Date: Monday, November 22, 2021 @ 11:55:30 Author: foutrelis Revision: 1054241
archrelease: copy trunk to community-staging-x86_64 Added: gitlab/repos/community-staging-x86_64/ gitlab/repos/community-staging-x86_64/PKGBUILD (from rev 1054240, gitlab/trunk/PKGBUILD) gitlab/repos/community-staging-x86_64/configs.patch (from rev 1054240, gitlab/trunk/configs.patch) gitlab/repos/community-staging-x86_64/environment (from rev 1054240, gitlab/trunk/environment) gitlab/repos/community-staging-x86_64/fixes.patch (from rev 1054240, gitlab/trunk/fixes.patch) gitlab/repos/community-staging-x86_64/gitlab-backup.service (from rev 1054240, gitlab/trunk/gitlab-backup.service) gitlab/repos/community-staging-x86_64/gitlab-backup.timer (from rev 1054240, gitlab/trunk/gitlab-backup.timer) gitlab/repos/community-staging-x86_64/gitlab-mailroom.service (from rev 1054240, gitlab/trunk/gitlab-mailroom.service) gitlab/repos/community-staging-x86_64/gitlab-puma.service (from rev 1054240, gitlab/trunk/gitlab-puma.service) gitlab/repos/community-staging-x86_64/gitlab-sidekiq.service (from rev 1054240, gitlab/trunk/gitlab-sidekiq.service) gitlab/repos/community-staging-x86_64/gitlab.install (from rev 1054240, gitlab/trunk/gitlab.install) gitlab/repos/community-staging-x86_64/gitlab.logrotate (from rev 1054240, gitlab/trunk/gitlab.logrotate) gitlab/repos/community-staging-x86_64/gitlab.target (from rev 1054240, gitlab/trunk/gitlab.target) gitlab/repos/community-staging-x86_64/gitlab.tmpfiles.d (from rev 1054240, gitlab/trunk/gitlab.tmpfiles.d) gitlab/repos/community-staging-x86_64/nodejs-17.patch (from rev 1054240, gitlab/trunk/nodejs-17.patch) -------------------------+ PKGBUILD | 188 +++++++++++++++++++++++++++++ configs.patch | 291 ++++++++++++++++++++++++++++++++++++++++++++++ environment | 3 fixes.patch | 20 +++ gitlab-backup.service | 19 +++ gitlab-backup.timer | 10 + gitlab-mailroom.service | 21 +++ gitlab-puma.service | 34 +++++ gitlab-sidekiq.service | 30 ++++ gitlab.install | 34 +++++ gitlab.logrotate | 6 gitlab.target | 7 + gitlab.tmpfiles.d | 1 nodejs-17.patch | 121 +++++++++++++++++++ 14 files changed, 785 insertions(+) Copied: gitlab/repos/community-staging-x86_64/PKGBUILD (from rev 1054240, gitlab/trunk/PKGBUILD) =================================================================== --- community-staging-x86_64/PKGBUILD (rev 0) +++ community-staging-x86_64/PKGBUILD 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,188 @@ +# Maintainer: Anatol Pomozov <anatol.pomo...@gmail.com> +# Contributor: Sven-Hendrik Haase <svenst...@gmail.com> +# Contributor: Pavol (Lopo) Hluchy <lopo AT losys DOT eu> +# Contributor: Jonas Heinrich <o...@project-insanity.org> +# Contributor: Massimiliano Torromeo <massimiliano.torro...@gmail.com> +# Contributor: Tobias Hunger <tobias DOT hunger AT gmail DOT com> +# Contributor: Stefan Tatschner <ste...@sevenbyte.org> +# Contributor: Caleb Maclennan <ca...@alerque.com> + +pkgname=gitlab +pkgver=14.3.3 +pkgrel=2 +pkgdesc="Project management and code hosting application" +arch=('x86_64') +url="https://gitlab.com/gitlab-org/gitlab-foss" +license=('MIT') +options=(!buildflags) +depends=('ruby2.7' 'git' 'gitlab-workhorse' 'gitlab-gitaly' 'openssh' 'redis' 'libxslt' 'icu' 're2' 'http-parser' 'nodejs' 'openssl') +makedepends=('cmake' 'postgresql' 'yarn' 'go' 'nodejs') +optdepends=('postgresql: database backend' + 'python-docutils: reStructuredText markup language support' + 'smtp-server: mail server in order to receive mail notifications') +backup=("etc/webapps/gitlab/database.yml" + "etc/webapps/gitlab/gitlab.yml" + "etc/webapps/gitlab/resque.yml" + "etc/webapps/gitlab/puma.rb" + "etc/webapps/gitlab/smtp_settings.rb" + "etc/logrotate.d/gitlab") +source=(git+https://gitlab.com/gitlab-org/gitlab-foss.git#tag=v$pkgver + nodejs-17.patch + configs.patch + fixes.patch + environment + gitlab-puma.service + gitlab-sidekiq.service + gitlab-backup.service + gitlab-mailroom.service + gitlab-backup.timer + gitlab.target + gitlab.tmpfiles.d + gitlab.logrotate) +install='gitlab.install' +sha512sums=('SKIP' + 'c42207f143239cbeda2adb69a94a073655857acecbfe9cf9459ef71fd9e3418359cdd1f02d1a93948ab024c2aa0424825fbb2ae3b40ca860a815c277faadd41e' + '1f1adbb5a641ec9272931c823c7bf4822dde9df4242a039ec5916167742f1148f555bf05774b0eae69a7f52417092db4a7925cd553d43d37544713036da7f50b' + '7efb9a6f1aa0c05780f173dd61039e9bec2321ef1015e6ad11bc5ecbf83689be6c3af2a8e4b42bd216a0bfe9618f90c53ae92d6aabeb0563378f3bd62c95ac57' + '5b1ca2958f03a5baf1c5576a1568072e8ed749e2d15745ecbcc4860d2dbd543f2f3ed077e8d87afac2670c9436b19fe498217b49916d56a4e31fb9811aeb9067' + '451a030940f124bccd6d29c1924861b361d52db32cff6e745c144286c2afc7065e117f825721145ed2dd4406f5bcfa97e228a80b968aaa9a675613b71b776eba' + '419848c668928276620b5229e457a39e0ed7e111f1da68a30c3e0ae1a644af1c869b004b35435ccec4ddcdf6cf7418b1ab71e6e2ee8a2c861c6625c8bfd908f6' + 