Always overwrite private copy of gitlab-debian.conf (to add new entries)

-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEKnl0ri/BUtd4Z9pKzh+cZ0USwioFAlwt4YYACgkQzh+cZ0US
 wirP9w//XswmG+b9/mylMXdcCleRYbfZhHCMKqm/iha+REWc3pXgkRw6vE9uvSRX
 ghjL18sjTnPRVJMVkkSrdPUtWbtnh/xOLveBDa9/yIavDVhhYP6DWh4gx0NzT6e1
 eyDuwxGmDiubVQacq9URbFBYfDlgoP72o+kFMbxR68rahctHbOThKB2yK5Oww8gw
 /vdehTXTuG8IOVPaAB8zBeZNGa8dSky+s+hFLC/4zotjOr3if+zegPwoGnd58KwH
 UNWosrs9zQ6oAobuygsy+Cw1EwfgCoO0KBKiKUkgo4zpgOmtSEf7VyJrPuKt0/oy
 5JOGp9Pvedbfdmu4jKxJC3NkN56iBWgE3LPwdkVyEphJAyVJCyU/rwcT9f74Y1PK
 SYJBpGUwCTNt67vL1ctEbDTQsi2pREOeTFMj6htHavDaN/HB7MTMqTlUl54QZ4cQ
 SEeiukARyDkuskpWWzW0FH6f5AenESySN5dPBM07ep9+UfIG2kMlMEXx1QUw+Bbp
 luJgFHzMIbfZ0NmQ0md/P7XWBQXm0jp4frEqw/4YR8zp6MoOpHn+OkA9s2/j99E0
 xG8mpk/gVXLY6mCpZf6jqQCIVRJ/uJ0871K4q4Wbg5A/q5B1TebY+3WNbewJLMgw
 cQcjyOutdcvO2EDk9g4ZYK0DjhPDVg/x6p3R1wAWxngT/LIHqX8=
 =ZIKa
 -----END PGP SIGNATURE-----

Merge tag 'debian/11.5.6+dfsg-1' into stretch-backports

gitlab Debian release 11.5.6+dfsg-1

debian/.gitlab-ci.yml

@@ -0,0 +1,94 @@
+---
+variables:
+  GIT_DEPTH: 128
+  PB_RESULT: '${CI_PROJECT_DIR}/../${CI_PROJECT_NAME}_${CI_BUILD_REF}_${CI_JOB_NAME}_${CI_JOB_ID}'
+  LINTIAN_CMD: eval lintian --no-tag-display-limit --info --display-info --color=auto --display-experimental --pedantic "${PB_RESULT}"/*.changes
+  ORIGTAR_CMD: origtargz --tar-only
+# PDEBUILD_CMD: eval pdebuild --use-pdebuild-internal --pbuildersatisfydepends "/usr/lib/pbuilder/pbuilder-satisfydepends-classic" --buildresult "${PB_RESULT}" --debbuildopts -sa
+  PDEBUILD_CMD: eval pdebuild --use-pdebuild-internal --buildresult "${PB_RESULT}" --debbuildopts -sa
+  EATMYDATA: "yes"
+  AUTOCLEANAPTCACHE: "yes"
+  USE_PDEBUILD_INTERNAL: "yes"
+
+.pre_build:
+  script: &pre_build |
+    uname -a
+    date
+    env
+    pwd
+    mkdir -v -p "${PB_RESULT}"
+
+stages:
+  - check
+  - build
+
+yamllint:
+  stage: check
+  tags:
+    - yamllint
+  dependencies: []
+  allow_failure: false
+  script: |
+    yamllint -c debian/.yamllint debian/.*.yml
+
+dpkg-copyright:
+  stage: check
+  tags:
+    - cme
+  dependencies: []
+  allow_failure: false
+  script: |
+    cme check dpkg-copyright
+
+dpkg-control:
+  stage: check
+  tags:
+    - cme
+  dependencies: []
+  allow_failure: true
+  script:
+    - wrap-and-sort --keep-first --trailing-comma # terrible way to fix "Cannot parse: ''" in "cme check dpkg-control".
+    - cme check dpkg-control
+
+## Build
+
+testing_unstable-amd64:
+  stage: build
+  tags:
+    - pbuilder
+    - amd64
+  dependencies: []
+  allow_failure: false
+  before_script:
+    - *pre_build
+  script:
+    - ${ORIGTAR_CMD}
+    - ${PDEBUILD_CMD} --architecture amd64 -- --basetgz /var/cache/pbuilder/testing_unstable-amd64.tgz
+    - ${LINTIAN_CMD}
+
+unstable-i386:
+  stage: build
+  tags:
+    - pbuilder
+    - amd64
+  dependencies: []
+  allow_failure: false
+  before_script:
+    - *pre_build
+  script:
+    - ${ORIGTAR_CMD}
+    - ${PDEBUILD_CMD} --architecture i386 -- --basetgz /var/cache/pbuilder/unstable-i386.tgz
+
+unstable-amd64:
+  stage: build
+  tags:
+    - pbuilder
+    - amd64
+  dependencies: []
+  allow_failure: false
+  before_script:
+    - *pre_build
+  script:
+    - ${ORIGTAR_CMD}
+    - ${PDEBUILD_CMD} --architecture amd64 -- --basetgz /var/cache/pbuilder/unstable-amd64.tgz
+    - ${LINTIAN_CMD}

debian/.yamllint

@@ -0,0 +1,17 @@
+---
+extends: default
+
+rules:
+  line-length:
+    level: warning
+    max: 120
+  braces:
+    level: warning
+    max-spaces-inside: 8
+  trailing-spaces:
+    level: warning
+  colons:
+    level: warning
+    max-spaces-after: 16
+  empty-lines:
+    level: warning

debian/Gemfile.autopkgtest

@@ -0,0 +1,88 @@
+# --- Special code for migrating to Rails 5.0 ---
+def rails5?
+  %w[1 true].include?(ENV["RAILS5"])
+end
+
+gem_versions = {}
+gem_versions['activerecord_sane_schema_dumper'] = rails5? ? '1.0'      : '0.2'
+gem_versions['default_value_for']               = rails5? ? '~> 3.0.5' : '~> 3.0'
+gem_versions['rails']                           = rails5? ? '5.0.7'    : '4.2.10'
+gem_versions['rails-i18n']                      = rails5? ? '~> 5.1'   : '~> 4.0.9'
+# --- The end of special code for migrating to Rails 5.0 ---
+
+source 'https://rubygems.org'
+gem 'rails', gem_versions['rails']
+
+# Use packaged native gems
+gem 'rake', '12.3.1'
+gem 'rails-dom-testing', '1.0.6'
+gem 'nokogiri', '1.8.4'
+gem 'pg', '~> 0.19.0'
+gem 'rack', '~> 1.6.4'
+gem 'sprockets-rails', '~> 2.3.2'
+
+if ENV["INCLUDE_TEST_DEPENDS"] == "true"
+  gem 'bootsnap', '~> 1.3'
+  gem 'pry-byebug', '~> 3.4.1', platform: :mri
+  gem 'pry-rails', '~> 0.3.4'
+
+  gem 'awesome_print', require: false
+  gem 'fuubar', '~> 2.2.0'
+
+  gem 'database_cleaner', '~> 1.5.0'
+  gem 'factory_bot_rails', '~> 4.8.2'
+  gem 'rspec-rails', '~> 3.7' # Use packaged version
+  gem 'rspec-retry', '~> 0.4.5'
+  gem 'rspec_profiling', '~> 0.0.5'
+  gem 'rspec-set', '~> 0.1.3'
+  gem 'rspec-parameterized', require: false
+
+  # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
+  gem 'minitest', '~> 5.7.0'
+
+  # Generate Fake data
+  gem 'ffaker', '~> 2.4'
+
+  gem 'capybara', '~> 2.15'
+  gem 'capybara-screenshot', '~> 1.0.0'
+  gem 'selenium-webdriver', '~> 3.12'
+
+  gem 'spring', '~> 2.0.0'
+  gem 'spring-commands-rspec', '~> 1.0.4'
+
+  gem 'gitlab-styles', '~> 2.4', require: false
+  # Pin these dependencies, otherwise a new rule could break the CI pipelines
+  gem 'rubocop', '~> 0.54.0'
+  gem 'rubocop-rspec', '~> 1.22.1'
+
+  gem 'scss_lint', '~> 0.56.0', require: false
+  gem 'haml_lint', '~> 0.26.0', require: false
+  gem 'simplecov', '~> 0.14.0', require: false
+  gem 'bundler-audit', '~> 0.5.0', require: false
+
+  gem 'benchmark-ips', '~> 2.3.0', require: false
+
+  gem 'license_finder', '~> 5.4', require: false
+  gem 'knapsack', '~> 1.16'
+
+  gem 'activerecord_sane_schema_dumper', gem_versions['activerecord_sane_schema_dumper']
+
+  gem 'stackprof', '~> 0.2.10', require: false
+
+  gem 'simple_po_parser', '~> 1.1.2', require: false
+
+  gem 'timecop', '~> 0.8.0'
+#end
+
+#group :test do
+  gem 'shoulda-matchers', '~> 3.1.2', require: false
+  gem 'email_spec', '~> 2.2.0'
+  gem 'json-schema', '~> 2.8.0'
+  gem 'webmock', '>= 2.3.2'
+  gem 'rails-controller-testing' if rails5? # Rails5 only gem.
+  gem 'test_after_commit', '~> 1.1' unless rails5? # Remove this gem when migrated to rails 5.0. It's been integrated to rails 5.0.
+  gem 'sham_rack', '~> 1.3.6'
+  gem 'concurrent-ruby', '~> 1.0.5'
+  gem 'test-prof', '~> 0.2.5'
+  gem 'rspec_junit_formatter'
+end

debian/README.Debian

@@ -0,0 +1,147 @@
+Debian specific changes in gitlab
+=================================
+
+1. Redis connection: redis-server package in debian follows upstream default
+and listens on tcp port 6379. So gitlab package in debian is configured to use
+tcp sockets. gitlab developers recommend using unix sockets. You can change to
+using unix sockets by changing the following configuration files.
+
+ /etc/redis/redis.conf and /etc/gitlab/resque.yml
+
+2. wiki backend: debian package uses gollum-rugged_adapter whereas gitlab
+upstream still use gollum-grit_adapter. grit is no longer maintained and grit
+developers recommend switching to rugged. gollum-lib developers have announced
+their intention to switch to rugged_adapter by default and this is in progress.
+
+3. default paths: debian package has changed some default values for paths
+which you can see at /etc/gitlab/gitlab-debian.conf
+
+4. database: gitlab package configures postgresql database with peer
+authentication.
+
+5. gem versions: some gem dependency requirements are relaxed to work with
+their packaged version in debian.
+
+You can find the list of gems required by gitlab and their corresponding
+package versions in debian at
+http://debian.fosscommunity.in/status/?appname=gitlab&sort=satisfied
+
+6. vendored js files: some embedded javascript files in
+vendor/assets/javascripts are replaced by their packaged version.
+
+7. root directory of rails is read only (/usr/share/gitlab); following symbolic
+links are added to enable write access to gitlab app
+
+> config -> /etc/gitlab
+> Gemfile.lock -> /var/lib/gitlab/Gemfile.lock
+> log -> /var/log/gitlab
+> builds -> /var/log/gitlab/builds
+> tmp -> /run/gitlab
+> /run/gitlab/cache -> var/lib/gitlab/cache
+> public -> /var/lib/gitlab/public
+> shared -> /var/lib/gitlab/shared
+> db -> /var/lib/gitlab/db
+> /usr/share/gitlab/.secret -> /var/lib/gitlab/.secret
+
+8. ssl certificates: This package tries to use letsencrypt package to obtain
+ssl certificates, if it is installed (via Recommends). If letsencrypt is not
+required, you can copy ssl certificate and key to /etc/gitlab/ssl as gitlab.crt
+and gitlab.key. If letsencrypt option is selected, symbolic links are added for
+certificates obtained using letsencrypt to /etc/gitlab/ssl.
+
+9. exim compatibility issue: If you use exim as your mta, then see
+https://github.com/gitlabhq/gitlabhq/issues/4866#issuecomment-145784636
+
+Useful diagnostics
+==================
+
+Upstream documentation will instruct to run commands like the following:
+
+    $ sudo -u gitlab -H bundle exec rake XXX RAILS_ENV=production
+
+Where XXX is something like "db:migrate", "gitlab:check" or "gitlab:env:info".
+In Debian, the rake command has to be called by the gitlab user from app home
+directory /usr/share/gitlab and with the environment variables from
+/etc/gitlab/gitlab-debian.conf set. So above command could be run like:
+
+    $ runuser -u gitlab -- sh -c 'cd /usr/share/gitlab && . /etc/gitlab/gitlab-debian.conf && export DB RAILS_ENV && bundle exec rake XXX RAILS_ENV=production'
+
+One useful command to run in this environment is:
+
+    $ bundle exec rake gitlab:check RAILS_ENV=production
+
+Which will output helpful diagnostics about the state of your system including
+how to fix possible problems. Another one is:
+
+    $ bundle exec rake gitlab:env:info RAILS_ENV=production
+
+To see service status with systemd, you can use:
+
+    $ systemctl status gitlab.service -l
+    $ systemctl status gitlab-unicorn.service -l
+    $ systemctl status gitlab-sidekiq.service -l
+    $ systemctl status gitlab-workhorse.service -l
+    $ journalctl -xn
+
+It is advised to attach the output of above commands to bugreports.
+
+Migrating from non-Debian gitlab
+================================
+
+ 0. Backup everything you don't want to loose like:
+      - the postgresql database used by your gitlab instance
+      - the repositories/ directory
+      - the public/uploads/ directory
+      - your .ssh/authorized_keys
+ 1. Remove the init script for your old gitlab installation, like:
+      $ rm /etc/init.d/gitlab
+ 2. Install Debian gitlab:
+      $ apt-get install gitlab
+ 3. Stop gitlab services:
+      $ systemctl stop gitlab.service
+ 4. Rename your old database to gitlab_production and set the user gitlab as
+    its owner and the owner of all its tables, sequences and views
+      $ su - postgres
+      $ psql
+      # drop database gitlab_production;
+      # alter database gitlabhq_production rename to gitlab_production;
+      # alter database gitlab_production owner to gitlab;
+      # \q
+      $ for tbl in `psql -qAt -c "select tablename from pg_tables where schemaname = 'public';" gitlab_production` ; do  psql -c "alter table \"$tbl\" owner to gitlab" gitlab_production ; done
+      $ for tbl in `psql -qAt -c "select sequence_name from information_schema.sequences where sequence_schema = 'public';" gitlab_production` ; do  psql -c "alter table \"$tbl\" owner to gitlab" gitlab_production ; done
+ 5. Copy your old repository directory to /var/lib/gitlab/repositories/
+ 6. Copy your old public/uploads/ directory to /var/lib/gitlab/public/uploads/
+ 7. Copy your old .ssh/authorized_keys to /var/lib/gitlab/.ssh/authorized_keys
+ 8. Fix your /var/lib/gitlab/.ssh/authorized_keys to contain the right path to gitlab-shell like:
+      $ sed -i 's/^command="[^ ]\+gitlab-shell /command="\/usr\/share\/gitlab-shell\/bin\/gitlab-shell /' /usr/share/gitlab/.ssh/authorized_keys
+ 9. Fix permission:
+      $ chown -R gitlab:gitlab /var/lib/gitlab/repositories/ /var/lib/gitlab/public/uploads/ /var/lib/gitlab/.ssh/authorized_keys
+      $ chmod -R ug+rwX,o-rwx /var/lib/gitlab/repositories/
+      $ find /var/lib/gitlab/public/uploads -type f -exec chmod 0644 {} \;
+      $ find /var/lib/gitlab/public/uploads -type d -not -path /var/lib/gitlab/public/uploads -exec chmod 0700 {} \;
+ 10. Migrate the database:
+      $ runuser -u gitlab -- sh -c 'cd /usr/share/gitlab && . /etc/gitlab/gitlab-debian.conf && export DB RAILS_ENV && bundle exec rake db:migrate RAILS_ENV=production'
+ 11. Fix hooks:
+      # su gitlab
+      $ /usr/share/gitlab-shell/bin/create-hooks
+ 12. Start gitlab:
+       $ systemctl start gitlab.service
+ 13. Check the installation:
+      $ runuser -u gitlab -- sh -c 'cd /usr/share/gitlab && . /etc/gitlab/gitlab-debian.conf && export DB RAILS_ENV && bundle exec rake gitlab:check RAILS_ENV=production'
+
+Resetting admin password without web interface
+==============================================
+The steps involve dropping into rails console as gitlab user for production environment and then resetting the admin password via the user object.
+    $ runuser -u gitlab -- sh -c 'cd /usr/share/gitlab && . /etc/gitlab/gitlab-debian.conf && export DB RAILS_ENV && bundle exec rails console production'
+    irb(main):001:0> user = User.where(admin: true).first
+    irb(main):002:0> user.password = 'secret_pass'
+    irb(main):003:0> user.password_confirmation = 'secret_pass'
+    irb(main):004:0> user.save!
+
+Granting an existing user admin access
+======================================
+The steps involve dropping into rails console as gitlab user for production environment and running the following commands.
+    $ runuser -u gitlab -- sh -c 'cd /usr/share/gitlab && . /etc/gitlab/gitlab-debian.conf && export DB RAILS_ENV && bundle exec rails console production'
+    irb(main):001:0> user = User.find_by(email: 'useraddress@domain')
+    irb(main):003:0> user.admin=true
+    irb(main):004:0> user.save

debian/README.source

@@ -0,0 +1,10 @@
+Git Branches and meanings:
+
+master		:always current development, now 9.x in contrib, using npm
+syslibs		:now 9.x in main, needs packages in NEW
+master-8	:created to continue working on gitlab 8.x when master moved
+ to 9 (since 9.x upload in unstable, this branch is not relevant)
+stretch-updates	:now 8.x in main, security updates for stretch
+
+Create master-10 till 10.x is ready for unstable. Security updates should be
+in stretch-updates branch or in temporary branches created from it.

debian/adduser.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# add gitlab user (requires adduser >= 3.34)
+# don't muck around with this unless you KNOW what you're doing
+
+# Take gitlab_user from envornment variable or use gitlab
+test -n "${gitlab_user}" || gitlab_user="gitlab"
+
+# Take gitlab_data_dir from envornment variable or use /var/lib/gitlab
+test -n "${gitlab_data_dir}" || gitlab_data_dir="/var/lib/gitlab"
+
+# Create gitlab user with home in /var/lib
+echo "Creating/updating ${gitlab_user} user account..."
+adduser --system --home /var/lib/gitlab --gecos "${gitlab_user} user" --shell /bin/sh \
+	--quiet --disabled-password --group ${gitlab_user} || {
+echo "Proceeding with existing ${gitlab_user} user..."
+  }
+
+# Give gitlab_user ownership of gitlab_data_dir
+chown ${gitlab_user} ${gitlab_data_dir}

debian/compat

@@ -0,0 +1 @@
+10

debian/conf/database.yml

@@ -0,0 +1,47 @@
+#
+# PRODUCTION
+#
+production:
+  adapter: postgresql
+  host: /var/run/postgresql
+  encoding: unicode
+  database: gitlab_production
+  pool: 10
+  # username: git
+  # password:
+  # host: localhost
+  # port: 5432 
+
+#
+# Development specific
+#
+development:
+  adapter: postgresql
+  encoding: unicode
+  database: gitlabhq_development
+  pool: 5
+  username: postgres
+  password:
+
+#
+# Staging specific
+#
+staging:
+  adapter: postgresql
+  encoding: unicode
+  database: gitlabhq_staging
+  pool: 5
+  username: postgres
+  password:
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test: &test
+  adapter: postgresql
+  encoding: unicode
+  host: /var/run/postgresql
+  database: gitlab_test
+  pool: 5
+  #username: postgres
+  password:

debian/conf/gitlab

@@ -0,0 +1,73 @@
+#! /bin/sh
+
+# Copy this lib/support/init.d/gitlab.default.example file to
+# /etc/default/gitlab in order for it to apply to your system.
+
+# RAILS_ENV defines the type of installation that is running.
+# Normal values are "production", "test" and "development".
+RAILS_ENV="production"
+
+# Read debian specific configuration
+. /etc/gitlab/gitlab-debian.conf
+. /etc/gitlab-common/gitlab-common.conf
+
+for i in $(grep -v '#' /etc/gitlab/gitlab-debian.conf | cut -d= -f 1)
+do
+  export $i
+done
+
+# app_user defines the user that GitLab is run as.
+# The default is "git".
+export app_user=${gitlab_user}
+
+# app_root defines the folder in which gitlab and it's components are installed.
+# The default is "/home/$app_user/gitlab"
+app_root=${gitlab_app_root}
+
+# gitlab_log_dir is defined in /etc/gitlab/gitlab-debian.conf
+
+# pid_path defines a folder in which the gitlab and it's components place their pids.
+# This variable is also used below to define the relevant pids for the gitlab components.
+# The default is "$app_root/tmp/pids"
+pid_path="${gitlab_pid_path}"
+
+# socket_path defines the folder in which gitlab places the sockets
+#The default is "$app_root/tmp/sockets"
+socket_path="${gitlab_pid_path}"
+
+# web_server_pid_path defines the path in which to create the pid file fo the web_server
+# The default is "$pid_path/unicorn.pid"
+web_server_pid_path="$pid_path/unicorn.pid"
+
+# sidekiq_pid_path defines the path in which to create the pid file for sidekiq
+# The default is "$pid_path/sidekiq.pid"
+sidekiq_pid_path="$pid_path/sidekiq.pid"
+
+# sidekiq_logfile defines log file used by sidekiq
+sidekiq_logfile="${gitlab_log_dir}/sidekiq.log"
+
+gitlab_workhorse_pid_path="$pid_path/gitlab-workhorse.pid"
+# The -listenXxx settings determine where gitlab-workhorse
+# listens for connections from NGINX. To listen on localhost:8181, write
+# '-listenNetwork tcp -listenAddr localhost:8181'.
+# The -authBackend setting tells gitlab-workhorse where it can reach
+# Unicorn.
+gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8080"
+gitlab_workhorse_log="${gitlab_log_dir}/gitlab-workhorse.log"
+
+# mail_room_enabled specifies whether mail_room, which is used to process incoming email, is enabled.
+# This is required for the Reply by email feature.
+# The default is "false"
+mail_room_enabled=false
+
+# mail_room_pid_path defines the path in which to create the pid file for mail_room
+# The default is "$pid_path/mail_room.pid"
+mail_room_pid_path="$pid_path/mail_room.pid"
+
+# mail_room_logfile defines log file used by mailroom
+mail_room_logfile="${gitlab_log_dir}/mail_room.log"
+
+# shell_path defines the path of shell for "$app_user" in case you are using
+# shell other than "bash"
+# The default is "/bin/bash"
+shell_path="/bin/bash"

debian/conf/gitlab-common.defaults

@@ -0,0 +1,24 @@
+gitlab_common_conf_private=/var/lib/gitlab-common/gitlab-common.conf
+gitlab_common_conf=/etc/gitlab-common/gitlab-common.conf
+gitlab_debian_conf_example=/usr/lib/gitlab/templates/gitlab-debian.conf.example
+gitlab_debian_conf_private=/var/lib/gitlab/gitlab-debian.conf
+gitlab_debian_conf=/etc/gitlab/gitlab-debian.conf
+gitlab_cache_path=/var/cache/gitlab
+gitlab_scripts=/usr/lib/gitlab/scripts
+gitlab_yml_example=/usr/lib/gitlab/templates/gitlab.yml.example
+gitlab_yml_private=/var/lib/gitlab/gitlab.yml
+gitlab_yml=/etc/gitlab/gitlab.yml
+gitlab_shell_config_example=/usr/lib/gitlab-shell/config.yml.example
+gitlab_shell_config_private=/var/lib/gitlab/gitlab-shell-config.yml
+gitlab_shell_config=/etc/gitlab-shell/config.yml
+gitlab_nginx_log=/var/log/gitlab
+gitlab_ssl_path=/etc/gitlab/ssl
+gitlab_shell_root=/usr/share/gitlab-shell
+gitlab_shell_log=/var/log/gitlab-shell
+gitlab_tmpfiles_example=/usr/lib/gitlab/templates/tmpfiles.d/gitlab.conf.example
+gitlab_tmpfiles_private=/var/lib/gitlab/tmpfiles.d-gitlab.conf
+gitlab_tmpfiles=/usr/lib/tmpfiles.d/gitlab.conf
+nginx_user=www-data
+nginx_conf_example=/usr/lib/gitlab/templates/nginx.conf.example
+nginx_ssl_conf_example=/usr/lib/gitlab/templates/nginx.ssl.conf.example
+nginx_site_private=/var/lib/gitlab/nginx.conf

debian/conf/gitlab-debian.conf.example

@@ -0,0 +1,11 @@
+# Variables with all small letters are debian specific
+# Variables with all caps are passed to gitlab app
+RAILS_ENV=production
+DB=postgres
+# This will be replaced by debian/rules at the time of build.
+GITLAB_DEBIAN_VERSION="__NEW_VERSION__"
+SALSA_TAG_URL="https://salsa.debian.org/ruby-team/gitlab/tags/debian/"
+gitlab_app_root=/usr/share/gitlab
+gitlab_data_dir=/var/lib/gitlab
+gitlab_pid_path=/run/gitlab
+gitlab_log_dir=/var/log/gitlab

debian/conf/gitlab.target

@@ -0,0 +1,14 @@
+#####################################################
+#
+# GitLab version    : 5.x - 7.x
+# Contributors      : davispuh, mtorromeo, axilleas, boeserwolf91, Stefan Tatschner (rumpelsepp)
+# Downloaded from   : https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/init/systemd
+#
+####################################################
+
+[Unit]
+Description=GitLab Service
+Requires=gitlab-unicorn.service gitlab-sidekiq.service gitlab-mailroom.service gitlab-workhorse.service
+
+[Install]
+WantedBy=multi-user.target

