Commit 4e7d2635 authored by Rémy Coutable's avatar Rémy Coutable

Merge remote-tracking branch 'origin/master' into 8-13-stable

parents 28db39b4 885b3f77
......@@ -13,6 +13,14 @@ omnibus-gitlab repository.
- Enable jemalloc by default 0a7799d2
- Move database migration log to a persisted location
8.12.7
- Use forked gitlab-markup gem (forked from github-markup)
8.12.6
- No changes
8.12.5
- Update the storage directory helper to check permissions for symlink targets
......
diff --git a/lib/github/commands/rest2html b/lib/github/commands/rest2html
index 7ecfe27..958cd3c 100755
--- a/lib/github/commands/rest2html
+++ b/lib/github/commands/rest2html
@@ -31,9 +31,11 @@ import sys
import os
# This fixes docutils failing with unicode parameters to CSV-Table. The -S
-# switch and the following 2 lines can be removed after upgrading to python 3.
-reload(sys)
-sys.setdefaultencoding('utf-8')
+# switch and the following 3 lines can be removed after upgrading to python 3.
+if sys.version_info[0] < 3:
+ reload(sys)
+ sys.setdefaultencoding('utf-8')
+
import site
try:
......@@ -16,6 +16,9 @@
name "cacerts"
license "MPL-2.0"
license_file "https://www.mozilla.org/media/MPL/2.0/index.815ca599c9df.txt"
# Date of the file is in a comment at the start, or in the changelog
default_version "2016.09.14"
......
......@@ -18,6 +18,7 @@
name "gitlab-config-template"
license "Apache-2.0"
license_file File.expand_path("LICENSE", Omnibus::Config.project_root)
source :path => File.expand_path("files/gitlab-config-template", Omnibus::Config.project_root)
......
......@@ -19,6 +19,7 @@
name "gitlab-cookbooks"
license "Apache-2.0"
license_file File.expand_path("LICENSE", Omnibus::Config.project_root)
source :path => File.expand_path("files/gitlab-cookbooks", Omnibus::Config.project_root)
......
......@@ -19,6 +19,7 @@
name "gitlab-ctl"
license "Apache-2.0"
license_file File.expand_path("LICENSE", Omnibus::Config.project_root)
dependency "omnibus-ctl"
......
......@@ -20,6 +20,7 @@ require 'digest'
name "gitlab-psql"
license "Apache-2.0"
license_file File.expand_path("LICENSE", Omnibus::Config.project_root)
# This 'software' is self-contained in this file. Use the file contents
# to generate a version string.
default_version Digest::MD5.file(__FILE__).hexdigest
......
......@@ -71,8 +71,7 @@ build do
# This patch makes the github-markup gem use and be compatible with Python3
# We've sent part of the changes upstream: https://github.com/github/markup/pull/919
patch source: 'github-markup_gem-markups.patch', target: "#{gems_directory}/github-markup-1.4.0/lib/github/markups.rb"
patch source: 'github-markup_gem-rest2html.patch', target: "#{gems_directory}/github-markup-1.4.0/lib/github/commands/rest2html"
patch source: 'gitlab-markup_gem-markups.patch', target: "#{gems_directory}/gitlab-markup-1.5.0/lib/github/markups.rb"
# In order to precompile the assets, we need to get to a state where rake can
# load the Rails environment.
......
......@@ -18,7 +18,7 @@
name "gitlab-scripts"
license "Apache-2.0"
license_file File.expand_path("LICENSE", Omnibus::Config.project_root)
source :path => File.expand_path("files/gitlab-scripts", Omnibus::Config.project_root)
build do
......
......@@ -18,6 +18,7 @@
name "gitlab-selinux"
license "Apache-2.0"
license_file File.expand_path("LICENSE", Omnibus::Config.project_root)
source :path => File.expand_path("files/gitlab-selinux", Omnibus::Config.project_root)
......
......@@ -18,6 +18,9 @@
name "jemalloc"
default_version "4.2.1"
license "jemalloc"
license_file "COPYING"
source url: "https://github.com/jemalloc/jemalloc/releases/download/#{version}/jemalloc-#{version}.tar.bz2",
sha256: '5630650d5c1caab95d2f0898de4fe5ab8519dc680b04963b38bb425ef6a42d57'
......
......@@ -23,7 +23,7 @@ source url: "http://download.icu-project.org/files/icu4c/57.1/icu4c-57_1-src.tgz
sha256: "ff8c67cb65949b1e7808f2359f2b80f722697048e90e7cfc382ec1fe229e9581"
license "MIT"
license_file "license.html"
license_file "icu/LICENSE"
build do
env = with_standard_compiler_flags(with_embedded_path)
......
......@@ -19,6 +19,7 @@
name "package-scripts"
license "Apache-2.0"
license_file File.expand_path("LICENSE", Omnibus::Config.project_root)
# Help omnibus-ruby to cache the build product of this software. This is a
# workaround for the deprecation of `always_build true`. What happens now is
......
