search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
install.sh: make sure GIROCCO_CONF is exported
[girocco.git] / install.sh
blobf5c1788321559148b102a37a4bd032fdc6812d0d
1 #!/bin/sh
2 # The Girocco installation script
3 # We will OVERWRITE basedir!
4
5 set -e
6
7 [ -n "$MAKE" ] || MAKE="$(MAKEFLAGS= make -s gnu_make_command_name | grep '^gnu_make_command_name=' | sed 's/^[^=]*=//')"
8 if [ -z "$MAKE" ]; then
9 echo "ERROR: cannot determine name of the GNU make command" >&2
10 echo "Please set MAKE to the name of the GNU make executable" >&2
11 exit 1
12 fi
13
14 # Run perl module checker
15 if ! [ -f toolbox/check-perl-modules.pl ] || ! [ -x toolbox/check-perl-modules.pl ]; then
16 echo "ERROR: missing toolbox/check-perl-modules.pl!" >&2
17 exit 1
18 fi
19
20 # What Config should we use?
21 [ -n "$GIROCCO_CONF" ] || GIROCCO_CONF=Girocco::Config
22 export GIROCCO_CONF
23 echo "*** Initializing using $GIROCCO_CONF..."
24
25 # First run Girocco::Config consistency checks
26 perl -I"$PWD" -M$GIROCCO_CONF -e ''
27
28 . ./shlib.sh
29 umask 0022
30 "$var_perl_bin" toolbox/check-perl-modules.pl
31
32 # Config.pm already checked $cfg_reporoot to require an absolute path, but
33 # we also require it does not contain a : or ; that would cause problems when
34 # used in GIT_ALTERNATE_OBJECT_DIRECTORIES
35 probch=':;'
36 case "$cfg_reporoot" in *[$probch]*)
37 echo "fatal: \$Girocco::Config::reporoot may not contain ':' or ';' characters" >&2
38 exit 1
39 esac
40
41 warn() { printf >&2 '%s\n' "$*"; }
42 die() { warn "$@"; exit 1; }
43
44 # Either we must run as root (but preferably not if disable_jailsetup is true)
45 # or the mirror_user (preferred choice for disable_jailsetup).
46 isroot=
47 [ "$(id -u)" -ne 0 ] || isroot=1
48 if [ -n "$isroot" ]; then
49 if [ "${cfg_disable_jailsetup:-0}" != "0" ]; then
50 cat <<'EOT'
51
52 ***
53 *** WARNING: $Girocco::Config::disable_jailsetup has been enabled
54 *** WARNING: but installation is being performed as the superuser
55 ***
56
57 You appear to have disabled jailsetup which is perfectly fine for installations
58 that will not be using an ssh jail. However, in that case, running the install
59 process as the superuser is highly discouraged.
60
61 Instead, running it as the configured $Girocco::Config::mirror_user is much
62 preferred.
63
64 The install process will now pause for 10 seconds to give you a chance to abort
65 it before continuing to install a disable_jailsetup config as the superuser.
66
67 EOT
68 sleep 10 || die "install aborted"
69 fi
70 else
71 [ -n "$cfg_mirror_user" ] || die 'Girocco::Config.pm $mirror_user must be set'
72 curuname="$(id -un)"
73 [ -n "$curuname" ] || die "Cannot determine name of current user"
74 if [ "$cfg_mirror_user" != "$curuname" ]; then
75 warn "ERROR: install must run as superuser or Config.pm's \$mirror_user ($cfg_mirror_user)"
76 die "ERROR: install is currently running as $curuname"
77 fi
78 fi
79
80 # $1 must exist and be a dir
81 # $2 may exist but must be a dir
82 # $3 must not exist
83 # After call $2 will be renamed to $3 (if $2 existed)
84 # And $1 will be renamed to $2
85 quick_move() {
86 [ -n "$1" ] && [ -n "$2" ] && [ -n "$3" ] || { echo "fatal: quick_move: bad args: '$1' '$2' '$3'" >&2; exit 1; }
87 ! [ -e "$3" ] || { echo "fatal: quick_move: already exists: $3" >&2; exit 1; }
88 [ -d "$1" ] || { echo "fatal: quick_move: no such dir: $1" >&2; exit 1; }
89 ! [ -e "$2" ] || [ -d "$2" ] || { echo "fatal: quick_move: not a dir: $2" >&2; exit 1; }
90 perl -e 'rename($ARGV[1], $ARGV[2]) or die "rename failed: $!\n" if -d $ARGV[1];
91 rename($ARGV[0], $ARGV[1]) or die "rename failed: $!\n"; exit 0;' "$1" "$2" "$3" || {
92 echo "fatal: quick_move: rename failed" >&2
93 exit 1
94 }
95 ! [ -d "$1" ] && [ -d "$2" ] || {
96 echo "fatal: quick_move: rename failed" >&2
97 exit 1
98 }
99 }
100
101 check_sh_builtin() (
102 "unset" -f command
103 "command" "$var_sh_bin" -c '{ "unset" -f unalias command "$1" || :; "unalias" "$1" || :; } >/dev/null 2>&1; "command" -v "$1"' "$var_sh_bin" "$1"
104 ) 2>/dev/null
105
106 owngroup=
107 [ -z "$cfg_owning_group" ] || owngroup=":$cfg_owning_group"
108 if [ -n "$cfg_httpspushurl" ] && [ -z "$cfg_certsdir" ]; then
109 echo "ERROR: \$httpspushurl is set but \$certsdir is not!" >&2
110 echo "ERROR: perhaps you have an incorrect Config.pm?" >&2
111 exit 1
112 fi
113
114
115 # Check for extra required tools
116 if [ "${cfg_xmllint_readme:-0}" != "0" ] && ! command -v xmllint >/dev/null; then
117 echo "ERROR: \$xmllint_readme set but xmllint not in \$PATH!" >&2
118 exit 1
119 fi
120
121
122 echo "*** Checking for compiled utilities..."
123 if ! [ -f src/can_user_push ] || ! [ -x src/can_user_push ]; then
124 echo "ERROR: src/can_user_push is not built! Did you _REALLY_ read INSTALL?" >&2
125 echo "ERROR: perhaps you forgot to run make?" >&2
126 exit 1
127 fi
128 if ! [ -f src/can_user_push_http ] || ! [ -x src/can_user_push_http ]; then
129 echo "ERROR: src/can_user_push_http is not built! Did you _REALLY_ read INSTALL?" >&2
130 echo "ERROR: perhaps you forgot to run make?" >&2
131 exit 1
132 fi
133 if ! [ -f src/getent ] || ! [ -x src/getent ]; then
134 echo "ERROR: src/getent is not built! Did you _REALLY_ read INSTALL?" >&2
135 echo "ERROR: perhaps you forgot to run make?" >&2
136 exit 1
137 fi
138 if ! [ -f src/get_user_uuid ] || ! [ -x src/get_user_uuid ]; then
139 echo "ERROR: src/get_user_uuid is not built! Did you _REALLY_ read INSTALL?" >&2
140 echo "ERROR: perhaps you forgot to run make?" >&2
141 exit 1
142 fi
143 if ! [ -f src/list_packs ] || ! [ -x src/list_packs ]; then
144 echo "ERROR: src/list_packs is not built! Did you _REALLY_ read INSTALL?" >&2
145 echo "ERROR: perhaps you forgot to run make?" >&2
146 exit 1
147 fi
148 if ! [ -f src/peek_packet ] || ! [ -x src/peek_packet ]; then
149 echo "ERROR: src/peek_packet is not built! Did you _REALLY_ read INSTALL?" >&2
150 echo "ERROR: perhaps you forgot to run make?" >&2
151 exit 1
152 fi
153 if ! [ -f src/rangecgi ] || ! [ -x src/rangecgi ]; then
154 echo "ERROR: src/rangecgi is not built! Did you _REALLY_ read INSTALL?" >&2
155 echo "ERROR: perhaps you forgot to run make?" >&2
156 exit 1
157 fi
158 if ! [ -f src/readlink ] || ! [ -x src/readlink ]; then
159 echo "ERROR: src/readlink is not built! Did you _REALLY_ read INSTALL?" >&2
160 echo "ERROR: perhaps you forgot to run make?" >&2
161 exit 1
162 fi
163 if ! [ -f src/strftime ] || ! [ -x src/strftime ]; then
164 echo "ERROR: src/strftime is not built! Did you _REALLY_ read INSTALL?" >&2
165 echo "ERROR: perhaps you forgot to run make?" >&2
166 exit 1
167 fi
168 if ! [ -f src/throttle ] || ! [ -x src/throttle ]; then
169 echo "ERROR: src/throttle is not built! Did you _REALLY_ read INSTALL?" >&2
170 echo "ERROR: perhaps you forgot to run make?" >&2
171 exit 1
172 fi
173 if ! [ -f src/ulimit512 ] || ! [ -x src/ulimit512 ]; then
174 echo "ERROR: src/ulimit512 is not built! Did you _REALLY_ read INSTALL?" >&2
175 echo "ERROR: perhaps you forgot to run make?" >&2
176 exit 1
177 fi
178 ebin="/bin/echo"
179 if [ ! -x "$ebin" ] && [ -x "/usr/bin/echo" ]; then
180 ebin="/usr/bin/echo"
181 fi
182 if [ ! -x "$ebin" ]; then
183 echo "ERROR: neither /bin/echo nor /usr/bin/echo found" >&2
184 echo "ERROR: at least one must be present for testing during install" >&2
185 exit 1
186 fi
187 ec=999
188 tmpfile="$(mktemp "/tmp/ul512-$$-XXXXXX")"
189 { src/ulimit512 -f 0 "$ebin" test >"$tmpfile" || ec=$?; } >/dev/null 2>&1
190 rm -f "$tmpfile"
191 if [ "$ec" = "999" ] || [ "$ec" = "0" ]; then
192 echo "ERROR: src/ulimit512 is built, but broken!" >&2
193 echo "ERROR: exceeding file size limit did not fail!" >&2
194 exit 1
195 fi
196 if ! [ -f src/ltsha256 ] || ! [ -x src/ltsha256 ]; then
197 echo "ERROR: src/ltsha256 is not built! Did you _REALLY_ read INSTALL?" >&2
198 echo "ERROR: perhaps you forgot to run make?" >&2
199 exit 1
200 fi
201 sha256check="15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225"
202 sha256result="$(printf '%s' '123456789' | src/ltsha256)"
203 if [ "$sha256check" != "$sha256result" ]; then
204 echo "ERROR: src/ltsha256 is built, but broken!" >&2
205 echo "ERROR: verifying sha256 hash of '123456789' failed!" >&2
206 exit 1
207 fi
208
209
210 echo "*** Checking for ezcert..."
