www-apps/gitlab-ce:

Added ebuild for www-apps/gitlab-ce-8.9.2. This is a security fix.

Package-Manager: portage-2.2.28

www-apps/gitlab-ce/ChangeLog

@@ -1,3 +1,9 @@
+*gitlab-ce-8.9.2 (28 Jun 2016)
+
+  28 Jun 2016; Manuel Friedli <manuel@fritteli.ch> +gitlab-ce-8.9.2.ebuild:
+  www-apps/gitlab-ce:  Added ebuild for www-apps/gitlab-ce-8.9.2. This is a
+  security fix.
+
   26 Jun 2016; Manuel Friedli <manuel@fritteli.ch>
   -files/gitlab-ce-8.7.5-fix-redis-config-path.patch, -gitlab-ce-8.7.5.ebuild,
   -gitlab-ce-8.8.1.ebuild, -gitlab-ce-8.8.2.ebuild, -gitlab-ce-8.8.3.ebuild,

www-apps/gitlab-ce/Manifest

@@ -10,8 +10,10 @@ AUX gitlab-workhorse.service 930 SHA256 09348a52fec333b4b19828752e0484400c1efa9d
 AUX gitlab.conf 27 SHA256 cd9be088bbb67a5400407fc6f63c061eb224f16748b7d0812ff2c101f43ca263 SHA512 909c49fee6d050c1e94b2559ff2a9d54c5c346492be0e2920b50d56d69eaddbed67e3ac12e012d2a9601b5596640ebf33c8dc68fc588a03ca370d963294be37f WHIRLPOOL fa436e8d7d2643d450259d26b6e7b24dae69df47ed22e5ef2a567f37aa785fbf3b0eb1129ae7c8bf8986c29559fc3b744a34064375e5245dce2b10053cd715d9
 DIST gitlab-ce-8.8.5.tar.gz 18478664 SHA256 385fefd73ea70797ee2b1d9084c0b5a0f90917a7636926537746bd86143e0335 SHA512 9fef95ecabc16fd441b81ca107567d7ff5abfde39bbfe23b777b0ca1e11cb0bb3028cb597a04c31b478e06fb2f91bd635fc4484ee01d44b4856e528d5eea328c WHIRLPOOL 8a010f2dfc635c87dc3434daae60c0f5965cccb98fd37672ccb772c5baaf2cfe1e232fa1dd21e612d6d08f409714e79e879c46ea28a0e2fe24198308f280b34a
 DIST gitlab-ce-8.9.1.tar.gz 21151788 SHA256 f93c32ea9c79e80f705afc3b008cfc52b29cbd9de07b6b2b6dd3c5c4338ae0c6 SHA512 2409469acc91da52a04ad4f733ece019fedd94051ba02c48c508c6a9784e51f484b15d9b18c84d12c58e1b3cfe5998315005bc037aac4b228ea0376699ba6243 WHIRLPOOL fd479b7e0c1c6f4e7f54625154f619cdb7cc86739a79f5a196a716799504be0b1d59a5fb15353d74b13269d2e41ca1e3dcad5e36e83a7384875ab2a772ee43df
+DIST gitlab-ce-8.9.2.tar.gz 21152737 SHA256 f1da983b827297ed45ee859293e9abd1b2da401e5c02d4d94deb08971cc019a9 SHA512 dd9fe895a3a9590b8c22fd158c6909b3abe4652721e1defe5dc6ab529fca9954e15b6e0c11be21f2a3a047b43188a23b7b7d75830808f4283838631fcc910b8e WHIRLPOOL 4570ed68e7918ec2cf149bed6fbe551d7e5a3e74e4a7334038f66d3970b77569d16f514ff6aa34f1e0fadf40e474f572e34cda5515e57fb410d46b069c6bfd83
 EBUILD gitlab-ce-8.8.5.ebuild 12342 SHA256 0b528722bb3bc7d232dc6a272973bf8da77992fefa308dabf4b7a9fba8548c18 SHA512 430ee8b469bf43bd8889e9375c49ca83a35d2956c6964e0f1dd07921fbb124a8d7decf60950fbbbc836025d74e73da1e7c89119da2348090d163eb6062739fb4 WHIRLPOOL 3730bf6b32dbc0c3605b15a953114aca56faf859f83672f05ad0b92251697a9cc0778b13d3ba3fd25ddb0858e8ce43b400573f68a605e063ad9bed8597c29fc5
