search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'master' into rorcz
[girocco.git] / install.sh
blob191af07a8228500cb8182e4db05a34a3cbc20c11
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if ! [ -f toolbox/check-perl-modules.pl ] || ! [ -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
22 echo "*** Initializing using $GIROCCO_CONF..."
23
24 # First run Girocco::Config consistency checks
25 perl -I"$PWD" -M$GIROCCO_CONF -e ''
26
27 . ./shlib.sh
28 umask 0022
29 "$var_perl_bin" toolbox/check-perl-modules.pl
30
31 # Config.pm already checked $cfg_reporoot to require an absolute path, but
32 # we also require it does not contain a : or ; that would cause problems when
33 # used in GIT_ALTERNATE_OBJECT_DIRECTORIES
34 probch=':;'
35 case "$cfg_reporoot" in *[$probch]*)
36 echo "fatal: \$Girocco::Config::reporoot may not contain ':' or ';' characters" >&2
37 exit 1
38 esac
39
40 warn() { printf >&2 '%s\n' "$*"; }
41 die() { warn "$@"; exit 1; }
42
43 # Either we must run as root (but preferably not if disable_jailsetup is true)
44 # or the mirror_user (preferred choice for disable_jailsetup).
45 if [ "$(id -u)" -eq 0 ]; then
46 if [ "${cfg_disable_jailsetup:-0}" != "0" ]; then
47 cat <<'EOT'
48
49 ***
50 *** WARNING: $Girocco::Config::disable_jailsetup has been enabled
51 *** WARNING: but installation is being performed as the superuser
52 ***
53
54 You appear to have disabled jailsetup which is perfectly fine for installations
55 that will not be using an ssh jail. However, in that case, running the install
56 process as the superuser is highly discouraged.
57
58 Instead, running it as the configured $Girocco::Config::mirror_user is much
59 preferred.
60
61 The install process will now pause for 10 seconds to give you a chance to abort
62 it before continuing to install a disable_jailsetup config as the superuser.
63
64 EOT
65 sleep 10 || die "install aborted"
66 fi
67 else
68 [ -n "$cfg_mirror_user" ] || die 'Girocco::Config.pm $mirror_user must be set'
69 curuname="$(id -un)"
70 [ -n "$curuname" ] || die "Cannot determine name of current user"
71 if [ "$cfg_mirror_user" != "$curuname" ]; then
72 warn "ERROR: install must run as superuser or Config.pm's \$mirror_user ($cfg_mirror_user)"
73 die "ERROR: install is currently running as $curuname"
74 fi
75 fi
76
77 # $1 must exist and be a dir
78 # $2 may exist but must be a dir
79 # $3 must not exist
80 # After call $2 will be renamed to $3 (if $2 existed)
81 # And $1 will be renamed to $2
82 quick_move() {
83 [ -n "$1" ] && [ -n "$2" ] && [ -n "$3" ] || { echo "fatal: quick_move: bad args: '$1' '$2' '$3'" >&2; exit 1; }
84 ! [ -e "$3" ] || { echo "fatal: quick_move: already exists: $3" >&2; exit 1; }
85 [ -d "$1" ] || { echo "fatal: quick_move: no such dir: $1" >&2; exit 1; }
86 ! [ -e "$2" ] || [ -d "$2" ] || { echo "fatal: quick_move: not a dir: $2" >&2; exit 1; }
87 perl -e 'rename($ARGV[1], $ARGV[2]) or die "rename failed: $!\n" if -d $ARGV[1];
88 rename($ARGV[0], $ARGV[1]) or die "rename failed: $!\n"; exit 0;' "$1" "$2" "$3" || {
89 echo "fatal: quick_move: rename failed" >&2
90 exit 1
91 }
92 ! [ -d "$1" ] && [ -d "$2" ] || {
93 echo "fatal: quick_move: rename failed" >&2
94 exit 1
95 }
96 }
97
98 check_sh_builtin() (
99 "unset" -f command
100 "command" "$var_sh_bin" -c '{ "unset" -f unalias command "$1" || :; "unalias" "$1" || :; } >/dev/null 2>&1; "command" -v "$1"' "$var_sh_bin" "$1"
101 ) 2>/dev/null
102
103 owngroup=
104 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
105 if [ -n "$cfg_httpspushurl" ] && [ -z "$cfg_certsdir" ]; then
106 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
107 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
108 exit 1
109 fi
110
111
112 # Check for extra required tools
113 if [ "${cfg_xmllint_readme:-0}" != "0" ] && ! command -v xmllint >/dev/null; then
114 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
115 exit 1
116 fi
117
118
119 echo "*** Checking for compiled utilities..."
