diff options
Diffstat (limited to 'www/gitlab/files')
| -rw-r--r-- | www/gitlab/files/extra-patch-Gemfile-kerberos-off | 11 | ||||
| -rw-r--r-- | www/gitlab/files/gitlab.in | 570 | ||||
| -rw-r--r-- | www/gitlab/files/patch-Gemfile | 254 | ||||
| -rw-r--r-- | www/gitlab/files/patch-bin_background__jobs | 11 | ||||
| -rw-r--r-- | www/gitlab/files/patch-config_database.yml.postgresql | 64 | ||||
| -rw-r--r-- | www/gitlab/files/patch-config_gitlab.yml.example | 130 | ||||
| -rw-r--r-- | www/gitlab/files/patch-config_initializers_1__settings.rb | 15 | ||||
| -rw-r--r-- | www/gitlab/files/patch-config_initializers_sprockets__patch.rb | 11 | ||||
| -rw-r--r-- | www/gitlab/files/patch-config_puma.rb.example | 49 | ||||
| -rw-r--r-- | www/gitlab/files/patch-lib_support_nginx_gitlab | 20 | ||||
| -rw-r--r-- | www/gitlab/files/patch-lib_support_nginx_gitlab-ssl | 20 | ||||
| -rw-r--r-- | www/gitlab/files/patch-lib_tasks_gitlab_setup.rake | 12 | ||||
| -rw-r--r-- | www/gitlab/files/patch-vendor_gems_bundler-checksum_bundler-checksum.gemspec | 11 |
13 files changed, 1178 insertions, 0 deletions
diff --git a/www/gitlab/files/extra-patch-Gemfile-kerberos-off b/www/gitlab/files/extra-patch-Gemfile-kerberos-off new file mode 100644 index 000000000000..b6cbffee72e0 --- /dev/null +++ b/www/gitlab/files/extra-patch-Gemfile-kerberos-off @@ -0,0 +1,11 @@ +--- Gemfile.orig ++++ Gemfile +@@ -96,7 +96,7 @@ + + # Kerberos authentication. EE-only + gem 'gssapi', '~> 1.3.1', group: :kerberos # rubocop:todo Gemfile/MissingFeatureCategory +-gem 'timfel-krb5-auth', '~> 0.8', group: :kerberos # rubocop:todo Gemfile/MissingFeatureCategory ++#gem 'timfel-krb5-auth', '~> 0.8', group: :kerberos # rubocop:todo Gemfile/MissingFeatureCategory + + # Spam and anti-bot protection + gem 'recaptcha', '~> 5.12', require: 'recaptcha/rails' # rubocop:todo Gemfile/MissingFeatureCategory diff --git a/www/gitlab/files/gitlab.in b/www/gitlab/files/gitlab.in new file mode 100644 index 000000000000..1783a33acda9 --- /dev/null +++ b/www/gitlab/files/gitlab.in @@ -0,0 +1,570 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: gitlab +# Required-Start: $local_fs $remote_fs $network $syslog redis-server +# Required-Stop: $local_fs $remote_fs $network $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: GitLab git repository management +# Description: GitLab git repository management +# chkconfig: - 85 14 +### END INIT INFO + +# Maintainer: Matthias Fechner <mfechner@FreeBSD.org> +# Based on work of: @charlienewey, rovanion.luckey@gmail.com, @randx, @tz + +# PROVIDE: gitlab +# REQUIRE: LOGIN redis +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable GitLab: +# +# gitlab_enable="YES" + +PATH="/sbin:/bin:/usr/sbin:/usr/bin:%%LOCALBASE%%/sbin:%%LOCALBASE%%/bin" + +. /etc/rc.subr + +name=gitlab +rcvar=gitlab_enable +extra_commands=status + +status_cmd="print_status" +start_cmd="start_gitlab" +stop_cmd="stop_gitlab" +restart_cmd="restart_gitlab" +service_args="$@" +restart_precmd=${name}_init +start_precmd=${name}_init +stop_precmd=${name}_init + +: ${gitlab_enable:="NO"} +: ${gitlab_authBackend:="http://127.0.0.1:8080"} +: ${gitlab_workhorse_tcp:="NO"} +: ${gitlab_workhorse_addr:="127.0.0.1:8181"} +: ${gitlab_mail_room_enable:="NO"} +: ${gitlab_allow_conflicts:="NO"} +: ${gitlab_wait:="120"} + +load_rc_config $name + +### Environment variables +RAILS_ENV=${RAILS_ENV:-'production'} +SIDEKIQ_WORKERS=${SIDEKIQ_WORKERS:-1} +USE_WEB_SERVER=${USE_WEB_SERVER:-'puma'} + +case "${USE_WEB_SERVER}" in + puma|unicorn) + use_web_server="$USE_WEB_SERVER" + ;; + *) + echo "Unsupported web server '${USE_WEB_SERVER}' (Allowed: 'puma', 'unicorn')" 1>&2 + exit 1 + ;; +esac + + +# Script variable names should be lower-case not to conflict with +# internal /bin/sh variables such as PATH, EDITOR or SHELL. +app_user="git" +app_root="%%PREFIX%%/www/gitlab-ce" +pid_path="$app_root/tmp/pids" +socket_path="$app_root/tmp/sockets" +rails_socket="$socket_path/gitlab.socket" +web_server_pid_path="$pid_path/$use_web_server.pid" +if checkyesno gitlab_mail_room_enable; then + mail_room_enabled=true +else + mail_room_enabled=false +fi +mail_room_pid_path="$pid_path/mail_room.pid" +gitlab_workhorse_dir=$(cd $app_root/../gitlab-workhorse 2> /dev/null && pwd) +gitlab_workhorse_pid_path="$pid_path/gitlab-workhorse.pid" +if checkyesno gitlab_workhorse_tcp; then + gitlab_workhorse_listen="-listenNetwork tcp -listenAddr $gitlab_workhorse_addr" +else + gitlab_workhorse_listen="-listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket" +fi +gitlab_workhorse_options="-listenUmask 0 $gitlab_workhorse_listen -authBackend $gitlab_authBackend -authSocket $rails_socket -documentRoot $app_root/public" +gitlab_workhorse_log="$app_root/log/gitlab-workhorse.log" +gitlab_pages_enabled=false +gitlab_pages_dir=$(cd $app_root/../gitlab-pages 2> /dev/null && pwd) +gitlab_pages_pid_path="$pid_path/gitlab-pages.pid" +gitlab_pages_options="-pages-domain example.com -pages-root $app_root/shared/pages -listen-proxy 127.0.0.1:8090" +gitlab_pages_log="$app_root/log/gitlab-pages.log" +shell_path="/bin/bash" +gitaly_enabled=true +gitaly_dir="%%PREFIX%%/share/gitaly" +gitaly_pid_path="$pid_path/gitaly.pid" +gitaly_log="$app_root/log/gitaly.log" +sidekiq_pid_path="$pid_path/sidekiq-cluster.pid" + +### Init Script functions +## Gets the pids from the files +check_pids(){ + if ! mkdir -p "$pid_path"; then + echo "Could not create the path $pid_path needed to store the pids." + exit 1 + fi + # If there exists a file which should hold the value of the web server pid: read it. + if [ -f "$web_server_pid_path" ]; then + wpid=$(cat "$web_server_pid_path") + else + wpid=0 + fi + if [ -f "$sidekiq_pid_path" ]; then + spid=$(cat "$sidekiq_pid_path") + else + spid=0 + fi + if [ -f "$gitlab_workhorse_pid_path" ]; then + hpid=$(cat "$gitlab_workhorse_pid_path") + else + hpid=0 + fi + if [ "$mail_room_enabled" = true ]; then + if [ -f "$mail_room_pid_path" ]; then + mpid=$(cat "$mail_room_pid_path") + else + mpid=0 + fi + fi + if [ "$gitlab_pages_enabled" = true ]; then + if [ -f "$gitlab_pages_pid_path" ]; then + gppid=$(cat "$gitlab_pages_pid_path") + else + gppid=0 + fi + fi + if [ "$gitaly_enabled" = true ]; then + if [ -f "$gitaly_pid_path" ]; then + gapid=$(cat "$gitaly_pid_path") + else + gapid=0 + fi + fi +} + + +gitlab_init(){ + # Read configuration variable file if it is present + test -f /etc/default/gitlab && . /etc/default/gitlab + + # Check if other colliding packages are installed + if `/usr/sbin/pkg -N info -e gogs` && [ $? -eq 0 ]; then + echo "WARNING: Gitlab cannot run together with gogs as both of them modify .ssh/authorized_keys" + if checkyesno gitlab_allow_conflicts; then + echo "but start as overwritten" + else + echo "you can overwrite this with: sysrc gitlab_allow_conflicts=YES" + exit 1 + fi + fi + if `/usr/sbin/pkg -N info -e "gitolite*"` && [ $? -eq 0 ]; then + echo "WARNING: Gitlab cannot run together with gitolite as both of them modify .ssh/authorized_keys" + if checkyesno gitlab_allow_conflicts; then + echo "but start as overwritten" + else + echo "you can overwrite this with: sysrc gitlab_allow_conflicts=YES" + exit 1 + fi + fi + if `/usr/sbin/pkg -N info -e "*gitosis*"` && [ $? -eq 0 ]; then + echo "WARNING: Gitlab cannot run together with py-gitosis as both of them modify .ssh/authorized_keys" + if checkyesno gitlab_allow_conflicts; then + echo "but start as overwritten" + else + echo "you can overwrite this with: sysrc gitlab_allow_conflicts=YES" + exit 1 + fi + fi + if `/usr/sbin/pkg -N info -e gitea` && [ $? -eq 0 ]; then + echo "WARNING: Gitlab cannot run together with gitea as both of them modify .ssh/authorized_keys" + if checkyesno gitlab_allow_conflicts; then + echo "but start as overwritten" + else + echo "you can overwrite this with: sysrc gitlab_allow_conflicts=YES" + exit 1 + fi + fi + + # Switch to the app_user if it is not he/she who is running the script. + if [ "$USER" != "$app_user" ]; then + # Regenerate the Gemfile.lock for all related products + # echo "Regenerate Gitlab Gemfile.lock" + rm -f "${app_root}"/Gemfile.lock + if ! su -l root -c "cd ${app_root} && %%LOCALBASE%%/bin/bundle install --local --quiet"; then + echo "Could not create Gemfile.lock for gitlab, please report this using FreeBSD Bugtracker, https://bugs.freebsd.org/" + exit 1 + fi + chown git "${app_root}"/Gemfile.lock + + eval su - "$app_user" -c $(echo \")%%LOCALBASE%%/etc/rc.d/gitlab "${service_args}"$(echo \"); exit; + fi + + # Switch to the gitlab path, exit on failure. + if ! cd "$app_root" ; then + echo "Failed to cd into $app_root, exiting!"; exit 1 + fi + + # We use the pids in so many parts of the script it makes sense to always check them. + # Only after start() is run should the pids change. Sidekiq sets its own pid. + check_pids +} + +## Called when we have started the two processes and are waiting for their pid files. +wait_for_pids(){ + # We are sleeping a bit here mostly because sidekiq is slow at writing its pid + i=0 + while [ ! -f $web_server_pid_path ] || [ ! -f $sidekiq_pid_path ] || [ ! -f $gitlab_workhorse_pid_path ] || { [ "$mail_room_enabled" = true ] && [ ! -f $mail_room_pid_path ]; } || { [ "$gitlab_pages_enabled" = true ] && [ ! -f $gitlab_pages_pid_path ]; } || { [ "$gitaly_enabled" = true ] && [ ! -f $gitaly_pid_path ]; }; do + echo -n "." + if [ $((i)) = "$gitlab_wait" ]; then + echo + echo "Waited ${i}s for the processes to write their pids, something probably went wrong." + exit 1; + fi + sleep 1 + i=$((i+1)) + done + echo + echo "Started in ${i}s." +} + +## Checks whether the different parts of the service are already running or not. +check_status(){ + check_pids + # If the web server is running kill -0 $wpid returns true, or rather 0. + # Checks of *_status should only check for == 0 or != 0, never anything else. + if [ $wpid -ne 0 ]; then + kill -0 "$wpid" 2>/dev/null + web_status="$?" + else + web_status="-1" + fi + if [ $spid -ne 0 ]; then + kill -0 "$spid" 2>/dev/null + sidekiq_status="$?" + else + sidekiq_status="-1" + fi + if [ $hpid -ne 0 ]; then + kill -0 "$hpid" 2>/dev/null + gitlab_workhorse_status="$?" + else + gitlab_workhorse_status="-1" + fi + if [ "$mail_room_enabled" = true ]; then + if [ $mpid -ne 0 ]; then + kill -0 "$mpid" 2>/dev/null + mail_room_status="$?" + else + mail_room_status="-1" + fi + fi + if [ "$gitlab_pages_enabled" = true ]; then + if [ $gppid -ne 0 ]; then + kill -0 "$gppid" 2>/dev/null + gitlab_pages_status="$?" + else + gitlab_pages_status="-1" + fi + fi + if [ "$gitaly_enabled" = true ]; then + if [ $gapid -ne 0 ]; then + kill -0 "$gapid" 2>/dev/null + gitaly_status="$?" + else + gitaly_status="-1" + fi + fi + if [ $web_status = 0 ] && [ $sidekiq_status = 0 ] && [ $gitlab_workhorse_status = 0 ] && { [ "$mail_room_enabled" != true ] || [ $mail_room_status = 0 ]; } && { [ "$gitlab_pages_enabled" != true ] || [ $gitlab_pages_status = 0 ]; } && { [ "$gitaly_enabled" != true ] || [ $gitaly_status = 0 ]; }; then + gitlab_status=0 + else + # http://refspecs.linuxbase.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html + # code 3 means 'program is not running' + gitlab_status=3 + fi +} + +## Check for stale pids and remove them if necessary. +check_stale_pids(){ + check_status + # If there is a pid it is something else than 0, the service is running if + # *_status is == 0. + if [ "$wpid" != "0" ] && [ "$web_status" != "0" ]; then + echo "Removing stale web server pid. This is most likely caused by the web server crashing the last time it ran." + if ! rm "$web_server_pid_path"; then + echo "Unable to remove stale pid, exiting." + exit 1 + fi + fi + if [ "$spid" != "0" ] && [ "$sidekiq_status" != "0" ]; then + echo "Removing stale Sidekiq job dispatcher pid. This is most likely caused by Sidekiq crashing the last time it ran." + if ! rm "$sidekiq_pid_path"; then + echo "Unable to remove stale pid, exiting" + exit 1 + fi + fi + if [ "$hpid" != "0" ] && [ "$gitlab_workhorse_status" != "0" ]; then + echo "Removing stale GitLab Workhorse pid. This is most likely caused by GitLab Workhorse crashing the last time it ran." + if ! rm "$gitlab_workhorse_pid_path"; then + echo "Unable to remove stale pid, exiting" + exit 1 + fi + fi + if [ "$mail_room_enabled" = true ] && [ "$mpid" != "0" ] && [ "$mail_room_status" != "0" ]; then + echo "Removing stale MailRoom job dispatcher pid. This is most likely caused by MailRoom crashing the last time it ran." + if ! rm "$mail_room_pid_path"; then + echo "Unable to remove stale pid, exiting" + exit 1 + fi + fi + if [ "$gitlab_pages_enabled" = true ] && [ "$gppid" != "0" ] && [ "$gitlab_pages_status" != "0" ]; then + echo "Removing stale GitLab Pages job dispatcher pid. This is most likely caused by GitLab Pages crashing the last time it ran." + if ! rm "$gitlab_pages_pid_path"; then + echo "Unable to remove stale pid, exiting" + exit 1 + fi + fi + if [ "$gitaly_enabled" = true ] && [ "$gapid" != "0" ] && [ "$gitaly_status" != "0" ]; then + echo "Removing stale Gitaly pid. This is most likely caused by Gitaly crashing the last time it ran." + if ! rm "$gitaly_pid_path"; then + echo "Unable to remove stale pid, exiting" + exit 1 + fi + fi +} + +## If no parts of the service is running, bail out. +exit_if_not_running(){ + check_stale_pids + if [ "$web_status" != "0" ] && [ "$sidekiq_status" != "0" ] && [ "$gitlab_workhorse_status" != "0" ] && { [ "$mail_room_enabled" != true ] || [ "$mail_room_status" != "0" ]; } && { [ "$gitlab_pages_enabled" != true ] || [ "$gitlab_pages_status" != "0" ]; } && { [ "$gitaly_enabled" != true ] || [ "$gitaly_status" != "0" ]; }; then + echo "GitLab is not running." + exit + fi +} + +## Starts web server and Sidekiq if they're not running. +start_gitlab() { + check_stale_pids + + if [ "$web_status" != "0" ]; then + echo "Starting GitLab web server ($use_web_server)" + fi + if [ "$sidekiq_status" != "0" ]; then + echo "Starting GitLab Sidekiq" + fi + if [ "$gitlab_workhorse_status" != "0" ]; then + echo "Starting GitLab Workhorse" + fi + if [ "$mail_room_enabled" = true ] && [ "$mail_room_status" != "0" ]; then + echo "Starting GitLab MailRoom" + fi + if [ "$gitlab_pages_enabled" = true ] && [ "$gitlab_pages_status" != "0" ]; then + echo "Starting GitLab Pages" + fi + if [ "$gitaly_enabled" = true ] && [ "$gitaly_status" != "0" ]; then + echo "Starting Gitaly" + fi + + # Then check if the service is running. If it is: don't start again. + if [ "$web_status" = "0" ]; then + echo "The web server already running with pid $wpid, not restarting." + else + # Remove old socket if it exists + rm -f "$rails_socket" 2>/dev/null + # Start the web server + RAILS_ENV=$RAILS_ENV USE_WEB_SERVER=$use_web_server bin/web start + fi + + # If sidekiq is already running, don't start it again. + if [ "$sidekiq_status" = "0" ]; then + echo "The Sidekiq job dispatcher is already running with pid $spid, not restarting" + else + RAILS_ENV=$RAILS_ENV SIDEKIQ_WORKERS=$SIDEKIQ_WORKERS bin/background_jobs start > /dev/null & + fi + + if [ "$gitlab_workhorse_status" = "0" ]; then + echo "The GitLab Workhorse is already running with pid $hpid, not restarting" + else + # No need to remove a socket, gitlab-workhorse does this itself. + # Because gitlab-workhorse has multiple executables we need to fix + # the PATH. + $app_root/bin/daemon_with_pidfile $gitlab_workhorse_pid_path \ + /usr/bin/env PATH=$gitlab_workhorse_dir:$PATH \ + gitlab-workhorse $gitlab_workhorse_options \ + >> $gitlab_workhorse_log 2>&1 & + fi + + if [ "$mail_room_enabled" = true ]; then + # If MailRoom is already running, don't start it again. + if [ "$mail_room_status" = "0" ]; then + echo "The MailRoom email processor is already running with pid $mpid, not restarting" + else + RAILS_ENV=$RAILS_ENV bin/mail_room start & + fi + fi + + if [ "$gitlab_pages_enabled" = true ]; then + if [ "$gitlab_pages_status" = "0" ]; then + echo "The GitLab Pages is already running with pid $gppid, not restarting" + else + $app_root/bin/daemon_with_pidfile $gitlab_pages_pid_path \ + $gitlab_pages_dir/gitlab-pages $gitlab_pages_options \ + >> $gitlab_pages_log 2>&1 & + fi + fi + + if [ "$gitaly_enabled" = true ]; then + if [ "$gitaly_status" = "0" ]; then + echo "Gitaly is already running with pid $gapid, not restarting" + else + $app_root/bin/daemon_with_pidfile $gitaly_pid_path \ + $gitaly_dir/bin/gitaly $gitaly_dir/config.toml >> $gitaly_log 2>&1 & + fi + fi + + # Wait for the pids to be planted + wait_for_pids + # Finally check the status to tell wether or not GitLab is running + print_status +} + +## Asks web server, Sidekiq and MailRoom if they would be so kind as to stop, if not kills them. +stop_gitlab() { + exit_if_not_running + + if [ "$web_status" = "0" ]; then + echo "Shutting down GitLab web server" + RAILS_ENV=$RAILS_ENV USE_WEB_SERVER=$use_web_server bin/web stop + fi + if [ "$sidekiq_status" = "0" ]; then + echo "Shutting down GitLab Sidekiq" + RAILS_ENV=$RAILS_ENV SIDEKIQ_WORKERS=$SIDEKIQ_WORKERS bin/background_jobs stop + fi + if [ "$gitlab_workhorse_status" = "0" ]; then + echo "Shutting down GitLab Workhorse" + kill -- $(cat $gitlab_workhorse_pid_path) + fi + if [ "$mail_room_enabled" = true ] && [ "$mail_room_status" = "0" ]; then + echo "Shutting down GitLab MailRoom" + RAILS_ENV=$RAILS_ENV bin/mail_room stop + fi + if [ "$gitlab_pages_status" = "0" ]; then + echo "Shutting down gitlab-pages" + kill -- $(cat $gitlab_pages_pid_path) + fi + if [ "$gitaly_status" = "0" ]; then + echo "Shutting down Gitaly" + kill -- $(cat $gitaly_pid_path) + fi + + # If something needs to be stopped, lets wait for it to stop. Never use SIGKILL in a script. + while [ "$web_status" = "0" ] || [ "$sidekiq_status" = "0" ] || [ "$gitlab_workhorse_status" = "0" ] || { [ "$mail_room_enabled" = true ] && [ "$mail_room_status" = "0" ]; } || { [ "$gitlab_pages_enabled" = true ] && [ "$gitlab_pages_status" = "0" ]; } || { [ "$gitaly_enabled" = true ] && [ "$gitaly_status" = "0" ]; }; do + sleep 1 + check_status + printf "." + if [ "$web_status" != "0" ] && [ "$sidekiq_status" != "0" ] && [ "$gitlab_workhorse_status" != "0" ] && { [ "$mail_room_enabled" != true ] || [ "$mail_room_status" != "0" ]; } && { [ "$gitlab_pages_enabled" != true ] || [ "$gitlab_pages_status" != "0" ]; } && { [ "$gitaly_enabled" != true ] || [ "$gitaly_status" != "0" ]; }; then + printf "\n" + break + fi + done + + sleep 1 + # Cleaning up unused pids + rm "$web_server_pid_path" 2>/dev/null + # rm "$sidekiq_pid_path" 2>/dev/null # Sidekiq seems to be cleaning up its own pid. + rm -f "$gitlab_workhorse_pid_path" + if [ "$mail_room_enabled" = true ]; then + rm "$mail_room_pid_path" 2>/dev/null + fi + rm -f "$gitlab_pages_pid_path" + rm -f "$gitaly_pid_path" + + print_status +} + +## Prints the status of GitLab and its components. +print_status() { + check_status + if [ "$web_status" != "0" ] && [ "$sidekiq_status" != "0" ] && [ "$gitlab_workhorse_status" != "0" ] && { [ "$mail_room_enabled" != true ] || [ "$mail_room_status" != "0" ]; } && { [ "$gitlab_pages_enabled" != true ] || [ "$gitlab_pages_status" != "0" ]; } && { [ "$gitaly_enabled" != true ] || [ "$gitaly_status" != "0" ]; }; then + echo "GitLab is not running." + return + fi + if [ "$web_status" = "0" ]; then + echo "The GitLab web server with pid $wpid is running." + else + printf "The GitLab web server is \033[31mnot running\033[0m.