From ac32bfc38e35e0d1c145eef5b4a10dd026f5244a Mon Sep 17 00:00:00 2001
From: Praveen Arimbrathodiyil <praveen@debian.org>
Date: Sat, 17 Sep 2016 14:38:57 +0530
Subject: [PATCH] use gitlab provided code to generate secrets.yml

---
 debian/changelog     |  6 ++++++
 debian/gitlab.links  |  1 +
 debian/rake-tasks.sh | 19 ++-----------------
 3 files changed, 9 insertions(+), 17 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 6ab3a1c170..c4860def92 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+gitlab (8.11.3+dfsg1-2) UNRELEASED; urgency=medium
+
+  * Use config/initializers/secret_token.rb to create secrets.yml 
+
+ -- Pirate Praveen <praveen@debian.org>  Sat, 17 Sep 2016 14:38:39 +0530
+
 gitlab (8.11.3+dfsg1-1) unstable; urgency=medium
 
   * New upstream release
diff --git a/debian/gitlab.links b/debian/gitlab.links
index 07a1572d7c..84723e4f20 100644
--- a/debian/gitlab.links
+++ b/debian/gitlab.links
@@ -2,6 +2,7 @@ var/lib/gitlab/public usr/share/gitlab/public
 var/lib/gitlab/shared usr/share/gitlab/shared
 var/lib/gitlab/db usr/share/gitlab/db
 var/lib/gitlab/.ssh usr/share/gitlab/.ssh
+var/lib/gitlab/secrets.yml etc/gitlab/secrets.yml
 var/log/gitlab usr/share/gitlab/log
 var/log/gitlab/builds usr/share/gitlab/builds
 run/gitlab usr/share/gitlab/tmp
diff --git a/debian/rake-tasks.sh b/debian/rake-tasks.sh
index 3d30291e79..15f2a9228c 100755
--- a/debian/rake-tasks.sh
+++ b/debian/rake-tasks.sh
@@ -5,18 +5,8 @@ export $(cat /etc/gitlab/gitlab-debian.conf)
 
 if ! [ -f "${gitlab_app_root}/config/secrets.yml" ]; then
   echo "Creating secrets.yml..."
-  # Check if .secret file exist already in gitlab_app_root
-  # See if it is an empty file
-  test -e ${gitlab_app_root}/.secret &&\
-  gitlab_app_secret=$(cat ${gitlab_app_root}/.secret);\
-  test -n "${gitlab_app_secret}" ||\
-  { gitlab_app_secret=$(openssl rand -hex 64)
-
-  cp ${gitlab_app_root}/config/secrets.yml.example ${gitlab_app_root}/config/secrets.yml
-  sed -i "s/# db_key_base:/db_key_base: ${gitlab_app_secret}/" ${gitlab_app_root}/config/secrets.yml
-  echo ${gitlab_app_secret} > ${gitlab_app_root}/.secret
-  }
-
+  cd ${gitlab_app_root}
+  su gitlab -c 'bundle exec rake config/initializers/secret_token.rb'
 fi
 
 # Check if the db is already present
@@ -31,12 +21,7 @@ else
 fi
 
 # Restrict permissions for secret files
-chown ${gitlab_user}: ${gitlab_data_dir}/.secret
-chmod 0700 ${gitlab_data_dir}/.secret
 chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret
-chown ${gitlab_user}: ${gitlab_app_root}/config/secrets.yml
-chmod 0700 ${gitlab_app_root}/config/secrets.yml
-
 
 echo "Precompiling assets..."
 su ${gitlab_user} -s /bin/sh -c 'bundle exec rake tmp:cache:clear assets:precompile RAILS_ENV=production'