 EBUILD gitlab-ce-8.9.1.ebuild 12336 SHA256 d50f5bb06b8fd2082804e096d372d0caca441d5d24d30a5ab3fdbd78d7cf5aa2 SHA512 91a88f5342bdd9736f9e45ccbd690caf50c51eabd327c419aaca4203d65ab37ce562214d59280a073c0945945bd60d6f523ebb6586cec09a91b9fca16a3f0412 WHIRLPOOL 67ab639a78899f8161ee47f07d983e7bc90442348170b36c873b94475fcd11a0799c89fecfc1f7a3e21fc95b553ffbee23655d3d1fb1368dd83b66de46652bd5
+EBUILD gitlab-ce-8.9.2.ebuild 12343 SHA256 504ae1facfdd479f79d8b1b03cf2a8695f55b9a653923c4c75bf7ede96d5eba0 SHA512 9a59ae1aaa358d94eb1548d940fb6ac100f38387f5f1d70b8798f6ac7d820317575e7e4f018a81c3a1a8a6b7ae8450625fcd0b1f7316f21e93a2e3936ae82236 WHIRLPOOL 5800a3894693f8152778508119f87011c5fe25b6e90f7d930208b0e68aac48ed90ef3a5be86a6c87198d8bd7ac440c8f08d79d525ab3f13d32a0c79e63e95aa0
 EBUILD gitlab-ce-9999.ebuild 12347 SHA256 b7850042b023eb505544b47fcf8896bc0319ce96808d29b462d527aacb25d6c0 SHA512 2fc140d00fde6e248ea7cba17ce6e0243dcdad76c497d052a9bac5abdb6618b27ee2a1cbeb86aa5f4718688746abf1be499830af2fea848aec63ec870f4fa72a WHIRLPOOL 7f2de913692b0d363cc8f24a152302de2feaa70db97069049c3c15515b76da330dbbb11ce868f6d59e22e2c1fd5c7ef3874197d2bc5eb36b60e52056a02dd028
-MISC ChangeLog 977 SHA256 ca9944b306d43b5b5fb5e96b1203d1e20cac7891cb01858fd9a077fe97941335 SHA512 b2bc8f8fa4ecc63e54b398f7d427ffaf688c4afe1d19ea24023fe9a1297f35a76d5ea8b1d5bfb83f3c4ee059dee1ad95931295e0cb44fd11d3e129fdf3d7fde3 WHIRLPOOL de031eecaa53aa2e0d02c49ca09fea9e03f9aa256629d0153f68daae2cd4f4081c52989cf89d94e7a2d1fae96644c27a605a5a431d8362eca37af7b144647908
+MISC ChangeLog 1178 SHA256 33f13c79845e93ae46aec51d70ab2e1b81e22430a7c4e038afb5b1cc99358c29 SHA512 98ed5b31705e889f0134c31e6fbb6f3a28d57906319ebfeac8e9cb0d53661a1517d5b23b8ecf99ac44b2e6ce85ebbe7cc69e3738d1ae91b77e9194044a1ed85a WHIRLPOOL af3aee12d1f827ebb7050ceffd3eb801f2bd5be56aae63bdbfecef40d47fa2dd85ba4d46b4b5ce440d9815d22f5009acfc0020bb753f67a1bc1f0e0692951b4b
 MISC metadata.xml 545 SHA256 1b7fc44d811e1ab7638fe4a40253f49d5f1071872d3020c22c4f67662750cb2f SHA512 86f47d297892bccfefa087d93936296f5647993a9ec8e3f47907a6859cbf385e5bc6f00502d7836c9e8d9efef2b6725bf145b0150924c2082b2bd164469ef6ea WHIRLPOOL 6bfb8a55684d68c8bfa6e025a0be965f7b815394ee0896dd2a13cfb524e3cf3f3149acc9072897e30a1842060389576aac07ea8beb4a8b0bfc3e8eab3723f2a1

www-apps/gitlab-ce/gitlab-ce-8.9.2.ebuild

@@ -0,0 +1,399 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+# Maintainer notes:
+# - This ebuild uses Bundler to download and install all gems in deployment mode
+#   (i.e. into isolated directory inside application). That's not Gentoo way how
+#   it should be done, but GitLab has too many dependencies that it will be too
+#   difficult to maintain them via ebuilds.