\n" + fi + if [ "$sidekiq_status" = "0" ]; then + echo "The GitLab Sidekiq job dispatcher with pid $spid is running." + else + printf "The GitLab Sidekiq job dispatcher is \033[31mnot running\033[0m.\n" + fi + if [ "$gitlab_workhorse_status" = "0" ]; then + echo "The GitLab Workhorse with pid $hpid is running." + else + printf "The GitLab Workhorse is \033[31mnot running\033[0m.\n" + fi + if [ "$mail_room_enabled" = true ]; then + if [ "$mail_room_status" = "0" ]; then + echo "The GitLab MailRoom email processor with pid $mpid is running." + else + printf "The GitLab MailRoom email processor is \033[31mnot running\033[0m.\n" + fi + fi + if [ "$gitlab_pages_enabled" = true ]; then + if [ "$gitlab_pages_status" = "0" ]; then + echo "The GitLab Pages with pid $gppid is running." + else + printf "The GitLab Pages is \033[31mnot running\033[0m.\n" + fi + fi + if [ "$gitaly_enabled" = true ]; then + if [ "$gitaly_status" = "0" ]; then + echo "Gitaly with pid $gapid is running." + else + printf "Gitaly is \033[31mnot running\033[0m.\n" + fi + fi + if [ "$web_status" = "0" ] && [ "$sidekiq_status" = "0" ] && [ "$gitlab_workhorse_status" = "0" ] && { [ "$mail_room_enabled" != true ] || [ "$mail_room_status" = "0" ]; } && { [ "$gitlab_pages_enabled" != true ] || [ "$gitlab_pages_status" = "0" ]; } && { [ "$gitaly_enabled" != true ] || [ "$gitaly_status" = "0" ]; }; then + printf "GitLab and all its components are \033[32mup and running\033[0m.\n" + fi +} + +## Tells web server to reload its config and Sidekiq to restart +reload_gitlab(){ + exit_if_not_running + if [ "$wpid" = "0" ];then + echo "The GitLab web server Web server is not running thus its configuration can't be reloaded." + exit 1 + fi + printf "Reloading GitLab web server configuration... " + RAILS_ENV=$RAILS_ENV USE_WEB_SERVER=$use_web_server bin/web reload + echo "Done." + + echo "Restarting GitLab Sidekiq since it isn't capable of reloading its config..." + RAILS_ENV=$RAILS_ENV SIDEKIQ_WORKERS=$SIDEKIQ_WORKERS bin/background_jobs restart & /dev/null & + + if [ "$mail_room_enabled" != true ]; then + echo "Restarting GitLab MailRoom since it isn't capable of reloading its config..." + RAILS_ENV=$RAILS_ENV bin/mail_room restart + fi + + wait_for_pids + print_status +} + +## Restarts Sidekiq and web server. +restart_gitlab(){ + check_status + if [ "$web_status" = "0" ] || [ "$sidekiq_status" = "0" ] || [ "$gitlab_workhorse" = "0" ] || { [ "$mail_room_enabled" = true ] && [ "$mail_room_status" = "0" ]; } || { [ "$gitlab_pages_enabled" = true ] && [ "$gitlab_pages_status" = "0" ]; } || { [ "$gitaly_enabled" = true ] && [ "$gitaly_status" = "0" ]; }; then + stop_gitlab + fi + start_gitlab +} + +run_rc_command "$1" + +exit diff --git a/www/gitlab/files/patch-Gemfile b/www/gitlab/files/patch-Gemfile new file mode 100644 index 000000000000..ce181c3a12c6 --- /dev/null +++ b/www/gitlab/files/patch-Gemfile @@ -0,0 +1,254 @@ +--- Gemfile.orig 2024-03-27 08:20:26 UTC ++++ Gemfile +@@ -58,7 +58,7 @@ gem 'neighbor', '~> 0.2.3' # rubocop:todo Gemfile/Miss + + gem 'rugged', '~> 1.6' # rubocop:todo Gemfile/MissingFeatureCategory + +-gem 'faraday', '~> 1.0' # rubocop:todo Gemfile/MissingFeatureCategory ++gem 'faraday', '>= 1.0' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'marginalia', '~> 1.11.1' # rubocop:todo Gemfile/MissingFeatureCategory + + # Authorization +@@ -78,8 +78,8 @@ gem 'omniauth-azure-activedirectory-v2', '~> 2.0' # ru + gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'vendor/gems/omniauth-azure-oauth2' # See gem README.md # rubocop:todo Gemfile/MissingFeatureCategory + gem 'omniauth-dingtalk-oauth2', '~> 1.0' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'omniauth-alicloud', '~> 3.0.0' # rubocop:todo Gemfile/MissingFeatureCategory +-gem 'omniauth-facebook', '~> 4.0.0' # rubocop:todo Gemfile/MissingFeatureCategory +-gem 'omniauth-github', '2.0.1' # rubocop:todo Gemfile/MissingFeatureCategory ++gem 'omniauth-facebook', '>= 4.0.0' # rubocop:todo Gemfile/MissingFeatureCategory ++gem 'omniauth-github', '~> 2.0.1' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'omniauth-gitlab', '~> 4.0.0', path: 'vendor/gems/omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md # rubocop:todo Gemfile/MissingFeatureCategory + gem 'omniauth-google-oauth2', '~> 1.1' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'omniauth-oauth2-generic', '~> 0.2.2' # rubocop:todo Gemfile/MissingFeatureCategory +@@ -90,7 +90,7 @@ gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/o + gem 'omniauth_openid_connect', '~> 0.6.1' # rubocop:todo Gemfile/MissingFeatureCategory + # Locked until Ruby 3.0 upgrade since upgrading will pull in an updated net-smtp gem. + # See https://docs.gitlab.com/ee/development/emails.html#rationale. +-gem 'openid_connect', '= 1.3.0' # rubocop:todo Gemfile/MissingFeatureCategory ++gem 'openid_connect', '= 1.3.1' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'omniauth-salesforce', '~> 1.0.5', path: 'vendor/gems/omniauth-salesforce' # See gem README.md # rubocop:todo Gemfile/MissingFeatureCategory + gem 'omniauth-atlassian-oauth2', '~> 0.2.0' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'rack-oauth2', '~> 1.21.3' # rubocop:todo Gemfile/MissingFeatureCategory +@@ -185,7 +185,7 @@ gem 'gitlab-fog-azure-rm', '~> 1.8.0', require: 'fog/a + gem 'google-apis-storage_v1', '~> 0.29' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'google-cloud-storage', '~> 1.45.0' # rubocop:todo Gemfile/MissingFeatureCategory + # We need >= 0.11.1 because that's when match_glob support is added to list_objects +-gem 'google-apis-core', '~> 0.11.0', '>= 0.11.1' # rubocop:todo Gemfile/MissingFeatureCategory ++gem 'google-apis-core', '~> 0.11', '>= 0.11.1' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'google-apis-compute_v1', '~> 0.57.0' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'google-apis-container_v1', '~> 0.43.0' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'google-apis-container_v1beta1', '~> 0.43.0' # rubocop:todo Gemfile/MissingFeatureCategory +@@ -196,7 +196,7 @@ gem 'google-apis-serviceusage_v1', '~> 0.28.0' # ruboc + gem 'google-apis-sqladmin_v1beta4', '~> 0.41.0' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'google-apis-androidpublisher_v3', '~> 0.34.0' # rubocop:todo Gemfile/MissingFeatureCategory + +-gem 'googleauth', '~> 1.8.1', feature_category: :shared ++gem 'googleauth', '~> 