debian/conf/gitlab.yml.example

@@ -0,0 +1,744 @@
+# # # # # # # # # # # # # # # # # #
+# GitLab application config file  #
+# # # # # # # # # # # # # # # # # #
+#
+###########################  NOTE  #####################################
+# This file should not receive new settings. All configuration options #
+# * are being moved to ApplicationSetting model!                       #
+# If a setting requires an application restart say so in that screen.  #
+# If you change this file in a Merge Request, please also create       #
+# a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests  #
+########################################################################
+#
+#
+# How to use:
+# 1. Copy file as gitlab.yml
+# 2. Update gitlab -> host with your fully qualified domain name
+# 3. Update gitlab -> email_from
+# 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git
+#    IMPORTANT: If Git was installed in a different location use that instead.
+#    You can check with `which git`. If a wrong path of Git is specified, it will
+#     result in various issues such as failures of GitLab CI builds.
+# 5. Review this configuration file for other settings you may want to adjust
+
+# For Debian specific changes: See /usr/share/doc/README.Debian
+
+production: &base
+  #
+  # 1. GitLab app settings
+  # ==========================
+
+  ## GitLab settings
+  gitlab:
+    ## Web server settings (note: host is the FQDN, do not include http://)
+    #host: localhost
+    #port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
+    https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
+
+    # Uncommment this line below if your ssh host is different from HTTP/HTTPS one
+    # (you'd obviously need to replace ssh.host_example.com with your own host).
+    # Otherwise, ssh host will be set to the `host:` value above
+    # ssh_host: ssh.host_example.com
+
+    # Relative URL support
+    # WARNING: We recommend using an FQDN to host GitLab in a root path instead
+    # of using a relative URL.
+    # Documentation: http://doc.gitlab.com/ce/install/relative_url.html
+    # Uncomment and customize the following line to run in a non-root path
+    #
+    # relative_url_root: /gitlab
+
+    # Trusted Proxies
+    # Customize if you have GitLab behind a reverse proxy which is running on a different machine.
+    # Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
+    trusted_proxies:
+      # Examples:
+      #- 192.168.1.0/24
+      #- 192.168.2.1
+      #- 2001:0db8::/32
+
+    # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
+    user: git #gitlab_user (DON'T REMOVE THIS COMMENT)
+    user_home: /var/lib/gitlab
+
+    ## Date & Time settings
+    # Uncomment and customize if you want to change the default time zone of GitLab application.
+    # To see all available zones, run `bundle exec rake time:zones:all RAILS_ENV=production`
+    # time_zone: 'UTC'
+
+    ## Email settings
+    # Uncomment and set to false if you need to disable email sending from GitLab (default: true)
+    # email_enabled: true
+    # Email address used in the "From" field in mails sent by GitLab
+    # Using environmental variables from /etc/gitlab/gitlab-debian.conf
+    # email_from: example@example.com
+    # email_display_name: GitLab
+    # email_reply_to: noreply@example.com
+    # email_subject_suffix: ''
+
+    # Email server smtp settings are in config/initializers/smtp_settings.rb.sample
+
+    # default_can_create_group: false  # default: true
+    # username_changing_enabled: false # default: true - User can change her username/namespace
+
+    ## Automatic issue closing
+    # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
+    # This happens when the commit is pushed or merged into the default branch of a project.
+    # When not specified the default issue_closing_pattern as specified below will be used.
+    # Tip: you can test your closing pattern at http://rubular.com.
+    # issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing))(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)'
+
+    ## Default project features settings
+    default_projects_features:
+      issues: true
+      merge_requests: true
+      wiki: true
+      snippets: true
+      builds: true
+      container_registry: true
+
+    ## Webhook settings
+    # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
+    # webhook_timeout: 10
+
+    ## Repository downloads directory
+    # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
+    # The default is 'shared/cache/archive/' relative to the root of the Rails app.
+    # repository_downloads_path: shared/cache/archive/
+
+  ## Reply by email
+  # Allow users to comment on issues and merge requests by replying to notification emails.
+  # For documentation on how to set this up, see http://doc.gitlab.com/ce/administration/reply_by_email.html
+  incoming_email:
+    enabled: false
+
+    # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
+    # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
+    address: "gitlab-incoming+%{key}@gmail.com"
+
+    # Email account username
+    # With third party providers, this is usually the full email address.
+    # With self-hosted email servers, this is usually the user part of the email address.
+    user: "gitlab-incoming@gmail.com"
+    # Email account password
+    password: "[REDACTED]"
+
+    # IMAP server host
+    host: "imap.gmail.com"
+    # IMAP server port
+    port: 993
+    # Whether the IMAP server uses SSL
+    ssl: true
+    # Whether the IMAP server uses StartTLS
+    start_tls: false
+
+    # The mailbox where incoming mail will end up. Usually "inbox".
+    mailbox: "inbox"
+    # The IDLE command timeout.
+    idle_timeout: 60
+
+  ## Build Artifacts
+  artifacts:
+    enabled: true
+    # The location where build artifacts are stored (default: shared/artifacts).
+    # path: shared/artifacts
+
+  ## Git LFS
+  lfs:
+    enabled: true
+    # The location where LFS objects are stored (default: shared/lfs-objects).
+    # storage_path: shared/lfs-objects
+
+  ## GitLab Pages
+  pages:
+    enabled: false
+    # The location where pages are stored (default: shared/pages).
+    # path: shared/pages
+
+    # The domain under which the pages are served:
+    # http://group.example.com/project
+    # or project path can be a group page: group.example.com
+    host: example.com
+    port: 80 # Set to 443 if you serve the pages with HTTPS
+    https: false # Set to true if you serve the pages with HTTPS
+    # external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages
+    # external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages
+
+  ## Mattermost
+  ## For enabling Add to Mattermost button
+  mattermost:
+    enabled: false
+    host: 'https://mattermost.example.com'
+
+  ## Gravatar
+  ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
+  gravatar:
+    # gravatar urls: possible placeholders: %{hash} %{size} %{email} %{username}
+    # plain_url: "http://..."     # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
+    # ssl_url:   "https://..."    # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
+
+  ## Auxiliary jobs
+  # Periodically executed jobs, to self-heal Gitlab, do external synchronizations, etc.
+  # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
+  cron_jobs:
+    # Flag stuck CI jobs as failed
+    stuck_ci_jobs_worker:
+      cron: "0 * * * *"
+    # Execute scheduled triggers
+    pipeline_schedule_worker:
+      cron: "19 * * * *"
+    # Remove expired build artifacts
+    expire_build_artifacts_worker:
+      cron: "50 * * * *"
+    # Periodically run 'git fsck' on all repositories. If started more than
+    # once per hour you will have concurrent 'git fsck' jobs.
+    repository_check_worker:
+      cron: "20 * * * *"
+    # Send admin emails once a week
+    admin_email_worker:
+      cron: "0 0 * * 0"
+
+    # Remove outdated repository archives
+    repository_archive_cache_worker:
+      cron: "0 * * * *"
+
+  registry:
+    # enabled: true
+    # host: registry.example.com
+    # port: 5005
+    # api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API
+    # key: config/registry.key
+    # path: shared/registry
+    # issuer: gitlab-issuer
+
+  #
+  # 2. GitLab CI settings
+  # ==========================
+
+  gitlab_ci:
+    # Default project notifications settings:
+    #
+    # Send emails only on broken builds (default: true)
+    # all_broken_builds: true
+    #
+    # Add pusher to recipients list (default: false)
+    # add_pusher: true
+
+    # The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root
+    # builds_path: builds/
+
+  #
+  # 3. Auth settings
+  # ==========================
+
+  ## LDAP settings
+  # You can test connections and inspect a sample of the LDAP users with login
+  # access by running:
+  #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
+  ldap:
+    enabled: false
+    servers:
+      ##########################################################################
+      #
+      # Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab
+      # Enterprise Edition now supports connecting to multiple LDAP servers.
+      #
+      # If you are updating from the old (pre-7.4) syntax, you MUST give your
+      # old server the ID 'main'.
+      #
+      ##########################################################################
+      main: # 'main' is the GitLab 'provider ID' of this LDAP server
+        ## label
+        #
+        # A human-friendly name for your LDAP server. It is OK to change the label later,
+        # for instance if you find out it is too large to fit on the web page.
+        #
+        # Example: 'Paris' or 'Acme, Ltd.'
+        label: 'LDAP'
+
+        # Example: 'ldap.mydomain.com'
+        host: '_your_ldap_server'
+        # This port is an example, it is sometimes different but it is always an integer and not a string
+        port: 389 # usually 636 for SSL
+        uid: 'sAMAccountName' # This should be the attribute, not the value that maps to uid.
+
+        # Examples: 'america\\momo' or 'CN=Gitlab Git,CN=Users,DC=mydomain,DC=com'
+        bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+        password: '_the_password_of_the_bind_user'
+
+        # Encryption method. The "method" key is deprecated in favor of
+        # "encryption".
+        #
+        #   Examples: "start_tls" or "simple_tls" or "plain"
+        #
+        #   Deprecated values: "tls" was replaced with "start_tls" and "ssl" was
+        #   replaced with "simple_tls".
+        #
+        encryption: 'plain'
+
+        # Enables SSL certificate verification if encryption method is
+        # "start_tls" or "simple_tls". (Defaults to false for backward-
+        # compatibility)
+        verify_certificates: false
+
+        # Specifies the path to a file containing a PEM-format CA certificate,
+        # e.g. if you need to use an internal CA.
+        #
+        #   Example: '/etc/ca.pem'
+        #
+        ca_file: ''
+
+        # Specifies the SSL version for OpenSSL to use, if the OpenSSL default
+        # is not appropriate.
+        #
+        #   Example: 'TLSv1_1'
+        #
+        ssl_version: ''
+
+        # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
+        # a request if the LDAP server becomes unresponsive.
+        # A value of 0 means there is no timeout.
+        timeout: 10
+
+        # This setting specifies if LDAP server is Active Directory LDAP server.
+        # For non AD servers it skips the AD specific queries.
+        # If your LDAP server is not AD, set this to false.
+        active_directory: true
+
+        # If allow_username_or_email_login is enabled, GitLab will ignore everything
+        # after the first '@' in the LDAP username submitted by the user on login.
+        #
+        # Example:
+        # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
+        # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
+        #
+        # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
+        # disable this setting, because the userPrincipalName contains an '@'.
+        allow_username_or_email_login: false
+
+        # To maintain tight control over the number of active users on your GitLab installation,
+        # enable this setting to keep new users blocked until they have been cleared by the admin
+        # (default: false).
+        block_auto_created_users: false
+
+        # Base where we can search for users
+        #
+        #   Ex. 'ou=People,dc=gitlab,dc=example' or 'DC=mydomain,DC=com'
+        #
+        base: ''
+
+        # Filter LDAP users
+        #
+        #   Format: RFC 4515 https://tools.ietf.org/search/rfc4515
+        #   Ex. (employeeType=developer)
+        #
+        #   Note: GitLab does not support omniauth-ldap's custom filter syntax.
+        #
+        #   Example for getting only specific users:
+        #   '(&(objectclass=user)(|(samaccountname=momo)(samaccountname=toto)))'
+        #
+        user_filter: ''
+
+        # LDAP attributes that GitLab will use to create an account for the LDAP user.
+        # The specified attribute can either be the attribute name as a string (e.g. 'mail'),
+        # or an array of attribute names to try in order (e.g. ['mail', 'email']).
+        # Note that the user's LDAP login will always be the attribute specified as `uid` above.
+        attributes:
+          # The username will be used in paths for the user's own projects
+          # (like `gitlab.example.com/username/project`) and when mentioning
+          # them in issues, merge request and comments (like `@username`).
+          # If the attribute specified for `username` contains an email address,
+          # the GitLab username will be the part of the email address before the '@'.
+          username: ['uid', 'userid', 'sAMAccountName']
+          email:    ['mail', 'email', 'userPrincipalName']
+
+          # If no full name could be found at the attribute specified for `name`,
+          # the full name is determined using the attributes specified for
+          # `first_name` and `last_name`.
+          name:       'cn'
+          first_name: 'givenName'
+          last_name:  'sn'
+
+      # GitLab EE only: add more LDAP servers
+      # Choose an ID made of a-z and 0-9 . This ID will be stored in the database
+      # so that GitLab can remember which LDAP server a user belongs to.
+      # uswest2:
+      #   label:
+      #   host:
+      #   ....
+
+
+  ## OmniAuth settings
+  omniauth:
+    # Allow login via Twitter, Google, etc. using OmniAuth providers
+    enabled: false
+
+    # Uncomment this to automatically sign in with a specific omniauth provider's without
+    # showing GitLab's sign-in page (default: show the GitLab sign-in page)
+    # auto_sign_in_with_provider: saml
+
+    # Sync user's email address from the specified Omniauth provider every time the user logs
+    # in (default: nil). And consequently make this field read-only.
+    # sync_email_from_provider: cas3
+
+    # CAUTION!
+    # This allows users to login without having a user account first. Define the allowed providers
+    # using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
+    # User accounts will be created automatically when authentication was successful.
+    allow_single_sign_on: ["saml"]
+
+    # Locks down those users until they have been cleared by the admin (default: true).
+    block_auto_created_users: true
+    # Look up new users in LDAP servers. If a match is found (same uid), automatically
+    # link the omniauth identity with the LDAP account. (default: false)
+    auto_link_ldap_user: false
+
+    # Allow users with existing accounts to login and auto link their account via SAML
+    # login, without having to do a manual login first and manually add SAML
+    # (default: false)
+    auto_link_saml_user: false
+
+    # Set different Omniauth providers as external so that all users creating accounts
+    # via these providers will not be able to have access to internal projects. You
+    # will need to use the full name of the provider, like `google_oauth2` for Google.
+    # Refer to the examples below for the full names of the supported providers.
+    # (default: [])
+    external_providers: []
+
+    ## Auth providers
+    # Uncomment the following lines and fill in the data of the auth provider you want to use
+    # If your favorite auth provider is not listed you can use others:
+    # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
+    # The 'app_id' and 'app_secret' parameters are always passed as the first two
+    # arguments, followed by optional 'args' which can be either a hash or an array.
+    # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
+    providers:
+      # See omniauth-cas3 for more configuration details
+      # - { name: 'cas3',
+      #     label: 'cas3',
+      #     args: {
+      #             url: 'https://sso.example.com',
+      #             disable_ssl_verification: false,
+      #             login_url: '/cas/login',
+      #             service_validate_url: '/cas/p3/serviceValidate',
+      #             logout_url: '/cas/logout'} }
+      # - { name: 'authentiq',
+      #     # for client credentials (client ID and secret), go to https://www.authentiq.com/developers
+      #     app_id: 'YOUR_CLIENT_ID',
+      #     app_secret: 'YOUR_CLIENT_SECRET',
+      #     args: {
+      #             scope: 'aq:name email~rs address aq:push'
+      #             # callback_url parameter is optional except when 'gitlab.host' in this file is set to 'localhost'
+      #             # callback_url: 'YOUR_CALLBACK_URL'
+      #           }
+      #   }
+      # - { name: 'github',
+      #     app_id: 'YOUR_APP_ID',
+      #     app_secret: 'YOUR_APP_SECRET',
+      #     url: "https://github.com/",
+      #     verify_ssl: true,
+      #     args: { scope: 'user:email' } }
+      # - { name: 'bitbucket',
+      #     app_id: 'YOUR_APP_ID',
+      #     app_secret: 'YOUR_APP_SECRET' }
+      # - { name: 'gitlab',
+      #     app_id: 'YOUR_APP_ID',
+      #     app_secret: 'YOUR_APP_SECRET',
+      #     args: { scope: 'api' } }
+      # - { name: 'google_oauth2',
+      #     app_id: 'YOUR_APP_ID',
+      #     app_secret: 'YOUR_APP_SECRET',
+      #     args: { access_type: 'offline', approval_prompt: '' } }
+      # - { name: 'facebook',
+      #     app_id: 'YOUR_APP_ID',
+      #     app_secret: 'YOUR_APP_SECRET' }
+      # - { name: 'twitter',
+      #     app_id: 'YOUR_APP_ID',
+      #     app_secret: 'YOUR_APP_SECRET' }
+      #
+      # - { name: 'saml',
+      #     label: 'Our SAML Provider',
+      #     groups_attribute: 'Groups',
+      #     external_groups: ['Contractors', 'Freelancers'],
+      #     args: {
+      #             assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
+      #             idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
+      #             idp_sso_target_url: 'https://login.example.com/idp',
+      #             issuer: 'https://gitlab.example.com',
+      #             name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
+      #           } }
+      #
+      # - { name: 'crowd',
+      #     args: {
+      #       crowd_server_url: 'CROWD SERVER URL',
+      #       application_name: 'YOUR_APP_NAME',
+      #       application_password: 'YOUR_APP_PASSWORD' } }
+      #
+      # - { name: 'auth0',
+      #     args: {
+      #       client_id: 'YOUR_AUTH0_CLIENT_ID',
+      #       client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
+      #       namespace: 'YOUR_AUTH0_DOMAIN' } }
+
+    # SSO maximum session duration in seconds. Defaults to CAS default of 8 hours.
+    # cas3:
+    #   session_duration: 28800
+
+  # Shared file storage settings
+  shared:
+    # path: /mnt/gitlab # Default: shared
+
+  # Gitaly settings
+  gitaly:
+    # Path to the directory containing Gitaly client executables.
+    client_path: /usr/bin
+    # Default Gitaly authentication token. Can be overriden per storage. Can
+    # be left blank when Gitaly is running locally on a Unix socket, which
+    # is the normal way to deploy Gitaly.
+    token:
+
+  #
+  # 4. Advanced settings
+  # ==========================
+
+  ## Repositories settings
+  repositories:
+    # Paths where repositories can be stored. Give the canonicalized absolute pathname.
+    # IMPORTANT: None of the path components may be symlink, because
+    # gitlab-shell invokes Dir.pwd inside the repository path and that results
+    # real path not the symlink.
+    storages: # You must have at least a `default` storage path.
+      default:
+        path: /var/lib/gitlab/repositories/
+        gitaly_address: unix:/run/gitlab/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port)
+        # gitaly_token: 'special token' # Optional: override global gitaly.token for this storage.
+        failure_count_threshold: 10 # number of failures before stopping attempts
+        failure_wait_time: 30 # Seconds after an access failure before allowing access again
+        failure_reset_time: 1800 # Time in seconds to expire failures
+        storage_timeout: 5 # Time in seconds to wait before aborting a storage access attempt
+
+
+  ## Backup settings
+  backup:
+    path: "tmp/backups"   # Relative paths are relative to Rails.root (default: tmp/backups/)
+    # archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600)
+    # keep_time: 604800   # default: 0 (forever) (in seconds)
+    # pg_schema: public     # default: nil, it means that all schemas will be backed up
+    # upload:
+    #   # Fog storage connection settings, see http://fog.io/storage/ .
+    #   connection:
+    #     provider: AWS
+    #     region: eu-west-1
+    #     aws_access_key_id: AKIAKIAKI
+    #     aws_secret_access_key: 'secret123'
+    #   # The remote 'directory' to store your backups. For S3, this would be the bucket name.
+    #   remote_directory: 'my.s3.bucket'
+    #   # Use multipart uploads when file size reaches 100MB, see
+    #   #  http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
+    #   multipart_chunk_size: 104857600
+    #   # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
+    #   # encryption: 'AES256'
+    #   # Specifies Amazon S3 storage class to use for backups, this is optional
+    #   # storage_class: 'STANDARD'
+
+  ## GitLab Shell settings
+  gitlab_shell:
+    path: /usr/share/gitlab-shell/
+    hooks_path: /usr/share/gitlab-shell/hooks/
+
+    # File that contains the secret key for verifying access for gitlab-shell.
+    # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
+    # secret_file: /var/lib/gitlab/.gitlab_shell_secret
+
+    # Git over HTTP
+    upload_pack: true
+    receive_pack: true
+
+    # Git import/fetch timeout
+    # git_timeout: 800
+
+    # If you use non-standard ssh port you need to specify it
+    # ssh_port: 22
+
+  workhorse:
+    # File that contains the secret key for verifying access for gitlab-workhorse.
+    # Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app).
+    # secret_file: /var/lib/gitlab/.gitlab_workhorse_secret
+
+  ## Git settings
+  # CAUTION!
+  # Use the default values unless you really know what you are doing
+  git:
+    bin_path: /usr/bin/git
+    # The next value is the maximum memory size grit can use
+    # Given in number of bytes per git object (e.g. a commit)
+    # This value can be increased if you have very large commits
+    max_size: 20971520 # 20.megabytes
+    # Git timeout to read a commit, in seconds
+    timeout: 10
+
+  ## Webpack settings
+  # If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running
+  # on a given port instead of serving directly from /assets/webpack. This is only indended for use
+  # in development.
+  webpack:
+    # dev_server:
+    #   enabled: true
+    #   host: localhost
+    #   port: 3808
+
+  ## Monitoring
+  # Built in monitoring settings
+  monitoring:
+    # Time between sampling of unicorn socket metrics, in seconds
+    # unicorn_sampler_interval: 10
+    # IP whitelist to access monitoring endpoints
+    ip_whitelist:
+      - 127.0.0.0/8
+
+    # Sidekiq exporter is webserver built in to Sidekiq to expose Prometheus metrics
+    sidekiq_exporter:
+    #  enabled: true
+    #  address: localhost
+    #  port: 3807
+
+  #
+  # 5. Extra customization
+  # ==========================
+
+  extra:
+    ## Google analytics. Uncomment if you want it
+    # google_analytics_id: '_your_tracking_id'
+
+    ## Piwik analytics.
+    # piwik_url: '_your_piwik_url'
+    # piwik_site_id: '_your_piwik_site_id'
+
+  rack_attack:
+    git_basic_auth:
+      # Rack Attack IP banning enabled
+      # enabled: true
+      #
+      # Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers
+      # ip_whitelist: ["127.0.0.1"]
+      #
+      # Limit the number of Git HTTP authentication attempts per IP
+      # maxretry: 10
+      #
+      # Reset the auth attempt counter per IP after 60 seconds
+      # findtime: 60
+      #
+      # Ban an IP for one hour (3600s) after too many auth attempts
+      # bantime: 3600
+
+development:
+  <<: *base
+
+test:
+  <<: *base
+  gravatar:
+    enabled: true
+  lfs:
+    enabled: false
+  gitlab:
+    host: localhost
+    port: 80
+
+    # When you run tests we clone and setup gitlab-shell
+    # In order to setup it correctly you need to specify
+    # your system username you use to run GitLab
+    # user: YOUR_USERNAME
+  pages:
+    path: tmp/tests/pages
+  repositories:
+    storages:
+      default:
+        path: tmp/tests/repositories/
+        gitaly_address: unix:tmp/tests/gitaly/gitaly.socket
+        failure_count_threshold: 999999
+        failure_wait_time: 0
+        storage_timeout: 30
+      broken:
+        path: tmp/tests/non-existent-repositories
+        gitaly_address: unix:tmp/tests/gitaly/gitaly.socket
+
+  gitaly:
+    enabled: true
+    token: secret
+  backup:
+    path: tmp/tests/backups
+  gitlab_shell:
+    path: tmp/tests/gitlab-shell/
+    hooks_path: tmp/tests/gitlab-shell/hooks/
+  issues_tracker:
+    redmine:
+      title: "Redmine"
+      project_url: "http://redmine/projects/:issues_tracker_id"
+      issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
+      new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
+    jira:
+      title: "JIRA"
+      url: https://sample_company.atlassian.net
+      project_key: PROJECT
+
+  omniauth:
+    enabled: true
+    allow_single_sign_on: true
+    external_providers: []
+
+    providers:
+      - { name: 'cas3',
+          label: 'cas3',
+          args: { url: 'https://sso.example.com',
+                  disable_ssl_verification: false,
+                  login_url: '/cas/login',
+                  service_validate_url: '/cas/p3/serviceValidate',
+                  logout_url: '/cas/logout'} }
+      - { name: 'github',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET',
+          url: "https://github.com/",
+          verify_ssl: false,
+          args: { scope: 'user:email' } }
+      - { name: 'bitbucket',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET' }
+      - { name: 'gitlab',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET',
+          args: { scope: 'api' } }
+      - { name: 'google_oauth2',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET',
+          args: { access_type: 'offline', approval_prompt: '' } }
+      - { name: 'facebook',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET' }
+      - { name: 'twitter',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET' }
+      - { name: 'auth0',
+          args: {
+            client_id: 'YOUR_AUTH0_CLIENT_ID',
+            client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
+            namespace: 'YOUR_AUTH0_DOMAIN' } }
+      - { name: 'authentiq',
+          app_id: 'YOUR_CLIENT_ID',
+          app_secret: 'YOUR_CLIENT_SECRET',
+          args: { scope: 'aq:name email~rs address aq:push' } }
+  ldap:
+    enabled: false
+    servers:
+      main:
+        label: ldap
+        host: 127.0.0.1
+        port: 3890
+        uid: 'uid'
+        encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
+        base: 'dc=example,dc=com'
+        user_filter: ''
+        group_base: 'ou=groups,dc=example,dc=com'
+        admin_group: ''
+
+staging:
+  <<: *base

debian/conf/nginx.conf.example

@@ -0,0 +1,60 @@
+## GitLab
+##
+## Lines starting with two hashes (##) are comments with information.
+## Lines starting with one hash (#) are configuration parameters that can be uncommented.
+##
+##################################
+##        CONTRIBUTING          ##
+##################################
+##
+## If you change this file in a Merge Request, please also create
+## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
+##
+###################################
+##         configuration         ##
+###################################
+##
+## See installation.md#using-https for additional HTTPS configuration details.
+
+upstream gitlab-workhorse {
+  server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
+}
+
+## Normal HTTP host
+server {
+  ## Either remove "default_server" from the listen line below,
+  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
+  ## to be served if you visit any address that your server responds to, eg.
+  ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
+  listen 0.0.0.0:80;
+  listen [::]:80;
+  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
+  server_tokens off; ## Don't show the nginx version number, a security best practice
+  root /usr/share/gitlab/public;
+
+  ## See app/controllers/application_controller.rb for headers set
+
+  ## Individual nginx logs for this GitLab vhost
+  access_log  /var/log/nginx/gitlab_access.log;
+  error_log   /var/log/nginx/gitlab_error.log;
+
+  location / {
+    client_max_body_size 0;
+    gzip off;
+
+    ## https://github.com/gitlabhq/gitlabhq/issues/694
+    ## Some requests take more than 30 seconds.
+    proxy_read_timeout      300;
+    proxy_connect_timeout   300;
+    proxy_redirect          off;
+
+    proxy_http_version 1.1;
+
+    proxy_set_header    Host                $http_host;
+    proxy_set_header    X-Real-IP           $remote_addr;
+    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+    proxy_set_header    X-Forwarded-Proto   $scheme;
+
+    proxy_pass http://gitlab-workhorse;
+  }
+}

debian/conf/nginx.ssl.conf.example

@@ -0,0 +1,104 @@
+## GitLab
+##
+## Modified from nginx http version
+## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
+## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+##
+## Lines starting with two hashes (##) are comments with information.
+## Lines starting with one hash (#) are configuration parameters that can be uncommented.
+##
+##################################
+##        CONTRIBUTING          ##
+##################################
+##
+## If you change this file in a Merge Request, please also create
+## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
+##
+###################################
+##         configuration         ##
+###################################
+##
+## See installation.md#using-https for additional HTTPS configuration details.
+
+upstream gitlab-workhorse {
+  server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
+}
+
+## Redirects all HTTP traffic to the HTTPS host
+server {
+  ## Either remove "default_server" from the listen line below,
+  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
+  ## to be served if you visit any address that your server responds to, eg.
+  ## the ip address of the server (http://x.x.x.x/)
+  listen 0.0.0.0:80;
+  listen [::]:80 ipv6only=on;
+  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
+  server_tokens off; ## Don't show the nginx version number, a security best practice
+  return 301 https://$http_host$request_uri;
+  access_log  /var/log/nginx/gitlab_access.log;
+  error_log   /var/log/nginx/gitlab_error.log;
+}
+
+## HTTPS host
+server {
+  listen 0.0.0.0:443 ssl;
+  listen [::]:443 ipv6only=on ssl;
+  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
+  server_tokens off; ## Don't show the nginx version number, a security best practice
+  root /usr/share/gitlab/public;
+
+  ## Strong SSL Security
+  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
+  ssl on;
+  ssl_certificate /etc/gitlab/ssl/gitlab.crt;
+  ssl_certificate_key /etc/gitlab/ssl/gitlab.key;
+
+  # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
+  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_timeout 5m;
+
+  ## See app/controllers/application_controller.rb for headers set
+
+  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
+  ## Replace with your ssl_trusted_certificate. For more info see:
+  ## - https://medium.com/devops-programming/4445f4862461
+  ## - https://www.ruby-forum.com/topic/4419319
+  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+  # ssl_stapling on;
+  # ssl_stapling_verify on;
+  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
+  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
+  # resolver_timeout 5s;
+
+  ## [Optional] Generate a stronger DHE parameter:
+  ##   sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
+  ##
+  # ssl_dhparam /etc/ssl/certs/dhparam.pem;
+
+  ## Individual nginx logs for this GitLab vhost
+  access_log  /var/log/nginx/gitlab_access.log;
+  error_log   /var/log/nginx/gitlab_error.log;
+
+  location / {
+    client_max_body_size 0;
+    gzip off;
+
+    ## https://github.com/gitlabhq/gitlabhq/issues/694
+    ## Some requests take more than 30 seconds.
+    proxy_read_timeout      300;
+    proxy_connect_timeout   300;
+    proxy_redirect          off;
+
+    proxy_http_version 1.1;
+
+    proxy_set_header    Host                $http_host;
+    proxy_set_header    X-Real-IP           $remote_addr;
+    proxy_set_header    X-Forwarded-Ssl     on;
+    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+    proxy_set_header    X-Forwarded-Proto   $scheme;
+    proxy_pass http://gitlab-workhorse;
+  }
+}

debian/conf/resque.yml

@@ -0,0 +1,8 @@
+# If you change this file in a Merge Request, please also create
+# a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
+#
+development: redis://localhost:6379
+test: redis://localhost:6379
+# default redis configuration in debian is tcp 
+#production: unix:/var/run/redis/redis.sock
+production: redis://localhost:6379

debian/conf/smtp_settings.rb

@@ -0,0 +1,15 @@
+# To enable smtp email delivery for your GitLab instance do the following:
+# 1. Rename this file to smtp_settings.rb
+# 2. Edit settings inside this file
+# 3. Restart GitLab instance
+#
+# For full list of options and their values see http://api.rubyonrails.org/classes/ActionMailer/Base.html
+#
+# If you change this file in a Merge Request, please also create a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
+
+if Rails.env.production?
+  Rails.application.config.action_mailer.delivery_method = :sendmail
+  Rails.application.config.action_mailer.default_options = {from: "#{ENV['GITLAB_EMAIL_FROM']}" || "#{Settings.gitlab['email_from']}" || ''}
+
+  ActionMailer::Base.sendmail_settings = {}
+end

