realaravinth/debian-mirror-gitlab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'master-9.2'

Browse source
This commit is contained in:
Pirate Praveen 2017-09-10 17:38:17 +05:30
commit 24f7fe97bd
29 changed files with 493 additions and 843 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
debian/changelog vendored
View file

@ -1,3 +1,11 @@
gitlab (9.2.10+dfsg-1) experimental; urgency=medium
* New upstream release
* Move to contrib (packaging of node modules for front end is not complete)
* Use npm install for front end dependencies
-- Pirate Praveen <praveen@debian.org> Fri, 01 Sep 2017 18:00:02 +0530
gitlab (8.13.11+dfsg1-11) unstable; urgency=medium
* Tighten dependency on ruby-truncato

92
debian/control vendored
View file

@ -1,5 +1,5 @@
Source: gitlab
Section: net
Section: contrib/net
Priority: optional
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Uploaders: Cédric Boutillier <boutil@debian.org>,
@ -32,9 +32,9 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
postfix | exim4 | mail-transport-agent,
openssh-client,
ucf,
gitlab-shell (>= 3.6.6-4~),
gitlab-shell (>= 5.0.4~),
gitlab-workhorse (>= 0.8.5~),
ruby-rails (>= 2:4.2.7~),
ruby-rails (>= 2:4.2.8~),
ruby-rails (<< 2:5),
ruby-rails-deprecated-sanitizer (>= 1.0.3~),
ruby-responders (>= 2.0~),
@ -46,21 +46,25 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
# Authentication libraries
ruby-devise (>= 4.2~),
ruby-doorkeeper (>= 4.0~),
ruby-omniauth (>= 1.3.1~),
ruby-doorkeeper-openid-connect,
ruby-omniauth (>= 1.4.2~),
ruby-omniauth-auth0 (>= 1.4.1~),
ruby-omniauth-azure-oauth2 (>= 0.0.6~),
ruby-omniauth-bitbucket (>= 0.0.2~),
ruby-omniauth-cas3 (>= 1.1.2~),
ruby-omniauth-cas3 (>= 1.1.4~),
ruby-omniauth-facebook (>= 4.0~),
ruby-omniauth-github (>= 1.1.1~),
ruby-omniauth-gitlab (>= 1.0.2~),
ruby-omniauth-google-oauth2 (>= 0.4.1~),
ruby-omniauth-kerberos (>= 0.3.0-3~),
ruby-omniauth-oauth2-generic,
ruby-omniauth-saml (>= 1.7.0~),
ruby-omniauth-shibboleth (>= 1.2.0~),
ruby-omniauth-twitter (>= 1.2.0~),
ruby-omniauth-crowd (>= 2.2.0~),
ruby-omniauth-authentiq,
ruby-rack-oauth2 (>= 1.2.1~),
ruby-jwt (>= 1.5.6~),
# Spam and anti-bot protection
ruby-recaptcha (>= 3.0~),
ruby-akismet,
@ -69,6 +73,8 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
ruby-rqrcode-rails3 (>= 0.1.7~),
ruby-attr-encrypted (>= 3.0~),
ruby-u2f,
# GitLab Pages
ruby-validates-hostname,
# Browser detection
ruby-browser (>= 2.2~),
# Extracting information from a git repository
@ -81,25 +87,29 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
# Language detection
ruby-github-linguist (>= 4.7.0~),
# API
ruby-grape (>= 0.16.2-2~),
ruby-grape (>= 0.19.0~),
ruby-grape-entity (>= 0.6~),
ruby-rack-cors (>= 0.4.0~),
# Disable strong_params so that Mash does not respond to :permitted?
ruby-hashie-forbidden-attributes,
# Pagination
ruby-kaminari (>= 0.17~),
# HAML
ruby-hamlit (>= 2.7~),
# Files attachments
ruby-carrierwave (>= 0.9~),
ruby-carrierwave (>= 1.0~),
# Drag and Drop UI
ruby-dropzonejs-rails (>= 0.7.1~),
# for backups
ruby-fog-aws (>= 0.9~),
ruby-fog-azure,
ruby-fog-core (>= 1.40~),
ruby-fog-core (>= 1.44~),
ruby-fog-local (>= 0.3~),
ruby-fog-google (>= 0.3~),
ruby-fog-google (>= 0.5~),
ruby-fog-openstack (>= 0.1~),
ruby-fog-rackspace,
# for Google storage
ruby-google-api-client,
# for aws storage
ruby-unf (>= 0.1.4-2~),
# Authorization
@ -109,7 +119,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
# Markdown and HTML processing
ruby-htmlentities (>= 4.3.3~),
ruby-html-pipeline (>= 1.11.0),
ruby-task-list (>= 1.0.5~),
ruby-task-list (>= 1.0.6~),
ruby-github-markup (>= 1.5.1~),
ruby-redcarpet (>= 3.3.4~),
ruby-redcloth (>= 4.3.2-2~),
@ -117,11 +127,12 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
ruby-creole (>= 0.5.0~),
ruby-wikicloth (>= 0.8.1~),
asciidoctor (>= 1.5.2~),
ruby-asciidoctor-plantuml (>= 0.0.7~),
ruby-rouge (>= 2.0~),
ruby-truncato (>= 0.7.9~),
ruby-nokogiri (>= 1.6.7.2~),
ruby-nokogiri (>= 1.7.1~),
# Diffs
ruby-diffy (>= 3.0.3~),
ruby-diffy (>= 3.1~),
# Application server
unicorn (>= 5.1~),
ruby-unicorn-worker-killer (>= 0.4.4~),
@ -133,33 +144,40 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
ruby-acts-as-taggable-on (>= 4.0~),
# Background jobs
ruby-sinatra (>= 1.4.7-4~),
ruby-sidekiq (>= 4.2~),
ruby-sidekiq-cron (>= 0.4.0~),
ruby-sidekiq (>= 5.0~),
ruby-sidekiq-cron (>= 0.4.4~),
ruby-redis-namespace,
ruby-sidekiq-limit-fetch,
# HTTP requests
ruby-httparty (>= 0.13.3~),
# Colored output to console
ruby-rainbow (>= 2.1~),
# GitLab settings
ruby-settingslogic (>= 2.0.9~),
# Linear-time regex library for untrusted regular expressions
ruby-re2 (>= 1.0~),
# Misc
ruby-version-sorter (>= 2.1~),
# Cache
ruby-redis-rails (>= 4.0.0~),
ruby-redis-rails (>= 5.0.1~),
# Campfire integration
ruby-tinder (>= 1.10.1-2~),
# HipChat integration
ruby-hipchat (>= 1.5.0~),
# JIRA integration
ruby-jira (>= 1.1.2),
# Flowdock integration
ruby-gitlab-flowdock-git-hook (>= 1.0.1-2~),
# Gemnasium integration
ruby-gemnasium-gitlab-service (>= 0.2~),
# Slack integration
ruby-slack-notifier (>= 1.2.0~),
ruby-slack-notifier (>= 1.5.1~),
# Asana integration
ruby-asana (>= 0.4.0~),
# FogBugz integration
ruby-fogbugz (>= 0.2.1-3~),
# Kubernetes integration
ruby-kubeclient,
# d3
ruby-d3-rails (>= 3.1~),
#cal-heatmap
@ -174,7 +192,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
# Working with license
ruby-licensee (>= 8.0.0-2~),
# Protect against bruteforcing
ruby-rack-attack (>= 4.3.1~),
ruby-rack-attack (>= 4.4.1~),
# Ace editor
ruby-ace-rails-ap (>= 4.1~),
# Keyboard shortcuts
@ -186,6 +204,9 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
# Parse time & duration
ruby-chronic (>= 0.10.2-3~),
ruby-chronic-duration,
ruby-webpack-rails,
npm,
ruby-rack-proxy,
ruby-sass-rails (>= 5.0.6~),
ruby-coffee-rails (>= 4.1.0~),
ruby-coffee-script-source (>= 1.10.0~),
@ -194,7 +215,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
ruby-jquery-turbolinks (>= 2.1.0~),
ruby-addressable (>= 2.3.8~),
ruby-bootstrap-sass (>= 3.3.0~),
ruby-font-awesome-rails (>= 4.6.1~),
ruby-font-awesome-rails (>= 4.7~),
ruby-gemojione (>= 3.0~),
ruby-gon (>= 6.1~),
ruby-jquery-atwho-rails (>= 1.3.2~),
@ -215,24 +236,32 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
ruby-connection-pool (>= 2.0~),
ruby-sentry-raven (>= 2.0~),
ruby-premailer-rails,
# I18n
ruby-parser (>= 3.8.2~),
ruby-gettext-i18n-rails,
ruby-gettext-i18n-rails-js,
# ruby-actionmailer,
ruby-mail (>= 2.5.4~),
ruby-octokit (>= 4.3.0~),
ruby-mail-room (>= 0.8.1~),
ruby-email-reply-parser (>= 0.5.8~),
ruby-mail-room (>= 0.9.1~),
ruby-email-reply-trimmer (>= 0.1~),
ruby-html2text,
ruby-prof (>= 0.16.2~),
## CI
ruby-activerecord-session-store (>= 1.0~),
ruby-nested-form (>= 0.3.2-2~),
# OAuth
ruby-oauth2 (>= 1.2.0~),
ruby-oauth2 (>= 1.3~),
# Soft deletion
ruby-paranoia (>= 2.0~),
ruby-paranoia (>= 2.2~),
# Health check
ruby-health-check (>= 2.1~),
# System information
ruby-vmstat (>= 2.2.0~),
ruby-vmstat (>= 2.3~),
ruby-sys-filesystem,
# Gitaly GRPC client
ruby-gitaly,
ruby-toml-rb,
# Vendored js files
libjs-jquery-cookie,
libjs-jquery-history,
@ -240,7 +269,19 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
libjs-clipboard,
libjs-chartjs,
libjs-graphael,
libjs-fuzzaldrin-plus (>= 0.3.1+git.20161008.da2cb58+dfsg-4~)
libjs-fuzzaldrin-plus (>= 0.3.1+git.20161008.da2cb58+dfsg-4~),
node-lie,
phantomjs,
node-babel-core,
node-core-js,
node-exports-loader,
node-jed,
node-marked,
node-raw-loader,
node-stats-webpack-plugin,
node-underscore,
node-eslint-plugin-html,
node-file-loader
Recommends: certbot
Description: git powered software platform to collaborate on code (non-omnibus)
gitlab provides web based interface to host source code and track issues.
@ -250,3 +291,6 @@ Description: git powered software platform to collaborate on code (non-omnibus)
.
Unlike the official package from GitLab Inc., this package does not use
omnibus.
.
Note: Currently this package is in contrib because it depends on webpack
from contrib and uses npm to install front end dependencies.

