From 39a2bfd88a161950af0b2e4b21c10ef338f13fdc Mon Sep 17 00:00:00 2001 From: Praveen Arimbrathodiyil Date: Fri, 8 Apr 2016 17:00:57 +0530 Subject: [PATCH] make nginx optional, use ucf for conf files --- debian/changelog | 9 +++ debian/conf/gitlab-debian.conf | 5 ++ debian/control | 1 + debian/install | 4 +- debian/postinst | 83 ++++++++++++++++------ debian/postrm | 126 +++++++++++++++++++++++++++++++++ debian/rake-tasks.sh | 13 ---- 7 files changed, 204 insertions(+), 37 deletions(-) create mode 100644 debian/postrm diff --git a/debian/changelog b/debian/changelog index b047ecaff2..296ff92391 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +gitlab (8.5.8+dfsg-5) UNRELEASED; urgency=medium + + * Make nginx optional (Closes: #819260) + * Manage nginx configuration via ucf (Closes: #819262) + * Manage gitlab-debian.conf and gitlab.yml via ucf + * Make postinst more verbose + + -- Pirate Praveen Fri, 08 Apr 2016 01:10:02 +0530 + gitlab (8.5.8+dfsg-4) unstable; urgency=medium * Tighten version requirements for dependencies diff --git a/debian/conf/gitlab-debian.conf b/debian/conf/gitlab-debian.conf index af98cfae7c..1d05bc0ba0 100644 --- a/debian/conf/gitlab-debian.conf +++ b/debian/conf/gitlab-debian.conf @@ -4,6 +4,10 @@ gitlab_user=gitlab gitlab_app_root=/usr/share/gitlab gitlab_data_dir=/var/lib/gitlab gitlab_scripts=/usr/lib/gitlab/scripts +gitlab_yml_private=/var/lib/gitlab/gitlab.yml +gitlab_yml=/etc/gitlab/gitlab.yml +gitlab_debian_conf_private=/var/lib/gitlab/gitlab-debian.conf +gitlab_debian_conf=/etc/gitlab/gitlab-debian.conf gitlab_nginx_log=/var/log/gitlab gitlab_ssl_path=/etc/gitlab/ssl gitlab_shell_root=/usr/share/gitlab-shell @@ -13,3 +17,4 @@ gitlab_pid_path=/run/gitlab nginx_user=www-data nginx_conf_example=/usr/share/doc/gitlab/nginx.conf.example nginx_ssl_conf_example_gz=/usr/share/doc/gitlab/nginx.ssl.conf.example.gz +nginx_site_private=/var/lib/gitlab/nginx.conf diff --git a/debian/control b/debian/control index 3424f912f3..0fc32b3542 100644 --- a/debian/control +++ b/debian/control @@ -28,6 +28,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, nginx | httpd, postfix | exim4 | mail-transport-agent, openssh-client, + ucf, gitlab-shell (>= 2.6.10~), gitlab-workhorse (>= 0.6.2~), ruby-rails (>= 2:4.2.5.2~), diff --git a/debian/install b/debian/install index bebc1bbd96..38b88f9451 100644 --- a/debian/install +++ b/debian/install @@ -1,9 +1,9 @@ debian/conf/gitlab etc/default debian/conf/unicorn.rb etc/gitlab debian/conf/database.yml etc/gitlab -debian/conf/gitlab.yml etc/gitlab +debian/conf/gitlab.yml var/lib/gitlab debian/conf/resque.yml etc/gitlab -debian/conf/gitlab-debian.conf etc/gitlab +debian/conf/gitlab-debian.conf var/lib/gitlab debian/conf/*.target lib/systemd/system debian/conf/*.service lib/systemd/system debian/conf/smtp_settings.rb etc/gitlab/initializers diff --git a/debian/postinst b/debian/postinst index 2604849813..0969b1b2b6 100755 --- a/debian/postinst +++ b/debian/postinst @@ -33,8 +33,11 @@ case "$1" in # Read and export debian specific configuration # Only exported variables will be passed on to gitlab app - gitlab_debian_conf=/etc/gitlab/gitlab-debian.conf - export $(cat ${gitlab_debian_conf}) + gitlab_debian_conf_private=/var/lib/gitlab/gitlab-debian.conf + export $(cat ${gitlab_debian_conf_private}) + + # If /etc/gitlab/gitlab-debian.conf is already present, use it + test -f ${gitlab_debian_conf} && export $(cat ${gitlab_debian_conf}) # Create gitlab user . /usr/lib/gitlab/scripts/adduser.sh @@ -45,6 +48,7 @@ case "$1" in gitlab_uploads_path=${gitlab_data_dir}/public/uploads # Create directories and change ownership + echo "Creating runtime directories for gitlab..." for i in ${gitlab_repo_path} ${gitlab_cache_path} ${gitlab_uploads_path}\ ${gitlab_pid_path} ${gitlab_log_dir} ${gitlab_shell_log} ${gitlab_builds_log}; do mkdir -p $i @@ -56,6 +60,7 @@ case "$1" in chown ${gitlab_user}:${nginx_user} -R ${gitlab_uploads_path}/.. ${gitlab_pid_path} # Customize permissions + echo "Updating file permissions..." chmod -R ug+rwX,o-rwx ${gitlab_repo_path}/ chmod -R ug-s ${gitlab_repo_path}/ find ${gitlab_repo_path}/ -type d -print0 | xargs -0 chmod g+s @@ -72,19 +77,34 @@ case "$1" in # Obtain hostname from debconf db db_get gitlab/fqdn if [ "${RET}" != "" ]; then - if ! grep GITLAB_HOST ${gitlab_debian_conf}; then + if ! grep GITLAB_HOST ${gitlab_debian_conf_private}; then + echo "Configuring hostname and email..." export GITLAB_HOST=${RET} # We need this to configure nginx below - echo GITLAB_HOST=${RET} >> ${gitlab_debian_conf} - echo GITLAB_EMAIL_FROM="no-reply@${RET}" >> ${gitlab_debian_conf} - echo GITLAB_EMAIL_DISPLAY_NAME="Gitlab" >> ${gitlab_debian_conf} - echo GITLAB_EMAIL_REPLY_TO="no-reply@${RET}" >> ${gitlab_debian_conf} + cat <> ${gitlab_debian_conf_private} +GITLAB_HOST=${RET} +GITLAB_EMAIL_FROM="no-reply@${RET}" +GITLAB_EMAIL_DISPLAY_NAME="Gitlab" +GITLAB_EMAIL_REPLY_TO="no-reply@${RET}" +EOF fi # Check if ssl option is selected db_get gitlab/ssl + gl_proto="http" if [ "${RET}" = "true" ]; then - if ! grep GITLAB_HTTPS ${gitlab_debian_conf}; then - echo GITLAB_HTTPS=${RET} >> ${gitlab_debian_conf} + echo "Configuring nginx with HTTPS..." + if ! grep GITLAB_HTTPS ${gitlab_debian_conf_private}; then + echo GITLAB_HTTPS=${RET} >> ${gitlab_debian_conf_private} + # Workaround for #813770 + gl_proto="https" + echo "Configuring gitlab with HTTPS..." + sed -i "s/#port: 80/port: 443/" ${gitlab_yml_private} + sed -i "s/https: false/https: true/" ${gitlab_yml_private} + echo "Updating gitlab_url in gitlab-shell configuration..." + sed -i \ + "s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\ + ${gitlab_shell_root}/config.yml + fi mkdir -p /etc/gitlab/ssl if [ -f "${nginx_ssl_conf_example_gz}" ]; then @@ -97,7 +117,8 @@ case "$1" in # Check if letsencrypt option is selected db_get gitlab/letsencrypt if [ "${RET}" = "true" ]; then - # Check if certificate is already present + echo "Configuring letsencrypt..." + # Check if certificate is already present if [ -e /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem ]; then echo "Let's encrypt certificate already present." else @@ -105,29 +126,47 @@ case "$1" in /etc/gitlab/ssl/gitlab.crt ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem \ /etc/gitlab/ssl/gitlab.key + # Port 80 and 443 should be available for letsencrypt - invoke-rc.d nginx stop - letsencrypt -d ${GITLAB_HOST} certonly + if command -v nginx > /dev/null; then + echo "Stopping nginx for letsencrypt..." + invoke-rc.d nginx stop + fi + + letsencrypt -d ${GITLAB_HOST} certonly || { + echo "letsencrypt auto configuration