120 if ! [ -f src/can_user_push ] || ! [ -x src/can_user_push ]; then
121 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
122 echo "ERROR: perhaps you forgot to run make?" >&2
123 exit 1
124 fi
125 if ! [ -f src/can_user_push_http ] || ! [ -x src/can_user_push_http ]; then
126 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
127 echo "ERROR: perhaps you forgot to run make?" >&2
128 exit 1
129 fi
130 if ! [ -f src/getent ] || ! [ -x src/getent ]; then
131 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
132 echo "ERROR: perhaps you forgot to run make?" >&2
133 exit 1
134 fi
135 if ! [ -f src/get_user_uuid ] || ! [ -x src/get_user_uuid ]; then
136 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
137 echo "ERROR: perhaps you forgot to run make?" >&2
138 exit 1
139 fi
140 if ! [ -f src/list_packs ] || ! [ -x src/list_packs ]; then
141 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
142 echo "ERROR: perhaps you forgot to run make?" >&2
143 exit 1
144 fi
145 if ! [ -f src/peek_packet ] || ! [ -x src/peek_packet ]; then
146 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
147 echo "ERROR: perhaps you forgot to run make?" >&2
148 exit 1
149 fi
150 if ! [ -f src/rangecgi ] || ! [ -x src/rangecgi ]; then
151 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
152 echo "ERROR: perhaps you forgot to run make?" >&2
153 exit 1
154 fi
155 if ! [ -f src/readlink ] || ! [ -x src/readlink ]; then
156 echo "ERROR: src/readlink is not built! Did you _REALLY_ read INSTALL?" >&2
157 echo "ERROR: perhaps you forgot to run make?" >&2
158 exit 1
159 fi
160 if ! [ -f src/strftime ] || ! [ -x src/strftime ]; then
161 echo "ERROR: src/strftime is not built! Did you _REALLY_ read INSTALL?" >&2
162 echo "ERROR: perhaps you forgot to run make?" >&2
163 exit 1
164 fi
165 if ! [ -f src/throttle ] || ! [ -x src/throttle ]; then
166 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
167 echo "ERROR: perhaps you forgot to run make?" >&2
168 exit 1
169 fi
170 if ! [ -f src/ulimit512 ] || ! [ -x src/ulimit512 ]; then
171 echo "ERROR: src/ulimit512 is not built! Did you _REALLY_ read INSTALL?" >&2
172 echo "ERROR: perhaps you forgot to run make?" >&2
173 exit 1
174 fi
175 if ! [ -f src/ltsha256 ] || ! [ -x src/ltsha256 ]; then
176 echo "ERROR: src/ltsha256 is not built! Did you _REALLY_ read INSTALL?" >&2
177 echo "ERROR: perhaps you forgot to run make?" >&2
178 exit 1
179 fi
180 sha256check="15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225"
181 sha256result="$(printf '%s' '123456789' | src/ltsha256)"
182 if [ "$sha256check" != "$sha256result" ]; then
183 echo "ERROR: src/ltsha256 is built, but broken!" >&2
184 echo "ERROR: verifying sha256 hash of '123456789' failed!" >&2
185 exit 1
186 fi
187
188
189 echo "*** Checking for ezcert..."
190 if ! [ -f ezcert.git/CACreateCert ] || ! [ -x ezcert.git/CACreateCert ]; then
191 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
192 exit 1
193 fi
194
195
196 echo "*** Checking for git..."
197 case "$cfg_git_bin" in /*) :;; *)
198 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
199 exit 1
200 esac
201 if ! [ -f "$cfg_git_bin" ] || ! [ -x "$cfg_git_bin" ]; then
202 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
203 exit 1
204 fi
205 if ! git_version="$("$cfg_git_bin" version)" || [ -z "$git_version" ]; then
206 echo "ERROR: $cfg_git_bin version failed" >&2
207 exit 1
208 fi
209 case "$git_version" in
210 [Gg]"it version "*) :;;
211 *)
212 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
213 exit 1
214 esac
215 echo "Found $cfg_git_bin $git_version"
216 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
217 echo "*** Checking Git $git_vernum for compatibility..."
218 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
219 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
220 exit 1
221 fi
222 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
223 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
224 fi
225 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
226 cat <<'EOT'
227
228 ***
229 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
230 ***
231
232 Some Girocco functionality will be gracefully disabled and other things will
233 just not work at all such as race condition protection against simultaneous
234 client pushes and server garbage collections.
235
236 EOT
237 fi
238 if [ -n "$cfg_mirror" ] && [ "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
239 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
240 fi
241 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
242 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
243 fi
244 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.12.0)" -lt 0 ]; then
245 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and < 2.12.0 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
246 echo 'WARNING: See https://lore.kernel.org/git/20141222041944.GA441@peff.net/ for details'
247 fi
248 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" ] && [ "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
249 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
250 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
251 fi
252 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
253 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
254 fi
255 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
256 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
257 fi
258 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
259 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
260 fi
261 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
262 cat <<'EOT'
263
264 ***
265 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
266 ***
267
268 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
269 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
270 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
271
272 In order to bypass this check you will have to modify install.sh in which case
273 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
274
275 EOT
276 exit 1
277 fi
278 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
279 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
280 fi
281 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
282 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
283 fi
284 if [ "$(vcmp "$git_vernum" 2.10.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.12.3)" -lt 0 ]; then
285 echo 'WARNING: $Girocco::Config::git_bin version >= 2.10.1 and < 2.12.3, --pickaxe-regex can segfault'
286 echo 'WARNING: If gitweb pickaxe regular expression searches are enabled, --pickaxe-regex will be used'
287 echo 'WARNING: See the fix at http://repo.or.cz/git.git/f53c5de29cec68e3 for details'
288 echo 'WARNING: The fix is trivial and easily cherry-picked into a custom 2.10.1 - 2.12.2 build'
289 echo 'WARNING: Leaving the gitweb/gitweb_config.perl "regexp" feature off as recommended avoids the issue'
290 fi
291 secmsg=
292 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
293 secmsg='prior to 2.4.11'
294 fi
295 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
296 secmsg='2.5.x prior to 2.5.5'
297 fi
298 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
299 secmsg='2.6.x prior to 2.6.6'
300 fi
301 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
302 secmsg='2.7.x prior to 2.7.4'
303 fi
304 if [ -n "$secmsg" ]; then
305 cat <<EOT
306
307 ***
308 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
309 ***
310
311 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
312 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
313
314 Besides the security fixes included in later versions, versions prior to
315 2.2.0 may accidentally prune unreachable loose objects earlier than
316 intended. Since Git version 2.4.11 is the minimum version to include all
317 security fixes to date, it should be considered the absolute minimum
318 version of Git to use when running Girocco.
319
320 This is not enforced, but Git is easy to build from the git.git submodule
321 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
322
323 We will now pause for a moment so you can reflect on this warning.
324
325 EOT
326 sleep 60
327 fi
328 if [ -n "$cfg_mirror" ] && [ "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
329 cat <<'EOT'
330
331 ***
332 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
333 ***
334
335 You appear to have enabled mirroring and the Git binary you have selected
336 appears to contain an experimental patch that cannot be disabled. This
337 patch can generate invalid network DNS traffic and/or cause long delays
338 when fetching using the "git:" protocol when no port number is specified.
339 It may also end up retrieving repsitory contents from a host other than
340 the one specified in the "git:" URL when the port is omitted.
341
342 You are advised to either build your own version of Git (the problem patch
343 is not part of the official Git repository) or disable mirroring (via the
344 $Girocco::Config:mirror setting) to avoid these potential problems.