1
debian/gitlab.links vendored
View file

@ -1,6 +1,7 @@
var/lib/gitlab/public usr/share/gitlab/public
var/lib/gitlab/shared usr/share/gitlab/shared
var/lib/gitlab/db usr/share/gitlab/db
var/lib/gitlab/node_modules usr/share/gitlab/node_modules
var/lib/gitlab/.ssh usr/share/gitlab/.ssh
var/lib/gitlab/.bundle usr/share/gitlab/.bundle
var/lib/gitlab/secrets.yml etc/gitlab/secrets.yml

6
debian/install vendored
View file

@ -28,18 +28,24 @@ features usr/share/gitlab
fixtures usr/share/gitlab
Gemfile usr/share/gitlab
generator_templates usr/share/gitlab
GITLAB_PAGES_VERSION usr/share/gitlab
GITALY_SERVER_VERSION usr/share/gitlab
GITLAB_SHELL_VERSION usr/share/gitlab
GITLAB_WORKHORSE_VERSION usr/share/gitlab
lib usr/share/gitlab
locale usr/share/gitlab
MAINTENANCE.md usr/share/gitlab
package.json usr/share/gitlab
PROCESS.md usr/share/gitlab
Procfile usr/share/gitlab
rubocop usr/share/gitlab
Rakefile usr/share/gitlab
README.md usr/share/gitlab
scripts usr/share/gitlab
spec usr/share/gitlab
vendor usr/share/gitlab
VERSION usr/share/gitlab
yarn.lock usr/share/gitlab
shared var/lib/gitlab
public var/lib/gitlab
db var/lib/gitlab

8
debian/patches/0005-use-debian-omniauth-ldap.patch vendored
View file

@ -1,11 +1,9 @@
Debian package contains gitlab patches
Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/13280
Index: gitlab/Gemfile
===================================================================
--- gitlab.orig/Gemfile
+++ gitlab/Gemfile
@@ -56,7 +56,7 @@ gem 'gitlab_git', '~> 10.6.8'
--- a/Gemfile
+++ b/Gemfile
@@ -60,7 +60,7 @@
# LDAP Auth
# GitLab fork with several improvements to original library. For full list of changes
# see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master

13
debian/patches/0018-loosen-rdoc.patch vendored
View file

@ -1,13 +0,0 @@
Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/2814
--- a/Gemfile
+++ b/Gemfile
@@ -104,7 +104,7 @@
gem 'gitlab-markup', '~> 1.5.1'
gem 'redcarpet', '~> 3.3.3'
gem 'RedCloth', '~> 4.3.2'
-gem 'rdoc', '~>3.6'
+gem 'rdoc', '~> 4.1'
gem 'org-ruby', '~> 0.9.12'
gem 'creole', '~> 0.5.0'
gem 'wikicloth', '0.8.1'

