2015-09-12 15:42:12 +05:30
|
|
|
#! /bin/sh
|
|
|
|
# postinst script for gitlab
|
|
|
|
# copied from postinst script for hplip
|
|
|
|
# $Id: hplip.postinst,v 1.1 2005/10/15 21:39:04 hmh Exp $
|
|
|
|
#
|
|
|
|
# see: dh_installdeb(1)
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
2017-03-13 14:33:48 +05:30
|
|
|
# Setup variables
|
2018-06-12 21:00:26 +05:30
|
|
|
# Now using gitlab-common.defaults to override variables used only in
|
2017-03-13 14:33:48 +05:30
|
|
|
# maintainer scripts. Earlier versions used gitlab-debian.conf for this.
|
|
|
|
# Now gitlab-debian.conf will only have user/admin configurable variables
|
|
|
|
# and variables required by systemd services.
|
2018-06-12 21:00:26 +05:30
|
|
|
gitlab_common_defaults=/usr/lib/gitlab-common/gitlab-common.defaults
|
|
|
|
test -f ${gitlab_common_defaults} && . ${gitlab_common_defaults}
|
2017-03-13 14:33:48 +05:30
|
|
|
|
2016-12-08 23:46:56 +05:30
|
|
|
# Show debconf questions
|
|
|
|
. /usr/share/debconf/confmodule
|
2017-04-21 12:47:11 +05:30
|
|
|
. /usr/share/dbconfig-common/dpkg/postinst
|
2016-12-08 23:46:56 +05:30
|
|
|
|
2015-09-12 15:42:12 +05:30
|
|
|
# summary of how this script can be called:
|
|
|
|
# * <postinst> `configure' <most-recently-configured-version>
|
|
|
|
# * <old-postinst> `abort-upgrade' <new version>
|
|
|
|
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
|
|
|
|
# <new-version>
|
|
|
|
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
|
|
|
|
# <failed-install-package> <version> `removing'
|
|
|
|
# <conflicting-package> <version>
|
|
|
|
# for details, see http://www.debian.org/doc/debian-policy/ or
|
|
|
|
# the debian-policy package
|
|
|
|
#
|
|
|
|
# quoting from the policy:
|
|
|
|
# Any necessary prompting should almost always be confined to the
|
|
|
|
# post-installation script, and should be protected with a conditional
|
|
|
|
# so that unnecessary prompting doesn't happen if a package's
|
|
|
|
# installation fails and the `postinst' is called with `abort-upgrade',
|
|
|
|
# `abort-remove' or `abort-deconfigure'.
|
|
|
|
|
2016-12-08 23:46:56 +05:30
|
|
|
#######################################################################
|
2017-03-17 22:27:14 +05:30
|
|
|
# Read debian specific configuration
|
2016-12-08 23:46:56 +05:30
|
|
|
#######################################################################
|
|
|
|
|
2019-01-06 20:44:18 +05:30
|
|
|
# Always copy the example configuration file in case there are newer entries
|
|
|
|
# added by maintainer
|
|
|
|
cp ${gitlab_debian_conf_example} ${gitlab_debian_conf_private}
|
2017-03-17 22:27:14 +05:30
|
|
|
. ${gitlab_debian_conf_private}
|
2016-12-08 23:46:56 +05:30
|
|
|
|
|
|
|
# If /etc/gitlab/gitlab-debian.conf is already present, use it
|
2017-03-17 22:27:14 +05:30
|
|
|
test -f ${gitlab_debian_conf} && . ${gitlab_debian_conf}
|
|
|
|
export DB RAILS_ENV
|
2016-12-08 23:46:56 +05:30
|
|
|
|
2017-03-13 14:33:48 +05:30
|
|
|
# Read default values (we cannot do this before gitlab-debian.conf is exported
|
|
|
|
# as we want to override variables set by gitlab-debian.conf in earlier gitlab
|
|
|
|
# versions with gitlab-debian.defaults)
|
2018-06-12 21:00:26 +05:30
|
|
|
. ${gitlab_common_defaults}
|
2017-03-13 14:33:48 +05:30
|
|
|
|
2018-06-12 21:00:26 +05:30
|
|
|
# Read gitlab_user from gitlab-common.conf
|
|
|
|
test -f ${gitlab_common_conf} && . ${gitlab_common_conf}
|
2016-12-08 23:46:56 +05:30
|
|
|
|
2021-06-21 23:46:45 +05:30
|
|
|
# Required for embedded gems
|
|
|
|
export GEM_HOME=/var/lib/gitlab/.gem
|
2022-03-03 20:57:33 +05:30
|
|
|
export GEM_PATH=$(gem env gempath)
|
|
|
|
|
2022-07-30 16:26:47 +05:30
|
|
|
# Once bundler gets --prefer-local option (merged upstream) these will be automated
|