1.8', feature_category: :shared + gem 'google-cloud-artifact_registry-v1', '~> 0.11.0', feature_category: :shared + gem 'google-cloud-compute-v1', '~> 2.6.0', feature_category: :shared + +@@ -207,9 +207,9 @@ gem 'seed-fu', '~> 2.3.7' # rubocop:todo Gemfile/Missi + gem 'elasticsearch-model', '~> 7.2' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'elasticsearch-api', '7.13.3' # rubocop:todo Gemfile/MissingFeatureCategory +-gem 'aws-sdk-core', '~> 3.191.3' # rubocop:todo Gemfile/MissingFeatureCategory ++gem 'aws-sdk-core', '~> 3.191' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'aws-sdk-cloudformation', '~> 1' # rubocop:todo Gemfile/MissingFeatureCategory +-gem 'aws-sdk-s3', '~> 1.144.0' # rubocop:todo Gemfile/MissingFeatureCategory ++gem 'aws-sdk-s3', '~> 1.144' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'faraday_middleware-aws-sigv4', '~>0.3.0' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive connections # rubocop:todo Gemfile/MissingFeatureCategory + +@@ -240,12 +240,12 @@ gem 'diffy', '~> 3.4' # rubocop:todo Gemfile/MissingFe + gem 'diff_match_patch', '~> 0.1.0', path: 'vendor/gems/diff_match_patch', feature_category: :team_planning + + # Application server +-gem 'rack', '~> 2.2.8.1' # rubocop:todo Gemfile/MissingFeatureCategory ++gem 'rack', '~> 2.2.8', '>= 2.2.8.1' # rubocop:todo Gemfile/MissingFeatureCategory + # https://github.com/zombocom/rack-timeout/blob/master/README.md#rails-apps-manually + gem 'rack-timeout', '~> 0.6.3', require: 'rack/timeout/base' # rubocop:todo Gemfile/MissingFeatureCategory + + group :puma do +- gem 'puma', '= 6.4.0', require: false, feature_category: :shared ++ gem 'puma', '~> 6.4.0', require: false, feature_category: :shared + gem 'sd_notify', '~> 0.1.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory + end + +@@ -256,7 +256,7 @@ gem 'state_machines-activerecord', '~> 0.8.0' # ruboco + gem 'acts-as-taggable-on', '~> 10.0' # rubocop:todo Gemfile/MissingFeatureCategory + + # Background jobs +-gem 'sidekiq', path: 'vendor/gems/sidekiq-7.1.6', require: 'sidekiq' # rubocop:todo Gemfile/MissingFeatureCategory ++gem 'sidekiq', '~> 7.1.6', require: 'sidekiq' # rubocop:todo Gemfile/MissingFeatureCategory + gem 'sidekiq-cron', '~> 1.12.0', feature_category: :shared + gem 'gitlab-sidekiq-fetcher', path: 'vendor/gems/sidekiq-reliable-fetch', require: 'sidekiq-reliable-fetch' # rubocop:todo Gemfile/MissingFeatureCategory + +@@ -399,93 +399,10 @@ gem 'prometheus-client-mmap', '~> 1.1', '>= 1.1.1', re + + gem 'warning', '~> 1.3.0' # rubocop:todo Gemfile/MissingFeatureCategory + +-group :development do +- gem 'lefthook', '~> 1.5.6', require: false, feature_category: :tooling +- gem 'rubocop', feature_category: :tooling +- gem 'solargraph', '~> 0.47.2', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'letter_opener_web', '~> 2.0.0' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'lookbook', '~> 2.2' # rubocop:todo Gemfile/MissingFeatureCategory +- +- # Better errors handler +- gem 'better_errors', '~> 2.10.1' # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'sprite-factory', '~> 1.7' # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'listen', '~> 3.7' # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'ruby-lsp', "~> 0.14.4", require: false, feature_category: :tooling +- +- gem 'ruby-lsp-rails', "~> 0.3.0", feature_category: :tooling +- +- gem 'ruby-lsp-rspec', "~> 0.1.10", require: false, feature_category: :tooling +-end +- +-group :development, :test do +- gem 'deprecation_toolkit', '~> 1.5.1', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'bullet', '~> 7.1.2' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'parser', '~> 3.3', '>= 3.3.0.2' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'pry-byebug' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'pry-rails', '~> 0.3.9' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'pry-shell', '~> 0.6.4' # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'awesome_print', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'database_cleaner-active_record', '~> 2.1.0', feature_category: :database +- gem 'factory_bot_rails', '~> 6.4.3' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'rspec-rails', '~> 6.1.1', feature_category: :shared +- +- # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) +- gem 'minitest', '~> 5.11.0' # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'spring', '~> 4.1.0' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'spring-commands-rspec', '~> 1.0.4' # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'gitlab-styles', '~> 11.0.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'haml_lint', '~> 0.53', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'bundler-audit', '~> 0.9.1', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- +- # Benchmarking & profiling +- gem 'benchmark-ips', '~> 2.11.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'benchmark-memory', '~> 0.1', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- +- # Profiling data from CI/CD pipelines +- gem 'influxdb-client', '~> 2.9', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'knapsack', '~> 1.22.0', feature_category: :tooling +- gem 'crystalball', '~> 0.7.0', require: false, feature_category: :tooling +- gem 'test_file_finder', '~> 0.2.1', feature_category: :tooling +- +- gem 'simple_po_parser', '~> 1.1.6', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'png_quantizator', '~> 0.2.1', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'parallel', '~> 1.19', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'sigdump', '~> 0.2.4', require: 'sigdump/setup' # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'pact', '~> 1.64' # rubocop:todo Gemfile/MissingFeatureCategory +- +- # For now we only use vite in development / test, and not for production builds +- # See: https://gitlab.com/gitlab-org/frontend/rfcs/-/issues/106 +- gem 'vite_rails', '~> 3.0.17', feature_category: :shared +- gem 'vite_ruby', '~> 3.5.0', feature_category: :shared +- +- gem 'gitlab-housekeeper', path: 'gems/gitlab-housekeeper', feature_category: :tooling +-end +- + group :development, :test, :danger do + gem 'gitlab-dangerfiles', '~> 4.7.0', require: false, feature_category: :tooling + end + +-group :development, :test, :coverage do +- gem 'simplecov', '~> 0.22', require: false, feature_category: :tooling +- gem 'simplecov-lcov', '~> 0.8.0', require: false, feature_category: :tooling +- gem 'simplecov-cobertura', '~> 2.1.0', require: false, feature_category: :tooling +- gem 'undercover', '~> 0.4.4', require: false, feature_category: :tooling +-end +- + # Gems required in omnibus-gitlab pipeline + group :development, :test, :omnibus do + gem 'license_finder', '~> 7.