......@@ -20,7 +20,7 @@ name "python-docutils"
default_version "0.11"
license "Public Domain"
license "Public-Domain"
license_file "http://docutils.sourceforge.net/COPYING.txt"
dependency "python3"
......
......@@ -25,7 +25,7 @@ dependency "zlib"
dependency "openssl"
dependency "bzip2"
license "PSFL"
license "Python-2.0"
license_file "LICENSE"
source :url => "http://python.org/ftp/python/#{version}/Python-#{version}.tgz",
......
......@@ -38,9 +38,27 @@ gitlab_ascii()
print_banner()
{
# Check if we have colors enabled
tput=$(which tput)
if [ -n "$tput" ]; then
ncolors=$($tput colors)
if [ -n "$ncolors" ] && [ "$ncolors" -ge 8 ]; then
RED="$(tput setaf 1)"
YELLOW="$(tput setaf 3)"
NOCOLOR="$(tput sgr0)"
else
RED=""
YELLOW=""
NOCOLOR=""
fi
fi
echo ""
echo "\033[0;33m$(tanuki_ascii)\033[0m"
echo "\033[0;31m$(gitlab_ascii)\033[0m"
echo "$YELLOW"
echo "$(tanuki_ascii)"
echo "$RED"
echo "$(gitlab_ascii)"
echo "$NOCOLOR"
echo ""
}
......
......@@ -123,6 +123,8 @@ container's `gitlab.rb` file. That way you can easily configure GitLab's
external URL, make any database configuration or any other option from the
[Omnibus GitLab template](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template).
_Note: The settings contained in `GITLAB_OMNIBUS_CONFIG` will not be written to the `gitlab.rb` configuration file, they're evaluated on load._
Here's an example that sets the external URL and enables LFS while starting
the container:
......
......@@ -256,7 +256,7 @@ The source code can be modified to support not only GitLab, but any in-house app
![webhooks](https://gitlab.com/gitlab-org/omnibus-gitlab/uploads/677b0aa055693c4dcabad0ee580c61b8/730_gitlab_feature_request.png)
## Specify numeric user and group identifiers
### Specify numeric user and group identifiers
omnibus-gitlab creates a user and group mattermost. You can specify the
numeric identifiers for these users in `/etc/gitlab/gitlab.rb` as follows.
......@@ -267,3 +267,11 @@ mattermost['gid'] = 1234
```
Run `sudo gitlab-ctl reconfigure` for the changes to take effect.
### OAuth2 Sequence Diagram
The following image is a sequence diagram for how GitLab works as an OAuth2
provider for Mattermost. It may be useful to use this to troubleshoot errors
in getting the integration to work:
![sequence diagram](img/gitlab-mattermost.png)
msc {
# Use https://mscgen.js.org or mscgen to convert this into PNG
hscale="1.5",
wordwraparcs=on;
user [ label="User", textbgcolor="blue", textcolor="white" ],
mattermost [ label="Mattermost", textbgcolor="red", textcolor="white"],
gitlab [ label="GitLab", textbgcolor="indigo", textcolor="white"];
user=>mattermost [label="GET https://mm.domain.com"];
mattermost note gitlab [label="Obtain access code", textcolor="green"];
mattermost=>gitlab [label="GET https://gitlab.domain.com/oauth/authorize", textcolor="indigo"];
gitlab rbox user [label="GitLab user logs in (if necessary)"];
gitlab rbox gitlab [label="GitLab verifies client_id matches an OAuth application"];
gitlab=>user [label="GitLab asks user to authorize Mattermost OAuth app"];
user=>gitlab [label="User clicks 'Allow'"];
gitlab rbox gitlab [label="GitLab verifies redirect_uri matches list of valid URLs"];
gitlab=>user [label="302 Redirect: https://mm.domain.com/signup/gitlab/complete"];
user=>mattermost [label="GET https://mm.domain.com/signup/gitlab/complete", textcolor="red"];
mattermost note gitlab [label="Exchange access code for access token", textcolor="green"];
mattermost=>gitlab [label="POST http://gitlab.domain.com/oauth/token", textcolor="indigo"];
gitlab=>gitlab [label="Doorkeeper::TokensController#create"];
gitlab=>mattermost [label="Access token", textcolor="red"];
mattermost note gitlab [label="Mattermost looks up GitLab user", textcolor="green"];
mattermost=>gitlab [label="GET https://gitlab.domain.com/api/v3/user", textcolor="indigo"];
gitlab=>mattermost [label="User details", textcolor="red"];
mattermost=>user [label="Mattermost/GitLab user ready"];
}
......@@ -343,33 +343,37 @@ external_url 'GENERATED_EXTERNAL_URL'
# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
###############################
# Container registry settings #
# Container Registry settings #
###############################
# see http://docs.gitlab.com/ce/administration/container_registry.html
# See https://docs.gitlab.com/ce/administration/container_registry.html
#
# registry_external_url 'https://registry.gitlab.example.com'
# Settings used by GitLab application
## Settings used by GitLab application
# gitlab_rails['registry_enabled'] = true
# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
# gitlab_rails['registry_port'] = "5005"
# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
#
## Do not change the following 3 settings unless you know what you are doing
#
# gitlab_rails['registry_api_url'] = "http://localhost:5000"
# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
# Settings used by Registry application
## Settings used by Registry application
# registry['enable'] = true
# registry['username'] = "registry"
# registry['group'] = "registry"
# registry['uid'] = nil
# registry['gid'] = nil
# registry['dir'] = "/var/opt/gitlab/registry"
# registry['registry_http_addr'] = "localhost:5000"
# registry['debug_addr'] = "localhost:5001"
# registry['log_directory'] = "/var/log/gitlab/registry"
# registry['log_level'] = "info"
# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
# registry['debug_addr'] = "localhost:5001"
# registry['storage_delete_enabled'] = true
# # Registry backend storage, see http://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver
# registry['storage'] = {
......