345
346 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
347
348 EOT
349 sleep 5
350 fi
351
352 test_nc_U() {
353 [ -n "$1" ] || return 1
354 _cmdnc="$(command -v "$1" 2>/dev/null)" || :
355 [ -n "$_cmdnc" ] && [ -f "$_cmdnc" ] && [ -x "$_cmdnc" ] || return 1
356 _tmpdir="$(mktemp -d /tmp/nc-u-XXXXXX)"
357 [ -n "$_tmpdir" ] && [ -d "$_tmpdir" ] || return 1
358 >"$_tmpdir/output"
359 (sleep 3 | "$_cmdnc" -l -U "$_tmpdir/socket" 2>/dev/null >"$_tmpdir/output" || >"$_tmpdir/failed")&
360 _bgpid="$!"
361 sleep 1
362 echo "testing" | "$_cmdnc" -w 1 -U "$_tmpdir/socket" >/dev/null 2>&1 || >"$_tmpdir/failed"
363 sleep 1
364 kill "$_bgpid" >/dev/null 2>&1 || :
365 read -r _result <"$_tmpdir/output" || :
366 _bad=
367 ! [ -e "$_tmpdir/failed" ] || _bad=1
368 rm -rf "$_tmpdir"
369 [ -z "$_bad" ] && [ "$_result" = "testing" ]
370 } >/dev/null 2>&1
371
372 echo "*** Verifying \$Girocco::Config::nc_openbsd_bin supports -U option..."
373 test_nc_U "$var_nc_openbsd_bin" || {
374 echo "ERROR: invalid Girocco::Config::nc_openbsd_bin setting" >&2
375 echo "ERROR: \"$var_nc_openbsd_bin\" does not grok the -U option" >&2
376 uname_s="$(uname -s 2>/dev/null | tr A-Z a-z 2>/dev/null)" || :
377 case "$uname_s" in
378 *dragonfly*)
379 echo "ERROR: see the src/dragonfly/README file for a solution" >&2;;
380 *kfreebsd*|*linux*)
381 echo "ERROR: try installing the package named 'netcat-openbsd'" >&2;;
382 esac
383 exit 1
384 }
385
386 echo "*** Verifying selected POSIX sh is sane..."
387 shbin="$var_sh_bin"
388 [ -n "$shbin" ] && [ -f "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] || {
389 echo 'ERROR: invalid $Girocco::Config::posix_sh_bin setting' >&2
390 exit 1
391 }
392 [ "$(check_sh_builtin command)" = "command" ] || {
393 echo 'ERROR: invalid $Girocco::Config::posix_sh_bin setting (does not understand command -v)' >&2
394 exit 1
395 }
396 sh_not_builtin=
397 sh_extra_chroot_installs=
398 badsh=
399 for sbi in cd pwd read umask unset unalias; do
400 if [ "$(check_sh_builtin "$sbi")" != "$sbi" ]; then
401 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (missing built-in $sbi)" >&2
402 badsh=1
403 fi
404 done
405 [ -z "$badsh" ] || exit 1
406 for sbi in '[' echo printf test; do
407 if ! extra="$(check_sh_builtin "$sbi")"; then
408 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (missing command $sbi)" >&2
409 badsh=1
410 continue
411 fi
412 if [ "$extra" != "$sbi" ]; then
413 case "$extra" in /*) :;; *)
414 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (bad command -v $sbi result: $extra)" >&2
415 badsh=1
416 continue
417 esac
418 withspc=
419 case "$extra" in *" "*) withspc=1; esac
420 [ -z "$withspc" ] && [ -f "$extra" ] && [ -r "$extra" ] && [ -x "$extra" ] || {
421 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (unusable command -v $sbi result: $extra)" >&2
422 badsh=1
423 continue
424 }
425 echo "WARNING: slow \$Girocco::Config::posix_sh_bin setting (not built-in $sbi)" >&2
426 sh_not_builtin="$sh_not_builtin $sbi"
427 sh_extra_chroot_installs="$sh_extra_chroot_installs $extra"
428 fi
429 done
430 [ -z "$badsh" ] || exit 1
431 [ -z "$sh_extra_chroot_installs" ] || {
432 echo "WARNING: the selected POSIX sh implements these as non-built-in:$sh_not_builtin" >&2
433 echo "WARNING: as a result it will run slower than necessary" >&2
434 echo "WARNING: consider building and switching to dash which can be found at:" >&2
435 echo "WARNING: http://gondor.apana.org.au/~herbert/dash/" >&2
436 echo "WARNING: (download a tarball from the files section or clone the Git repository" >&2
437 echo "WARNING: and checkout the latest tag, run autogen.sh, configure and build)" >&2
438 echo "WARNING: dash is licensed under the 3-clause BSD license" >&2
439 }
440
441 echo "*** Verifying xargs is sane..."
442 _xargsr="$(</dev/null command xargs printf %s -r)" || :
443 xtest1="$(</dev/null command xargs $_xargsr printf 'test %s ' 2>/dev/null)" || :
444 xtest2="$(printf '%s\n' one two | command xargs $_xargsr printf 'test %s ' 2>/dev/null)" || :
445 [ -z "$xtest1" ] && [ "$xtest2" = "test one test two " ] || {
446 echo 'ERROR: xargs is unusable' >&2
447 echo 'ERROR: either `test -z "$(</dev/null xargs echo test 2>/dev/null)"`' >&2
448 echo 'ERROR: or `test -z "$(</dev/null xargs -r echo test 2>/dev/null)"`' >&2
449 echo 'ERROR: must be true, but neither is' >&2
450 exit 1
451 }
452
453 echo "*** Verifying selected perl is sane..."
454 perlbin="$var_perl_bin"
455 [ -n "$perlbin" ] && [ -f "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl ", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] || {
456 echo 'ERROR: invalid $Girocco::Config::perl_bin setting' >&2
457 exit 1
458 }
459
460 echo "*** Verifying selected gzip is sane..."
