rsa -in "$cfg_mobuserkey" -pubout |
595 "$cfg_basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
596 --cert "$cfg_clientcert" \
597 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
598 echo "Created mob user client certificate"
600 cat "$cfg_mobuserkey" > "$cfg_webroot/${cfg_nickname}_mob_key.pem"
601 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" > "$cfg_webroot/${cfg_nickname}_mob_user.pem"
602 else
603 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
605 else
606 rm -f "$cfg_webroot/${cfg_nickname}_root_cert.pem"
607 rm -f "$cfg_webroot/${cfg_nickname}_mob_key.pem" "$cfg_webroot/${cfg_nickname}_mob_user.pem"
611 echo "*** Finalizing permissions..."
612 chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_basedir" "$cfg_webroot" "$cfg_cgiroot"
613 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"