'd86e16747ad79f514ce180646c68bec8b6fa61764b2b14b1621db998f48955c3fb81f4e19ecb0fbab9d603dd25d95929e6d72a473652608373e6551f26244738' + 'f8067d1ee444a50dc9b2ed871974225ad521c310eb191e075adb0e45e47168da7d16b92f2e40d7ce755041dd4426a05f0ad1385392b4db526aeaf8a638eb024f' + 'c76d634647336aaf157bc66ba094a363e971c0d275875a7df4521819147f54cd4c709eb8e024cdac9e900d99167e8a78a222587e7292e915573ef29060e6ec21' + '879be339148123e32b58a5669fdd3d3bb8b5d711326cb618f95b1680a6ac3a83c85d8862f2691b352fa26c95e4764dbb827856e22a3e2b9e4a76c13fe42864b5' + 'abacbff0d7be918337a17b56481c84e6bf3eddd9551efe78ba9fb74337179e95c9b60f41c49f275e05074a4074a616be36fa208a48fc12d5b940f0554fbd89c3' + '88e199d2f63e4f235930c35c6dfde80e6010e590907bd4de0af1fbfe6d5491ff56845aefcfe8edefa707712bd84fef96880655747b8bfb949ceeadc0456b0121') + + +_appdir="/usr/share/webapps/gitlab" # the app source code location +_etcdir="/etc/webapps/gitlab" +_datadir="/var/lib/gitlab" # directory with gitlab data and it also $HOME for 'gitlab' user +_logdir="/var/log/gitlab" + +prepare() { + cd gitlab-foss + + # GitLab tries to read its revision information from a file. + git rev-parse --short HEAD > REVISION + + patch -p1 < ../fixes.patch + patch -p1 < ../configs.patch + patch -p1 -F3 < ../nodejs-17.patch + # '/home/git' path in the config files indicates a default path that need to be adjusted + grep -FqR '/home/git' config || exit 1 + + cp config/gitlab.yml.example config/gitlab.yml + cp config/database.yml.postgresql config/database.yml + cp config/puma.rb.example config/puma.rb + cp config/resque.yml.example config/resque.yml + cp config/initializers/smtp_settings.rb.sample config/initializers/smtp_settings.rb + + echo "Setting up systemd service files ..." + for service_file in gitlab-sidekiq.service gitlab-puma.service gitlab.logrotate gitlab-backup.service gitlab-mailroom.service; do + sed -i "s|<DATADIR>|${_datadir}|g" "${srcdir}/${service_file}" + sed -i "s|<APPDIR>|${_appdir}|g" "${srcdir}/${service_file}" + sed -i "s|<LOGDIR>|${_logdir}|g" "${srcdir}/${service_file}" + done + + # https://github.com/bundler/bundler/issues/6882 + sed -e '/BUNDLED WITH/,+1d' -i Gemfile.lock + bundle-2.7 lock --update=bundler-audit + # 'lock' adds 'BUNDLED WITH' back. Remove it again. + sed -e '/BUNDLED WITH/,+1d' -i Gemfile.lock +} + +build() { + cd gitlab-foss + + echo "Fetching bundled gems..." + # Gems will be installed into vendor/bundle + bundle-2.7 config build.gpgme --use-system-libraries # See https://bugs.archlinux.org/task/63654 + bundle-2.7 config force_ruby_platform true # some native gems are not available for newer ruby + bundle-2.7 install --jobs=$(nproc) --no-cache --deployment --without development test aws kerberos + + yarn install --production --pure-lockfile + bundle-2.7 exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production NODE_OPTIONS="--max_old_space_size=4096" + bundle-2.7 exec rake gettext:compile RAILS_ENV=production +} + +package() { + depends+=('gitlab-shell') + + cd gitlab-foss + + install -d "${pkgdir}/usr/share/webapps" + + cp -r "${srcdir}"/gitlab-foss "${pkgdir}${_appdir}" + # Remove unneeded directories: node_modules is only needed during build + rm -r "${pkgdir}${_appdir}/node_modules" + # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/194cf8f12e51c26980c09de6388bbd08409e1209/config/software/gitlab-rails.rb#L179 + for dir in spec qa rubocop app/assets vendor/assets; do + rm -r "${pkgdir}${_appdir}/${dir}" + done + + chown -R root:root "${pkgdir}${_appdir}" + chmod 755 "${pkgdir}${_appdir}" + + install -dm750 -o 105 -g 105 "${pkgdir}${_datadir}" + install -dm750 -o 105 -g 105 "${pkgdir}${_datadir}/satellites" + install -dm750 -o 105 -g 105 "${pkgdir}${_datadir}/shared/"{,artifacts,lfs-objects} + install -dm750 -o 105 -g 105 "${pkgdir}${_datadir}/builds" + install -dm700 -o 105 -g 105 "${pkgdir}${_datadir}/uploads" + install -dm750 -o 105 -g 105 "${pkgdir}${_datadir}/backups" + install -dm755 -o 105 -g 105 "${pkgdir}${_etcdir}" + install -dm755 -o 105 -g 105 "${pkgdir}${_logdir}" + install -dm755 "${pkgdir}/usr/share/doc/gitlab" + + rm -r "${pkgdir}${_appdir}"/{.git,builds,tmp,log,shared} + + # Rails app hardcodes/configures by default that data is stored under $_appdir + # Create symlinks that point to data directories under /var + ln -fs "${_logdir}" "${pkgdir}${_appdir}/log" + ln -fs "${_datadir}/builds" "${pkgdir}${_appdir}/builds" + mkdir "${pkgdir}${_appdir}/tmp/" + ln -fs "${_datadir}/backups" "${pkgdir}${_appdir}/tmp/backups" + ln -fs "${_datadir}/uploads" "${pkgdir}${_appdir}/public/uploads" + ln -fs "${_datadir}/shared" "${pkgdir}${_appdir}/shared" + + # TODO: workhorse and shell secret files are the application data and should be stored under /var/lib/gitlab + ln -fs "${_etcdir}/gitlab_workhorse_secret" "${pkgdir}${_appdir}/.gitlab_workhorse_secret" + ln -fs /etc/webapps/gitlab-shell/secret "${pkgdir}${_appdir}/.gitlab_shell_secret" + + # Install config files + for config_file in gitlab.yml database.yml puma.rb resque.yml; do + mv "config/${config_file}" "${pkgdir}${_etcdir}/" + # TODO: configure rails app to use configs right from /etc + ln -fs "${_etcdir}/${config_file}" "${pkgdir}${_appdir}/config/" + done + mv "config/initializers/smtp_settings.rb" "${pkgdir}${_etcdir}/" + ln -fs "${_etcdir}/smtp_settings.rb" "${pkgdir}${_appdir}/config/initializers/smtp_settings.rb" + + # Install secrets symlink + # TODO: ruby uses _appdir to load config files. Figure out if we can load files directly from /etc + ln -fs "${_etcdir}/secrets.yml" "${pkgdir}${_appdir}/config/secrets.yml" + + # files with passwords/secrets are set world-unreadable + for secret_file in smtp_settings.rb; do + chmod 660 "${pkgdir}${_etcdir}/${secret_file}" + # TODO: should we just leave the secret files root owned? + chown root:105 "${pkgdir}${_etcdir}/${secret_file}" + done + + install -Dm644 "${srcdir}/environment" "${pkgdir}${_appdir}" + + # Install license and help files + mv README.md MAINTENANCE.md CONTRIBUTING.md CHANGELOG.md PROCESS.md VERSION config/*.{example,postgresql} "${pkgdir}/usr/share/doc/gitlab" + install -Dm644 "LICENSE" "${pkgdir}/usr/share/licenses/gitlab/LICENSE" + + # TODO: structure.sql looks more like an application data and should be stored under /var/lib/gitlab + chown 105:105 "${pkgdir}${_appdir}/db/structure.sql" + + # Install systemd service files + for service_file in gitlab-puma.service gitlab-sidekiq.service gitlab-backup.service gitlab-backup.timer gitlab.target gitlab-mailroom.service; do + install -Dm644 "${srcdir}/${service_file}" "${pkgdir}/usr/lib/systemd/system/${service_file}" + done + + install -Dm644 "${srcdir}/gitlab.tmpfiles.d" "${pkgdir}/usr/lib/tmpfiles.d/gitlab.conf" + install -Dm644 "${srcdir}/gitlab.logrotate" "${pkgdir}/etc/logrotate.d/gitlab" +} Copied: gitlab/repos/community-staging-x86_64/configs.patch (from rev 1054240, gitlab/trunk/configs.patch) =================================================================== --- community-staging-x86_64/configs.patch (rev 0) +++ community-staging-x86_64/configs.patch 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,291 @@ +commit 0757f389a34b9a58b46a8ecc508501bd4c3c3188 +Author: Anatol Pomozov <anatol.pomo...@gmail.com> +Date: Tue May 26 00:01:38 2020 -0700 + + Patch config files with Arch Linux specific locations + + Arch uses upstream's default config files as a base for its configs. + But directory structure at Arch is completely different from the default + one specified by gitlab project. + We used to have a lot of seds expressions to adjust the files but as + complexity of configs grew 'sed' makes it easy to miss a changed/added + option. + + Track set of diffs as a patch. If upstream modifies config file then it + will cause a conflict that needs to be reviewed manually. + +diff --git a/config/database.yml.postgresql b/config/database.yml.postgresql +index a4daab1fd0c..19c33fdd1f5 100644 +--- a/config/database.yml.postgresql ++++ b/config/database.yml.postgresql +@@ -6,7 +6,7 @@ production: + adapter: postgresql + encoding: unicode + database: gitlabhq_production +- username: git ++ username: gitlab + password: "secure password" + host: localhost + # load_balancing: +@@ -41,7 +41,7 @@ staging: + adapter: postgresql + encoding: unicode + database: gitlabhq_staging +- username: git ++ username: gitlab + password: "secure password" + host: localhost + +diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example +index a8881fd8a2e..23a24536da3 100644 +--- a/config/gitlab.yml.example ++++ b/config/gitlab.yml.example +@@ -89,7 +89,7 @@ production: &base + #- 2001:0db8::/32 + + # Uncomment and customize if you can't use the default user to run GitLab (default: 'git') +- # user: git ++ user: gitlab + + ## Date & Time settings + # Uncomment and customize if you want to change the default time zone of GitLab application. +@@ -109,15 +109,15 @@ production: &base + # enabled: false + # S/MIME private key file in PEM format, unencrypted + # Default is '.gitlab_smime_key' relative to Rails.root (i.e. root of the GitLab app). +- # key_file: /home/git/gitlab/.gitlab_smime_key ++ # key_file: /var/lib/gitlab/.gitlab_smime_key + # S/MIME public certificate key in PEM format, will be attached to signed messages + # Default is '.gitlab_smime_cert' relative to Rails.root (i.e. root of the GitLab app). +- # cert_file: /home/git/gitlab/.gitlab_smime_cert ++ # cert_file: /var/lib/gitlab/.gitlab_smime_cert + # S/MIME extra CA public certificates in PEM format, will be attached to signed messages + # Optional +- # ca_certs_file: /home/git/gitlab/.gitlab_smime_ca_certs ++ # ca_certs_file: /var/lib/gitlab/.gitlab_smime_ca_certs + +- # Email server smtp settings are in config/initializers/smtp_settings.rb.sample ++ # Email server smtp settings are in /etc/webapps/gitlab/smtp_settings.rb + # File location to read encrypted SMTP secrets from + # email_smtp_secret_file: /mnt/gitlab/smtp.yaml.enc # Default: shared/encrypted_settings/smtp.yaml.enc + +@@ -165,7 +165,7 @@ production: &base + ## Repository downloads directory + # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory. + # The default is 'shared/cache/archive/' relative to the root of the Rails app. +- # repository_downloads_path: shared/cache/archive/ ++ repository_downloads_path: /var/lib/gitlab/shared/cache/archive + + ## Impersonation settings + impersonation_enabled: true +@@ -214,7 +214,7 @@ production: &base + # Since `mail_room` is run independently of Rails, an absolute path is preferred. + # The default is 'log/mail_room_json.log' relative to the root of the Rails app. + # +- # log_path: log/mail_room_json.log ++ log_path: /var/log/gitlab/mail_room_json.log + + # Whether to expunge (permanently remove) messages from the mailbox when they are deleted after delivery + expunge_deleted: false +@@ -260,7 +260,7 @@ production: &base + artifacts: + enabled: true + # The location where build artifacts are stored (default: shared/artifacts). +- # path: shared/artifacts ++ path: /var/lib/gitlab/shared/artifacts + # object_store: + # enabled: false + # remote_directory: artifacts # The bucket name +@@ -280,7 +280,7 @@ production: &base + # be stored on disk, or in object storage + enabled: false + # The location where external diffs are stored (default: shared/lfs-external-diffs). +- # storage_path: shared/external-diffs ++ storage_path: /var/lib/gitlab/shared/external-diffs + # object_store: + # enabled: false + # remote_directory: external-diffs +@@ -296,7 +296,7 @@ production: &base + lfs: + enabled: true + # The location where LFS objects are stored (default: shared/lfs-objects). +- # storage_path: shared/lfs-objects ++ storage_path: /var/lib/gitlab/shared/lfs-objects + object_store: + enabled: false + remote_directory: lfs-objects # Bucket name +@@ -340,7 +340,7 @@ production: &base + enabled: true + dpkg_deb_path: /usr/bin/dpkg-deb + # The location where build packages are stored (default: shared/packages). +- # storage_path: shared/packages ++ storage_path: /var/lib/gitlab/shared/packages + object_store: + enabled: false + remote_directory: packages # The bucket name +@@ -361,7 +361,7 @@ production: &base + dependency_proxy: + enabled: true + # The location where build packages are stored (default: shared/dependency_proxy). +- # storage_path: shared/dependency_proxy ++ storage_path: /var/lib/gitlab/shared/dependency_proxy + object_store: + enabled: false + remote_directory: dependency_proxy # The bucket name +@@ -382,7 +382,7 @@ production: &base + terraform_state: + enabled: true + # The location where Terraform state files are stored (default: shared/terraform_state). +- # storage_path: shared/terraform_state ++ storage_path: /var/lib/gitlab/shared/terraform_state + object_store: + enabled: false + remote_directory: terraform # The bucket name +@@ -401,7 +401,7 @@ production: &base + enabled: false + access_control: false + # The location where pages are stored (default: shared/pages). +- # path: shared/pages ++ path: /var/lib/gitlab/shared/pages + + # The domain under which the pages are served: + # http://group.example.com/project +@@ -415,7 +415,7 @@ production: &base + + # File that contains the shared secret key for verifying access for gitlab-pages. + # Default is '.gitlab_pages_secret' relative to Rails.root (i.e. root of the GitLab app). +- # secret_file: /home/git/gitlab/.gitlab_pages_secret ++ secret_file: /var/lib/gitlab/.gitlab_pages_secret + object_store: + enabled: false + remote_directory: pages # The bucket name +@@ -586,7 +586,7 @@ production: &base + # port: 5005 + # api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API + # key: config/registry.key +- # path: shared/registry ++ path: /var/lib/gitlab/shared/registry + # issuer: gitlab-issuer + # notification_secret: '' # only set it when you use Geo replication feature without built-in Registry + +@@ -643,7 +643,7 @@ production: &base + # add_pusher: true + + # The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root +- # builds_path: builds/ ++ builds_path: /var/lib/gitlab/builds + + # + # 3. Auth settings +@@ -1103,7 +1103,7 @@ production: &base + + # Shared file storage settings + shared: +- # path: /mnt/gitlab # Default: shared ++ path: /var/lib/gitlab/shared # Default: shared + + # Encrypted Settings configuration + encrypted_settings: +@@ -1128,13 +1128,13 @@ production: &base + # real path not the symlink. + storages: # You must have at least a `default` storage path. + default: +- path: /home/git/repositories/ +- gitaly_address: unix:/home/git/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port). TLS