461 gzipbin="$var_gzip_bin"
462 [ -n "$gzipbin" ] && [ -f "$gzipbin" ] && [ -x "$gzipbin" ] && "$gzipbin" -V 2>&1 | grep -q gzip &&
463 [ "$(echo Girocco | "$gzipbin" -c -n -9 | "$gzipbin" -c -d)" = "Girocco" ] || {
464 echo 'ERROR: invalid $Girocco::Config::gzip_bin setting' >&2
465 exit 1
466 }
467
468 echo "*** Verifying basedir, webroot, webreporoot and cgiroot paths..."
469 # Make sure $cfg_basedir, $cfg_webroot and $cfg_cgiroot are absolute paths
470 case "$cfg_basedir" in /*) :;; *)
471 echo "ERROR: invalid Girocco::Config::basedir setting" >&2
472 echo "ERROR: \"$cfg_basedir\" must be an absolute path (start with '/')" >&2
473 exit 1
474 esac
475 case "$cfg_webroot" in /*) :;; *)
476 echo "ERROR: invalid Girocco::Config::webroot setting" >&2
477 echo "ERROR: \"$cfg_webroot\" must be an absolute path (start with '/')" >&2
478 exit 1
479 esac
480 if [ -n "$cfg_webreporoot" ]; then
481 case "$cfg_webreporoot" in /*) :;; *)
482 echo "ERROR: invalid Girocco::Config::webreporoot setting" >&2
483 echo "ERROR: \"$cfg_webreporoot\" must be an absolute path (start with '/') or undef" >&2
484 exit 1
485 esac
486 fi
487 case "$cfg_cgiroot" in /*) :;; *)
488 echo "ERROR: invalid Girocco::Config::cgiroot setting" >&2
489 echo "ERROR: \"$cfg_cgiroot\" must be an absolute path (start with '/')" >&2
490 exit 1
491 esac
492
493 # return the input with trailing slashes stripped but return "/" for all "/"s
494 striptrsl() {
495 [ -n "$1" ] || return 0
496 _s="${1##*[!/]}"
497 [ "$_s" != "$1" ] || _s="${_s#?}"
498 printf "%s\n" "${1%$_s}"
499 }
500
501 # a combination of realpath + dirname where the realpath of the deepest existing
502 # directory is returned with the rest of the non-existing components appended
503 # and trailing slashes and multiple slashes are removed
504 realdir() {
505 _d="$(striptrsl "$1")"
506 if [ "$_d" = "/" ] || [ -z "$_d" ]; then
507 echo "$_d"
508 return 0
509 fi
510 _c=""
511 while ! [ -d "$_d" ]; do
512 _c="/$(basename "$_d")$_c"
513 _d="$(dirname "$_d")"
514 [ "$_d" != "/" ] || _c="${_c#/}"
515 done
516 printf "%s%s\n" "$(cd "$_d" && pwd -P)" "$_c"
517 }
518
519 # Use basedir, webroot and cgiroot for easier control of filesystem locations
520 # Wherever we are writing/copying/installing files we use these, but where we
521 # are editing, adding config settings or printing advice we always stick to the
522 # cfg_xxx Config variable versions. These are like a set of DESTDIR variables.
523 # Only the file system directories that could be asynchronously accessed (by
524 # the web server, jobd.pl, taskd.pl or incoming pushes) get these special vars.
525 # The chroot is handled specially and does not need one of these.
526 # We must be careful to allow cgiroot and/or webroot to be under basedir in which
527 # case the prior contents of cgiroot and/or webroot are discarded.
528 rbasedir="$(realdir "$cfg_basedir")"
529 rwebroot="$(realdir "$cfg_webroot")"
530 rwebreporoot=
531 [ -z "$cfg_webreporoot" ] || {
532 # avoid resolving a pre-existing symlink from a previous install
533 rwebreporoot="$(realdir "${cfg_webreporoot%/}_NOSUCHDIR")"
534 rwebreporoot="${rwebreporoot%_NOSUCHDIR}"
535 }
536 rcgiroot="$(realdir "$cfg_cgiroot")"
537 case "$rbasedir" in "$rwebroot"/?*)
538 echo "ERROR: invalid Girocco::Config::basedir setting; must not be under webroot" >&2
539 exit 1
540 esac
541 case "$rbasedir" in "$rcgiroot"/?*)
542 echo "ERROR: invalid Girocco::Config::basedir setting; must not be under cgiroot" >&2
543 exit 1
544 esac
545 if [ "$rwebroot" = "$rcgiroot" ]; then
546 echo "ERROR: invalid Girocco::Config::webroot and Girocco::Config::cgiroot settings; must not be the same" >&2
547 exit 1
548 fi
549 case "$rcgiroot" in "$rwebroot"/?*)
550 echo "ERROR: invalid Girocco::Config::cgiroot setting; must not be under webroot" >&2
551 exit 1
552 esac
553 case "$rwebroot" in "$rcgiroot"/?*)
554 echo "ERROR: invalid Girocco::Config::webroot setting; must not be under cgiroot" >&2
555 exit 1
556 esac
557 if [ -n "$rwebreporoot" ]; then
558 if [ "$rwebreporoot" = "$rwebroot" ]; then
559 echo "ERROR: invalid Girocco::Config::webroot and Girocco::Config::webreporoot settings; must not be the same" >&2
560 exit 1
561 fi
562 case "$rwebreporoot" in "$rwebroot"/?*);;*)
563 echo "ERROR: invalid Girocco::Config::webreporoot setting; must be under webroot or undef" >&2
564 exit 1
565 esac
566 fi
567 basedir="$rbasedir-new"
568 case "$rwebroot" in
569 "$rbasedir"/?*)
570 webroot="$basedir${rwebroot#$rbasedir}"
571 webrootsub=1
572 ;;
573 *)
574 webroot="$rwebroot-new"
575 webrootsub=
576 ;;
577 esac
578 webreporoot=
579 [ -z "$rwebreporoot" ] || webreporoot="$webroot${rwebreporoot#$rwebroot}"
580 case "$rcgiroot" in
581 "$rbasedir"/?*)
582 cgiroot="$basedir${rcgiroot#$rbasedir}"
583 cgirootsub=1
584 ;;
585 *)
586 cgiroot="$rcgiroot-new"
587 cgirootsub=
588 ;;
589 esac
590
591 echo "*** Setting up basedir..."
