Add gitlab-common binary to handle user creation

debian/adduser.sh

@@ -8,9 +8,7 @@ test -n "${gitlab_user}" || gitlab_user="gitlab"
 
 # Create gitlab user with home in /var/lib
 echo "Creating/updating ${gitlab_user} user account..."
-adduser --system --home ${gitlab_data_dir} --gecos "${gitlab_user} user" --shell /bin/sh \
+adduser --system --home /var/lib/gitlab --gecos "${gitlab_user} user" --shell /bin/sh \
 	--quiet --disabled-password --group ${gitlab_user} || {
 echo "Proceeding with existing ${gitlab_user} user..."
   }
-echo "Making ${gitlab_user} owner of ${gitlab_data_dir}..."
-chown -R ${gitlab_user} ${gitlab_data_dir}

debian/conf/gitlab-common.defaults

@@ -1,3 +1,8 @@
+gitlab_common_conf_private=/var/lib/gitlab-common/gitlab-common.conf
+gitlab_common_conf=/etc/gitlab-common/gitlab-common.conf
+gitlab_debian_conf_example=/usr/lib/gitlab/templates/gitlab-debian.conf.example
+gitlab_debian_conf_private=/var/lib/gitlab/gitlab-debian.conf
+gitlab_debian_conf=/etc/gitlab/gitlab-debian.conf
 gitlab_cache_path=/var/cache/gitlab
 gitlab_scripts=/usr/lib/gitlab/scripts
 gitlab_yml_example=/usr/lib/gitlab/templates/gitlab.yml.example

debian/control

@@ -16,6 +16,7 @@ Package: gitlab
 Architecture: all
 XB-Ruby-Versions: ${ruby:Versions}
 Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
+ gitlab-common,
  lsb-base (>= 3.0-6),
  git (>= 1:2.7.3~),
  rake (>= 12.3.0~),
@@ -23,7 +24,6 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
  postgresql-client,
  postgresql-contrib,
  dbconfig-pgsql | dbconfig-no-thanks,
- adduser (>= 3.34~),
  bc,
  redis-server (>= 2:2.8~),
  nodejs (>= 6~),
@@ -356,3 +356,16 @@ Description: git powered software platform to collaborate on code (non-omnibus)
  .
  Note: Currently this package is in contrib because it uses npm to install
  front end dependencies.
+
+Package: gitlab-common
+Architecture: all
+Depends: ${shlibs:Depends}, ${misc:Depends},
+ adduser (>= 3.34~),
+ ucf
+Description: git powered software platform to collaborate on code (common)
+ gitlab provides web based interface to host source code and track issues.
+ It allows anyone for fork a repository and send merge requests. Code review
+ is possible using merge request workflow. Using groups and roles project
+ access can be controlled.
+ .
+ This package includes configurations common to gitlab and gitaly.

debian/gitlab-common.config

@@ -0,0 +1,22 @@
+#!/bin/sh
+# config maintainer script for gitlab
+
+CONFIGFILE=/etc/gitlab-common/gitlab-common.conf
+ 
+set -e
+
+# source debconf stuffs
+. /usr/share/debconf/confmodule
+
+# Load config file, if it exists.
+  if [ -e $CONFIGFILE ]; then
+      . $CONFIGFILE || true
+
+      # Store values from config file into
+      # debconf db.
+      db_set gitlab-common/user "$gitlab_user"
+  fi
+
+# Do you want to change gitlab user?
+db_input high gitlab-common/user || true
+db_go

debian/gitlab-common.dirs

@@ -0,0 +1,2 @@
+/var/lib/gitlab-common
+/etc/gitlab-common

debian/gitlab-common.install

@@ -0,0 +1,2 @@
+debian/adduser.sh usr/lib/gitlab-common/scripts
+debian/conf/gitlab-common.defaults usr/lib/gitlab-common