211 if ! [ -f ezcert.git/CACreateCert ] || ! [ -x ezcert.git/CACreateCert ]; then
212 echo "ERROR: ezcert.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
213 exit 1
214 fi
215
216
217 echo "*** Checking for git..."
218 case "$cfg_git_bin" in /*) :;; *)
219 echo 'ERROR: $Girocco::Config::git_bin must be set to an absolute path' >&2
220 exit 1
221 esac
222 if ! [ -f "$cfg_git_bin" ] || ! [ -x "$cfg_git_bin" ]; then
223 echo "ERROR: $cfg_git_bin does not exist or is not executable" >&2
224 exit 1
225 fi
226 if ! git_version="$("$cfg_git_bin" version)" || [ -z "$git_version" ]; then
227 echo "ERROR: $cfg_git_bin version failed" >&2
228 exit 1
229 fi
230 case "$git_version" in
231 [Gg]"it version "*) :;;
232 *)
233 echo "ERROR: '$cfg_git_bin version' output does not start with 'git version '" >&2
234 exit 1
235 esac
236 echo "Found $cfg_git_bin $git_version"
237 git_vernum="$(echo "$git_version" | sed -ne 's/^[^0-9]*\([0-9][0-9]*\(\.[0-9][0-9]*\)*\).*$/\1/p')"
238 echo "*** Checking Git $git_vernum for compatibility..."
239 if [ "$(vcmp "$git_vernum" 1.6.6)" -lt 0 ]; then
240 echo 'ERROR: $Girocco::Config::git_bin must be at least Git version 1.6.6'
241 exit 1
242 fi
243 if [ "$(vcmp "$git_vernum" 1.6.6.3)" -lt 0 ]; then
244 echo 'WARNING: $Girocco::Config::git_bin version < 1.6.6.3, clients will not see useful error messages'
245 fi
246 if [ "$(vcmp "$git_vernum" 1.7.3)" -lt 0 ]; then
247 cat <<'EOT'
248
249 ***
250 *** SEVERE WARNING: $Girocco::Config::git_bin is set to a version of Git before 1.7.3
251 ***
252
253 Some Girocco functionality will be gracefully disabled and other things will
254 just not work at all such as race condition protection against simultaneous
255 client pushes and server garbage collections.
256
257 EOT
258 fi
259 if [ -n "$cfg_mirror" ] && [ "$(vcmp "$git_vernum" 1.7.5)" -lt 0 ]; then
260 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.5 and mirroring enabled, some sources can cause an infinite fetch loop'
261 fi
262 if [ "$(vcmp "$git_vernum" 1.7.6.6)" -lt 0 ]; then
263 echo 'WARNING: $Girocco::Config::git_bin version < 1.7.6.6, performance may be degraded'
264 fi
265 if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(vcmp "$git_vernum" 1.7.11)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.12.0)" -lt 0 ]; then
266 echo 'WARNING: $Girocco::Config::git_bin version >= 1.7.11 and < 2.12.0 and x86_64, make sure Git built WITHOUT XDL_FAST_HASH'
267 echo 'WARNING: See https://lore.kernel.org/git/20141222041944.GA441@peff.net/ for details'
268 fi
269 if [ "$(vcmp "$git_vernum" 1.8.4.2)" -ge 0 ] && [ -n "$cfg_mirror" ] && [ "$(vcmp "$git_vernum" 2)" -lt 0 ]; then
270 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, git-daemon needs write access for shallow clones'
271 echo 'WARNING: $Girocco::Config::git_bin version >= 1.8.4.2 and < 2.0.0, shallow clones will leave repository turds'
272 fi
273 if [ "$(vcmp "$git_vernum" 1.8.4.3)" -lt 0 ]; then
274 echo 'WARNING: $Girocco::Config::git_bin version < 1.8.4.3, clients will not receive symref=HEAD:refs/heads/...'
275 fi
276 if [ "$(vcmp "$git_vernum" 2.1)" -lt 0 ]; then
277 echo 'WARNING: $Girocco::Config::git_bin version < 2.1.0, pack bitmaps will not be available'
278 fi
279 if [ "$(vcmp "$git_vernum" 2.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.1.3)" -lt 0 ]; then
280 echo 'WARNING: $Girocco::Config::git_bin version >= 2.1.0 and < 2.1.3, pack bitmaps may not be reliable, please upgrade to at least Git version 2.1.3'
281 fi
282 if [ "$(vcmp "$git_vernum" 2.2)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.3.2)" -lt 0 ]; then
283 cat <<'EOT'
284
285 ***
286 *** ERROR: $Girocco::Config::git_bin is set to an incompatible version of Git
287 ***
288
289 Git versions starting with 2.2.0 and continuing up through 2.3.1 are incompatible
290 with Girocco due to various unresolved issues. Please either downgrade to 2.1.4
291 or earlier or, more preferred, upgrade to 2.3.2 (ideally 2.4.11) or later.
292
293 In order to bypass this check you will have to modify install.sh in which case
294 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
295
296 EOT
297 exit 1
298 fi
299 if [ "$(vcmp "$git_vernum" 2.3.3)" -lt 0 ]; then
300 echo 'WARNING: $Girocco::Config::git_bin version < 2.3.3, performance will be sub-optimal'
301 fi
302 if [ "$(vcmp "$git_vernum" 2.4.4)" -lt 0 ]; then
303 echo 'WARNING: $Girocco::Config::git_bin version < 2.4.4, many refs smart HTTP fetches can deadlock'
304 fi
305 if [ "$(vcmp "$git_vernum" 2.10.1)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.12.3)" -lt 0 ]; then
306 echo 'WARNING: $Girocco::Config::git_bin version >= 2.10.1 and < 2.12.3, --pickaxe-regex can segfault'
307 echo 'WARNING: If gitweb pickaxe regular expression searches are enabled, --pickaxe-regex will be used'
308 echo 'WARNING: See the fix at http://repo.or.cz/git.git/f53c5de29cec68e3 for details'
309 echo 'WARNING: The fix is trivial and easily cherry-picked into a custom 2.10.1 - 2.12.2 build'
310 echo 'WARNING: Leaving the gitweb/gitweb_config.perl "regexp" feature off as recommended avoids the issue'
311 fi
312 secmsg=
313 if [ "$(vcmp "$git_vernum" 2.4.11)" -lt 0 ]; then
314 secmsg='prior to 2.4.11'
315 fi
316 if [ "$(vcmp "$git_vernum" 2.5)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.5.5)" -lt 0 ]; then
317 secmsg='2.5.x prior to 2.5.5'
318 fi
319 if [ "$(vcmp "$git_vernum" 2.6)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.6.6)" -lt 0 ]; then
320 secmsg='2.6.x prior to 2.6.6'
321 fi
322 if [ "$(vcmp "$git_vernum" 2.7)" -ge 0 ] && [ "$(vcmp "$git_vernum" 2.7.4)" -lt 0 ]; then
323 secmsg='2.7.x prior to 2.7.4'
324 fi
325 if [ -n "$secmsg" ]; then
326 cat <<EOT
327
328 ***
329 *** SEVERE WARNING: \$Girocco::Config::git_bin is set to a version of Git $secmsg
330 ***
331
332 Security issues exist in Git versions prior to 2.4.11, 2.5.x prior to 2.5.5,
333 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.4.