196
debian/patches/0050-relax-stable-libs.patch vendored
View file

@ -3,20 +3,18 @@ gitlab Gemfile
--- a/Gemfile
+++ b/Gemfile
@@ -1,16 +1,16 @@
@@ -1,15 +1,15 @@
source 'https://rubygems.org'
-gem 'rails', '4.2.7.1'
-gem 'rails-deprecated_sanitizer', '~> 1.0.3'
+gem 'rails', '~> 4.2', '>= 4.2.7.1'
+gem 'rails-deprecated_sanitizer', '~> 1.0', '>= 1.0.3'
-gem 'rails', '4.2.8'
+gem 'rails', '~> 4.2.8'
gem 'rails-deprecated_sanitizer', '~> 1.0.3'
# Responders respond_to and respond_with
gem 'responders', '~> 2.0'
-gem 'sprockets', '~> 3.7.0'
+gem 'sprockets', '~> 3.7'
gem 'sprockets-es6', '~> 0.9.2'
# Default values for AR models
-gem 'default_value_for', '~> 3.0.0'
@ -24,42 +22,46 @@ gitlab Gemfile
# Supported DBs
gem 'mysql2', '~> 0.3.16', group: :mysql
@@ -18,22 +18,22 @@
@@ -21,38 +21,38 @@
# Authentication libraries
gem 'devise', '~> 4.2'
-gem 'doorkeeper', '~> 4.2.0'
-gem 'omniauth', '~> 1.3.1'
-gem 'doorkeeper-openid_connect', '~> 1.1.0'
-gem 'omniauth', '~> 1.4.2'
-gem 'omniauth-auth0', '~> 1.4.1'
+gem 'doorkeeper', '~> 4.2'
+gem 'omniauth', '~> 1.3', '>= 1.3.1'
+gem 'doorkeeper-openid_connect', '~> 1.1'
+gem 'omniauth', '~> 1.4', '>= 1.4.2'
+gem 'omniauth-auth0', '~> 1.4', '>= 1.4.1'
gem 'omniauth-azure-oauth2', '~> 0.0.6'
gem 'omniauth-bitbucket', '~> 0.0.2'
-gem 'omniauth-cas3', '~> 1.1.2'
-gem 'omniauth-facebook', '~> 4.0.0'
-gem 'omniauth-github', '~> 1.1.1'
-gem 'omniauth-gitlab', '~> 1.0.0'
-gem 'omniauth-gitlab', '~> 1.0.2'
+gem 'omniauth-cas3', '~> 1.1', '>= 1.1.2'
+gem 'omniauth-facebook', '~> 4.0'
+gem 'omniauth-github', '~> 1.1', '>= 1.1.1'
+gem 'omniauth-gitlab', '~> 1.0'
+gem 'omniauth-gitlab', '~> 1.0', '>= 1.0.2'
gem 'omniauth-google-oauth2', '~> 0.4.1'
gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos
gem 'omniauth-oauth2-generic', '~> 0.2.2'
-gem 'omniauth-saml', '~> 1.7.0'
-gem 'omniauth-shibboleth', '~> 1.2.0'
-gem 'omniauth-twitter', '~> 1.2.0'
-gem 'omniauth_crowd', '~> 2.2.0'
-gem 'rack-oauth2', '~> 1.2.1'
+gem 'omniauth-saml', '~> 1.7'
+gem 'omniauth-shibboleth', '~> 1.2'
+gem 'omniauth-twitter', '~> 1.2'
+gem 'omniauth_crowd', '~> 2.2'
gem 'omniauth-authentiq', '~> 0.3.0'
-gem 'rack-oauth2', '~> 1.2.1'
-gem 'jwt', '~> 1.5.6'
+gem 'rack-oauth2', '~> 1.2', '>= 1.2.1'
gem 'jwt'
+gem 'jwt', '~> 1.5', '>= 1.5.6'
# Spam and anti-bot protection
@@ -41,9 +41,9 @@
gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails'
gem 'akismet', '~> 2.0'
# Two-factor authentication
@ -70,14 +72,13 @@ gitlab Gemfile
+gem 'attr_encrypted', '~> 3.0'
gem 'u2f', '~> 0.2.1'
# GitLab Pages
-gem 'validates_hostname', '~> 1.0.6'
+gem 'validates_hostname', '~> 1.0', '>= 1.0.6'
# Browser detection
@@ -51,12 +51,12 @@
# Extracting information from a git repository
# Provide access to Gitlab::Git library
-gem 'gitlab_git', '~> 10.7.0'
+gem 'gitlab_git', '~> 10.7'
gem 'browser', '~> 2.2'
@@ -60,7 +60,7 @@
# LDAP Auth
# GitLab fork with several improvements to original library. For full list of changes
# see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master
@ -86,16 +87,16 @@ gitlab Gemfile
# Git Wiki
# Required manually in config/initializers/gollum.rb to control load order
@@ -64,7 +64,7 @@
gem 'gollum-rugged_adapter', '~> 0.4.2', require: false
@@ -68,7 +68,7 @@
gem 'gollum-rugged_adapter', '~> 0.4.4', require: false
# Language detection
-gem 'github-linguist', '~> 4.7.0', require: 'linguist'
+gem 'github-linguist', '~> 4.7', require: 'linguist'
# API
gem 'grape', '~> 0.15.0'
@@ -75,7 +75,7 @@
gem 'grape', '~> 0.19.0'
@@ -82,7 +82,7 @@
gem 'kaminari', '~> 0.17.0'
# HAML
@ -103,31 +104,27 @@ gitlab Gemfile
+gem 'hamlit', '~> 2.6', '>= 2.6.1'
# Files attachments
gem 'carrierwave', '~> 0.10.0'
@@ -96,39 +96,39 @@
gem 'unf', '~> 0.1.4'
# Seed data
-gem 'seed-fu', '~> 2.3.5'
+gem 'seed-fu', '~> 2.3', '>= 2.3.5'
gem 'carrierwave', '~> 1.0'
@@ -108,37 +108,37 @@
gem 'seed-fu', '~> 2.3.5'
# Markdown and HTML processing
-gem 'html-pipeline', '~> 1.11.0'
-gem 'deckar01-task_list', '1.0.5', require: 'task_list/railtie'
-gem 'deckar01-task_list', '1.0.6', require: 'task_list/railtie'
-gem 'gitlab-markup', '~> 1.5.1'
-gem 'redcarpet', '~> 3.3.3'
-gem 'RedCloth', '~> 4.3.2'
+gem 'html-pipeline', '~> 1.11'
+gem 'deckar01-task_list', '~> 1.0', '>= 1.0.5', require: 'task_list/railtie'
+gem 'deckar01-task_list', '~> 1.0', '>= 1.0.6', require: 'task_list/railtie'
+gem 'gitlab-markup', '~> 1.5','>= 1.5.1'
+gem 'redcarpet', '~> 3.3', '>= 3.3.3'
gem 'redcarpet', '~> 3.4'
-gem 'RedCloth', '~> 4.3.2'
+gem 'RedCloth', '~> 4.3', '>= 4.3.2'
gem 'rdoc', '~> 4.1'
gem 'rdoc', '~> 4.2'
gem 'org-ruby', '~> 0.9.12'
gem 'creole', '~> 0.5.0'
gem 'wikicloth', '0.8.1'
-gem 'asciidoctor', '~> 1.5.2'
+gem 'asciidoctor', '~> 1.5','>= 1.5.2'
gem 'asciidoctor-plantuml', '0.0.7'
gem 'rouge', '~> 2.0'
gem 'truncato', '~> 0.7.8'
@ -137,8 +134,8 @@ gitlab Gemfile
+gem 'nokogiri', '~> 1.6', '>= 1.6.7.2'
# Diffs
-gem 'diffy', '~> 3.0.3'
+gem 'diffy', '~> 3.0', '>= 3.0.3'
-gem 'diffy', '~> 3.1.0'
+gem 'diffy', '~> 3.1'
# Application server
group :unicorn do
@ -155,12 +152,17 @@ gitlab Gemfile
# Issue tags
gem 'acts-as-taggable-on', '~> 4.0'
@@ -136,39 +136,39 @@
@@ -146,49 +146,49 @@
# Background jobs
gem 'sidekiq', '~> 4.2'
gem 'sidekiq-cron', '~> 0.4.0'