2022-03-03 20:57:33 +05:30
|
|
|
# Updating these rubygem packages are complicated
|
2022-05-08 18:48:40 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 1.8.0 "^graphiql-rails$" >/dev/null; then gem install -v 1.8.0 graphiql-rails; fi"
|
2021-06-21 14:09:06 +05:30
|
|
|
|
2022-07-17 02:30:11 +05:30
|
|
|
# TODO: Update packages for these gems
|
2023-05-10 01:27:37 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 1.44.0 "^google-cloud-storage$" >/dev/null; then gem install -v 1.44.0 google-cloud-storage; fi"
|
2023-05-28 01:43:27 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 3.22.2' "^google-protobuf$" >/dev/null; then gem install -v '~> 3.22.2' google-protobuf; fi"
|
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 0.1.3' "^net-protocol$" >/dev/null; then gem install -v '~> 0.1.3' net-protocol; fi"
|
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 1.3' "^duo_api$" >/dev/null; then gem install -v '~> 1.3' duo_api; fi"
|
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 0.3' "^google-cloud-profiler-v2$" >/dev/null; then gem install -v '~> 0.3' google-cloud-profiler-v2; fi"
|
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 1.10' "^faraday$" >/dev/null; then gem install -v '~> 1.10' faraday; fi"
|
2022-12-04 23:42:07 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 0.0.12' "^arr-pm$" >/dev/null; then gem install -v '~> 0.0.12' arr-pm; fi"
|
2023-05-08 23:20:11 +05:30
|
|
|
# we have a newer incompatible version in the archive
|
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 0.6.1' "^omniauth_openid_connect$" >/dev/null; then gem install -v '~> 0.6.1' omniauth_openid_connect; fi"
|
2023-03-05 15:02:35 +05:30
|
|
|
# Packaged version is probably buggy - task lists on issues broken
|
2023-01-26 22:46:46 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 2.3.2 "^deckar01-task_list$" >/dev/null; then gem install -v 2.3.2 deckar01-task_list; fi"
|
2023-05-10 01:59:56 +05:30
|
|
|
# We have a newer incompatible version in the archive
|
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 0.10.0 "^google-apis-core$" >/dev/null; then gem install -v 0.10.0 google-apis-core; fi"
|
2023-07-10 20:22:33 +05:30
|
|
|
# archive has gitaly 16.0
|
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 15.9.0.pre.rc3' "^gitaly$" >/dev/null; then gem install -v '~> 15.9.0.pre.rc3' gitaly; fi"
|
2022-07-17 02:30:11 +05:30
|
|
|
|
2023-01-26 22:51:05 +05:30
|
|
|
# Uninstall rack 3.x
|
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~>3.0' "^rack$" >/dev/null; then gem uninstall -v '~>3.0' rack; fi"
|
|
|
|
|
2023-03-09 11:29:45 +05:30
|
|
|
# Gitlab needs this specific version due to
|
|
|
|
# https://github.com/fog/fog-google/issues/421
|
2023-03-09 23:58:59 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 2.1.0 "^fog-core$" >/dev/null; then gem install -v 2.1.0 fog-core; fi"
|
2023-03-09 11:29:45 +05:30
|
|
|
|
2023-07-09 12:33:45 +05:30
|
|
|
# new gem
|
|
|
|
runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 0.0.17.pre.alpha1 "^devfile$" >/dev/null; then gem install -v 0.0.17.pre.alpha1 devfile; fi"
|
|
|
|
|
2016-12-08 23:46:56 +05:30
|
|
|
#######################################################################
|
2018-03-21 10:39:39 +05:30
|
|
|
# update Gemfile.lock and yarn.lock, always
|
2016-12-08 23:46:56 +05:30
|
|
|
#######################################################################
|
2017-04-21 15:03:54 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/Gemfile.lock && \
|
|
|
|
truncate -s 0 ${gitlab_data_dir}/Gemfile.lock"
|
2018-10-18 17:13:12 +05:30
|
|
|
# Don't modify yarn.lock until all dependencies are packaged
|
|
|
|
#runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/yarn.lock && \
