Error 500 using https access to repo

HTTP error code 500 returned when attempting to pull or merge with a repo in gitlab-8.12.0-ee. This type of message gets logged to /var/log/gitlab/gitlab-workhorse/current:

2016-09-22_21:10:07.23731 2016/09/22 21:10:07 error: preAuthorizeHandler: newUpstreamRequest: newRequest: read Secret.Path: open ./.gitlab_workhorse_secret: no such file or directory
2016-09-22_21:10:07.23735 server.name @ - - [2016-09-22 21:10:07.236896655 +0000 UTC] "GET /smoke-test/smoke-test.git/info/refs?service=git-upload-pack HTTP/1.1" 500 22 "" "JGit/3.7.0.201502260915-r" 0.000379

2c9b2a22 has introduced a problem in 8.12.0 where gitlab-workhorse is unable to find its secretPath file because the run script is missing a trailing backslash on the previous line of the call to exec it.

The template renders the command as

exec chpst -e /opt/gitlab/etc/gitlab-workhorse/env -P \
  -U git \
  -u git \
  /opt/gitlab/embedded/bin/gitlab-workhorse \
    -listenNetwork unix \
    -listenUmask 0 \
    -listenAddr /var/opt/gitlab/gitlab-workhorse/socket \
    -authBackend http://localhost:8080 \
    -authSocket /var/opt/gitlab/gitlab-rails/sockets/gitlab.socket \
    -documentRoot /opt/gitlab/embedded/service/gitlab-rails/public \
    -pprofListenAddr ''\
    -proxyHeadersTimeout 4m30s
    -secretPath /opt/gitlab/embedded/service/gitlab-rails/.gitlab_workhorse_secret

so the command terminates after the 'proxyHeadersTimeout' value and the next line is not included in the arguments.

The immediate fix is to edit the template at /opt/gitlab/embedded/cookbooks/gitlab/templates/default/sv-gitlab-workhorse-run.erb and run gitlab-ctl reconfigure