www-apps/gitlab-ce:

Added ebuild for www-apps/gitlab-ce-8.9.2. This is a security fix.

Package-Manager: portage-2.2.28
This commit is contained in:
Manuel Friedli 2016-06-28 22:47:57 +02:00
parent 734c83ff7b
commit 7376a39ca5
3 changed files with 408 additions and 1 deletions

View file

@ -1,3 +1,9 @@
*gitlab-ce-8.9.2 (28 Jun 2016)
28 Jun 2016; Manuel Friedli <manuel@fritteli.ch> +gitlab-ce-8.9.2.ebuild:
www-apps/gitlab-ce: Added ebuild for www-apps/gitlab-ce-8.9.2. This is a
security fix.
26 Jun 2016; Manuel Friedli <manuel@fritteli.ch>
-files/gitlab-ce-8.7.5-fix-redis-config-path.patch, -gitlab-ce-8.7.5.ebuild,
-gitlab-ce-8.8.1.ebuild, -gitlab-ce-8.8.2.ebuild, -gitlab-ce-8.8.3.ebuild,

View file

@ -10,8 +10,10 @@ AUX gitlab-workhorse.service 930 SHA256 09348a52fec333b4b19828752e0484400c1efa9d
AUX gitlab.conf 27 SHA256 cd9be088bbb67a5400407fc6f63c061eb224f16748b7d0812ff2c101f43ca263 SHA512 909c49fee6d050c1e94b2559ff2a9d54c5c346492be0e2920b50d56d69eaddbed67e3ac12e012d2a9601b5596640ebf33c8dc68fc588a03ca370d963294be37f WHIRLPOOL fa436e8d7d2643d450259d26b6e7b24dae69df47ed22e5ef2a567f37aa785fbf3b0eb1129ae7c8bf8986c29559fc3b744a34064375e5245dce2b10053cd715d9
DIST gitlab-ce-8.8.5.tar.gz 18478664 SHA256 385fefd73ea70797ee2b1d9084c0b5a0f90917a7636926537746bd86143e0335 SHA512 9fef95ecabc16fd441b81ca107567d7ff5abfde39bbfe23b777b0ca1e11cb0bb3028cb597a04c31b478e06fb2f91bd635fc4484ee01d44b4856e528d5eea328c WHIRLPOOL 8a010f2dfc635c87dc3434daae60c0f5965cccb98fd37672ccb772c5baaf2cfe1e232fa1dd21e612d6d08f409714e79e879c46ea28a0e2fe24198308f280b34a
DIST gitlab-ce-8.9.1.tar.gz 21151788 SHA256 f93c32ea9c79e80f705afc3b008cfc52b29cbd9de07b6b2b6dd3c5c4338ae0c6 SHA512 2409469acc91da52a04ad4f733ece019fedd94051ba02c48c508c6a9784e51f484b15d9b18c84d12c58e1b3cfe5998315005bc037aac4b228ea0376699ba6243 WHIRLPOOL fd479b7e0c1c6f4e7f54625154f619cdb7cc86739a79f5a196a716799504be0b1d59a5fb15353d74b13269d2e41ca1e3dcad5e36e83a7384875ab2a772ee43df
DIST gitlab-ce-8.9.2.tar.gz 21152737 SHA256 f1da983b827297ed45ee859293e9abd1b2da401e5c02d4d94deb08971cc019a9 SHA512 dd9fe895a3a9590b8c22fd158c6909b3abe4652721e1defe5dc6ab529fca9954e15b6e0c11be21f2a3a047b43188a23b7b7d75830808f4283838631fcc910b8e WHIRLPOOL 4570ed68e7918ec2cf149bed6fbe551d7e5a3e74e4a7334038f66d3970b77569d16f514ff6aa34f1e0fadf40e474f572e34cda5515e57fb410d46b069c6bfd83
EBUILD gitlab-ce-8.8.5.ebuild 12342 SHA256 0b528722bb3bc7d232dc6a272973bf8da77992fefa308dabf4b7a9fba8548c18 SHA512 430ee8b469bf43bd8889e9375c49ca83a35d2956c6964e0f1dd07921fbb124a8d7decf60950fbbbc836025d74e73da1e7c89119da2348090d163eb6062739fb4 WHIRLPOOL 3730bf6b32dbc0c3605b15a953114aca56faf859f83672f05ad0b92251697a9cc0778b13d3ba3fd25ddb0858e8ce43b400573f68a605e063ad9bed8597c29fc5