debian/gitlab-common.postinst

@@ -0,0 +1,78 @@
+#! /bin/sh
+# postinst script for gitlab
+# copied from postinst script for hplip
+# $Id: hplip.postinst,v 1.1 2005/10/15 21:39:04 hmh Exp $
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# Show debconf questions
+. /usr/share/debconf/confmodule
+
+gitlab_common_defaults=/usr/lib/gitlab-common/gitlab-common.defaults
+gitlab_common_defaults_copy=/var/lib/gitlab-common/gitlab-common.defaults
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+# quoting from the policy:
+#     Any necessary prompting should almost always be confined to the
+#     post-installation script, and should be protected with a conditional
+#     so that unnecessary prompting doesn't happen if a package's
+#     installation fails and the `postinst' is called with `abort-upgrade',
+#     `abort-remove' or `abort-deconfigure'.
+
+
+case "$1" in
+  configure)
+    # Read default values
+    . ${gitlab_common_defaults}
+
+    # Copy defaults for use with postrm
+    cp ${gitlab_common_defaults} ${gitlab_common_defaults_copy}
+
+    # Read gitlab_user from debconf db
+    db_get gitlab-common/user
+    gitlab_user=$RET >/dev/null
+
+    # Create gitlab user
+    . /usr/lib/gitlab-common/scripts/adduser.sh
+
+    # Keep config file and debconf db in sync
+    touch ${gitlab_common_conf_private} 
+    test -z "$gitlab_user" || grep -Eq '^ *gitlab_user=' ${gitlab_common_conf_private} || \
+        echo "gitlab_user=" >> ${gitlab_common_conf_private}
+    sed -e "s/^ *gitlab_user=.*/gitlab_user=\"$gitlab_user\"/" \
+            < ${gitlab_common_conf_private} > ${gitlab_common_conf_private}.tmp
+    mv -f ${gitlab_common_conf_private}.tmp ${gitlab_common_conf_private}
+
+    echo "Registering ${gitlab_common_conf} via ucf"
+    ucf --debconf-ok --three-way ${gitlab_common_conf_private} ${gitlab_common_conf}
+    ucfr gitlab-common ${gitlab_common_conf}
+    ;;
+
+  triggered)
+    # Already handled
+    ;;
+
+  abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+  *)
+    echo "postinst called with unknown argument \`$1'" >&2
+    exit 1
+    ;;
+esac
+
+db_stop
+
+#DEBHELPER#

debian/gitlab-common.postrm

@@ -0,0 +1,136 @@
+#! /bin/sh
+# postrm.skeleton
+# Skeleton maintainer script showing all the possible cases.
+# Written by Charles Briscoe-Smith, March-June 1998.  Public Domain.
+
+# Abort if any command returns an error value
+set -e
+
+# Set variables
+gitlab_common_defaults_copy=/var/lib/gitlab-common/gitlab-common.defaults
+
+# This script is called twice during the removal of the package; once
+# after the removal of the package's files from the system, and as
+# the final step in the removal of this package, after the package's
+# conffiles have been removed.
+
+# Ensure the menu system is updated
+
+# Read debian specific configuration
+if [ -f ${gitlab_common_defaults_copy} ]; then . ${gitlab_common_defaults_copy}; fi
+if [ -f ${gitlab_common_conf} ]; then . ${gitlab_common_conf}; fi
+
+case "$1" in
+  remove)
+    # This package is being removed, but its configuration has not yet
+    # been purged.
+    :
+
+    # Remove diversion
+    # ldconfig is NOT needed during removal of a library, only during
+    # installation
+
+    ;;
+  purge)
+    # This package has previously been removed and is now having
+    # its configuration purged from the system.
+    :
+    # purge debconf questions
+    if [ -e /usr/share/debconf/confmodule ]; then
+      # Source debconf library.
+      . /usr/share/debconf/confmodule
+
+      if [ ! -z "${gitlab_user}" ]; then
+        # Do only if gitlab_user is set
+        echo "Removing user: ${gitlab_user}"
+          if id -u ${gitlab_user}; then userdel -r ${gitlab_user}; fi
+      else
+        echo "gitlab_user not set. Hence not removing user."
+      fi
+      # Remove private copies of configuration files
+      rm -f ${gitlab_common_conf_private}
+      rm -f ${gitlab_common_defaults_copy}
+
+      # Remove my changes to the db.
+      db_purge
+    fi
+
+    # we mimic dpkg as closely as possible, so we remove configuration
+    # files with dpkg backup extensions too:
+    ### Some of the following is from Tore Anderson:
+    for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist;  do
+	rm -f ${gitlab_common_conf}$ext
+    done
+ 
+    # Remove conf file
+    if which ucf >/dev/null; then
+      if [ -n "${gitlab_common_conf}" ]; then ucf --purge ${gitlab_common_conf}; fi
+    fi
+    if which ucfr >/dev/null; then
+      if [ -n "${gitlab_common_conf}" ]; then ucfr --purge gitlab-common ${gitlab_common_conf}; fi
+    fi
+    rm -f ${gitlab_common_conf}
+ 
+       # cleanup complete
+    exit 0
+
+    ;;
+  disappear)
+    if test "$2" != overwriter; then
+      echo "$0: undocumented call to \`postrm $*'" 1>&2
+      exit 0
+    fi
+    # This package has been completely overwritten by package $3
+    # (version $4).  All our files are already gone from the system.
+    # This is a special case: neither "prerm remove" nor "postrm remove"
+    # have been called, because dpkg didn't know that this package would
+    # disappear until this stage.
+    :
+
+    ;;
+  upgrade)
+    # About to upgrade FROM THIS VERSION to version $2 of this package.
+    # "prerm upgrade" has been called for this version, and "preinst
+    # upgrade" has been called for the new version.  Last chance to
+    # clean up.
+    :
+
+    ;;
+  failed-upgrade)
+    # About to upgrade from version $2 of this package TO THIS VERSION.
+    # "prerm upgrade" has been called for the old version, and "preinst
+    # upgrade" has been called for this version.  This is only used if
+    # the previous version's "postrm upgrade" couldn't handle it and
+    # returned non-zero. (Fix old postrm bugs here.)
+    :
+
+    ;;
+  abort-install)
+    # Back out of an attempt to install this package.  Undo the effects of
+    # "preinst install...".  There are two sub-cases.
+    :
+
+    if test "${2+set}" = set; then
+      # When the install was attempted, version $2's configuration
+      # files were still on the system.  Undo the effects of "preinst
+      # install $2".
+      :
+
+    else
+      # We were being installed from scratch.  Undo the effects of
+      # "preinst install".
+      :
+
+    fi ;;
+  abort-upgrade)
+    # Back out of an attempt to upgrade this package from version $2
+    # TO THIS VERSION.  Undo the effects of "preinst upgrade $2".
+    :
+
+    ;;
+  *) echo "$0: didn't understand being called with \`$1'" 1>&2
+     exit 0;;
+esac
+
+#DEBHELPER#
+exit 0