debian/conf/tmpfiles.d/gitlab.conf.example

@@ -0,0 +1,2 @@
+d /run/gitlab 2750 GITLAB_USER www-data -
+L /run/gitlab/cache - - - - /var/cache/gitlab

debian/conf/unicorn.rb

@@ -0,0 +1,126 @@
+# Sample verbose configuration file for Unicorn (not Rack)
+#
+# This configuration file documents many features of Unicorn
+# that may not be needed for some applications. See
+# http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb
+# for a much simpler configuration file.
+#
+# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete
+# documentation.
+
+# Note: If you change this file in a Merge Request, please also create a
+# Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
+#
+# WARNING: See config/application.rb under "Relative url support" for the list of
+# other files that need to be changed for relative url support
+#
+# ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
+
+# Read about unicorn workers here:
+# http://doc.gitlab.com/ee/install/requirements.html#unicorn-workers
+#
+worker_processes 3
+
+# Since Unicorn is never exposed to outside clients, it does not need to
+# run on the standard HTTP port (80), there is no reason to start Unicorn
+# as root unless it's from system init scripts.
+# If running the master process as root and the workers as an unprivileged
+# user, do this to switch euid/egid in the workers (also chowns logs):
+# user "unprivileged_user", "unprivileged_group"
+
+# Help ensure your application will always spawn in the symlinked
+# "current" directory that Capistrano sets up.
+working_directory ENV['gitlab_app_root'] # available in 0.94.0+
+
+# Listen on both a Unix domain socket and a TCP port.
+# If you are load-balancing multiple Unicorn masters, lower the backlog
+# setting to e.g. 64 for faster failover.
+listen "#{ENV['gitlab_pid_path']}/gitlab.socket", :backlog => 1024
+listen "127.0.0.1:8080", :tcp_nopush => true
+
+# nuke workers after 30 seconds instead of 60 seconds (the default)
+#
+# NOTICE: git push over http depends on this value.
+# If you want be able to push huge amount of data to git repository over http
+# you will have to increase this value too.
+#
+# Example of output if you try to push 1GB repo to GitLab over http.
+#   -> git push http://gitlab.... master
+#
+#   error: RPC failed; result=18, HTTP code = 200
+#   fatal: The remote end hung up unexpectedly
+#   fatal: The remote end hung up unexpectedly
+#
+# For more information see http://stackoverflow.com/a/21682112/752049
+#
+timeout 60
+
+# feel free to point this anywhere accessible on the filesystem
+pid "#{ENV['gitlab_pid_path']}/unicorn.pid"
+
+# By default, the Unicorn logger will write to stderr.
+# Additionally, some applications/frameworks log to stderr or stdout,
+# so prevent them from going to /dev/null when daemonized here:
+stderr_path File.join(ENV['gitlab_log_dir'],"unicorn.stderr.log")
+stdout_path File.join(ENV['gitlab_log_dir'],"unicorn.stdout.log")
+
+# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
+# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
+preload_app true
+GC.respond_to?(:copy_on_write_friendly=) and
+  GC.copy_on_write_friendly = true
+
+# Enable this flag to have unicorn test client connections by writing the
+# beginning of the HTTP headers before calling the application.  This
+# prevents calling the application for connections that have disconnected
+# while queued.  This is only guaranteed to detect clients on the same
+# host unicorn runs on, and unlikely to detect disconnects even on a
+# fast LAN.
+check_client_connection false
+
+before_fork do |server, worker|
+  # the following is highly recomended for Rails + "preload_app true"
+  # as there's no need for the master process to hold a connection
+  defined?(ActiveRecord::Base) and
+    ActiveRecord::Base.connection.disconnect!
+
+  # The following is only recommended for memory/DB-constrained
+  # installations.  It is not needed if your system can house
+  # twice as many worker_processes as you have configured.
+  #
+  # This allows a new master process to incrementally
+  # phase out the old master process with SIGTTOU to avoid a
+  # thundering herd (especially in the "preload_app false" case)
+  # when doing a transparent upgrade.  The last worker spawned
+  # will then kill off the old master process with a SIGQUIT.
+  old_pid = "#{server.config[:pid]}.oldbin"
+  if old_pid != server.pid
+    begin
+      sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
+      Process.kill(sig, File.read(old_pid).to_i)
+    rescue Errno::ENOENT, Errno::ESRCH
+    end
+  end
+  #
+  # Throttle the master from forking too quickly by sleeping.  Due
+  # to the implementation of standard Unix signal handlers, this
+  # helps (but does not completely) prevent identical, repeated signals
+  # from being lost when the receiving process is busy.
+  # sleep 1
+end
+
+after_fork do |server, worker|
+  # per-process listener ports for debugging/admin/migrations
+  # addr = "127.0.0.1:#{9293 + worker.nr}"
+  # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
+
+  # the following is *required* for Rails + "preload_app true",
+  defined?(ActiveRecord::Base) and
+    ActiveRecord::Base.establish_connection
+
+  # if preload_app is true, then you may also want to check and
+  # restart any other shared sockets/descriptors such as Memcached,
+  # and Redis.  TokyoCabinet file handles are safe to reuse
+  # between any number of forked children (assuming your kernel
+  # correctly implements pread()/pwrite() system calls)
+end

debian/control

@@ -0,0 +1,370 @@
+Source: gitlab
+Section: net
+Priority: optional
+Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
+Uploaders: Cédric Boutillier <boutil@debian.org>,
+ Pirate Praveen <praveen@debian.org>,
+ Balasankar C <balasankarc@autistici.org>,
+ Sruthi Chandran <srud@disroot.org>
+Build-Depends: debhelper (>= 10~), gem2deb, bc
+Standards-Version: 4.3.0
+Vcs-Git: https://salsa.debian.org/ruby-team/gitlab.git
+Vcs-Browser: https://salsa.debian.org/ruby-team/gitlab
+Homepage: https://about.gitlab.com/
+XS-Ruby-Versions: all
+
+Package: gitlab
+Section: contrib/net
+Architecture: all
+XB-Ruby-Versions: ${ruby:Versions}
+Depends: ${shlibs:Depends}, ${misc:Depends},
+ gitlab-common (= ${source:Version}),
+ ruby | ruby-interpreter,
+ lsb-base (>= 3.0-6),
+ rake (>= 12.3.0~),
+ bundler,
+ postgresql-client,
+ postgresql-contrib,
+ dbconfig-pgsql | dbconfig-no-thanks,
+ bc,
+ redis-server (>= 2:2.8~),
+ nodejs (>= 6~),
+ nginx | httpd,
+ default-mta | postfix | exim4 | mail-transport-agent,
+ openssh-client,
+ bzip2,
+ ucf,
+ gitlab-shell (>= 8.4.1~),
+ gitlab-workhorse (>= 7.1.3~),
+ ruby-rails (>= 2:4.2.10~),
+ ruby-rails (<< 2:5),
+   ruby-rack-test (>= 0.7.0~),
+   ruby-rails-dom-testing (>= 1.0.6-2~),
+   ruby-arel (>= 6.0.4~),
+ ruby-rails-deprecated-sanitizer (>= 1.0.3~),
+ ruby-responders (>= 2.0~),
+ ruby-sprockets (>= 3.7~),
+ ruby-default-value-for (>= 3~),
+#ruby-mysql2 | ruby-pg,
+ ruby-pg (>= 0.19~),
+ ruby-rugged (>= 0.27~),
+ ruby-grape-path-helpers (>= 1.0.6~),
+ ruby-faraday (>= 0.12~),
+# Authentication libraries
+ ruby-devise (>= 4.4.3~),
+ ruby-doorkeeper (>= 4.3~),
+ ruby-doorkeeper-openid-connect (>= 1.5~),
+ ruby-omniauth (>= 1.8~),
+ ruby-omniauth-auth0 (>= 2.0~),
+ ruby-omniauth-azure-oauth2 (>= 0.0.9~),
+ ruby-omniauth-cas3 (>= 1.1.4~),
+ ruby-omniauth-facebook (>= 4.0~),
+ ruby-omniauth-github (>= 1.3~),
+ ruby-omniauth-gitlab (>= 1.0.2~),
+ ruby-omniauth-google-oauth2 (>= 0.5.3~),
+ ruby-omniauth-kerberos (>= 0.3.0-3~),
+ ruby-omniauth-oauth2-generic (>= 0.2.2~),
+ ruby-omniauth-saml (>= 1.10~),
+ ruby-omniauth-shibboleth (>= 1.3~),
+ ruby-omniauth-twitter (>= 1.4~),
+ ruby-omniauth-crowd (>= 2.2~),
+ ruby-omniauth-authentiq (>= 0.3.3~),
+ ruby-rack-oauth2 (>= 1.2.1~),
+ ruby-jwt (>= 1.5.6~),
+# Spam and anti-bot protection
+ ruby-recaptcha (>= 4.11~),
+ ruby-akismet (>= 2.0~),
+# Two-factor authentication
+ ruby-devise-two-factor (>= 3.0~),
+ ruby-rqrcode-rails3 (>= 0.1.7~),
+ ruby-attr-encrypted (>= 3.1~),
+ ruby-u2f (>= 0.2.1~),
+# GitLab Pages
+ ruby-validates-hostname (>= 1.0.6~),
+# Browser detection
+ ruby-browser (>= 2.5~),
+# GPG
+ ruby-gpgme,
+# LDAP Auth
+ ruby-omniauth-ldap (>= 2.0.4~),
+   ruby-ntlm (>= 0.6.1~),
+ ruby-net-ldap (>= 0.16.1~),
+# API
+ ruby-grape (>= 1.1~),
+ ruby-grape-entity (>= 0.7.1~),
+ ruby-rack-cors (>= 1.0~),
+# GraphQL API
+ ruby-graphql (>= 1.8~),
+ ruby-graphiql-rails (>= 1.4.10~),
+# Disable strong_params so that Mash does not respond to :permitted?
+ ruby-hashie-forbidden-attributes,
+# Pagination
+ ruby-kaminari (>= 1.0~),
+# HAML
+ ruby-hamlit (>= 2.8.8~),
+# Files attachments
+ ruby-carrierwave (>= 1.2.3~),
+ ruby-mini-magick,
+# for backups
+ ruby-fog-aws (>= 2.0.1~),
+ ruby-fog-core (>= 1.44~),
+   ruby-excon (>= 0.60~),
+ ruby-fog-google (>= 1.7.1~),
+ ruby-fog-local (>= 0.3~),
+ ruby-fog-openstack (>= 0.1~),
+ ruby-fog-rackspace (>= 0.1.1~),
+ ruby-fog-aliyun (>= 0.2.0~),
+# for Google storage
+ ruby-google-api-client (>= 0.23~),
+# for aws storage
+ ruby-unf (>= 0.1.4-2~),
+   ruby-unf-ext (>= 0.0.7.4),
+# Seed data
+ ruby-seed-fu (>= 2.3.7~),
+# Markdown and HTML processing
+ ruby-html-pipeline (>= 2.8~),
+ ruby-task-list (>= 2.0~),
+ ruby-github-markup (>= 1.7~),
+ ruby-redcarpet (>= 3.4~),
+ ruby-commonmarker (>= 0.17~),
+ ruby-redcloth (>= 4.3.2-3~),
+# rdoc is built-in with ruby
+ ruby-org (>= 0.9.12-2~),
+ ruby-creole (>= 0.5.0~),
+ ruby-wikicloth (>= 0.8.1~),
+ asciidoctor (>= 1.5.6~),
+ ruby-asciidoctor-plantuml (>= 0.0.8~),
+ ruby-rouge (>= 3.1~),
+ ruby-truncato (>= 0.7.9~),
+ ruby-bootstrap-form (>= 2.7~),
+ ruby-nokogiri (>= 1.8.4~),
+ ruby-escape-utils (>= 1.2.1~),
+# Calendar rendering
+ ruby-icalendar,
+# Diffs
+ ruby-diffy (>= 3.1~),
+# Application server
+ unicorn (>= 5.4~),
+   ruby-kgio (>= 2.11.2~),
+ ruby-unicorn-worker-killer (>= 0.4.4~),
+# State machine
+ ruby-state-machines-activerecord (>= 0.5.1~),
+# Issue tags
+ ruby-acts-as-taggable-on (>= 5.0~),
+# Background jobs
+ ruby-sidekiq (>= 5.2.1~),
+ ruby-sidekiq-cron (>= 0.6~),
+ ruby-redis-namespace (>= 1.6~),
+# Cron Parser
+ ruby-rufus-scheduler (>= 3.4~),
+# HTTP requests
+ ruby-httparty (>= 0.15.6~),
+# Colored output to console
+ ruby-rainbow (>= 3.0~),
+# Progress bar
+ ruby-progressbar,
+# GitLab settings
+ ruby-settingslogic (>= 2.0.9~),
+# Linear-time regex library for untrusted regular expressions
+ ruby-re2 (>= 1.1.1~),
+# Misc
+ ruby-version-sorter (>= 2.1~),
+# Export Ruby Regex to Javascript
+ ruby-js-regex (>= 3.1~),
+# User agent parsing
+ ruby-device-detector,
+# Cache
+ ruby-redis-rails (>= 5.0.2~),
+# Redis
+ ruby-redis (>= 3.2~),
+ ruby-connection-pool (>= 2.0~),
+# HipChat integration
+ ruby-hipchat (>= 1.5~),
+# JIRA integration
+ ruby-jira (>= 1.4~),
+# Flowdock integration
+ ruby-flowdock (>= 0.7~),
+   ruby-posix-spawn (>= 0.3.13~),
+# Slack integration
+ ruby-slack-notifier (>= 1.5.1~),
+# Hangouts Chat integration
+ ruby-hangouts-chat (>= 0.0.5),
+# Asana integration
+ ruby-asana (>= 0.6~),
+# FogBugz integration
+ ruby-fogbugz (>= 0.2.1-3~),
+# Kubernetes integration
+ ruby-kubeclient (>= 3.1~),
+# Sanitize user input
+ ruby-sanitize (>= 4.6.5~),
+ ruby-babosa (>= 1.0.2~),
+# Sanitizes SVG input
+ ruby-loofah (>= 2.2~),
+# Working with license
+ ruby-licensee (>= 8.9~),
+# Protect against bruteforcing
+ ruby-rack-attack (>= 4.4.1~),
+# Ace editor
+ ruby-ace-rails-ap (>= 4.1~),
+# Detect and convert string character encoding
+ ruby-charlock-holmes (>= 0.7.5~),
+# Faster blank
+ ruby-fast-blank,
+# Parse time & duration
+ ruby-chronic (>= 0.10.2-3~),
+ ruby-chronic-duration (>= 0.10.6~),
+#
+ ruby-webpack-rails (>= 0.9.10~),
+# Many node modules are still in NEW, some are yet to be packaged
+# so we use npm to downlod those and hence gitlab is in contrib
+ npm,
+ ruby-rack-proxy (>= 0.6~),
+#
+ ruby-sass-rails (>= 5.0.6~),
+ ruby-sass (>= 3.5~),
+ ruby-uglifier (>= 2.7.2~),
+#
+ ruby-addressable (>= 2.5.2~),
+ ruby-font-awesome-rails (>= 4.7~),
+ ruby-gemojione (>= 3.3~),
+ ruby-gon (>= 6.2~),
+ ruby-jquery-atwho-rails (>= 1.3.2~),
+ ruby-request-store (>= 1.3~),
+ ruby-select2-rails (>= 3.5.9~),
+ ruby-virtus (>= 1.0.5-3~),
+ ruby-base32 (>= 0.3.0~),
+# Sentry integration
+ ruby-sentry-raven (>= 2.7~),
+#
+ ruby-premailer-rails (>= 1.9.7~),
+# I18n
+ ruby-parser (>= 3.8.2~),
+ ruby-rails-i18n (>= 4.0.9~),
+ ruby-gettext-i18n-rails (>= 1.8~),
+ ruby-gettext-i18n-rails-js (>= 1.3~),
+#
+ ruby-batch-loader (>= 1.2.1~),
+# Perf bar
+ ruby-peek (>= 1.0.1~),
+ ruby-peek-gc (>= 0.0.2~),
+ ruby-peek-pg (>= 1.3~),
+ ruby-peek-rblineprof (>= 0.2.0~),
+ ruby-peek-redis (>= 1.2~),
+ ruby-gitlab-sidekiq-fetcher,
+# Metrics
+ ruby-method-source (>= 0.8.2-2~),
+ ruby-influxdb (>= 0.2~),
+# Prometheus
+ ruby-prometheus-client-mmap (>= 0.9.3~),
+ ruby-raindrops (>= 0.18~),
+#
+ ruby-octokit (>= 4.9~),
+#
+ ruby-mail-room (>= 0.9.1~),
+#
+ ruby-email-reply-trimmer (>= 0.1~),
+ ruby-html2text,
+#
+ ruby-prof (>= 0.17~),
+ ruby-rbtrace (>= 0.4~),
+# OAuth
+ ruby-oauth2 (>= 1.4~),
+# Health check
+ ruby-health-check (>= 2.6~),
+# System information
+ ruby-vmstat (>= 2.3~),
+ ruby-sys-filesystem (>= 1.1.6~),
+# SSH host key support
+ ruby-net-ssh (>= 1:5.0~),
+ ruby-sshkey (>= 1.9~),
+# Required for ED25519 SSH host key support
+ ruby-ed25519 (>= 1.2~),
+ ruby-bcrypt-pbkdf (>= 1.0~),
+# Gitaly GRPC client
+ ruby-gitaly-proto (>= 0.123.0~),
+ ruby-grpc (>= 1.15~),
+ ruby-google-protobuf (>= 3.6~),
+#
+ ruby-toml-rb (>= 1.0.0-2~),
+# Feature toggles
+ ruby-flipper (>= 0.13~),
+ ruby-flipper-active-record (>= 0.13~),
+ ruby-flipper-active-support-cache-store (>= 0.13~),
+# Structured logging
+ ruby-lograge (>= 0.5~),
+ ruby-grape-logging (>= 1.7~),
+# Vendored js files
+# Keeping this to ease backporting as it is in contrib anyway
+# libjs-jquery-atwho,
+# libjs-jquery-caret.js,
+# libjs-pdf,
+# libjs-xterm,
+# libjs-jquery-nicescroll,
+# libjs-clipboard,
+# libjs-chartjs,
+# libjs-graphael,
+# node-lie,
+# node modules - all node packages are stuck in NEW
+# using npm for all to ease backporting as it is in contrib anyway
+# node-babel-core,
+# node-babel-eslint,
+# node-babel-loader,
+# node-babel-plugin-transform-define,
+# node-babel-preset-latest,
+# node-babel-preset-stage-2,
+# node-bootstrap-sass,
+# node-core-js,
+# node-d3-array,
+# node-d3-axis,
+# node-d3-brush,
+# node-d3-scale,
+# node-d3-selection,
+# node-d3-shape,
+# node-d3-time,
+# node-d3-time-format,
+# node-debug (>= 3.1.0~),
+# node-exports-loader,
+# node-file-loader,
+# node-glob,
+# node-imports-loader,
+# node-jed,
+# node-jquery,
+# node-js-cookie,
+# node-jszip,
+# node-jszip-utils,
+# node-katex,
+# node-marked,
+# node-mousetrap,
+# node-raw-loader,
+# node-stats-webpack-plugin,
+# node-underscore,
+# node-url-loader,
+# node-katex
+Recommends: certbot,
+ gitaly (>= 0.129.0~)
+Description: git powered software platform to collaborate on code (non-omnibus)
+ gitlab provides web based interface to host source code and track issues.
+ It allows anyone for fork a repository and send merge requests. Code review
+ is possible using merge request workflow. Using groups and roles project
+ access can be controlled.
+ .
+ Unlike the official package from GitLab Inc., this package does not use
+ omnibus.
+ .
+ Note: Currently this package is in contrib because it uses npm to install
+ front end dependencies.
+
+Package: gitlab-common
+Architecture: all
+Depends: ${shlibs:Depends}, ${misc:Depends},
+ ruby | ruby-interpreter,
+ adduser (>= 3.34~),
+ git (>= 1:2.7.3~),
+ ucf
+Description: git powered software platform to collaborate on code (common)
+ gitlab provides web based interface to host source code and track issues.
+ It allows anyone for fork a repository and send merge requests. Code review
+ is possible using merge request workflow. Using groups and roles project
+ access can be controlled.
+ .
+ This package includes configurations common to gitlab and gitaly.