EBUILD gitlab-ce-8.9.1.ebuild 12336 SHA256 d50f5bb06b8fd2082804e096d372d0caca441d5d24d30a5ab3fdbd78d7cf5aa2 SHA512 91a88f5342bdd9736f9e45ccbd690caf50c51eabd327c419aaca4203d65ab37ce562214d59280a073c0945945bd60d6f523ebb6586cec09a91b9fca16a3f0412 WHIRLPOOL 67ab639a78899f8161ee47f07d983e7bc90442348170b36c873b94475fcd11a0799c89fecfc1f7a3e21fc95b553ffbee23655d3d1fb1368dd83b66de46652bd5
EBUILD gitlab-ce-8.9.2.ebuild 12343 SHA256 504ae1facfdd479f79d8b1b03cf2a8695f55b9a653923c4c75bf7ede96d5eba0 SHA512 9a59ae1aaa358d94eb1548d940fb6ac100f38387f5f1d70b8798f6ac7d820317575e7e4f018a81c3a1a8a6b7ae8450625fcd0b1f7316f21e93a2e3936ae82236 WHIRLPOOL 5800a3894693f8152778508119f87011c5fe25b6e90f7d930208b0e68aac48ed90ef3a5be86a6c87198d8bd7ac440c8f08d79d525ab3f13d32a0c79e63e95aa0
EBUILD gitlab-ce-9999.ebuild 12347 SHA256 b7850042b023eb505544b47fcf8896bc0319ce96808d29b462d527aacb25d6c0 SHA512 2fc140d00fde6e248ea7cba17ce6e0243dcdad76c497d052a9bac5abdb6618b27ee2a1cbeb86aa5f4718688746abf1be499830af2fea848aec63ec870f4fa72a WHIRLPOOL 7f2de913692b0d363cc8f24a152302de2feaa70db97069049c3c15515b76da330dbbb11ce868f6d59e22e2c1fd5c7ef3874197d2bc5eb36b60e52056a02dd028
MISC ChangeLog 977 SHA256 ca9944b306d43b5b5fb5e96b1203d1e20cac7891cb01858fd9a077fe97941335 SHA512 b2bc8f8fa4ecc63e54b398f7d427ffaf688c4afe1d19ea24023fe9a1297f35a76d5ea8b1d5bfb83f3c4ee059dee1ad95931295e0cb44fd11d3e129fdf3d7fde3 WHIRLPOOL de031eecaa53aa2e0d02c49ca09fea9e03f9aa256629d0153f68daae2cd4f4081c52989cf89d94e7a2d1fae96644c27a605a5a431d8362eca37af7b144647908
MISC ChangeLog 1178 SHA256 33f13c79845e93ae46aec51d70ab2e1b81e22430a7c4e038afb5b1cc99358c29 SHA512 98ed5b31705e889f0134c31e6fbb6f3a28d57906319ebfeac8e9cb0d53661a1517d5b23b8ecf99ac44b2e6ce85ebbe7cc69e3738d1ae91b77e9194044a1ed85a WHIRLPOOL af3aee12d1f827ebb7050ceffd3eb801f2bd5be56aae63bdbfecef40d47fa2dd85ba4d46b4b5ce440d9815d22f5009acfc0020bb753f67a1bc1f0e0692951b4b
MISC metadata.xml 545 SHA256 1b7fc44d811e1ab7638fe4a40253f49d5f1071872d3020c22c4f67662750cb2f SHA512 86f47d297892bccfefa087d93936296f5647993a9ec8e3f47907a6859cbf385e5bc6f00502d7836c9e8d9efef2b6725bf145b0150924c2082b2bd164469ef6ea WHIRLPOOL 6bfb8a55684d68c8bfa6e025a0be965f7b815394ee0896dd2a13cfb524e3cf3f3149acc9072897e30a1842060389576aac07ea8beb4a8b0bfc3e8eab3723f2a1

View file

@ -0,0 +1,399 @@
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="5"