gem 'sidekiq', '~> 5.0'
gem 'sidekiq-cron', '~> 0.4.4'
-gem 'redis-namespace', '~> 1.5.2'
+gem 'redis-namespace', '~> 1.5', '>= 1.5.2'
gem 'sidekiq-limit_fetch', '~> 3.4'
# Cron Parser
-gem 'rufus-scheduler', '~> 3.1.10'
+gem 'rufus-scheduler', '~> 3.1', '>= 3.1.10'
# HTTP requests
gem 'httparty', '~> 0.13.3'
@ -173,14 +175,18 @@ gitlab Gemfile
-gem 'settingslogic', '~> 2.0.9'
+gem 'settingslogic', '~> 2.0', '>= 2.0.9'
# Linear-time regex library for untrusted regular expressions
-gem 're2', '~> 1.0.0'
+gem 're2', '~> 1.0'
# Misc
-gem 'version_sorter', '~> 2.1.0'
+gem 'version_sorter', '~> 2.1'
# Cache
-gem 'redis-rails', '~> 4.0.0'
+gem 'redis-rails', '~> 4.0'
-gem 'redis-rails', '~> 5.0.1'
+gem 'redis-rails', '~> 5.0', '>= 5.0.1'
# Redis
gem 'redis', '~> 3.2'
@ -190,6 +196,10 @@ gitlab Gemfile
-gem 'hipchat', '~> 1.5.0'
+gem 'hipchat', '~> 1.5'
# JIRA integration
-gem 'jira-ruby', '~> 1.1.2'
+gem 'jira-ruby', '~> 1.1', '>= 1.1.2'
# Flowdock integration
-gem 'gitlab-flowdock-git-hook', '~> 1.0.1'
+gem 'gitlab-flowdock-git-hook', '~> 1.0', '>= 1.0.1'
@ -198,14 +208,18 @@ gitlab Gemfile
gem 'gemnasium-gitlab-service', '~> 0.2'
# Slack integration
-gem 'slack-notifier', '~> 1.2.0'
+gem 'slack-notifier', '~> 1.2'
-gem 'slack-notifier', '~> 1.5.1'
+gem 'slack-notifier', '~> 1.5', '>= 1.5.1'
# Asana integration
gem 'asana', '~> 0.4.0'
@@ -177,63 +177,63 @@
gem 'asana', '~> 0.6.0'
@@ -197,38 +197,38 @@
gem 'ruby-fogbugz', '~> 0.2.1'
# Kubernetes integration
-gem 'kubeclient', '~> 2.2.0'
+gem 'kubeclient', '~> 2.2'
# d3
-gem 'd3_rails', '~> 3.5.0'
+gem 'd3_rails', '~> 3.5'
@ -224,12 +238,12 @@ gitlab Gemfile
+gem 'loofah', '~> 2.0', '>= 2.0.3'
# Working with license
-gem 'licensee', '~> 8.0.0'
+gem 'licensee', '~> 8.0'
-gem 'licensee', '~> 8.7.0'
+gem 'licensee', '~> 8.7'
# Protect against bruteforcing
-gem 'rack-attack', '~> 4.3.1'
+gem 'rack-attack', '~> 4.3', '>= 4.3.1'
-gem 'rack-attack', '~> 4.4.1'
+gem 'rack-attack', '~> 4.4', '>= 4.4.1'
# Ace editor
-gem 'ace-rails-ap', '~> 4.1.0'
@ -248,31 +262,29 @@ gitlab Gemfile
# Parse time & duration
gem 'chronic', '~> 0.10.2'
gem 'chronic_duration', '~> 0.10.6'
@@ -237,32 +237,32 @@
gem 'webpack-rails', '~> 0.9.10'
gem 'rack-proxy', '~> 0.6.0'
-gem 'sass-rails', '~> 5.0.6'
-gem 'coffee-rails', '~> 4.1.0'
-gem 'uglifier', '~> 2.7.2'
+gem 'sass-rails', '~> 5.0', '>= 5.0.6'
+gem 'coffee-rails', '~> 4.1'
+gem 'uglifier', '>= 2.7.2'
gem 'gitlab-turbolinks-classic', '~> 2.5', '>= 2.5.6'
+gem 'uglifier', '~> 2.7', '>= 2.7.2'
-gem 'addressable', '~> 2.3.8'
-gem 'bootstrap-sass', '~> 3.3.0'
-gem 'font-awesome-rails', '~> 4.6.1'
+gem 'addressable', '~> 2.3', '>= 2.3.8'
+gem 'bootstrap-sass', '~> 3.3'
+gem 'font-awesome-rails', '~> 4.6', '>= 4.6.1'
gem 'font-awesome-rails', '~> 4.7'
gem 'gemojione', '~> 3.0'
-gem 'gon', '~> 6.1.0'
-gem 'jquery-atwho-rails', '~> 1.3.2'
-gem 'jquery-rails', '~> 4.1.0'
-gem 'jquery-ui-rails', '~> 5.0.0'
+gem 'gon', '~> 6.1'
+gem 'jquery-atwho-rails', '~> 1.3', '>= 1.3.2'
+gem 'jquery-rails', '~> 4.1'
+gem 'jquery-ui-rails', '~> 5.0'
gem 'request_store', '~> 1.3'
-gem 'select2-rails', '~> 3.5.9'
-gem 'virtus', '~> 1.0.1'
@ -283,43 +295,65 @@ gitlab Gemfile
gem 'base32', '~> 0.3.0'
# Sentry integration
-gem 'sentry-raven', '~> 2.0.0'
+gem 'sentry-raven', '~> 2.0'
-gem 'sentry-raven', '~> 2.4.0'
+gem 'sentry-raven', '~> 2.4'
-gem 'premailer-rails', '~> 1.9.0'
+gem 'premailer-rails', '~> 1.9'
# I18n
-gem 'ruby_parser', '~> 3.8.4', require: false
-gem 'gettext_i18n_rails', '~> 1.8.0'
-gem 'gettext_i18n_rails_js', '~> 1.2.0'
+gem 'ruby_parser', '~> 3.8', '>= 3.8.4', require: false
+gem 'gettext_i18n_rails', '~> 1.8'
+gem 'gettext_i18n_rails_js', '~> 1.2'
gem 'gettext', '~> 3.2.2', require: false, group: :development
# Metrics
group :metrics do
@@ -323,7 +323,7 @@
@@ -337,17 +337,17 @@
end
gem 'newrelic_rpm', '~> 3.16'
group :test do
- gem 'shoulda-matchers', '~> 2.8.0', require: false
- gem 'email_spec', '~> 1.6.0'
- gem 'json-schema', '~> 2.6.2'
+ gem 'shoulda-matchers', '~> 2.8', require: false
+ gem 'email_spec', '~> 1.6'
+ gem 'json-schema', '~> 2.6', '>= 2.6.2'
gem 'webmock', '~> 1.24.0'
gem 'test_after_commit', '~> 1.1'
- gem 'sham_rack', '~> 1.3.6'
+ gem 'sham_rack', '~> 1.3', '>= 1.3.6'
gem 'timecop', '~> 0.8.0'
- gem 'concurrent-ruby', '~> 1.0.5'
+ gem 'concurrent-ruby', '~> 1.0','>= 1.0.5'
end
-gem 'octokit', '~> 4.3.0'
+gem 'octokit', '~> 4.3'
-gem 'octokit', '~> 4.6.2'
+gem 'octokit', '~> 4.6', '>= 4.6.2'
gem 'mail_room', '~> 0.8.1'
gem 'mail_room', '~> 0.9.1'
@@ -332,18 +332,18 @@
@@ -357,17 +357,17 @@
gem 'ruby-prof', '~> 0.16.2'
## CI
-gem 'activerecord-session_store', '~> 1.0.0'
+gem 'activerecord-session_store', '~> 1.0'
gem 'nested_form', '~> 0.3.2'
# OAuth
-gem 'oauth2', '~> 1.2.0'
+gem 'oauth2', '~> 1.2'
-gem 'oauth2', '~> 1.3.0'
+gem 'oauth2', '~> 1.3'
# Soft deletion
gem 'paranoia', '~> 2.0'
gem 'paranoia', '~> 2.2'
# Health check
-gem 'health_check', '~> 2.2.0'
+gem 'health_check', '~> 2.2'
-gem 'health_check', '~> 2.6.0'
+gem 'health_check', '~> 2.6'
# System information
gem 'vmstat', '~> 2.2'
-gem 'vmstat', '~> 2.3.0'
-gem 'sys-filesystem', '~> 1.1.6'
+gem 'vmstat', '~> 2.3'
+gem 'sys-filesystem', '~> 1.1', '>= 1.1.6'
# Gitaly GRPC client
gem 'gitaly', '~> 0.6.0'