failed..." + echo "Stop your webserver and try running letsencrypt manually..." + echo "letsencrypt -d ${GITLAB_HOST} certonly" + } fi fi fi + echo "Registering ${gitlab_yml} via ucf" + ucf --debconf-ok --three-way ${gitlab_yml_private} ${gitlab_yml} + ucfr gitlab ${gitlab_yml} + # Manage gitlab-debian.conf via ucf + echo "Registering ${gitlab_debian_conf} via ucf" + ucf --debconf-ok --three-way ${gitlab_debian_conf_private} ${gitlab_debian_conf} + ucfr gitlab ${gitlab_debian_conf} + if test -f ${nginx_conf_example}; then nginx_site="/etc/nginx/sites-available/${GITLAB_HOST}" - if test -f ${nginx_site}; then - echo "${nginx_site} is already present, skipping nginx configuration" - else - sed -e "s/YOUR_SERVER_FQDN/${GITLAB_HOST}/"\ - ${nginx_conf_example} >/etc/nginx/sites-available/${GITLAB_HOST} - ln -fs /etc/nginx/sites-available/${GITLAB_HOST} /etc/nginx/sites-enabled/ - rm -f ${nginx_conf_example_tmp} - fi + sed -e "s/YOUR_SERVER_FQDN/${GITLAB_HOST}/"\ + ${nginx_conf_example} >${nginx_site_private} + ucf --debconf-ok --three-way ${nginx_site_private} ${nginx_site} + ucfr gitlab ${nginx_site} + ln -fs ${nginx_site} /etc/nginx/sites-enabled/ + rm -f ${nginx_conf_example_tmp} else echo "nginx example configuration file not found" exit 1 fi # Reload nginx - invoke-rc.d nginx reload + if command -v nginx > /dev/null; then + echo "Reloading nginx configuration..." + invoke-rc.d nginx reload + fi else echo "Failed to retrieve fully qualified domain name" exit 1 @@ -156,7 +195,7 @@ case "$1" in echo "Verifying we have all required libraries..." su ${gitlab_user} -s /bin/sh -c 'bundle install --local' - echo "Running final rake tasks..." + echo "Running final rake tasks and tweaks..." . /usr/lib/gitlab/scripts/rake-tasks.sh diff --git a/debian/postrm b/debian/postrm new file mode 100644 index 0000000000..4a1debd5d3 --- /dev/null +++ b/debian/postrm @@ -0,0 +1,126 @@ +#! /bin/sh +# postrm.skeleton +# Skeleton maintainer script showing all the possible cases. +# Written by Charles Briscoe-Smith, March-June 1998. Public Domain. + +# Abort if any command returns an error value +set -e + +# This script is called twice during the removal of the package; once +# after the removal of the package's files from the system, and as +# the final step in the removal of this package, after the package's +# conffiles have been removed. + +# Ensure the menu system is updated + +# Read and export debian specific configuration +# Only exported variables will be passed on to gitlab app +echo "Reading gitlab-debian.conf..." +gitlab_debian_conf=/etc/gitlab/gitlab-debian.conf +test -f ${gitlab_debian_conf} && export $(cat ${gitlab_debian_conf}) +nginx_site="/etc/nginx/sites-available/${GITLAB_HOST}" + +test -f ${nginx_site} && echo "Found nginx site configuration at ${nginx_site}..." + +case "$1" in + remove) + # This package is being removed, but its configuration has not yet + # been purged. + : + + # Remove diversion + # ldconfig is NOT needed during removal of a library, only during + # installation + + ;; + purge) + # This package has previously been removed and is now having + # its configuration purged from the system. + : + + # we mimic dpkg as closely as possible, so we remove configuration + # files with dpkg backup extensions too: + ### Some of the following is