+#
+
+USE_RUBY="ruby21"
+
+inherit eutils ruby-ng user systemd
+
+MY_PKGNAME="gitlabhq"
+
+DESCRIPTION="GitLab is a free project and repository management application"
+HOMEPAGE="https://about.gitlab.com/"
+SRC_URI="https://github.com/${MY_PKGNAME}/${MY_PKGNAME}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+RUBY_S="${MY_PKGNAME}-${PV}"
+
+RESTRICT="mirror"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~x86 ~arm ~arm64"
+IUSE="kerberos mysql +postgres +unicorn systemd rugged_use_system_libraries"
+
+## Gems dependencies:
+#   charlock_holmes     dev-libs/icu
+#   grape, capybara     dev-libs/libxml2, dev-libs/libxslt
+#   rugged              dev-util/cmake, virtual/pkgconfig
+#   json                dev-util/ragel
+#   pygments.rb         python 2.7+
+#   execjs              net-libs/nodejs, or any other JS runtime
+#   pg                  dev-db/postgresql
+#   mysql               virtual/mysql
+#
+GEMS_DEPEND="
+	dev-libs/icu
+	dev-libs/libxml2
+	dev-libs/libxslt
+	dev-util/ragel
+	net-libs/nodejs
+	postgres? ( >=dev-db/postgresql-9.1:* )
+	mysql? ( virtual/mysql )
+	kerberos? ( virtual/krb5 )"
+CDEPEND="
+	dev-util/cmake
+	virtual/pkgconfig"
+COMMON_DEPEND="
+	${GEMS_DEPEND}
+	>=dev-vcs/gitlab-shell-3.0.0
+	>=dev-vcs/git-2.7.4
+	>=dev-vcs/gitlab-workhorse-0.7.5
+	kerberos? ( !app-crypt/heimdal )
+	rugged_use_system_libraries? ( net-libs/http-parser dev-libs/libgit2:0/24 )"
+DEPEND="
+	${CDEPEND}
+	${COMMON_DEPEND}"
+RDEPEND="
+	${COMMON_DEPEND}
+	>=dev-db/redis-2.8
+	virtual/mta
+	systemd? ( sys-apps/systemd:0= )"
+ruby_add_bdepend "
+	virtual/rubygems
+	>=dev-ruby/bundler-1.0"
+
+#
+# fix-sendmail-config:
+#     Fix default settings to work with ssmtp that doesn't know '-t' argument.
+# fix-redis-config-path:
+#     Point to the absolute location of redis_config.rb
+#
+RUBY_PATCHES=(
+	"${PN}-8.7.5-fix-sendmail-config.patch"
+	"${PN}-8.9.1-fix-redis-config-path.patch"
+)
+
+MY_NAME="gitlab"
+MY_USER="git"    # should be same as in gitlab-shell
+
+DEST_DIR="/opt/${MY_NAME}"
+CONF_DIR="/etc/${MY_NAME}"
+LOGS_DIR="/var/log/${MY_NAME}"
+TEMP_DIR="/var/tmp/${MY_NAME}"
+
+# When updating ebuild to newer version, check list of the queues in
+# https://gitlab.com/gitlab-org/gitlab-ce/blob/v${PV}/bin/background_jobs
+SIDEKIQ_QUEUES="post_receive,mailers,archive_repo,system_hook,project_web_hook,gitlab_shell,incoming_email,runner,common,default"
+
+all_ruby_prepare() {
+	# fix paths
+	local satellites_path="${TEMP_DIR}/repo_satellites"
+	local repos_path=/var/lib/git/repositories
+	local shell_path=/usr/share/gitlab-shell
+	sed -i -E \
+		-e "/satellites:$/,/\w:$/   s|(\s*path:\s).*|\1${satellites_path}/|" \
+		-e "/gitlab_shell:$/,/\w:$/ s|(\s*path:\s).*|\1${shell_path}/|" \