592
593 chown_make() {
594 if [ "$LOGNAME" = root ] && [ -n "$SUDO_USER" ] && [ "$SUDO_USER" != root ]; then
595 find -H "$@" -user root -exec chown "$SUDO_USER:$(id -gn "$SUDO_USER")" '{}' + 2>/dev/null || :
596 elif [ "$LOGNAME" = root ] && { [ -z "$SUDO_USER" ] || [ "$SUDO_USER" = root ]; }; then
597 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
598 fi
599 }
600
601 "$MAKE" --no-print-directory --silent apache.conf
602 chown_make apache.conf
603 "$MAKE" --no-print-directory --silent -C src
604 chown_make src
605 rm -fr "$basedir"
606 mkdir -p "$basedir" "$basedir/gitweb" "$basedir/cgi"
607 # make the mtlinesfile with 1000 empty lines
608 yes '' | dd bs=1000 count=1 2>/dev/null >"$basedir/mtlinesfile"
609 chmod a+r "$basedir/mtlinesfile"
610 cp cgi/*.cgi "$basedir/cgi"
611 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$basedir"
612 find -H "$basedir" -type l -exec rm -f '{}' +
613 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/list_packs src/peek_packet \
614 src/rangecgi src/readlink src/strftime src/throttle src/ulimit512 src/ltsha256 \
615 ezcert.git/CACreateCert cgi/authrequired.cgi cgi/snapshot.cgi \
616 "$basedir/bin"
617 cp -p gitweb/*.sh gitweb/*.perl "$basedir/gitweb"
618 if [ -n "$cfg_httpspushurl" ]; then
619 [ -z "$cfg_pretrustedroot" ] || rm -f "$basedir"/html/rootcert.html
620 else
621 rm -f "$basedir"/html/rootcert.html "$basedir"/html/httpspush.html
622 fi
623 [ -n "$cfg_mob" ] || rm -f "$basedir"/html/mob.html
624
625 # Put the correct Config in place
626 [ "$GIROCCO_CONF" = "Girocco::Config" ] || cp "$(echo "$GIROCCO_CONF" | sed 's#::#/#g; s/$/.pm/')" "$basedir/Girocco/Config.pm"
627
628 # Create symbolic links to selected binaries
629 ln -s "$cfg_git_bin" "$basedir/bin/git"
630 ln -s "$shbin" "$basedir/bin/sh"
631 ln -s "$perlbin" "$basedir/bin/perl"
632 ln -s "$gzipbin" "$basedir/bin/gzip"
633
634 echo "*** Preprocessing scripts..."
635 SHBIN="$shbin" && export SHBIN
636 PERLBIN="$perlbin" && export PERLBIN
637 perl -I"$PWD" -M$GIROCCO_CONF -i -p \
638 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
639 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
640 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
641 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
642 -e 's/__BASE''DIR__/$Girocco::Config::basedir/g;' \
643 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
644 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
645 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
646 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
647 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
648 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
649 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
650 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
651 -e 's/\@autogchack\@/"$Girocco::Config::autogchack"/g;' \
652 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
653 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
654 -e 's/\@git_no_mmap\@/"$Girocco::Config::git_no_mmap"/g;' \
655 -e 's/\@big_file_threshold\@/"'"$var_big_file_threshold"'"/g;' \
656 -e 's/\@upload_pack_window\@/"'"$var_upload_window"'"/g;' \
657 -e 's/\@fetch_stash_refs\@/"$Girocco::Config::fetch_stash_refs"/g;' \
658 -e 's/\@suppress_git_ssh_logging\@/"$Girocco::Config::suppress_git_ssh_logging"/g;' \
659 -e 'close ARGV if eof;' \
660 "$basedir"/jobs/*.sh "$basedir"/jobd/*.sh \
661 "$basedir"/taskd/*.sh "$basedir"/gitweb/*.sh \
662 "$basedir"/shlib.sh "$basedir"/hooks/* \
663 "$basedir"/toolbox/*.sh "$basedir"/toolbox/*.pl \
664 "$basedir"/toolbox/reports/*.sh \
665 "$basedir"/bin/git-* "$basedir"/bin/*.sh \
666 "$basedir"/bin/create-* "$basedir"/bin/update-* \
667 "$basedir"/bin/*.cgi "$basedir"/screen/*
668 perl -I"$PWD" -M$GIROCCO_CONF -i -p \
669 -e 's/__BASE''DIR__/$Girocco::Config::basedir/g;' \
670 "$basedir"/cgi/*.cgi "$basedir"/gitweb/*.perl \
671 "$basedir"/jobd/*.pl "$basedir"/taskd/*.pl
672 perl -i -p \
673 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
674 -e 'close ARGV if eof;' \
675 "$basedir"/jobd/jobd.pl "$basedir"/taskd/taskd.pl \
676 "$basedir"/bin/sendmail.pl "$basedir"/bin/CACreateCert
677 perl -i -p \
678 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
679 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
680 -e 'close ARGV if eof;' \
681 "$basedir"/bin/format-readme "$basedir/cgi"/*.cgi
682 unset PERLBIN
683 unset SHBIN
684
685 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
686 get_girocco_config_var_list >"$basedir"/shlib_vars.sh
687
688 if [ "${cfg_mirror_darcs:-0}" != "0" ]; then
689 echo "*** Setting up darcs-fast-export from girocco-darcs-fast-export.git..."
690 if ! [ -f girocco-darcs-fast-export.git/darcs-fast-export ] ||
691 ! [ -x girocco-darcs-fast-export.git/darcs-fast-export ]; then
692 echo "ERROR: girocco-darcs-fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
693 exit 1
694 fi
695 mkdir -p "$basedir"/bin
696 cp girocco-darcs-fast-export.git/darcs-fast-export "$basedir"/bin
697 fi
698
699 if [ "${cfg_mirror_hg:-0}" != "0" ]; then
700 echo "*** Setting up hg-fast-export from girocco-hg-fast-export.git..."