334
335 Besides the security fixes included in later versions, versions prior to
336 2.2.0 may accidentally prune unreachable loose objects earlier than
337 intended. Since Git version 2.4.11 is the minimum version to include all
338 security fixes to date, it should be considered the absolute minimum
339 version of Git to use when running Girocco.
340
341 This is not enforced, but Git is easy to build from the git.git submodule
342 and upgrading to GIT VERSION 2.4.11 OR LATER IS HIGHLY RECOMMENDED.
343
344 We will now pause for a moment so you can reflect on this warning.
345
346 EOT
347 sleep 60
348 fi
349 if [ -n "$cfg_mirror" ] && [ "$cfg_mirror" != 0 ] && grep -q ns_parserr "$cfg_git_bin"; then
350 cat <<'EOT'
351
352 ***
353 *** WARNING: $Girocco::Config::git_bin is set to a questionable Git binary
354 ***
355
356 You appear to have enabled mirroring and the Git binary you have selected
357 appears to contain an experimental patch that cannot be disabled. This
358 patch can generate invalid network DNS traffic and/or cause long delays
359 when fetching using the "git:" protocol when no port number is specified.
360 It may also end up retrieving repsitory contents from a host other than
361 the one specified in the "git:" URL when the port is omitted.
362
363 You are advised to either build your own version of Git (the problem patch
364 is not part of the official Git repository) or disable mirroring (via the
365 $Girocco::Config:mirror setting) to avoid these potential problems.
366
367 USE THE SELECTED GIT BINARY AT YOUR OWN RISK!
368
369 EOT
370 sleep 5
371 fi
372
373 test_nc_U() {
374 [ -n "$1" ] || return 1
375 _cmdnc="$(command -v "$1" 2>/dev/null)" || :
376 [ -n "$_cmdnc" ] && [ -f "$_cmdnc" ] && [ -x "$_cmdnc" ] || return 1
377 _tmpdir="$(mktemp -d /tmp/nc-u-XXXXXX)"
378 [ -n "$_tmpdir" ] && [ -d "$_tmpdir" ] || return 1
379 >"$_tmpdir/output"
380 (sleep 3 | "$_cmdnc" -l -U "$_tmpdir/socket" 2>/dev/null >"$_tmpdir/output" || >"$_tmpdir/failed")&
381 _bgpid="$!"
382 sleep 1
383 echo "testing" | "$_cmdnc" -w 1 -U "$_tmpdir/socket" >/dev/null 2>&1 || >"$_tmpdir/failed"
384 sleep 1
385 kill "$_bgpid" >/dev/null 2>&1 || :
386 read -r _result <"$_tmpdir/output" || :
387 _bad=
388 ! [ -e "$_tmpdir/failed" ] || _bad=1
389 rm -rf "$_tmpdir"
390 [ -z "$_bad" ] && [ "$_result" = "testing" ]
391 } >/dev/null 2>&1
392
393 echo "*** Verifying \$Girocco::Config::nc_openbsd_bin supports -U option..."
394 test_nc_U "$var_nc_openbsd_bin" || {
395 echo "ERROR: invalid Girocco::Config::nc_openbsd_bin setting" >&2
396 echo "ERROR: \"$var_nc_openbsd_bin\" does not grok the -U option" >&2
397 uname_s="$(uname -s 2>/dev/null | tr A-Z a-z 2>/dev/null)" || :
398 case "$uname_s" in
399 *dragonfly*)
400 echo "ERROR: see the src/dragonfly/README file for a solution" >&2;;
401 *kfreebsd*|*linux*)
402 echo "ERROR: try installing the package named 'netcat-openbsd'" >&2;;
403 esac
404 exit 1
405 }
406
407 echo "*** Verifying selected POSIX sh is sane..."
408 shbin="$var_sh_bin"
409 [ -n "$shbin" ] && [ -f "$shbin" ] && [ -x "$shbin" ] && [ "$("$shbin" -c 'echo sh $(( 1 + 1 ))' 2>/dev/null)" = "sh 2" ] || {
410 echo 'ERROR: invalid $Girocco::Config::posix_sh_bin setting' >&2
411 exit 1
412 }
413 [ "$(check_sh_builtin command)" = "command" ] || {
414 echo 'ERROR: invalid $Girocco::Config::posix_sh_bin setting (does not understand command -v)' >&2
415 exit 1
416 }
417 sh_not_builtin=
418 sh_extra_chroot_installs=
419 badsh=
420 for sbi in cd pwd read umask unset unalias; do
421 if [ "$(check_sh_builtin "$sbi")" != "$sbi" ]; then
422 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (missing built-in $sbi)" >&2
423 badsh=1
424 fi
425 done
426 [ -z "$badsh" ] || exit 1
427 for sbi in '[' echo printf test; do
428 if ! extra="$(check_sh_builtin "$sbi")"; then
429 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (missing command $sbi)" >&2
430 badsh=1
431 continue
432 fi
433 if [ "$extra" != "$sbi" ]; then
434 case "$extra" in /*) :;; *)
435 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (bad command -v $sbi result: $extra)" >&2
436 badsh=1
437 continue
438 esac
439 withspc=
440 case "$extra" in *" "*) withspc=1; esac
441 [ -z "$withspc" ] && [ -f "$extra" ] && [ -r "$extra" ] && [ -x "$extra" ] || {
442 echo "ERROR: invalid \$Girocco::Config::posix_sh_bin setting (unusable command -v $sbi result: $extra)" >&2
443 badsh=1
444 continue
445 }
446 echo "WARNING: slow \$Girocco::Config::posix_sh_bin setting (not built-in $sbi)" >&2
447 sh_not_builtin="$sh_not_builtin $sbi"
448 sh_extra_chroot_installs="$sh_extra_chroot_installs $extra"
449 fi
450 done
451 [ -z "$badsh" ] || exit 1
452 [ -z "$sh_extra_chroot_installs" ] || {
453 echo "WARNING: the selected POSIX sh implements these as non-built-in:$sh_not_builtin" >&2
454 echo "WARNING: as a result it will run slower than necessary" >&2
455 echo "WARNING: consider building and switching to dash which can be found at:" >&2
456 echo "WARNING: http://gondor.apana.org.au/~herbert/dash/" >&2
457 echo "WARNING: (download a tarball from the files section or clone the Git repository" >&2
458 echo "WARNING: and checkout the latest tag, run autogen.sh, configure and build)" >&2
459 echo "WARNING: dash is licensed under the 3-clause BSD license" >&2
460 }
461
462 echo "*** Verifying xargs is sane..."
463 _xargsr="$(</dev/null command xargs printf %s -r)" || :
464 xtest1="$(</dev/null command xargs $_xargsr printf 'test %s ' 2>/dev/null)" || :
465 xtest2="$(printf '%s\n' one two | command xargs $_xargsr printf 'test %s ' 2>/dev/null)" || :
466 [ -z "$xtest1" ] && [ "$xtest2" = "test one test two " ] || {
467 echo 'ERROR: xargs is unusable' >&2
468 echo 'ERROR: either `test -z "$(</dev/null xargs echo test 2>/dev/null)"`' >&2
469 echo 'ERROR: or `test -z "$(</dev/null xargs -r echo test 2>/dev/null)"`' >&2
470 echo 'ERROR: must be true, but neither is' >&2
471 exit 1
472 }
473
474 echo "*** Verifying selected perl is sane..."