+		-e "/gitlab_shell:$/,/\w:$/ s|(\s*repos_path:\s).*|\1${repos_path}/|" \
+		-e "/gitlab_shell:$/,/\w:$/ s|(\s*hooks_path:\s).*|\1${shell_path}/hooks/|" \
+		config/gitlab.yml.example || die "failed to filter gitlab.yml.example"
+
+	local run_path=/run/${MY_NAME}
+	sed -i -E \
+		-e "s|/home/git/gitlab/tmp/(pids\|sockets)|${run_path}|" \
+		-e "s|/home/git/gitlab/log|${LOGS_DIR}|" \
+		-e "s|/home/git/gitlab|${DEST_DIR}|" \
+		config/unicorn.rb.example || die "failed to filter unicorn.rb.example"
+
+	sed -i \
+		-e "s|/home/git/gitlab/tmp/sockets|${run_path}|" \
+		lib/support/nginx/gitlab || die "failed to filter nginx/gitlab"
+
+	# modify default database settings for PostgreSQL
+	sed -i -E \
+		-e 's|(username:).*|\1 gitlab|' \
+		-e 's|(password:).*|\1 gitlab|' \
+		-e 's|(socket:).*|\1 /run/postgresql/.s.PGSQL.5432|' \
+		config/database.yml.postgresql \
+		|| die "failed to filter database.yml.postgresql"
+
+	# rename config files
+	mv config/gitlab.yml.example config/gitlab.yml
+	mv config/unicorn.rb.example config/unicorn.rb
+
+	local dbconf=config/database.yml
+	if use postgres && ! use mysql; then
+		mv ${dbconf}.postgresql ${dbconf}
+		rm ${dbconf}.mysql
+	elif use mysql && ! use postgres; then
+		mv ${dbconf}.mysql ${dbconf}
+		rm ${dbconf}.postgresql
+	fi
+
+	# remove useless files
+	rm -r lib/support/{deploy,init.d}
+	use unicorn || rm config/unicorn.rb
+}
+
+all_ruby_install() {
+	local dest=${DEST_DIR}
+	local conf=${CONF_DIR}
+	local logs=${LOGS_DIR}
+	local temp=${TEMP_DIR}
+
+	# prepare directories
+	diropts -m750
+	dodir ${logs} ${temp}
+
+	diropts -m755
+	dodir ${conf} ${dest}/public/uploads
+
+	dosym ${temp} ${dest}/tmp
+	dosym ${logs} ${dest}/log
+
+	# install configs
+	insinto ${conf}
+	doins -r config/*
+	dosym ${conf} ${dest}/config
+
+	echo 'export RAILS_ENV=production' > "${D}/${dest}/.profile"
+
+	# remove needless dirs
+	rm -Rf config tmp log
+
+	# install the rest files
+	# using cp 'cause doins is slow
+	cp -Rl * "${D}/${dest}"/
+
+	# install logrotate config
+	dodir /etc/logrotate.d
+	cat > "${D}/etc/logrotate.d/${MY_NAME}" <<-EOF
+		${logs}/*.log {
+		    missingok
+		    delaycompress
+		    compress
+		    copytruncate
+		}
+	EOF
+
+	## Install gems via bundler ##
+
+	cd "${D}/${dest}"
+
+	local without="development test aws"
+	local flag; for flag in mysql postgres unicorn kerberos; do
+		without+="$(use $flag || echo ' '$flag)"
+	done
+	local bundle_args="--deployment ${without:+--without ${without}}"
+
+	use "rugged_use_system_libraries" && export RUGGED_USE_SYSTEM_LIBRARIES="YES"
+
+	einfo "Running bundle install ${bundle_args} ..."
+	${RUBY} /usr/bin/bundle install ${bundle_args} || die "bundler failed"
+
+	einfo "Cleaning old gems ..."
