#!/usr/bin/perl use strict; use warnings; my( $errorto ) = 'jrayhawk+piny.be@omgwallhack.org'; # Email address to send horrible errors to. my( $reponame, $email, @errors, $wikilisttempfile, $cgitrctempfile, $description ); if ( ( ! scalar $ARGV[0] ) or ( scalar $ARGV[1] ) or ( $ARGV[0] !~ /^[a-z0-9][a-z0-9+.-]+$/ ) ) { print( "Usage: newrepo REPONAME\n" ); print( " REPONAME must consist only of lower case letters (a-z), digits (0-9), plus (+) and minus (-) signs, and periods (.).\n" ); print( " REPONAME must be at least two characters long and must start with an alphanumeric character.\n" ); exit( 1 ); } else { $reponame = $ARGV[0]; }; # We want to check to see if # 1) $reponame already exists in some form so we don't try to create it, and # 2) $reponame is only partially created, in which case we want to email someone who can sanity check and fix it. open (PASSWD, '/etc/passwd'); while() { if( $_ =~ /^$ENV{SUDO_USER}:.+?:.+?:.+?:(.+?):/ ) { $email = $1; }; # While we're here, may as well grab the email address. if( $_ =~ /^ikiwiki-$reponame:/ ) { push( @errors, "user ikiwiki-$reponame already exists!\n"); }; }; close(PASSWD); open (GROUP, '/etc/group'); while() { if( $_ =~ /^git-$reponame:/ ) { push( @errors, "group git-$reponame already exists!\n"); }; }; close(GROUP); if( -d "/srv/git/$reponame.git" ) { push( @errors, "/srv/git/$reponame.git already exists!\n"); }; if( -d "/srv/ikiwiki/$reponame" ) { push( @errors, "/srv/ikiwiki/$reponame already exists!\n"); }; if( -d "/srv/www/piny.be/$reponame" ) { push( @errors, "/srv/www/piny.svcs.cs.pdx.edu/$reponame already exists!\n"); }; if( -d "/srv/www/secure.piny.be/repos/$reponame" ) { push( @errors, "/srv/www/cgi.piny.be/repos/$reponame already exists!\n"); }; if( -f "/etc/ikiwiki/piny/$reponame.setup" ) { push( @errors, "/etc/ikiwiki/piny/$reponame.setup already exists!\n"); }; if( -f "/etc/ikiwiki/wikilist.d/$reponame" ) { push( @errors, "/etc/ikiwiki/wikilist.d/$reponame already exists!\n"); }; if( -f "/etc/apache2/piny-available/$reponame" ) { push( @errors, "/etc/apache2/piny-available/$reponame already exists!\n"); }; if( -f "/etc/cgitrc.d/$reponame" ) { push( @errors, "/etc/cgitrc.d/$reponame already exists!\n"); }; if( @errors ) { if( @errors == 10 ) { # Everything's fine, nothing is broken print( "$reponame already exists!\n" ); } else { # IT'S ARMAGEDDON open ( MAIL, "|/usr/lib/sendmail -t" ); print( MAIL "To: $errorto\n" ); print( MAIL "From: newrepo\@piny.be\n" ); print( MAIL "Subject: Piny error: $ENV{SUDO_USER} found inconsistent $reponame in the creation process!\n" ); print( MAIL "MIME-Version: 1.0\n" ); print( MAIL "Content-Type: text/plain; charset=us-ascii\n" ); print( MAIL "\n" ); print( MAIL "@errors\n" ); close( MAIL ); print( "$reponame already exists but is in an inconsistent state! The Piny admins probably screwed up; they have been notified and will take a look at it.\n" ); }; exit( 2 ); }; while( 1 ) { print( "Provide a one-line description to be used in repo listings, the shorter the better:\n" ); chomp( $description = ); if( $description !~ /^[\x{0020}-\x{FDCF}\x{FDF0}-\x{FFFD}]{1,80}$/ ) { # everything but control characters and unicode-defined non-characters print( "Must be 1-80 characters long; control characters (including tab) not allowed.