debian/copyright

@@ -0,0 +1,669 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: gitlab-ce
+Source: https://gitlab.com/gitlab-org/gitlab-ce
+Files-Excluded:
+    lib/tasks/haml-lint.rake
+    lib/tasks/rubocop.rake
+    lib/tasks/scss-lint.rake
+Comment: This package installs front end dependencies (nodejs modules) using
+ npm/yarm package managers from outside debian. This can go to main when all
+ those nodejs modules are packaged in main.
+
+Files: *
+Copyright: 2011-2015 GitLab B.V.
+License: Expat
+
+Files: vendor/Dockerfile/*
+ vendor/gitlab-ci-yml/*
+Copyright: 2016-2017, GitLab.org
+License: Expat
+
+Files: doc/legal/*_contributor_license_agreement.md
+Copyright: the Google Open Source Programs Office
+License: CC-BY-3.0
+
+Files: vendor/gitignore/*
+Copyright: Github, Inc
+License: CC0-1.0
+
+Files: vendor/assets/stylesheets/xterm/xterm.css
+Copyright: 2014-2016, SourceLair Private Company (www.sourcelair.com)
+           2012-2013, Christopher Jeffrey
+License: Expat
+
+Files: app/assets/stylesheets/framework/animations.scss
+Copyright: 2016 Daniel Eden
+License: Expat
+
+Files: app/assets/fonts/*
+Copyright: 2010, 2012, 2014 Adobe Systems Incorporated (http://www.adobe.com/)
+License: OFL
+
+Files: vendor/assets/javascripts/autosize.js
+Copyright: Jack Moore (http://www.jacklmoore.com/autosize/)
+License: Expat
+
+Files: vendor/assets/javascripts/jquery.endless-scroll.js
+Copyright: 2008 Fred Wu
+License: Expat or GPL
+
+Files: vendor/assets/javascripts/u2f.js
+Copyright: 2014-2015, Google Inc.
+License: BSD-3-clause
+
+Files: vendor/assets/javascripts/Chart.js
+Copyright: 2015, Nick Downie
+License: Expat
+
+Files: vendor/assets/javascripts/jquery.highlight.js
+Copyright: Johann Burkard (http://johannburkard.de) <jb@eaio.com>
+License: Expat
+
+Files: vendor/assets/javascripts/jquery.waitforimages.js
+Copyright: 2011 Alex Dickson
+License: Expat
+
+Files: vendor/assets/javascripts/jquery.scrollTo.js
+Copyright: 2007-2015, Ariel Flesler - aflesler<a>gmail<d>com | http://flesler.blogspot.com
+License: Expat
+
+Files: vendor/assets/stylesheets/cropper.css
+Copyright: 2014-2016, Fengyuan Chen and contributors
+License: Expat
+
+Files: vendor/assets/javascripts/latinise.js
+Copyright: Ed (http://semplicewebsites.com/removing-accents-javascript)
+License: public-domain
+
+Files: config/initializers/postgresql_cte.rb
+Copyright: 2012 Dan McClain
+License: Expat
+
+Files: config/initializers/postgresql_opclasses_support.rb
+Copyright: 2004-2016 David Heinemeier Hansson
+License: Expat
+
+Files: debian/*
+Copyright: 2015 Pirate Praveen <praveen@debian.org>
+License: Expat
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+
+License: OFL
+ Copyright 2010, 2012, 2014 Adobe Systems Incorporated (http://www.adobe.com/),
+ with Reserved Font Name `Source'.
+ .
+ This license is copied below, and is also available with a FAQ at:
+ http://scripts.sil.org/OFL
+ .
+ -----------------------------------------------------------
+ SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
+ -----------------------------------------------------------
+ .
+ PREAMBLE
+ The goals of the Open Font License (OFL) are to stimulate worldwide
+ development of collaborative font projects, to support the font creation
+ efforts of academic and linguistic communities, and to provide a free and
+ open framework in which fonts may be shared and improved in partnership
+ with others.
+ .
+ The OFL allows the licensed fonts to be used, studied, modified and
+ redistributed freely as long as they are not sold by themselves. The
+ fonts, including any derivative works, can be bundled, embedded, 
+ redistributed and/or sold with any software provided that any reserved
+ names are not used by derivative works. The fonts and derivatives,
+ however, cannot be released under any other type of license. The
+ requirement for fonts to remain under this license does not apply
+ to any document created using the fonts or their derivatives.
+ .
+ DEFINITIONS
+ "Font Software" refers to the set of files released by the Copyright
+ Holder(s) under this license and clearly marked as such. This may
+ include source files, build scripts and documentation.
+ .
+ "Reserved Font Name" refers to any names specified as such after the
+ copyright statement(s).
+ .
+ "Original Version" refers to the collection of Font Software components as
+ distributed by the Copyright Holder(s).
+ .
+ "Modified Version" refers to any derivative made by adding to, deleting,
+ or substituting -- in part or in whole -- any of the components of the
+ Original Version, by changing formats or by porting the Font Software to a
+ new environment.
+ .
+ "Author" refers to any designer, engineer, programmer, technical
+ writer or other person who contributed to the Font Software.
+ .
+ PERMISSION & CONDITIONS
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of the Font Software, to use, study, copy, merge, embed, modify,
+ redistribute, and sell modified and unmodified copies of the Font
+ Software, subject to the following conditions:
+ .
+ 1) Neither the Font Software nor any of its individual components,
+ in Original or Modified Versions, may be sold by itself.
+ .
+ 2) Original or Modified Versions of the Font Software may be bundled,
+ redistributed and/or sold with any software, provided that each copy
+ contains the above copyright notice and this license. These can be
+ included either as stand-alone text files, human-readable headers or
+ in the appropriate machine-readable metadata fields within text or
+ binary files as long as those fields can be easily viewed by the user.
+ .
+ 3) No Modified Version of the Font Software may use the Reserved Font
+ Name(s) unless explicit written permission is granted by the corresponding
+ Copyright Holder. This restriction only applies to the primary font name as
+ presented to the users.
+ .
+ 4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
+ Software shall not be used to promote, endorse or advertise any
+ Modified Version, except to acknowledge the contribution(s) of the
+ Copyright Holder(s) and the Author(s) or with their explicit written
+ permission.
+ .
+ 5) The Font Software, modified or unmodified, in part or in whole,
+ must be distributed entirely under this license, and must not be
+ distributed under any other license. The requirement for fonts to
+ remain under this license does not apply to any document created
+ using the Font Software.
+ .
+ TERMINATION
+ This license becomes null and void if any of the above conditions are
+ not met.
+ .
+ DISCLAIMER
+ THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
+ COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
+ DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
+ OTHER DEALINGS IN THE FONT SOFTWARE.
+
+License: GPL
+ This program is free software; you can redistribute it
+ and/or modify it under the terms of the GNU General Public
+ License as published by the Free Software Foundation; either
+ version 3 of the License, or (at your option) any later
+ version.
+ .
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE.  See the GNU General Public License for more
+ details.
+ .
+ You should have received a copy of the GNU General Public
+ License along with this package; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA  02110-1301 USA
+ .
+ On Debian systems, the full text of the GNU General Public
+ License version 3 can be found in the file
+ `/usr/share/common-licenses/GPL-3'.
+
+License: public-domain
+ All scripts are Public Domain.
+
+License: CC0-1.0
+ CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL
+ SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT
+ RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS.
+ CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR
+ THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR
+ DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR
+ WORKS PROVIDED HEREUNDER.
+ .
+ Statement of Purpose
+ .
+ The laws of most jurisdictions throughout the world automatically confer
+ exclusive Copyright and Related Rights (defined below) upon the creator and
+ subsequent owner(s) (each and all, an "owner") of an original work of
+ authorship and/or a database (each, a "Work").
+ .
+ Certain owners wish to permanently relinquish those rights to a Work for the
+ purpose of contributing to a commons of creative, cultural and scientific
+ works ("Commons") that the public can reliably and without fear of later
+ claims of infringement build upon, modify, incorporate in other works, reuse
+ and redistribute as freely as possible in any form whatsoever and for any
+ purposes, including without limitation commercial purposes. These owners may
+ contribute to the Commons to promote the ideal of a free culture and the
+ further production of creative, cultural and scientific works, or to gain
+ reputation or greater distribution for their Work in part through the use
+ and efforts of others.
+ .
+ For these and/or other purposes and motivations, and without any expectation
+ of additional consideration or compensation, the person associating CC0 with
+ a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
+ and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
+ and publicly distribute the Work under its terms, with knowledge of his or her
+ Copyright and Related Rights in the Work and the meaning and intended legal
+ effect of CC0 on those rights.
+ .
+ Copyright and Related Rights. A Work made available under CC0 may be protected
+ by copyright and related or neighboring rights ("Copyright and Related
+ Rights"). Copyright and Related Rights include, but are not limited to,
+ the following:
+ .
+ the right to reproduce, adapt, distribute, perform, display, communicate,
+ and translate a Work;
+ moral rights retained by the original author(s) and/or performer(s);
+ publicity and privacy rights pertaining to a person's image or likeness
+ depicted in a Work;
+ rights protecting against unfair competition in regards to a Work, subject
+ to the limitations in paragraph 4(a), below;
+ rights protecting the extraction, dissemination, use and reuse of data
+ in a Work;
+ database rights (such as those arising under Directive 96/9/EC of the European
+ Parliament and of the Council of 11 March 1996 on the legal protection of
+ databases, and under any national implementation thereof, including any
+ amended or successor version of such directive); and
+ other similar, equivalent or corresponding rights throughout the world
+ based on applicable law or treaty, and any national implementations thereof.
+ .
+ 2. Waiver. To the greatest extent permitted by, but not in contravention of,
+ applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
+ unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
+ and Related Rights and associated claims and causes of action, whether now
+ known or unknown (including existing as well as future claims and causes of
+ action), in the Work (i) in all territories worldwide, (ii) for the maximum
+ duration provided by applicable law or treaty (including future time
+ extensions), (iii) in any current or future medium and for any number of
+ copies, and (iv) for any purpose whatsoever, including without limitation
+ commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
+ the Waiver for the benefit of each member of the public at large and to the
+ detriment of Affirmer's heirs and successors, fully intending that such Waiver
+ shall not be subject to revocation, rescission, cancellation, termination,
+ or any other legal or equitable action to disrupt the quiet enjoyment of the
+ Work by the public as contemplated by Affirmer's express Statement of Purpose.
+ .
+ 3. Public License Fallback. Should any part of the Waiver for any reason be
+ judged legally invalid or ineffective under applicable law, then the Waiver
+ shall be preserved to the maximum extent permitted taking into account
+ Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
+ is so judged Affirmer hereby grants to each affected person a royalty-free,
+ non transferable, non sublicensable, non exclusive, irrevocable and
+ unconditional license to exercise Affirmer's Copyright and Related Rights
+ in the Work (i) in all territories worldwide, (ii) for the maximum duration
+ provided by applicable law or treaty (including future time extensions),
+ (iii) in any current or future medium and for any number of copies, and (iv)
+ for any purpose whatsoever, including without limitation commercial,
+ advertising or promotional purposes (the "License"). The License shall be
+ deemed effective as of the date CC0 was applied by Affirmer to the Work.
+ Should any part of the License for any reason be judged legally invalid or
+ ineffective under applicable law, such partial invalidity or ineffectiveness
+ shall not invalidate the remainder of the License, and in such case Affirmer
+ hereby affirms that he or she will not (i) exercise any of his or her
+ remaining Copyright and Related Rights in the Work or (ii) assert any
+ associated claims and causes of action with respect to the Work, in either
+ case contrary to Affirmer's express Statement of Purpose.
+ .
+ 4. Limitations and Disclaimers.
+ .
+ No trademark or patent rights held by Affirmer are waived, abandoned,
+ surrendered, licensed or otherwise affected by this document.
+ Affirmer offers the Work as-is and makes no representations or warranties
+ of any kind concerning the Work, express, implied, statutory or otherwise,
+ including without limitation warranties of title, merchantability, fitness
+ for a particular purpose, non infringement, or the absence of latent or
+ other defects, accuracy, or the present or absence of errors, whether
+ or not discoverable, all to the greatest extent permissible under applicable
+ law.
+ .
+ Affirmer disclaims responsibility for clearing rights of other persons that
+ may apply to the Work or any use thereof, including without limitation any
+ person's Copyright and Related Rights in the Work. Further, Affirmer
+ disclaims responsibility for obtaining any necessary consents,
+ permissions or other rights required for any use of the Work.
+ .
+ Affirmer understands and acknowledges that Creative Commons is not a party
+ to this document and has no duty or obligation with respect to this CC0 or
+ use of the Work.
+
+License: BSD-3-clause
+ All rights reserved.
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+ .
+     * Redistributions of source code must retain the above copyright
+       notice, this list of conditions and the following disclaimer.
+     * Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+     * Neither the name of highlight.js nor the names of its contributors
+       may be used to endorse or promote products derived from this software
+       without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
+ EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE REGENTS AND CONTRIBUTORS BE LIABLE FOR ANY
+ DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: CC-BY-3.0
+ THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS
+ CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS
+ PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK
+ OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS
+ PROHIBITED.
+ .
+ BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND
+ AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS
+ LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE
+ RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS
+ AND CONDITIONS.
+ .
+ 1. Definitions
+ .
+   1. "Adaptation" means a work based upon the Work, or upon the Work
+      and other pre-existing works, such as a translation, adaptation,
+      derivative work, arrangement of music or other alterations of a
+      literary or artistic work, or phonogram or performance and
+      includes cinematographic adaptations or any other form in which
+      the Work may be recast, transformed, or adapted including in any
+      form recognizably derived from the original, except that a work
+      that constitutes a Collection will not be considered an Adaptation
+      for the purpose of this License. For the avoidance of doubt, where
+      the Work is a musical work, performance or phonogram, the
+      synchronization of the Work in timed-relation with a moving image
+      ("synching") will be considered an Adaptation for the purpose of
+      this License.
+   2. "Collection" means a collection of literary or artistic works,
+      such as encyclopedias and anthologies, or performances, phonograms
+      or broadcasts, or other works or subject matter other than works
+      listed in Section 1(f) below, which, by reason of the selection
+      and arrangement of their contents, constitute intellectual
+      creations, in which the Work is included in its entirety in
+      unmodified form along with one or more other contributions, each
+      constituting separate and independent works in themselves, which
+      together are assembled into a collective whole. A work that
+      constitutes a Collection will not be considered an Adaptation (as
+      defined above) for the purposes of this License.
+   3. "Distribute" means to make available to the public the original
+      and copies of the Work or Adaptation, as appropriate, through sale
+      or other transfer of ownership.
+   4. "Licensor" means the individual, individuals, entity or entities
+      that offer(s) the Work under the terms of this License.
+   5. "Original Author" means, in the case of a literary or artistic
+      work, the individual, individuals, entity or entities who created
+      the Work or if no individual or entity can be identified, the
+      publisher; and in addition (i) in the case of a performance the
+      actors, singers, musicians, dancers, and other persons who act,
+      sing, deliver, declaim, play in, interpret or otherwise perform
+      literary or artistic works or expressions of folklore; (ii) in the
+      case of a phonogram the producer being the person or legal entity
+      who first fixes the sounds of a performance or other sounds; and,
+      (iii) in the case of broadcasts, the organization that transmits
+      the broadcast.
+   6. "Work" means the literary and/or artistic work offered under the
+      terms of this License including without limitation any production
+      in the literary, scientific and artistic domain, whatever may be
+      the mode or form of its expression including digital form, such as
+      a book, pamphlet and other writing; a lecture, address, sermon or
+      other work of the same nature; a dramatic or dramatico-musical
+      work; a choreographic work or entertainment in dumb show; a
+      musical composition with or without words; a cinematographic work
+      to which are assimilated works expressed by a process analogous to
+      cinematography; a work of drawing, painting, architecture,
+      sculpture, engraving or lithography; a photographic work to which
+      are assimilated works expressed by a process analogous to
+      photography; a work of applied art; an illustration, map, plan,
+      sketch or three-dimensional work relative to geography,
+      topography, architecture or science; a performance; a broadcast; a
+      phonogram; a compilation of data to the extent it is protected as
+      a copyrightable work; or a work performed by a variety or circus
+      performer to the extent it is not otherwise considered a literary
+      or artistic work.
+   7. "You" means an individual or entity exercising rights under this
+      License who has not previously violated the terms of this License
+      with respect to the Work, or who has received express permission
+      from the Licensor to exercise rights under this License despite a
+      previous violation.
+   8. "Publicly Perform" means to perform public recitations of the Work
+      and to communicate to the public those public recitations, by any
+      means or process, including by wire or wireless means or public
+      digital performances; to make available to the public Works in
+      such a way that members of the public may access these Works from
+      a place and at a place individually chosen by them; to perform the
+      Work to the public by any means or process and the communication
+      to the public of the performances of the Work, including by public
+      digital performance; to broadcast and rebroadcast the Work by any
+      means including signs, sounds or images.
+   9. "Reproduce" means to make copies of the Work by any means
+      including without limitation by sound or visual recordings and the
+      right of fixation and reproducing fixations of the Work, including
+      storage of a protected performance or phonogram in digital form or
+      other electronic medium.
+ .
+ 2. Fair Dealing Rights. Nothing in this License is intended to reduce,
+    limit, or restrict any uses free from copyright or rights arising
+    from limitations or exceptions that are provided for in connection
+    with the copyright protection under copyright law or other
+    applicable laws.
+ .
+ 3. License Grant. Subject to the terms and conditions of this License,
+    Licensor hereby grants You a worldwide, royalty-free, non-exclusive,
+    perpetual (for the duration of the applicable copyright) license to
+    exercise the rights in the Work as stated below:
+ .
+   1. to Reproduce the Work, to incorporate the Work into one or more
+      Collections, and to Reproduce the Work as incorporated in the
+      Collections;
+   2. to create and Reproduce Adaptations provided that any such
+      Adaptation, including any translation in any medium, takes
+      reasonable steps to clearly label, demarcate or otherwise identify
+      that changes were made to the original Work. For example, a
+      translation could be marked "The original work was translated from
+      English to Spanish," or a modification could indicate "The
+      original work has been modified.";
+   3. to Distribute and Publicly Perform the Work including as
+      incorporated in Collections; and,
+   4. to Distribute and Publicly Perform Adaptations.
+   5.
+ .
+      For the avoidance of doubt:
+         1. Non-waivable Compulsory License Schemes. In those
+            jurisdictions in which the right to collect royalties
+            through any statutory or compulsory licensing scheme cannot
+            be waived, the Licensor reserves the exclusive right to
+            collect such royalties for any exercise by You of the rights
+            granted under this License;
+         2. Waivable Compulsory License Schemes. In those jurisdictions
+            in which the right to collect royalties through any
+            statutory or compulsory licensing scheme can be waived, the
+            Licensor waives the exclusive right to collect such
+            royalties for any exercise by You of the rights granted
+            under this License; and,
+         3. Voluntary License Schemes. The Licensor waives the right to
+            collect royalties, whether individually or, in the event
+            that the Licensor is a member of a collecting society that
+            administers voluntary licensing schemes, via that society,
+            from any exercise by You of the rights granted under this
+            License.
+ .
+ The above rights may be exercised in all media and formats whether now
+ known or hereafter devised. The above rights include the right to make
+ such modifications as are technically necessary to exercise the rights
+ in other media and formats. Subject to Section 8(f), all rights not
+ expressly granted by Licensor are hereby reserved.
+ .
+ 4. Restrictions. The license granted in Section 3 above is expressly
+    made subject to and limited by the following restrictions:
+ .
+   1. You may Distribute or Publicly Perform the Work only under the
+      terms of this License. You must include a copy of, or the Uniform
+      Resource Identifier (URI) for, this License with every copy of the
+      Work You Distribute or Publicly Perform. You may not offer or
+      impose any terms on the Work that restrict the terms of this
+      License or the ability of the recipient of the Work to exercise
+      the rights granted to that recipient under the terms of the
+      License. You may not sublicense the Work. You must keep intact all
+      notices that refer to this License and to the disclaimer of
+      warranties with every copy of the Work You Distribute or Publicly
+      Perform. When You Distribute or Publicly Perform the Work, You may
+      not impose any effective technological measures on the Work that
+      restrict the ability of a recipient of the Work from You to
+      exercise the rights granted to that recipient under the terms of
+      the License. This Section 4(a) applies to the Work as incorporated
+      in a Collection, but this does not require the Collection apart
+      from the Work itself to be made subject to the terms of this
+      License. If You create a Collection, upon notice from any Licensor
+      You must, to the extent practicable, remove from the Collection
+      any credit as required by Section 4(b), as requested. If You
+      create an Adaptation, upon notice from any Licensor You must, to
+      the extent practicable, remove from the Adaptation any credit as
+      required by Section 4(b), as requested.
+   2. If You Distribute, or Publicly Perform the Work or any Adaptations
+      or Collections, You must, unless a request has been made pursuant
+      to Section 4(a), keep intact all copyright notices for the Work
+      and provide, reasonable to the medium or means You are utilizing:
+      (i) the name of the Original Author (or pseudonym, if applicable)
+      if supplied, and/or if the Original Author and/or Licensor
+      designate another party or parties (e.g., a sponsor institute,
+      publishing entity, journal) for attribution ("Attribution
+      Parties") in Licensor's copyright notice, terms of service or by
+      other reasonable means, the name of such party or parties; (ii)
+      the title of the Work if supplied; (iii) to the extent reasonably
+      practicable, the URI, if any, that Licensor specifies to be
+      associated with the Work, unless such URI does not refer to the
+      copyright notice or licensing information for the Work; and (iv) ,
+      consistent with Section 3(b), in the case of an Adaptation, a
+      credit identifying the use of the Work in the Adaptation (e.g.,
+      "French translation of the Work by Original Author," or
+      "Screenplay based on original Work by Original Author"). The
+      credit required by this Section 4 (b) may be implemented in any
+      reasonable manner; provided, however, that in the case of a
+      Adaptation or Collection, at a minimum such credit will appear,
+      if a credit for all contributing authors of the Adaptation or
+      Collection appears, then as part of these credits and in a manner
+      at least as prominent as the credits for the other contributing
+      authors. For the avoidance of doubt, You may only use the credit
+      required by this Section for the purpose of attribution in the
+      manner set out above and, by exercising Your rights under this
+      License, You may not implicitly or explicitly assert or imply any
+      connection with, sponsorship or endorsement by the Original
+      Author, Licensor and/or Attribution Parties, as appropriate, of
+      You or Your use of the Work, without the separate, express prior
+      written permission of the Original Author, Licensor and/or
+      Attribution Parties.
+   3. Except as otherwise agreed in writing by the Licensor or as may be
+      otherwise permitted by applicable law, if You Reproduce,
+      Distribute or Publicly Perform the Work either by itself or as
+      part of any Adaptations or Collections, You must not distort,
+      mutilate, modify or take other derogatory action in relation to
+      the Work which would be prejudicial to the Original Author's honor
+      or reputation. Licensor agrees that in those jurisdictions (e.g.
+      Japan), in which any exercise of the right granted in Section 3(b)
+      of this License (the right to make Adaptations) would be deemed to
+      be a distortion, mutilation, modification or other derogatory
+      action prejudicial to the Original Author's honor and reputation,
+      the Licensor will waive or not assert, as appropriate, this
+      Section, to the fullest extent permitted by the applicable
+      national law, to enable You to reasonably exercise Your right
+      under Section 3(b) of this License (right to make Adaptations) but
+      not otherwise.
+ .
+ 5. Representations, Warranties and Disclaimer
+ .
+ UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR
+ OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY
+ KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE,
+ INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY,
+ FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF
+ LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF
+ ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW
+ THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO
+ YOU.
+ .
+ 6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE
+    LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY
+    FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY
+    DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF
+    LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ .
+ 7. Termination
+ .
+   1. This License and the rights granted hereunder will terminate
+      automatically upon any breach by You of the terms of this License.
+      Individuals or entities who have received Adaptations or
+      Collections from You under this License, however, will not have
+      their licenses terminated provided such individuals or entities
+      remain in full compliance with those licenses. Sections 1, 2, 5,
+      6, 7, and 8 will survive any termination of this License.
+   2. Subject to the above terms and conditions, the license granted
+      here is perpetual (for the duration of the applicable copyright in
+      the Work). Notwithstanding the above, Licensor reserves the right
+      to release the Work under different license terms or to stop
+      distributing the Work at any time; provided, however that any such
+      election will not serve to withdraw this License (or any other
+      license that has been, or is required to be, granted under the
+      terms of this License), and this License will continue in full
+      force and effect unless terminated as stated above.
+ .
+ 8. Miscellaneous
+ .
+   1. Each time You Distribute or Publicly Perform the Work or a
+      Collection, the Licensor offers to the recipient a license to the
+      Work on the same terms and conditions as the license granted to
+      You under this License.
+   2. Each time You Distribute or Publicly Perform an Adaptation,
+      Licensor offers to the recipient a license to the original Work on
+      the same terms and conditions as the license granted to You under
+      this License.
+   3. If any provision of this License is invalid or unenforceable under
+      applicable law, it shall not affect the validity or enforceability
+      of the remainder of the terms of this License, and without further
+      action by the parties to this agreement, such provision shall be
+      reformed to the minimum extent necessary to make such provision
+      valid and enforceable.
+   4. No term or provision of this License shall be deemed waived and no
+      breach consented to unless such waiver or consent shall be in
+      writing and signed by the party to be charged with such waiver or
+      consent.
+   5. This License constitutes the entire agreement between the parties
+      with respect to the Work licensed here. There are no
+      understandings, agreements or representations with respect to the
+      Work not specified here. Licensor shall not be bound by any
+      additional provisions that may appear in any communication from
+      You. This License may not be modified without the mutual written
+      agreement of the Licensor and You.
+   6. The rights granted under, and the subject matter referenced, in
+      this License were drafted utilizing the terminology of the Berne
+      Convention for the Protection of Literary and Artistic Works (as
+      amended on September 28, 1979), the Rome Convention of 1961, the
+      WIPO Copyright Treaty of 1996, the WIPO Performances and
+      Phonograms Treaty of 1996 and the Universal Copyright Convention
+      (as revised on July 24, 1971). These rights and subject matter
+      take effect in the relevant jurisdiction in which the License
+      terms are sought to be enforced according to the corresponding
+      provisions of the implementation of those treaty provisions in the
+      applicable national law. If the standard suite of rights granted
+      under applicable copyright law includes additional rights not
+      granted under this License, such additional rights are deemed to
+      be included in the License; this License is not intended to
+      restrict the license of any rights under applicable law.

debian/gitlab-common.config

@@ -0,0 +1,22 @@
+#!/bin/sh
+# config maintainer script for gitlab
+
+CONFIGFILE=/etc/gitlab-common/gitlab-common.conf
+ 
+set -e
+
+# source debconf stuffs
+. /usr/share/debconf/confmodule
+
+# Load config file, if it exists.
+  if [ -e $CONFIGFILE ]; then
+      . $CONFIGFILE || true
+
+      # Store values from config file into
+      # debconf db.
+      db_set gitlab-common/user "$gitlab_user"
+  fi
+
+# Do you want to change gitlab user?
+db_input high gitlab-common/user || true
+db_go

debian/gitlab-common.dirs

@@ -0,0 +1,2 @@
+/var/lib/gitlab-common
+/etc/gitlab-common

debian/gitlab-common.install

@@ -0,0 +1,2 @@
+debian/adduser.sh usr/lib/gitlab-common/scripts
+debian/conf/gitlab-common.defaults usr/lib/gitlab-common

debian/gitlab-common.postinst

@@ -0,0 +1,78 @@
+#! /bin/sh
+# postinst script for gitlab
+# copied from postinst script for hplip
+# $Id: hplip.postinst,v 1.1 2005/10/15 21:39:04 hmh Exp $
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# Show debconf questions
+. /usr/share/debconf/confmodule
+
+gitlab_common_defaults=/usr/lib/gitlab-common/gitlab-common.defaults
+gitlab_common_defaults_copy=/var/lib/gitlab-common/gitlab-common.defaults
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+# quoting from the policy:
+#     Any necessary prompting should almost always be confined to the
+#     post-installation script, and should be protected with a conditional
+#     so that unnecessary prompting doesn't happen if a package's
+#     installation fails and the `postinst' is called with `abort-upgrade',
+#     `abort-remove' or `abort-deconfigure'.
+
+
+case "$1" in
+  configure)
+    # Read default values
+    . ${gitlab_common_defaults}
+
+    # Copy defaults for use with postrm
+    cp ${gitlab_common_defaults} ${gitlab_common_defaults_copy}
+
+    # Read gitlab_user from debconf db
+    db_get gitlab-common/user
+    gitlab_user=$RET >/dev/null
+
+    # Create gitlab user
+    . /usr/lib/gitlab-common/scripts/adduser.sh
+
+    # Keep config file and debconf db in sync
+    touch ${gitlab_common_conf_private} 
+    test -z "$gitlab_user" || grep -Eq '^ *gitlab_user=' ${gitlab_common_conf_private} || \
+        echo "gitlab_user=" >> ${gitlab_common_conf_private}
+    sed -e "s/^ *gitlab_user=.*/gitlab_user=\"$gitlab_user\"/" \
+            < ${gitlab_common_conf_private} > ${gitlab_common_conf_private}.tmp
+    mv -f ${gitlab_common_conf_private}.tmp ${gitlab_common_conf_private}
+
+    echo "Registering ${gitlab_common_conf} via ucf"
+    ucf --debconf-ok --three-way ${gitlab_common_conf_private} ${gitlab_common_conf}
+    ucfr gitlab-common ${gitlab_common_conf}
+    ;;
+
+  triggered)
+    # Already handled
+    ;;
+
+  abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+  *)
+    echo "postinst called with unknown argument \`$1'" >&2
+    exit 1
+    ;;
+esac
+
+db_stop
+
+#DEBHELPER#

debian/gitlab-common.postrm

@@ -0,0 +1,136 @@
+#! /bin/sh
+# postrm.skeleton
+# Skeleton maintainer script showing all the possible cases.
+# Written by Charles Briscoe-Smith, March-June 1998.  Public Domain.
+
+# Abort if any command returns an error value
+set -e
+
+# Set variables
+gitlab_common_defaults_copy=/var/lib/gitlab-common/gitlab-common.defaults
+
+# This script is called twice during the removal of the package; once
+# after the removal of the package's files from the system, and as
+# the final step in the removal of this package, after the package's
+# conffiles have been removed.
+
+# Ensure the menu system is updated
+
+# Read debian specific configuration
+if [ -f ${gitlab_common_defaults_copy} ]; then . ${gitlab_common_defaults_copy}; fi
+if [ -f ${gitlab_common_conf} ]; then . ${gitlab_common_conf}; fi
+
+case "$1" in
+  remove)
+    # This package is being removed, but its configuration has not yet
+    # been purged.
+    :
+
+    # Remove diversion
+    # ldconfig is NOT needed during removal of a library, only during
+    # installation
+
+    ;;
+  purge)
+    # This package has previously been removed and is now having
+    # its configuration purged from the system.
+    :
+    # purge debconf questions
+    if [ -e /usr/share/debconf/confmodule ]; then
+      # Source debconf library.
+      . /usr/share/debconf/confmodule
+
+      if [ ! -z "${gitlab_user}" ]; then
+        # Do only if gitlab_user is set
+        echo "Removing user: ${gitlab_user}"
+          if id -u ${gitlab_user}; then userdel -r ${gitlab_user}; fi
+      else
+        echo "gitlab_user not set. Hence not removing user."
+      fi
+      # Remove private copies of configuration files
+      rm -f ${gitlab_common_conf_private}
+      rm -f ${gitlab_common_defaults_copy}
+
+      # Remove my changes to the db.
+      db_purge
+    fi
+
+    # we mimic dpkg as closely as possible, so we remove configuration
+    # files with dpkg backup extensions too:
+    ### Some of the following is from Tore Anderson:
+    for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist;  do
+	rm -f ${gitlab_common_conf}$ext
+    done
+ 
+    # Remove conf file
+    if which ucf >/dev/null; then
+      if [ -n "${gitlab_common_conf}" ]; then ucf --purge ${gitlab_common_conf}; fi
+    fi
+    if which ucfr >/dev/null; then
+      if [ -n "${gitlab_common_conf}" ]; then ucfr --purge gitlab-common ${gitlab_common_conf}; fi
+    fi
+    rm -f ${gitlab_common_conf}
+ 
+       # cleanup complete
+    exit 0
+
+    ;;
+  disappear)
+    if test "$2" != overwriter; then
+      echo "$0: undocumented call to \`postrm $*'" 1>&2
+      exit 0
+    fi
+    # This package has been completely overwritten by package $3
+    # (version $4).  All our files are already gone from the system.
+    # This is a special case: neither "prerm remove" nor "postrm remove"
+    # have been called, because dpkg didn't know that this package would
+    # disappear until this stage.
+    :
+
+    ;;
+  upgrade)
+    # About to upgrade FROM THIS VERSION to version $2 of this package.
+    # "prerm upgrade" has been called for this version, and "preinst
+    # upgrade" has been called for the new version.  Last chance to
+    # clean up.
+    :
+
+    ;;
+  failed-upgrade)
+    # About to upgrade from version $2 of this package TO THIS VERSION.
+    # "prerm upgrade" has been called for the old version, and "preinst
+    # upgrade" has been called for this version.  This is only used if
+    # the previous version's "postrm upgrade" couldn't handle it and
+    # returned non-zero. (Fix old postrm bugs here.)
+    :
+
+    ;;
+  abort-install)
+    # Back out of an attempt to install this package.  Undo the effects of
+    # "preinst install...".  There are two sub-cases.
+    :
+
+    if test "${2+set}" = set; then
+      # When the install was attempted, version $2's configuration
+      # files were still on the system.  Undo the effects of "preinst
+      # install $2".
+      :
+
+    else
+      # We were being installed from scratch.  Undo the effects of
+      # "preinst install".
+      :
+
+    fi ;;
+  abort-upgrade)
+    # Back out of an attempt to upgrade this package from version $2
+    # TO THIS VERSION.  Undo the effects of "preinst upgrade $2".
+    :
+
+    ;;
+  *) echo "$0: didn't understand being called with \`$1'" 1>&2
+     exit 0;;
+esac
+
+#DEBHELPER#
+exit 0

debian/gitlab-common.templates

@@ -0,0 +1,11 @@
+Template: gitlab-common/user
+Type: string
+Default: gitlab
+_Description: Operating System user for this instance of Gitlab:
+ Please choose the username of the user used to run this instance of Gitlab.
+ .
+ This username will also be used in SSH urls of projects hosted with this
+ instance of Gitlab. For example, git@git.example.com:foo/bar.git
+ .
+ Note: Do not reuse any existing system users like www-data, it will not have
+ the permissions required to run the Gitlab instance.