475 perlbin="$var_perl_bin"
476 [ -n "$perlbin" ] && [ -f "$perlbin" ] && [ -x "$perlbin" ] && [ "$("$perlbin" -wle 'print STDOUT "perl ", + ( 1 + 1 )' 2>/dev/null)" = "perl 2" ] || {
477 echo 'ERROR: invalid $Girocco::Config::perl_bin setting' >&2
478 exit 1
479 }
480
481 echo "*** Verifying selected gzip is sane..."
482 gzipbin="$var_gzip_bin"
483 [ -n "$gzipbin" ] && [ -f "$gzipbin" ] && [ -x "$gzipbin" ] && "$gzipbin" -V 2>&1 | grep -q gzip &&
484 [ "$(echo Girocco | "$gzipbin" -c -n -9 | "$gzipbin" -c -d)" = "Girocco" ] || {
485 echo 'ERROR: invalid $Girocco::Config::gzip_bin setting' >&2
486 exit 1
487 }
488
489 echo "*** Verifying basedir, webroot, webreporoot and cgiroot paths..."
490 # Make sure $cfg_basedir, $cfg_webroot and $cfg_cgiroot are absolute paths
491 case "$cfg_basedir" in /*) :;; *)
492 echo "ERROR: invalid Girocco::Config::basedir setting" >&2
493 echo "ERROR: \"$cfg_basedir\" must be an absolute path (start with '/')" >&2
494 exit 1
495 esac
496 case "$cfg_webroot" in /*) :;; *)
497 echo "ERROR: invalid Girocco::Config::webroot setting" >&2
498 echo "ERROR: \"$cfg_webroot\" must be an absolute path (start with '/')" >&2
499 exit 1
500 esac
501 if [ -n "$cfg_webreporoot" ]; then
502 case "$cfg_webreporoot" in /*) :;; *)
503 echo "ERROR: invalid Girocco::Config::webreporoot setting" >&2
504 echo "ERROR: \"$cfg_webreporoot\" must be an absolute path (start with '/') or undef" >&2
505 exit 1
506 esac
507 fi
508 case "$cfg_cgiroot" in /*) :;; *)
509 echo "ERROR: invalid Girocco::Config::cgiroot setting" >&2
510 echo "ERROR: \"$cfg_cgiroot\" must be an absolute path (start with '/')" >&2
511 exit 1
512 esac
513
514 # return the input with trailing slashes stripped but return "/" for all "/"s
515 striptrsl() {
516 [ -n "$1" ] || return 0
517 _s="${1##*[!/]}"
518 [ "$_s" != "$1" ] || _s="${_s#?}"
519 printf "%s\n" "${1%$_s}"
520 }
521
522 # a combination of realpath + dirname where the realpath of the deepest existing
523 # directory is returned with the rest of the non-existing components appended
524 # and trailing slashes and multiple slashes are removed
525 realdir() {
526 _d="$(striptrsl "$1")"
527 if [ "$_d" = "/" ] || [ -z "$_d" ]; then
528 echo "$_d"
529 return 0
530 fi
531 _c=""
532 while ! [ -d "$_d" ]; do
533 _c="/$(basename "$_d")$_c"
534 _d="$(dirname "$_d")"
535 [ "$_d" != "/" ] || _c="${_c#/}"
536 done
537 printf "%s%s\n" "$(cd "$_d" && pwd -P)" "$_c"
538 }
539
540 # Use basedir, webroot and cgiroot for easier control of filesystem locations
541 # Wherever we are writing/copying/installing files we use these, but where we
542 # are editing, adding config settings or printing advice we always stick to the
543 # cfg_xxx Config variable versions. These are like a set of DESTDIR variables.
544 # Only the file system directories that could be asynchronously accessed (by
545 # the web server, jobd.pl, taskd.pl or incoming pushes) get these special vars.
546 # The chroot is handled specially and does not need one of these.
547 # We must be careful to allow cgiroot and/or webroot to be under basedir in which
548 # case the prior contents of cgiroot and/or webroot are discarded.
549 rbasedir="$(realdir "$cfg_basedir")"
550 rwebroot="$(realdir "$cfg_webroot")"
551 rwebreporoot=
552 [ -z "$cfg_webreporoot" ] || {
553 # avoid resolving a pre-existing symlink from a previous install
554 rwebreporoot="$(realdir "${cfg_webreporoot%/}_NOSUCHDIR")"
555 rwebreporoot="${rwebreporoot%_NOSUCHDIR}"
556 }
557 rcgiroot="$(realdir "$cfg_cgiroot")"
558 case "$rbasedir" in "$rwebroot"/?*)
559 echo "ERROR: invalid Girocco::Config::basedir setting; must not be under webroot" >&2
560 exit 1
561 esac
562 case "$rbasedir" in "$rcgiroot"/?*)
563 echo "ERROR: invalid Girocco::Config::basedir setting; must not be under cgiroot" >&2
564 exit 1
565 esac
566 if [ "$rwebroot" = "$rcgiroot" ]; then
567 echo "ERROR: invalid Girocco::Config::webroot and Girocco::Config::cgiroot settings; must not be the same" >&2
568 exit 1
569 fi
570 case "$rcgiroot" in "$rwebroot"/?*)
571 echo "ERROR: invalid Girocco::Config::cgiroot setting; must not be under webroot" >&2
572 exit 1
573 esac
574 case "$rwebroot" in "$rcgiroot"/?*)
575 echo "ERROR: invalid Girocco::Config::webroot setting; must not be under cgiroot" >&2
576 exit 1
577 esac
578 if [ -n "$rwebreporoot" ]; then
579 if [ "$rwebreporoot" = "$rwebroot" ]; then
580 echo "ERROR: invalid Girocco::Config::webroot and Girocco::Config::webreporoot settings; must not be the same" >&2
581 exit 1
582 fi
583 case "$rwebreporoot" in "$rwebroot"/?*);;*)
584 echo "ERROR: invalid Girocco::Config::webreporoot setting; must be under webroot or undef" >&2
585 exit 1
586 esac
587 fi
588 basedir="$rbasedir-new"
589 case "$rwebroot" in
590 "$rbasedir"/?*)
591 webroot="$basedir${rwebroot#$rbasedir}"
592 webrootsub=1
593 ;;
594 *)
595 webroot="$rwebroot-new"
596 webrootsub=
597 ;;
598 esac
599 webreporoot=
600 [ -z "$rwebreporoot" ] || webreporoot="$webroot${rwebreporoot#$rwebroot}"
601 case "$rcgiroot" in
602 "$rbasedir"/?*)
603 cgiroot="$basedir${rcgiroot#$rbasedir}"
604 cgirootsub=1
605 ;;
606 *)
607 cgiroot="$rcgiroot-new"
608 cgirootsub=
609 ;;
610 esac
611
612 echo "*** Setting up basedir..."
613
614 chown_make() {
615 if [ "$LOGNAME" = root ] && [ -n "$SUDO_USER" ] && [ "$SUDO_USER" != root ]; then
616 find -H "$@" -user root -exec chown "$SUDO_USER:$(id -gn "$SUDO_USER")" '{}' + 2>/dev/null || :
617 elif [ "$LOGNAME" = root ] && { [ -z "$SUDO_USER" ] || [ "$SUDO_USER" = root ]; }; then
618 echo "*** WARNING: running make as root w/o sudo may leave root-owned: $*"
619 fi
620 }
621
622 "$MAKE" --no-print-directory --silent apache.conf
623 chown_make apache.conf
624 "$MAKE" --no-print-directory --silent -C src
625 chown_make src
626 rm -fr "$basedir"
627 mkdir -p "$basedir" "$basedir/gitweb" "$basedir/cgi"
628 # make the mtlinesfile with 1000 empty lines
629 yes '' | dd bs=1000 count=1 2>/dev/null >"$basedir/mtlinesfile"
630 chmod a+r "$basedir/mtlinesfile"
631 cp cgi/*.cgi "$basedir/cgi"
632 cp -pR Girocco jobd taskd html jobs toolbox hooks apache.conf shlib.sh bin screen "$basedir"
633 rm -f "$basedir/Girocco/Dumper.pm" # Dumper.pm is only for the install.sh process
634 find -H "$basedir" -type l -exec rm -f '{}' +
635 cp -p src/can_user_push src/can_user_push_http src/get_user_uuid src/list_packs src/peek_packet \
636 src/rangecgi src/readlink src/strftime src/throttle src/ulimit512 src/ltsha256 \
637 ezcert.git/CACreateCert cgi/authrequired.cgi cgi/snapshot.cgi \
638 "$basedir/bin"
639 cp -p gitweb/*.sh gitweb/*.perl "$basedir/gitweb"
640 if [ -n "$cfg_httpspushurl" ]; then
641 [ -z "$cfg_pretrustedroot" ] || rm -f "$basedir"/html/rootcert.html
642 else
643 rm -f "$basedir"/html/rootcert.html "$basedir"/html/httpspush.html
644 fi
645 [ -n "$cfg_mob" ] || rm -f "$basedir"/html/mob.html
646
647 # Put the frozen Config in place
648 VARLIST="$(get_girocco_config_var_list varonly)" && export VARLIST
649 perl -I"$PWD" -MGirocco::Dumper=FreezeConfig -MScalar::Util=looks_like_number -e '
650 my $usemod = $ARGV[0];
651 my $f = sub { return () unless $_[0] =~ /^(var_[^=\s]+)=(.*)$/;
652 my ($k,$v) = ($1,$2);
653 $v =~ s/([\@\%])/\\$1/gos;
654 $v = "\"".$v."\"" unless substr($v,0,1) eq "\"" || looks_like_number($v);
655 my $e = eval $v;
656 [$k, $e] };
657 my @vars = map({&$f($_)} split(/\n+/, $ENV{VARLIST}));
658 my $s = sub { my $conf = shift;
659 foreach (@vars) {
660 my ($k,$v) = @{$_};
661 eval "\$${conf}::$k=\$v";
662 }
663 };
664 print FreezeConfig($usemod, undef, $s);
665 ' -- "$GIROCCO_CONF" >"$basedir/Girocco/Config.pm"
666 unset VARLIST
667
668 # Create symbolic links to selected binaries
669 ln -s "$cfg_git_bin" "$basedir/bin/git"
670 ln -s "$shbin" "$basedir/bin/sh"
671 ln -s "$perlbin" "$basedir/bin/perl"
672 ln -s "$gzipbin" "$basedir/bin/gzip"
673 [ -z "$var_openssl_bin" ] || ln -s "$var_openssl_bin" "$basedir/bin/openssl"
674
675 echo "*** Preprocessing scripts..."