\n" ); next; }; print( "Okay! Working, please wait...\n" ); last; }; # CREATE USER/GROUPS unless( system( "mkdir /srv/git/$reponame.git" ) == 0 ) { # We need a locking or atomic operation as our first to check against simultaneous execution. print( "Somebody else has created the same repo as you in the course of executing this program!\n" ); exit( 3 ); }; system( "/usr/sbin/addgroup --quiet git-$reponame" ); system( "/usr/sbin/adduser --quiet --system --group --gecos $reponame ikiwiki-$reponame" ); system( "/usr/sbin/adduser --quiet ikiwiki-$reponame git-$reponame | grep -v 'Adding user'" ); system( "/usr/sbin/adduser --quiet $ENV{SUDO_USER} git-$reponame | grep -v 'Adding user '" ); # CREATE REPO system( "GIT_DIR=/srv/git/$reponame.git /usr/bin/git init --template=/srv/git-template.git --quiet --shared" ); open ( DESC, ">/srv/git/$reponame.git/description" ); print( DESC "$description" ); close( DESC ); # ln -f post-receive /srv/git/$reponame.git/hooks/ # turn on e-mail commit notices system( "/bin/chown -R $ENV{SUDO_USER}.git-$reponame /srv/git/$reponame.git/" ); system( "/bin/chown -R ikiwiki-$reponame.ikiwiki-$reponame /srv/git/$reponame.git/hooks/" ); system( "/bin/touch /srv/git/$reponame.git/git-daemon-export-ok" ); # WRITE IKIWIKI SETUP FILE open ( SETUP, ">/etc/ikiwiki/piny/$reponame.setup" ); print( SETUP '#!/usr/bin/perl # Configuration file for ikiwiki. # Passing this to ikiwiki --setup will make ikiwiki generate wrappers and # build the wiki. # # Remember to re-run ikiwiki --setup any time you edit this file. use IkiWiki::Setup::Standard { wikiname => \'' . $reponame . '\', # PINY adminemail => \'' . $email . '\', # PINY srcdir => \'/srv/ikiwiki/' . $reponame . '\', # PINY destdir => \'/srv/www/piny.be/' . $reponame . '\', # PINY url => \'http://piny.be/' . $reponame . '\', # PINY cgiurl => \'https://secure.piny.be/repos/' . $reponame . '/ikiwiki.cgi\', # PINY historyurl => \'https://secure.piny.be/cgit/' . $reponame . '/log/[[file]]\', # PINY diffurl => \'https://secure.piny.be/cgit/' . $reponame . '/diff/?id=[[sha1_commit]]\', # PINY templatedir => "/srv/templates", underlaydir => "/etc/ikiwiki/share/underlay", rcs => "git", gitorigin_branch => "origin", gitmaster_branch => "master", wrappers => [ { cgi => 1, wrapper => \'/srv/www/secure.piny.be/repos/' . $reponame . '/ikiwiki.cgi\', # PINY wrappermode => "06755", wrappergroup => \'git-' . $reponame . '\', # PINY }, { wrapper => \'/srv/git/' . $reponame . '.git/hooks/post-update\', # PINY wrappermode => "06755", wrappergroup => \'git-' . $reponame . '\', # PINY notify => 0, }, ], # Generate rss feeds for blogs? rss => 1, # Generate atom feeds for blogs? atom => 0, # Include discussion links on all pages? discussion => 0, # To exclude files matching a regexp from processing. This adds to # the default exclude list. #exclude => qr/*\.wav/, # To change the extension used for generated html files. #htmlext => "htm", # Time format (for strftime) #timeformat => "%c", # Locale to use. Must be a UTF-8 locale. #locale => "en_US.UTF-8", # Only send cookies over SSL connections. sslcookie => 1, # Logging settings: verbose => 0, syslog => 1, # To link to user pages in a subdirectory of the wiki. #userdir => "users", # To create output files named page.html rather than page/index.html. usedirs => 1, # Simple spam prevention: require an account-creation password. #account_creation_password => "example", # Use new "!"