# Maintainer notes:
# - This ebuild uses Bundler to download and install all gems in deployment mode
# (i.e. into isolated directory inside application). That's not Gentoo way how
# it should be done, but GitLab has too many dependencies that it will be too
# difficult to maintain them via ebuilds.
#
USE_RUBY="ruby21"
inherit eutils ruby-ng user systemd
MY_PKGNAME="gitlabhq"
DESCRIPTION="GitLab is a free project and repository management application"
HOMEPAGE="https://about.gitlab.com/"
SRC_URI="https://github.com/${MY_PKGNAME}/${MY_PKGNAME}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
RUBY_S="${MY_PKGNAME}-${PV}"
RESTRICT="mirror"
LICENSE="MIT"
SLOT="0"
KEYWORDS="~amd64 ~x86 ~arm ~arm64"
IUSE="kerberos mysql +postgres +unicorn systemd rugged_use_system_libraries"
## Gems dependencies:
# charlock_holmes dev-libs/icu
# grape, capybara dev-libs/libxml2, dev-libs/libxslt
# rugged dev-util/cmake, virtual/pkgconfig
# json dev-util/ragel
# pygments.rb python 2.7+
# execjs net-libs/nodejs, or any other JS runtime
# pg dev-db/postgresql
# mysql virtual/mysql
#
GEMS_DEPEND="
dev-libs/icu
dev-libs/libxml2
dev-libs/libxslt
dev-util/ragel
net-libs/nodejs
postgres? ( >=dev-db/postgresql-9.1:* )
mysql? ( virtual/mysql )
kerberos? ( virtual/krb5 )"
CDEPEND="
dev-util/cmake
virtual/pkgconfig"
COMMON_DEPEND="
${GEMS_DEPEND}
>=dev-vcs/gitlab-shell-3.0.0
>=dev-vcs/git-2.7.4
>=dev-vcs/gitlab-workhorse-0.7.5
kerberos? ( !app-crypt/heimdal )
rugged_use_system_libraries? ( net-libs/http-parser dev-libs/libgit2:0/24 )"
DEPEND="
${CDEPEND}
${COMMON_DEPEND}"
RDEPEND="
${COMMON_DEPEND}
>=dev-db/redis-2.8
virtual/mta
systemd? ( sys-apps/systemd:0= )"
ruby_add_bdepend "
virtual/rubygems
>=dev-ruby/bundler-1.0"
#
# fix-sendmail-config:
# Fix default settings to work with ssmtp that doesn't know '-t' argument.
# fix-redis-config-path:
# Point to the absolute location of redis_config.rb
#
RUBY_PATCHES=(
"${PN}-8.7.5-fix-sendmail-config.patch"
"${PN}-8.9.1-fix-redis-config-path.patch"
)
MY_NAME="gitlab"
MY_USER="git" # should be same as in gitlab-shell
DEST_DIR="/opt/${MY_NAME}"
CONF_DIR="/etc/${MY_NAME}"
LOGS_DIR="/var/log/${MY_NAME}"
TEMP_DIR="/var/tmp/${MY_NAME}"
# When updating ebuild to newer version, check list of the queues in
# https://gitlab.com/gitlab-org/gitlab-ce/blob/v${PV}/bin/background_jobs
SIDEKIQ_QUEUES="post_receive,mailers,archive_repo,system_hook,project_web_hook,gitlab_shell,incoming_email,runner,common,default"
all_ruby_prepare() {
# fix paths
local satellites_path="${TEMP_DIR}/repo_satellites"
local repos_path=/var/lib/git/repositories
local shell_path=/usr/share/gitlab-shell
sed -i -E \
-e "/satellites:$/,/\w:$/ s|(\s*path:\s).*|\1${satellites_path}/|" \
-e "/gitlab_shell:$/,/\w:$/ s|(\s*path:\s).*|\1${shell_path}/|" \
-e "/gitlab_shell:$/,/\w:$/ s|(\s*repos_path:\s).*|\1${repos_path}/|" \
-e "/gitlab_shell:$/,/\w:$/ s|(\s*hooks_path:\s).*|\1${shell_path}/hooks/|" \
config/gitlab.yml.example || die "failed to filter gitlab.yml.example"
local run_path=/run/${MY_NAME}
sed -i -E \
-e "s|/home/git/gitlab/tmp/(pids\|sockets)|${run_path}|" \
-e "s|/home/git/gitlab/log|${LOGS_DIR}|" \
-e "s|/home/git/gitlab|${DEST_DIR}|" \
config/unicorn.rb.example || die "failed to filter unicorn.rb.example"
sed -i \
-e "s|/home/git/gitlab/tmp/sockets|${run_path}|" \
lib/support/nginx/gitlab || die "failed to filter nginx/gitlab"
# modify default database settings for PostgreSQL
sed -i -E \
-e 's|(username:).*|\1 gitlab|' \
-e 's|(password:).*|\1 gitlab|' \
-e 's|(socket:).*|\1 /run/postgresql/.s.PGSQL.5432|' \
config/database.yml.postgresql \
|| die "failed to filter database.yml.postgresql"
# rename config files
mv config/gitlab.yml.example config/gitlab.yml
mv config/unicorn.rb.example config/unicorn.rb
local dbconf=config/database.yml
if use postgres && ! use mysql; then