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory +@@ -497,36 +414,6 @@ group :development, :test, :monorepo do + gem 'gitlab-rspec_flaky', path: 'gems/gitlab-rspec_flaky', feature_category: :tooling + end + +-group :test do +- gem 'fuubar', '~> 2.2.0' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'rspec-retry', '~> 0.6.2', feature_category: :tooling +- gem 'rspec_profiling', '~> 0.0.8', feature_category: :tooling +- gem 'rspec-benchmark', '~> 0.6.0', feature_category: :tooling +- gem 'rspec-parameterized', '~> 1.0', require: false, feature_category: :tooling +- gem 'os', '~> 1.1', '>= 1.1.4', feature_category: :tooling +- +- gem 'capybara', '~> 3.40' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'capybara-screenshot', '~> 1.0.26' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'selenium-webdriver', '~> 4.18', '>= 4.18.1' # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'graphlyte', '~> 1.0.0' # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'shoulda-matchers', '~> 5.1.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'email_spec', '~> 2.2.0' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'webmock', '~> 3.22.0' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'rails-controller-testing' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'concurrent-ruby', '~> 1.1' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'test-prof', '~> 1.3.1' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'rspec_junit_formatter' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'guard-rspec' # rubocop:todo Gemfile/MissingFeatureCategory +- gem 'axe-core-rspec', '~> 4.8.2', feature_category: :tooling +- +- # Moved in `test` because https://gitlab.com/gitlab-org/gitlab/-/issues/217527 +- gem 'derailed_benchmarks', require: false # rubocop:todo Gemfile/MissingFeatureCategory +- +- gem 'gitlab_quality-test_tooling', '~> 1.17.0', require: false, feature_category: :tooling +-end +- + gem 'octokit', '~> 8.0', feature_category: :importers + + gem 'gitlab-mail_room', '~> 0.0.24', require: 'mail_room', feature_category: :shared +@@ -564,7 +451,7 @@ gem 'gitaly', '~> 16.10.0-rc1', feature_category: :git + # KAS GRPC protocol definitions + gem 'kas-grpc', '~> 0.4.0', feature_category: :deployment_management + +-gem 'grpc', '~> 1.60.0' # rubocop:todo Gemfile/MissingFeatureCategory ++gem 'grpc', '~> 1.60' # rubocop:todo Gemfile/MissingFeatureCategory + + gem 'google-protobuf', '~> 3.25', '>= 3.25.3' # rubocop:todo Gemfile/MissingFeatureCategory + +@@ -585,7 +472,7 @@ gem 'grape_logging', '~> 1.8', '>= 1.8.4', feature_cat + gem 'gitlab-net-dns', '~> 0.9.2' # rubocop:todo Gemfile/MissingFeatureCategory + + # Countries list +-gem 'countries', '~> 4.0.0' # rubocop:todo Gemfile/MissingFeatureCategory ++gem 'countries', '~> 4.0' # rubocop:todo Gemfile/MissingFeatureCategory + + gem 'retriable', '~> 3.1.2' # rubocop:todo Gemfile/MissingFeatureCategory + +@@ -651,6 +538,7 @@ gem 'app_store_connect' # rubocop:todo Gemfile/Missing + gem 'telesignenterprise', '~> 2.2' # rubocop:todo Gemfile/MissingFeatureCategory + + # BufferedIO patch ++ + # Updating this version will require updating scripts/allowed_warnings.txt + gem 'net-protocol', '~> 0.1.3' # rubocop:todo Gemfile/MissingFeatureCategory + # Lock this until we make DNS rebinding work with the updated net-http: +@@ -658,5 +546,11 @@ gem 'net-protocol', '~> 0.1.3' # rubocop:todo Gemfile/ + gem 'net-http', '= 0.1.1' # rubocop:todo Gemfile/MissingFeatureCategory + + gem 'duo_api', '~> 1.3' # rubocop:todo Gemfile/MissingFeatureCategory ++ ++gem 'parser' ++gem 'net-smtp' ++gem 'net-pop' ++gem 'psych', '~> 3.1' ++ + + gem 'gitlab-sdk', '~> 0.3.0', feature_category: :application_instrumentation diff --git a/www/gitlab/files/patch-bin_background__jobs b/www/gitlab/files/patch-bin_background__jobs new file mode 100644 index 000000000000..552f9367a5ce --- /dev/null +++ b/www/gitlab/files/patch-bin_background__jobs @@ -0,0 +1,11 @@ +--- bin/background_jobs.orig 2021-12-01 10:42:56 UTC ++++ bin/background_jobs +@@ -58,7 +58,7 @@ start_sidekiq() + processes_args+=("${sidekiq_queues}") + done + +- ${cmd} bin/sidekiq-cluster "${processes_args[@]}" -P $sidekiq_pidfile -e $RAILS_ENV "$@" 2>&1 | tee -a $sidekiq_logfile ++ ${cmd} bin/sidekiq-cluster "${processes_args[@]}" -P $sidekiq_pidfile -e $RAILS_ENV "$@" 2>&1 >> $sidekiq_logfile + } + + cleanup() diff --git a/www/gitlab/files/patch-config_database.yml.postgresql b/www/gitlab/files/patch-config_database.yml.postgresql new file mode 100644 index 000000000000..c0b66431bfeb --- /dev/null +++ b/www/gitlab/files/patch-config_database.yml.postgresql @@ -0,0 +1,64 @@ +--- config/database.yml.postgresql.orig 2023-09-21 08:56:19 UTC ++++ config/database.yml.postgresql +@@ -26,13 +26,6 @@ production: + username: git + password: "secure password" + host: localhost +- geo: +- adapter: postgresql +- encoding: unicode +- database: gitlabhq_geo_production +- username: git +- password: "secure password" +- host: localhost + + # + # Development specific +@@ -57,13 +50,6 @@ development: + host: localhost + variables: + statement_timeout: 15s +- geo: +- adapter: postgresql +- encoding: unicode +- database: gitlabhq_geo_development +- username: postgres +- password: "secure password" +- host: localhost + + # + # Staging specific +@@ -84,13 +70,6 @@ staging: + username: git + password: "secure password" + host: localhost +- geo: +- adapter: postgresql +- encoding: unicode +- database: gitlabhq_geo_staging +- username: git +- password: "secure password" +- host: localhost + + # Warning: The database defined as "test" will be erased and + # re-generated from your development database when you run "rake". +@@ -119,19 +98,3 @@ test: &test + reaping_frequency: nil + variables: + statement_timeout: 15s +- geo: +- adapter: postgresql +- encoding: unicode +- database: gitlabhq_geo_test +- username: postgres +- password: +- host: localhost +- reaping_frequency: nil +- embedding: +- adapter: postgresql +- encoding: unicode +- database: gitlabhq_embedding_test +- username: postgres +- password: +- host: localhost +- reaping_frequency: nil diff --git a/www/gitlab/files/patch-config_gitlab.yml.example