debian/gitlab-rake.sh

@@ -0,0 +1,14 @@
+#! /bin/sh
+
+set -e
+
+# Read debian specific configuration
+. /etc/gitlab-common/gitlab-common.conf
+. /etc/gitlab/gitlab-debian.conf
+export DB RAILS_ENV
+
+cd /usr/share/gitlab
+
+# Check gitlab is configured correctly
+printf "Check if Gitlab is configured correctly...\n"
+runuser -u ${gitlab_user} -- sh -c "/usr/bin/bundle exec rake $@"

debian/gitlab.config

@@ -0,0 +1,63 @@
+#!/bin/sh
+# config maintainer script for gitlab
+
+CONFIGFILE=/etc/gitlab/gitlab-debian.conf
+ 
+set -e
+
+# source debconf stuffs
+. /usr/share/debconf/confmodule
+
+# Load config file, if it exists.
+  if [ -e $CONFIGFILE ]; then
+      . $CONFIGFILE || true
+
+      # Store values from config file into
+      # debconf db.
+      db_set gitlab/fqdn "$GITLAB_HOST"
+      db_set gitlab/ssl "${GITLAB_HTTPS:-false}"
+      db_set gitlab/letsencrypt "${gitlab_letsencrypt:-false}"
+      if [ -n "$gitlab_letsencrypt_email" ]; then
+        db_set gitlab/letsencrypt_email "${gitlab_letsencrypt_email}"
+      fi
+  fi
+
+# What is your fqdn?
+db_input high gitlab/fqdn || true
+db_go
+
+# Do you want https?
+db_input high gitlab/ssl || true
+db_go
+
+# Don't prompt for letsencrypt if not installed
+if command -v letsencrypt >/dev/null; then
+  # Do you want Let's Encrypt?
+  db_get gitlab/ssl
+  if [ "${RET}" = "true" ]
+  then
+    db_input high gitlab/letsencrypt || true
+    db_go
+    db_get gitlab/letsencrypt
+    gitlab_letsencrypt=$RET
+    if [ "$gitlab_letsencrypt" = "true" ]; then
+      # Get email for letsencrypt updates
+      db_input high gitlab/letsencrypt_email || true
+      db_go
+    fi
+  fi
+fi
+
+db_get gitlab-common/user
+gitlab_user=$RET
+
+# source dbconfig-common shell library, and call the hook function
+if [ -f /usr/share/dbconfig-common/dpkg/config ]; then
+   . /usr/share/dbconfig-common/dpkg/config
+
+   dbc_dbtypes="pgsql"
+   dbc_dbname="gitlab_production"
+   dbc_dbuser="$gitlab_user"
+   
+   dbc_go gitlab "$@"
+fi

debian/gitlab.dirs

@@ -0,0 +1,3 @@
+/var/cache/gitlab
+/var/log/gitlab
+/var/log/gitlab-shell

debian/gitlab.docs

@@ -0,0 +1,2 @@
+README.md
+debian/README.Debian

debian/gitlab.gitlab-mailroom.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Gitlab mailroom Worker
+PartOf=gitlab.target
+Requires=gitlab-unicorn.service
+Wants=gitlab-unicorn.service
+After=gitlab-unicorn.service
+PartOf=gitlab.service
+ReloadPropagatedFrom=gitlab-unicorn.service
+
+[Service]
+Type=simple
+WorkingDirectory=/usr/share/gitlab
+EnvironmentFile=/etc/gitlab/gitlab-debian.conf
+SyslogIdentifier=gitlab-mailroom
+ExecStart=/usr/bin/bundle exec mail_room -q -c /etc/gitlab/mail_room.yml
+Restart=on-abnormal
+
+[Install]
+WantedBy=gitlab.target

debian/gitlab.gitlab-sidekiq.service

@@ -0,0 +1,24 @@
+[Unit]
+Description=GitLab Sidekiq Worker
+PartOf=gitlab.target
+Requires=redis-server.service
+Wants=postgresql.service
+After=redis-server.service postgresql.service
+PartOf=gitlab.service
+ReloadPropagatedFrom=gitlab.service
+
+[Service]
+Type=simple
+WorkingDirectory=/usr/share/gitlab
+EnvironmentFile=/etc/gitlab/gitlab-debian.conf
+SyslogIdentifier=gitlab-sidekiq
+ExecStart=/usr/bin/bundle exec sidekiq \
+    -C /etc/gitlab/sidekiq_queues.yml \
+    -e $RAILS_ENV
+Restart=on-abnormal
+
+## No "Type=notify" support; wait for service to initialise:
+ExecStartPost=-/bin/sh -c "for i in 4 4 4 4 4 4 4 4; do sleep $i; (ps -h -o command -p $MAINPID | grep -q -P \"sidekiq\s\d\.\d\.\d\") && exit 0; done"
+
+[Install]
+WantedBy=gitlab.target

debian/gitlab.gitlab-unicorn.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=GitLab Unicorn Server
+PartOf=gitlab.target
+Requires=redis-server.service
+Wants=postgresql.service
+After=redis-server.service postgresql.service
+PartOf=gitlab.service
+ReloadPropagatedFrom=gitlab.service
+
+[Service]
+Type=simple
+WorkingDirectory=/usr/share/gitlab
+EnvironmentFile=/etc/gitlab/gitlab-debian.conf
+EnvironmentFile=-/etc/default/gitlab
+SyslogIdentifier=gitlab-unicorn
+ExecStart=/usr/bin/bundle exec unicorn_rails -c config/unicorn.rb -E $RAILS_ENV
+ExecReload=/bin/kill -USR2 $MAINPID
+Restart=on-abnormal
+
+[Install]
+WantedBy=gitlab.target

debian/gitlab.gitlab-workhorse.service

@@ -0,0 +1,25 @@
+[Unit]
+Description=Gitlab Workhorse handles slow HTTP requests for Gitlab.
+PartOf=gitlab.target
+Requires=gitlab-unicorn.service
+Wants=gitlab-unicorn.service
+After=gitlab-unicorn.service
+PartOf=gitlab.service
+ReloadPropagatedFrom=gitlab-unicorn.service
+
+[Service]
+Type=simple
+WorkingDirectory=/usr/share/gitlab
+EnvironmentFile=/etc/gitlab/gitlab-debian.conf
+SyslogIdentifier=gitlab-workhorse
+ExecStart=/usr/bin/gitlab-workhorse \
+    -listenUmask 0 \
+    -listenNetwork unix \
+    -listenAddr ${gitlab_pid_path}/gitlab-workhorse.socket \
+    -authBackend http://127.0.0.1:8080 \
+    -authSocket ${gitlab_pid_path}/gitlab.socket \
+    -documentRoot ${gitlab_app_root}/public
+Restart=on-abnormal
+
+[Install]
+WantedBy=gitlab.target

debian/gitlab.init

@@ -0,0 +1 @@
+../lib/support/init.d/gitlab

debian/gitlab.install

@@ -0,0 +1,54 @@
+debian/conf/gitlab etc/default
+debian/conf/unicorn.rb etc/gitlab
+debian/conf/database.yml etc/gitlab
+debian/conf/gitlab.yml.example usr/lib/gitlab/templates
+debian/conf/resque.yml etc/gitlab
+debian/conf/gitlab-debian.conf.example usr/lib/gitlab/templates
+debian/conf/*.target lib/systemd/system
+debian/conf/smtp_settings.rb etc/gitlab/initializers
+debian/conf/tmpfiles.d/gitlab.conf.example usr/lib/gitlab/templates/tmpfiles.d
+debian/conf/nginx.conf.example usr/lib/gitlab/templates
+debian/conf/nginx.ssl.conf.example usr/lib/gitlab/templates
+debian/rake-tasks.sh usr/lib/gitlab/scripts
+debian/gitlab-rake.sh usr/lib/gitlab/scripts
+.babelrc.js usr/share/gitlab
+app usr/share/gitlab
+bin usr/share/gitlab
+CHANGELOG.md usr/share/gitlab
+changelogs usr/share/gitlab
+config/* etc/gitlab
+config.ru usr/share/gitlab
+CONTRIBUTING.md usr/share/gitlab
+danger usr/share/gitlab
+Dangerfile usr/share/gitlab
+doc usr/share/gitlab
+docker usr/share/gitlab
+docker-compose.yml usr/share/gitlab
+Dockerfile.assets usr/share/gitlab
+fixtures usr/share/gitlab
+Gemfile usr/share/gitlab
+generator_templates usr/share/gitlab
+GITLAB_PAGES_VERSION usr/share/gitlab
+GITALY_SERVER_VERSION usr/share/gitlab
+GITLAB_SHELL_VERSION usr/share/gitlab
+GITLAB_WORKHORSE_VERSION usr/share/gitlab
+INSTALLATION_TYPE usr/share/gitlab
+lib usr/share/gitlab
+locale usr/share/gitlab
+MAINTENANCE.md usr/share/gitlab
+package.json usr/share/gitlab
+plugins usr/share/gitlab
+PROCESS.md usr/share/gitlab
+Procfile usr/share/gitlab
+rubocop usr/share/gitlab
+Rakefile usr/share/gitlab
+README.md usr/share/gitlab
+scripts usr/share/gitlab
+spec usr/share/gitlab
+symbol usr/share/gitlab
+vendor usr/share/gitlab
+VERSION usr/share/gitlab
+yarn.lock /var/lib/gitlab
+shared var/lib/gitlab
+public var/lib/gitlab
+db var/lib/gitlab

debian/gitlab.links

@@ -0,0 +1,33 @@
+var/lib/gitlab/public usr/share/gitlab/public
+var/lib/gitlab/shared usr/share/gitlab/shared
+var/lib/gitlab/db usr/share/gitlab/db
+var/lib/gitlab/.node_modules usr/share/gitlab/node_modules
+var/lib/gitlab/yarn.lock usr/share/gitlab/yarn.lock
+var/lib/gitlab/yarn-error.log usr/share/gitlab/yarn-error.log
+var/lib/gitlab/.ssh usr/share/gitlab/.ssh
+var/lib/gitlab/.bundle usr/share/gitlab/.bundle
+var/lib/gitlab/secrets.yml etc/gitlab/secrets.yml
+var/lib/gitlab/locale usr/share/gitlab/app/assets/javascripts/locale
+usr/share/gitlab/app/assets/javascripts/locale.static/index.js var/lib/gitlab/locale/index.js
+var/log/gitlab usr/share/gitlab/log
+var/log/gitlab/builds usr/share/gitlab/builds
+run/gitlab usr/share/gitlab/tmp
+etc/gitlab usr/share/gitlab/config
+#usr/lib/nodejs/katex/dist/katex.js usr/share/gitlab/vendor/assets/javascripts/katex.js
+#usr/share/javascript/xterm/xterm.js usr/share/gitlab/vendor/assets/javascripts/xterm/xterm.js
+#usr/share/javascript/pdf/build/pdf.worker.js usr/share/gitlab/vendor/assets/javascripts/pdf.worker.js
+#usr/share/javascript/pdf/build/pdf.worker.js usr/share/gitlab/vendor/assets/javascripts/pdf.worker.min.js
+#usr/share/javascript/pdf/build/pdf.js usr/share/gitlab/vendor/assets/javascripts/pdf.js
+#usr/share/javascript/pdf/build/pdf.js usr/share/gitlab/vendor/assets/javascripts/pdf.min.js
+#usr/share/javascript/caret.js/jquery.caret.js usr/share/gitlab/vendor/assets/javascripts/jquery.caret.js
+#usr/share/javascript/jquery-atwho/jquery.atwho.js usr/share/gitlab/vendor/assets/javascripts/jquery.atwho.js
+usr/share/javascript/jquery-nicescroll/jquery.nicescroll.min.js usr/share/gitlab/vendor/assets/javascripts/jquery.nicescroll.min.js
+usr/share/javascript/clipboard/clipboard.js usr/share/gitlab/vendor/assets/javascripts/clipboard.js
+usr/share/javascript/chartjs/Chart.js usr/share/gitlab/vendor/assets/javascripts/chart-lib.min.js
+usr/share/javascript/graphael/g.raphael-min.js usr/share/gitlab/vendor/assets/javascripts/g.raphael-min.js
+usr/share/javascript/graphael/g.bar-min.js usr/share/gitlab/vendor/assets/javascripts/g.bar-min.js
+usr/share/javascript/fuzzaldrin/fuzzaldrin-plus.js usr/share/gitlab/vendor/assets/javascripts/fuzzaldrin-plus.js
+/var/lib/gitlab/.gitlab_workhorse_secret    /usr/share/gitlab/.gitlab_workhorse_secret
+/var/lib/gitlab/.gitlab_shell_secret    /usr/share/gitlab/.gitlab_shell_secret
+/var/lib/gitlab/Gemfile.lock    /usr/share/gitlab/Gemfile.lock
+/usr/lib/gitlab/scripts/gitlab-rake.sh  /usr/sbin/gitlab-rake

debian/gitlab.lintian-overrides

@@ -0,0 +1,40 @@
+# Used by chkconfig tool for rpm based systems, it can be safely ignored
+gitlab: init.d-script-has-unknown-lsb-keyword etc/init.d/gitlab:15 chkconfig
+
+# just an example, not used directly
+gitlab: executable-not-elf-or-script usr/share/gitlab/lib/support/init.d/gitlab.default.example
+
+# just an example, not used directly
+gitlab: executable-not-elf-or-script usr/share/gitlab/lib/support/deploy/deploy.sh
+
+# comes from upstream, timestamp will not change on rebuilds
+gitlab: package-contains-timestamped-gzip usr/share/gitlab/spec/fixtures/ci_build_artifacts_metadata.gz
+
+# upgrade handled via apt, script not required
+gitlab: executable-not-elf-or-script usr/share/gitlab/bin/upgrade.rb
+gitlab: executable-not-elf-or-script usr/share/gitlab/bin/ci/upgrade.rb
+
+# False-positives: there are no init.d files for those services:
+init.d-script-not-marked-as-conffile etc/init.d/gitlab-sidekiq
+init.d-script-not-marked-as-conffile etc/init.d/gitlab-workhorse
+init.d-script-not-marked-as-conffile etc/init.d/gitlab-unicorn
+init.d-script-not-marked-as-conffile etc/init.d/gitlab-mailroom
+
+# Not needed; SysV uses one 'gitlab' init script.
+init.d-script-not-included-in-package etc/init.d/gitlab-workhorse
+init.d-script-not-included-in-package etc/init.d/gitlab-sidekiq
+init.d-script-not-included-in-package etc/init.d/gitlab-mailroom
+init.d-script-not-included-in-package etc/init.d/gitlab-unicorn
+
+# libjs-cropper is 1.2.2, embedded cropper.js is 2.3.0 and a different upstream 
+embedded-javascript-library usr/share/gitlab/app/assets/javascripts/lib/cropper.js please use libjs-cropper
+# This is not the raphael library
+embedded-javascript-library usr/share/gitlab/app/assets/javascripts/lib/raphael.js please use libjs-raphael
+embedded-javascript-library usr/share/gitlab/app/assets/javascripts/network/raphael.js please use libjs-raphael
+# This is not the jquery library
+embedded-javascript-library usr/share/gitlab/app/assets/javascripts/extensions/jquery.js please use libjs-jquery
+embedded-javascript-library usr/share/gitlab/vendor/assets/javascripts/extensions/jquery.js please use libjs-jquery
+embedded-javascript-library usr/share/gitlab/app/assets/javascripts/commons/jquery.js please use libjs-jquery
+# used as test data
+package-contains-vcs-control-file usr/share/gitlab/spec/javascripts/fixtures/.gitignore
+package-contains-eslint-config-file usr/share/gitlab/spec/javascripts/.eslintrc.yml

debian/gitlab.postinst

@@ -0,0 +1,350 @@
+#! /bin/sh
+# postinst script for gitlab
+# copied from postinst script for hplip
+# $Id: hplip.postinst,v 1.1 2005/10/15 21:39:04 hmh Exp $
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# Setup variables
+# Now using gitlab-common.defaults to override variables used only in
+# maintainer scripts. Earlier versions used gitlab-debian.conf for this.
+# Now gitlab-debian.conf will only have user/admin configurable variables
+# and variables required by systemd services.
+gitlab_common_defaults=/usr/lib/gitlab-common/gitlab-common.defaults
+test -f ${gitlab_common_defaults} && . ${gitlab_common_defaults}
+
+# Show debconf questions
+. /usr/share/debconf/confmodule
+. /usr/share/dbconfig-common/dpkg/postinst
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+# quoting from the policy:
+#     Any necessary prompting should almost always be confined to the
+#     post-installation script, and should be protected with a conditional
+#     so that unnecessary prompting doesn't happen if a package's
+#     installation fails and the `postinst' is called with `abort-upgrade',
+#     `abort-remove' or `abort-deconfigure'.
+
+#######################################################################
+# Read debian specific configuration
+#######################################################################
+
+# Always copy the example configuration file in case there are newer entries
+# added by maintainer
+cp ${gitlab_debian_conf_example} ${gitlab_debian_conf_private}
+. ${gitlab_debian_conf_private}
+
+# If /etc/gitlab/gitlab-debian.conf is already present, use it
+test -f ${gitlab_debian_conf} && . ${gitlab_debian_conf}
+export DB RAILS_ENV
+
+# Read default values (we cannot do this before gitlab-debian.conf is exported
+# as we want to override variables set by gitlab-debian.conf in earlier gitlab
+# versions with gitlab-debian.defaults)
+. ${gitlab_common_defaults}
+
+# Read gitlab_user from gitlab-common.conf
+test -f ${gitlab_common_conf} && . ${gitlab_common_conf}
+
+#######################################################################
+# update Gemfile.lock and yarn.lock, always
+#######################################################################
+runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/Gemfile.lock && \
+truncate -s 0 ${gitlab_data_dir}/Gemfile.lock"
+# Don't modify yarn.lock until all dependencies are packaged
+#runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/yarn.lock && \
+#truncate -s 0 ${gitlab_data_dir}/yarn.lock"
+runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/yarn-error.log"
+cd ${gitlab_app_root}
+if ! runuser -u ${gitlab_user} -- sh -c 'bundle --local --quiet'; then
+  if [ "$1" = "triggered" ]; then
+    # probably triggered in the middle of an system upgrade; ignore failure
+    # but abort here
+    echo "#########################################################################"
+    echo "# Failed to detect gitlab dependencies; if you are in the middle of an #"
+    echo "# upgrade, this is probably fine, there will be another attempt later.  #"
+    echo "#                                                                       #"
+    echo "# If you are NOT in the middle of an upgrade, there is probably a real  #"
+    echo "# issue. Please report a bug.                                           #"
+    echo "#########################################################################"
+    exit 0
+  else
+    # something is really broken
+    exit 1
+  fi
+fi
+cd - >/dev/null
+
+case "$1" in
+  configure)
+    gitlab_builds_log=${gitlab_log_dir}/builds
+    gitlab_repo_path=${gitlab_data_dir}/repositories
+    gitlab_uploads_path=${gitlab_data_dir}/public/uploads
+
+    # Create directories and change ownership
+    echo "Creating runtime directories for gitlab..."
+    # Setup ssh key file
+    runuser -u ${gitlab_user} -- sh -c "mkdir -p ${gitlab_data_dir}/.ssh"
+    runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/.ssh/authorized_keys"
+    # Create .bundle for .bundle/config
+    runuser -u ${gitlab_user} -- sh -c "mkdir -p ${gitlab_data_dir}/.bundle"
+    # Create locale for app/assets/javascripts/locale
+    runuser -u ${gitlab_user} -- sh -c "mkdir -p ${gitlab_data_dir}/locale"
+    # Create more required directories
+    mkdir -p ${gitlab_pid_path}
+    chown ${gitlab_user}: ${gitlab_data_dir}/public ${gitlab_cache_path} \
+    ${gitlab_log_dir} ${gitlab_shell_log} ${gitlab_pid_path} \
+    ${gitlab_data_dir}/db ${gitlab_data_dir}/locale ${gitlab_data_dir}/shared \
+    ${gitlab_data_dir}/shared/*
+    for i in ${gitlab_repo_path} ${gitlab_uploads_path}\
+    ${gitlab_shell_log} ${gitlab_builds_log}; do
+      runuser -u ${gitlab_user} -- sh -c "mkdir -p $i"
+    done
+
+    # nginx/httpd should be able to connect to gitlab-workhorse.socket and serve public
+    chown ${gitlab_user}:${nginx_user} ${gitlab_uploads_path}/../* ${gitlab_pid_path}
+    
+    # Customize permissions
+    echo "Updating file permissions..."
+    chmod ug+rwX,o-rwx,u-s,g+s ${gitlab_repo_path}/
+    for i in ${gitlab_data_dir} ${gitlab_shell_root}; do
+      chown ${gitlab_user}: $i
+    done
+
+    runuser -u ${gitlab_user} -- sh -c "chmod 700 ${gitlab_uploads_path}"
+    runuser -u ${gitlab_user} -- sh -c 'git config --global core.autocrlf "input"'
+
+    # Commands below needs to be run from gitlab_app_root
+    cd ${gitlab_app_root}
+
+    # Obtain hostname from debconf db
+    echo "Configuring hostname and email..."
+    db_get gitlab/fqdn
+    GITLAB_HOST=$RET
+    GITLAB_EMAIL_FROM="no-reply@$GITLAB_HOST"
+    GITLAB_EMAIL_DISPLAY_NAME="Gitlab"
+    GITLAB_EMAIL_REPLY_TO="no-reply@$GITLAB_HOST"
+    # Check if ssl option is selected
+    db_get gitlab/ssl
+    GITLAB_HTTPS=$RET
+    gl_proto="http"
+    db_get gitlab/letsencrypt
+    gitlab_letsencrypt=$RET
+    db_get gitlab/letsencrypt_email
+    gitlab_letsencrypt_email=$RET
+
+    cp -a -f ${gitlab_debian_conf_private} ${gitlab_debian_conf_private}.tmp
+
+    # If the admin deleted or commented some variables but then set
+    # them via debconf, (re-)add them to the conffile.
+    test -z "$GITLAB_HOST" || grep -Eq '^ *GITLAB_HOST=' ${gitlab_debian_conf_private} || \
+        echo "GITLAB_HOST=" >> ${gitlab_debian_conf_private}
+    test -z "$GITLAB_EMAIL_FROM" || grep -Eq '^ *GITLAB_EMAIL_FROM=' ${gitlab_debian_conf_private} || \
+        echo "GITLAB_EMAIL_FROM=" >> ${gitlab_debian_conf_private}
+    test -z "$GITLAB_EMAIL_DISPLAY_NAME" || grep -Eq '^ *GITLAB_EMAIL_DISPLAY_NAME=' ${gitlab_debian_conf_private} || \
+        echo "GITLAB_EMAIL_DISPLAY_NAME=" >> ${gitlab_debian_conf_private}
+    test -z "$GITLAB_EMAIL_REPLY_TO" || grep -Eq '^ *GITLAB_EMAIL_REPLY_TO=' ${gitlab_debian_conf_private} || \
+        echo "GITLAB_EMAIL_REPLY_TO=" >> ${gitlab_debian_conf_private}
+    test -z "$GITLAB_HTTPS" || grep -Eq '^ *GITLAB_HTTPS=' ${gitlab_debian_conf_private} || \
+        echo "GITLAB_HTTPS=" >> ${gitlab_debian_conf_private}
+    test -z "$gitlab_letsencrypt" || grep -Eq '^ *gitlab_letsencrypt=' ${gitlab_debian_conf_private} || \
+        echo "gitlab_letsencrypt=" >> ${gitlab_debian_conf_private}
+    test -z "$gitlab_letsencrypt_email" || grep -Eq '^ *gitlab_letsencrypt_email=' ${gitlab_debian_conf_private} || \
+        echo "gitlab_letsencrypt_email=" >> ${gitlab_debian_conf_private}
+    sed -e "s/^ *GITLAB_HOST=.*/GITLAB_HOST=\"$GITLAB_HOST\"/" \
+        -e "s/^ *GITLAB_EMAIL_FROM=.*/GITLAB_EMAIL_FROM=\"$GITLAB_EMAIL_FROM\"/" \
+        -e "s/^ *GITLAB_EMAIL_DISPLAY_NAME=.*/GITLAB_EMAIL_DISPLAY_NAME=\"$GITLAB_EMAIL_DISPLAY_NAME\"/" \
+        -e "s/^ *GITLAB_EMAIL_REPLY_TO=.*/GITLAB_EMAIL_REPLY_TO=\"$GITLAB_EMAIL_REPLY_TO\"/" \
+        -e "s/^ *GITLAB_HTTPS=.*/GITLAB_HTTPS=\"$GITLAB_HTTPS\"/" \
+        -e "s/^ *gitlab_letsencrypt=.*/gitlab_letsencrypt=\"$gitlab_letsencrypt\"/" \
+        -e "s/^ *gitlab_letsencrypt_email=.*/gitlab_letsencrypt_email=\"$gitlab_letsencrypt_email\"/" \
+            < ${gitlab_debian_conf_private} > ${gitlab_debian_conf_private}.tmp
+    mv -f ${gitlab_debian_conf_private}.tmp ${gitlab_debian_conf_private}
+
+    # Copy example configurations
+    cp ${gitlab_yml_example} ${gitlab_yml_private}
+    cp ${gitlab_shell_config_example} ${gitlab_shell_config_private}
+
+    # Set gitlab user first time
+    sed -i "s/GITLAB_USER/${gitlab_user}/" ${gitlab_yml_private}
+    # Update gitlab user (its a hack, proper fix is to have gitlab accept GITLAB_USER variable)
+    sed -i "s/^ *user:.* #gitlab_user/    user: $gitlab_user #gitlab_user/" ${gitlab_yml_private}
+
+    if [ "$GITLAB_HTTPS" = "true" ]; then
+      echo "Configuring nginx with HTTPS..."
+      # Workaround for #813770
+      gl_proto="https"
+      echo "Configuring gitlab with HTTPS..."
+      sed -i "s/#port: 80/port: 443/" ${gitlab_yml_private}
+      sed -i "s/https: false/https: true/" ${gitlab_yml_private}
+      echo "Updating gitlab_url in gitlab-shell configuration..."
+      sed -i \
+	  "s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\
+	  ${gitlab_shell_config_private}
+      
+      mkdir -p /etc/gitlab/ssl
+      nginx_conf_example=${nginx_ssl_conf_example}
+
+      # Check if letsencrypt option is selected
+      if [ "$gitlab_letsencrypt" = "true" ]; then
+	  echo "Configuring letsencrypt..."
+        ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem \
+        /etc/gitlab/ssl/gitlab.crt
+        ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem \
+        /etc/gitlab/ssl/gitlab.key
+	    
+        # Check if certificate is already present
+        if [ -e /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem ]; then
+          echo "Let's encrypt certificate already present."
+        else
+          # Port 80 and 443 should be available for letsencrypt
+          if command -v nginx > /dev/null; then
+	    echo "Stopping nginx for letsencrypt..."
+	    invoke-rc.d nginx stop
+	  fi
+          db_get gitlab/letsencrypt_email
+          gitlab_letsencrypt_email=$RET
+          LETSENCRYPT_CMD="letsencrypt --standalone --agree-tos -m $gitlab_letsencrypt_email -d ${GITLAB_HOST} certonly"
+          $LETSENCRYPT_CMD || {
+	    echo "letsencrypt auto configuration failed..."
+	    echo "Stop your webserver and try running letsencrypt manually..."
+	    echo "$LETSENCRYPT_CMD"
+	  }
+        fi 
+      fi
+    else
+      # Revert https setting
+      sed -i "s/port: 443/#port: 80/" ${gitlab_yml_private}
+      sed -i "s/https: true/https: false/" ${gitlab_yml_private}
+    fi
+
+    # Cleanup in case letsencrypt were disabled later
+    if [ "$gitlab_letsencrypt" = "false" ]; then
+        if [ -L /etc/gitlab/ssl/gitlab.crt ]; then
+          if [ "$(file /etc/gitlab/ssl/gitlab.crt|awk '{ print $NF }')" = "/etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem" ]; then
+            echo "Removing symbolic links to letsencrypt certificate..."
+            rm -f /etc/gitlab/ssl/gitlab.crt
+          fi
+        fi
+        if [ -L /etc/gitlab/ssl/gitlab.key ]; then
+          if [ "$(file /etc/gitlab/ssl/gitlab.key|awk '{ print $NF }')" = "/etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem" ]; then
+            echo "Removing symbolic links to letsencrypt certificate private key..."
+            rm -f /etc/gitlab/ssl/gitlab.key
+          fi
+        fi
+    fi
+
+      # Manage tmpfiles.d/gitlab.conf via ucf
+      cp ${gitlab_tmpfiles_example} ${gitlab_tmpfiles_private}
+      sed -i "s/GITLAB_USER/${gitlab_user}/" ${gitlab_tmpfiles_private}
+      echo "Registering ${gitlab_tmpfiles} via ucf"
+      ucf --debconf-ok --three-way ${gitlab_tmpfiles_private} ${gitlab_tmpfiles}
+      ucfr gitlab ${gitlab_tmpfiles}
+
+      # Override User for systemd services
+      for service in mailroom unicorn sidekiq workhorse; do
+        path=/etc/systemd/system/gitlab-${service}.service.d
+        mkdir -p $path
+        if [ -e $path/override.conf ]; then
+          echo "$path/override.conf already exist"
+          # Make sure only gitlab user is updated
+          sed -i "s/^ *User=.*/User=$gitlab_user/" $path/override.conf
+        else
+          printf "[Service]\nUser=${gitlab_user}\n" > $path/override.conf
+        fi
+      done
+
+      # Manage gitlab-shell's config.yml via ucf
+      mkdir -p /etc/gitlab-shell
+      echo "Registering ${gitlab_shell_config} via ucf"
+      ucf --debconf-ok --three-way ${gitlab_shell_config_private} ${gitlab_shell_config}
+      ucfr gitlab ${gitlab_shell_config}
+
+      # Manage gitlab.yml via ucf
+      echo "Registering ${gitlab_yml} via ucf"
+      ucf --debconf-ok --three-way ${gitlab_yml_private} ${gitlab_yml}
+      ucfr gitlab ${gitlab_yml}
+
+      # Manage gitlab-debian.conf via ucf
+      echo "Registering ${gitlab_debian_conf} via ucf"
+      ucf --debconf-ok --three-way ${gitlab_debian_conf_private} ${gitlab_debian_conf}
+      ucfr gitlab ${gitlab_debian_conf}
+
+      # configure nginx site
+      if test -d /etc/nginx/sites-available/; then
+        if test -f ${nginx_conf_example}; then
+          nginx_site="/etc/nginx/sites-available/${GITLAB_HOST}"
+          sed -e "s/YOUR_SERVER_FQDN/${GITLAB_HOST}/"\
+          ${nginx_conf_example} >${nginx_site_private}
+          ucf --debconf-ok --three-way ${nginx_site_private} ${nginx_site}
+          ucfr gitlab ${nginx_site}
+          ln -fs ${nginx_site} /etc/nginx/sites-enabled/
+        else
+          echo "nginx example configuration file not found"
+          exit 1
+        fi
+      fi
+      # Reload nginx
+      if command -v nginx > /dev/null; then
+        echo "Reloading nginx configuration..."
+        invoke-rc.d nginx reload
+      fi
+    
+    dbc_go gitlab "$@"
+    db_stop
+
+    # enable the pg_trgm extension
+    runuser -u postgres -- sh -c "psql -d gitlab_production -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\""
+
+    # Remove Gemfile.lock if present
+    rm -f ${gitlab_data_dir}/Gemfile.lock
+
+    # Create Gemfile.lock and .secret in /var/lib/gitlab
+    runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/Gemfile.lock"
+
+    echo "Verifying we have all required libraries..."
+    runuser -u ${gitlab_user} -- sh -c 'bundle install --without development test --local'
+        
+    echo "Running final rake tasks and tweaks..."
+    . /usr/lib/gitlab/scripts/rake-tasks.sh
+    ;;
+
+  triggered)
+    # Already handled
+    ;;
+
+  abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+  *)
+    echo "postinst called with unknown argument \`$1'" >&2
+    exit 1
+    ;;
+esac
+
+#DEBHELPER#
+
+case "$1" in
+  configure)
+    if command -v gitaly > /dev/null; then
+      echo "Restarting gitaly..."
+      invoke-rc.d gitaly restart
+    fi
+    echo "Restarting gitlab..."
+    invoke-rc.d gitlab restart
+    echo "Running rake checks..."
+    gitlab-rake gitlab:check
+  ;;
+esac