connections are also supported using the system certificate pool (eg: tls://host:port). ++ path: /var/lib/gitlab/repositories ++ gitaly_address: unix:/run/gitlab/gitlab-gitaly.socket # TCP connections are supported too (e.g. tcp://host:port). TLS connections are also supported using the system certificate pool (eg: tls://host:port). + # gitaly_token: 'special token' # Optional: override global gitaly.token for this storage. + + ## Backup settings + backup: +- path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) ++ path: "/var/lib/gitlab/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) + # gitaly_backup_path: # Path of the gitaly-backup binary (default: searches $PATH) + # archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600) + # keep_time: 604800 # default: 0 (forever) (in seconds) +@@ -1184,12 +1184,12 @@ production: &base + + ## GitLab Shell settings + gitlab_shell: +- path: /home/git/gitlab-shell/ +- authorized_keys_file: /home/git/.ssh/authorized_keys ++ path: /usr/share/webapps/gitlab-shell ++ authorized_keys_file: /var/lib/gitlab/.ssh/authorized_keys + + # File that contains the secret key for verifying access for gitlab-shell. + # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app). +- # secret_file: /home/git/gitlab/.gitlab_shell_secret ++ # secret_file: /var/lib/gitlab/.gitlab_shell_secret + + # Git over HTTP + upload_pack: true +@@ -1204,13 +1204,13 @@ production: &base + workhorse: + # File that contains the secret key for verifying access for gitlab-workhorse. + # Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app). +- # secret_file: /home/git/gitlab/.gitlab_workhorse_secret ++ # secret_file: /var/lib/gitlab/.gitlab_workhorse_secret + + gitlab_kas: + # enabled: true + # File that contains the secret key for verifying access for gitlab-kas. + # Default is '.gitlab_kas_secret' relative to Rails.root (i.e. root of the GitLab app). +- # secret_file: /home/git/gitlab/.gitlab_kas_secret ++ # secret_file: /var/lib/gitlab/.gitlab_kas_secret + + # The URL to the external KAS API (used by the Kubernetes agents) + # external_url: wss://kas.example.com +@@ -1220,7 +1220,7 @@ production: &base + + ## GitLab Elasticsearch settings + elasticsearch: +- indexer_path: /home/git/gitlab-elasticsearch-indexer/ ++ indexer_path: /var/lib/gitlab/elasticsearch-indexer + + ## Git settings + # CAUTION! +diff --git a/config/puma.rb.example b/config/puma.rb.example +index c70baf6570e..1dce6a00c16 100644 +--- a/config/puma.rb.example ++++ b/config/puma.rb.example +@@ -5,11 +5,11 @@ + # The default is "config.ru". + # + rackup 'config.ru' +-pidfile '/home/git/gitlab/tmp/pids/puma.pid' +-state_path '/home/git/gitlab/tmp/pids/puma.state' ++pidfile '/run/gitlab/puma.pid' ++state_path '/run/gitlab/puma.state' + +-stdout_redirect '/home/git/gitlab/log/puma.stdout.log', +- '/home/git/gitlab/log/puma.stderr.log', ++stdout_redirect '/var/log/gitlab/puma.stdout.log', ++ '/var/log/gitlab/puma.stderr.log', + true + + # Configure "min" to be the minimum number of threads to use to answer +@@ -31,12 +31,12 @@ queue_requests false + + # Bind the server to "url". "tcp://", "unix://" and "ssl://" are the only + # accepted protocols. +-bind 'unix:///home/git/gitlab/tmp/sockets/gitlab.socket' ++bind 'unix:///run/gitlab/gitlab.socket' + + workers 3 + +-require_relative "/home/git/gitlab/lib/gitlab/cluster/lifecycle_events" +-require_relative "/home/git/gitlab/lib/gitlab/cluster/puma_worker_killer_initializer" ++require_relative "/usr/share/webapps/gitlab/lib/gitlab/cluster/lifecycle_events" ++require_relative "/usr/share/webapps/gitlab/lib/gitlab/cluster/puma_worker_killer_initializer" + + on_restart do + # Signal application hooks that we're about to restart +@@ -76,7 +76,7 @@ wait_for_less_busy_worker ENV.fetch('PUMA_WAIT_FOR_LESS_BUSY_WORKER', 0.001).to_ + nakayoshi_fork unless ENV['DISABLE_PUMA_NAKAYOSHI_FORK'] == 'true' + + # Use json formatter +-require_relative "/home/git/gitlab/lib/gitlab/puma_logging/json_formatter" ++require_relative "/usr/share/webapps/gitlab/lib/gitlab/puma_logging/json_formatter" + + json_formatter = Gitlab::PumaLogging::JSONFormatter.new + log_formatter do |str| Copied: gitlab/repos/community-staging-x86_64/environment (from rev 1054240, gitlab/trunk/environment) =================================================================== --- community-staging-x86_64/environment (rev 0) +++ community-staging-x86_64/environment 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,3 @@ +RAILS_ENV=production +EXECJS_RUNTIME=Disabled +RUBYOPT='-W:no-deprecated' Copied: gitlab/repos/community-staging-x86_64/fixes.patch (from rev 1054240, gitlab/trunk/fixes.patch) =================================================================== --- community-staging-x86_64/fixes.patch (rev 0) +++ community-staging-x86_64/fixes.patch 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,20 @@ +commit ec0738c3091f91465308a15051ecb5fc4dcd38c3 +Author: Anatol Pomozov <anatol.pomo...