mv ${dbconf}.postgresql ${dbconf}
rm ${dbconf}.mysql
elif use mysql && ! use postgres; then
mv ${dbconf}.mysql ${dbconf}
rm ${dbconf}.postgresql
fi
# remove useless files
rm -r lib/support/{deploy,init.d}
use unicorn || rm config/unicorn.rb
}
all_ruby_install() {
local dest=${DEST_DIR}
local conf=${CONF_DIR}
local logs=${LOGS_DIR}
local temp=${TEMP_DIR}
# prepare directories
diropts -m750
dodir ${logs} ${temp}
diropts -m755
dodir ${conf} ${dest}/public/uploads
dosym ${temp} ${dest}/tmp
dosym ${logs} ${dest}/log
# install configs
insinto ${conf}
doins -r config/*
dosym ${conf} ${dest}/config
echo 'export RAILS_ENV=production' > "${D}/${dest}/.profile"
# remove needless dirs
rm -Rf config tmp log
# install the rest files
# using cp 'cause doins is slow
cp -Rl * "${D}/${dest}"/
# install logrotate config
dodir /etc/logrotate.d
cat > "${D}/etc/logrotate.d/${MY_NAME}" <<-EOF
${logs}/*.log {
missingok
delaycompress
compress
copytruncate
}
EOF
## Install gems via bundler ##
cd "${D}/${dest}"
local without="development test aws"
local flag; for flag in mysql postgres unicorn kerberos; do
without+="$(use $flag || echo ' '$flag)"
done
local bundle_args="--deployment ${without:+--without ${without}}"
use "rugged_use_system_libraries" && export RUGGED_USE_SYSTEM_LIBRARIES="YES"
einfo "Running bundle install ${bundle_args} ..."
${RUBY} /usr/bin/bundle install ${bundle_args} || die "bundler failed"
einfo "Cleaning old gems ..."
${RUBY} /usr/bin/bundle clean
# clean gems cache
rm -Rf vendor/bundle/ruby/*/cache
rm -Rf vendor/bundle/ruby/*/bundler/gems/charlock_holmes-dde194609b35/.git
# fix permissions
fowners -R ${MY_USER}:${MY_USER} ${dest} ${temp} ${logs}
## RC script ##
if use systemd ; then
ewarn "Beware: systemd support has not been tested, use at your own risk!"
systemd_dounit "${FILESDIR}/gitlab-sidekiq.service"
systemd_dounit "${FILESDIR}/gitlab-unicorn.service"
systemd_dounit "${FILESDIR}/gitlab-workhorse.service"
systemd_dounit "${FILESDIR}/gitlab-mailroom.service"
systemd_dotmpfilesd "${FILESDIR}/gitlab.conf"
else
local rcscript=gitlab-sidekiq.init
use unicorn && rcscript=gitlab-unicorn.init
cp "${FILESDIR}/${rcscript}" "${T}" || die
sed -i \
-e "s|@USER@|${MY_USER}|" \
-e "s|@GITLAB_BASE@|${dest}|" \
-e "s|@LOGS_DIR@|${logs}|" \
-e "s|@QUEUES@|${SIDEKIQ_QUEUES}|" \
"${T}/${rcscript}" \
|| die "failed to filter ${rcscript}"
newinitd "${T}/${rcscript}" "${MY_NAME}"
fi
}
pkg_postinst() {
elog "If this is an update from a previous version, stop your GitLab"
elog "instance and issue the following command to perform all required"
elog "migrations:"
elog " emerge --config \"=${CATEGORY}/${PF}\""
elog "PLEASE NOTE: It's HIGHLY recommended to backup your database"
elog "before running the config phase. Run these commands (as root):"
elog
elog " cd /opt/gitlab"
elog " sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production"
elog
elog "If this was a fresh install, follow these steps:"
elog
elog "1. Configure your GitLab's settings in ${CONF_DIR}/gitlab.yml."
elog
elog "2. Configure your database settings in ${CONF_DIR}/database.yml"
elog " for \"production\" environment."
elog
elog "3. Then you should create a database for your GitLab instance, if you"
elog " haven't done so already."
elog
if use postgres; then
elog "If you have local PostgreSQL running, just copy&run:"
elog " su postgres"
elog " psql -c \"CREATE ROLE gitlab PASSWORD 'gitlab' \\"
elog " NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;\""
elog " createdb -E UTF-8 -O gitlab gitlabhq_production"
elog " Note: You should change your password to something more random..."
elog
fi
elog "4. Finally execute the following command to initialize the environment:"
elog " emerge --config \"=${CATEGORY}/${PF}\""
elog " Note: Do not forget to start Redis server first!"