+	${RUBY} /usr/bin/bundle clean
+
+	# clean gems cache
+	rm -Rf vendor/bundle/ruby/*/cache
+	rm -Rf vendor/bundle/ruby/*/bundler/gems/charlock_holmes-dde194609b35/.git
+
+	# fix permissions
+	fowners -R ${MY_USER}:${MY_USER} ${dest} ${temp} ${logs}
+
+	## RC script ##
+
+	if use systemd ; then
+		ewarn "Beware: systemd support has not been tested, use at your own risk!"
+		systemd_dounit "${FILESDIR}/gitlab-sidekiq.service"
+		systemd_dounit "${FILESDIR}/gitlab-unicorn.service"
+		systemd_dounit "${FILESDIR}/gitlab-workhorse.service"
+		systemd_dounit "${FILESDIR}/gitlab-mailroom.service"
+		systemd_dotmpfilesd "${FILESDIR}/gitlab.conf"
+	else
+		local rcscript=gitlab-sidekiq.init
+		use unicorn && rcscript=gitlab-unicorn.init
+
+		cp "${FILESDIR}/${rcscript}" "${T}" || die
+		sed -i \
+			-e "s|@USER@|${MY_USER}|" \
+			-e "s|@GITLAB_BASE@|${dest}|" \
+			-e "s|@LOGS_DIR@|${logs}|" \
+			-e "s|@QUEUES@|${SIDEKIQ_QUEUES}|" \
+			"${T}/${rcscript}" \
+			|| die "failed to filter ${rcscript}"
+
+		newinitd "${T}/${rcscript}" "${MY_NAME}"
+	fi
+}
+
+pkg_postinst() {
+	elog "If this is an update from a previous version, stop your GitLab"
+	elog "instance and issue the following command to perform all required"
+	elog "migrations:"
+	elog "       emerge --config \"=${CATEGORY}/${PF}\""
+	elog "PLEASE NOTE: It's HIGHLY recommended to backup your database"
+	elog "before running the config phase. Run these commands (as root):"
+	elog
+	elog "    cd /opt/gitlab"
+	elog "    sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production"
+	elog
+	elog "If this was a fresh install, follow these steps:"
+	elog
+	elog "1. Configure your GitLab's settings in ${CONF_DIR}/gitlab.yml."
+	elog
+	elog "2. Configure your database settings in ${CONF_DIR}/database.yml"
+	elog "   for \"production\" environment."
+	elog
+	elog "3. Then you should create a database for your GitLab instance, if you"
+	elog "   haven't done so already."
+	elog
+	if use postgres; then
+		elog "If you have local PostgreSQL running, just copy&run:"
+		elog "      su postgres"
+		elog "      psql -c \"CREATE ROLE gitlab PASSWORD 'gitlab' \\"
+		elog "          NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;\""
+		elog "      createdb -E UTF-8 -O gitlab gitlabhq_production"
+		elog "  Note: You should change your password to something more random..."
+		elog
+	fi
+	elog "4. Finally execute the following command to initialize the environment:"
+	elog "       emerge --config \"=${CATEGORY}/${PF}\""
+	elog "   Note: Do not forget to start Redis server first!"
+	elog
+	elog "If you're running GitLab behind an SSL proxy such as nginx or Apache and"
+	elog "you can't login after the upgrade, be sure to read the section about the"
+	elog "verification of the CSRF token in GitLab's trouble-shooting guide at"
+	elog "http://goo.gl/5XGRGv."
+	if use postgres; then
+		elog "Please note: As of GitLab 8.6, users of PostgreSQL need to enable the"
+		elog "`pg_trgm` extension by running the following command as a PostgreSQL"
+		elog "super user for *every* GitLab database:"
+		elog "      CREATE EXTENSION IF NOT EXISTS pg_trgm;"
+		elog "For details, see the documentation at the GitLab website."