701 if ! [ -f girocco-hg-fast-export.git/hg-fast-export.py ] || ! [ -f girocco-hg-fast-export.git/hg2git.py ]; then
702 echo "ERROR: girocco-hg-fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
703 exit 1
704 fi
705 mkdir -p "$basedir"/bin
706 cp girocco-hg-fast-export.git/hg-fast-export.py girocco-hg-fast-export.git/hg2git.py "$basedir"/bin
707 fi
708
709 echo "*** Setting up markdown from markdown.git..."
710 if ! [ -f markdown.git/Markdown.pl ]; then
711 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
712 exit 1
713 fi
714 mkdir -p "$basedir"/bin
715 (PERLBIN="$perlbin" && export PERLBIN &&
716 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
717 markdown.git/Markdown.pl >"$basedir"/bin/Markdown.pl.$$ &&
718 chmod a+x "$basedir"/bin/Markdown.pl.$$ &&
719 mv -f "$basedir"/bin/Markdown.pl.$$ "$basedir"/bin/Markdown.pl)
720 test $? -eq 0
721
722 # Some permission sanity on basedir/bin just in case
723 find -H "$basedir"/bin -type f -exec chmod go-w '{}' +
724 chown -R -h "$cfg_mirror_user""$owngroup" "$basedir"/bin
725
726 if [ -n "$cfg_mirror" ]; then
727 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
728 fi
729 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.pl, or add this"
730 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
731 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.pl -q --all-once"
732
733
734 echo "*** Setting up repository root..."
735 [ -d "$cfg_reporoot" ] || {
736 mkdir -p "$cfg_reporoot"
737 chown "$cfg_mirror_user""$owngroup" "$cfg_reporoot" ||
738 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_reporoot"
739 }
740 [ -z "$cfg_owning_group" ] ||
741 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
742 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
743 mkdir -p "$cfg_reporoot/_recyclebin" "$cfg_reporoot/_global/hooks" "$cfg_reporoot/_global/empty"
744 chown "$cfg_mirror_user""$owngroup" "$cfg_reporoot/_recyclebin" "$cfg_reporoot/_global" "$cfg_reporoot/_global/hooks" "$cfg_reporoot/_global/empty" ||
745 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_reporoot/{_recyclebin,_global} properly"
746 if [ "$cfg_owning_group" ]; then
747 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
748 chgrp -R "$cfg_owning_group" "$cfg_reporoot/_global" || echo "WARNING: Cannot chgrp -R $cfg_owning_group $cfg_reporoot/_global"
749 fi
750 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
751 chmod 00755 "$cfg_reporoot/_global" "$cfg_reporoot/_global/hooks" "$cfg_reporoot/_global/empty" || echo "WARNING: Cannot chmod $cfg_reporoot/_global properly"
752
753
754 if [ "${cfg_disable_jailsetup:-0}" = "0" ] && [ -n "$cfg_chrooted" ]; then
755 echo "*** Setting up chroot jail for pushing..."
756 if [ "$(id -u)" -eq 0 ]; then
757 # jailsetup may install things from $cfg_basedir/bin into the
758 # chroot so we do a mini-update of just that portion now
759 mkdir -p "$cfg_basedir"
760 rm -rf "$cfg_basedir/bin-new"
761 cp -pR "$basedir/bin" "$cfg_basedir/bin-new" >/dev/null 2>&1
762 rm -rf "$cfg_basedir/bin-old"
763 quick_move "$cfg_basedir/bin-new" "$cfg_basedir/bin" "$cfg_basedir/bin-old"
764 rm -rf "$cfg_basedir/bin-old"
765 if [ -n "$sh_extra_chroot_installs" ]; then
766 GIROCCO_CHROOT_EXTRA_INSTALLS="$sh_extra_chroot_installs"
767 export GIROCCO_CHROOT_EXTRA_INSTALLS
768 fi
769 ./jailsetup.sh
770 unset GIROCCO_CHROOT_EXTRA_INSTALLS
771 else
772 echo "WARNING: Skipping jail setup, not root"
773 fi
774 fi
775
776
777 echo "*** Setting up jail configuration (project database)..."
778 [ "$(id -u)" -eq 0 ] || ./jailsetup.sh dbonly
779 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
780 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
781 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
782 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
783 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
784 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
785 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
786 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
787 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
788
789
790 echo "*** Setting up global hook scripts..."
791 # It is absolutely CRUCIAL that hook script replacements are done atomically!
792 # Otherwise an incoming push might slip in and fail to run the hook script!
793 # The underlying rename(2) function call provides this and mv will use it.
794 # First add hook scripts
795 hooks="pre-auto-gc pre-receive post-commit post-receive update"
796 for hook in $hooks; do
797 cat "$basedir/hooks/$hook" >"$cfg_reporoot/_global/hooks/$hook.$$"
798 chown "$cfg_mirror_user""$owngroup" "$cfg_reporoot/_global/hooks/$hook.$$" ||
799 echo "WARNING: Cannot chown $cfg_reporoot/_global/hooks/$hook"
800 chmod 0755 "$cfg_reporoot/_global/hooks/$hook.$$"
801 mv -f "$cfg_reporoot/_global/hooks/$hook.$$" "$cfg_reporoot/_global/hooks/$hook"
802 done
803 # Then remove any hook scripts that do not belong
804 for hook in "$cfg_reporoot/_global/hooks"/*; do
805 hook="${hook##*/}"
806 [ -f "$cfg_reporoot/_global/hooks/$hook" ] || continue
807 case " $hooks " in *" $hook "*);;*)
808 rm -f "$cfg_reporoot/_global/hooks/$hook" ||
809 echo "WARNING: Cannot remove extraneous $cfg_reporoot/_global/hooks/$hook"
810 esac
811 done
812
813
814 echo "*** Setting up gitweb from git.git..."
815 if ! [ -f git.git/Makefile ]; then
816 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
817 exit 1
818 fi
819
820 # We do not wholesale replace either webroot or cgiroot unless they are under
821 # basedir so if they exist and are not we make a copy to start working on them.
822 # We make a copy using -p which can result in some warnings so we suppress
823 # error output as it's of no consequence in this case.