debian/gitlab.postrm

@@ -0,0 +1,223 @@
+#! /bin/sh
+# postrm.skeleton
+# Skeleton maintainer script showing all the possible cases.
+# Written by Charles Briscoe-Smith, March-June 1998.  Public Domain.
+
+# Abort if any command returns an error value
+set -e
+
+# Set variables
+gitlab_common_defaults=/var/lib/gitlab-common/gitlab-common.defaults
+
+# This script is called twice during the removal of the package; once
+# after the removal of the package's files from the system, and as
+# the final step in the removal of this package, after the package's
+# conffiles have been removed.
+
+# Ensure the menu system is updated
+
+# Read debian specific configuration
+if [ -f ${gitlab_common_defaults} ]
+then
+  . ${gitlab_common_defaults}
+else
+  echo "${gitlab_common_defaults} not found. Not removing anything."
+  exit 0
+fi
+
+if [ -f ${gitlab_debian_conf} ]
+then
+  . ${gitlab_debian_conf}
+else
+  echo "${gitlab_debian_conf} not found. Not removing anything."
+  exit 0
+fi
+
+if [ -f ${gitlab_common_conf} ]
+then
+  . ${gitlab_common_conf}
+else
+  echo "${gitlab_common_conf} not found. Not removing anything."
+  exit 0
+fi
+
+safely_remove() {
+  CANDIDATE_DIR=$1
+  if [ -n "${CANDIDATE_DIR}" ];then
+    if [ -e ${CANDIDATE_DIR} ]; then
+      echo "Removing: $i"
+      rm -rf ${CANDIDATE_DIR}
+    fi
+  fi
+}
+
+case "$1" in
+  remove)
+    # This package is being removed, but its configuration has not yet
+    # been purged.
+    :
+
+    # Remove diversion
+    # ldconfig is NOT needed during removal of a library, only during
+    # installation
+
+    ;;
+  purge)
+    # This package has previously been removed and is now having
+    # its configuration purged from the system.
+    :
+    # purge debconf questions
+    if [ -e /usr/share/debconf/confmodule ]; then
+      # Source debconf library.
+      . /usr/share/debconf/confmodule
+
+      # Do you want to remove all data?
+      db_input high gitlab/purge_data || true
+      db_go
+      
+      # Check if we should remove data?
+      db_get gitlab/purge_data
+      if [ "${RET}" = "true" ]; then
+        if [ -n "${gitlab_data_dir}" ] && [ -d ${gitlab_data_dir} ]; then
+          for i in shared public db repositories secrets.yml Gemfile.lock; do
+            if [ -e ${gitlab_data_dir}/$i ]; then
+              echo "Removing: ${gitlab_data_dir}/$i"
+              rm -rf ${gitlab_data_dir}/$i; fi
+          done
+        fi
+	for i in ${gitlab_log_dir} ${gitlab_cache_path} ${gitlab_pid_path}; do
+		safely_remove $i
+	done
+
+	# Remove locale directory
+	echo "Removing: ${gitlab_app_root}/app/assets/javascripts/locale"
+	safely_remove ${gitlab_app_root}/app/assets/javascripts/locale
+
+        if [ ! -z "${gitlab_user}" ]; then
+            # Do only if gitlab_user is set
+            if command -v dropdb >/dev/null; then
+                echo "Removing Database: gitlab_production"
+                if runuser -u ${gitlab_user} -- sh -c 'psql gitlab_production -c ""' ; then su postgres -c "dropdb gitlab_production"; fi
+            else
+                echo "dropdb command not found. Hence not removing database."
+           fi
+        else
+            echo "gitlab_user not set. Hence not removing user."
+        fi
+        safely_remove ${gitlab_ssl_path}
+      fi
+
+      # Remove my changes to the db.
+      db_purge
+    fi
+
+    nginx_site="/etc/nginx/sites-available/${GITLAB_HOST}"
+    dbconfig_config="/etc/dbconfig-common/gitlab.conf"
+
+    if [ -f ${nginx_site} ]; then echo "Found nginx site configuration at ${nginx_site}..."; fi
+
+
+    # we mimic dpkg as closely as possible, so we remove configuration
+    # files with dpkg backup extensions too:
+    ### Some of the following is from Tore Anderson:
+    for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist;  do
+	rm -f ${nginx_site}$ext
+	rm -f ${gitlab_debian_conf}$ext
+	rm -f ${gitlab_yml}$ext
+	rm -f ${gitlab_tmpfiles}$ext
+	rm -f ${gitlab_shell_config}$ext
+        rm -f ${dbconfig_config}$ext
+    done
+ 
+    for i in ${nginx_site} ${gitlab_debian_conf} ${gitlab_yml} \
+${gitlab_tmpfiles} ${gitlab_shell_config} ${dbconfig_config}; do
+      # remove the configuration file itself
+      if [ -f $i ] ; then rm -f $i; fi
+      # and finally clear it out from the ucf database
+      if which ucf >/dev/null; then
+        if [ -n "$i" ]; then ucf --purge $i; fi
+      fi
+      if which ucfr >/dev/null; then
+        if [ -n "$i" ]; then ucfr --purge gitlab $i; fi
+      fi
+    done
+
+    # remove generated assets
+    if [ -n "${gitlab_data_dir}" ]; then safely_remove ${gitlab_data_dir}/public/assets; fi
+      
+    # Remove private copies of configuration files
+    rm -f ${nginx_site_private}
+    rm -f ${gitlab_debian_conf_private}
+    rm -f ${gitlab_yml_private}
+    rm -f ${gitlab_tmpfiles_private}
+    rm -f ${gitlab_shell_config_private}
+
+    # Remove systemd service overrides
+    for service in mailroom unicorn sidekiq workhorse; do
+      path=/etc/systemd/system/gitlab-${service}.service.d
+      rm -rf $path
+    done
+
+       # cleanup complete
+    exit 0
+
+    ;;
+  disappear)
+    if test "$2" != overwriter; then
+      echo "$0: undocumented call to \`postrm $*'" 1>&2
+      exit 0
+    fi
+    # This package has been completely overwritten by package $3
+    # (version $4).  All our files are already gone from the system.
+    # This is a special case: neither "prerm remove" nor "postrm remove"
+    # have been called, because dpkg didn't know that this package would
+    # disappear until this stage.
+    :
+
+    ;;
+  upgrade)
+    # About to upgrade FROM THIS VERSION to version $2 of this package.
+    # "prerm upgrade" has been called for this version, and "preinst
+    # upgrade" has been called for the new version.  Last chance to
+    # clean up.
+    :
+
+    ;;
+  failed-upgrade)
+    # About to upgrade from version $2 of this package TO THIS VERSION.
+    # "prerm upgrade" has been called for the old version, and "preinst
+    # upgrade" has been called for this version.  This is only used if
+    # the previous version's "postrm upgrade" couldn't handle it and
+    # returned non-zero. (Fix old postrm bugs here.)
+    :
+
+    ;;
+  abort-install)
+    # Back out of an attempt to install this package.  Undo the effects of
+    # "preinst install...".  There are two sub-cases.
+    :
+
+    if test "${2+set}" = set; then
+      # When the install was attempted, version $2's configuration
+      # files were still on the system.  Undo the effects of "preinst
+      # install $2".
+      :
+
+    else
+      # We were being installed from scratch.  Undo the effects of
+      # "preinst install".
+      :
+
+    fi ;;
+  abort-upgrade)
+    # Back out of an attempt to upgrade this package from version $2
+    # TO THIS VERSION.  Undo the effects of "preinst upgrade $2".
+    :
+
+    ;;
+  *) echo "$0: didn't understand being called with \`$1'" 1>&2
+     exit 0;;
+esac
+
+#DEBHELPER#
+exit 0

debian/gitlab.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=GitLab Services
+BindsTo=gitlab-unicorn.service gitlab-sidekiq.service gitlab-mailroom.service gitlab-workhorse.service
+After=gitlab-unicorn.service gitlab-sidekiq.service gitlab-mailroom.service gitlab-workhorse.service
+
+[Service]
+Type=idle
+RemainAfterExit=yes
+ExecStart=-/bin/true
+ExecReload=-/bin/true
+
+[Install]
+WantedBy=gitlab.target

debian/gitlab.templates

@@ -0,0 +1,66 @@
+Template: gitlab/fqdn
+Type: string
+Default: localhost
+_Description: Fully qualified domain name for this instance of Gitlab:
+ Please choose the domain name which should be used to access this
+ instance of Gitlab.
+ .
+ This should be the fully qualified name as seen from the Internet, with
+ the domain name that will be used to access the Gitlab instance, without any
+ protocol specifiers like https://.
+ .
+ If a reverse proxy is used, give the hostname that the proxy server
+ responds to.
+ .
+ Example: git.example.com
+
+Template: gitlab/ssl
+Type: boolean
+Default: false
+_Description: Enable https?
+ Enabling https means that an SSL/TLS certificate is required to access this
+ Gitlab instance (as Nginx will be configured to respond only to https
+ requests). A self-signed certificate is enough for local testing (and can be
+ generated using, for instance, the package easy-rsa), but it is not
+ recommended for a production instance.
+ .
+ Some certificate authorities like Let's Encrypt (letsencrypt.org), CAcert
+ (cacert.org) offer free SSL/TLS certificates.
+ Note: CAcert issued certificates are not trusted by all browsers, it requires
+ installing CAcert's root certificate in such cases.
+ .
+ Nginx must be reloaded after the certificate and key files are made available
+ at /etc/gitlab/ssl. letsencrypt package may be used to automate interaction
+ with Let's Encrypt to obtain a certificate.
+
+Template: gitlab/letsencrypt
+Type: boolean
+Default: false
+_Description: Use Let's Encrypt?
+ Symbolic links to certificate and key created using letsencrypt package
+ (/etc/letencrypt/live) will be added to /etc/gitlab/ssl if this option is
+ selected.
+ .
+ Otherwise, certificate and key files have to be placed manually to
+ /etc/gitlab/ssl directory as 'gitlab.crt' and 'gitlab.key'.
+ .
+ Nginx will be stopped, if this option is selected, to allow letsencrypt to use
+ ports 80 and 443 during domain ownership validation and certificate retrieval
+ step.
+ .
+ Note: letsencrypt does not have a usable nginx plugin currently, so
+ certificates must be renewed manually after 3 months, when current
+ letsencrypt certificate expire. If you choose yes here, you will also be
+ agreeing to letsencrypt terms of service.
+
+Template: gitlab/letsencrypt_email
+Type: string
+_Description: Email address for letsencrypt updates:
+ Please provide a valid email address for letsencrypt updates.
+
+Template: gitlab/purge_data
+Type: boolean
+Default: true 
+_Description: Remove all data?
+ This will permanently remove all data of this Gitlab instance such as database,
+ repositories, uploaded files, SSH public keys etc.

debian/gitlab.triggers

@@ -0,0 +1,2 @@
+interest-noawait /usr/lib/ruby/vendor_ruby
+interest-noawait /usr/share/rubygems-integration

debian/maintscript

@@ -0,0 +1,9 @@
+rm_conffile /etc/gitlab/initializers/devise_async.rb 8.8.2+dfsg-5    gitlab
+rm_conffile /etc/gitlab/gitlab.teatro.yml            8.11.3+dfsg1-1  gitlab
+rm_conffile /etc/gitlab/initializers/haml.rb         8.11.3+dfsg1-1  gitlab
+rm_conffile /etc/gitlab/initializers/math_lexer.rb   9.5.4+dfsg-7    gitlab
+rm_conffile /etc/gitlab/initializers/plantuml_lexer.rb   9.5.4+dfsg-7    gitlab
+rm_conffile /etc/gitlab/initializers/additional_headers_interceptor.rb   11.2.8+dfsg-1    gitlab
+rm_conffile /etc/gitlab/initializers/asset_sync.rb  11.5.3+dfsg-1    gitlab
+rm_conffile /etc/gitlab/initializers/email_template_interceptor.rb   11.2.8+dfsg-1    gitlab
+dir_to_symlink /usr/share/gitlab/app/assets/javascripts/locale	/var/lib/gitlab/locale         9.5.4+dfsg-5  gitlab

debian/patches/0050-relax-stable-libs.patch

@@ -0,0 +1,340 @@
+We should be able to update minor versions of stable libs without breaking
+gitlab Gemfile
+
+--- a/Gemfile
++++ b/Gemfile
+@@ -5,7 +5,7 @@
+ 
+ gem_versions = {}
+ gem_versions['activerecord_sane_schema_dumper'] = rails5? ? '1.0'      : '0.2'
+-gem_versions['default_value_for']               = rails5? ? '~> 3.0.5' : '~> 3.0.0'
++gem_versions['default_value_for']               = rails5? ? '~> 3.0.5' : '~> 3.0'
+ gem_versions['rails']                           = rails5? ? '5.0.7'    : '4.2.10'
+ gem_versions['rails-i18n']                      = rails5? ? '~> 5.1'   : '~> 4.0.9'
+ # --- The end of special code for migrating to Rails 5.0 ---
+@@ -13,12 +13,12 @@
+ source 'https://rubygems.org'
+ 
+ gem 'rails', gem_versions['rails']
+-gem 'rails-deprecated_sanitizer', '~> 1.0.3'
++gem 'rails-deprecated_sanitizer', '~> 1.0', '>= 1.0.3'
+ 
+ # Responders respond_to and respond_with
+ gem 'responders', '~> 2.0'
+ 
+-gem 'sprockets', '~> 3.7.0'
++gem 'sprockets', '~> 3.7'
+ 
+ # Default values for AR models
+ gem 'default_value_for', gem_versions['default_value_for']
+@@ -37,35 +37,35 @@
+ gem 'doorkeeper', '~> 4.3'
+ gem 'doorkeeper-openid_connect', '~> 1.5'
+ gem 'omniauth', '~> 1.8'
+-gem 'omniauth-auth0', '~> 2.0.0'
++gem 'omniauth-auth0', '~> 2.0'
+ gem 'omniauth-azure-oauth2', '~> 0.0.9'
+-gem 'omniauth-cas3', '~> 1.1.4'
+-gem 'omniauth-facebook', '~> 4.0.0'
++gem 'omniauth-cas3', '~> 1.1', '>= 1.1.4'
++gem 'omniauth-facebook', '~> 4.0'
+ gem 'omniauth-github', '~> 1.3'
+-gem 'omniauth-gitlab', '~> 1.0.2'
++gem 'omniauth-gitlab', '~> 1.0', '>= 1.0.2'
+ gem 'omniauth-google-oauth2', '~> 0.5.3'
+ gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos
+ gem 'omniauth-oauth2-generic', '~> 0.2.2'
+ gem 'omniauth-saml', '~> 1.10'
+-gem 'omniauth-shibboleth', '~> 1.3.0'
++gem 'omniauth-shibboleth', '~> 1.3'
+ gem 'omniauth-twitter', '~> 1.4'
+-gem 'omniauth_crowd', '~> 2.2.0'
++gem 'omniauth_crowd', '~> 2.2'
+ gem 'omniauth-authentiq', '~> 0.3.3'
+-gem 'rack-oauth2', '~> 1.2.1'
+-gem 'jwt', '~> 1.5.6'
++gem 'rack-oauth2', '~> 1.2', '>= 1.2.1'
++gem 'jwt', '~> 1.5', '>= 1.5.6'
+ 
+ # Spam and anti-bot protection
+ gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails'
+ gem 'akismet', '~> 2.0'
+ 
+ # Two-factor authentication
+-gem 'devise-two-factor', '~> 3.0.0'
++gem 'devise-two-factor', '~> 3.0'
+ gem 'rqrcode-rails3', '~> 0.1.7'
+-gem 'attr_encrypted', '~> 3.1.0'
++gem 'attr_encrypted', '~> 3.1'
+ gem 'u2f', '~> 0.2.1'
+ 
+ # GitLab Pages
+-gem 'validates_hostname', '~> 1.0.6'
++gem 'validates_hostname', '~> 1.0', '>= 1.0.6'
+ 
+ # Browser detection
+ gem 'browser', '~> 2.5'
+@@ -76,17 +76,17 @@
+ # LDAP Auth
+ # GitLab fork with several improvements to original library. For full list of changes
+ # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master
+-gem 'gitlab_omniauth-ldap', '~> 2.0.4', require: 'omniauth-ldap'
++gem 'gitlab_omniauth-ldap', '~> 2.0', '>= 2.0.4', require: 'omniauth-ldap'
+ gem 'net-ldap'
+ 
+ # API
+ gem 'grape', '~> 1.1'
+ gem 'grape-entity', '~> 0.7.1'
+-gem 'rack-cors', '~> 1.0.0', require: 'rack/cors'
++gem 'rack-cors', '~> 1.0', require: 'rack/cors'
+ 
+ # GraphQL API
+-gem 'graphql', '~> 1.8.0'
+-gem 'graphiql-rails', '~> 1.4.10'
++gem 'graphql', '~> 1.8'
++gem 'graphiql-rails', '~> 1.4', '>= 1.4.10'
+ 
+ # Disable strong_params so that Mash does not respond to :permitted?
+ gem 'hashie-forbidden_attributes'
+@@ -95,7 +95,7 @@
+ gem 'kaminari', '~> 1.0'
+ 
+ # HAML
+-gem 'hamlit', '~> 2.8.8'
++gem 'hamlit', '~> 2.8', '>= 2.8.8'
+ 
+ # Files attachments
+ # Locked until https://github.com/carrierwaveuploader/carrierwave/pull/2332/files is merged.
+@@ -104,9 +104,9 @@
+ gem 'mini_magick'
+ 
+ # for backups
+-gem 'fog-aws', '~> 2.0.1'
++gem 'fog-aws', '~> 2.0', '>= 2.0.1'
+ gem 'fog-core', '~> 1.44'
+-gem 'fog-google', '~> 1.7.1'
++gem 'fog-google', '~> 1.7', '>= 1.7.1'
+ gem 'fog-local', '~> 0.3'
+ gem 'fog-openstack', '~> 0.1'
+ gem 'fog-rackspace', '~> 0.1.1'
+@@ -119,37 +119,37 @@
+ gem 'unf', '~> 0.1.4'
+ 
+ # Seed data
+-gem 'seed-fu', '~> 2.3.7'
++gem 'seed-fu', '~> 2.3', '>= 2.3.7'
+ 
+ # Markdown and HTML processing
+ gem 'html-pipeline', '~> 2.8'
+-gem 'deckar01-task_list', '2.0.0'
++gem 'deckar01-task_list', '2.0'
+ gem 'gitlab-markup', '~> 1.6.4'
+-gem 'github-markup', '~> 1.7.0', require: 'github/markup'
++gem 'github-markup', '~> 1.7', require: 'github/markup'
+ gem 'redcarpet', '~> 3.4'
+ gem 'commonmarker', '~> 0.17'
+-gem 'RedCloth', '~> 4.3.2'
++gem 'RedCloth', '~> 4.3', '>= 4.3.2'
+ gem 'rdoc', '~> 6.0'
+ gem 'org-ruby', '~> 0.9.12'
+ gem 'creole', '~> 0.5.0'
+ gem 'wikicloth', '0.8.1'
+-gem 'asciidoctor', '~> 1.5.6'
+-gem 'asciidoctor-plantuml', '0.0.8'
++gem 'asciidoctor', '~> 1.5', '>= 1.5.6'
++gem 'asciidoctor-plantuml', '~> 0.0.8'
+ gem 'rouge', '~> 3.1'
+ gem 'truncato', '~> 0.7.9'
+-gem 'bootstrap_form', '~> 2.7.0'
+-gem 'nokogiri', '~> 1.8.2'
++gem 'bootstrap_form', '~> 2.7'
++gem 'nokogiri', '~> 1.8', '>= 1.8.2'
+ gem 'escape_utils', '~> 1.1'
+ 
+ # Calendar rendering
+ gem 'icalendar'
+ 
+ # Diffs
+-gem 'diffy', '~> 3.1.0'
++gem 'diffy', '~> 3.1'
+ 
+ # Application server
+ group :unicorn do
+-  gem 'unicorn', '~> 5.1.0'
++  gem 'unicorn', '~> 5.1'
+   gem 'unicorn-worker-killer', '~> 0.4.4'
+ end
+ 
+@@ -165,9 +165,9 @@
+ gem 'acts-as-taggable-on', '~> 5.0'
+ 
+ # Background jobs
+-gem 'sidekiq', '~> 5.2.1'
++gem 'sidekiq', '~> 5.2','>= 5.2.1'
+ gem 'sidekiq-cron', '~> 0.6.0'
+-gem 'redis-namespace', '~> 1.6.0'
++gem 'redis-namespace', '~> 1.6'
+ 
+ # Cron Parser
+ gem 'rufus-scheduler', '~> 3.4'
+@@ -182,14 +182,14 @@
+ gem 'ruby-progressbar'
+ 
+ # GitLab settings
+-gem 'settingslogic', '~> 2.0.9'
++gem 'settingslogic', '~> 2.0', '>= 2.0.9'
+ 
+ # Linear-time regex library for untrusted regular expressions
+-gem 're2', '~> 1.1.1'
++gem 're2', '~> 1.1', '>= 1.1.1'
+ 
+ # Misc
+ 
+-gem 'version_sorter', '~> 2.1.0'
++gem 'version_sorter', '~> 2.1'
+ 
+ # Export Ruby Regex to Javascript
+ gem 'js_regex', '~> 2.2.1'
+@@ -198,14 +198,14 @@
+ gem 'device_detector'
+ 
+ # Cache
+-gem 'redis-rails', '~> 5.0.2'
++gem 'redis-rails', '~> 5.0', '>= 5.0.2'
+ 
+ # Redis
+ gem 'redis', '~> 3.2'
+ gem 'connection_pool', '~> 2.0'
+ 
+ # HipChat integration
+-gem 'hipchat', '~> 1.5.0'
++gem 'hipchat', '~> 1.5'
+ 
+ # JIRA integration
+ gem 'jira-ruby', '~> 1.4'
+@@ -214,7 +214,7 @@
+ gem 'flowdock', '~> 0.7'
+ 
+ # Slack integration
+-gem 'slack-notifier', '~> 1.5.1'
++gem 'slack-notifier', '~> 1.5', '>= 1.5.1'
+ 
+ # Hangouts Chat integration
+ gem 'hangouts-chat', '~> 0.0.5'
+@@ -226,11 +226,11 @@
+ gem 'ruby-fogbugz', '~> 0.2.1'
+ 
+ # Kubernetes integration
+-gem 'kubeclient', '~> 3.1.0'
++gem 'kubeclient', '~> 3.1'
+ 
+ # Sanitize user input
+ gem 'sanitize', '~> 4.6'
+-gem 'babosa', '~> 1.0.2'
++gem 'babosa', '~> 1.0', '>= 1.0.2'
+ 
+ # Sanitizes SVG input
+ gem 'loofah', '~> 2.2'
+@@ -239,10 +239,10 @@
+ gem 'licensee', '~> 8.9'
+ 
+ # Protect against bruteforcing
+-gem 'rack-attack', '~> 4.4.1'
++gem 'rack-attack', '~> 4.4', '>= 4.4.1'
+ 
+ # Ace editor
+-gem 'ace-rails-ap', '~> 4.1.0'
++gem 'ace-rails-ap', '~> 4.1'
+ 
+ # Detect and convert string character encoding
+ gem 'charlock_holmes', '~> 0.7.5'
+@@ -257,40 +257,40 @@
+ gem 'webpack-rails', '~> 0.9.10'
+ gem 'rack-proxy', '~> 0.6.0'
+ 
+-gem 'sass-rails', '~> 5.0.6'
+-gem 'uglifier', '~> 2.7.2'
++gem 'sass-rails', '~> 5.0', '>= 5.0.6'
++gem 'uglifier', '~> 2.7', '>= 2.7.2'
+ 
+-gem 'addressable', '~> 2.5.2'
++gem 'addressable', '~> 2.5', '>= 2.5.2'
+ gem 'font-awesome-rails', '~> 4.7'
+ gem 'gemojione', '~> 3.3'
+ gem 'gon', '~> 6.2'
+-gem 'jquery-atwho-rails', '~> 1.3.2'
++gem 'jquery-atwho-rails', '~> 1.3', '>= 1.3.2'
+ gem 'request_store', '~> 1.3'
+-gem 'select2-rails', '~> 3.5.9'
+-gem 'virtus', '~> 1.0.1'
++gem 'select2-rails', '~> 3.5', '>= 3.5.9'
++gem 'virtus', '~> 1.0', '>= 1.0.1'
+ gem 'base32', '~> 0.3.0'
+ 
+ # Sentry integration
+ gem 'sentry-raven', '~> 2.7'
+ 
+-gem 'premailer-rails', '~> 1.9.7'
++gem 'premailer-rails', '~> 1.9', '>= 1.9.7'
+ 
+ # I18n
+ gem 'ruby_parser', '~> 3.8', require: false
+ gem 'rails-i18n', gem_versions['rails-i18n']
+-gem 'gettext_i18n_rails', '~> 1.8.0'
++gem 'gettext_i18n_rails', '~> 1.8'
+ gem 'gettext_i18n_rails_js', '~> 1.3'
+ gem 'gettext', '~> 3.2.2', require: false, group: :development
+ 
+-gem 'batch-loader', '~> 1.2.1'
++gem 'batch-loader', '~> 1.2', '>= 1.2.1'
+ 
+ # Perf bar
+-gem 'peek', '~> 1.0.1'
++gem 'peek', '~> 1.0', '>= 1.0.1'
+ gem 'peek-gc', '~> 0.0.2'
+-gem 'peek-mysql2', '~> 1.1.0', group: :mysql
+-gem 'peek-pg', '~> 1.3.0', group: :postgres
++gem 'peek-mysql2', '~> 1.1', group: :mysql
++gem 'peek-pg', '~> 1.3', group: :postgres
+ gem 'peek-rblineprof', '~> 0.2.0'
+-gem 'peek-redis', '~> 1.2.0'
++gem 'peek-redis', '~> 1.2'
+ gem 'gitlab-sidekiq-fetcher', require: 'sidekiq-reliable-fetch'
+ 
+ # Metrics
+@@ -399,15 +399,15 @@
+ gem 'oauth2', '~> 1.4'
+ 
+ # Health check
+-gem 'health_check', '~> 2.6.0'
++gem 'health_check', '~> 2.6'
+ 
+ # System information
+-gem 'vmstat', '~> 2.3.0'
+-gem 'sys-filesystem', '~> 1.1.6'
++gem 'vmstat', '~> 2.3'
++gem 'sys-filesystem', '~> 1.1', '>= 1.1.6'
+ 
+ # SSH host key support
+ gem 'net-ssh', '~> 5.0'
+-gem 'sshkey', '~> 1.9.0'
++gem 'sshkey', '~> 1.9'
+ 
+ # Required for ED25519 SSH host key support
+ group :ed25519 do
+@@ -416,12 +416,12 @@
+ end
+ 
+ # Gitaly GRPC client
+-gem 'gitaly-proto', '~> 0.123.0', require: 'gitaly'
+-gem 'grpc', '~> 1.15.0'
++gem 'gitaly-proto', '~> 0.123', require: 'gitaly'
++gem 'grpc', '~> 1.15'
+ 
+ gem 'google-protobuf', '~> 3.6'
+ 
+-gem 'toml-rb', '~> 1.0.0', require: false
++gem 'toml-rb', '~> 1.0', require: false
+ 
+ # Feature toggles
+ gem 'flipper', '~> 0.13.0'