@gmail.com> +Date: Sat Mar 21 09:13:31 2020 -0700 + + ArchLinux fixes + +diff --git a/Gemfile b/Gemfile +index 39e61564968..d2564260ed5 100644 +--- a/Gemfile ++++ b/Gemfile +@@ -324,6 +324,9 @@ gem 'gettext', '~> 3.3', require: false, group: :development + + gem 'batch-loader', '~> 2.0.1' + ++gem 'irb' # https://bugs.archlinux.org/task/68569 ++gem 'rake' ++ + # Perf bar + gem 'peek', '~> 1.1' + Copied: gitlab/repos/community-staging-x86_64/gitlab-backup.service (from rev 1054240, gitlab/trunk/gitlab-backup.service) =================================================================== --- community-staging-x86_64/gitlab-backup.service (rev 0) +++ community-staging-x86_64/gitlab-backup.service 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,19 @@ +[Unit] +Description=GitLab Backup process +Requires= +After=network.target + +[Service] +Type=oneshot +User=gitlab +Group=gitlab +SyslogIdentifier=gitlab-backup +WorkingDirectory=<APPDIR> +EnvironmentFile=<APPDIR>/environment +CapabilityBoundingSet= +PrivateTmp=true +PrivateDevices=true +ProtectSystem=full +ProtectHome=true +NoNewPrivileges=true +ExecStart=/usr/bin/bundle-2.7 exec rake gitlab:backup:create Copied: gitlab/repos/community-staging-x86_64/gitlab-backup.timer (from rev 1054240, gitlab/trunk/gitlab-backup.timer) =================================================================== --- community-staging-x86_64/gitlab-backup.timer (rev 0) +++ community-staging-x86_64/gitlab-backup.timer 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,10 @@ +[Unit] +Description=Daily gitlab backup + +[Timer] +OnCalendar=daily +AccuracySec=12h +Persistent=true + +[Install] +WantedBy=timers.target Copied: gitlab/repos/community-staging-x86_64/gitlab-mailroom.service (from rev 1054240, gitlab/trunk/gitlab-mailroom.service) =================================================================== --- community-staging-x86_64/gitlab-mailroom.service (rev 0) +++ community-staging-x86_64/gitlab-mailroom.service 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,21 @@ +[Unit] +Description=Gitlab Mailroom Worker +Requires=gitlab-puma.service +Wants=gitlab-puma.service +After=gitlab-puma.service +StartLimitIntervalSec=100s + +[Service] +User=gitlab +Group=gitlab +WorkingDirectory=<APPDIR> +EnvironmentFile=<APPDIR>/environment +SyslogIdentifier=gitlab-mailroom +PIDFile=/run/gitlab/mailroom.pid +ExecStart=/usr/bin/bundle-2.7 exec mail_room -q -c <APPDIR>/config/mail_room.yml +ExecStop=/usr/bin/kill -QUIT $MAINPID +Restart=on-failure +RestartSec=1 + +[Install] +WantedBy=multi-user.target Copied: gitlab/repos/community-staging-x86_64/gitlab-puma.service (from rev 1054240, gitlab/trunk/gitlab-puma.service) =================================================================== --- community-staging-x86_64/gitlab-puma.service (rev 0) +++ community-staging-x86_64/gitlab-puma.service 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,34 @@ +[Unit] +Description=GitLab Puma Server +Requires=redis.service +Wants=postgresql.service +After=redis.service postgresql.service network.target +StartLimitIntervalSec=100s + +[Service] +User=gitlab +Group=gitlab +WorkingDirectory=<APPDIR> +EnvironmentFile=<APPDIR>/environment +SyslogIdentifier=gitlab-puma +PIDFile=/run/gitlab/puma.pid +RuntimeDirectory=gitlab +RuntimeDirectoryPreserve=yes +RuntimeDirectoryMode=775 +PrivateTmp=true +PrivateDevices=true +ProtectSystem=full +ProtectHome=true +# These options break Gitlab's email delivery if you +# use postfix' sendmail wrapper. If you use an SMTP server +# instead you can safely enable these security features. +#NoNewPrivileges=true +#CapabilityBoundingSet= +ExecStart=/usr/bin/bundle-2.7 exec puma -C <APPDIR>/config/puma.rb -e production +ExecStop=/usr/bin/kill -QUIT $MAINPID +ExecReload=/usr/bin/kill -USR2 $MAINPID +Restart=on-failure +RestartSec=1 + +[Install] +WantedBy=multi-user.target Copied: gitlab/repos/community-staging-x86_64/gitlab-sidekiq.service (from rev 1054240, gitlab/trunk/gitlab-sidekiq.service) =================================================================== --- community-staging-x86_64/gitlab-sidekiq.service (rev 0) +++ community-staging-x86_64/gitlab-sidekiq.service 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,30 @@ +[Unit] +Description=GitLab Sidekiq Worker +Requires=redis.service gitlab-puma.service +Wants=postgresql.service +After=redis.service postgresql.service network.target gitlab-puma.service +JoinsNamespaceOf=gitlab-puma.service +StartLimitIntervalSec=100s + +[Service] +User=gitlab +Group=gitlab +WorkingDirectory=<APPDIR> +EnvironmentFile=<APPDIR>/environment +SyslogIdentifier=gitlab-sidekiq +PIDFile=/run/gitlab/sidekiq.pid +PrivateTmp=true +ProtectSystem=full +ProtectHome=true +# These options break Gitlab's email delivery