-prefixed preprocessor directive syntax prefix_directives => 1, httpauth => 1, # To add plugins, list them here. add_plugins => [qw{sidebar toc meta table tag httpauth img attachment rename remove autoindex map teximg version edittemplate}], disable_plugins => [qw{openid passwordauth}], teximg_prefix => \'\\documentclass{scrartcl} \\usepackage[version=3]{mhchem} \\usepackage{amsmath} \\usepackage{amsfonts} \\usepackage{amssymb} \\pagestyle{empty} \\newcommand{\unit}[1]{\\ensuremath{\\, \\mathrm{#1}}} \\begin{document}\', teximg_dvipng => 1, # For use with the tag plugin, make all tags be located under a # base page. tagbase => "tag", # For use with the search plugin if your estseek.cgi is located # somewhere else. #estseek => "/usr/lib/estraier/estseek.cgi", }'); close( SETUP ); open ( WIKILIST, '>>/etc/ikiwiki/wikilist' ); print( WIKILIST "ikiwiki-$reponame /etc/ikiwiki/piny/$reponame.setup\n" ); close( WIKILIST ); # WRITE APACHE CONFIG open ( APACHE, ">/etc/apache2/piny-available/$reponame" ); print( APACHE ' AuthPAM_Enabled on AuthGROUP_Enabled on AuthPAM_FallThrough off AuthBasicAuthoritative off AuthType Basic AuthName "User access to ' . $reponame . ' repository needed." Require group git-' . $reponame . ' ' ); close( APACHE ); link( "/etc/apache2/piny-available/$reponame", "/etc/apache2/piny-enabled/$reponame"); system( '/etc/init.d/apache2 reload | grep -v "Reloading web server config: apache2."' ); # CREATE IKIWIKI WORKING DIR system( "/usr/bin/git clone --quiet /srv/git/$reponame /srv/ikiwiki/$reponame" ); mkdir( "/srv/www/piny.be/$reponame" ); mkdir( "/srv/www/secure.piny.be/repos/$reponame" ); system( "/bin/chown -R ikiwiki-$reponame /srv/ikiwiki/$reponame /srv/www/piny.be/$reponame /srv/www/secure.piny.be/repos/$reponame" ); open ( WIKILIST, ">/etc/ikiwiki/wikilist.d/$reponame" ); # Maybe someday ikiwiki will support wikilist.d. print( WIKILIST "ikiwiki-$reponame /etc/ikiwiki/piny/$reponame.setup\n" ); # In the meantime, we fake it. close( WIKILIST ); $wikilisttempfile = `/bin/mktemp`; chomp( $wikilisttempfile ); chmod ( 0644, $wikilisttempfile ); system( "/bin/cat /etc/ikiwiki/wikilist.d/* > $wikilisttempfile" ); system( "/bin/mv $wikilisttempfile /etc/ikiwiki/wikilist" ); # This is marginally racy, but the consequences are probably ignorable. open ( CGITRC, ">/etc/cgitrc.d/$reponame" ); # Maybe someday cgit will support cgitrc.d. print( CGITRC # In the meantime, we fake it. "repo.url=$reponame repo.path=/srv/git/$reponame.git repo.desc=$description repo.owner=$email " ); # cgit already escapes HTML, so we don't need to do it on $description close( CGITRC ); $cgitrctempfile = `/bin/mktemp`; chomp( $cgitrctempfile ); chmod ( 0644, $cgitrctempfile ); system( "/bin/cat /etc/cgitrc.d/* > $cgitrctempfile" ); system( "/bin/mv $cgitrctempfile /etc/cgitrepos" ); # This is marginally racy, but the consequences are minor. # COMPILE system( "/usr/bin/sudo -u ikiwiki-$reponame /usr/bin/ikiwiki --setup /etc/ikiwiki/piny/$reponame.setup | grep -v 'successfully generated'" ); print( "Web interface: http://piny.be/$reponame/\n" ); print( "Repo information: https://secure.piny.be/cgit/$reponame/\n" );