86
debian/patches/0100-remove-development-test.patch vendored
View file

@ -2,110 +2,74 @@ Bundler will fail when it can't find these locally
--- a/Gemfile
+++ b/Gemfile
@@ -242,87 +242,34 @@
@@ -272,70 +272,6 @@
gem 'influxdb', '~> 0.2', require: false
end
-group :development do
- gem 'foreman', '~> 0.78.0'
- gem 'brakeman', '~> 3.3.0', require: false
- gem 'brakeman', '~> 3.6.0', require: false
-
- gem 'letter_opener_web', '~> 1.3.0'
- gem 'rerun', '~> 0.11.0'
- gem 'bullet', '~> 5.2.0', require: false
- gem 'rblineprof', '~> 0.3.6', platform: :mri, require: false
- gem 'web-console', '~> 2.0'
-
- # Better errors handler
- gem 'better_errors', '~> 1.0.1'
- gem 'better_errors', '~> 2.1.0'
- gem 'binding_of_caller', '~> 0.7.2'
+#group :development, :test do
+if ENV["INCLUDE_TEST_DEPENDS"] == "true"
+ gem 'database_cleaner', '~> 1.5'
+ gem 'factory_girl_rails', '~> 4.6'
+ gem 'rspec-rails', '~> 3.4'
- # Docs generator
- gem 'sdoc', '~> 0.3.20'
-
- # thin instead webrick
- gem 'thin', '~> 1.7.0'
-end
-
-group :development, :test do
- gem 'byebug', '~> 8.2.1', platform: :mri
- gem 'bullet', '~> 5.5.0', require: !!ENV['ENABLE_BULLET']
- gem 'pry-byebug', '~> 3.4.1', platform: :mri
- gem 'pry-rails', '~> 0.3.4'
-
- gem 'awesome_print', '~> 1.2.0', require: false
- gem 'fuubar', '~> 2.0.0'
-
- gem 'database_cleaner', '~> 1.5.0'
- gem 'factory_girl_rails', '~> 4.6.0'
- gem 'factory_girl_rails', '~> 4.7.0'
- gem 'rspec-rails', '~> 3.5.0'
- gem 'rspec-retry', '~> 0.4.5'
- gem 'spinach-rails', '~> 0.2.1'
- gem 'spinach-rerun-reporter', '~> 0.0.2'
+ gem 'awesome_print', '~> 1.2', require: false
+ gem 'fuubar', '~> 2.0'
# Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
- gem 'rspec_profiling', '~> 0.0.5'
- gem 'rspec-set', '~> 0.1.3'
-
- # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
- gem 'minitest', '~> 5.7.0'
+ gem 'minitest', '~> 5.7'
# Generate Fake data
- gem 'ffaker', '~> 2.0.0'
-
- # Generate Fake data
- gem 'ffaker', '~> 2.4'
-
- gem 'capybara', '~> 2.6.2'
- gem 'capybara-screenshot', '~> 1.0.0'
- gem 'poltergeist', '~> 1.9.0'
-
- gem 'teaspoon', '~> 1.1.0'
- gem 'teaspoon-jasmine', '~> 2.2.0'
-
- gem 'spring', '~> 1.7.0'
- gem 'spring', '~> 2.0.0'
- gem 'spring-commands-rspec', '~> 1.0.4'
- gem 'spring-commands-spinach', '~> 1.1.0'
- gem 'spring-commands-teaspoon', '~> 0.0.2'
-
- gem 'rubocop', '~> 0.43.0', require: false
- gem 'rubocop-rspec', '~> 1.5.0', require: false
- gem 'rubocop', '~> 0.47.1', require: false
- gem 'rubocop-rspec', '~> 1.15.0', require: false
- gem 'scss_lint', '~> 0.47.0', require: false
- gem 'haml_lint', '~> 0.18.2', require: false
- gem 'simplecov', '0.12.0', require: false
- gem 'flay', '~> 2.6.1', require: false
- gem 'haml_lint', '~> 0.21.0', require: false
- gem 'simplecov', '~> 0.14.0', require: false
- gem 'flay', '~> 2.8.0', require: false
- gem 'bundler-audit', '~> 0.5.0', require: false
-
- gem 'benchmark-ips', '~> 2.3.0', require: false
+ gem 'ffaker', '~> 2.0'
-
- gem 'license_finder', '~> 2.1.0', require: false
- gem 'knapsack', '~> 1.11.0'
-
- gem 'activerecord_sane_schema_dumper', '0.2'
-
- gem 'stackprof', '~> 0.2.10'
-end
-
-group :test do
- gem 'shoulda-matchers', '~> 2.8.0', require: false
- gem 'email_spec', '~> 1.6.0'
- gem 'json-schema', '~> 2.6.2'
- gem 'webmock', '~> 1.21.0'
- gem 'test_after_commit', '~> 0.4.2'
- gem 'sham_rack', '~> 1.3.6'
+ gem 'capybara', '~> 2.5'
+ gem 'capybara-screenshot', '~> 1.0'
+ gem 'poltergeist', '~> 1.9'
+
+ gem 'license_finder', '~> 2.1', require: false
+ gem 'shoulda-matchers', '~> 2.8', require: false
+ gem 'email_spec', '~> 1.6'
+ gem 'json-schema', '~> 2.6', '>= 2.6.2'
+ gem 'webmock', '~> 1.21'
+ gem 'sham_rack', '~> 1.3', '>= 1.3.6'
gem 'timecop', '~> 0.8.0'
end
-gem 'newrelic_rpm', '~> 3.16'
-
gem 'octokit', '~> 4.3'
gem 'mail_room', '~> 0.8.1'
group :test do
gem 'shoulda-matchers', '~> 2.8', require: false
gem 'email_spec', '~> 1.6'