|
|
|
|
#truncate -s 0 ${gitlab_data_dir}/yarn.lock"
|
2018-03-21 18:22:18 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/yarn-error.log"
|
2016-12-08 23:46:56 +05:30
|
|
|
cd ${gitlab_app_root}
|
2017-04-21 15:03:54 +05:30
|
|
|
if ! runuser -u ${gitlab_user} -- sh -c 'bundle --local --quiet'; then
|
2016-12-08 23:46:56 +05:30
|
|
|
if [ "$1" = "triggered" ]; then
|
|
|
|
# probably triggered in the middle of an system upgrade; ignore failure
|
|
|
|
# but abort here
|
|
|
|
echo "#########################################################################"
|
|
|
|
echo "# Failed to detect gitlab dependencies; if you are in the middle of an #"
|
|
|
|
echo "# upgrade, this is probably fine, there will be another attempt later. #"
|
|
|
|
echo "# #"
|
|
|
|
echo "# If you are NOT in the middle of an upgrade, there is probably a real #"
|
|
|
|
echo "# issue. Please report a bug. #"
|
|
|
|
echo "#########################################################################"
|
|
|
|
exit 0
|
|
|
|
else
|
|
|
|
# something is really broken
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
cd - >/dev/null
|
2015-09-12 15:42:12 +05:30
|
|
|
|
|
|
|
case "$1" in
|
2016-02-07 15:20:19 +05:30
|
|
|
configure)
|
2016-04-05 14:27:56 +05:30
|
|
|
gitlab_builds_log=${gitlab_log_dir}/builds
|
2016-02-07 15:20:19 +05:30
|
|
|
gitlab_repo_path=${gitlab_data_dir}/repositories
|
2022-09-14 20:06:11 +05:30
|
|
|
gitlab_uploads_path=${gitlab_data_dir}/public/uploads
|
2016-02-13 18:01:11 +05:30
|
|
|
|
|
|
|
# Create directories and change ownership
|
2016-04-08 17:00:57 +05:30
|
|
|
echo "Creating runtime directories for gitlab..."
|
2016-07-20 23:09:19 +05:30
|
|
|
# Setup ssh key file
|
2018-10-13 21:23:13 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "mkdir -p ${gitlab_data_dir}/.ssh"
|
|
|
|
runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/.ssh/authorized_keys"
|
2016-09-18 15:07:16 +05:30
|
|
|
# Create .bundle for .bundle/config
|
2018-10-13 22:14:59 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "mkdir -p ${gitlab_data_dir}/.bundle"
|
2018-02-23 00:00:41 +05:30
|
|
|
# Create locale for app/assets/javascripts/locale
|
2018-10-13 22:14:59 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "mkdir -p ${gitlab_data_dir}/locale"
|
2020-07-16 21:09:24 +05:30
|
|
|
# Create backup directory for tmp/backups symbolic link
|
|
|
|
runuser -u ${gitlab_user} -- sh -c "mkdir -p ${gitlab_data_dir}/backups"
|
2016-07-20 23:09:19 +05:30
|
|
|
# Create more required directories
|
2018-10-18 12:26:29 +05:30
|
|
|
mkdir -p ${gitlab_pid_path}
|
|
|
|
chown ${gitlab_user}: ${gitlab_data_dir}/public ${gitlab_cache_path} \
|
|
|
|
${gitlab_log_dir} ${gitlab_shell_log} ${gitlab_pid_path} \
|
2018-10-19 13:00:15 +05:30
|
|
|
${gitlab_data_dir}/db ${gitlab_data_dir}/locale ${gitlab_data_dir}/shared \
|
2020-07-16 17:33:59 +05:30
|
|
|
${gitlab_data_dir}/shared/* ${gitlab_data_dir}/shared/artifacts/* \
|
|
|
|
${gitlab_data_dir}/shared/artifacts/tmp/*
|
2018-10-18 12:26:29 +05:30
|
|
|
for i in ${gitlab_repo_path} ${gitlab_uploads_path}\
|
|
|
|
${gitlab_shell_log} ${gitlab_builds_log}; do
|
2018-10-13 22:14:59 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "mkdir -p $i"
|
2016-02-13 18:01:11 +05:30
|
|
|
done
|
2016-02-18 17:30:10 +05:30
|
|
|
|
2016-04-08 00:24:03 +05:30
|
|
|
# nginx/httpd should be able to connect to gitlab-workhorse.socket and serve public
|
2018-10-15 16:57:58 +05:30
|
|
|
chown ${gitlab_user}:${nginx_user} ${gitlab_uploads_path}/../* ${gitlab_pid_path}
|
2019-05-18 16:23:43 +05:30
|
|
|
|
2016-02-13 18:01:11 +05:30
|
|
|
# Customize permissions
|
2016-04-08 17:00:57 +05:30
|
|
|
echo "Updating file permissions..."
|
2018-10-15 16:57:58 +05:30
|
|
|
chmod ug+rwX,o-rwx,u-s,g+s ${gitlab_repo_path}/
|
2016-02-18 18:14:36 +05:30
|
|
|
for i in ${gitlab_data_dir} ${gitlab_shell_root}; do
|
2018-10-15 16:57:58 +05:30
|
|
|
chown ${gitlab_user}: $i
|
2016-02-13 18:01:11 +05:30
|
|
|
done
|
2016-02-07 15:20:19 +05:30
|
|
|
|
2020-12-21 20:48:56 +05:30
|
|
|
# Make package.json writable for yarn 2
|
|
|
|
chown ${gitlab_user}: /var/lib/gitlab/package.json
|
2023-05-30 21:00:47 +05:30
|
|
|
chown ${gitlab_user}: /var/lib/gitlab/yarn.lock
|
2019-05-18 16:23:43 +05:30
|
|
|
|
2017-04-21 15:03:54 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "chmod 700 ${gitlab_uploads_path}"
|
|
|
|
runuser -u ${gitlab_user} -- sh -c 'git config --global core.autocrlf "input"'
|
2016-02-13 18:01:11 +05:30
|
|
|
|
2016-02-18 14:31:41 +05:30
|
|
|
# Commands below needs to be run from gitlab_app_root
|
|
|
|
cd ${gitlab_app_root}
|
2016-02-07 15:20:19 +05:30
|
|
|
|
|
|
|
# Obtain hostname from debconf db
|
2017-04-19 15:34:07 +05:30
|
|
|
echo "Configuring hostname and email..."
|
2016-02-07 15:20:19 +05:30
|
|
|
db_get gitlab/fqdn
|
2017-04-19 15:34:07 +05:30
|
|
|
GITLAB_HOST=$RET
|
|
|
|
GITLAB_EMAIL_FROM="no-reply@$GITLAB_HOST"
|
|
|
|
GITLAB_EMAIL_DISPLAY_NAME="Gitlab"
|
|
|
|
GITLAB_EMAIL_REPLY_TO="no-reply@$GITLAB_HOST"
|
2017-04-20 11:32:10 +05:30
|
|
|
# Check if ssl option is selected
|
|
|
|
db_get gitlab/ssl
|
|
|
|
GITLAB_HTTPS=$RET
|
|
|
|
gl_proto="http"
|
|
|
|
db_get gitlab/letsencrypt
|
|
|
|
gitlab_letsencrypt=$RET
|
2017-04-26 20:23:50 +05:30
|
|
|
db_get gitlab/letsencrypt_email
|
|
|
|
gitlab_letsencrypt_email=$RET
|
2017-04-20 11:32:10 +05:30
|
|
|
|
2017-04-19 15:34:07 +05:30
|
|
|
cp -a -f ${gitlab_debian_conf_private} ${gitlab_debian_conf_private}.tmp
|
|
|
|
|
|
|
|
# If the admin deleted or commented some variables but then set
|
|
|
|
# them via debconf, (re-)add them to the conffile.
|
|
|
|
test -z "$GITLAB_HOST" || grep -Eq '^ *GITLAB_HOST=' ${gitlab_debian_conf_private} || \
|
|
|
|
echo "GITLAB_HOST=" >> ${gitlab_debian_conf_private}
|
|
|
|
test -z "$GITLAB_EMAIL_FROM" || grep -Eq '^ *GITLAB_EMAIL_FROM=' ${gitlab_debian_conf_private} || \
|
|
|
|
echo "GITLAB_EMAIL_FROM=" >> ${gitlab_debian_conf_private}
|
|
|
|
test -z "$GITLAB_EMAIL_DISPLAY_NAME" || grep -Eq '^ *GITLAB_EMAIL_DISPLAY_NAME=' ${gitlab_debian_conf_private} || \
|
|
|
|
echo "GITLAB_EMAIL_DISPLAY_NAME=" >> ${gitlab_debian_conf_private}
|
|
|
|
test -z "$GITLAB_EMAIL_REPLY_TO" || grep -Eq '^ *GITLAB_EMAIL_REPLY_TO=' ${gitlab_debian_conf_private} || \
|
|
|
|
echo "GITLAB_EMAIL_REPLY_TO=" >> ${gitlab_debian_conf_private}
|
2017-04-20 11:32:10 +05:30
|
|
|
test -z "$GITLAB_HTTPS" || grep -Eq '^ *GITLAB_HTTPS=' ${gitlab_debian_conf_private} || \
|
|
|
|
echo "GITLAB_HTTPS=" >> ${gitlab_debian_conf_private}
|
|
|
|
test -z "$gitlab_letsencrypt" || grep -Eq '^ *gitlab_letsencrypt=' ${gitlab_debian_conf_private} || \
|
|
|
|
echo "gitlab_letsencrypt=" >> ${gitlab_debian_conf_private}
|
2017-04-26 20:23:50 +05:30
|
|
|
test -z "$gitlab_letsencrypt_email" || grep -Eq '^ *gitlab_letsencrypt_email=' ${gitlab_debian_conf_private} || \
|
|
|
|
echo "gitlab_letsencrypt_email=" >> ${gitlab_debian_conf_private}
|
2017-04-19 15:34:07 +05:30
|
|
|
sed -e "s/^ *GITLAB_HOST=.*/GITLAB_HOST=\"$GITLAB_HOST\"/" \
|
|
|
|
-e "s/^ *GITLAB_EMAIL_FROM=.*/GITLAB_EMAIL_FROM=\"$GITLAB_EMAIL_FROM\"/" \
|
|
|
|
-e "s/^ *GITLAB_EMAIL_DISPLAY_NAME=.*/GITLAB_EMAIL_DISPLAY_NAME=\"$GITLAB_EMAIL_DISPLAY_NAME\"/" \
|
|
|
|
-e "s/^ *GITLAB_EMAIL_REPLY_TO=.*/GITLAB_EMAIL_REPLY_TO=\"$GITLAB_EMAIL_REPLY_TO\"/" \
|
2017-04-20 11:32:10 +05:30
|
|
|
-e "s/^ *GITLAB_HTTPS=.*/GITLAB_HTTPS=\"$GITLAB_HTTPS\"/" \
|
|
|
|
-e "s/^ *gitlab_letsencrypt=.*/gitlab_letsencrypt=\"$gitlab_letsencrypt\"/" \
|
2017-04-26 20:23:50 +05:30
|
|
|
-e "s/^ *gitlab_letsencrypt_email=.*/gitlab_letsencrypt_email=\"$gitlab_letsencrypt_email\"/" \
|
2017-04-19 15:34:07 +05:30
|
|
|
< ${gitlab_debian_conf_private} > ${gitlab_debian_conf_private}.tmp
|
2018-06-12 21:00:26 +05:30
|
|
|
mv -f ${gitlab_debian_conf_private}.tmp ${gitlab_debian_conf_private}
|
2017-04-19 15:34:07 +05:30
|
|
|
|
|
|
|
# Copy example configurations
|
|
|
|
cp ${gitlab_yml_example} ${gitlab_yml_private}
|
|
|
|
cp ${gitlab_shell_config_example} ${gitlab_shell_config_private}
|
|
|
|
|
|
|
|
# Set gitlab user first time
|
|
|
|
sed -i "s/GITLAB_USER/${gitlab_user}/" ${gitlab_yml_private}
|
|
|
|
# Update gitlab user (its a hack, proper fix is to have gitlab accept GITLAB_USER variable)
|
|
|
|
sed -i "s/^ *user:.* #gitlab_user/ user: $gitlab_user #gitlab_user/" ${gitlab_yml_private}
|
|
|
|
|
2017-04-20 11:32:10 +05:30
|
|
|
if [ "$GITLAB_HTTPS" = "true" ]; then
|
2017-04-19 15:34:07 +05:30
|
|
|
echo "Configuring nginx with HTTPS..."