if you +# use postfix' sendmail wrapper. If you use an SMTP server +# instead you can safely enable these security features. +#NoNewPrivileges=true +#CapabilityBoundingSet= +ExecStart=/usr/bin/bundle-2.7 exec sidekiq -C <APPDIR>/config/sidekiq_queues.yml -e production +ExecStop=/usr/bin/bundle-2.7 exec sidekiqctl stop /run/gitlab/sidekiq.pid +Restart=on-failure +RestartSec=1 + +[Install] +WantedBy=multi-user.target Copied: gitlab/repos/community-staging-x86_64/gitlab.install (from rev 1054240, gitlab/trunk/gitlab.install) =================================================================== --- community-staging-x86_64/gitlab.install (rev 0) +++ community-staging-x86_64/gitlab.install 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,34 @@ +post_install() { + echo "Configure your /etc/webapps/gitlab/gitlab.yml" + echo "Set up your redis to run on /run/redis/redis.sock or configure gitlab to use redis TCP" + echo "Put a secret bytestring to /etc/webapps/gitlab/secret" + echo "Copy /usr/share/webapps/gitlab/config/secrets.yml.example to /etc/webapps/gitlab/secrets.yml and configure it" + echo "Setup the database:" + echo "$ (cd /usr/share/webapps/gitlab && sudo -u gitlab \$(cat environment | xargs) bundle-2.7 exec rake gitlab:setup)" + echo "Finally run the following commands to check your installation:" + echo "$ (cd /usr/share/webapps/gitlab && sudo -u gitlab \$(cat environment | xargs) bundle-2.7 exec rake gitlab:env:info)" + echo "$ (cd /usr/share/webapps/gitlab && sudo -u gitlab \$(cat environment | xargs) bundle-2.7 exec rake gitlab:check)" +} + +post_upgrade() { + echo "You should upgrade your database:" + echo "$ (cd /usr/share/webapps/gitlab && sudo -u gitlab \$(cat environment | xargs) bundle-2.7 exec rake db:migrate)" + echo "Afterwards, restart gitlab-related services:" + echo "# systemctl daemon-reload" + echo "# systemctl restart gitlab-sidekiq gitlab-puma gitlab-workhorse gitlab-gitaly" + + if (( $(vercmp $2 13.0.0) < 0)); then + echo "==========" + echo "Since 13.0.0, upstream switched default Ruby web server from Unicorn to Puma." + echo "Please use 'gitlab-puma' systemd service instead of 'gitlab-unicorn'." + fi + + if (( $(vercmp $2 13.0.1) < 0)); then + echo "==========" + echo "The new Puma server uses socket files by default thus configuration for gitlab-gitlay and gitlab-shell need to be updated." + echo "Please check new option values for 'gitlab_url' and 'secret_file' in /etc/webapps/gitlab-shell/config.yml and /etc/gitlab-gitaly/config.toml." + + echo "==========" + echo "Legacy symlinks /var/lib/gitlab/{gitlab-shell,log,pids,sockets} and /usr/share/webapps/gitlab/{builds,log,tmp} have been removed. Please check your config files and make sure you use direct target location such as /var/log/gitlab, /var/tmp, /run/gitlab ..." + fi +} Copied: gitlab/repos/community-staging-x86_64/gitlab.logrotate (from rev 1054240, gitlab/trunk/gitlab.logrotate) =================================================================== --- community-staging-x86_64/gitlab.logrotate (rev 0) +++ community-staging-x86_64/gitlab.logrotate 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,6 @@ +<LOGDIR>/*.log { + missingok + compress + notifempty + copytruncate +} Copied: gitlab/repos/community-staging-x86_64/gitlab.target (from rev 1054240, gitlab/trunk/gitlab.target) =================================================================== --- community-staging-x86_64/gitlab.target (rev 0) +++ community-staging-x86_64/gitlab.target 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,7 @@ +[Unit] +Description=GitLab - Self Hosted Git Management +Requires=gitlab-puma.service gitlab-workhorse.service +Wants=gitlab-sidekiq.service gitlab-backup.timer gitlab-gitaly.service gitlab-mailroom.service + +[Install] +WantedBy=multi-user.target Copied: gitlab/repos/community-staging-x86_64/gitlab.tmpfiles.d (from rev 1054240, gitlab/trunk/gitlab.tmpfiles.d) =================================================================== --- community-staging-x86_64/gitlab.tmpfiles.d (rev 0) +++ community-staging-x86_64/gitlab.tmpfiles.d 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1 @@ +d /run/gitlab 0775 gitlab gitlab - - Copied: gitlab/repos/community-staging-x86_64/nodejs-17.patch (from rev 1054240, gitlab/trunk/nodejs-17.patch) =================================================================== --- community-staging-x86_64/nodejs-17.patch (rev 0) +++ community-staging-x86_64/nodejs-17.patch 2021-11-22 11:55:30 UTC (rev 1054241) @@ -0,0 +1,121 @@ +From a127e0385577dd7fe8eea7503d92e16191cc0633 Mon Sep 17 00:00:00 2001 +From: GitLab Renovate Bot <gitlab-...