12
debian/patches/0108-make-mysql-optional.patch vendored
View file

@ -7,11 +7,9 @@ Subject: [PATCH] allow specifying DB choice via ENV variable
Gemfile | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
Index: gitlab/Gemfile
===================================================================
--- gitlab.orig/Gemfile
+++ gitlab/Gemfile
@@ -13,8 +13,9 @@ gem 'sprockets-es6', '~> 0.9.2'
--- a/Gemfile
+++ b/Gemfile
@@ -12,8 +12,9 @@
gem 'default_value_for', '~> 3.0'
# Supported DBs
@ -21,5 +19,5 @@ Index: gitlab/Gemfile
+gem "mysql2", '~> 0.3.16' if ENV["DB"] == "all" || ENV["DB"] == "mysql"
+gem "pg", '~> 0.18.2' if ENV["DB"] == "all" || ENV["DB"] == "postgres"
# Authentication libraries
gem 'devise', '~> 4.2'
gem 'rugged', '~> 0.25.1.1'

12
debian/patches/0110-make-test-dependencies-conditional.patch vendored Normal file
View file

@ -0,0 +1,12 @@
--- a/Gemfile
+++ b/Gemfile
@@ -273,7 +273,8 @@
gem 'influxdb', '~> 0.2', require: false
end
-group :test do
+#group :test do
+if ENV["INCLUDE_TEST_DEPENDS"] == "true"
gem 'shoulda-matchers', '~> 2.8', require: false
gem 'email_spec', '~> 1.6'
gem 'json-schema', '~> 2.6', '>= 2.6.2'

41
debian/patches/0210-use-jquery-ui-rails6.patch vendored
View file

@ -1,41 +0,0 @@
adapt gitlab to use jquery-ui 6 directory structure
--- a/Gemfile
+++ b/Gemfile
@@ -224,7 +224,7 @@
gem 'gon', '~> 6.1'
gem 'jquery-atwho-rails', '~> 1.3', '>= 1.3.2'
gem 'jquery-rails', '~> 4.1'
-gem 'jquery-ui-rails', '~> 5.0'
+gem 'jquery-ui-rails', '~> 6.0'
gem 'request_store', '~> 1.3'
gem 'select2-rails', '~> 3.5', '>= 3.5.9'
gem 'virtus', '~> 1.0', '>= 1.0.1'
--- a/app/assets/javascripts/application.js
+++ b/app/assets/javascripts/application.js
@@ -5,11 +5,11 @@
// the compiled file.
//
/*= require jquery2 */
-/*= require jquery-ui/autocomplete */
-/*= require jquery-ui/datepicker */
-/*= require jquery-ui/draggable */
-/*= require jquery-ui/effect-highlight */
-/*= require jquery-ui/sortable */
+/*= require jquery-ui/widgets/autocomplete */
+/*= require jquery-ui/widgets/datepicker */
+/*= require jquery-ui/widgets/draggable */
+/*= require jquery-ui/effects/effect-highlight */
+/*= require jquery-ui/widgets/sortable */
/*= require jquery_ujs */
/*= require jquery.cookie */
/*= require jquery.endless-scroll */
--- a/spec/javascripts/new_branch_spec.js
+++ b/spec/javascripts/new_branch_spec.js
@@ -1,5 +1,5 @@
-/*= require jquery-ui/autocomplete */
+/*= require jquery-ui/widgets/autocomplete */
/*= require new_branch_form */
(function() {

19
debian/patches/0220-relax-dependencies.patch vendored
View file

@ -1,15 +1,6 @@
--- a/Gemfile
+++ b/Gemfile
@@ -172,7 +172,7 @@
gem 'slack-notifier', '~> 1.2'
# Asana integration
-gem 'asana', '~> 0.4.0'
+gem 'asana', '~> 0.4'
# FogBugz integration
gem 'ruby-fogbugz', '~> 0.2.1'
@@ -228,7 +228,7 @@
@@ -252,7 +252,7 @@
gem 'request_store', '~> 1.3'
gem 'select2-rails', '~> 3.5', '>= 3.5.9'
gem 'virtus', '~> 1.0', '>= 1.0.1'
@ -18,12 +9,12 @@
gem 'base32', '~> 0.3.0'
# Sentry integration
@@ -266,7 +266,7 @@
@@ -278,7 +278,7 @@
gem 'shoulda-matchers', '~> 2.8', require: false
gem 'email_spec', '~> 1.6'
gem 'json-schema', '~> 2.6', '>= 2.6.2'
- gem 'webmock', '~> 1.21'
+ gem 'webmock', '>= 1.21'
- gem 'webmock', '~> 1.24.0'
+ gem 'webmock', '>= 1.24.0'
gem 'test_after_commit', '~> 1.1'
gem 'sham_rack', '~> 1.3', '>= 1.3.6'
gem 'timecop', '~> 0.8.0'
end

20
debian/patches/0230-relax-rugged.patch vendored Normal file
View file

@ -0,0 +1,20 @@
--- a/Gemfile
+++ b/Gemfile
@@ -16,7 +16,7 @@
gem "mysql2", '~> 0.3.16' if ENV["DB"] == "all" || ENV["DB"] == "mysql"
gem "pg", '~> 0.18.2' if ENV["DB"] == "all" || ENV["DB"] == "postgres"
-gem 'rugged', '~> 0.25.1.1'
+gem 'rugged', '~> 0.24.0'
gem 'faraday', '~> 0.11.0'
@@ -66,7 +66,7 @@
# Git Wiki
# Required manually in config/initializers/gollum.rb to control load order
gem 'gollum-lib', '~> 4.2', require: false
-gem 'gollum-rugged_adapter', '~> 0.4.4', require: false
+gem 'gollum-rugged_adapter', '~> 0.4.2', require: false
# Language detection
gem 'github-linguist', '~> 4.7', require: 'linguist'

11
debian/patches/0240-relax-google-api-client.patch vendored Normal file
View file

@ -0,0 +1,11 @@
--- a/Gemfile
+++ b/Gemfile
@@ -100,7 +100,7 @@
gem 'fog-rackspace', '~> 0.1.1'
# for Google storage
-gem 'google-api-client', '~> 0.8.6'
+gem 'google-api-client', '~> 0.8'
# for aws storage
gem 'unf', '~> 0.1.4'

11
debian/patches/0250-relax-licensee.patch vendored Normal file
View file

@ -0,0 +1,11 @@
--- a/Gemfile
+++ b/Gemfile
@@ -214,7 +214,7 @@
gem 'loofah', '~> 2.0', '>= 2.0.3'
# Working with license
-gem 'licensee', '~> 8.7'
+gem 'licensee', '~> 8.0'
# Protect against bruteforcing
gem 'rack-attack', '~> 4.4', '>= 4.4.1'

11
debian/patches/0260-relax-ruby-parser.patch vendored Normal file
View file

@ -0,0 +1,11 @@
--- a/Gemfile
+++ b/Gemfile
@@ -261,7 +261,7 @@
gem 'premailer-rails', '~> 1.9'
# I18n
-gem 'ruby_parser', '~> 3.8', '>= 3.8.4', require: false
+gem 'ruby_parser', '~> 3.8', '>= 3.8.2', require: false
gem 'gettext_i18n_rails', '~> 1.8'
gem 'gettext_i18n_rails_js', '~> 1.2'
gem 'gettext', '~> 3.2.2', require: false, group: :development

8
debian/patches/0270-relax-toml-rb.patch vendored Normal file
View file

@ -0,0 +1,8 @@
--- a/Gemfile
+++ b/Gemfile
@@ -310,4 +310,4 @@
# Gitaly GRPC client
gem 'gitaly', '~> 0.6.0'
-gem 'toml-rb', '~> 0.3.15', require: false
+gem 'toml-rb', '>= 0.3.15', require: false