debian/gitlab-common.templates

@@ -0,0 +1,8 @@
+Template: gitlab-common/user
+Type: string
+Default: gitlab
+_Description: Operating System user for this instance of Gitlab:
+ Please choose the username of the user used to run this instance of Gitlab.
+ .
+ This username will also be used in SSH urls of projects hosted with this
+ instance of Gitlab. For example, git@git.example.com:foo/bar.git

debian/gitlab.config

@@ -15,7 +15,6 @@ set -e
       # Store values from config file into
       # debconf db.
       db_set gitlab/fqdn "$GITLAB_HOST"
-      db_set gitlab/user "$gitlab_user"
       db_set gitlab/ssl "${GITLAB_HTTPS:-false}"
       db_set gitlab/letsencrypt "${gitlab_letsencrypt:-false}"
       if [ -n "$gitlab_letsencrypt_email" ]; then
@@ -49,10 +48,7 @@ if command -v letsencrypt >/dev/null; then
   fi
 fi
 
-# Do you want to change gitlab user?
-db_input high gitlab/user || true
-db_go
-db_get gitlab/user
+db_get gitlab-common/user
 gitlab_user=$RET
 
 # source dbconfig-common shell library, and call the hook function

debian/gitlab.install

@@ -4,13 +4,11 @@ debian/conf/database.yml etc/gitlab
 debian/conf/gitlab.yml.example usr/lib/gitlab/templates
 debian/conf/resque.yml etc/gitlab
 debian/conf/gitlab-debian.conf.example usr/lib/gitlab/templates
-debian/conf/gitlab-debian.defaults usr/lib/gitlab
 debian/conf/*.target lib/systemd/system
 debian/conf/smtp_settings.rb etc/gitlab/initializers
 debian/conf/tmpfiles.d/gitlab.conf.example usr/lib/gitlab/templates/tmpfiles.d
 debian/conf/nginx.conf.example usr/lib/gitlab/templates
 debian/conf/nginx.ssl.conf.example usr/lib/gitlab/templates
-debian/adduser.sh usr/lib/gitlab/scripts
 debian/rake-tasks.sh usr/lib/gitlab/scripts
 debian/gitlab-check.sh usr/lib/gitlab/scripts
 .babelrc usr/share/gitlab

debian/gitlab.postinst

@@ -8,15 +8,12 @@
 set -e
 
 # Setup variables
-# Now using gitlab-debian.defaults to override variables used only in
+# Now using gitlab-common.defaults to override variables used only in
 # maintainer scripts. Earlier versions used gitlab-debian.conf for this.
 # Now gitlab-debian.conf will only have user/admin configurable variables
 # and variables required by systemd services.
-gitlab_debian_conf_example=/usr/lib/gitlab/templates/gitlab-debian.conf.example
-gitlab_debian_conf_private=/var/lib/gitlab/gitlab-debian.conf
-gitlab_debian_conf=/etc/gitlab/gitlab-debian.conf
-gitlab_debian_defaults=/usr/lib/gitlab/gitlab-debian.defaults
-gitlab_debian_defaults_copy=/var/lib/gitlab/gitlab-debian.defaults
+gitlab_common_defaults=/usr/lib/gitlab-common/gitlab-common.defaults
+test -f ${gitlab_common_defaults} && . ${gitlab_common_defaults}
 