......@@ -74,6 +74,8 @@ describe 'registry recipe' do
.with_content(/version: 0.1/)
expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
.with_content(/realm: \/jwt\/auth/)
expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
.with_content(/addr: localhost:5000/)
end
it 'creates a default VERSION file' do
......@@ -82,5 +84,20 @@ describe 'registry recipe' do
group: nil
)
end
it 'creates gitlab-rails config with default values' do
expect(chef_run).to render_file('/var/opt/gitlab/gitlab-rails/etc/gitlab.yml')
.with_content(/api_url: http:\/\/localhost:5000/)
end
end
context 'when registry port is specified' do
before { stub_gitlab_rb(registry_external_url: 'https://registry.example.com', registry: { registry_http_addr: 'localhost:5001' }) }
it 'creates registry and rails configs with specified value' do
expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
.with_content(/addr: localhost:5001/)
expect(chef_run).to render_file('/var/opt/gitlab/gitlab-rails/etc/gitlab.yml')
.with_content(/api_url: http:\/\/localhost:5001/)
end
end
end
#!/bin/env bash
# license_check.sh
# Check the included software licenses, as deliniated in $install_dir/LICENSE
# - Compare to list of good/bad/unknown, and throw warnings (for now)
# Note: this is currently heavily related to the state of omnibus' licensing.rb
# list arrays, members are pattern strings!
GOODLIST=('^MIT' '^LGPL' '^Apache' '^Ruby' '^BSD-[23]{1}' '^ISC' )
BADLIST=('^GPL' '^AGPL' )
# fetch install_dir from config/projects/gitlab.rb and verify the output.
install_dir="$(grep -B0 -A0 -C1 -e '^install_dir' config/projects/gitlab.rb | cut -d'"' -f2)"
if [ ! -d $install_dir ]; then
echo "Unable to retrieve install_dir, thus unable to check \$install_dir/LICENSE"
exit 1;
else
echo "Checking licenses via the contents of '$install_dir/LICENSE'"
fi
# grep out each piece of software, version, licensefrom $install_dir/LICENSE
declare -A SOFTWARE
declare -A LICENSE
{
software=''
license=''
while IFS= read -r line ;
do
# reset to be sure we don't accidentally fill erroneously
if [[ "$line" == "--" ]]; then
software=''
license=''
continue
fi
if [[ $line =~ 'product bundles '(.*)','$ ]]; then
software=${BASH_REMATCH[1]}
SOFTWARE[${#SOFTWARE[@]}]=$software
fi
if [[ $line =~ 'available under a "'(.+)'"' ]]; then
license=${BASH_REMATCH[1]}
LICENSE[$(( ${#SOFTWARE[@]} - 1))]=$license
fi
done <<< "$(grep -B1 -e 'which is available under a' $install_dir/LICENSE)"
}
# check the license against the pattern from the lists.
# - for x in seq: we have two arrays, and need to walk synchronously
for x in `seq 0 "$(( ${#SOFTWARE[*]} - 1 ))"`; do
# managed continue state once we've checked a license.
CONTINUE=false
# if it matches in GOODLIST, break this loop, and continue in the parent
for n in ${GOODLIST[@]} ; do
if [[ ${LICENSE[$x]} =~ $n ]]; then
echo "Good : ${SOFTWARE[$x]} uses ${LICENSE[$x]}"
CONTINUE=true;
break;
fi
done
if [[ $CONTINUE == true ]]; then continue; fi
# if it matches in BADLIST, break this loop, and continue in the parent
for n in ${BADLIST[@]} ; do
if [[ ${LICENSE[$x]} =~ $n ]]; then
echo "Check ! ${SOFTWARE[$x]} uses ${LICENSE[$x]}"
CONTINUE=true
break;
fi
done
if [[ $CONTINUE == true ]]; then continue; fi
# if we've made it here, we're unsure of the state of the reported license
echo "Unknown? ${SOFTWARE[$x]} uses ${LICENSE[$x]}"
done
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment