Skip to content

GitLab Next

Commits (281)
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 4033 additions and 649 deletions
.gitlab-ci.yml
View file @ 88974047
......@@ -2,7 +2,6 @@ stages:
- tests
- package
- notification_fail
- add_to_version_server
- extra
- notification_fail
......@@ -12,6 +11,7 @@ before_script:
- mkdir -p ~/.aws
- mkdir -p cache
- bundle install -j $(nproc) --binstubs --path gems
- if [ -n "$NIGHTLY" ] ; then export NIGHTLY_REPO=nightly-builds ;fi
# Runs on GitLab.com only
.spec_template: &run_rspec
......@@ -30,6 +30,8 @@ before_script:
- ssh-keyscan -H dev.gitlab.org > ~/.ssh/known_hosts
- chmod -R 0600 ~/.ssh/
- echo -e "[default]\naws_access_key_id = $AWS_ACCESS_KEY_ID \naws_secret_access_key = $AWS_SECRET_ACCESS_KEY" > ~/.aws/config
- export PACKAGECLOUD_REPO=$(bundle exec rake repository:target)
- echo $PACKAGECLOUD_REPO
- make populate_cache
- make restore_cache_bundle
- make test
......@@ -47,6 +49,8 @@ before_script:
- ssh-keyscan -H dev.gitlab.org > ~/.ssh/known_hosts
- chmod -R 0600 ~/.ssh/
- echo -e "[default]\naws_access_key_id = $AWS_ACCESS_KEY_ID \naws_secret_access_key = $AWS_SECRET_ACCESS_KEY" > ~/.aws/config
- export PACKAGECLOUD_REPO=$(bundle exec rake repository:target RASPBERRY_REPO=raspberry-pi2)
- echo $PACKAGECLOUD_REPO
- make populate_cache
- make restore_cache_bundle
- if ./support/is_gitlab_ee.sh; then exit 0; else make test;fi
......@@ -64,6 +68,8 @@ before_script:
- ssh-keyscan -H dev.gitlab.org > ~/.ssh/known_hosts
- chmod -R 0600 ~/.ssh/
- echo -e "[default]\naws_access_key_id = $AWS_ACCESS_KEY_ID \naws_secret_access_key = $AWS_SECRET_ACCESS_KEY" > ~/.aws/config
- export PACKAGECLOUD_REPO=$(bundle exec rake repository:target)
- echo $PACKAGECLOUD_REPO
- make populate_cache
- make restore_cache_bundle
- make do_release
......@@ -81,6 +87,8 @@ before_script:
- ssh-keyscan -H dev.gitlab.org > ~/.ssh/known_hosts
- chmod -R 0600 ~/.ssh/
- echo -e "[default]\naws_access_key_id = $AWS_ACCESS_KEY_ID \naws_secret_access_key = $AWS_SECRET_ACCESS_KEY" > ~/.aws/config
- export PACKAGECLOUD_REPO=$(bundle exec rake repository:target RASPBERRY_REPO=raspberry-pi2)
- echo $PACKAGECLOUD_REPO
- make populate_cache
- make restore_cache_bundle
- if ./support/is_gitlab_ee.sh; then exit 0; else make do_rpi2_release;fi
......@@ -94,6 +102,8 @@ before_script:
Docker master:
stage: extra
script:
- export PACKAGECLOUD_REPO=$(bundle exec rake repository:target)
- echo $PACKAGECLOUD_REPO
- make do_docker_master
tags:
- docker-build
......@@ -103,6 +113,8 @@ Docker master:
Docker:
stage: extra
script:
- export PACKAGECLOUD_REPO=$(bundle exec rake repository:target)
- echo $PACKAGECLOUD_REPO
- make do_docker_release
tags:
- docker-build
......@@ -152,6 +164,18 @@ Centos 7 specs:
paths:
- gems
<<: *run_rspec
OpenSUSE 13.2 specs:
image: "registry.gitlab.com/gitlab-org/omnibus-gitlab:opensuse13.2"
cache:
paths:
- gems
<<: *run_rspec
OpenSUSE 42.1 specs:
image: "registry.gitlab.com/gitlab-org/omnibus-gitlab:opensuse42.1"
cache:
paths:
- gems
<<: *run_rspec
# dev.gitlab.org only
Ubuntu 12.04:
......@@ -210,6 +234,22 @@ Centos 7:
- cache
- gems
<<: *tag_build
OpenSUSE 13.2:
image: "dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder:opensuse13.2"
cache:
key: "OpenSUSE 13.2 branch"
paths:
- cache
- gems
<<: *tag_build
OpenSUSE 42.1:
image: "dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder:opensuse42.1"
cache:
key: "OpenSUSE 42.1 branch"
paths:
- cache
- gems
<<: *tag_build
Ubuntu 12.04 branch:
image: "dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder:precise"
......@@ -267,6 +307,22 @@ CentOS 7 branch:
- cache
- gems
<<: *branch_build
OpenSUSE 13.2 branch:
image: "dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder:opensuse13.2"
cache:
key: "$CI_BUILD_NAME"
paths:
- cache
- gems
<<: *branch_build
OpenSUSE 42.1 branch:
image: "dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder:opensuse42.1"
cache:
key: "$CI_BUILD_NAME"
paths:
- cache
- gems
<<: *branch_build
Raspberry Pi 2 Jessie branch:
image: "dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder:raspbian-jessie"
......@@ -315,12 +371,18 @@ notify:slack-fail:
- master
- tags@gitlab/omnibus-gitlab
add-to-version-server:
before_script: # Nothing
- apk update && apk add curl
# Trigger docs build
# https://gitlab.com/gitlab-com/gitlab-docs/blob/master/README.md#deployment-process
trigger_docs:
stage: package
image: "alpine"
stage: add_to_version_server
before_script:
- apk update && apk add curl
variables:
GIT_STRATEGY: none
cache: {}
artifacts: {}
script:
- ./support/add_to_version_server.sh $CI_BUILD_TAG $VERSION_TOKEN
- "curl -X POST -F token=${DOCS_TRIGGER_TOKEN} -F ref=master -F variables[PROJECT]=omnibus https://gitlab.com/api/v3/projects/1794617/trigger/builds"
only:
- tags@gitlab/omnibus-gitlab
- master@gitlab-org/omnibus-gitlab
CHANGELOG.md
View file @ 88974047
......@@ -3,19 +3,101 @@
The latest version of this file can be found at the master branch of the
omnibus-gitlab repository.
8.14.10
- Update Mattermost to 3.5.3 to patch a security vulnerability
8.14.9
- Pin bundler version to 1.13.7 to avoid breaking changes
8.14.8
- Update Mattermost to 3.5.2 to patch a XSS vulnerability
8.14.7
- No changes
8.14.6
- No changes
8.14.5
- Expose client_output_buffer_limit redis settings
8.14.4
- Fix gitlab-ctl pg-upgrade to properly handle database encodings 46e71561
- Update symlinks of postgres on both upgrade and reconfigure 484a3d8a
8.14.3
- Patch Git 2.7.4 for security vulnerabilities 568753c3
8.14.2
- Revert 34e28112 so we don't listen on IPv6 by default
8.14.1
- No changes
8.14.0
- Switch the redis user's shell to /bin/false 9d60ee4
- NGINX listen on IPv6 by default (George Gooden) 34e28112
- Upgrade Nginx to 1.10.2 085bf610
- Update Redis to 3.2.5 (Takuya Noguchi) edf0575c1
- Updarted cacerts.pem to 2016-11-02 version aca2f5e88
- Stopped using PCRE in the storage directory helper 0e06490
- Add git-trace logging for gitlab-shell 1dab1c
- Update mattermost to 3.5 7ecf31
- Add support for OpenSUSE 13.2 and 42.1 82b7345 6ea9e2
- Support Redis Sentinel daemon (EE only) 457c4764
- Separate package repositories for OL and SL e37eaae
- Add mailroom idle timeout configuration 0488f3de
8.13.6
- No changes
8.13.5
- No changes
8.13.4
- Update curl to 7.51.0 to get the latest security patches fc32c83
- Fix executable file mode for the Docker image update-permissions command 6c80205
8.13.2
- Move mail_room queue from incoming_email to email_receiver 373609c
8.13.1
- Update docs for nginx status, fix the default server for status config b49fb1
8.13.0
- Add support for registry debug addr configuration
- Add support for configuring workhorse's api limiting
- Support specifying a post reconfigure script to run in the docker container
- Updated cacerts.pem to 2016-09-14 version
- Add support for nginx status
- Add support for registry debug addr configuration 87b7a780
- Add support for configuring workhorse's api limiting 1b6c85d4
- Fix unsetting the sticky bit for storage directory permissions and improved error messages 7467b51
- Fixed a bug with disabling registry storage deletion be305d40
- Support specifying a post reconfigure script to run in the docker container aa8bec5
- Add support for nginx status (Luis Sagastume) 3cd7b36
- Enable jemalloc by default 0a7799d2
- Move database migration log to a persisted location
- Move database migration log to a persisted location b368c46c
8.12.9
- No changes
8.12.8
- No changes
8.12.7
- Use forked gitlab-markup gem (forked from github-markup)
- Use forked gitlab-markup gem (forked from github-markup) 422d9bf20
8.12.6
......@@ -31,15 +113,15 @@ omnibus-gitlab repository.
8.12.3
- Updated cacerts.pem to 2016-09-14 version
- Updated cacerts.pem to 2016-09-14 version 9bc1fec
8.12.2
- Update openssl to 1.0.2j
- Update openssl to 1.0.2j 527d02
8.12.1
- Fix gitlab-workhorse Runit template bug #1595 !1005
- Fix gitlab-workhorse Runit template bug e20e5ff
8.12.0
......@@ -60,6 +142,22 @@ omnibus-gitlab repository.
- Add default HOME variable to workhorse fcfa3672
- Show GitLab ascii art after installation (Luis Sagastume) 17ed6cb
8.11.11
- No changes
8.11.10
- No changes
8.11.9
- No changes
8.11.8
- No changes
8.11.7
- No changes
......
Gemfile
View file @ 88974047
......@@ -11,6 +11,7 @@ gem 'package_cloud'
gem 'thor', '0.18.1' # This specific version is required by package_cloud
gem 'json'
gem 'rspec'
gem 'rake'
group :test do
gem 'byebug'
......
Gemfile.lock
View file @ 88974047
......@@ -67,26 +67,26 @@ GEM
mixlib-config (~> 2.0)
mixlib-shellout (~> 2.0)
chef-sugar (3.4.0)
chef-zero (4.8.0)
chef-zero (4.9.0)
ffi-yajl (~> 2.2)
hashie (>= 2.0, < 4.0)
mixlib-log (~> 1.3)
rack (< 2)
uuidtools (~> 2.1)
chefspec (4.7.0)
chef (>= 11.14)
fauxhai (~> 3.2)
chefspec (5.2.0)
chef (>= 12.0)
fauxhai (~> 3.6)
rspec (~> 3.0)
cleanroom (1.0.0)
diff-lcs (1.2.5)
erubis (2.7.0)
fauxhai (3.8.0)
fauxhai (3.9.0)
net-ssh
ffi (1.9.14)
ffi-yajl (2.3.0)
libyajl2 (~> 1.2)
fuzzyurl (0.9.0)
hashie (3.4.4)
hashie (3.4.6)
highline (1.6.20)
iniparse (1.4.2)
ipaddress (0.8.3)
......@@ -138,6 +138,7 @@ GEM
proxifier (1.0.3)
rack (1.6.4)
rainbow (2.1.0)
rake (10.4.2)
rest-client (1.6.9)
mime-types (~> 1.16)
rspec (3.5.0)
......@@ -160,13 +161,13 @@ GEM
builder (< 4)
rspec-core (>= 2, < 4, != 2.12.0)
ruby-progressbar (1.8.1)
serverspec (2.36.0)
serverspec (2.37.2)
multi_json
rspec (~> 3.0)
rspec-its
specinfra (~> 2.53)
sfl (2.2)
specinfra (2.60.4)
sfl (2.3)
specinfra (2.63.3)
net-scp
net-ssh (>= 2.7, < 4.0)
net-telnet
......@@ -188,5 +189,6 @@ DEPENDENCIES
omnibus!
omnibus-software!
package_cloud
rake
rspec
thor (= 0.18.1)
Makefile
View file @ 88974047
PROJECT=gitlab
RELEASE_BUCKET=downloads-packages
RELEASE_BUCKET_REGION=eu-west-1
SECRET_DIR:=$(shell openssl rand -hex 20)
PLATFORM_DIR:=$(shell bundle exec support/ohai-helper platform-dir)
PACKAGECLOUD_USER=gitlab
PACKAGECLOUD_REPO:=$(shell support/repo_name.sh)
PACKAGECLOUD_OS:=$(shell bundle exec support/ohai-helper repo-string)
ifeq ($(shell support/is_gitlab_ee.sh; echo $$?), 0)
RELEASE_PACKAGE=gitlab-ee
......@@ -34,24 +32,27 @@ pack_cache_bundle:
build:
bin/omnibus build ${PROJECT} --log-level info
# license_check should be run after `build`, but because build calls omnibus which
# does a rebuild every call, we're not setting that specific dependency for when
# working on changes to support/license_check.sh. See the order of `test`.
license_check:
bash support/license_check.sh
# If this task were called 'release', running 'make release' would confuse Make
# because there exists a file called 'release.sh' in this directory. Make has
# built-in rules on how to build .sh files. By calling this task do_release, it
# can coexist with the release.sh file.
do_release: no_changes on_tag purge build move_to_platform_dir sync packagecloud
do_release: no_changes on_tag purge build license_check move_to_platform_dir sync packagecloud
# Redefine RELEASE_BUCKET for test builds
test: RELEASE_BUCKET=omnibus-builds
test: no_changes purge build move_to_platform_dir sync
test: no_changes purge build license_check move_to_platform_dir sync
ifdef NIGHTLY
test: PACKAGECLOUD_REPO=nightly-builds
test: packagecloud
endif
# Redefine PLATFORM_DIR for Raspberry Pi 2 packages.
do_rpi2_release: PLATFORM_DIR=raspberry-pi2
do_rpi2_release: PACKAGECLOUD_REPO=raspberry-pi2
do_rpi2_release: no_changes purge build move_to_platform_dir sync packagecloud
do_rpi2_release: no_changes purge build license_check move_to_platform_dir sync packagecloud
no_changes:
git diff --quiet HEAD
......@@ -78,15 +79,6 @@ move_to_platform_dir:
mkdir pkg
mv ${PLATFORM_DIR} pkg/
sync: move_to_secret_dir s3_sync
move_to_secret_dir:
if support/is_gitlab_ee.sh ; then \
mv pkg ${SECRET_DIR} \
&& mkdir pkg \
&& mv ${SECRET_DIR} pkg/ \
; fi
docker_cleanup:
-docker ps -q -a | xargs docker rm -v
-docker images -f dangling=true -q | xargs docker rmi
......@@ -99,22 +91,21 @@ docker_build: docker_cleanup
docker build --pull -t $(RELEASE_PACKAGE):latest -f docker/Dockerfile docker/
docker_push:
docker tag -f $(RELEASE_PACKAGE):latest gitlab/$(RELEASE_PACKAGE):$(DOCKER_TAG)
docker tag $(RELEASE_PACKAGE):latest gitlab/$(RELEASE_PACKAGE):$(DOCKER_TAG)
docker push gitlab/$(RELEASE_PACKAGE):$(DOCKER_TAG)
docker_push_rc:
# push as :rc tag, the :rc is always the latest tagged release
docker tag -f $(RELEASE_PACKAGE):latest gitlab/$(RELEASE_PACKAGE):rc
docker tag $(RELEASE_PACKAGE):latest gitlab/$(RELEASE_PACKAGE):rc
docker push gitlab/$(RELEASE_PACKAGE):rc
docker_push_latest:
# push as :latest tag, the :latest is always the latest stable release
docker tag -f $(RELEASE_PACKAGE):latest gitlab/$(RELEASE_PACKAGE):latest
docker tag $(RELEASE_PACKAGE):latest gitlab/$(RELEASE_PACKAGE):latest
docker push gitlab/$(RELEASE_PACKAGE):latest
do_docker_master:
ifdef NIGHTLY
do_docker_master: PACKAGECLOUD_REPO=nightly-builds
do_docker_master: docker_build docker_push
endif
......@@ -128,12 +119,11 @@ ifeq ($(shell git describe --exact-match --match ${LATEST_STABLE_TAG} > /dev/nul
do_docker_release: docker_push_latest
endif
s3_sync:
sync:
aws s3 sync pkg/ s3://${RELEASE_BUCKET} --acl public-read --region ${RELEASE_BUCKET_REGION}
# empty line for aws status crud
# Replace FQDN in URL and deal with URL encoding
echo "Download URLS:" && find pkg -type f | sed -e "s|pkg|https://${RELEASE_BUCKET}.s3.amazonaws.com|" -e "s|+|%2B|"
packagecloud:
# - We set LC_ALL below because package_cloud is picky about the locale
LC_ALL='en_US.UTF-8' bin/package_cloud push ${PACKAGECLOUD_USER}/${PACKAGECLOUD_REPO}/${PACKAGECLOUD_OS} $(shell find pkg -name '*.rpm' -or -name '*.deb') --url=https://packages.gitlab.com
bash support/packagecloud_upload.sh ${PACKAGECLOUD_USER} ${PACKAGECLOUD_REPO} ${PACKAGECLOUD_OS}
README.md
View file @ 88974047
......@@ -100,7 +100,7 @@ See [doc/settings/smtp.md](doc/settings/smtp.md).
##### Omniauth (Google, Twitter, GitHub login)
Omniauth configuration is documented in
[doc.gitlab.com](http://doc.gitlab.com/ce/integration/omniauth.html).
[docs.gitlab.com](https://docs.gitlab.com/ce/integration/omniauth.html).
##### Adjusting Unicorn settings
......@@ -224,7 +224,7 @@ See [doc/settings/backups.md](doc/settings/backups.md#creating-an-application-ba
### Restoring an application backup
See [backup restore documentation](http://doc.gitlab.com/ce/raketasks/backup_restore.html#omnibus-installations).
See [backup restore documentation](https://docs.gitlab.com/ce/raketasks/backup_restore.html#omnibus-installations).
### Backup and restore using non-packaged database
......
Rakefile 0 → 100644
View file @ 88974047
# All tasks in files placed in lib/gitlab/tasks ending in .rake will be loaded
# automatically
Rake.add_rakelib 'lib/gitlab/tasks'
config/patches/git/git-Nov-2016-security.patch 0 → 100644
View file @ 88974047
diff --git a/http-walker.c b/http-walker.c
index 2c721f0..82113b1 100644
--- a/http-walker.c
+++ b/http-walker.c
@@ -290,9 +290,8 @@ static void process_alternates_response(void *callback_data)
struct strbuf target = STRBUF_INIT;
strbuf_add(&target, base, serverlen);
strbuf_add(&target, data + i, posn - i - 7);
- if (walker->get_verbosely)
- fprintf(stderr, "Also look at %s\n",
- target.buf);
+ warning("adding alternate object store: %s",
+ target.buf);
newalt = xmalloc(sizeof(*newalt));
newalt->next = NULL;
newalt->base = strbuf_detach(&target, NULL);
@@ -318,6 +317,9 @@ static void fetch_alternates(struct walker *walker, const char *base)
struct alternates_request alt_req;
struct walker_data *cdata = walker->data;
+ if (http_follow_config != HTTP_FOLLOW_ALWAYS)
+ return;
+
/*
* If another request has already started fetching alternates,
* wait for them to arrive and return to processing this request's
@@ -488,25 +490,34 @@ static int fetch_object(struct walker *walker, struct alt_base *repo, unsigned c
req->localfile = -1;
}
- if (obj_req->state == ABORTED) {
- ret = error("Request for %s aborted", hex);
- } else if (req->curl_result != CURLE_OK &&
- req->http_code != 416) {
- if (missing_target(req))
- ret = -1; /* Be silent, it is probably in a pack. */
- else
- ret = error("%s (curl_result = %d, http_code = %ld, sha1 = %s)",
- req->errorstr, req->curl_result,
- req->http_code, hex);
- } else if (req->zret != Z_STREAM_END) {
- walker->corrupt_object_found++;
- ret = error("File %s (%s) corrupt", hex, req->url);
- } else if (hashcmp(obj_req->sha1, req->real_sha1)) {
- ret = error("File %s has bad hash", hex);
- } else if (req->rename < 0) {
- ret = error("unable to write sha1 filename %s",
- sha1_file_name(req->sha1));
- }
+ if (req->http_code >= 300 && req->curl_result == CURLE_OK &&
+ (starts_with(req->url, "http://") ||
+ starts_with(req->url, "https://"))) {
+ req->curl_result = CURLE_HTTP_RETURNED_ERROR;
+ xsnprintf(req->errorstr, sizeof(req->errorstr),
+ "HTTP request failed");
+ }
+
+ if (obj_req->state == ABORTED) {
+ ret = error("Request for %s aborted", hex);
+ } else if (req->curl_result != CURLE_OK &&
+ req->http_code != 416) {
+ if (missing_target(req))
+ ret = -1; /* Be silent, it is probably in a pack. */
+ else
+ ret = error("%s (curl_result = %d, http_code = %ld, sha1 = %s)",
+ req->errorstr, req->curl_result,
+ req->http_code, hex);
+ } else if (req->zret != Z_STREAM_END) {
+ walker->corrupt_object_found++;
+ ret = error("File %s (%s) corrupt", hex, req->url);
+ } else if (hashcmp(obj_req->sha1, req->real_sha1)) {
+ ret = error("File %s has bad hash", hex);
+ } else if (req->rename < 0) {
+ ret = error("unable to write sha1 filename %s",
+ sha1_file_name(req->sha1));
+ }
+
release_http_object_request(req);
release_object_request(obj_req);
diff --git a/http.c b/http.c
index 0da9e66..a5e6c29 100644
--- a/http.c
+++ b/http.c
@@ -68,6 +68,8 @@ struct credential http_auth = CREDENTIAL_INIT;
static int http_proactive_auth;
static const char *user_agent;
+enum http_follow_config http_follow_config = HTTP_FOLLOW_INITIAL;
+
#if LIBCURL_VERSION_NUM >= 0x071700
/* Use CURLOPT_KEYPASSWD as is */
#elif LIBCURL_VERSION_NUM >= 0x070903
@@ -202,6 +204,15 @@ static int http_options(const char *var, const char *value, void *cb)
curl_ssl_verify = git_config_bool(var, value);
return 0;
}
+ if (!strcmp("http.followredirects", var)) {
+ if (value && !strcmp(value, "initial"))
+ http_follow_config = HTTP_FOLLOW_INITIAL;
+ else if (git_config_bool(var, value))
+ http_follow_config = HTTP_FOLLOW_ALWAYS;
+ else
+ http_follow_config = HTTP_FOLLOW_NONE;
+ return 0;
+ }
if (!strcmp("http.sslcipherlist", var))
return git_config_string(&ssl_cipherlist, var, value);
if (!strcmp("http.sslversion", var))
@@ -425,7 +436,7 @@ static CURL *get_curl_handle(void)
curl_low_speed_time);
}
- curl_easy_setopt(result, CURLOPT_FOLLOWLOCATION, 1);
+
curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20);
#if LIBCURL_VERSION_NUM >= 0x071301
curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL);
@@ -442,6 +453,7 @@ static CURL *get_curl_handle(void)
if (is_transport_allowed("ftps"))
allowed_protocols |= CURLPROTO_FTPS;
curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS, allowed_protocols);
+ curl_easy_setopt(result, CURLOPT_PROTOCOLS, allowed_protocols);
#else
if (transport_restrict_protocols())
warning("protocol restrictions not applied to curl redirects because\n"
@@ -692,6 +704,17 @@ struct active_request_slot *get_active_slot(void)
curl_easy_setopt(slot->curl, CURLOPT_HTTPGET, 1);
curl_easy_setopt(slot->curl, CURLOPT_FAILONERROR, 1);
curl_easy_setopt(slot->curl, CURLOPT_RANGE, NULL);
+
+/*
+ * Default following to off unless "ALWAYS" is configured; this gives
+ * callers a sane starting point, and they can tweak for individual
+ * HTTP_FOLLOW_* cases themselves.
+ */
+ if (http_follow_config == HTTP_FOLLOW_ALWAYS)
+ curl_easy_setopt(slot->curl, CURLOPT_FOLLOWLOCATION, 1);
+ else
+ curl_easy_setopt(slot->curl, CURLOPT_FOLLOWLOCATION, 0);
+
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods);
#endif
@@ -929,9 +952,12 @@ static int handle_curl_result(struct slot_results *results)
* If we see a failing http code with CURLE_OK, we have turned off
* FAILONERROR (to keep the server's custom error response), and should
* translate the code into failure here.
+ *
+ * Likewise, if we see a redirect (30x code), that means we turned off
+ * redirect-following, and we should treat the result as an error.
*/
if (results->curl_result == CURLE_OK &&
- results->http_code >= 400) {
+ results->http_code >= 300) {
results->curl_result = CURLE_HTTP_RETURNED_ERROR;
/*
* Normally curl will already have put the "reason phrase"
@@ -1236,6 +1262,9 @@ static int http_request(const char *url,
strbuf_addstr(&buf, " no-cache");
if (options && options->keep_error)
curl_easy_setopt(slot->curl, CURLOPT_FAILONERROR, 0);
+ if (options && options->initial_request &&
+ http_follow_config == HTTP_FOLLOW_INITIAL)
+ curl_easy_setopt(slot->curl, CURLOPT_FOLLOWLOCATION, 1);
headers = curl_slist_append(headers, buf.buf);
@@ -1284,16 +1313,16 @@ static int http_request(const char *url,
*
* Note that this assumes a sane redirect scheme. It's entirely possible
* in the example above to end up at a URL that does not even end in
- * "info/refs". In such a case we simply punt, as there is not much we can
- * do (and such a scheme is unlikely to represent a real git repository,
- * which means we are likely about to abort anyway).
+ * "info/refs". In such a case we die. There's not much we can do, such a
+ * scheme is unlikely to represent a real git repository, and failing to
+ * rewrite the base opens options for malicious redirects to do funny things.
*/
static int update_url_from_redirect(struct strbuf *base,
const char *asked,
const struct strbuf *got)
{
const char *tail;
- size_t tail_len;
+ size_t new_len;
if (!strcmp(asked, got->buf))
return 0;
@@ -1302,14 +1331,16 @@ static int update_url_from_redirect(struct strbuf *base,
die("BUG: update_url_from_redirect: %s is not a superset of %s",
asked, base->buf);
- tail_len = strlen(tail);
-
- if (got->len < tail_len ||
- strcmp(tail, got->buf + got->len - tail_len))
- return 0; /* insane redirect scheme */
+ new_len = got->len;
+ if (!strip_suffix_mem(got->buf, &new_len, tail))
+ die(_("unable to update url base from redirection:\n"
+ " asked for: %s\n"
+ " redirect: %s"),
+ asked, got->buf);
strbuf_reset(base);
- strbuf_add(base, got->buf, got->len - tail_len);
+ strbuf_add(base, got->buf, new_len);
+
return 1;
}
diff --git a/http.h b/http.h
index 4f97b60..ac6d325 100644
--- a/http.h
+++ b/http.h
@@ -113,6 +113,13 @@ extern struct credential http_auth;
extern char curl_errorstr[CURL_ERROR_SIZE];
+enum http_follow_config {
+ HTTP_FOLLOW_NONE,
+ HTTP_FOLLOW_ALWAYS,
+ HTTP_FOLLOW_INITIAL
+};
+extern enum http_follow_config http_follow_config;
+
static inline int missing__target(int code, int result)
{
return /* file:// URL -- do we ever use one??? */
@@ -136,7 +143,8 @@ extern char *get_remote_object_url(const char *url, const char *hex,
/* Options for http_get_*() */
struct http_get_options {
unsigned no_cache:1,
- keep_error:1;
+ keep_error:1,
+ initial_request:1;
/* If non-NULL, returns the content-type of the response. */
struct strbuf *content_type;
diff --git a/remote-curl.c b/remote-curl.c
index e65ea59..1cd0a4b 100644
--- a/remote-curl.c
+++ b/remote-curl.c
@@ -241,7 +241,7 @@ static struct discovery *discover_refs(const char *service, int for_push)
struct strbuf effective_url = STRBUF_INIT;
struct discovery *last = last_discovery;
int http_ret, maybe_smart = 0;
- struct http_get_options options;
+ struct http_get_options http_options;
if (last && !strcmp(service, last->service))
return last;
@@ -258,15 +258,16 @@ static struct discovery *discover_refs(const char *service, int for_push)
strbuf_addf(&refs_url, "service=%s", service);
}
- memset(&options, 0, sizeof(options));
- options.content_type = &type;
- options.charset = &charset;
- options.effective_url = &effective_url;
- options.base_url = &url;
- options.no_cache = 1;
- options.keep_error = 1;
+ memset(&http_options, 0, sizeof(http_options));
+ http_options.content_type = &type;
+ http_options.charset = &charset;
+ http_options.effective_url = &effective_url;
+ http_options.base_url = &url;
+ http_options.initial_request = 1;
+ http_options.no_cache = 1;
+ http_options.keep_error = 1;
- http_ret = http_get_strbuf(refs_url.buf, &buffer, &options);
+ http_ret = http_get_strbuf(refs_url.buf, &buffer, &http_options);
switch (http_ret) {
case HTTP_OK:
break;
@@ -281,6 +282,9 @@ static struct discovery *discover_refs(const char *service, int for_push)
die("unable to access '%s': %s", url.buf, curl_errorstr);
}
+ if (options.verbosity && !starts_with(refs_url.buf, url.buf))
+ warning(_("redirecting to %s"), url.buf);
+
last= xcalloc(1, sizeof(*last_discovery));
last->service = service;
last->buf_alloc = strbuf_detach(&buffer, &last->len);
config/projects/gitlab.rb
View file @ 88974047
......@@ -69,8 +69,7 @@ config_guess_version = Gitlab::Version.new('config_guess', "master")
override :ruby, version: '2.3.1', source: { md5: '0d896c2e7fd54f722b399f407e48a4c6' }
override :rubygems, version: '2.6.6'
override :'chef-gem', version: '12.12.15'
override :redis, version: '3.2.1', source: { md5: 'b311d4332326f1e6f86a461b4025636d' }
override :postgresql, version: '9.2.18', source: { md5: 'fd175eb5f29557c6ef2eeaf340330f9a' }
override :redis, version: '3.2.5', source: { md5: 'd3d2b4dd4b2a3e07ee6f63c526b66b08' }
override :liblzma, version: '5.2.2', source: { md5: '7cf6a8544a7dae8e8106fdf7addfa28c' }
override :libxml2, version: '2.9.4', source: { md5: 'ae249165c173b1ff386ee8ad676815f5' }
override :pcre, version: '8.38', source: { md5: '8a353fe1450216b6655dfcf3561716d9', url: "http://downloads.sourceforge.net/project/pcre/pcre/8.38/pcre-8.38.tar.gz" }
......@@ -79,7 +78,12 @@ override :config_guess, version: config_guess_version.print, source: { git: conf
override :rsync, version: '3.1.2'
# Openssh needs to be installed
runtime_dependency "openssh-server"
if suse?
runtime_dependency "openssh"
else
runtime_dependency "openssh-server"
end
# creates required build directories
dependency "preparation"
......
config/software/bundler.rb 0 → 100644
View file @ 88974047
#
# Copyright 2012-2016 Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name "bundler"
# Pin the bundler version to avoid breaking changes in later versions
default_version "1.13.7"
license "MIT"
license_file "https://raw.githubusercontent.com/bundler/bundler/master/LICENSE.md"
dependency "rubygems"
build do
env = with_standard_compiler_flags(with_embedded_path)
v_opts = "--version '#{version}'" unless version.nil?
gem [
"install bundler",
v_opts,
"--no-ri --no-rdoc",
].compact.join(" "), env: env
end
config/software/cacerts.rb
View file @ 88974047
......@@ -20,7 +20,11 @@ license "MPL-2.0"
license_file "https://www.mozilla.org/media/MPL/2.0/index.815ca599c9df.txt"
# Date of the file is in a comment at the start, or in the changelog
default_version "2016.09.14"
default_version "2016.11.02"
version "2016.11.02" do
source md5: "11713bf9b8c10aca2fb4708f1ba01072"
end
version "2016.09.14" do
source md5: "8d35a5cef6ce28da07867a0712558067"
......
config/software/curl.rb
View file @ 88974047
......@@ -15,7 +15,7 @@
#
name "curl"
default_version "7.50.3"
default_version "7.51.0"
dependency "zlib"
dependency "openssl"
......@@ -31,6 +31,10 @@ version "7.50.3" do
source sha256: "3991c2234986178af3b3f693e5afa35d49da2ab4ba61292e3817222446dca7e1"
end
version "7.51.0" do
source sha256: "65b5216a6fbfa72f547eb7706ca5902d7400db9868269017a8888aa91d87977c"
end
source url: "http://curl.haxx.se/download/curl-#{version}.tar.gz"
relative_path "curl-#{version}"
......
config/software/git.rb
View file @ 88974047
......@@ -55,6 +55,9 @@ NO_INSTALL_HARDLINKS=YesPlease
end
end
# Patch for git vulnerabilities
patch source: 'git-Nov-2016-security.patch'
command "make -j #{workers}", :env => env
command "make install"
end
config/software/gitlab-cookbooks.rb
View file @ 88974047
......@@ -21,16 +21,32 @@ name "gitlab-cookbooks"
license "Apache-2.0"
license_file File.expand_path("LICENSE", Omnibus::Config.project_root)
source :path => File.expand_path("files/gitlab-cookbooks", Omnibus::Config.project_root)
EE = system("#{Omnibus::Config.project_root}/support/is_gitlab_ee.sh")
source path: File.expand_path("files/gitlab-cookbooks", Omnibus::Config.project_root)
build do
cookbook_name = 'gitlab'
command "mkdir -p #{install_dir}/embedded/cookbooks"
sync "./", "#{install_dir}/embedded/cookbooks/"
# If EE package, use a different master cookbook
if EE
cookbook_name = 'gitlab-ee'
else
delete "#{install_dir}/embedded/cookbooks/gitlab-ee"
end
# Create a package cookbook.
command "mkdir -p #{install_dir}/embedded/cookbooks/package/attributes"
erb :dest => "#{install_dir}/embedded/cookbooks/package/attributes/default.rb",
:source => "cookbook_packages_default.erb",
:mode => 0755,
:vars => { :install_dir => project.install_dir }
erb :dest => "#{install_dir}/embedded/cookbooks/dna.json",
:source => "dna.json.erb",
:mode => 0644,
:vars => { :master_cookbook => cookbook_name }
end
config/software/gitlab-rails.rb
View file @ 88974047
......@@ -42,6 +42,7 @@ dependency "curl"
dependency "rsync"
dependency "libicu"
dependency "postgresql"
dependency "postgresql_new"
dependency "python-docutils"
dependency "krb5"
dependency "registry"
......@@ -71,7 +72,7 @@ build do
# This patch makes the github-markup gem use and be compatible with Python3
# We've sent part of the changes upstream: https://github.com/github/markup/pull/919
patch source: 'gitlab-markup_gem-markups.patch', target: "#{gems_directory}/gitlab-markup-1.5.0/lib/github/markups.rb"
patch source: 'gitlab-markup_gem-markups.patch', target: "#{gems_directory}/gitlab-markup-1.5.1/lib/github/markups.rb"
# In order to precompile the assets, we need to get to a state where rake can
# load the Rails environment.
......
config/software/mattermost.rb
View file @ 88974047
......@@ -17,10 +17,10 @@
#
name "mattermost"
default_version "3.4.0"
default_version "3.5.3"
source url: "https://releases.mattermost.com/#{version}/mattermost-team-#{version}-linux-amd64.tar.gz",
md5: '4d2c95a7ff2ed918e1d4b810b985b4ed'
md5: '96bd4e798c0208eb5c555d26b4fd591e'
relative_path "mattermost"
......
config/software/nginx.rb
View file @ 88974047
......@@ -17,7 +17,7 @@
#
name "nginx"
default_version "1.10.1"
default_version "1.10.2"
license "BSD-2-Clause"
license_file "LICENSE"
......@@ -25,8 +25,15 @@ license_file "LICENSE"
dependency "pcre"
dependency "openssl"
source url: "http://nginx.org/download/nginx-#{version}.tar.gz",
md5: "088292d9caf6059ef328aa7dda332e44"
version "1.10.1" do
source md5: "088292d9caf6059ef328aa7dda332e44"
end
version "1.10.2" do
source md5: "e8f5f4beed041e63eb97f9f4f55f3085"
end
source url: "http://nginx.org/download/nginx-#{version}.tar.gz"
relative_path "nginx-#{version}"
......
config/software/postgresql.rb 0 → 100644
View file @ 88974047
#
# Copyright 2012-2014 Chef Software, Inc.
# Copyright:: Copyright (c) 2016 GitLab Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name "postgresql"
default_version '9.2.18'
license "PostgreSQL"
license_file "COPYRIGHT"
dependency "zlib"
dependency "openssl"
dependency "libedit"
dependency "ncurses"
dependency "libossp-uuid"
dependency "config_guess"
version '9.2.18' do
source md5: 'fd175eb5f29557c6ef2eeaf340330f9a'
end
source url: "https://ftp.postgresql.org/pub/source/v#{version}/postgresql-#{version}.tar.bz2"
relative_path "postgresql-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
prefix = "#{install_dir}/embedded/postgresql/#{version}"
update_config_guess(target: "config")
command "./configure" \
" --prefix=#{prefix}" \
" --with-libedit-preferred" \
" --with-openssl" \
" --with-ossp-uuid", env: env
make "world -j #{workers}", env: env
make "install-world", env: env
block 'link bin files' do
Dir.glob("#{prefix}/bin/*").each do |bin_file|
link bin_file, "#{install_dir}/embedded/bin/#{File.basename(bin_file)}"
end
end
end
config/software/postgresql_new.rb 0 → 100644
View file @ 88974047
#
# Copyright 2012-2014 Chef Software, Inc.
# Copyright:: Copyright (c) 2016 GitLab Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name "postgresql_new"
default_version "9.6.1"
license "PostgreSQL"
license_file "COPYRIGHT"
dependency "zlib"
dependency "openssl"
dependency "libedit"
dependency "ncurses"
dependency "libossp-uuid"
dependency "config_guess"
version "9.6.0" do
source md5: "c5af6ebb790ab877e1d2e56e19cebb29"
end
version '9.6.1' do
source sha256: 'e5101e0a49141fc12a7018c6dad594694d3a3325f5ab71e93e0e51bd94e51fcd'
end
source url: "https://ftp.postgresql.org/pub/source/v#{version}/postgresql-#{version}.tar.bz2"
relative_path "postgresql-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
prefix = "#{install_dir}/embedded/postgresql/#{version}"
update_config_guess(target: "config")
command "./configure" \
" --prefix=#{prefix}" \
" --with-libedit-preferred" \
" --with-openssl" \
" --with-ossp-uuid", env: env
make "world -j #{workers}", env: env
make "install-world", env: env
end
config/software/readline.rb
View file @ 88974047
......@@ -27,7 +27,7 @@ dependency "ncurses"
license "GPL-3.0"
license_file "COPYING"
source url: "ftp://ftp.cwru.edu/pub/bash/readline-6.2.tar.gz",
source url: "ftp://ftp.gnu.org/gnu/readline/readline-#{version}.tar.gz",
md5: "67948acb2ca081f23359d0256e9a271c"
relative_path "#{name}-#{version}"
......