debian/patches/0100-remove-development-test.patch

@@ -0,0 +1,34 @@
+Bundler will fail when it can't find these locally
+
+--- a/Gemfile
++++ b/Gemfile
+@@ -280,7 +280,6 @@
+ gem 'rails-i18n', gem_versions['rails-i18n']
+ gem 'gettext_i18n_rails', '~> 1.8'
+ gem 'gettext_i18n_rails_js', '~> 1.3'
+-gem 'gettext', '~> 3.2.2', require: false, group: :development
+ 
+ gem 'batch-loader', '~> 1.2', '>= 1.2.1'
+ 
+@@ -303,21 +302,6 @@
+   gem 'raindrops', '~> 0.18'
+ end
+ 
+-group :development do
+-  gem 'foreman', '~> 0.84.0'
+-  gem 'brakeman', '~> 4.2', require: false
+-
+-  gem 'letter_opener_web', '~> 1.3.0'
+-  gem 'rblineprof', '~> 0.3.6', platform: :mri, require: false
+-
+-  # Better errors handler
+-  gem 'better_errors', '~> 2.1.0'
+-  gem 'binding_of_caller', '~> 0.7.2'
+-
+-  # thin instead webrick
+-  gem 'thin', '~> 1.7.0'
+-end
+-
+ group :development, :test do
+   gem 'bootsnap', '~> 1.3'
+   gem 'bullet', '~> 5.5.0', require: !!ENV['ENABLE_BULLET']

debian/patches/0108-make-mysql-optional.patch

@@ -0,0 +1,23 @@
+From 85ec69dca3e07b27079efe1392574d7fb317186f Mon Sep 17 00:00:00 2001
+From: Pirate Praveen <praveen@debian.org>
+Date: Sat, 23 Jan 2016 10:14:15 -0500
+Subject: [PATCH] allow specifying DB choice via ENV variable
+
+---
+ Gemfile | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/Gemfile
++++ b/Gemfile
+@@ -24,8 +24,9 @@
+ gem 'default_value_for', gem_versions['default_value_for']
+ 
+ # Supported DBs
+-gem 'mysql2', '~> 0.4.10', group: :mysql
+-gem 'pg', '~> 0.18.2', group: :postgres
++ENV["DB"] ||= "postgresql"
++gem 'mysql2', '~> 0.4.10' if ENV["DB"] == "all" || ENV["DB"] == "mysql"
++gem 'pg', '~> 0.18.2' if ENV["DB"] == "all" || ENV["DB"] == "postgres"
+ 
+ gem 'rugged', '~> 0.27'
+ gem 'grape-path-helpers', '~> 1.0'

debian/patches/0110-make-test-dependencies-conditional.patch

@@ -0,0 +1,23 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -303,7 +303,7 @@
+   gem 'raindrops', '~> 0.18'
+ end
+ 
+-group :development, :test do
++if ENV["INCLUDE_TEST_DEPENDS"] == "true"
+   gem 'bootsnap', '~> 1.3'
+   gem 'bullet', '~> 5.5.0', require: !!ENV['ENABLE_BULLET']
+   gem 'pry-byebug', '~> 3.4.1', platform: :mri
+@@ -355,9 +355,9 @@
+   gem 'simple_po_parser', '~> 1.1.2', require: false
+ 
+   gem 'timecop', '~> 0.8.0'
+-end
++#end
+ 
+-group :test do
++#group :test do
+   gem 'shoulda-matchers', '~> 3.1.2', require: false
+   gem 'email_spec', '~> 2.2.0'
+   gem 'json-schema', '~> 2.8.0'

debian/patches/0220-relax-webmock.patch

@@ -0,0 +1,11 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -361,7 +361,7 @@
+   gem 'shoulda-matchers', '~> 3.1.2', require: false
+   gem 'email_spec', '~> 2.2.0'
+   gem 'json-schema', '~> 2.8.0'
+-  gem 'webmock', '~> 2.3.2'
++  gem 'webmock', '>= 2.3.2'
+   gem 'rails-controller-testing' if rails5? # Rails5 only gem.
+   gem 'test_after_commit', '~> 1.1' unless rails5? # Remove this gem when migrated to rails 5.0. It's been integrated to rails 5.0.
+   gem 'sham_rack', '~> 1.3.6'

debian/patches/0280-relax-pg.patch

@@ -0,0 +1,11 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -26,7 +26,7 @@
+ # Supported DBs
+ ENV["DB"] ||= "postgresql"
+ gem 'mysql2', '~> 0.4.10' if ENV["DB"] == "all" || ENV["DB"] == "mysql"
+-gem 'pg', '~> 0.18.2' if ENV["DB"] == "all" || ENV["DB"] == "postgres"
++gem 'pg', '~> 0.19' if ENV["DB"] == "all" || ENV["DB"] == "postgres"
+ 
+ gem 'rugged', '~> 0.27'
+ gem 'grape-path-helpers', '~> 1.0'

debian/patches/0290-skip-peek-mysql2.patch

@@ -0,0 +1,10 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -287,7 +287,6 @@
+ # Perf bar
+ gem 'peek', '~> 1.0', '>= 1.0.1'
+ gem 'peek-gc', '~> 0.0.2'
+-gem 'peek-mysql2', '~> 1.1', group: :mysql
+ gem 'peek-pg', '~> 1.3', group: :postgres
+ gem 'peek-rblineprof', '~> 0.2.0'
+ gem 'peek-redis', '~> 1.2'

debian/patches/0340-relax-httparty.patch

@@ -0,0 +1,11 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -174,7 +174,7 @@
+ gem 'rufus-scheduler', '~> 3.4'
+ 
+ # HTTP requests
+-gem 'httparty', '~> 0.13.3'
++gem 'httparty', '~> 0.13'
+ 
+ # Colored output to console
+ gem 'rainbow', '~> 3.0'

debian/patches/0400-Relax-recaptcha-version.patch

@@ -0,0 +1,21 @@
+From: Lucas Kanashiro <lucas.kanashiro@collabora.com>
+Date: Tue, 4 Sep 2018 08:09:21 -0300
+Subject: Relax recaptcha version
+
+---
+ Gemfile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Gemfile b/Gemfile
+index 60d2709..0ab5c72 100644
+--- a/Gemfile
++++ b/Gemfile
+@@ -56,7 +56,7 @@ gem 'rack-oauth2', '~> 1.2', '>= 1.2.1'
+ gem 'jwt', '~> 1.5', '>= 1.5.6'
+ 
+ # Spam and anti-bot protection
+-gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails'
++gem 'recaptcha', '~> 4.11', require: 'recaptcha/rails'
+ gem 'akismet', '~> 2.0'
+ 
+ # Two-factor authentication

debian/patches/0420-relax-js-regex.patch

@@ -0,0 +1,11 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -193,7 +193,7 @@
+ gem 'version_sorter', '~> 2.1'
+ 
+ # Export Ruby Regex to Javascript
+-gem 'js_regex', '~> 2.2.1'
++gem 'js_regex', '~> 3.1'
+ 
+ # User agent parsing
+ gem 'device_detector'

debian/patches/0420-relax-rdoc.patch

@@ -0,0 +1,11 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -139,7 +139,7 @@
+ gem 'redcarpet', '~> 3.4'
+ gem 'commonmarker', '~> 0.17'
+ gem 'RedCloth', '~> 4.3', '>= 4.3.2'
+-gem 'rdoc', '~> 6.0'
++gem 'rdoc', '>= 4.2'
+ gem 'org-ruby', '~> 0.9.12'
+ gem 'creole', '~> 0.5.0'
+ gem 'wikicloth', '0.8.1'

debian/patches/0430-remove-gitlab-markup.patch

@@ -0,0 +1,10 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -125,7 +125,6 @@
+ # Markdown and HTML processing
+ gem 'html-pipeline', '~> 2.8'
+ gem 'deckar01-task_list', '2.0'
+-gem 'gitlab-markup', '~> 1.6.4'
+ gem 'github-markup', '~> 1.7', require: 'github/markup'
+ gem 'redcarpet', '~> 3.4'
+ gem 'commonmarker', '~> 0.17'

debian/patches/0440-remove-puma.patch

@@ -0,0 +1,14 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -153,11 +153,6 @@
+   gem 'unicorn-worker-killer', '~> 0.4.4'
+ end
+ 
+-group :puma do
+-  gem 'puma', '~> 3.12', require: false
+-  gem 'puma_worker_killer', require: false
+-end
+-
+ # State machine
+ gem 'state_machines-activerecord', '~> 0.5.1'
+ 

debian/patches/0450-remove-bullet.patch

@@ -0,0 +1,10 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -298,7 +298,6 @@
+ 
+ if ENV["INCLUDE_TEST_DEPENDS"] == "true"
+   gem 'bootsnap', '~> 1.3'
+-  gem 'bullet', '~> 5.5.0', require: !!ENV['ENABLE_BULLET']
+   gem 'pry-byebug', '~> 3.4.1', platform: :mri
+   gem 'pry-rails', '~> 0.3.4'
+ 

debian/patches/0460-relax-rspec-rails.patch

@@ -0,0 +1,11 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -306,7 +306,7 @@
+ 
+   gem 'database_cleaner', '~> 1.5.0'
+   gem 'factory_bot_rails', '~> 4.8.2'
+-  gem 'rspec-rails', '~> 3.7.0'
++  gem 'rspec-rails', '~> 3.7'
+   gem 'rspec-retry', '~> 0.4.5'
+   gem 'rspec_profiling', '~> 0.0.5'
+   gem 'rspec-set', '~> 0.1.3'

debian/patches/0490-relax-rdoc.patch

@@ -0,0 +1,11 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -129,7 +129,7 @@
+ gem 'redcarpet', '~> 3.4'
+ gem 'commonmarker', '~> 0.17'
+ gem 'RedCloth', '~> 4.3', '>= 4.3.2'
+-gem 'rdoc', '~> 6.0'
++gem 'rdoc', '>= 4.2'
+ gem 'org-ruby', '~> 0.9.12'
+ gem 'creole', '~> 0.5.0'
+ gem 'wikicloth', '0.8.1'

debian/patches/0500-set-webpack-root.patch

@@ -0,0 +1,11 @@
+--- a/config/webpack.config.js
++++ b/config/webpack.config.js
+@@ -7,7 +7,7 @@
+ const MonacoWebpackPlugin = require('monaco-editor-webpack-plugin');
+ const BundleAnalyzerPlugin = require('webpack-bundle-analyzer').BundleAnalyzerPlugin;
+ 
+-const ROOT_PATH = path.resolve(__dirname, '..');
++const ROOT_PATH = '/usr/share/gitlab';
+ const CACHE_PATH = process.env.WEBPACK_CACHE_PATH || path.join(ROOT_PATH, 'tmp/cache');
+ const IS_PRODUCTION = process.env.NODE_ENV === 'production';
+ const IS_DEV_SERVER = process.argv.join(' ').indexOf('webpack-dev-server') !== -1;

debian/patches/0510-remove-dev-dependencies.patch

@@ -0,0 +1,39 @@
+--- a/package.json
++++ b/package.json
+@@ -111,35 +111,5 @@
+     "xterm": "^3.5.0"
+   },
+   "devDependencies": {
+-    "@gitlab/eslint-config": "^1.1.0",
+-    "axios-mock-adapter": "^1.15.0",
+-    "babel-plugin-istanbul": "^5.1.0",
+-    "babel-plugin-rewire": "^1.2.0",
+-    "babel-template": "^6.26.0",
+-    "babel-types": "^6.26.0",
+-    "chalk": "^2.4.1",
+-    "commander": "^2.18.0",
+-    "eslint": "~5.6.0",
+-    "eslint-import-resolver-webpack": "^0.10.1",
+-    "eslint-plugin-html": "4.0.5",
+-    "eslint-plugin-import": "^2.14.0",
+-    "eslint-plugin-jasmine": "^2.10.1",
+-    "gettext-extractor": "^3.3.2",
+-    "gettext-extractor-vue": "^4.0.1",
+-    "istanbul": "^0.4.5",
+-    "jasmine-core": "^2.9.0",
+-    "jasmine-diff": "^0.1.3",
+-    "jasmine-jquery": "^2.1.1",
+-    "karma": "^3.0.0",
+-    "karma-chrome-launcher": "^2.2.0",
+-    "karma-coverage-istanbul-reporter": "^2.0.4",
+-    "karma-jasmine": "^1.1.2",
+-    "karma-junit-reporter": "^1.2.0",
+-    "karma-mocha-reporter": "^2.2.5",
+-    "karma-sourcemap-loader": "^0.3.7",
+-    "karma-webpack": "^4.0.0-beta.0",
+-    "nodemon": "^1.18.4",
+-    "prettier": "1.14.3",
+-    "webpack-dev-server": "^3.1.8"
+-  }
++      }
+ }

debian/patches/0520-add-system-lib-path-for-webpack.patch

@@ -0,0 +1,21 @@
+--- a/config/webpack.config.js
++++ b/config/webpack.config.js
+@@ -85,6 +85,7 @@
+ 
+   resolve: {
+     extensions: ['.js'],
++    modules: ['/usr/share/gitlab/node_modules','/usr/share/gitlab/node_modules/mermaid/node_modules', '/usr/lib/nodejs'],
+     alias: {
+       '~': path.join(ROOT_PATH, 'app/assets/javascripts'),
+       emojis: path.join(ROOT_PATH, 'fixtures/emojis'),
+@@ -97,6 +98,10 @@
+     },
+   },
+ 
++  resolveLoader: {
++    modules: ['/usr/share/gitlab/node_modules', '/usr/lib/nodejs'],
++  },
++
+   module: {
+     strictExportPresence: true,
+     rules: [

debian/patches/0610-source-init-functions.patch

@@ -0,0 +1,24 @@
+Description: fix lintian warning and init script error
+Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/12954
+
+--- a/lib/support/init.d/gitlab
++++ b/lib/support/init.d/gitlab
+@@ -23,6 +23,9 @@
+ # An example defaults file can be found in lib/support/init.d/gitlab.default.example
+ ###
+ 
++### source init functions
++. /lib/init/vars.sh
++. /lib/lsb/init-functions
+ 
+ ### Environment variables
+ RAILS_ENV="production"
+@@ -38,7 +41,7 @@
+ sidekiq_pid_path="$pid_path/sidekiq.pid"
+ mail_room_enabled=false
+ mail_room_pid_path="$pid_path/mail_room.pid"
+-gitlab_workhorse_dir=$(cd $app_root/../gitlab-workhorse 2> /dev/null && pwd)
++gitlab_workhorse_dir=$app_root/../gitlab-workhorse
+ gitlab_workhorse_pid_path="$pid_path/gitlab-workhorse.pid"
+ gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8080 -authSocket $rails_socket -documentRoot $app_root/public"
+ gitlab_workhorse_log="$app_root/log/gitlab-workhorse.log"

debian/patches/0620-pid-log-paths.patch

@@ -0,0 +1,44 @@
+Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/13415
+
+--- a/bin/background_jobs
++++ b/bin/background_jobs
+@@ -7,6 +7,11 @@
+ sidekiq_config="$app_root/config/sidekiq_queues.yml"
+ gitlab_user=$(ls -l config.ru | awk '{print $3}')
+ 
++# Read configuration variable file if it is present
++test -f /etc/default/gitlab && . /etc/default/gitlab
++
++sidekiq_pidfile=${sidekiq_pid_path}
++
+ warn()
+ {
+   echo "$@" 1>&2
+--- a/bin/web
++++ b/bin/web
+@@ -12,6 +12,11 @@
+ unicorn_config="$app_root/config/unicorn.rb"
+ unicorn_cmd="bundle exec unicorn_rails -c $unicorn_config -E $RAILS_ENV"
+ 
++# Read configuration variable file if it is present
++test -f /etc/default/gitlab && . /etc/default/gitlab
++
++unicorn_pidfile=${web_server_pid_path}
++
+ get_unicorn_pid()
+ {
+   local pid=$(cat $unicorn_pidfile)
+--- a/bin/mail_room
++++ b/bin/mail_room
+@@ -7,6 +7,11 @@
+ mail_room_logfile="$app_root/log/mail_room.log"
+ mail_room_config="$app_root/config/mail_room.yml"
+ 
++# Read configuration variable file if it is present
++test -f /etc/default/gitlab && . /etc/default/gitlab
++
++mail_room_logfile=${mail_room_pid_path}
++
+ get_mail_room_pid()
+ {
+   local pid=$(cat $mail_room_pidfile)

debian/patches/0630-fix-mail-room-path.patch

@@ -0,0 +1,10 @@
+--- a/config/mail_room.yml
++++ b/config/mail_room.yml
+@@ -1,6 +1,6 @@
+ :mailboxes:
+   <%
+-    require_relative "../lib/gitlab/mail_room" unless defined?(Gitlab::MailRoom)
++    require "/usr/share/gitlab/lib/gitlab/mail_room" unless defined?(Gitlab::MailRoom)
+     config = Gitlab::MailRoom.config
+ 
+     if Gitlab::MailRoom.enabled?

debian/patches/0640-relax-ruby-version.patch

@@ -0,0 +1,13 @@
+Debian's ruby has the latest security patches applied
+
+--- a/lib/system_check/app/ruby_version_check.rb
++++ b/lib/system_check/app/ruby_version_check.rb
+@@ -7,7 +7,7 @@
+       set_check_pass -> { "yes (#{self.current_version})" }
+ 
+       def self.required_version
+-        @required_version ||= Gitlab::VersionInfo.new(2, 3, 5)
++        @required_version ||= Gitlab::VersionInfo.new(2, 3, 3)
+       end
+ 
+       def self.current_version

debian/patches/0650-fix-8-to-10-migration.patch

@@ -0,0 +1,19 @@
+Required to support updation from 8 to 10
+
+Bug, upstream: https://gitlab.com/gitlab-org/gitlab-ce/issues/48040
+
+--- a/lib/gitlab/gitaly_client.rb
++++ b/lib/gitlab/gitaly_client.rb
+@@ -242,6 +242,12 @@
+       # Disabled features are always off!
+       return false if status == MigrationStatus::DISABLED
+ 
++      # If the features table does not exist, don't check the feature, just return
++      # the default
++      unless Gitlab::Database.cached_table_exists?(Feature::FlipperFeature.table_name)
++        return false
++      end
++
+       feature = Feature.get("gitaly_#{feature_name}")
+ 
+       # If the feature has been set, always evaluate

debian/patches/0660-fix-gitlab-yml-path.patch

@@ -0,0 +1,11 @@
+--- a/config/settings.rb
++++ b/config/settings.rb
+@@ -1,7 +1,7 @@
+ require 'settingslogic'
+ 
+ class Settings < Settingslogic
+-  source ENV.fetch('GITLAB_CONFIG') { Pathname.new(File.expand_path('..', __dir__)).join('config/gitlab.yml') }
++  source ENV.fetch('GITLAB_CONFIG') { Pathname.new(File.expand_path('gitlab.yml', __dir__)) }
+   namespace ENV.fetch('GITLAB_ENV') { Rails.env }
+ 
+   class << self

debian/patches/0670-allow-doorkeepr-4_3.patch

@@ -0,0 +1,20 @@
+Bug, https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22966
+
+--- a/config/initializers/doorkeeper.rb
++++ b/config/initializers/doorkeeper.rb
+@@ -114,15 +114,6 @@
+   base_controller '::Gitlab::BaseDoorkeeperController'
+ end
+ 
+-# Monkey patch to avoid creating new applications if the scope of the
+-# app created does not match the complete list of scopes of the configured app.
+-# It also prevents the OAuth authorize application window to appear every time.
+-
+-# Remove after we upgrade the doorkeeper gem from version 4.3.2
+-if Doorkeeper.gem_version > Gem::Version.new('4.3.2')
+-  raise "Doorkeeper was upgraded, please remove the monkey patch in #{__FILE__}"
+-end
+-
+ module Doorkeeper
+   module AccessTokenMixin
+     module ClassMethods

debian/patches/0700-add-salsa-link-to-help.patch

@@ -0,0 +1,19 @@
+Description: Use link to gitlab project on Salsa in help page
+Author: Balasankar C <balasankarc@debian.org>
+Last-Update: 2018-12-16
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/app/helpers/version_check_helper.rb
++++ b/app/helpers/version_check_helper.rb
+@@ -11,7 +11,10 @@
+   end
+ 
+   def link_to_version
+-    if Gitlab.pre_release?
++    if ENV['GITLAB_DEBIAN_VERSION'] && ENV['SALSA_TAG_URL']
++      debian_tag = ENV['GITLAB_DEBIAN_VERSION'].gsub('~', '_')
++      link_to ENV['GITLAB_DEBIAN_VERSION'], ENV['SALSA_TAG_URL'] + debian_tag
++    elsif Gitlab.pre_release?
+       commit_link = link_to(Gitlab.revision, Gitlab::COM_URL + namespace_project_commits_path('gitlab-org', source_code_project, Gitlab.revision))
+       [Gitlab::VERSION, content_tag(:small, commit_link)].join(' ').html_safe
+     else

debian/patches/series

@@ -0,0 +1,26 @@
+0050-relax-stable-libs.patch
+0100-remove-development-test.patch
+0108-make-mysql-optional.patch
+0110-make-test-dependencies-conditional.patch
+0220-relax-webmock.patch
+0280-relax-pg.patch
+0290-skip-peek-mysql2.patch
+0340-relax-httparty.patch
+0400-Relax-recaptcha-version.patch
+0420-relax-js-regex.patch
+0430-remove-gitlab-markup.patch
+0440-remove-puma.patch
+0450-remove-bullet.patch
+0460-relax-rspec-rails.patch
+0490-relax-rdoc.patch
+0500-set-webpack-root.patch
+0510-remove-dev-dependencies.patch
+0520-add-system-lib-path-for-webpack.patch
+0610-source-init-functions.patch
+0620-pid-log-paths.patch
+0630-fix-mail-room-path.patch
+0640-relax-ruby-version.patch
+0650-fix-8-to-10-migration.patch
+0660-fix-gitlab-yml-path.patch
+0670-allow-doorkeepr-4_3.patch
+0700-add-salsa-link-to-help.patch

debian/po/POTFILES.in

@@ -0,0 +1 @@
+[type: gettext/rfc822deb] gitlab.templates

debian/rake-tasks.sh

@@ -0,0 +1,48 @@
+#! /bin/sh
+
+set -e
+
+# Read debian specific configuration
+. /etc/gitlab/gitlab-debian.conf
+export DB RAILS_ENV
+
+cd /usr/share/gitlab
+
+# Check if the db is already present
+db_relations="$(LANG=C runuser -u postgres -- sh -c "psql gitlab_production -c \"\d\"" 2>&1)"
+if [ "$db_relations" = "No relations found." ] || \
+  [ "$db_relations" = "Did not find any relations." ]; then
+  echo "Initializing database..."
+  test -f ${gitlab_home}/db/schema.rb || \
+  runuser -u ${gitlab_user} -- sh -c \
+  "cp ${gitlab_data_dir}/db/schema.rb.template ${gitlab_data_dir}/db/schema.rb"
+  runuser -u ${gitlab_user} -- sh -c \
+  "touch ${gitlab_data_dir}/.gitlab_shell_secret"
+  runuser -u ${gitlab_user} -- sh -c '/usr/bin/bundle exec rake db:schema:load'
+else
+  echo "gitlab_production database is not empty, skipping gitlab setup"
+fi
+
+runuser -u ${gitlab_user} -- sh -c '/usr/bin/bundle exec rake db:migrate'
+
+# Restrict permissions for secret files
+chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret
+
+echo "Installing node modules..."
+runuser -u ${gitlab_user} -- sh -c 'install -d /var/lib/gitlab/.node_modules'
+runuser -u ${gitlab_user} -- sh -c 'install -d /var/lib/gitlab/yarn'
+runuser -u ${gitlab_user} -- sh -c 'cd /var/lib/gitlab/yarn; npm install yarn'
+runuser -u ${gitlab_user} -- sh -c '/var/lib/gitlab/yarn/node_modules/.bin/yarn --frozen-lockfile install'
+# Remove write permissions of .yarn-metadata.json files
+runuser -u ${gitlab_user} -- sh -c 'find /var/lib/gitlab/.cache/yarn/v4/ -name .yarn-metadata.json -perm -a=w -exec chmod 644 {} \;'
+
+echo "Precompiling locales..."
+runuser -u ${gitlab_user} -- sh -c '/usr/bin/bundle exec rake gettext:po_to_json'
+
+echo "Precompiling assets..."
+runuser -u ${gitlab_user} -- sh -c '/usr/bin/bundle exec rake tmp:cache:clear assets:precompile'
+
+echo "Webpacking..."
+#runuser -u ${gitlab_user} -- sh -c 'rm -rf node_modules/webpack'
+#runuser -u ${gitlab_user} -- sh -c 'rm -rf node_modules/webpack-bundle-analyzer'
+runuser -u ${gitlab_user} -- sh -c 'node_modules/.bin/webpack --config config/webpack.config.js'

debian/ruby-gitlab-ce.git.docs

@@ -0,0 +1,6 @@
+# FIXME: doc/ dir found in source. Consider installing the docs.
+# Examples:
+# doc/manual.html
+# doc/site/*
+# FIXME: READMEs found
+# README.md

debian/rules

@@ -0,0 +1,27 @@
+#!/usr/bin/make -f
+
+include /usr/share/dpkg/pkg-info.mk
+
+%:
+	dh $@ --with=systemd
+
+override_dh_install:
+	dh_install -XLICENSE
+	# Make sure we are installing all required files in debian/install
+	sh debian/upstream-file-count-check.sh
+	rm -rf debian/gitlab/usr/share/gitlab/tmp/*
+	rm -rf debian/gitlab/usr/share/gitlab/spec/javascripts/.eslintrc
+	mv debian/gitlab/usr/share/gitlab/app/assets/javascripts/locale \
+	debian/gitlab/usr/share/gitlab/app/assets/javascripts/locale.static
+	mv debian/gitlab/var/lib/gitlab/db/schema.rb debian/gitlab/var/lib/gitlab/db/schema.rb.template
+	sed -i 's/__NEW_VERSION__/${DEB_VERSION}/g' debian/gitlab/usr/lib/gitlab/templates/gitlab-debian.conf.example
+
+override_dh_installinit:
+	dh_installinit --no-start -p gitlab --name=gitlab-sidekiq
+	dh_installinit --no-start -p gitlab --name=gitlab-unicorn
+	dh_installinit --no-start -p gitlab --name=gitlab-mailroom
+	dh_installinit --no-start -p gitlab --name=gitlab-workhorse
+	dh_installinit
+
+override_dh_systemd_start:
+	dh_systemd_start --no-start