elog
elog "If you're running GitLab behind an SSL proxy such as nginx or Apache and"
elog "you can't login after the upgrade, be sure to read the section about the"
elog "verification of the CSRF token in GitLab's trouble-shooting guide at"
elog "http://goo.gl/5XGRGv."
if use postgres; then
elog "Please note: As of GitLab 8.6, users of PostgreSQL need to enable the"
elog "`pg_trgm` extension by running the following command as a PostgreSQL"
elog "super user for *every* GitLab database:"
elog " CREATE EXTENSION IF NOT EXISTS pg_trgm;"
elog "For details, see the documentation at the GitLab website."
fi
}
pkg_config() {
local shell_conf='/etc/gitlab-shell.yml'
einfo "Checking configuration files"
if [ ! -r "${CONF_DIR}/database.yml" ]; then
eerror "Copy ${CONF_DIR}/database.yml.* to"
eerror "${CONF_DIR}/database.yml and edit this file in order to configure your"
eerror "database settings for \"production\" environment."; die
fi
# check gitlab-shell configuration
if [ -r ${shell_conf} ]; then
local shell_repos_path="$(ryaml ${shell_conf} repos_path)"
local gitlab_repos_path="$(ryaml ${CONF_DIR}/gitlab.yml \
production gitlab_shell repos_path)"
if [ ! "${shell_repos_path}" -ef "${gitlab_repos_path}" ]; then
eerror "repos_path in ${CONF_DIR}/gitlab.yml and ${shell_conf}"
eerror "must points to the same location! Fix the repos_path location and"
eerror "run this again."; die
fi
else
ewarn "GitLab Shell checks skipped, could not find config file at"
ewarn "${shell_conf}. Make sure that you have gitlab-shell properly"
ewarn "installed and that repos_path is the same as in GitLab."
fi
local email_from="$(ryaml ${CONF_DIR}/gitlab.yml production gitlab email_from)"
local git_home="$(egethome ${MY_USER})"
# configure Git global settings
if [ ! -e "${git_home}/.gitconfig" ]; then
einfo "Setting git user"
su -l ${MY_USER} -c "
git config --global user.email '${email_from}';
git config --global user.name 'GitLab'" \
|| die "failed to setup git name and email"
fi
if [ ! -d "${DEST_DIR}/.git" ]; then
# create dummy git repo as workaround for
# https://github.com/bundler/bundler/issues/2039
einfo "Initializing dummy git repository to avoid false errors from bundler"
su -l ${MY_USER} -c "
cd ${DEST_DIR}
git init
git add README.md
git commit -m 'Dummy repository'" >/dev/null
fi
## Initialize app ##
local RAILS_ENV="production"
local RUBY=${RUBY:-/usr/bin/ruby}
local BUNDLE="${RUBY} /usr/bin/bundle"
local dbname="$(ryaml ${CONF_DIR}/database.yml production database)"
if [ -f "${DEST_DIR}/.secret" ]; then
local update=true
einfo "Migrating database ..."
exec_rake db:migrate
# https://github.com/gitlabhq/gitlabhq/issues/5311#issuecomment-31656496
einfo "Migrating iids ..."
exec_rake migrate_iids
einfo "Cleaning old precompiled assets ..."
exec_rake assets:clean
einfo "Cleaning cache ..."
exec_rake cache:clear
else
local update=false
einfo "Initializing database ..."
exec_rake gitlab:setup
fi
einfo "Precompiling assests ..."
exec_rake assets:precompile
if [ "${update}" = 'true' ]; then
ewarn
ewarn "This configuration script runs only common migration tasks."
ewarn "Please read guides on"
ewarn " https://github.com/gitlabhq/gitlabhq/blob/master/doc/update/"
ewarn "for any additional migration tasks specific to your previous GitLab"
ewarn "version."
fi
elog
elog "If you want to make sure that the install/upgrade was successful, start"
elog "Gitlab now and then run these commands (as root):"
elog
elog " cd /opt/gitlab"
elog " sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production"
elog " sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production"
elog
}
ryaml() {
ruby -ryaml -e 'puts ARGV[1..-1].inject(YAML.load(File.read(ARGV[0]))) {|acc, key| acc[key] }' "$@"
}
exec_rake() {
local command="${BUNDLE} exec rake $@ RAILS_ENV=${RAILS_ENV}"
echo " ${command}"
su -l ${MY_USER} -c "
export LANG=en_US.UTF-8; export LC_ALL=en_US.UTF-8
cd ${DEST_DIR}
${command}" \
|| die "failed to run rake $@"
}