676 SHBIN="$shbin" && export SHBIN
677 PERLBIN="$perlbin" && export PERLBIN
678 perl -I"$PWD" -M$GIROCCO_CONF -i -p \
679 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
680 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
681 -e 's/(?<!")\@basedir\@/"$Girocco::Config::basedir"/g;' \
682 -e 's/(?<=")\@basedir\@/$Girocco::Config::basedir/g;' \
683 -e 's/__BASE''DIR__/$Girocco::Config::basedir/g;' \
684 -e 's/\@reporoot\@/"$Girocco::Config::reporoot"/g;' \
685 -e 's/\@shbin\@/"$ENV{SHBIN}"/g;' \
686 -e 's/\@perlbin\@/"$ENV{PERLBIN}"/g;' \
687 -e 's/\@jailreporoot\@/"$Girocco::Config::jailreporoot"/g;' \
688 -e 's/\@chroot\@/"$Girocco::Config::chroot"/g;' \
689 -e 's/\@webadmurl\@/"$Girocco::Config::webadmurl"/g;' \
690 -e 's/\@screen_acl_file\@/"$Girocco::Config::screen_acl_file"/g;' \
691 -e 's/\@mob\@/"$Girocco::Config::mob"/g;' \
692 -e 's/\@autogchack\@/"$Girocco::Config::autogchack"/g;' \
693 -e 's/\@git_server_ua\@/"$Girocco::Config::git_server_ua"/g;' \
694 -e 's/\@defined_git_server_ua\@/defined($Girocco::Config::git_server_ua)/ge;' \
695 -e 's/\@git_no_mmap\@/"$Girocco::Config::git_no_mmap"/g;' \
696 -e 's/\@big_file_threshold\@/"'"$var_big_file_threshold"'"/g;' \
697 -e 's/\@upload_pack_window\@/"'"$var_upload_window"'"/g;' \
698 -e 's/\@fetch_stash_refs\@/"$Girocco::Config::fetch_stash_refs"/g;' \
699 -e 's/\@suppress_git_ssh_logging\@/"$Girocco::Config::suppress_git_ssh_logging"/g;' \
700 -e 's/\@max_file_size512\@/"$Girocco::Config::max_file_size512"/g;' \
701 -e 'close ARGV if eof;' \
702 "$basedir"/jobs/*.sh "$basedir"/jobd/*.sh \
703 "$basedir"/taskd/*.sh "$basedir"/gitweb/*.sh \
704 "$basedir"/shlib.sh "$basedir"/hooks/* \
705 "$basedir"/toolbox/*.sh "$basedir"/toolbox/*.pl \
706 "$basedir"/toolbox/reports/*.sh \
707 "$basedir"/bin/git-* "$basedir"/bin/*.sh \
708 "$basedir"/bin/create-* "$basedir"/bin/update-* \
709 "$basedir"/bin/*.cgi "$basedir"/screen/*
710 perl -I"$PWD" -M$GIROCCO_CONF -i -p \
711 -e 's/__BASE''DIR__/$Girocco::Config::basedir/g;' \
712 "$basedir"/cgi/*.cgi "$basedir"/gitweb/*.perl \
713 "$basedir"/jobd/*.pl "$basedir"/taskd/*.pl
714 perl -i -p \
715 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
716 -e 'close ARGV if eof;' \
717 "$basedir"/jobd/jobd.pl "$basedir"/taskd/taskd.pl \
718 "$basedir"/bin/sendmail.pl "$basedir"/bin/CACreateCert
719 perl -i -p \
720 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
721 -e 's/^#!.*sh/#!$ENV{SHBIN}/ if $. == 1;' \
722 -e 'close ARGV if eof;' \
723 "$basedir"/bin/format-readme "$basedir/cgi"/*.cgi
724 unset PERLBIN
725 unset SHBIN
726
727 # Dump all the cfg_ and defined_ variables to shlib_vars.sh
728 get_girocco_config_var_list >"$basedir"/shlib_vars.sh
729
730 if [ "${cfg_mirror_darcs:-0}" != "0" ]; then
731 echo "*** Setting up darcs-fast-export from girocco-darcs-fast-export.git..."
732 if ! [ -f girocco-darcs-fast-export.git/darcs-fast-export ] ||
733 ! [ -x girocco-darcs-fast-export.git/darcs-fast-export ]; then
734 echo "ERROR: girocco-darcs-fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
735 exit 1
736 fi
737 mkdir -p "$basedir"/bin
738 cp girocco-darcs-fast-export.git/darcs-fast-export "$basedir"/bin
739 fi
740
741 if [ "${cfg_mirror_hg:-0}" != "0" ]; then
742 echo "*** Setting up hg-fast-export from girocco-hg-fast-export.git..."
743 if ! [ -f girocco-hg-fast-export.git/hg-fast-export.py ] || ! [ -f girocco-hg-fast-export.git/hg2git.py ]; then
744 echo "ERROR: girocco-hg-fast-export.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
745 exit 1
746 fi
747 mkdir -p "$basedir"/bin
748 cp girocco-hg-fast-export.git/hg-fast-export.py girocco-hg-fast-export.git/hg2git.py "$basedir"/bin
749 fi
750
751 echo "*** Setting up markdown from markdown.git..."
752 if ! [ -f markdown.git/Markdown.pl ]; then
753 echo "ERROR: markdown.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
754 exit 1
755 fi
756 mkdir -p "$basedir"/bin
757 (PERLBIN="$perlbin" && export PERLBIN &&
758 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
759 markdown.git/Markdown.pl >"$basedir"/bin/Markdown.pl.$$ &&
760 chmod a+x "$basedir"/bin/Markdown.pl.$$ &&
761 mv -f "$basedir"/bin/Markdown.pl.$$ "$basedir"/bin/Markdown.pl)
762 test $? -eq 0
763
764 # Some permission sanity on basedir/bin just in case
765 find -H "$basedir"/bin -type f -exec chmod go-w '{}' +
766 chown -R -h "$cfg_mirror_user""$owngroup" "$basedir"/bin
767
768 if [ -n "$cfg_mirror" ]; then
769 echo "--- Remember to start $cfg_basedir/taskd/taskd.pl"
770 fi
771 echo "--- Also remember to either start $cfg_basedir/jobd/jobd.pl, or add this"
772 echo "--- to the crontab of $cfg_mirror_user (adjust frequency on number of repos):"
773 echo "*/30 * * * * /usr/bin/nice -n 18 $cfg_basedir/jobd/jobd.pl -q --all-once"
774
775
776 echo "*** Setting up repository root..."
