#!/bin/sh
#----------------------------------------------------------------------------
# /etc/apache2/mods-plugins/subversion - management for subversion http modules
#
# Creation: 2005-05-21 dv
# Last Update: 2021-02-13 08:39:34
#
# Copyright (c) 2021 the eisfair team, team(at)eisfair(dot)org
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#----------------------------------------------------------------------------
# includes
. /var/install/include/eislib
. /etc/config.d/subversion
# initialize
install_modules="yes"
apache_state="not_installed"
apache_needed="2.4.x"
webdav_enabled="no"
apache_bin=""
apache_modules=""
# ---------------------------------------------------------------------------
# echo honoring quietmode option
# ---------------------------------------------------------------------------
local_echo()
{
if ! ${quietmode:-false}
then
mecho "${@}"
fi
}
quietmode=false
while [ ${#} -gt 0 ]
do
case ${1} in
--quiet)
quietmode=true
shift
;;
--force-uninstall)
# force removal of subversion modules
install_modules="no"
shift
;;
esac
done
if [ "${install_modules}" != "no" ]
then
# check for compatibility of installed apache version
installed=$(eisman check apache2)
if [ "${installed}" = "installed" ]
then
if [ -f "/usr/sbin/apache2" ]
then
apache_bin="/usr/sbin/apache2"
apache_modules="/usr/lib/apache2/modules"
elif [ -f "/usr/local/apache2/bin/httpd" ]
then
apache_bin="/usr/local/apache2/bin/httpd"
apache_modules="/usr/local/apache2/modules"
fi
if [ -n "${apache_bin}" ]
then
apache_installed=$(${apache_bin} -v | \
sed '2,$d; s/^.*Apache\///; s/ .*$//')
case ${apache_installed} in
${apache_needed%.*}*)
apache_state="ok"
;;
*)
apache_state="invalid"
;;
esac
else
apache_state="invalid"
fi
fi
# check if svn webdav modules are needed by subversion configuration
if [ "${START_SUBVERSION}" = "yes" ] &&
[ "${SVN_ENABLE_WEBDAV}" = "yes" ]
then
idx='1'
while [ "${idx}" -le "${SVN_REPOS_N}" ]
do
eval repo_active='${SVN_REPOS_'${idx}'_ACTIVE}'
eval repo_webdav='${SVN_REPOS_'${idx}'_WEBDAV}'
if [ "${repo_webdav}" = "yes" -a "${repo_active}" = "yes" ]
then
# remember that webdav is required
webdav_enabled="yes"
fi
idx=$((${idx} + 1))
done
fi
# warn user if version of apache is incorrect
if [ "${webdav_enabled}" = "yes" ] &&
[ "${apache_state}" = "invalid" ]
then
mecho --warn " Subversion WebDAV access will not work on this machine!"
mecho " REASON: The installed version of apache2 is not compatible"
mecho " with this version of subversion."
mecho -n " The required internal version of apache is: "
mecho --warn "${apache_needed}"
install_modules="no"
fi
# if webdav is enabled and no apache is installed, we output a message
# that gives the user advice to install the web server
if [ "${webdav_enabled}" = "yes" ] &&
[ "${apache_state}" = "not_installed" ]
then
mecho --warn " Enabling WebDAV access is impossible!"
mecho " Please install apache2 webserver to use this feature."
install_modules="false"
fi
# if no webdav needed we don't install any modules
if [ "${webdav_enabled}" = "no" ]
then
install_modules="false"
fi
fi
# make sure apache module path exists
if [ ! -d /etc/apache2/mods-available ]
then
mkdir -p /etc/apache2/mods-available
fi
if [ ! -d /etc/apache2/mods-enabled ]
then
mkdir -p /etc/apache2/mods-enabled
fi
# remove legacy file if exists
if [ -f /var/install/config.d/httpd.conf.subversion.sh ]
then
rm -f /var/install/config.d/httpd.conf.subversion.sh
/var/install/config.d/apache2.sh
fi
# install modules if needed
if [ "${install_modules}" = "yes" ]
then
local_echo " * Enabling subversion WebDAV access ..."
{
echo ""
echo " LoadModule dav_module ${apache_modules}/mod_dav.so"
echo ""
if [ "${SVN_WEBDAV_AUTH_METHOD}" = "digest" ]
then
echo ""
echo " LoadModule auth_digest_module ${apache_modules}/mod_auth_digest.so"
echo ""
fi
echo "LoadModule dav_svn_module /usr/lib/subversion/mod_dav_svn.so"
} > /etc/apache2/mods-available/dav_svn.load
{
echo "# Depends: dav_svn"
echo "LoadModule authz_svn_module /usr/lib/subversion/mod_authz_svn.so"
} > /etc/apache2/mods-available/xauthz_svn.load
{
idx='1'
while [ "${idx}" -le "${SVN_REPOS_N}" ]
do
eval repo_active='${SVN_REPOS_'${idx}'_ACTIVE}'
eval repo_dir='${SVN_REPOS_'${idx}'_DIR}'
eval repo_webdav='${SVN_REPOS_'${idx}'_WEBDAV}'
eval repo_webname='${SVN_REPOS_'${idx}'_NAME}'
eval repo_anon_access='${SVN_REPOS_'${idx}'_ANON_ACCESS}'
eval repo_auth_access='${SVN_REPOS_'${idx}'_AUTH_ACCESS}'
eval repo_dir_perm='${SVN_REPOS_'${idx}'_DIR_PERMISSIONS}'
if [ "${repo_webdav}" = "yes" ] &&
[ "${repo_active}" = "yes" ]
then
iidx='1'
while [ "${iidx}" -lt "${idx}" ]
do
eval check_repo_webdav='${SVN_REPOS_'${iidx}'_WEBDAV}'
eval check_repo_webname='${SVN_REPOS_'${iidx}'_NAME}'
if [ "${check_repo_webdav}" = "yes" ] &&
[ "${check_repo_webname}" = "${repo_webname}" ]
then
mecho --warn "Value for SVN_REPOS_${idx}_NAME already in use. Defaulting to \"repo${idx}\"!"
repo_webname="repo${idx}"
break
fi
iidx=$((${iidx} + 1))
done
echo ""
echo " DAV svn"
echo " SVNPath ${repo_dir}"
if [ "${repo_anon_access}" = "none" ]
then
if [ "${SVN_WEBDAV_AUTH_METHOD}" = "digest" ]
then
echo " AuthType Digest"
echo " AuthName \"${repo_webname}\""
echo " AuthDigestDomain \"/svn/${repo_webname}/\""
else
echo " AuthType Basic"
echo " AuthName \"Subversion repository ${repo_webname}\""
fi
echo " AuthUserFile /var/lib/subversion/htpasswd${idx}"
if [ "${repo_dir_perm}" = "yes" ]
then
echo " AuthzSVNAccessFile /var/lib/subversion/permissions${idx}"
fi
case "${repo_auth_access}" in
"read")
echo " "
echo " Require all denied"
echo " "
echo " "
echo " Require valid-user"
echo " "
;;
"write")
echo " Require valid-user"
;;
*)
echo " Require all denied"
;;
esac
fi
if [ "${repo_anon_access}" = "read" ]
then
if [ "${SVN_WEBDAV_AUTH_METHOD}" = "digest" ]
then
echo " AuthType Digest"
echo " AuthName \"${repo_webname}\""
echo " AuthDigestDomain \"/svn/${repo_webname}/\""
else
echo " AuthType Basic"
echo " AuthName \"Subversion repository ${repo_webname}\""
fi
echo " AuthUserFile /var/lib/subversion/htpasswd${idx}"
if [ "${repo_dir_perm}" = "yes" ]
then
echo " AuthzSVNAccessFile /var/lib/subversion/permissions${idx}"
fi
case "${repo_auth_access}" in
"read")
echo " "
echo " Require all denied"
echo " "
echo " "
echo " Require all granted"
echo " "
;;
"write")
echo " "
echo " Require valid-user"
echo " "
echo " "
echo " Require all granted"
echo " "
;;
esac
fi
if [ "${repo_anon_access}" = "write" ]
then
echo " Require all granted"
fi
echo ""
fi
idx=$((${idx} + 1))
done
} > /etc/apache2/mods-available/dav_svn.conf
# create symbolic links
if [ ! -f /etc/apache2/mods-enabled/dav_svn.load ]
then
ln -s /etc/apache2/mods-available/dav_svn.load /etc/apache2/mods-enabled/dav_svn.load
fi
if [ ! -f /etc/apache2/mods-enabled/xauthz_svn.load ]
then
ln -s /etc/apache2/mods-available/xauthz_svn.load /etc/apache2/mods-enabled/xauthz_svn.load
fi
if [ ! -f /etc/apache2/mods-enabled/dav_svn.conf ]
then
ln -s /etc/apache2/mods-available/dav_svn.conf /etc/apache2/mods-enabled/dav_svn.conf
fi
local_echo --ok
else
local_echo " * Disabling subversion WebDAV access ..."
rm -f /etc/apache2/mods-enabled/dav_svn.load
rm -f /etc/apache2/mods-enabled/xauthz_svn.load
rm -f /etc/apache2/mods-enabled/dav_svn.conf
rm -f /etc/apache2/mods-available/dav_svn.load
rm -f /etc/apache2/mods-available/xauthz_svn.load
rm -f /etc/apache2/mods-available/dav_svn.conf
local_echo --ok
fi