|
2017-04-20 11:32:10 +05:30
|
|
|
# Workaround for #813770
|
|
|
|
gl_proto="https"
|
|
|
|
echo "Configuring gitlab with HTTPS..."
|
|
|
|
sed -i "s/#port: 80/port: 443/" ${gitlab_yml_private}
|
|
|
|
sed -i "s/https: false/https: true/" ${gitlab_yml_private}
|
|
|
|
echo "Updating gitlab_url in gitlab-shell configuration..."
|
|
|
|
sed -i \
|
|
|
|
"s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\
|
|
|
|
${gitlab_shell_config_private}
|
2017-04-19 15:34:07 +05:30
|
|
|
|
|
|
|
mkdir -p /etc/gitlab/ssl
|
|
|
|
nginx_conf_example=${nginx_ssl_conf_example}
|
2016-02-07 15:20:19 +05:30
|
|
|
|
2017-04-19 15:34:07 +05:30
|
|
|
# Check if letsencrypt option is selected
|
2017-04-20 11:32:10 +05:30
|
|
|
if [ "$gitlab_letsencrypt" = "true" ]; then
|
2016-04-08 17:00:57 +05:30
|
|
|
echo "Configuring letsencrypt..."
|
2017-04-19 15:34:07 +05:30
|
|
|
ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem \
|
|
|
|
/etc/gitlab/ssl/gitlab.crt
|
|
|
|
ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem \
|
|
|
|
/etc/gitlab/ssl/gitlab.key
|
2016-06-03 16:20:17 +05:30
|
|
|
|
2017-04-19 15:34:07 +05:30
|
|
|
# Check if certificate is already present
|
|
|
|
if [ -e /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem ]; then
|
|
|
|
echo "Let's encrypt certificate already present."
|
|
|
|
else
|
|
|
|
# Port 80 and 443 should be available for letsencrypt
|
|
|
|
if command -v nginx > /dev/null; then
|
|
|
|
echo "Stopping nginx for letsencrypt..."
|
|
|
|
invoke-rc.d nginx stop
|
|
|
|
fi
|
2017-04-26 20:23:50 +05:30
|
|
|
db_get gitlab/letsencrypt_email
|
|
|
|
gitlab_letsencrypt_email=$RET
|
|
|
|
LETSENCRYPT_CMD="letsencrypt --standalone --agree-tos -m $gitlab_letsencrypt_email -d ${GITLAB_HOST} certonly"
|
|
|
|
$LETSENCRYPT_CMD || {
|
2016-04-08 17:00:57 +05:30
|
|
|
echo "letsencrypt auto configuration failed..."
|
|
|
|
echo "Stop your webserver and try running letsencrypt manually..."
|
2017-04-26 20:23:50 +05:30
|
|
|
echo "$LETSENCRYPT_CMD"
|
2017-04-19 15:34:07 +05:30
|
|
|
}
|
2020-04-03 17:59:00 +05:30
|
|
|
if command -v nginx > /dev/null; then
|
|
|
|
echo "Starting nginx (letsencrypt configuration completed) ..."
|
|
|
|
invoke-rc.d nginx start
|
|
|
|
fi
|
2017-04-20 11:32:10 +05:30
|
|
|
fi
|
2016-02-07 15:20:19 +05:30
|
|
|
fi
|
2017-04-20 11:32:10 +05:30
|
|
|
else
|
|
|
|
# Revert https setting
|
|
|
|
sed -i "s/port: 443/#port: 80/" ${gitlab_yml_private}
|
|
|
|
sed -i "s/https: true/https: false/" ${gitlab_yml_private}
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Cleanup in case letsencrypt were disabled later
|
|
|
|
if [ "$gitlab_letsencrypt" = "false" ]; then
|
|
|
|
if [ -L /etc/gitlab/ssl/gitlab.crt ]; then
|
|
|
|
if [ "$(file /etc/gitlab/ssl/gitlab.crt|awk '{ print $NF }')" = "/etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem" ]; then
|
|
|
|
echo "Removing symbolic links to letsencrypt certificate..."