config/templates/gitlab-cookbooks/dna.json.erb 0 → 100644
View file @ 88974047
{
"run_list": [ "recipe[<%= master_cookbook %>]" ]
}
doc/README.md
View file @ 88974047
......@@ -5,7 +5,7 @@ Omnibus is a way to package different services and tools required to run GitLab,
## Installation
- [Package downloads page](https://about.gitlab.com/downloads/)
- [Installation Requirements](http://doc.gitlab.com/ce/install/requirements.html)
- [Installation Requirements](https://docs.gitlab.com/ce/install/requirements.html)
- [GitLab CI](gitlab-ci/README.md) Set up the GitLab CI coordinator that ships with Omnibus GitLab package.
- [GitLab Mattermost](gitlab-mattermost/README.md) Set up the Mattermost messaging app that ships with Omnibus GitLab package.
- [Docker](docker/README.md) Set up the GitLab in Docker container.
......@@ -35,11 +35,11 @@ Omnibus is a way to package different services and tools required to run GitLab,
- [Redis](settings/redis.md)
- [Logs](settings/logs.md)
- [Database](settings/database.md)
- [Reply by email](http://doc.gitlab.com/ce/incoming_email/README.html)
- [Reply by email](https://docs.gitlab.com/ce/incoming_email/README.html)
- [Environment variables](settings/environment-variables.md)
- [gitlab.yml](settings/gitlab.yml.md)
- [Backups](settings/backups.md)
- [Pages (EE-only)](http://doc.gitlab.com/ee/pages/administration.html)
- [Pages (EE-only)](https://docs.gitlab.com/ee/pages/administration.html)
## Updating
......
doc/common_installation_problems/README.md
View file @ 88974047
......@@ -247,7 +247,7 @@ Redis, Mattermost) are isolated from each other using Unix user
accounts. Creating and managing these user accounts requires root
access. By default, omnibus-gitlab will create the required Unix
accounts during 'gitlab-ctl reconfigure' but that behavior can be
[disabled](http://doc.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management).
[disabled](https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management).
In principle omnibus-gitlab could do with only 2 user accounts (one
for GitLab and one for Mattermost) if we give each application its own
......@@ -310,7 +310,7 @@ sudo chown -R git:git /var/opt/gitlab/gitlab-rails/tmp/cache
### 'Short read or OOM loading DB' error
Try cleaning the old redis session by following the [documentation here.](http://doc.gitlab.com/ce/operations/cleaning_up_redis_sessions.html)
Try cleaning the old redis session by following the [documentation here.](https://docs.gitlab.com/ce/operations/cleaning_up_redis_sessions.html)
### Apt error 'The requested URL returned error: 403'
......@@ -423,7 +423,7 @@ how to override the default headers.
### Extension missing pg_trgm
Starting from GitLab 8.6, [GitLab requires](http://doc.gitlab.com/ce/install/requirements.html#postgresql-requirements)
Starting from GitLab 8.6, [GitLab requires](https://docs.gitlab.com/ce/install/requirements.html#postgresql-requirements)
the PostgreSQL extension `pg_trgm`.
If you are using omnibus-gitlab package with the bundled database, the extension
should be automatically enabled when you upgrade.
......@@ -482,7 +482,7 @@ above, and finally restart the container.
### Errno::ENOMEM: Cannot allocate memory during backup or upgrade
[GitLab requires](http://doc.gitlab.com/ce/install/requirements.html#memory)
[GitLab requires](https://docs.gitlab.com/ce/install/requirements.html#memory)
2GB of available memory to run without errors. Having 2GB of memory installed may
not be enough depending on the resource usage of other processes on your server.
If GitLab runs fine when not upgrading or running a backup, then adding more swap
......@@ -526,4 +526,4 @@ will need to switch to using `no_root_squash` in your NFS exports on the NFS ser
[script source]: https://www.madboa.com/geek/openssl/#verify-new
[gitlab.rb.template]: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
[Change the default proxy headers section of nginx doc]: doc/settings/nginx.md
[reconfigure GitLab]: http://doc.gitlab.com/ce/administration/restart_gitlab.html#omnibus-gitlab-reconfigure
[reconfigure GitLab]: https://docs.gitlab.com/ce/administration/restart_gitlab.html#omnibus-gitlab-reconfigure
doc/docker/README.md
View file @ 88974047
......@@ -146,7 +146,7 @@ the `GITLAB_OMNIBUS_CONFIG` option. The content of `GITLAB_OMNIBUS_CONFIG` is
_not_ preserved between subsequent runs.
There are also a limited number of environment variables to configure GitLab.
They are documented in the [environment variables section of the GitLab documentation](http://doc.gitlab.com/ce/administration/environment_variables.html).
They are documented in the [environment variables section of the GitLab documentation](https://docs.gitlab.com/ce/administration/environment_variables.html).
## After starting a container
......@@ -203,7 +203,7 @@ We provide tagged versions of GitLab Docker images.
To see all available tags check:
- [GitLab-CE tags](https://hub.docker.com/r/gitlab/gitlab-ce/tags/) and
- [GitLab-EE tags](https://hub.docker.com/r/gitlab/gitlab-ce/tags/)
- [GitLab-EE tags](https://hub.docker.com/r/gitlab/gitlab-ee/tags/)
To use a specific tagged version, replace `gitlab/gitlab-ce:latest` with
the GitLab version you want to run, for example `gitlab/gitlab-ce:8.4.3`.
......
doc/gitlab-ci/README.md
View file @ 88974047
......@@ -18,7 +18,7 @@ version.
Starting with GitLab 8.0, GitLab CI is integrated into GitLab.
To see how to configure your project with GitLab CI, see the [GitLab CI quickstart documentation](http://doc.gitlab.com/ce/ci/quick_start/README.html).
To see how to configure your project with GitLab CI, see the [GitLab CI quickstart documentation](https://docs.gitlab.com/ce/ci/quick_start/README.html).
## Running GitLab CI on its own server
......
doc/gitlab-mattermost/README.md
View file @ 88974047
......@@ -159,14 +159,18 @@ For help and support around your GitLab Mattermost deployment please see:
## Upgrading GitLab Mattermost
Note: When upgrading to GitLab 8.9 additional steps are require before restarting the Mattermost server to enable multi-account support in Mattermost 3.1. Please see below for special instructions.