 # Show debconf questions
 . /usr/share/debconf/confmodule
@@ -44,10 +41,7 @@ gitlab_debian_defaults_copy=/var/lib/gitlab/gitlab-debian.defaults
 # Read debian specific configuration
 #######################################################################
 
-# Bootstrap config file - first try
-. ${gitlab_debian_conf_example}
-# second try
-cp ${gitlab_debian_conf_example} ${gitlab_debian_conf_private}
+test -f ${gitlab_debian_conf_private} || cp ${gitlab_debian_conf_example} ${gitlab_debian_conf_private}
 . ${gitlab_debian_conf_private}
 
 # If /etc/gitlab/gitlab-debian.conf is already present, use it
@@ -57,17 +51,10 @@ export DB RAILS_ENV
 # Read default values (we cannot do this before gitlab-debian.conf is exported
 # as we want to override variables set by gitlab-debian.conf in earlier gitlab
 # versions with gitlab-debian.defaults)
-. ${gitlab_debian_defaults}
+. ${gitlab_common_defaults}
 
-# Copy defaults for use with postrm
-cp ${gitlab_debian_defaults} ${gitlab_debian_defaults_copy}
-
-# Read gitlab_user from debconf db
-db_get gitlab/user
-gitlab_user=$RET >/dev/null
-
-# Create gitlab user
-. /usr/lib/gitlab/scripts/adduser.sh
+# Read gitlab_user from gitlab-common.conf
+test -f ${gitlab_common_conf} && . ${gitlab_common_conf}
 
 #######################################################################
 # update Gemfile.lock and yarn.lock, always
@@ -147,8 +134,6 @@ case "$1" in
     GITLAB_EMAIL_FROM="no-reply@$GITLAB_HOST"
     GITLAB_EMAIL_DISPLAY_NAME="Gitlab"
     GITLAB_EMAIL_REPLY_TO="no-reply@$GITLAB_HOST"
-    db_get gitlab/user
-    gitlab_user=$RET
     # Check if ssl option is selected
     db_get gitlab/ssl
     GITLAB_HTTPS=$RET
@@ -170,8 +155,6 @@ case "$1" in
         echo "GITLAB_EMAIL_DISPLAY_NAME=" >> ${gitlab_debian_conf_private}
     test -z "$GITLAB_EMAIL_REPLY_TO" || grep -Eq '^ *GITLAB_EMAIL_REPLY_TO=' ${gitlab_debian_conf_private} || \
         echo "GITLAB_EMAIL_REPLY_TO=" >> ${gitlab_debian_conf_private}
-    test -z "$gitlab_user" || grep -Eq '^ *gitlab_user=' ${gitlab_debian_conf_private} || \
-        echo "gitlab_user=" >> ${gitlab_debian_conf_private}
     test -z "$GITLAB_HTTPS" || grep -Eq '^ *GITLAB_HTTPS=' ${gitlab_debian_conf_private} || \
         echo "GITLAB_HTTPS=" >> ${gitlab_debian_conf_private}
     test -z "$gitlab_letsencrypt" || grep -Eq '^ *gitlab_letsencrypt=' ${gitlab_debian_conf_private} || \
@@ -182,12 +165,11 @@ case "$1" in
         -e "s/^ *GITLAB_EMAIL_FROM=.*/GITLAB_EMAIL_FROM=\"$GITLAB_EMAIL_FROM\"/" \
         -e "s/^ *GITLAB_EMAIL_DISPLAY_NAME=.*/GITLAB_EMAIL_DISPLAY_NAME=\"$GITLAB_EMAIL_DISPLAY_NAME\"/" \
         -e "s/^ *GITLAB_EMAIL_REPLY_TO=.*/GITLAB_EMAIL_REPLY_TO=\"$GITLAB_EMAIL_REPLY_TO\"/" \
-        -e "s/^ *gitlab_user=.*/gitlab_user=\"$gitlab_user\"/" \
         -e "s/^ *GITLAB_HTTPS=.*/GITLAB_HTTPS=\"$GITLAB_HTTPS\"/" \
         -e "s/^ *gitlab_letsencrypt=.*/gitlab_letsencrypt=\"$gitlab_letsencrypt\"/" \
         -e "s/^ *gitlab_letsencrypt_email=.*/gitlab_letsencrypt_email=\"$gitlab_letsencrypt_email\"/" \
             < ${gitlab_debian_conf_private} > ${gitlab_debian_conf_private}.tmp
-        mv -f ${gitlab_debian_conf_private}.tmp ${gitlab_debian_conf_private}
+    mv -f ${gitlab_debian_conf_private}.tmp ${gitlab_debian_conf_private}
 