11
debian/patches/0280-relax-pg.patch vendored Normal file
View file

@ -0,0 +1,11 @@
--- a/Gemfile
+++ b/Gemfile
@@ -14,7 +14,7 @@
# Supported DBs
ENV["DB"] ||= "mysql"
gem "mysql2", '~> 0.3.16' if ENV["DB"] == "all" || ENV["DB"] == "mysql"
-gem "pg", '~> 0.18.2' if ENV["DB"] == "all" || ENV["DB"] == "postgres"
+gem "pg", '~> 0.18' if ENV["DB"] == "all" || ENV["DB"] == "postgres"
gem 'rugged', '~> 0.24.0'

438
debian/patches/0300-git-2-11-support.patch vendored
View file

@ -1,438 +0,0 @@
From daf83fa62c940b0da7dc4e0893586b6a9a2dbbf9 Mon Sep 17 00:00:00 2001
From: Douglas Barbosa Alexandre <dbalexandre@gmail.com>
Date: Mon, 19 Dec 2016 09:37:16 +0000
Subject: [PATCH 1/3] [8.13 Backport] Merge branch
'25301-git-2.11-force-push-bug' into 'master'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Accept environment variables from the `pre-receive` script
1. Starting version 2.11, git changed the way the pre-receive flow works.
- Previously, the new potential objects would be added to the main repo. If the pre-receive passes, the new objects stay in the repo but are linked up. If the pre-receive fails, the new objects stay orphaned in the repo, and are cleaned up during the next `git gc`.
- In 2.11, the new potential objects are added to a temporary "alternate object directory", that git creates for this purpose. If the pre-receive passes, the objects from the alternate object directory are migrated to the main repo. If the pre-receive fails the alternate object directory is simply deleted.
2. In our workflow, the pre-recieve script (in `gitlab-shell`) calls the
`/allowed` endpoint, which calls out directly to git to perform
various checks. These direct calls to git do _not_ have the necessary
environment variables set which allow access to the "alternate object
directory" (explained above). Therefore these calls to git are not able to
access any of the new potential objects to be added during this push.
3. We fix this by accepting the relevant environment variables
(`GIT_ALTERNATE_OBJECT_DIRECTORIES`, `GIT_OBJECT_DIRECTORY`, and
`GIT_QUARANTINE_PATH`) on the `/allowed` endpoint, and then include
these environment variables while calling out to git.
4. This commit includes these environment variables while making the "force
push" check.
See https://gitlab.com/gitlab-org/gitlab-shell/merge_requests/120
Signed-off-by: Rémy Coutable <remy@rymai.me>
---
.../unreleased/25301-git-2-11-force-push-bug.yml | 4 ++
lib/api/internal.rb | 14 +++++-
lib/gitlab/checks/change_access.rb | 5 +-
lib/gitlab/checks/force_push.rb | 11 +++--
lib/gitlab/git/rev_list.rb | 42 +++++++++++++++++
lib/gitlab/git_access.rb | 5 +-
lib/gitlab/popen.rb | 4 +-
spec/lib/gitlab/checks/force_push_spec.rb | 19 ++++++++
spec/lib/gitlab/git/rev_list_spec.rb | 53 ++++++++++++++++++++++
9 files changed, 147 insertions(+), 10 deletions(-)
create mode 100644 changelogs/unreleased/25301-git-2-11-force-push-bug.yml
create mode 100644 lib/gitlab/git/rev_list.rb
create mode 100644 spec/lib/gitlab/checks/force_push_spec.rb
create mode 100644 spec/lib/gitlab/git/rev_list_spec.rb
diff --git a/changelogs/unreleased/25301-git-2-11-force-push-bug.yml b/changelogs/unreleased/25301-git-2-11-force-push-bug.yml
new file mode 100644
index 0000000..afe5772
--- /dev/null
+++ b/changelogs/unreleased/25301-git-2-11-force-push-bug.yml
@@ -0,0 +1,4 @@
+---
+title: Accept environment variables from the `pre-receive` script
+merge_request: 7967
+author:
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index 9a5d1ec..89e47a7 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -43,6 +43,14 @@ module API
:push_code
]
end
+
+ def parse_allowed_environment_variables
+ return if params[:env].blank?
+
+ JSON.parse(params[:env])
+
+ rescue JSON::ParserError
+ end
end
post "/allowed" do
@@ -61,7 +69,11 @@ module API
if wiki?
Gitlab::GitAccessWiki.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities)
else
- Gitlab::GitAccess.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities)
+ Gitlab::GitAccess.new(actor,
+ project,
+ protocol,
+ authentication_abilities: ssh_authentication_abilities,
+ env: parse_allowed_environment_variables)
end
access_status = access.check(params[:action], params[:changes])
diff --git a/lib/gitlab/checks/change_access.rb b/lib/gitlab/checks/change_access.rb
index cb10652..3d20301 100644
--- a/lib/gitlab/checks/change_access.rb
+++ b/lib/gitlab/checks/change_access.rb
@@ -3,11 +3,12 @@ module Gitlab
class ChangeAccess
attr_reader :user_access, :project
- def initialize(change, user_access:, project:)
+ def initialize(change, user_access:, project:, env: {})
@oldrev, @newrev, @ref = change.values_at(:oldrev, :newrev, :ref)
@branch_name = Gitlab::Git.branch_name(@ref)
@user_access = user_access
@project = project
+ @env = env
end
def exec
@@ -68,7 +69,7 @@ module Gitlab
end
def forced_push?
- Gitlab::Checks::ForcePush.force_push?(@project, @oldrev, @newrev)
+ Gitlab::Checks::ForcePush.force_push?(@project, @oldrev, @newrev, env: @env)
end
def matching_merge_request?
diff --git a/lib/gitlab/checks/force_push.rb b/lib/gitlab/checks/force_push.rb
index 5fe8655..de0c904 100644
--- a/lib/gitlab/checks/force_push.rb
+++ b/lib/gitlab/checks/force_push.rb
@@ -1,15 +1,20 @@
module Gitlab
module Checks
class ForcePush
- def self.force_push?(project, oldrev, newrev)
+ def self.force_push?(project, oldrev, newrev, env: {})
return false if project.empty_repo?
# Created or deleted branch
if Gitlab::Git.blank_ref?(oldrev) || Gitlab::Git.blank_ref?(newrev)
false
else
- missed_ref, _ = Gitlab::Popen.popen(%W(#{Gitlab.config.git.bin_path} --git-dir=#{project.repository.path_to_repo} rev-list --max-count=1 #{oldrev} ^#{newrev}))
- missed_ref.present?
+ missed_ref, exit_status = Gitlab::Git::RevList.new(oldrev, newrev, project: project, env: env).execute
+
+ if exit_status == 0
+ missed_ref.present?
+ else
+ raise "Got a non-zero exit code while calling out to `git rev-list` in the force-push check."
+ end
end
end
end
diff --git a/lib/gitlab/git/rev_list.rb b/lib/gitlab/git/rev_list.rb
new file mode 100644
index 0000000..25e9d61
--- /dev/null
+++ b/lib/gitlab/git/rev_list.rb
@@ -0,0 +1,42 @@
+module Gitlab
+ module Git
+ class RevList
+ attr_reader :project, :env
+
+ ALLOWED_VARIABLES = %w[GIT_OBJECT_DIRECTORY GIT_ALTERNATE_OBJECT_DIRECTORIES].freeze
+
+ def initialize(oldrev, newrev, project:, env: nil)
+ @project = project
+ @env = env.presence || {}
+ @args = [Gitlab.config.git.bin_path,
+ "--git-dir=#{project.repository.path_to_repo}",
+ "rev-list",
+ "--max-count=1",
+ oldrev,
+ "^#{newrev}"]
+ end
+
+ def execute
+ Gitlab::Popen.popen(@args, nil, parse_environment_variables)
+ end
+
+ def valid?
+ environment_variables.all? do |(name, value)|
+ value.start_with?(project.repository.path_to_repo)
+ end
+ end
+
+ private
+
+ def parse_environment_variables
+ return {} unless valid?
+
+ environment_variables
+ end
+
+ def environment_variables
+ @environment_variables ||= env.slice(*ALLOWED_VARIABLES)
+ end
+ end
+ end
+end
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index bcbf645..74e8713 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -17,12 +17,13 @@ module Gitlab
attr_reader :actor, :project, :protocol, :user_access, :authentication_abilities
- def initialize(actor, project, protocol, authentication_abilities:)
+ def initialize(actor, project, protocol, authentication_abilities:, env: {})
@actor = actor
@project = project
@protocol = protocol
@authentication_abilities = authentication_abilities
@user_access = UserAccess.new(user, project: project)
+ @env = env
end
def check(cmd, changes)
@@ -99,7 +100,7 @@ module Gitlab
end
def change_access_check(change)
- Checks::ChangeAccess.new(change, user_access: user_access, project: project).exec
+ Checks::ChangeAccess.new(change, user_access: user_access, project: project, env: @env).exec
end
def protocol_allowed?
diff --git a/lib/gitlab/popen.rb b/lib/gitlab/popen.rb
index cc74bb2..4bc5cda 100644
--- a/lib/gitlab/popen.rb
+++ b/lib/gitlab/popen.rb
@@ -5,13 +5,13 @@ module Gitlab
module Popen
extend self
- def popen(cmd, path = nil)
+ def popen(cmd, path = nil, vars = {})
unless cmd.is_a?(Array)
raise "System commands must be given as an array of strings"
end
path ||= Dir.pwd
- vars = { "PWD" => path }
+ vars['PWD'] = path
options = { chdir: path }
unless File.directory?(path)
diff --git a/spec/lib/gitlab/checks/force_push_spec.rb b/spec/lib/gitlab/checks/force_push_spec.rb
new file mode 100644
index 0000000..f628801
--- /dev/null
+++ b/spec/lib/gitlab/checks/force_push_spec.rb
@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+describe Gitlab::Checks::ChangeAccess, lib: true do
+ let(:project) { create(:project) }
+
+ context "exit code checking" do
+ it "does not raise a runtime error if the `popen` call to git returns a zero exit code" do
+ allow(Gitlab::Popen).to receive(:popen).and_return(['normal output', 0])
+
+ expect { Gitlab::Checks::ForcePush.force_push?(project, 'oldrev', 'newrev') }.not_to raise_error
+ end
+
+ it "raises a runtime error if the `popen` call to git returns a non-zero exit code" do
+ allow(Gitlab::Popen).to receive(:popen).and_return(['error', 1])
+
+ expect { Gitlab::Checks::ForcePush.force_push?(project, 'oldrev', 'newrev') }.to raise_error(RuntimeError)
+ end
+ end
+end
diff --git a/spec/lib/gitlab/git/rev_list_spec.rb b/spec/lib/gitlab/git/rev_list_spec.rb
new file mode 100644
index 0000000..444639a
--- /dev/null
+++ b/spec/lib/gitlab/git/rev_list_spec.rb
@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+describe Gitlab::Git::RevList, lib: true do
+ let(:project) { create(:project) }
+
+ context "validations" do
+ described_class::ALLOWED_VARIABLES.each do |var|
+ context var do
+ it "accepts values starting with the project repo path" do
+ env = { var => "#{project.repository.path_to_repo}/objects" }
+ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env)
+
+ expect(rev_list).to be_valid
+ end
+
+ it "rejects values starting not with the project repo path" do
+ env = { var => "/some/other/path" }
+ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env)
+
+ expect(rev_list).not_to be_valid
+ end
+
+ it "rejects values containing the project repo path but not starting with it" do
+ env = { var => "/some/other/path/#{project.repository.path_to_repo}" }
+ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env)
+
+ expect(rev_list).not_to be_valid
+ end
+ end
+ end
+ end
+
+ context "#execute" do
+ let(:env) { { "GIT_OBJECT_DIRECTORY" => project.repository.path_to_repo } }
+ let(:rev_list) { Gitlab::Git::RevList.new('oldrev', 'newrev', project: project, env: env) }
+
+ it "calls out to `popen` without environment variables if the record is invalid" do
+ allow(rev_list).to receive(:valid?).and_return(false)
+
+ expect(Open3).to receive(:popen3).with(hash_excluding(env), any_args)
+
+ rev_list.execute
+ end
+
+ it "calls out to `popen` with environment variables if the record is valid" do
+ allow(rev_list).to receive(:valid?).and_return(true)
+
+ expect(Open3).to receive(:popen3).with(hash_including(env), any_args)
+
+ rev_list.execute
+ end
+ end
+end
--
2.10.2
From 0ce20138298eaebfb9e8225d21e7b0088716e5ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy@rymai.me>
Date: Tue, 20 Dec 2016 09:45:37 +0100
Subject: [PATCH 2/3] Reject blank environment vcariables in
Gitlab::Git::RevList
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Rémy Coutable <remy@rymai.me>
---
lib/gitlab/git/rev_list.rb | 4 ++--
spec/lib/gitlab/git/rev_list_spec.rb | 7 +++++++
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/lib/gitlab/git/rev_list.rb b/lib/gitlab/git/rev_list.rb
index 25e9d61..79dd0cf 100644
--- a/lib/gitlab/git/rev_list.rb
+++ b/lib/gitlab/git/rev_list.rb
@@ -22,7 +22,7 @@ module Gitlab
def valid?
environment_variables.all? do |(name, value)|
- value.start_with?(project.repository.path_to_repo)
+ value.to_s.start_with?(project.repository.path_to_repo)
end
end
@@ -35,7 +35,7 @@ module Gitlab
end
def environment_variables
- @environment_variables ||= env.slice(*ALLOWED_VARIABLES)
+ @environment_variables ||= env.slice(*ALLOWED_VARIABLES).compact
end
end
end
diff --git a/spec/lib/gitlab/git/rev_list_spec.rb b/spec/lib/gitlab/git/rev_list_spec.rb
index 444639a..1f9c987 100644
--- a/spec/lib/gitlab/git/rev_list_spec.rb
+++ b/spec/lib/gitlab/git/rev_list_spec.rb
@@ -26,6 +26,13 @@ describe Gitlab::Git::RevList, lib: true do
expect(rev_list).not_to be_valid
end
+
+ it "ignores nil values" do
+ env = { var => nil }
+ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env)
+
+ expect(rev_list).to be_valid
+ end
end
end
end
--
2.10.2
From b54b031638e7a98c1e51b369cff53602db40e4b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy@rymai.me>
Date: Mon, 6 Feb 2017 10:04:21 +0100
Subject: [PATCH 3/3] Update gitlab-shell to 3.6.7
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Rémy Coutable <remy@rymai.me>
---
changelogs/unreleased/use-gitlab-shell-3-6-7.yml | 4 ++++
doc/update/8.12-to-8.13.md | 4 ++--
3 files changed, 7 insertions(+), 3 deletions(-)
create mode 100644 changelogs/unreleased/use-gitlab-shell-3-6-7.yml
diff --git a/changelogs/unreleased/use-gitlab-shell-3-6-7.yml b/changelogs/unreleased/use-gitlab-shell-3-6-7.yml
new file mode 100644
index 0000000..c6600ce
--- /dev/null
+++ b/changelogs/unreleased/use-gitlab-shell-3-6-7.yml
@@ -0,0 +1,4 @@
+---
+title: Use gitlab-shell v3.6.7
+merge_request:
+author:
diff --git a/doc/update/8.12-to-8.13.md b/doc/update/8.12-to-8.13.md
index c0084d9..6457ec9 100644
--- a/doc/update/8.12-to-8.13.md
+++ b/doc/update/8.12-to-8.13.md
@@ -72,7 +72,7 @@ sudo -u git -H git checkout 8-13-stable-ee
```bash
cd /home/git/gitlab-shell
sudo -u git -H git fetch --all --tags
-sudo -u git -H git checkout v3.6.6
+sudo -u git -H git checkout v3.6.7
```
### 6. Update gitlab-workhorse
@@ -166,7 +166,7 @@ See [smtp_settings.rb.sample] as an example.
Ensure you're still up-to-date with the latest init script changes:
sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
-
+
For Ubuntu 16.04.1 LTS:
sudo systemctl daemon-reload
--
2.10.2