GitLab Mattermost can be upgraded through the regular GitLab omnibus update process provided:
1. No major build versions are skipped
(e.g. upgrading GitLab omnibus from 8.2.x to 8.3.x works, but upgrading from 8.2.x to 8.4.x will not)
2. Mattermost configuration settings have not been changed outside of GitLab
That means no changes to Mattermost's `config.json` file have been made, either directly or via the Mattermost **System Console** which saves back changes to `config.json`.
Note: These upgrade instructions are for GitLab Version 8.9 (Mattermost v3.1.0) and above. For upgrading versions prior to GitLab 8.9, [additional steps are required](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc//gitlab-mattermost/README.md#upgrading-gitlab-mattermost-from-versions-prior-to-89).
| GitLab Version | Mattermost Version |
|----------------|--------------------|
| 8.9 | v3.1.0 |
| 8.10 | v3.2.0 |
| 8.11 | v3.3.0 |
| 8.12 | v3.4.0 |
It is possible to skip upgrade versions starting from Mattermost v3.1. For example, Mattermost v3.1.0 in GitLab 8.9 can upgrade directly to Mattermost v3.4.0 in GitLab 8.12.
GitLab Mattermost can be upgraded through the regular GitLab omnibus update process provided Mattermost configuration settings have not been changed outside of GitLab. This means no changes to Mattermost's `config.json` file have been made, either directly or via the Mattermost **System Console** which saves back changes to `config.json`.
If this is the case, upgrading GitLab using omnibus and running `gitlab-ctl reconfigure` should upgrade GitLab Mattermost to the next version.
......@@ -176,6 +180,15 @@ If this is not the case, there are two options:
This might require adding some parameters as not all settings in `config.json` are available in `gitlab.rb`. Once complete, GitLab omnibus should be able to upgrade GitLab Mattermost from one version to the next.
2. Migrate Mattermost outside of the directory controlled by GitLab omnibus so it can be administered and upgraded independently (see below).
**Special Considerations**
Consider these notes when upgrading GitLab Mattermost:
1. If public links are enabled, upgrading to Mattermost v3.4 will invalidate existing public links due to a security upgrade allowing admins to invalidate links by resetting a public link salt from the System Console.
2. Upgrading from v3.2 to v3.4 will be incomplete due to a migration code not being run properly. You can either:
- Upgrade from v3.2 to v3.3 and then from v3.3 to v3.4, or
- Upgrade from v3.2 to v3.4, then run the following SQL query to make Mattermost rerun upgrade steps that were not properly completed: `UPDATE Systems SET Value = '3.1.0' WHERE Name = 'Version';`
## Upgrading GitLab Mattermost from versions prior to 8.9
......@@ -252,7 +265,7 @@ This integration lets you completely control how notifications are formatted and
The source code can be modified to support not only GitLab, but any in-house applications you may have that support webhooks. Also see:
- [Mattermost incoming webhook documentation](http://docs.mattermost.com/developer/webhooks-incoming.html)
- [GitLab webhook documentation](http://doc.gitlab.com/ce/web_hooks/web_hooks.html)
- [GitLab webhook documentation](https://docs.gitlab.com/ce/web_hooks/web_hooks.html)
![webhooks](https://gitlab.com/gitlab-org/omnibus-gitlab/uploads/677b0aa055693c4dcabad0ee580c61b8/730_gitlab_feature_request.png)
......
doc/maintenance/README.md
View file @ 88974047
......@@ -187,3 +187,46 @@ registry['storage'] = {
```
and run `sudo gitlab-ctl reconfigure`.
#### Upgrade postgresql database
Currently GitLab Omnibus runs PostgreSQL 9.2.18 by default. Version 9.6.1 is included as an option for users to manually upgrade. The next major release will ship with a newer PostgresQL by default, and will upgrade existing omnibus installations when they are upgraded.
In order to be able to manually upgrade, please check the folowing:
* You're currently running the latest version of GitLab and it is working. If you recently upgraded, make sure that `gitlab-ctl reconfigure` has successfully run before you proceed.
* You're using the bundled version of PostgreSQL. Look for `postgresql['enable']` to be `true`, commented out, or absent from `/etc/gitlab/gitlab.rb`
* You haven't already upgraded. Running `/opt/gitlab/embedded/bin/psql --version` should print `psql (PostgreSQL) 9.2.18`
* You will need to have sufficient disk space for two copies of your database. Do not attempt to upgrade unless you have enough free space available. If the partition where the database resides does not have enough space (default location is `/var/opt/gitlab/postgresql/data`), you can pass the argument `--tmp-dir $DIR` to the command.
Please note:
* This upgrade does require downtime as the database must be down while the upgrade is being performed. The length of time entirely depends on the size of your database.
To perform the ugprade, run the command:
```
sudo gitlab-ctl pg-upgrade
```
This command performs the following steps:
1. Checks to ensure the database is in a known good state
1. Shuts down the existing database
1. Changes the symlinks in `/opt/gitlab/embedded/bin/` for PostgreSQL to point to the newer version of the database
1. Creates a new directory containing a new, empty database with a locale matching the existing database
1. Uses the `pg_upgrade` tool to copy the data from the old database to the new database
1. Moves the old database out of the way
1. Moves the new database to the expected location
1. Calls `gitlab-ctl` reconfigure to make any needed changes, and start the new database server.
1. If any errors are detected during this process, it should immediately revert to the old version of the database.
Once this step is complete, verify everything is working as expected. If so, you can remove the old database with:
```
sudo rm -rf /var/opt/gitlab/postgresql/data.9.2.18
```
If you run into an issue, and wish to downgrade the version of PostgreSQL, run:
```
sudo gitlab-ctl revert-pg-upgrade
```
Please note:
This will revert your database and data to what was there before you upgraded the database. Any changes you have made since the ugprade will be lost.
doc/package-information/README.md
View file @ 88974047
......@@ -5,14 +5,7 @@ requires in order to function correctly.
## Licenses
Starting from version 8.11, the omnibus-gitlab package contains license
information of all software that is bundled within the package.
After installing the package, licenses for each individual bundled library
can be be found in `/opt/gitlab/LICENSES` directory.
There is also one `LICENSE` file which contains all licenses compiled together.
This compiled license can be found in `/opt/gitlab/LICENSE` file.
See [licensing](licensing.md)
## Defaults
......
doc/package-information/defaults.md
View file @ 88974047
......@@ -17,6 +17,7 @@ by default:
| Unicorn | Yes | Socket | Port (8080) | X |
| GitLab Workhorse | Yes | Socket | Port (8181) | X |