@gitlab.com> +Date: Tue, 26 Oct 2021 20:17:38 +0000 +Subject: [PATCH] Update ESLint and related + +--- + package.json | 4 ++-- + yarn.lock | 45 ++++++++++++++++++++++++++------------------- + 2 files changed, 28 insertions(+), 21 deletions(-) + +diff --git a/package.json b/package.json +index 77a46ea8f4c4c..d2c3d78474d86 100644 +--- a/package.json ++++ b/package.json +@@ -219,8 +219,8 @@ + "docdash": "^1.0.2", + "eslint": "7.32.0", + "eslint-import-resolver-jest": "3.0.2", +- "eslint-import-resolver-webpack": "0.13.1", +- "eslint-plugin-no-jquery": "2.6.0", ++ "eslint-import-resolver-webpack": "0.13.2", ++ "eslint-plugin-no-jquery": "2.7.0", + "gettext-extractor": "^3.5.3", + "gettext-extractor-vue": "^5.0.0", + "glob": "^7.1.6", +diff --git a/yarn.lock b/yarn.lock +index add2127031e50..dc958d637f870 100644 +--- a/yarn.lock ++++ b/yarn.lock +@@ -4982,10 +4982,10 @@ eslint-import-resolver-node@^0.3.4: + debug "^2.6.9" + resolve "^1.13.1" + +-eslint-import-resolver-webpack@0.13.1: +- version "0.13.1" +- resolved "https://registry.yarnpkg.com/eslint-import-resolver-webpack/-/eslint-import-resolver-webpack-0.13.1.tgz#6d2fb928091daf2da46efa1e568055555b2de902" +- integrity sha512-O/8mG6AHmaKYSMb4lWxiXPpaARxOJ4rMQEHJ8vTgjS1MXooJA3KPgBPPAdOPoV17v5ML5120qod5FBLM+DtgEw== ++eslint-import-resolver-webpack@0.13.2: ++ version "0.13.2" ++ resolved "https://registry.yarnpkg.com/eslint-import-resolver-webpack/-/eslint-import-resolver-webpack-0.13.2.tgz#fc813df0d08b9265cc7072d22393bda5198bdc1e" ++ integrity sha512-XodIPyg1OgE2h5BDErz3WJoK7lawxKTJNhgPNafRST6csC/MZC+L5P6kKqsZGRInpbgc02s/WZMrb4uGJzcuRg== + dependencies: + array-find "^1.0.0" + debug "^3.2.7" +@@ -4993,8 +4993,8 @@ eslint-import-resolver-webpack@0.13.1: + find-root "^1.1.0" + has "^1.0.3" + interpret "^1.4.0" +- is-core-module "^2.4.0" +- is-regex "^1.1.3" ++ is-core-module "^2.7.0" ++ is-regex "^1.1.4" + lodash "^4.17.21" + resolve "^1.20.0" + semver "^5.7.1" +@@ -5050,10 +5050,10 @@ eslint-plugin-jest@^23.8.2: + dependencies: + "@typescript-eslint/experimental-utils" "^2.5.0" + +-eslint-plugin-no-jquery@2.6.0: +- version "2.6.0" +- resolved "https://registry.yarnpkg.com/eslint-plugin-no-jquery/-/eslint-plugin-no-jquery-2.6.0.tgz#7892cb7c086f7813156bca6bc48429825428e9eb" +- integrity sha512-xC7pbNHJMdyxqhzcNMRrmC5/tbt1T4KCKXjOqUpKm/CaRryGKS5iWztzWPrL0KwyI3R3ub6goHFmIQS19f+mZA== ++eslint-plugin-no-jquery@2.7.0: ++ version "2.7.0" ++ resolved "https://registry.yarnpkg.com/eslint-plugin-no-jquery/-/eslint-plugin-no-jquery-2.7.0.tgz#855f5631cf5b8e25b930cf6f06e02dd81f132e72" ++ integrity sha512-Aeg7dA6GTH1AcWLlBtWNzOU9efK5KpNi7b0EhBO0o0M+awyzguUUo8gF6hXGjQ9n5h8/uRtYv9zOqQkeC5CG0w== + + eslint-plugin-promise@^4.2.1: + version "4.2.1" +@@ -5999,6 +5999,13 @@ has-symbols@^1.0.0, has-symbols@^1.0.1, has-symbols@^1.0.2: + resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.2.tgz#165d3070c00309752a1236a479331e3ac56f1423" + integrity sha512-chXa79rL/UC2KlX17jo3vRGz0azaWEx5tGqZg5pO3NUyEJVB17dMruQlzCCOfUvElghKcm5194+BCRvi2Rv/Gw== + ++has-tostringtag@^1.0.0: ++ version "1.0.0" ++ resolved "https://registry.yarnpkg.com/has-tostringtag/-/has-tostringtag-1.0.0.tgz#7e133818a7d394734f941e73c3d3f9291e658b25" ++ integrity sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ== ++ dependencies: ++ has-symbols "^1.0.2" ++ + has-value@^0.3.1: + version "0.3.1" + resolved "https://registry.yarnpkg.com/has-value/-/has-value-0.3.1.tgz#7b1f58bada62ca827ec0a2078025654845995e1f" +@@ -6511,10 +6518,10 @@ is-ci@^2.0.0: + dependencies: + ci-info "^2.0.0" + +-is-core-module@^2.2.0, is-core-module@^2.4.0: +- version "2.4.0" +- resolved "https://registry.yarnpkg.com/is-core-module/-/is-core-module-2.4.0.tgz#8e9fc8e15027b011418026e98f0e6f4d86305cc1" +- integrity sha512-6A2fkfq1rfeQZjxrZJGerpLCTHRNEBiSgnu0+obeJpEPZRUooHgsizvzv0ZjJwOz3iWIHdJtVWJ/tmPr3D21/A== ++is-core-module@^2.2.0, is-core-module@^2.7.0: ++ version "2.8.0" ++ resolved "https://registry.yarnpkg.com/is-core-module/-/is-core-module-2.8.0.tgz#0321336c3d0925e497fd97f5d95cb114a5ccd548" ++ integrity sha512-vd15qHsaqrRL7dtH6QNuy0ndJmRDrS9HAM1CAiSifNUFv4x1a0CCVsj18hJ1mShxIG6T2i1sO78MkP56r0nYRw== + dependencies: + has "^1.0.3" + +@@ -6690,13 +6697,13 @@ is-potential-custom-element-name@^1.0.0: + resolved "https://registry.yarnpkg.com/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.0.tgz#0c52e54bcca391bb2c494b21e8626d7336c6e397" + integrity sha1-DFLlS8yjkbssSUsh6GJtczbG45c= + +-is-regex@^1.1.1, is-regex@^1.1.3: +- version "1.1.3" +- resolved "https://registry.yarnpkg.com/is-regex/-/is-regex-1.1.3.tgz#d029f9aff6448b93ebbe3f33dac71511fdcbef9f" +- integrity sha512-qSVXFz28HM7y+IWX6vLCsexdlvzT1PJNFSBuaQLQ5o0IEw8UDYW6/2+eCMVyIsbM8CNLX2a/QWmSpyxYEHY7CQ== ++is-regex@^1.1.1, is-regex@^1.1.4: ++ version "1.1.4" ++ resolved "https://registry.yarnpkg.com/is-regex/-/is-regex-1.1.4.tgz#eef5663cd59fa4c0ae339505323df6854bb15958" ++ integrity sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg== + dependencies: + call-bind "^1.0.2" +- has-symbols "^1.0.2" ++ has-tostringtag "^1.0.0" + + is-regexp@^2.0.0: + version "2.1.0" +-- +GitLab +