13
debian/patches/0400-use-npm-webpack.patch vendored Normal file
View file

@ -0,0 +1,13 @@
--- a/package.json
+++ b/package.json
@@ -8,8 +8,8 @@
"karma": "karma start config/karma.config.js --single-run",
"karma-coverage": "BABEL_ENV=coverage karma start config/karma.config.js --single-run",
"karma-start": "karma start config/karma.config.js",
- "webpack": "webpack --config config/webpack.config.js",
- "webpack-prod": "NODE_ENV=production webpack --config config/webpack.config.js"
+ "webpack": "NODE_PATH=/usr/share/gitlab/node_modules node_modules/.bin/webpack --config config/webpack.config.js",
+ "webpack-prod": "NODE_ENV=production NODE_PATH=/usr/share/gitlab/node_modules node_modules/.bin/webpack --config config/webpack.config.js"
},
"dependencies": {
"babel-core": "^6.22.1",

11
debian/patches/0410-set-webpack-root.patch vendored Normal file
View file

@ -0,0 +1,11 @@
--- a/config/webpack.config.js
+++ b/config/webpack.config.js
@@ -8,7 +8,7 @@
var BundleAnalyzerPlugin = require('webpack-bundle-analyzer').BundleAnalyzerPlugin;
var WatchMissingNodeModulesPlugin = require('react-dev-utils/WatchMissingNodeModulesPlugin');
-var ROOT_PATH = path.resolve(__dirname, '..');
+var ROOT_PATH = '/usr/share/gitlab';
var IS_PRODUCTION = process.env.NODE_ENV === 'production';
var IS_DEV_SERVER = process.argv[1].indexOf('webpack-dev-server') !== -1;
var DEV_SERVER_HOST = process.env.DEV_SERVER_HOST || 'localhost';

55
debian/patches/0420-use-system-libs.patch vendored Normal file
View file

@ -0,0 +1,55 @@
--- a/package.json
+++ b/package.json
@@ -12,52 +12,41 @@
"webpack-prod": "NODE_ENV=production NODE_PATH=/usr/share/gitlab/node_modules node_modules/.bin/webpack --config config/webpack.config.js"
},
"dependencies": {
- "babel-core": "^6.22.1",
"babel-loader": "^6.2.10",
"babel-plugin-transform-define": "^1.2.0",
"babel-preset-latest": "^6.24.0",
"babel-preset-stage-2": "^6.22.0",
"bootstrap-sass": "^3.3.6",
"compression-webpack-plugin": "^0.3.2",
- "core-js": "^2.4.1",
"css-loader": "^0.28.0",
"d3": "^3.5.11",
"document-register-element": "^1.3.0",
"dropzone": "^4.2.0",
"emoji-unicode-version": "^0.2.1",
- "eslint-plugin-html": "^2.0.1",
- "exports-loader": "^0.6.4",
- "file-loader": "^0.11.1",
- "jed": "^1.1.1",
"jquery": "^2.2.1",
"jquery-ujs": "^1.2.1",
"js-cookie": "^2.1.3",
"jszip": "^3.1.3",
"jszip-utils": "^0.0.2",
- "marked": "^0.3.6",
"mousetrap": "^1.4.6",
"pdfjs-dist": "^1.8.252",
"pikaday": "^1.5.1",
"prismjs": "^1.6.0",
"raphael": "^2.2.7",
"raven-js": "^3.14.0",
- "raw-loader": "^0.5.1",
"react-dev-utils": "^0.5.2",
"select2": "3.5.2-browserify",
"sql.js": "^0.4.0",
- "stats-webpack-plugin": "^0.4.3",
"three": "^0.84.0",
"three-orbit-controls": "^82.1.0",
"three-stl-loader": "^1.0.4",
"timeago.js": "^2.0.5",
- "underscore": "^1.8.3",
"url-loader": "^0.5.8",
"visibilityjs": "^1.2.4",
"vue": "^2.2.6",
"vue-loader": "^11.3.4",
"vue-resource": "^0.9.3",
"vue-template-compiler": "^2.2.6",
- "webpack": "^2.3.3",
"webpack-bundle-analyzer": "^2.3.0"
},
"devDependencies": {

13
debian/patches/052-relax-grape.patch vendored
View file

@ -1,13 +0,0 @@
https://gitlab.com/gitlab-org/gitlab-ce/issues/19670
--- a/Gemfile
+++ b/Gemfile
@@ -68,7 +68,7 @@
gem 'github-linguist', '~> 4.7', require: 'linguist'
# API
-gem 'grape', '~> 0.15.0'
+gem 'grape', '~> 0.16.0'
gem 'grape-entity', '~> 0.6.0'
gem 'rack-cors', '~> 0.4.0', require: 'rack/cors'

10
debian/patches/add-system-lib-path-for-webpack.patch vendored Normal file
View file

@ -0,0 +1,10 @@
--- a/config/webpack.config.js
+++ b/config/webpack.config.js
@@ -186,6 +186,7 @@
resolve: {
extensions: ['.js'],
+ modules: ['/usr/share/gitlab/node_modules', '/usr/lib/nodejs'],
alias: {
'~': path.join(ROOT_PATH, 'app/assets/javascripts'),
'emojis': path.join(ROOT_PATH, 'fixtures/emojis'),

47
debian/patches/cve-2016-9086-fix.patch vendored
View file

@ -1,47 +0,0 @@
Description: Fix file disclosure via hidden symlinks using the project import
Author: Rémy Coutable <remy@gitlab.com>
Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/36091
Last-Update: 2017-08-17
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/lib/gitlab/import_export/file_importer.rb
+++ b/lib/gitlab/import_export/file_importer.rb
@@ -47,12 +47,16 @@
end
def remove_symlinks!
- Dir["#{@shared.export_path}/**/*"].each do |path|
+ extracted_files.each do |path|
FileUtils.rm(path) if File.lstat(path).symlink?
end
true
end
+
+ def extracted_files
+ Dir.glob("#{@shared.export_path}/**/*", File::FNM_DOTMATCH).reject { |f| f =~ /.*\/\.{1,2}$/ }
+ end
end
end
end
--- a/spec/lib/gitlab/import_export/file_importer_spec.rb
+++ b/spec/lib/gitlab/import_export/file_importer_spec.rb
@@ -5,6 +5,7 @@
let(:export_path) { "#{Dir::tmpdir}/file_importer_spec" }
let(:valid_file) { "#{shared.export_path}/valid.json" }
let(:symlink_file) { "#{shared.export_path}/invalid.json" }
+ let(:hidden_symlink_file) { "#{shared.export_path}/.hidden" }
let(:subfolder_symlink_file) { "#{shared.export_path}/subfolder/invalid.json" }
before do
@@ -25,6 +26,10 @@
expect(File.exist?(symlink_file)).to be false
end
+ it 'removes hidden symlinks in root folder' do
+ expect(File.exist?(hidden_symlink_file)).to be false
+ end
+
it 'removes symlinks in subfolders' do
expect(File.exist?(subfolder_symlink_file)).to be false
end

26
debian/patches/cve-2017-0882.patch vendored
View file

@ -1,26 +0,0 @@
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index cb64926..d7928cb 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -112,7 +112,7 @@ class Projects::IssuesController < Projects::ApplicationController
end
format.json do
- render json: @issue.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } })
+ render json: @issue.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } })
end
end
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 6e15c06..317011c 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -278,7 +278,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
@merge_request.target_project, @merge_request])
end
format.json do
- render json: @merge_request.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } })
+ render json: @merge_request.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } })
end
end
else

17
debian/patches/series vendored
View file

@ -1,14 +1,19 @@
cve-2016-9086-fix.patch
0005-use-debian-omniauth-ldap.patch
0018-loosen-rdoc.patch
0050-relax-stable-libs.patch
0100-remove-development-test.patch
0108-make-mysql-optional.patch
0110-make-test-dependencies-conditional.patch
source-init-functions.patch
pid-log-paths.patch
052-relax-grape.patch
0200-remove-order-dependency-in-label-finder-spec.patch
0210-use-jquery-ui-rails6.patch
0220-relax-dependencies.patch
0300-git-2-11-support.patch
cve-2017-0882.patch
0230-relax-rugged.patch
0240-relax-google-api-client.patch
0250-relax-licensee.patch
0260-relax-ruby-parser.patch
0270-relax-toml-rb.patch
0280-relax-pg.patch
0400-use-npm-webpack.patch
0410-set-webpack-root.patch
0420-use-system-libs.patch
add-system-lib-path-for-webpack.patch

8
debian/rake-tasks.sh vendored
View file

@ -25,5 +25,13 @@ fi
# Restrict permissions for secret files
chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret
echo "Installing node modules"
runuser -u ${gitlab_user} -- sh -c 'install -d /var/lib/gitlab/node_modules'
runuser -u ${gitlab_user} -- sh -c 'npm install'
runuser -u ${gitlab_user} -- sh -c 'ln -s /usr/lib/nodejs/exports-loader node_modules'
runuser -u ${gitlab_user} -- sh -c 'ln -s /usr/lib/nodejs/raw-loader node_modules'
runuser -u ${gitlab_user} -- sh -c 'rm -rf node_modules/webpack'
runuser -u ${gitlab_user} -- sh -c 'NODE_PATH=/usr/share/gitlab/node_modules webpack --config config/webpack.config.js'
echo "Precompiling assets..."
runuser -u ${gitlab_user} -- sh -c 'bundle exec rake tmp:cache:clear assets:precompile'

2
debian/rules vendored
View file

@ -5,8 +5,6 @@
override_dh_install:
dh_install -XLICENSE
uglifyjs -o debian/gitlab/usr/share/gitlab/vendor/assets/javascripts/vue.min.js vendor/assets/javascripts/vue.full.js
uglifyjs -o debian/gitlab/usr/share/gitlab/vendor/assets/javascripts/vue-resource.min.js vendor/assets/javascripts/vue-resource.full.js
# Make sure we are installing all required files in debian/install
sh debian/upstream-file-count-check.sh
rm -rf debian/gitlab/usr/share/gitlab/tmp/*