b/www/gitlab/files/patch-config_gitlab.yml.example new file mode 100644 index 000000000000..1b5556be240b --- /dev/null +++ b/www/gitlab/files/patch-config_gitlab.yml.example @@ -0,0 +1,130 @@ +--- config/gitlab.yml.example.orig 2024-02-14 14:42:02 UTC ++++ config/gitlab.yml.example +@@ -463,7 +463,7 @@ production: &base + ## GitLab Pages + pages: + enabled: false +- access_control: false ++ access_control: true + # The location where pages are stored (default: shared/pages). + # path: shared/pages + +@@ -473,9 +473,9 @@ production: &base + host: example.com + port: 80 # Set to 443 if you serve the pages with HTTPS + https: false # Set to true if you serve the pages with HTTPS +- artifacts_server: true # Set to false if you want to disable online view of HTML artifacts +- # external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages +- # external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages ++ artifacts_server: false # Set to false if you want to disable online view of HTML artifacts ++ external_http: ["127.0.0.1:8090"] # If defined, enables custom domain support in GitLab Pages ++ # external_https: ["127.0.0.1:8090"] # If defined, enables custom domain and certificate support in GitLab Pages + + # File that contains the shared secret key for verifying access for gitlab-pages. + # Default is '.gitlab_pages_secret' relative to Rails.root (i.e. root of the GitLab app). +@@ -1209,13 +1209,13 @@ production: &base + repositories: + storages: # You must have at least a `default` storage path. + default: +- gitaly_address: unix:/home/git/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port). TLS connections are also supported using the system certificate pool (eg: tls://host:port). ++ gitaly_address: unix:%%PREFIX%%/www/gitlab-ce/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port). TLS connections are also supported using the system certificate pool (eg: tls://host:port). + # gitaly_token: 'special token' # Optional: override global gitaly.token for this storage. + + ## Backup settings + backup: + path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) +- # gitaly_backup_path: /home/git/gitaly/_build/bin/gitaly-backup # Path of the gitaly-backup binary (default: searches $PATH) ++ gitaly_backup_path: %%PREFIX%%/share/gitaly/bin/gitaly-backup # Path of the gitaly-backup binary (default: searches $PATH) + # archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600) + # keep_time: 604800 # default: 0 (forever) (in seconds) + # pg_schema: public # default: nil, it means that all schemas will be backed up +@@ -1250,12 +1250,12 @@ production: &base + + ## GitLab Shell settings + gitlab_shell: +- path: /home/git/gitlab-shell/ +- authorized_keys_file: /home/git/.ssh/authorized_keys ++ path: %%PREFIX%%/share/gitlab-shell/ ++ authorized_keys_file: %%PREFIX%%/git/.ssh/authorized_keys + + # File that contains the secret key for verifying access for gitlab-shell. + # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app). +- # secret_file: /home/git/gitlab/.gitlab_shell_secret ++ # secret_file: %%PREFIX%%/www/gitlab-ce/.gitlab_shell_secret + + # Git over HTTP + upload_pack: true +@@ -1270,13 +1270,13 @@ production: &base + workhorse: + # File that contains the secret key for verifying access for gitlab-workhorse. + # Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app). +- # secret_file: /home/git/gitlab/.gitlab_workhorse_secret ++ # secret_file: %%PREFIX%%/www/gitlab-ce/.gitlab_workhorse_secret + + gitlab_kas: + # enabled: true + # File that contains the secret key for verifying access for gitlab-kas. + # Default is '.gitlab_kas_secret' relative to Rails.root (i.e. root of the GitLab app). +- # secret_file: /home/git/gitlab/.gitlab_kas_secret ++ # secret_file: %%PREFIX%%/www/gitlab-ce/.gitlab_kas_secret + + # The URL to the external KAS API (used by the Kubernetes agents) + # external_url: wss://kas.example.com +@@ -1300,13 +1300,13 @@ production: &base + + ## GitLab Elasticsearch settings + elasticsearch: +- indexer_path: /home/git/gitlab-elasticsearch-indexer/ ++ indexer_path: %%PREFIX%%/bin/ + + ## Git settings + # CAUTION! + # Use the default values unless you really know what you are doing + git: +- bin_path: /usr/bin/git ++ bin_path: %%PREFIX%%/bin/git + + ## Webpack settings + # If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running +@@ -1327,18 +1327,18 @@ production: &base + + # Sidekiq exporter is a dedicated Prometheus metrics server optionally running alongside Sidekiq. + sidekiq_exporter: +- # enabled: true +- # log_enabled: false +- # address: localhost +- # port: 8082 ++ enabled: true ++ log_enabled: false ++ address: localhost ++ port: 8082 + # tls_enabled: false + # tls_cert_path: /path/to/cert.pem + # tls_key_path: /path/to/key.pem + + sidekiq_health_checks: +- # enabled: true +- # address: localhost +- # port: 8092 ++ enabled: true ++ address: localhost ++ port: 8092 + + # Web exporter is a dedicated Prometheus metrics server optionally running alongside Puma. + web_exporter: +@@ -1563,13 +1563,13 @@ test: + gitaly_address: unix:tmp/tests/gitaly/praefect.socket + + gitaly: +- client_path: tmp/tests/gitaly/_build/bin ++ client_path: %%PREFIX%%/share/gitaly/bin + token: secret + workhorse: + secret_file: tmp/gitlab_workhorse_test_secret + backup: + path: tmp/tests/backups +- gitaly_backup_path: tmp/tests/gitaly/_build/bin/gitaly-backup ++ gitaly_backup_path: %%PREFIX%%/share/gitaly/bin/gitaly-backup + gitlab_shell: + path: tmp/tests/gitlab-shell/ + authorized_keys_file: tmp/tests/authorized_keys diff --git a/www/gitlab/files/patch-config_initializers_1__settings.rb b/www/gitlab/files/patch-config_initializers_1__settings.rb new file mode 100644 index 000000000000..9d1d73bbf17c --- /dev/null +++ b/www/gitlab/files/patch-config_initializers_1__settings.rb @@ -0,0 +1,15 @@ +--- config/initializers/1_settings.rb.orig 2023-11-15 09:14:25 UTC ++++ config/initializers/1_settings.rb +@@ -208,11 +208,7 @@ Settings.gitlab['url'] ||= Settings.