|
|
|
|
rm -f /etc/gitlab/ssl/gitlab.crt
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if [ -L /etc/gitlab/ssl/gitlab.key ]; then
|
|
|
|
if [ "$(file /etc/gitlab/ssl/gitlab.key|awk '{ print $NF }')" = "/etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem" ]; then
|
|
|
|
echo "Removing symbolic links to letsencrypt certificate private key..."
|
|
|
|
rm -f /etc/gitlab/ssl/gitlab.key
|
|
|
|
fi
|
|
|
|
fi
|
2017-04-19 15:34:07 +05:30
|
|
|
fi
|
2017-02-15 12:55:30 +05:30
|
|
|
|
2017-02-16 17:35:01 +05:30
|
|
|
# Override User for systemd services
|
2020-08-20 23:29:31 +05:30
|
|
|
for service in mailroom puma sidekiq workhorse; do
|
2017-02-16 17:35:01 +05:30
|
|
|
path=/etc/systemd/system/gitlab-${service}.service.d
|
|
|
|
mkdir -p $path
|
2017-04-20 11:47:34 +05:30
|
|
|
if [ -e $path/override.conf ]; then
|
2017-04-20 11:59:40 +05:30
|
|
|
echo "$path/override.conf already exist"
|
|
|
|
# Make sure only gitlab user is updated
|
|
|
|
sed -i "s/^ *User=.*/User=$gitlab_user/" $path/override.conf
|
2017-04-20 11:47:34 +05:30
|
|
|
else
|
|
|
|
printf "[Service]\nUser=${gitlab_user}\n" > $path/override.conf
|
|
|
|
fi
|
2017-02-16 17:35:01 +05:30
|
|
|
done
|
|
|
|
|
2016-07-14 19:54:37 +05:30
|
|
|
# Manage gitlab-shell's config.yml via ucf
|
|
|
|
mkdir -p /etc/gitlab-shell
|
|
|
|
echo "Registering ${gitlab_shell_config} via ucf"
|
|
|
|
ucf --debconf-ok --three-way ${gitlab_shell_config_private} ${gitlab_shell_config}
|
|
|
|
ucfr gitlab ${gitlab_shell_config}
|
2016-02-07 15:20:19 +05:30
|
|
|
|
2016-04-08 17:03:46 +05:30
|
|
|
# Manage gitlab.yml via ucf
|
2016-04-08 17:00:57 +05:30
|
|
|
echo "Registering ${gitlab_yml} via ucf"
|
2016-04-08 17:03:46 +05:30
|
|
|
ucf --debconf-ok --three-way ${gitlab_yml_private} ${gitlab_yml}
|
|
|
|
ucfr gitlab ${gitlab_yml}
|
|
|
|
|
2016-04-08 17:00:57 +05:30
|
|
|
# Manage gitlab-debian.conf via ucf
|
|
|
|
echo "Registering ${gitlab_debian_conf} via ucf"
|
|
|
|
ucf --debconf-ok --three-way ${gitlab_debian_conf_private} ${gitlab_debian_conf}
|
|
|
|
ucfr gitlab ${gitlab_debian_conf}
|
|
|
|
|
2016-06-02 21:00:49 +05:30
|
|
|
# configure nginx site
|
|
|
|
if test -d /etc/nginx/sites-available/; then
|
|
|
|
if test -f ${nginx_conf_example}; then
|
|
|
|
nginx_site="/etc/nginx/sites-available/${GITLAB_HOST}"
|
|
|
|
sed -e "s/YOUR_SERVER_FQDN/${GITLAB_HOST}/"\
|
|
|
|
${nginx_conf_example} >${nginx_site_private}
|
|
|
|
ucf --debconf-ok --three-way ${nginx_site_private} ${nginx_site}
|
|
|
|
ucfr gitlab ${nginx_site}
|
|
|
|
ln -fs ${nginx_site} /etc/nginx/sites-enabled/
|
|
|
|
else
|
|
|
|
echo "nginx example configuration file not found"
|
|
|
|
exit 1
|
|
|
|
fi
|
2016-02-07 15:20:19 +05:30
|
|
|
fi
|
2016-04-08 00:24:03 +05:30
|
|
|
# Reload nginx
|
2016-04-08 17:00:57 +05:30
|
|
|
if command -v nginx > /dev/null; then
|
|
|
|
echo "Reloading nginx configuration..."