824 rm -rf "$webroot" "$cgiroot"
825 [ -n "$webrootsub" ] || ! [ -d "$rwebroot" ] || cp -pR "$rwebroot" "$webroot" >/dev/null 2>&1 || :
826 [ -n "$cgirootsub" ] || ! [ -d "$rcgiroot" ] || cp -pR "$rcgiroot" "$cgiroot" >/dev/null 2>&1 || :
827 mkdir -p "$webroot" "$cgiroot"
828
829 (
830 cd git.git &&
831 "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
832 GITWEB_CONFIG_COMMON="" GITWEB_CONFIG_SYSTEM="" \
833 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH="$shbin" gitweb &&
834 chown_make gitweb &&
835 PERLBIN="$perlbin" && export PERLBIN &&
836 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
837 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb/gitweb.cgi >"$cgiroot"/gitweb.cgi.$$ &&
838 chmod a+x "$cgiroot"/gitweb.cgi.$$ &&
839 chown_make "$cgiroot"/gitweb.cgi.$$ &&
840 mv -f "$cgiroot"/gitweb.cgi.$$ "$cgiroot"/gitweb.cgi &&
841 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$webroot"
842 )
843 test $? -eq 0
844
845
846 echo "*** Setting up git-browser from git-browser.git..."
847 if ! [ -f git-browser.git/git-browser.cgi ]; then
848 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
849 exit 1
850 fi
851 mkdir -p "$webroot"/git-browser "$cgiroot"
852 (
853 cd git-browser.git &&
854 CFG="$cfg_basedir/gitweb/git-browser.conf" && export CFG &&
855 PERLBIN="$perlbin" && export PERLBIN && perl -p \
856 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
857 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi >"$cgiroot"/git-browser.cgi.$$ &&
858 chmod a+x "$cgiroot"/git-browser.cgi.$$ &&
859 chown_make "$cgiroot"/git-browser.cgi.$$ &&
860 perl -p \
861 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
862 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-diff.cgi >"$cgiroot"/git-diff.cgi.$$ &&
863 chmod a+x "$cgiroot"/git-diff.cgi.$$ &&
864 chown_make "$cgiroot"/git-diff.cgi.$$ &&
865 mv -f "$cgiroot"/git-browser.cgi.$$ "$cgiroot"/git-browser.cgi &&
866 mv -f "$cgiroot"/git-diff.cgi.$$ "$cgiroot"/git-diff.cgi &&
867 for h in *.html; do
868 [ "$h" != "index.html" ] || continue
869 if [ "$h" = "by-commit.html" ] || [ "$h" = "by-date.html" ]; then
870 FAVLINE='<link rel="shortcut icon" href="/git-favicon.png" type="image/png" />' &&
871 export FAVLINE && perl -p -e 'print "$ENV{FAVLINE}\n" if m{</head>};' "$h" \
872 >"$webroot/git-browser/$h.$$" &&
873 chmod a+r "$webroot/git-browser/$h.$$" &&
874 mv -f "$webroot/git-browser/$h.$$" "$webroot/git-browser/$h"
875 else
876 cp -p "$h" "$webroot/git-browser/"
877 fi
878 done
879 cp -pR *.js *.css js.lib "$webroot/git-browser/" &&
880 cp -pR JSON "$cgiroot/"
881 )
882 test $? -eq 0
883 gitwebabs="$cfg_gitweburl"
884 case "$gitwebabs" in "http://"[!/]*|"https://"[!/]*)
885 gitwebabs="${gitwebabs#*://}"
886 case "$gitwebabs" in
887 *"/"*) gitwebabs="/${gitwebabs#*/}";;
888 *) gitwebabs="";;
889 esac
890 esac
891 case "$gitwebabs" in */);;*) gitwebabs="$gitwebabs/"; esac
892 cat >"$basedir/gitweb"/git-browser.conf.$$ <<-EOT
893 gitbin: $cfg_git_bin
894 gitweb: $gitwebabs
895 warehouse: $cfg_reporoot
896 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
897 EOT
898 chown_make "$basedir/gitweb"/git-browser.conf.$$
899 mv -f "$basedir/gitweb"/git-browser.conf.$$ "$basedir/gitweb"/git-browser.conf
900 esctitle="$(printf '%s\n' "$cfg_title" | LC_ALL=C sed 's/\\/\\\\/g;s/"/\\"/g;')" || :
901 cat >"$webroot"/git-browser/GitConfig.js.$$ <<-EOT
902 cfg_gitweb_url="$cfg_gitweburl/"
903 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
904 cfg_home_url="$cfg_gitweburl/%n"
905 cfg_home_text="summary"
906 cfg_bycommit_title="$esctitle - %n/graphiclog1"
907 cfg_bydate_title="$esctitle - %n/graphiclog2"
908 EOT
909 chown_make "$webroot"/git-browser/GitConfig.js.$$
910 mv -f "$webroot"/git-browser/GitConfig.js.$$ "$webroot"/git-browser/GitConfig.js
911
912
913 echo "*** Setting up our part of the website..."
914 mkdir -p "$webroot" "$cgiroot"
915 cp "$basedir"/bin/snapshot.cgi "$basedir/cgi"
916 cp "$basedir"/bin/authrequired.cgi "$basedir/cgi"
917 [ -n "$cfg_httpspushurl" ] || rm -f "$basedir/cgi"/usercert.cgi "$cgiroot"/usercert.cgi
918 cp "$basedir/cgi"/*.cgi "$cgiroot"
919 rm -rf "$basedir/cgi"
920 [ -z "$webreporoot" ] || { rm -f "$webreporoot" && ln -s "$cfg_reporoot" "$webreporoot"; }
921 if [ -z "$cfg_httpspushurl" ] || [ -n "$cfg_pretrustedroot" ]; then
922 grep -v 'rootcert[.]html' gitweb/indextext.html >"$basedir/gitweb/indextext.html"
923 else
924 cp gitweb/indextext.html "$basedir/gitweb"
925 fi
926 mv "$basedir"/html/*.css "$basedir"/html/*.js "$webroot"
927 cp mootools.js "$webroot"
928 cp htaccess "$webroot/.htaccess"
929 cp cgi/htaccess "$cgiroot/.htaccess"
930 cp git-favicon.ico "$webroot/favicon.ico"
931 cp robots.txt "$webroot"
932 cat gitweb/gitweb.css >>"$webroot"/gitweb.css
933
934
935 if [ -n "$cfg_httpspushurl" ]; then
936 echo "*** Setting up SSL certificates..."