777 [ -d "$cfg_reporoot" ] || {
778 mkdir -p "$cfg_reporoot"
779 chown "$cfg_mirror_user""$owngroup" "$cfg_reporoot" ||
780 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_reporoot"
781 }
782 [ -z "$cfg_owning_group" ] ||
783 chgrp "$cfg_owning_group" "$cfg_reporoot" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot"
784 chmod 02775 "$cfg_reporoot" || echo "WARNING: Cannot chmod $cfg_reporoot properly"
785 mkdir -p "$cfg_reporoot/_recyclebin" "$cfg_reporoot/_global/hooks" "$cfg_reporoot/_global/empty"
786 chown "$cfg_mirror_user""$owngroup" "$cfg_reporoot/_recyclebin" "$cfg_reporoot/_global" "$cfg_reporoot/_global/hooks" "$cfg_reporoot/_global/empty" ||
787 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_reporoot/{_recyclebin,_global} properly"
788 if [ "$cfg_owning_group" ]; then
789 chgrp "$cfg_owning_group" "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chgrp $cfg_owning_group $cfg_reporoot/_recyclebin"
790 chgrp -R "$cfg_owning_group" "$cfg_reporoot/_global" || echo "WARNING: Cannot chgrp -R $cfg_owning_group $cfg_reporoot/_global"
791 fi
792 chmod 02775 "$cfg_reporoot/_recyclebin" || echo "WARNING: Cannot chmod $cfg_reporoot/_recyclebin properly"
793 chmod 00755 "$cfg_reporoot/_global" "$cfg_reporoot/_global/hooks" "$cfg_reporoot/_global/empty" || echo "WARNING: Cannot chmod $cfg_reporoot/_global properly"
794
795
796 usejail=
797 [ "${cfg_disable_jailsetup:-0}" != "0" ] || [ "${cfg_chrooted:-0}" = "0" ] || usejail=1
798 if [ -n "$usejail" ]; then
799 echo "*** Setting up chroot jail for pushing..."
800 if [ -n "$isroot" ]; then
801 # jailsetup may install things from $cfg_basedir/bin into the
802 # chroot so we do a mini-update of just that portion now
803 mkdir -p "$cfg_basedir"
804 rm -rf "$cfg_basedir/bin-new"
805 cp -pR "$basedir/bin" "$cfg_basedir/bin-new" >/dev/null 2>&1
806 rm -rf "$cfg_basedir/bin-old"
807 quick_move "$cfg_basedir/bin-new" "$cfg_basedir/bin" "$cfg_basedir/bin-old"
808 rm -rf "$cfg_basedir/bin-old"
809 if [ -n "$sh_extra_chroot_installs" ]; then
810 GIROCCO_CHROOT_EXTRA_INSTALLS="$sh_extra_chroot_installs"
811 export GIROCCO_CHROOT_EXTRA_INSTALLS
812 fi
813 ./jailsetup.sh
814 unset GIROCCO_CHROOT_EXTRA_INSTALLS
815 else
816 echo "WARNING: Skipping jail setup, not root"
817 fi
818 fi
819
820
821 echo "*** Setting up jail configuration (project database)..."
822 [ -n "$usejail" ] && [ -n "$isroot" ] || ./jailsetup.sh dbonly
823 mkdir -p "$cfg_chroot" "$cfg_chroot/etc"
824 touch "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group"
825 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc" ||
826 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup $cfg_chroot/etc"
827 if [ -n "$usejail" ]; then
828 chown "$cfg_cgi_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
829 echo "WARNING: Cannot chown $cfg_cgi_user$owngroup the etc/passwd and/or etc/group files"
830 else
831 # If a chroot jail is not in use, sudo privileges are neither expected nor required
832 # which means it will not be possible to change the owner of the passwd and group
833 # files if it differs from the mirror user. And that's okay, provided the group
834 # can still be set correctly to the owning group. But, just in case we're running
835 # as root, go ahead and set the owner to the mirror user.
836 chown "$cfg_mirror_user""$owngroup" "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
837 echo "WARNING: Cannot chown $cfg_mirror_user$owngroup the etc/passwd and/or etc/group files"
838 fi
839 chmod g+w "$cfg_chroot/etc/passwd" "$cfg_chroot/etc/group" ||
840 echo "WARNING: Cannot chmod g+w the etc/passwd and/or etc/group files"
841 chmod 02775 "$cfg_chroot/etc" || echo "WARNING: Cannot chmod 02775 $cfg_chroot/etc"
842
843
844 echo "*** Setting up global hook scripts..."
845 # It is absolutely CRUCIAL that hook script replacements are done atomically!
846 # Otherwise an incoming push might slip in and fail to run the hook script!
847 # The underlying rename(2) function call provides this and mv will use it.
848 # First add hook scripts
849 hooks="pre-auto-gc pre-receive post-commit post-receive update"
850 for hook in $hooks; do
851 cat "$basedir/hooks/$hook" >"$cfg_reporoot/_global/hooks/$hook.$$"
852 chown "$cfg_mirror_user""$owngroup" "$cfg_reporoot/_global/hooks/$hook.$$" ||
853 echo "WARNING: Cannot chown $cfg_reporoot/_global/hooks/$hook"
854 chmod 0755 "$cfg_reporoot/_global/hooks/$hook.$$"
855 mv -f "$cfg_reporoot/_global/hooks/$hook.$$" "$cfg_reporoot/_global/hooks/$hook"
856 done
857 # Then remove any hook scripts that do not belong
858 for hook in "$cfg_reporoot/_global/hooks"/*; do
859 hook="${hook##*/}"
860 [ -f "$cfg_reporoot/_global/hooks/$hook" ] || continue
861 case " $hooks " in *" $hook "*);;*)
862 rm -f "$cfg_reporoot/_global/hooks/$hook" ||
863 echo "WARNING: Cannot remove extraneous $cfg_reporoot/_global/hooks/$hook"
864 esac
865 done
866
867
868 echo "*** Setting up gitweb from git.git..."
869 if ! [ -f git.git/Makefile ]; then
870 echo "ERROR: git.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
871 exit 1
872 fi
873
874 # We do not wholesale replace either webroot or cgiroot unless they are under
875 # basedir so if they exist and are not we make a copy to start working on them.
876 # We make a copy using -p which can result in some warnings so we suppress
877 # error output as it's of no consequence in this case.
878 rm -rf "$webroot" "$cgiroot"
879 [ -n "$webrootsub" ] || ! [ -d "$rwebroot" ] || cp -pR "$rwebroot" "$webroot" >/dev/null 2>&1 || :
880 [ -n "$cgirootsub" ] || ! [ -d "$rcgiroot" ] || cp -pR "$rcgiroot" "$cgiroot" >/dev/null 2>&1 || :
881 mkdir -p "$webroot" "$cgiroot"
882
883 (
884 cd git.git &&
885 "$MAKE" --no-print-directory --silent NO_SUBDIR=: bindir="$(dirname "$cfg_git_bin")" \
886 GITWEB_CONFIG_COMMON="" GITWEB_CONFIG_SYSTEM="" \
887 GITWEB_CONFIG="$cfg_basedir/gitweb/gitweb_config.perl" SHELL_PATH="$shbin" gitweb &&
888 chown_make gitweb &&
889 PERLBIN="$perlbin" && export PERLBIN &&
890 perl -p -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
891 -e 's/^(\s*use\s+warnings\s*;.*)$/#$1/;' gitweb/gitweb.cgi >"$cgiroot"/gitweb.cgi.$$ &&
892 chmod a+x "$cgiroot"/gitweb.cgi.$$ &&
893 chown_make "$cgiroot"/gitweb.cgi.$$ &&
894 mv -f "$cgiroot"/gitweb.cgi.$$ "$cgiroot"/gitweb.cgi &&
895 cp gitweb/static/*.png gitweb/static/*.css gitweb/static/*.js "$webroot"
896 )
897 test $? -eq 0
898
899
900 echo "*** Setting up git-browser from git-browser.git..."
901 if ! [ -f git-browser.git/git-browser.cgi ]; then
902 echo "ERROR: git-browser.git is not checked out! Did you _REALLY_ read INSTALL?" >&2
903 exit 1
904 fi
905 mkdir -p "$webroot"/git-browser "$cgiroot"
906 (
907 cd git-browser.git &&
908 CFG="$cfg_basedir/gitweb/git-browser.conf" && export CFG &&
909 PERLBIN="$perlbin" && export PERLBIN && perl -p \
910 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
911 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-browser.cgi >"$cgiroot"/git-browser.cgi.$$ &&
912 chmod a+x "$cgiroot"/git-browser.cgi.$$ &&
913 chown_make "$cgiroot"/git-browser.cgi.$$ &&
914 perl -p \
915 -e 's/^#!.*perl/#!$ENV{PERLBIN}/ if $. == 1;' \
916 -e 's/"git-browser\.conf"/"$ENV{"CFG"}"/' git-diff.cgi >"$cgiroot"/git-diff.cgi.$$ &&
917 chmod a+x "$cgiroot"/git-diff.cgi.$$ &&
918 chown_make "$cgiroot"/git-diff.cgi.$$ &&
919 mv -f "$cgiroot"/git-browser.cgi.$$ "$cgiroot"/git-browser.cgi &&
920 mv -f "$cgiroot"/git-diff.cgi.$$ "$cgiroot"/git-diff.cgi &&
921 for h in *.html; do
922 [ "$h" != "index.html" ] || continue
923 if [ "$h" = "by-commit.html" ] || [ "$h" = "by-date.html" ]; then
924 FAVLINE='<link rel="shortcut icon" href="/git-favicon.png" type="image/png" />' &&
925 export FAVLINE && perl -p -e 'print "$ENV{FAVLINE}\n" if m{</head>};' "$h" \
926 >"$webroot/git-browser/$h.$$" &&
927 chmod a+r "$webroot/git-browser/$h.$$" &&
928 mv -f "$webroot/git-browser/$h.$$" "$webroot/git-browser/$h"
929 else
930 cp -p "$h" "$webroot/git-browser/"
931 fi
932 done
933 cp -pR *.js *.css js.lib "$webroot/git-browser/" &&
934 cp -pR JSON "$cgiroot/"
935 )
936 test $? -eq 0
937 gitwebabs="$cfg_gitweburl"
938 case "$gitwebabs" in "http://"[!/]*|"https://"[!/]*)
939 gitwebabs="${gitwebabs#*://}"
940 case "$gitwebabs" in
941 *"/"*) gitwebabs="/${gitwebabs#*/}";;
942 *) gitwebabs="";;
943 esac
944 esac
945 case "$gitwebabs" in */);;*) gitwebabs="$gitwebabs/"; esac
946 cat >"$basedir/gitweb"/git-browser.conf.$$ <<-EOT
947 gitbin: $cfg_git_bin
948 gitweb: $gitwebabs
949 warehouse: $cfg_reporoot
950 doconfig: $cfg_basedir/gitweb/gitbrowser_config.perl
951 EOT
952 chown_make "$basedir/gitweb"/git-browser.conf.$$
953 mv -f "$basedir/gitweb"/git-browser.conf.$$ "$basedir/gitweb"/git-browser.conf
954 esctitle="$(printf '%s\n' "$cfg_title" | LC_ALL=C sed 's/\\/\\\\/g;s/"/\\"/g;')" || :
955 cat >"$webroot"/git-browser/GitConfig.js.$$ <<-EOT
956 cfg_gitweb_url="$cfg_gitweburl/"
957 cfg_browsercgi_url="$cfg_webadmurl/git-browser.cgi"
958 cfg_home_url="$cfg_gitweburl/%n"
959 cfg_home_text="summary"
960 cfg_bycommit_title="$esctitle - %n/graphiclog1"
961 cfg_bydate_title="$esctitle - %n/graphiclog2"
962 EOT
963 chown_make "$webroot"/git-browser/GitConfig.js.$$
964 mv -f "$webroot"/git-browser/GitConfig.js.$$ "$webroot"/git-browser/GitConfig.js
965
966
967 echo "*** Setting up our part of the website..."
968 mkdir -p "$webroot" "$cgiroot"
969 cp "$basedir"/bin/snapshot.cgi "$basedir/cgi"
970 cp "$basedir"/bin/authrequired.cgi "$basedir/cgi"
971 [ -n "$cfg_httpspushurl" ] || rm -f "$basedir/cgi"/usercert.cgi "$cgiroot"/usercert.cgi
972 cp "$basedir/cgi"/*.cgi "$cgiroot"
973 rm -rf "$basedir/cgi"
974 [ -z "$webreporoot" ] || { rm -f "$webreporoot" && ln -s "$cfg_reporoot" "$webreporoot"; }
975 if [ -z "$cfg_httpspushurl" ] || [ -n "$cfg_pretrustedroot" ]; then
976 grep -v 'rootcert[.]html' gitweb/indextext.html >"$basedir/gitweb/indextext.html"
977 else
978 cp gitweb/indextext.html "$basedir/gitweb"
979 fi
980 mv "$basedir"/html/*.css "$basedir"/html/*.js "$webroot"
981 cp mootools.js "$webroot"
982 cp htaccess "$webroot/.htaccess"
983 cp cgi/htaccess "$cgiroot/.htaccess"
984 cp git-favicon.ico "$webroot/favicon.ico"
985 cp robots.txt "$webroot"
986 cat gitweb/gitweb.css >>"$webroot"/gitweb.css
987
988
989 if [ -n "$cfg_httpspushurl" ]; then
990 echo "*** Setting up SSL certificates..."
991 openssl="${var_openssl_bin:-openssl}"
992 createcert() { PATH="$basedir/bin:$PATH" "$basedir/bin/CACreateCert" "$@"; }
993 bits=2048
994 if [ "$cfg_rsakeylength" -gt "$bits" ] 2>/dev/null; then
995 bits="$cfg_rsakeylength"
996 fi
997 mkdir -p "$cfg_certsdir"
998 [ -d "$cfg_certsdir" ]
999 wwwcertcn=
1000 if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then
1001 wwwcertcn="$(
1002 "$openssl" x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject |
1003 sed -e 's,[^/]*,,'
1004 )"
1005 fi
1006 wwwcertdns=
1007 if [ -n "$cfg_wwwcertaltnames" ]; then
1008 for dnsopt in $cfg_wwwcertaltnames; do
1009 wwwcertdns="${wwwcertdns:+$wwwcertdns }--dns $dnsopt"
1010 done
1011 fi
1012 wwwcertdnsfile=
1013 if [ -r "$cfg_certsdir/girocco_www_crt.dns" ]; then
1014 wwwcertdnsfile="$(cat "$cfg_certsdir/girocco_www_crt.dns")"
1015 fi
1016 needroot=
1017 [ -e "$cfg_certsdir/girocco_client_crt.pem" ] &&
1018 [ -e "$cfg_certsdir/girocco_client_key.pem" ] &&
1019 [ -e "$cfg_certsdir/girocco_www_key.pem" ] &&
1020 [ -e "$cfg_certsdir/girocco_www_crt.pem" ] && [ "$wwwcertcn" = "/CN=$cfg_httpsdnsname" ] &&
1021 [ -e "$cfg_certsdir/girocco_root_crt.pem" ] || needroot=1
1022 if [ -n "$needroot" ] && ! [ -e "$cfg_certsdir/girocco_root_key.pem" ]; then
1023 rm -f "$cfg_certsdir/girocco_root_crt.pem" "$cfg_certsdir/girocco_root_key.pem"
1024 umask 0077
1025 "$openssl" genrsa -f4 -out "$cfg_certsdir/girocco_root_key.pem" $bits
1026 chmod 0600 "$cfg_certsdir/girocco_root_key.pem"
1027 rm -f "$cfg_certsdir/girocco_root_crt.pem"
1028 umask 0022
1029 echo "Created new root key"
1030 fi
1031 if ! [ -e "$cfg_certsdir/girocco_root_crt.pem" ]; then
1032 createcert --root --key "$cfg_certsdir/girocco_root_key.pem" \
1033 --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate"
1034 rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem"
1035 rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem"
1036 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
1037 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
1038 echo "Created new root certificate"
1039 fi
1040 if ! [ -e "$cfg_certsdir/girocco_www_key.pem" ]; then
1041 umask 0077
1042 "$openssl" genrsa -f4 -out "$cfg_certsdir/girocco_www_key.pem" $bits
1043 chmod 0600 "$cfg_certsdir/girocco_www_key.pem"
1044 rm -f "$cfg_certsdir/girocco_www_crt.pem"
1045 umask 0022
1046 echo "Created new www key"
1047 fi
1048 if ! [ -e "$cfg_certsdir/girocco_www_crt.pem" ] ||
1049 [ "$wwwcertcn" != "/CN=$cfg_httpsdnsname" ] || [ "$wwwcertdns" != "$wwwcertdnsfile" ]; then