|
|
|
|
invoke-rc.d nginx reload
|
|
|
|
fi
|
2017-05-12 09:44:35 +05:30
|
|
|
|
|
|
|
dbc_go gitlab "$@"
|
2016-02-07 15:20:19 +05:30
|
|
|
db_stop
|
|
|
|
|
2017-04-21 12:47:11 +05:30
|
|
|
# enable the pg_trgm extension
|
2017-04-21 15:03:54 +05:30
|
|
|
runuser -u postgres -- sh -c "psql -d gitlab_production -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\""
|
2016-02-07 15:20:19 +05:30
|
|
|
|
2020-10-25 23:10:15 +05:30
|
|
|
# enable the btree_gist extension
|
|
|
|
runuser -u postgres -- sh -c "psql -d gitlab_production -c \"CREATE EXTENSION IF NOT EXISTS btree_gist;\""
|
2020-08-09 00:28:53 +05:30
|
|
|
# Allow gitlab user to create schema
|
|
|
|
runuser -u postgres -- sh -c "psql -c \"GRANT CREATE ON database gitlab_production TO ${gitlab_user};\""
|
|
|
|
|
2016-02-07 15:20:19 +05:30
|
|
|
# Remove Gemfile.lock if present
|
2016-02-18 18:59:05 +05:30
|
|
|
rm -f ${gitlab_data_dir}/Gemfile.lock
|
2016-02-18 18:39:34 +05:30
|
|
|
|
2016-02-18 18:59:05 +05:30
|
|
|
# Create Gemfile.lock and .secret in /var/lib/gitlab
|
2017-04-21 15:03:54 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/Gemfile.lock"
|
2016-02-07 15:20:19 +05:30
|
|
|
|
|
|
|
echo "Verifying we have all required libraries..."
|
2017-04-21 15:03:54 +05:30
|
|
|
runuser -u ${gitlab_user} -- sh -c 'bundle install --without development test --local'
|
2015-09-12 15:42:12 +05:30
|
|
|
|
2016-04-08 17:00:57 +05:30
|
|
|
echo "Running final rake tasks and tweaks..."
|
2016-02-07 15:20:19 +05:30
|
|
|
. /usr/lib/gitlab/scripts/rake-tasks.sh
|
2016-12-08 23:46:56 +05:30
|
|
|
;;
|
2016-01-16 15:43:30 +05:30
|
|
|
|
2016-12-08 23:46:56 +05:30
|
|
|
triggered)
|
|
|
|
# Already handled
|
2016-02-07 15:20:19 +05:30
|
|
|
;;
|
2015-09-12 15:42:12 +05:30
|
|
|
|
2016-02-07 15:20:19 +05:30
|
|
|
abort-upgrade|abort-remove|abort-deconfigure)
|
2015-09-12 15:42:12 +05:30
|
|
|
;;
|
|
|
|
|
2016-02-07 15:20:19 +05:30
|
|
|
*)
|
|
|
|
echo "postinst called with unknown argument \`$1'" >&2
|
|
|
|
exit 1
|
2015-09-12 15:42:12 +05:30
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
#DEBHELPER#
|
|
|
|
|
2016-09-26 09:13:37 +05:30
|
|
|
case "$1" in
|
|
|
|
configure)
|
2018-12-15 13:14:01 +05:30
|
|
|
if command -v gitaly > /dev/null; then
|
|
|
|
echo "Restarting gitaly..."
|
|
|
|
invoke-rc.d gitaly restart
|
|
|
|
fi
|
2019-09-07 01:00:32 +05:30
|
|
|
echo "Restarting gitlab-sidekiq..."
|
|
|
|
systemctl restart gitlab-sidekiq
|
2018-12-16 20:40:25 +05:30
|
|
|
echo "Restarting gitlab..."
|
|
|
|
invoke-rc.d gitlab restart
|
2016-09-26 09:13:37 +05:30
|
|
|
echo "Running rake checks..."
|
2018-11-19 20:48:18 +05:30
|
|
|
gitlab-rake gitlab:check
|
2016-09-26 09:13:37 +05:30
|
|
|
;;
|
|
|
|
esac
|