+	fi
+}
+
+pkg_config() {
+	local shell_conf='/etc/gitlab-shell.yml'
+
+	einfo "Checking configuration files"
+
+	if [ ! -r "${CONF_DIR}/database.yml" ]; then
+		eerror "Copy ${CONF_DIR}/database.yml.* to"
+		eerror "${CONF_DIR}/database.yml and edit this file in order to configure your"
+		eerror "database settings for \"production\" environment."; die
+	fi
+
+	# check gitlab-shell configuration
+	if [ -r ${shell_conf} ]; then
+		local shell_repos_path="$(ryaml ${shell_conf} repos_path)"
+		local gitlab_repos_path="$(ryaml ${CONF_DIR}/gitlab.yml \
+			production gitlab_shell repos_path)"
+
+		if [ ! "${shell_repos_path}" -ef "${gitlab_repos_path}" ]; then
+			eerror "repos_path in ${CONF_DIR}/gitlab.yml and ${shell_conf}"
+			eerror "must points to the same location! Fix the repos_path location and"
+			eerror "run this again."; die
+		fi
+	else
+		ewarn "GitLab Shell checks skipped, could not find config file at"
+		ewarn "${shell_conf}. Make sure that you have gitlab-shell properly"
+		ewarn "installed and that repos_path is the same as in GitLab."
+	fi
+
+	local email_from="$(ryaml ${CONF_DIR}/gitlab.yml production gitlab email_from)"
+	local git_home="$(egethome ${MY_USER})"
+
+	# configure Git global settings
+	if [ ! -e "${git_home}/.gitconfig" ]; then
+		einfo "Setting git user"
+		su -l ${MY_USER} -c "
+			git config --global user.email '${email_from}';
+			git config --global user.name 'GitLab'" \
+			|| die "failed to setup git name and email"
+	fi
+
+	if [ ! -d "${DEST_DIR}/.git" ]; then
+		# create dummy git repo as workaround for
+		# https://github.com/bundler/bundler/issues/2039
+		einfo "Initializing dummy git repository to avoid false errors from bundler"
+		su -l ${MY_USER} -c "
+			cd ${DEST_DIR}
+			git init
+			git add README.md
+			git commit -m 'Dummy repository'" >/dev/null
+	fi
+
+	## Initialize app ##
+
+	local RAILS_ENV="production"
+	local RUBY=${RUBY:-/usr/bin/ruby}
+	local BUNDLE="${RUBY} /usr/bin/bundle"
+
+	local dbname="$(ryaml ${CONF_DIR}/database.yml production database)"
+
+	if [ -f "${DEST_DIR}/.secret" ]; then
+		local update=true
+
+		einfo "Migrating database ..."
+		exec_rake db:migrate
+
+		# https://github.com/gitlabhq/gitlabhq/issues/5311#issuecomment-31656496
+		einfo "Migrating iids ..."
+		exec_rake migrate_iids
+
+		einfo "Cleaning old precompiled assets ..."
+		exec_rake assets:clean
+
+		einfo "Cleaning cache ..."
+		exec_rake cache:clear
+	else
+		local update=false
+
+		einfo "Initializing database ..."
+		exec_rake gitlab:setup
+	fi
+
+	einfo "Precompiling assests ..."
+	exec_rake assets:precompile
+
+	if [ "${update}" = 'true' ]; then
+		ewarn
+		ewarn "This configuration script runs only common migration tasks."
+		ewarn "Please read guides on"
+		ewarn "    https://github.com/gitlabhq/gitlabhq/blob/master/doc/update/"
+		ewarn "for any additional migration tasks specific to your previous GitLab"
+		ewarn "version."
+	fi
+	elog
+	elog "If you want to make sure that the install/upgrade was successful, start"
+	elog "Gitlab now and then run these commands (as root):"
+	elog
+	elog "    cd /opt/gitlab"
+	elog "    sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production"
+	elog "    sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production"
+	elog
+}
+
+ryaml() {
+	ruby -ryaml -e 'puts ARGV[1..-1].inject(YAML.load(File.read(ARGV[0]))) {|acc, key| acc[key] }' "$@"
+}
+
+exec_rake() {
+	local command="${BUNDLE} exec rake $@ RAILS_ENV=${RAILS_ENV}"
+
+	echo "   ${command}"
+	su -l ${MY_USER} -c "
+		export LANG=en_US.UTF-8; export LC_ALL=en_US.UTF-8
+		cd ${DEST_DIR}
+		${command}" \
+		|| die "failed to run rake $@"
+}