__send__(:build_gi + Settings.gitlab['user'] ||= 'git' + # External configuration may cause the ssh user to differ from the GitLab user + Settings.gitlab['ssh_user'] ||= Settings.gitlab.user +-Settings.gitlab['user_home'] ||= begin +- Etc.getpwnam(Settings.gitlab['user']).dir +-rescue ArgumentError # no user configured +- '/home/' + Settings.gitlab['user'] +-end ++Settings.gitlab['user_home'] ||= '/usr/local/git' + Settings.gitlab['time_zone'] ||= nil + Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil? + Settings.gitlab['signin_enabled'] ||= true if Settings.gitlab['signin_enabled'].nil? diff --git a/www/gitlab/files/patch-config_initializers_sprockets__patch.rb b/www/gitlab/files/patch-config_initializers_sprockets__patch.rb new file mode 100644 index 000000000000..fa1976f8892d --- /dev/null +++ b/www/gitlab/files/patch-config_initializers_sprockets__patch.rb @@ -0,0 +1,11 @@ +--- config/initializers/sprockets_patch.rb.orig 2024-04-02 08:17:37 UTC ++++ config/initializers/sprockets_patch.rb +@@ -8,7 +8,7 @@ + + require 'sprockets/utils' + +-unless Gem::Version.new(Sprockets::VERSION) == Gem::Version.new('3.7.2') ++unless Gem::Version.new(Sprockets::VERSION) == Gem::Version.new('3.7.3') + raise 'New version of Sprockets detected. This patch can likely be removed.' + end + diff --git a/www/gitlab/files/patch-config_puma.rb.example b/www/gitlab/files/patch-config_puma.rb.example new file mode 100644 index 000000000000..ca75ff90f250 --- /dev/null +++ b/www/gitlab/files/patch-config_puma.rb.example @@ -0,0 +1,49 @@ +--- config/puma.rb.example.orig 2023-10-20 08:41:39 UTC ++++ config/puma.rb.example +@@ -5,11 +5,11 @@ + # The default is "config.ru". + # + rackup 'config.ru' +-pidfile '/home/git/gitlab/tmp/pids/puma.pid' +-state_path '/home/git/gitlab/tmp/pids/puma.state' ++pidfile '%%PREFIX%%/www/gitlab-ce/tmp/pids/puma.pid' ++state_path '%%PREFIX%%/www/gitlab-ce/tmp/pids/puma.state' + +-stdout_redirect '/home/git/gitlab/log/puma.stdout.log', +- '/home/git/gitlab/log/puma.stderr.log', ++stdout_redirect '%%PREFIX%%/www/gitlab-ce/log/puma.stdout.log', ++ '%%PREFIX%%/www/gitlab-ce/log/puma.stderr.log', + true + + # Configure "min" to be the minimum number of threads to use to answer +@@ -31,11 +31,11 @@ queue_requests false + + # Bind the server to "url". "tcp://", "unix://" and "ssl://" are the only + # accepted protocols. +-bind 'unix:///home/git/gitlab/tmp/sockets/gitlab.socket' ++bind 'unix://%%PREFIX%%/www/gitlab-ce/tmp/sockets/gitlab.socket' + + workers 3 + +-require_relative "/home/git/gitlab/lib/gitlab/cluster/lifecycle_events" ++require_relative "%%PREFIX%%/www/gitlab-ce/lib/gitlab/cluster/lifecycle_events" + + on_restart do + # Signal application hooks that we're about to restart +@@ -74,14 +74,14 @@ worker_timeout 60 + wait_for_less_busy_worker ENV.fetch('PUMA_WAIT_FOR_LESS_BUSY_WORKER', 0.001).to_f + + # Use json formatter +-require_relative "/home/git/gitlab/lib/gitlab/puma_logging/json_formatter" ++require_relative "%%PREFIX%%/www/gitlab-ce/lib/gitlab/puma_logging/json_formatter" + + json_formatter = Gitlab::PumaLogging::JSONFormatter.new + log_formatter do |str| + json_formatter.call(str) + end + +-require_relative "/home/git/gitlab/lib/gitlab/puma/error_handler" ++require_relative "%%PREFIX%%/www/gitlab-ce/lib/gitlab/puma/error_handler" + + error_handler = Gitlab::Puma::ErrorHandler.new(ENV['RAILS_ENV'] == 'production') + diff --git a/www/gitlab/files/patch-lib_support_nginx_gitlab b/www/gitlab/files/patch-lib_support_nginx_gitlab new file mode 100644 index 000000000000..5eaaaf9163d3 --- /dev/null +++ b/www/gitlab/files/patch-lib_support_nginx_gitlab @@ -0,0 +1,20 @@ +--- lib/support/nginx/gitlab.orig 2020-11-20 12:00:55 UTC ++++ lib/support/nginx/gitlab +@@ -19,7 +19,7 @@ + upstream gitlab-workhorse { + # GitLab socket file, + # for Omnibus this would be: unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket +- server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0; ++ server unix:%%PREFIX%%/www/gitlab-ce/tmp/sockets/gitlab-workhorse.socket fail_timeout=0; + } + + map $http_upgrade $connection_upgrade_gitlab { +@@ -114,7 +114,7 @@ server { + location ~ ^/(404|422|500|502|503)\.html$ { + # Location to the GitLab's public directory, + # for Omnibus this would be: /opt/gitlab/embedded/service/gitlab-rails/public. +- root /home/git/gitlab/public; ++ root %%PREFIX%%/www/gitlab-ce/public; + internal; + } + diff --git a/www/gitlab/files/patch-lib_support_nginx_gitlab-ssl b/www/gitlab/files/patch-lib_support_nginx_gitlab-ssl new file mode 100644 index 000000000000..cdcc25d5e278 --- /dev/null +++ b/www/gitlab/files/patch-lib_support_nginx_gitlab-ssl @@ -0,0 +1,20 @@ +--- lib/support/nginx/gitlab-ssl.orig 2023-04-05 16:11:51 UTC ++++ lib/support/nginx/gitlab-ssl +@@ -23,7 +23,7 @@ + upstream gitlab-workhorse { + # GitLab socket file, + # for Omnibus this would be: unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket +- server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0; ++ server unix:%%PREFIX%%/www/gitlab-ce/tmp/sockets/gitlab-workhorse.socket fail_timeout=0; + } + + map $http_upgrade $connection_upgrade_gitlab_ssl { +@@ -161,7 +161,7 @@ server { + location ~ ^/(404|422|500|502|503)\.html$ { + # Location to the GitLab's public directory, + # for Omnibus this would be: /opt/gitlab/embedded/service/gitlab-rails/public +- root /home/git/gitlab/public; ++ root %%PREFIX%%/www/gitlab-ce/public; + internal; + } + } diff --git a/www/gitlab/files/patch-lib_tasks_gitlab_setup.rake b/www/gitlab/files/patch-lib_tasks_gitlab_setup.rake new file mode 100644 index 000000000000..a48612b6397c --- /dev/null +++ b/www/gitlab/files/patch-lib_tasks_gitlab_setup.rake @@ -0,0 +1,12 @@ +--- lib/tasks/gitlab/setup.rake.orig 2021-02-19 09:35:35 UTC ++++ lib/tasks/gitlab/setup.rake +@@ -3,7 +3,8 @@ + namespace :gitlab do + desc "GitLab | Setup production application" + task setup: :gitlab_environment do +- check_gitaly_connection ++ # Remove this check, see https://gitlab.com/gitlab-org/gitlab-ce/issues/47483 ++ #check_gitaly_connection + setup_db + end + diff --git a/www/gitlab/files/patch-vendor_gems_bundler-checksum_bundler-checksum.gemspec b/www/gitlab/files/patch-vendor_gems_bundler-checksum_bundler-checksum.gemspec new file mode 100644 index 000000000000..fb1f554cb0c8 --- /dev/null +++ b/www/gitlab/files/patch-vendor_gems_bundler-checksum_bundler-checksum.gemspec @@ -0,0 +1,11 @@ +--- vendor/gems/bundler-checksum/bundler-checksum.gemspec.orig 2022-10-18 20:30:55 UTC ++++ vendor/gems/bundler-checksum/bundler-checksum.gemspec +@@ -15,7 +15,7 @@ Gem::Specification.new do |spec| + + spec.files = Dir['bin/*', 'lib/**/*.rb'] + spec.bindir = 'bin' +- spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) } ++# spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) } + spec.require_paths = ['lib'] + + spec.add_dependency 'bundler' |