937 bits=2048
938 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
939 bits="$cfg_rsakeylength"
940 fi
941 mkdir -p "$cfg_certsdir"
942 [ -d "$cfg_certsdir" ]
943 wwwcertcn=
944 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
945 wwwcertcn="$(
946 openssl x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject |
947 sed -e 's,[^/]*,,'
948 )"
949 fi
950 wwwcertdns=
951 if [ -n "$cfg_wwwcertaltnames" ]; then
952 for dnsopt in $cfg_wwwcertaltnames; do
953 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
954 done
955 fi
956 wwwcertdnsfile=
957 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
958 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
959 fi
960 needroot=
961 [ -e "$cfg_certsdir/girocco_client_crt.pem" ] &&
962 [ -e "$cfg_certsdir/girocco_client_key.pem" ] &&
963 [ -e "$cfg_certsdir/girocco_www_key.pem" ] &&
964 [ -e "$cfg_certsdir/girocco_www_crt.pem" ] && [ "$wwwcertcn" = "/CN=$cfg_httpsdnsname" ] &&
965 [ -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
966 if [ -n "$needroot" ] && ! [ -e "$cfg_certsdir/girocco_root_key.pem" ]; then
967 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
968 umask 0077
969 openssl genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
970 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
971 rm -f "$cfg_certsdir/girocco_root_crt.pem"
972 umask 0022
973 echo "Created new root key"
974 fi
975 if ! [ -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
976 "$basedir/bin/CACreateCert" --root --key "$cfg_certsdir/girocco_root_key.pem" \
977 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
978 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
979 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
980 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
981 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
982 echo "Created new root certificate"
983 fi
984 if ! [ -e "$cfg_certsdir/girocco_www_key.pem" ]; then
985 umask 0077
986 openssl genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
987 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
988 rm -f "$cfg_certsdir/girocco_www_crt.pem"
989 umask 0022
990 echo "Created new www key"
991 fi
992 if ! [ -e "$cfg_certsdir/girocco_www_crt.pem" ] ||
993 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
994 openssl rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
995 "$basedir/bin/CACreateCert" --server --key "$cfg_certsdir/girocco_root_key.pem" \
996 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
997 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
998 printf '%s\n' "$wwwcertdns" >"$cfg_certsdir/girocco_www_crt.dns"
999 echo "Created www certificate"
1000 fi
1001 if ! [ -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
1002 cat "$cfg_certsdir/girocco_root_crt.pem" >"$cfg_certsdir/girocco_www_chain.pem"
1003 echo "Created www certificate chain file"
1004 fi
1005 if ! [ -e "$cfg_certsdir/girocco_client_key.pem" ]; then
1006 umask 0037
1007 openssl genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
1008 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
1009 rm -f "$cfg_certsdir/girocco_client_crt.pem"
1010 umask 0022
1011 echo "Created new client key"
1012 fi
1013 if ! [ -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
1014 openssl rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
1015 "$basedir/bin/CACreateCert" --subca --key "$cfg_certsdir/girocco_root_key.pem" \
1016 --cert "$cfg_certsdir/girocco_root_crt.pem" \
1017 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
1018 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
1019 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
1020 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
1021 echo "Created client certificate"
1022 fi
1023 if ! [ -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
1024 cat "$cfg_certsdir/girocco_client_crt.pem" >"$cfg_certsdir/girocco_client_suffix.pem"
1025 echo "Created client certificate suffix file"
1026 fi
1027 if [ -z "$cfg_pretrustedroot" ]; then
1028 cat "$cfg_rootcert" >"$webroot/${cfg_nickname}_root_cert.pem"
1029 else
1030 rm -f "$webroot/${cfg_nickname}_root_cert.pem"
1031 fi
1032 if [ -n "$cfg_mob" ]; then
1033 if ! [ -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
1034 openssl genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
1035 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
1036 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
1037 echo "Created new mob user key"
1038 fi
1039 if ! [ -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
1040 openssl rsa -in "$cfg_mobuserkey" -pubout |
1041 "$basedir/bin/CACreateCert" --client --key "$cfg_clientkey" \
1042 --cert "$cfg_clientcert" \
1043 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
1044 echo "Created mob user client certificate"
1045 fi
1046 cat "$cfg_mobuserkey" >"$webroot/${cfg_nickname}_mob_key.pem"
1047 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" >"$webroot/${cfg_nickname}_mob_user.pem"
1048 else
1049 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
1050 fi
1051 else
1052 rm -f "$webroot/${cfg_nickname}_root_cert.pem"
1053 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
1054 fi
1055
1056
1057 echo "*** Finalizing permissions and moving into place..."
1058 chown -R -h "$cfg_mirror_user""$owngroup" "$basedir" "$webroot" "$cgiroot"
1059 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
1060
1061 # This should always be the very last thing install.sh does
1062 rm -rf "$rbasedir-old" "$rwebroot-old" "$rcgiroot-old"
1063 quick_move "$basedir" "$rbasedir" "$rbasedir-old"
1064 [ -n "$webrootsub" ] || quick_move "$webroot" "$rwebroot" "$rwebroot-old"
1065 [ -n "$cgirootsub" ] || quick_move "$cgiroot" "$rcgiroot" "$rcgiroot-old"
1066 rm -rf "$rbasedir-old" "$rwebroot-old" "$rcgiroot-old"
1067 echo "--- Update hooks and config with $cfg_basedir/toolbox/update-all-projects.sh"
1068 ! [ -S "$cfg_chroot/etc/taskd.socket" ] || {
1069 echo "*** Requesting graceful restart of running taskd (and, if running, jobd)..."
1070 touch "$cfg_chroot/etc/taskd.restart"
1071 chown_make "$cfg_chroot/etc/taskd.restart"
1072 trap ':' PIPE
1073 echo "nop" | nc_openbsd -w 5 -U "$cfg_chroot/etc/taskd.socket" || :
1074 trap - PIPE
1075 }
The repo.or.cz duct tape "Girocco"