1050 "$openssl" rsa -in "$cfg_certsdir/girocco_www_key.pem" -pubout |
1051 createcert --server --key "$cfg_certsdir/girocco_root_key.pem" \
1052 --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \
1053 --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname"
1054 printf '%s\n' "$wwwcertdns" >"$cfg_certsdir/girocco_www_crt.dns"
1055 echo "Created www certificate"
1056 fi
1057 if ! [ -e "$cfg_certsdir/girocco_www_chain.pem" ]; then
1058 cat "$cfg_certsdir/girocco_root_crt.pem" >"$cfg_certsdir/girocco_www_chain.pem"
1059 echo "Created www certificate chain file"
1060 fi
1061 if ! [ -e "$cfg_certsdir/girocco_client_key.pem" ]; then
1062 umask 0037
1063 "$openssl" genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits
1064 chmod 0640 "$cfg_certsdir/girocco_client_key.pem"
1065 rm -f "$cfg_certsdir/girocco_client_crt.pem"
1066 umask 0022
1067 echo "Created new client key"
1068 fi
1069 if ! [ -e "$cfg_certsdir/girocco_client_crt.pem" ]; then
1070 "$openssl" rsa -in "$cfg_certsdir/girocco_client_key.pem" -pubout |
1071 createcert --subca --key "$cfg_certsdir/girocco_root_key.pem" \
1072 --cert "$cfg_certsdir/girocco_root_crt.pem" \
1073 --out "$cfg_certsdir/girocco_client_crt.pem" "girocco $cfg_nickname client authority"
1074 rm -f "$cfg_certsdir/girocco_client_suffix.pem"
1075 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
1076 rm -f "$cfg_chroot/etc/sshcerts"/*.pem
1077 echo "Created client certificate"
1078 fi
1079 if ! [ -e "$cfg_certsdir/girocco_client_suffix.pem" ]; then
1080 cat "$cfg_certsdir/girocco_client_crt.pem" >"$cfg_certsdir/girocco_client_suffix.pem"
1081 echo "Created client certificate suffix file"
1082 fi
1083 if [ -z "$cfg_pretrustedroot" ]; then
1084 cat "$cfg_rootcert" >"$webroot/${cfg_nickname}_root_cert.pem"
1085 else
1086 rm -f "$webroot/${cfg_nickname}_root_cert.pem"
1087 fi
1088 if [ -n "$cfg_mob" ]; then
1089 if ! [ -e "$cfg_certsdir/girocco_mob_user_key.pem" ]; then
1090 "$openssl" genrsa -f4 -out "$cfg_certsdir/girocco_mob_user_key.pem" $bits
1091 chmod 0644 "$cfg_certsdir/girocco_mob_user_key.pem"
1092 rm -f "$cfg_certsdir/girocco_mob_user_crt.pem"
1093 echo "Created new mob user key"
1094 fi
1095 if ! [ -e "$cfg_certsdir/girocco_mob_user_crt.pem" ]; then
1096 "$openssl" rsa -in "$cfg_mobuserkey" -pubout |
1097 createcert --client --key "$cfg_clientkey" \
1098 --cert "$cfg_clientcert" \
1099 --out "$cfg_certsdir/girocco_mob_user_crt.pem" 'mob'
1100 echo "Created mob user client certificate"
1101 fi
1102 cat "$cfg_mobuserkey" >"$webroot/${cfg_nickname}_mob_key.pem"
1103 cat "$cfg_mobusercert" "$cfg_clientcertsuffix" >"$webroot/${cfg_nickname}_mob_user.pem"
1104 else
1105 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
1106 fi
1107 else
1108 rm -f "$webroot/${cfg_nickname}_root_cert.pem"
1109 rm -f "$webroot/${cfg_nickname}_mob_key.pem" "$webroot/${cfg_nickname}_mob_user.pem"
1110 fi
1111
1112
1113 echo "*** Processing website html templates..."
1114 rm -f "$cgiroot/html.cgi"
1115 rm -rf "$cgiroot/html"
1116 mkdir -p "$cgiroot/html"
1117 for tf in "$basedir/html"/*.html; do
1118 tfb="${tf##*/}"
1119 "$perlbin" -I"$basedir" cgi/html.cgi "$webroot" "$tfb" "$basedir" >"$cgiroot/html/$tfb"
1120 rm -f "$tf"
1121 done
1122
1123 echo "*** Formatting markdown documentation..."
1124 mkdir -p "$cgiroot/html/gfm"
1125 for d in basics.md syntax.md; do
1126 {
1127 cat <<-HEADER
1128 <!DOCTYPE html>
1129 <html xmlns="http://www.w3.org/1999/xhtml">
1130 <head>
1131 <meta charset="utf-8" />
1132 <meta http-equiv="content-type" content="text/html; charset=utf-8" />
1133 <title>$d</title>
1134 </head>
1135 <body><pre>
1136 HEADER
1137 <"markdown.git/$d" LC_ALL=C sed -e '/\[[Ll]icense\]/d' \
1138 -e 's, \([a-z][a-z]*\)\.md, \1.md.html,' \
1139 -e 's/ by adding `.md` to the URL//' \
1140 -e 's/&/\&amp;/g' -e 's/</\&lt;/g' <"markdown.git/$d"
1141 cat <<-FOOTER
1142 </pre></body>
1143 </html>
1144 FOOTER
1145 } >"$cgiroot/html/gfm/$d.html"
1146 {
1147 title="Markdown: $(echo "${d%.md}" | "$perlbin" -pe '$_=ucfirst')"
1148 gwfpath="$cfg_gitwebfiles"
1149 case "$gwfpath" in *"//"*)
1150 case "$gwfpath" in *"/");;*) gwfpath="$gwfpath/"; esac
1151 gwfpath="${gwfpath#*//}"; gwfpath="${gwfpath#*/}"
1152 esac
1153 case "$gwfpath" in "/"*);;*) gwfpath="/$gwfpath"; esac
1154 gwfpath="${gwfpath%/}"
1155 cat <<-HEADER
1156 <!DOCTYPE html>
1157 <html xmlns="http://www.w3.org/1999/xhtml">
1158 <head>
1159 <meta charset="utf-8" />
1160 <meta http-equiv="content-type" content="text/html; charset=utf-8" />
1161 <title>$title</title>
1162 <link rel="stylesheet" type="text/css" href="$gwfpath/gitweb.css" />
1163 <link rel="stylesheet" type="text/css" href="$gwfpath/girocco.css" />
1164 <link rel="shortcut icon" href="$gwfpath/git-favicon.png" type="image/png" />
1165 </head>
1166 <body style="text-align:center">
1167 <div class="readme" style="overflow:inherit;display:inline-block;text-align:left;max-width:42pc">
1168 HEADER
1169 <"markdown.git/$d" LC_ALL=C sed -e '/\[[Ll]icense\]/d' \
1170 -e 's, \([a-z][a-z]*\)\.md, \1.md.html,' \
1171 -e 's/ by adding `.md` to the URL//' |
1172 "$perlbin" "markdown.git/Markdown.pl"
1173 cat <<-FOOTER
1174 </div>
1175 </body>
1176 </html>
1177 FOOTER
1178 } >"$cgiroot/html/gfm/${d%.md}.html"
1179 done
1180
1181
1182 echo "*** Finalizing permissions and moving into place..."
1183 chown -R -h "$cfg_mirror_user""$owngroup" "$basedir" "$webroot" "$cgiroot"
1184 [ -z "$cfg_httpspushurl" ] || chown -R -h "$cfg_mirror_user""$owngroup" "$cfg_certsdir"
1185
1186 # This should always be the very last thing install.sh does
1187 rm -rf "$rbasedir-old" "$rwebroot-old" "$rcgiroot-old"
1188 quick_move "$basedir" "$rbasedir" "$rbasedir-old"
1189 [ -n "$webrootsub" ] || quick_move "$webroot" "$rwebroot" "$rwebroot-old"
1190 [ -n "$cgirootsub" ] || quick_move "$cgiroot" "$rcgiroot" "$rcgiroot-old"
1191 rm -rf "$rbasedir-old" "$rwebroot-old" "$rcgiroot-old"
1192 echo "--- Update hooks and config with $cfg_basedir/toolbox/update-all-projects.sh"
1193 ! [ -S "$cfg_chroot/etc/taskd.socket" ] || {
1194 echo "*** Requesting graceful restart of running taskd (and, if running, jobd)..."
1195 touch "$cfg_chroot/etc/taskd.restart"
1196 chown_make "$cfg_chroot/etc/taskd.restart"
1197 trap ':' PIPE
1198 echo "nop" | nc_openbsd -w 5 -U "$cfg_chroot/etc/taskd.socket" || :
1199 trap - PIPE
1200 }
The repo.or.cz duct tape "Girocco"