     # Copy example configurations
     cp ${gitlab_yml_example} ${gitlab_yml_private}

debian/gitlab.postrm

@@ -7,8 +7,7 @@
 set -e
 
 # Set variables
-gitlab_debian_conf=/etc/gitlab/gitlab-debian.conf
-gitlab_debian_defaults=/var/lib/gitlab/gitlab-debian.defaults
+gitlab_common_defaults=/var/lib/gitlab-common/gitlab-common.defaults
 
 # This script is called twice during the removal of the package; once
 # after the removal of the package's files from the system, and as
@@ -18,8 +17,29 @@ gitlab_debian_defaults=/var/lib/gitlab/gitlab-debian.defaults
 # Ensure the menu system is updated
 
 # Read debian specific configuration
-if [ -f ${gitlab_debian_conf} ]; then . ${gitlab_debian_conf}; fi
-if [ -f ${gitlab_debian_defaults} ]; then . ${gitlab_debian_defaults}; fi
+if [ -f ${gitlab_common_defaults} ]
+then
+  . ${gitlab_common_defaults}
+else
+  echo "${gitlab_common_defaults} not found. Not removing anything."
+  exit 0
+fi
+
+if [ -f ${gitlab_debian_conf} ]
+then
+  . ${gitlab_debian_conf}
+else
+  echo "${gitlab_debian_conf} not found. Not removing anything."
+  exit 0
+fi
+
+if [ -f ${gitlab_common_conf} ]
+then
+  . ${gitlab_common_conf}
+else
+  echo "${gitlab_common_conf} not found. Not removing anything."
+  exit 0
+fi
 
 safely_remove() {
   CANDIDATE_DIR=$1
@@ -82,8 +102,6 @@ ${gitlab_data_dir}; do
             else
                 echo "dropdb command not found. Hence not removing database."
            fi
-           echo "Removing user: ${gitlab_user}"
-           if id -u ${gitlab_user}; then userdel -r ${gitlab_user}; fi
         else
             echo "gitlab_user not set. Hence not removing user."
         fi
@@ -115,7 +133,7 @@ ${gitlab_data_dir}; do
     for i in ${nginx_site} ${gitlab_debian_conf} ${gitlab_yml} \
 ${gitlab_tmpfiles} ${gitlab_shell_config} ${dbconfig_config}; do
       # remove the configuration file itself
-        safely_remove $i
+      if [ -f $i ] ; then rm -f $i; fi
       # and finally clear it out from the ucf database
       if which ucf >/dev/null; then
         if [ -n "$i" ]; then ucf --purge $i; fi

debian/gitlab.templates

@@ -11,15 +11,6 @@ _Description: Fully qualified domain name for this instance of Gitlab:
  If a reverse proxy is used, give the hostname that the proxy server
  responds to.
 
-Template: gitlab/user
-Type: string
-Default: gitlab
-_Description: Operating System user for this instance of Gitlab:
- Please choose the username of the user used to run this instance of Gitlab.
- .
- This username will also be used in SSH urls of projects hosted with this
- instance of Gitlab. For example, git@git.example.com:foo/bar.git
-
 Template: gitlab/ssl
 Type: boolean
 Default: false

debian/upstream-file-count-check.sh

@@ -1,9 +1,9 @@
 ucount=$(ls -1a |grep -vx .git | wc -l)
-dcount=$(cat debian/install |cut -d' ' -f1|grep -v debian |wc -l)
+dcount=$(cat debian/gitlab.install |cut -d' ' -f1|grep -v debian |wc -l)
 ignored=32
 if ! [ $(echo "$ucount" - "$dcount"|bc) -eq $ignored ]; then
   echo "Found new files added by upstream and not added to debian/install"
-  echo "Add them to debian/install or adjust 'ignored=${ignored}'"
+  echo "Add them to debian/gitlab.install or adjust 'ignored=${ignored}'"
   echo "in debian/upstream-file-count-check.sh as required"
   exit 1
 fi