from Tore Anderson: + for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist; do + rm -f ${nginx_site}$ext + rm -f ${gitlab_debian_conf}$ext + rm -f ${gitlab_yml}$ext + done + + # remove the configuration file itself + test -f ${nginx_site} && rm -f ${nginx_site} + test -f ${gitlab_debian_conf} && rm -f ${gitlab_debian_conf} + test -f ${gitlab_yml} && rm -f ${gitlab_yml} + + # and finally clear it out from the ucf database + if which ucf >/dev/null; then + test -n "${nginx_site}" && ucf --purge ${nginx_site} + test -n "${gitlab_debian_conf}" && ucf --purge ${gitlab_debian_conf} + test -n "${gitlab_yml}" && ucf --purge ${gitlab_yml} + fi + if which ucfr >/dev/null; then + test -n "${nginx_site}" && ucfr --purge gitlab ${nginx_site} + test -n "${gitlab_debian_conf}" && ucfr --purge gitlab ${gitlab_debian_conf} + test -n "${gitlab_yml}" && ucfr --purge gitlab ${gitlab_yml} + fi + + ;; + disappear) + if test "$2" != overwriter; then + echo "$0: undocumented call to \`postrm $*'" 1>&2 + exit 0 + fi + # This package has been completely overwritten by package $3 + # (version $4). All our files are already gone from the system. + # This is a special case: neither "prerm remove" nor "postrm remove" + # have been called, because dpkg didn't know that this package would + # disappear until this stage. + : + + ;; + upgrade) + # About to upgrade FROM THIS VERSION to version $2 of this package. + # "prerm upgrade" has been called for this version, and "preinst + # upgrade" has been called for the new version. Last chance to + # clean up. + : + + ;; + failed-upgrade) + # About to upgrade from version $2 of this package TO THIS VERSION. + # "prerm upgrade" has been called for the old version, and "preinst + # upgrade" has been called for this version. This is only used if + # the previous version's "postrm upgrade" couldn't handle it and + # returned non-zero. (Fix old postrm bugs here.) + : + + ;; + abort-install) + # Back out of an attempt to install this package. Undo the effects of + # "preinst install...". There are two sub-cases. + : + + if test "${2+set}" = set; then + # When the install was attempted, version $2's configuration + # files were still on the system. Undo the effects of "preinst + # install $2". + : + + else + # We were being installed from scratch. Undo the effects of + # "preinst install". + : + + fi ;; + abort-upgrade) + # Back out of an attempt to upgrade this package from version $2 + # TO THIS VERSION. Undo the effects of "preinst upgrade $2". + : + + ;; + *) echo "$0: didn't understand being called with \`$1'" 1>&2 + exit 0;; +esac + +#DEBHELPER# +exit 0 diff --git a/debian/rake-tasks.sh b/debian/rake-tasks.sh index eec63a9166..cbc78c62bd 100755 --- a/debian/rake-tasks.sh +++ b/debian/rake-tasks.sh @@ -51,19 +51,6 @@ else invoke-rc.d gitlab start fi -# Workaround for #813770 -if [ "${GITLAB_HTTPS}" = "true" ]; then - gl_proto="https" - sed -i "s/#port: 80/port: 443/" ${gitlab_app_root}/config/gitlab.yml - sed -i "s/https: false/https: true/" ${gitlab_app_root}/config/gitlab.yml -else - gl_proto="http" -fi - -sed -i \ -"s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\ - ${gitlab_shell_root}/config.yml - # Check gitlab is configured correctly su ${gitlab_user} -s /bin/sh -c 'bundle exec rake gitlab:check RAILS_ENV=production'