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

debian/source/lintian-overrides

@@ -0,0 +1,37 @@
+# Waiting for upstream change for debconf integration
+# https://gitlab.com/gitlab-org/gitlab-ce/issues/3717
+gitlab source: missing-templates-pot
+
+# False positive
+gitlab source: source-is-missing spec/javascripts/vue_mr_widget/mock_data.js line length is 518 characters (>512) 
+gitlab source: source-is-missing vendor/assets/javascripts/fuzzaldrin-plus.js line length is 480 characters (>256)
+gitlab source: source-is-missing app/assets/javascripts/labels_select.js line length is 407 characters (>256)
+gitlab source: source-is-missing app/assets/javascripts/shortcuts_blob.js line length is 289 characters (>256)
+gitlab source: source-is-missing app/assets/javascripts/shortcuts_dashboard_navigation.js line length is 289 characters (>256)
+gitlab source: source-is-missing app/assets/javascripts/shortcuts_find_file.js line length is 289 characters (>256)
+gitlab source: source-is-missing app/assets/javascripts/shortcuts_issuable.js line length is 289 characters (>256)
+gitlab source: source-is-missing app/assets/javascripts/shortcuts_navigation.js line length is 289 characters (>256)
+gitlab source: source-is-missing app/assets/javascripts/shortcuts_network.js line length is 289 characters (>256)
+gitlab source: source-is-missing spec/javascripts/fixtures/emoji_menu.js line length is 32752 characters (>512)
+gitlab source: source-is-missing app/assets/javascripts/blob/blob_gitignore_selector.js line length is 289 characters (>256)
+gitlab source: source-is-missing app/assets/javascripts/blob/blob_license_selector.js line length is 289 characters (>256)
+gitlab source: source-is-missing app/assets/javascripts/pages/projects/graphs/show/stat_graph_contributors_graph.js line length is 291 characters (>256)
+gitlab source: source-is-missing app/assets/javascripts/issuable_index.js line length is 603 characters (>512)
+gitlab source: source-is-missing spec/javascripts/vue_mr_widget/mock_data.js line length is 546 characters (>512)
+gitlab source: source-is-missing app/assets/javascripts/pages/projects/graphs/show/stat_graph_contributors_graph.js line length is 289 characters (>256)
+gitlab source: source-is-missing spec/javascripts/diffs/mock_data/diff_discussions.js line length is 594 characters (>512)
+# unicode data
+gitlab source: source-is-missing app/assets/javascripts/lib/utils/regexp.js line length is 4905 characters (>512)
+# test data
+gitlab source: source-is-missing spec/javascripts/lib/utils/mock_data.js line length is 2173 characters (>512)
+# encoding data
+gitlab source: source-is-missing vendor/assets/javascripts/xterm/encoding-indexes.js line length is 32697 characters (>512)
+# Source is provided by jquery-at.js
+gitlab source: source-is-missing vendor/assets/javascripts/jquery.atwho.js line length is 285 characters (>256)
+# Source is provided by jquery-caret.js
+gitlab source: source-is-missing vendor/assets/javascripts/jquery.caret.js line length is 538 characters (>512)
+# Source is provided by pdf.js
+gitlab source: source-is-missing vendor/assets/javascripts/pdf.js line length is 695 characters (>512)
+gitlab source: source-is-missing vendor/assets/javascripts/pdf.worker.js line length is 695 characters (>512)
+# Source provided by node-xterm
+gitlab source: source-is-missing vendor/assets/javascripts/xterm/xterm.js line length is 848 characters (>512)

debian/tests/control

@@ -0,0 +1,14 @@
+Tests: spec
+Depends: @, 
+  sudo,
+  gem2deb-test-runner,
+# For building native gems
+  ruby-rspec,
+  ruby-dev,
+  gcc,
+  libc6-dev,
+  ruby-sqlite3,
+# For building gitlab-shell
+  golang-any,
+  phantomjs
+Restrictions: needs-root

debian/tests/spec

@@ -0,0 +1,38 @@
+#!/bin/sh
+
+export SOURCE_TREE=${PWD}
+
+if [ -z "$ADTTMP" ]; then
+  ADTTMP=$(mktemp -d)
+  cleanup() {
+    rm -rf "$ADTTMP"
+  }
+  trap cleanup INT TERM EXIT
+fi
+
+cd $ADTTMP
+
+exec 2>&1
+set -ex
+
+cd /usr/share/gitlab
+su gitlab -c 'truncate -s 0 Gemfile.lock'
+
+. /etc/gitlab/gitlab-debian.conf
+export RAILS_ENV=test
+export DB=postgres
+export INCLUDE_TEST_DEPENDS="true"
+echo "Installing test only dependencies from rubygems.org..."
+cp ${SOURCE_TREE}/debian/Gemfile.autopkgtest .
+BUNDLE_GEMFILE=Gemfile.autopkgtest bundle install
+su gitlab -c "bundle install --local"
+su gitlab -c "mkdir -p tmp/tests/gitlab-shell"
+export dbname=gitlab_test
+su postgres -c "createdb $dbname"
+# enable the pg_trgm extension
+su postgres -c "psql -d $dbname -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\"" || {
+  exit 1
+  }
+su gitlab -c "bundle exec rake db:migrate"
+su gitlab -c "bundle exec rake -f ${SOURCE_TREE}/debian/tests/spec.rake"
+#config 2/2 failed, controllers many failed

debian/tests/spec.rake

@@ -0,0 +1,41 @@
+require 'gem2deb/rake/spectask'
+
+Gem2Deb::Rake::RSpecTask.new do |spec|
+# directories without any spec.rb files: support, features, fixtures
+# TODO: enable javascript tests
+	spec.pattern = FileList[
+'spec/config/**/*_spec.rb',
+'spec/controllers/*_spec.rb',
+'spec/factories_spec.rb',
+'spec/finders/**/*_spec.rb',
+'spec/helpers/*_spec.rb',
+'spec/initializers/*_spec.rb',
+'spec/lib/**/*_spec.rb',
+'spec/routing/**/*_spec.rb',
+'spec/services/**/*_spec.rb',
+'spec/tasks/**/*_spec.rb',
+'spec/uploaders/*_spec.rb',
+'spec/views/**/*_spec.rb',
+'spec/workers/**/*_spec.rb',
+] - FileList[
+'spec/services/git_push_service_spec.rb',
+'spec/services/create_deployment_service_spec.rb',
+'spec/services/ci/image_for_build_service_spec.rb',
+'spec/services/ci/process_pipeline_service_spec.rb',
+'spec/services/ci/send_pipeline_notification_service_spec.rb',
+'spec/services/merge_requests/merge_when_build_succeeds_service_spec.rb',
+'spec/services/system_note_service_spec.rb',
+'spec/controllers/registrations_controller_spec.rb',
+'spec/lib/gitlab/metrics/sampler_spec.rb',
+'spec/lib/banzai/filter/sanitization_filter_spec.rb',
+'spec/lib/gitlab/badge/build/status_spec.rb',
+'spec/lib/gitlab/database/migration_helpers_spec.rb',
+'spec/lib/gitlab/git/hook_spec.rb',
+'spec/lib/gitlab/saml/user_spec.rb',
+'spec/lib/gitlab/sherlock/line_profiler_spec.rb',
+'spec/lib/gitlab/upgrader_spec.rb',
+'spec/lib/gitlab/url_sanitizer_spec.rb',
+'spec/lib/gitlab/workhorse_spec.rb'
+]
+# https://gitlab.com/gitlab-org/gitlab-ce/issues/25174
+end

debian/tests/todo/config

@@ -0,0 +1 @@
+possible devise version issue https://gitlab.com/gitlab-org/gitlab-ce/issues/22291

debian/tests/todo/controllers

@@ -0,0 +1 @@
+https://gitlab.com/gitlab-org/gitlab-ce/issues/22867

debian/tests/todo/helpers

@@ -0,0 +1,233 @@
+$ DB=postgres sudo -u gitlab -E -H bundle exec rspec spec/helpers/
+Error deleting useless .secret file: Permission denied @ unlink_internal - /usr/share/gitlab/.secret
+DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
+Please register a mime type using `register_mime_type` then
+use `register_compressor` or `register_transformer`.
+https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
+ (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:57)
+DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
+Please register a mime type using `register_mime_type` then
+use `register_compressor` or `register_transformer`.
+https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
+ (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:58)
+......FF....................................................................................................F...............................................................................................................F.FF.FF.FF.......................FF.......................................................
+
+Failures:
+
+  1) ApplicationHelper project_icon returns an url for the avatar
+     Failure/Error:
+       expect(helper.project_icon("#{project.namespace.to_param}/#{project.to_param}").to_s).
+         to eq "<img src=\"#{avatar_url}\" alt=\"Banana sample\" />"
+
+       expected: "<img src=\"http://localhost/uploads/project/avatar/1/banana_sample.gif\" alt=\"Banana sample\" />"
+            got: "<img src=\"http://nishumbha/uploads/project/avatar/1/banana_sample.gif\" alt=\"Banana sample\" />"
+
+       (compared using ==)
+     # ./spec/helpers/application_helper_spec.rb:61:in `block (3 levels) in <top (required)>'
+
+  2) ApplicationHelper project_icon gives uploaded icon when present
+     Failure/Error:
+       expect(helper.project_icon("#{project.namespace.to_param}/#{project.to_param}").to_s).to match(
+         image_tag(avatar_url))
+
+       expected "<img src=\"http://nishumbha/namespace2/gitlabhq/avatar\" alt=\"Avatar\" />" to match "<img src=\"http://localhost/namespace2/gitlabhq/avatar\" alt=\"Avatar\" />"
+     # ./spec/helpers/application_helper_spec.rb:71:in `block (3 levels) in <top (required)>'
+
+  3) GitlabMarkdownHelper#link_to_gfm replaces commit message with emoji to link
+     Failure/Error:
+       expect(actual).
+         to eq %Q(<img class="emoji" title=":book:" alt=":book:" src="http://localhost/assets/1F4D6.png" height="20" width="20" align="absmiddle"><a href="/foo">Book</a>)
+
+       expected: "<img class=\"emoji\" title=\":book:\" alt=\":book:\" src=\"http://localhost/assets/1F4D6.png\" height=\"20\" width=\"20\" align=\"absmiddle\"><a href=\"/foo\">Book</a>"
+            got: "<img class=\"emoji\" title=\":book:\" alt=\":book:\" src=\"http://nishumbha/assets/1F4D6-9d912a9d1bb10dc7f2645b345ed09e90461e83df0de275acb806f1f75cef1fcf.png\" height=\"20\" width=\"20\" align=\"absmiddle\"><a href=\"/foo\">Book</a>"
+
+       (compared using ==)
+     # ./spec/helpers/gitlab_markdown_helper_spec.rb:115:in `block (3 levels) in <top (required)>'
+
+  4) PageLayoutHelper page_image defaults to the GitLab logo
+     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+     # ./spec/helpers/page_layout_helper_spec.rb:45:in `block (3 levels) in <top (required)>'
+
+  5) PageLayoutHelper page_image with @project assigned falls back to the default when avatar_url is nil
+     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+     # ./spec/helpers/page_layout_helper_spec.rb:61:in `block (5 levels) in <top (required)>'
+
+  6) PageLayoutHelper page_image with no assignments falls back to the default
+     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+     # ./spec/helpers/page_layout_helper_spec.rb:67:in `block (5 levels) in <top (required)>'
+
+  7) PageLayoutHelper page_image with @user assigned falls back to the default when avatar_url is nil
+     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+     # ./spec/helpers/page_layout_helper_spec.rb:61:in `block (5 levels) in <top (required)>'
+
+  8) PageLayoutHelper page_image with no assignments falls back to the default
+     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+     # ./spec/helpers/page_layout_helper_spec.rb:67:in `block (5 levels) in <top (required)>'
+
+  9) PageLayoutHelper page_image with @group assigned falls back to the default when avatar_url is nil
+     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+     # ./spec/helpers/page_layout_helper_spec.rb:61:in `block (5 levels) in <top (required)>'
+
+  10) PageLayoutHelper page_image with no assignments falls back to the default
+      Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+        expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+      # ./spec/helpers/page_layout_helper_spec.rb:67:in `block (5 levels) in <top (required)>'
+
+  11) ProjectsHelper#license_short_name when project.repository has a license_key returns the nickname of the license if present
+      Failure/Error: license.nickname || license.name
+
+      Licensee::InvalidLicense:
+        'agpl-3.0' is not a valid license key
+      # ./app/helpers/projects_helper.rb:116:in `license_short_name'
+      # ./spec/helpers/projects_helper_spec.rb:106:in `block (4 levels) in <top (required)>'
+
+  12) ProjectsHelper#license_short_name when project.repository has a license_key returns the name of the license if nickname is not present
+      Failure/Error: license.nickname || license.name
+
+      Licensee::InvalidLicense:
+        'mit' is not a valid license key
+      # ./app/helpers/projects_helper.rb:116:in `license_short_name'
+      # ./spec/helpers/projects_helper_spec.rb:112:in `block (4 levels) in <top (required)>'
+
+Finished in 1 minute 41.2 seconds (files took 9.4 seconds to load)
+310 examples, 12 failures
+
+Failed examples:
+
+rspec ./spec/helpers/application_helper_spec.rb:57 # ApplicationHelper project_icon returns an url for the avatar
+rspec ./spec/helpers/application_helper_spec.rb:65 # ApplicationHelper project_icon gives uploaded icon when present
+rspec ./spec/helpers/gitlab_markdown_helper_spec.rb:113 # GitlabMarkdownHelper#link_to_gfm replaces commit message with emoji to link
+rspec ./spec/helpers/page_layout_helper_spec.rb:44 # PageLayoutHelper page_image defaults to the GitLab logo
+rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:2:2] # PageLayoutHelper page_image with @project assigned falls back to the default when avatar_url is nil
+rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:3:1] # PageLayoutHelper page_image with no assignments falls back to the default
+rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:4:2] # PageLayoutHelper page_image with @user assigned falls back to the default when avatar_url is nil
+rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:5:1] # PageLayoutHelper page_image with no assignments falls back to the default
+rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:6:2] # PageLayoutHelper page_image with @group assigned falls back to the default when avatar_url is nil
+rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:7:1] # PageLayoutHelper page_image with no assignments falls back to the default
+rspec ./spec/helpers/projects_helper_spec.rb:103 # ProjectsHelper#license_short_name when project.repository has a license_key returns the nickname of the license if present
+rspec ./spec/helpers/projects_helper_spec.rb:109 # ProjectsHelper#license_short_name when project.repository has a license_key returns the name of the license if nickname is not present
+
+pravi@nishumbha:/usr/share/gitlab$ 
+$ DB=postgres sudo -u gitlab -E -H bundle exec rspec spec/helpers/
+Error deleting useless .secret file: Permission denied @ unlink_internal - /usr/share/gitlab/.secret
+DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
+Please register a mime type using `register_mime_type` then
+use `register_compressor` or `register_transformer`.
+https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
+ (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:57)
+DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
+Please register a mime type using `register_mime_type` then
+use `register_compressor` or `register_transformer`.
+https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
+ (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:58)
+......FF....................................................................................................F...............................................................................................................F.FF.FF.FF.......................FF.......................................................
+
+Failures:
+
+  1) ApplicationHelper project_icon returns an url for the avatar
+     Failure/Error:
+       expect(helper.project_icon("#{project.namespace.to_param}/#{project.to_param}").to_s).
+         to eq "<img src=\"#{avatar_url}\" alt=\"Banana sample\" />"
+
+       expected: "<img src=\"http://localhost/uploads/project/avatar/1/banana_sample.gif\" alt=\"Banana sample\" />"
+            got: "<img src=\"http://nishumbha/uploads/project/avatar/1/banana_sample.gif\" alt=\"Banana sample\" />"
+
+       (compared using ==)
+     # ./spec/helpers/application_helper_spec.rb:61:in `block (3 levels) in <top (required)>'
+
+  2) ApplicationHelper project_icon gives uploaded icon when present
+     Failure/Error:
+       expect(helper.project_icon("#{project.namespace.to_param}/#{project.to_param}").to_s).to match(
+         image_tag(avatar_url))
+
+       expected "<img src=\"http://nishumbha/namespace2/gitlabhq/avatar\" alt=\"Avatar\" />" to match "<img src=\"http://localhost/namespace2/gitlabhq/avatar\" alt=\"Avatar\" />"
+     # ./spec/helpers/application_helper_spec.rb:71:in `block (3 levels) in <top (required)>'
+
+  3) GitlabMarkdownHelper#link_to_gfm replaces commit message with emoji to link
+     Failure/Error:
+       expect(actual).
+         to eq %Q(<img class="emoji" title=":book:" alt=":book:" src="http://localhost/assets/1F4D6.png" height="20" width="20" align="absmiddle"><a href="/foo">Book</a>)
+
+       expected: "<img class=\"emoji\" title=\":book:\" alt=\":book:\" src=\"http://localhost/assets/1F4D6.png\" height=\"20\" width=\"20\" align=\"absmiddle\"><a href=\"/foo\">Book</a>"
+            got: "<img class=\"emoji\" title=\":book:\" alt=\":book:\" src=\"http://nishumbha/assets/1F4D6-9d912a9d1bb10dc7f2645b345ed09e90461e83df0de275acb806f1f75cef1fcf.png\" height=\"20\" width=\"20\" align=\"absmiddle\"><a href=\"/foo\">Book</a>"
+
+       (compared using ==)
+     # ./spec/helpers/gitlab_markdown_helper_spec.rb:115:in `block (3 levels) in <top (required)>'
+
+  4) PageLayoutHelper page_image defaults to the GitLab logo
+     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+     # ./spec/helpers/page_layout_helper_spec.rb:45:in `block (3 levels) in <top (required)>'
+
+  5) PageLayoutHelper page_image with @project assigned falls back to the default when avatar_url is nil
+     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+     # ./spec/helpers/page_layout_helper_spec.rb:61:in `block (5 levels) in <top (required)>'
+
+  6) PageLayoutHelper page_image with no assignments falls back to the default
+     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+     # ./spec/helpers/page_layout_helper_spec.rb:67:in `block (5 levels) in <top (required)>'
+
+  7) PageLayoutHelper page_image with @user assigned falls back to the default when avatar_url is nil
+     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+     # ./spec/helpers/page_layout_helper_spec.rb:61:in `block (5 levels) in <top (required)>'
+
+  8) PageLayoutHelper page_image with no assignments falls back to the default
+     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+     # ./spec/helpers/page_layout_helper_spec.rb:67:in `block (5 levels) in <top (required)>'
+
+  9) PageLayoutHelper page_image with @group assigned falls back to the default when avatar_url is nil
+     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+     # ./spec/helpers/page_layout_helper_spec.rb:61:in `block (5 levels) in <top (required)>'
+
+  10) PageLayoutHelper page_image with no assignments falls back to the default
+      Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
+        expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
+      # ./spec/helpers/page_layout_helper_spec.rb:67:in `block (5 levels) in <top (required)>'
+
+  11) ProjectsHelper#license_short_name when project.repository has a license_key returns the nickname of the license if present
+      Failure/Error: license.nickname || license.name
+
+      Licensee::InvalidLicense:
+        'agpl-3.0' is not a valid license key
+      # ./app/helpers/projects_helper.rb:116:in `license_short_name'
+      # ./spec/helpers/projects_helper_spec.rb:106:in `block (4 levels) in <top (required)>'
+
+  12) ProjectsHelper#license_short_name when project.repository has a license_key returns the name of the license if nickname is not present
+      Failure/Error: license.nickname || license.name
+
+      Licensee::InvalidLicense:
+        'mit' is not a valid license key
+      # ./app/helpers/projects_helper.rb:116:in `license_short_name'
+      # ./spec/helpers/projects_helper_spec.rb:112:in `block (4 levels) in <top (required)>'
+
+Finished in 1 minute 41.2 seconds (files took 9.4 seconds to load)
+310 examples, 12 failures
+
+Failed examples:
+
+rspec ./spec/helpers/application_helper_spec.rb:57 # ApplicationHelper project_icon returns an url for the avatar
+rspec ./spec/helpers/application_helper_spec.rb:65 # ApplicationHelper project_icon gives uploaded icon when present
+rspec ./spec/helpers/gitlab_markdown_helper_spec.rb:113 # GitlabMarkdownHelper#link_to_gfm replaces commit message with emoji to link
+rspec ./spec/helpers/page_layout_helper_spec.rb:44 # PageLayoutHelper page_image defaults to the GitLab logo
+rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:2:2] # PageLayoutHelper page_image with @project assigned falls back to the default when avatar_url is nil
+rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:3:1] # PageLayoutHelper page_image with no assignments falls back to the default
+rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:4:2] # PageLayoutHelper page_image with @user assigned falls back to the default when avatar_url is nil
+rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:5:1] # PageLayoutHelper page_image with no assignments falls back to the default
+rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:6:2] # PageLayoutHelper page_image with @group assigned falls back to the default when avatar_url is nil
+rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:7:1] # PageLayoutHelper page_image with no assignments falls back to the default
+rspec ./spec/helpers/projects_helper_spec.rb:103 # ProjectsHelper#license_short_name when project.repository has a license_key returns the nickname of the license if present
+rspec ./spec/helpers/projects_helper_spec.rb:109 # ProjectsHelper#license_short_name when project.repository has a license_key returns the name of the license if nickname is not present
+
+pravi@nishumbha:/usr/share/gitlab$ 
+

debian/tests/todo/initializers

@@ -0,0 +1,67 @@
+$ DB=postgres sudo -u gitlab -E -H bundle exec rspec spec/initializers/
+6_validations_spec.rb    settings_spec.rb         
+secret_token_spec.rb     trusted_proxies_spec.rb  
+pravi@nishumbha:/usr/share/gitlab$ DB=postgres sudo -u gitlab -E -H bundle exec rspec spec/initializers/
+[sudo] password for pravi: 
+Error deleting useless .secret file: Permission denied @ unlink_internal - /usr/share/gitlab/.secret
+DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
+Please register a mime type using `register_mime_type` then
+use `register_compressor` or `register_transformer`.
+https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
+ (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:57)
+DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
+Please register a mime type using `register_mime_type` then
+use `register_compressor` or `register_transformer`.
+https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
+ (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:58)
+Error deleting useless .secret file: Permission denied @ unlink_internal - /usr/share/gitlab/.secret
+..............F....FF.........
+
+Failures:
+
+  1) create_tokens setting secret_key_base and otp_key_base when the other secrets all exist when secret_key_base and otp_key_base do not exist uses the file secret
+     Failure/Error: expect(new_secrets['db_key_base']).to eq('db_key_base')
+
+       expected: "db_key_base"
+            got: nil
+
+       (compared using ==)
+     # ./spec/initializers/secret_token_spec.rb:136:in `block (6 levels) in <top (required)>'
+     # ./config/initializers/secret_token.rb:84:in `write_secrets_yml'
+     # ./config/initializers/secret_token.rb:31:in `create_tokens'
+     # ./spec/initializers/secret_token_spec.rb:139:in `block (5 levels) in <top (required)>'
+
+  2) create_tokens setting secret_key_base and otp_key_base when db_key_base is blank but exists in secrets.yml warns about the blank value existing in secrets.yml and exits
+     Failure/Error:
+       expect(self).to receive(:warn) do |warning|
+         expect(warning).to include('db_key_base')
+         expect(warning).to include('<%= an_erb_expression %>')
+       end
+
+       (#<RSpec::ExampleGroups::CreateTokens::SettingSecretKeyBaseAndOtpKeyBase::WhenDbKeyBaseIsBlankButExistsInSecretsYml:0x0000000ebe43b8>).warn(*(any args))
+           expected: 1 time with any arguments
+           received: 0 times with any arguments
+     # ./spec/initializers/secret_token_spec.rb:184:in `block (4 levels) in <top (required)>'
+
+  3) create_tokens setting secret_key_base and otp_key_base when db_key_base is blank but exists in secrets.yml does not update secrets.yml
+     Failure/Error: expect { create_tokens }.to raise_error(SystemExit)
+
+       expected SystemExit, got #<RSpec::Mocks::MockExpectationError: (File (class)).write("config/secrets.yml", "---\ntest:\n  otp_key_base: otp_key_base\n  secret_key_base: secret_key_base\n  db_key_base: \"<%= an_erb_expression %>\"\nproduction:\n  db_key_base: c0ee30ba71733e9d3524f8ab03e0018524bc7a67cb5fce8847b3071758c333de28cd847b2fc7f9a476ddbf92ce52c2d38015e1e91a1ae272fc08c4198035d2e4\n", {:mode=>"w", :perm=>384})
+           expected: 0 times with any arguments
+           received: 1 time with arguments: ("config/secrets.yml", "---\ntest:\n  otp_key_base: otp_key_base\n  secret_key_base: secret_key_base\n  db_key_base: \"<%= an_erb_expression %>\"\nproduction:\n  db_key_base: c0ee30ba71733e9d3524f8ab03e0018524bc7a67cb5fce8847b3071758c333de28cd847b2fc7f9a476ddbf92ce52c2d38015e1e91a1ae272fc08c4198035d2e4\n", {:mode=>"w", :perm=>384})> with backtrace:
+         # ./config/initializers/secret_token.rb:84:in `write_secrets_yml'
+         # ./config/initializers/secret_token.rb:31:in `create_tokens'
+         # ./spec/initializers/secret_token_spec.rb:196:in `block (5 levels) in <top (required)>'
+         # ./spec/initializers/secret_token_spec.rb:196:in `block (4 levels) in <top (required)>'
+     # ./spec/initializers/secret_token_spec.rb:196:in `block (4 levels) in <top (required)>'
+
+Finished in 23.38 seconds (files took 8.94 seconds to load)
+30 examples, 3 failures
+
+Failed examples:
+
+rspec ./spec/initializers/secret_token_spec.rb:130 # create_tokens setting secret_key_base and otp_key_base when the other secrets all exist when secret_key_base and otp_key_base do not exist uses the file secret
+rspec ./spec/initializers/secret_token_spec.rb:183 # create_tokens setting secret_key_base and otp_key_base when db_key_base is blank but exists in secrets.yml warns about the blank value existing in secrets.yml and exits
+rspec ./spec/initializers/secret_token_spec.rb:192 # create_tokens setting secret_key_base and otp_key_base when db_key_base is blank but exists in secrets.yml does not update secrets.yml
+
+

debian/tests/todo/lib/ci

@@ -0,0 +1 @@
+spec/lib/banzai/ https://gitlab.com/gitlab-org/gitlab-ce/issues/22289

debian/tests/todo/lib/container_registry

@@ -0,0 +1,36 @@
+$ sudo -u gitlab -E -H bundle exec rspec spec/lib/container_registry/
+Error deleting useless .secret file: Permission denied @ unlink_internal - /usr/share/gitlab/.secret
+DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
+Please register a mime type using `register_mime_type` then
+use `register_compressor` or `register_transformer`.
+https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
+ (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:57)
+DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
+Please register a mime type using `register_mime_type` then
+use `register_compressor` or `register_transformer`.
+https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
+ (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:58)
+...........F...............................
+
+Failures:
+
+  1) ContainerRegistry::Blob#data when externally stored for invalid file should raise ArgumentError with "invalid address"
+     Failure/Error: it { expect{ subject }.to raise_error(ArgumentError, 'invalid address') }
+
+       expected ArgumentError with "invalid address", got #<NoMethodError: undefined method `request_uri' for #<URI::Generic file:/etc/passwd>> with backtrace:
+         # ./lib/container_registry/client.rb:79:in `redirect_response'
+         # ./lib/container_registry/client.rb:69:in `response_body'
+         # ./lib/container_registry/client.rb:37:in `blob'
+         # ./lib/container_registry/blob.rb:45:in `data'
+         # ./spec/lib/container_registry/blob_spec.rb:66:in `block (3 levels) in <top (required)>'
+         # ./spec/lib/container_registry/blob_spec.rb:107:in `block (6 levels) in <top (required)>'
+         # ./spec/lib/container_registry/blob_spec.rb:107:in `block (5 levels) in <top (required)>'
+     # ./spec/lib/container_registry/blob_spec.rb:107:in `block (5 levels) in <top (required)>'
+
+Finished in 20.94 seconds (files took 8.65 seconds to load)
+43 examples, 1 failure
+
+Failed examples:
+
+rspec ./spec/lib/container_registry/blob_spec.rb:107 # ContainerRegistry::Blob#data when externally stored for invalid file should raise ArgumentError with "invalid address"
+

debian/tests/todo/models

@@ -0,0 +1 @@
+https://gitlab.com/gitlab-org/gitlab-ce/issues/22290

debian/upstream-file-count-check.sh

@@ -0,0 +1,14 @@
+# set -x # use this for debugging
+
+ucount=$(ls -1a |grep -vx .git | wc -l)
+dcount=$(cat debian/gitlab.install |cut -d' ' -f1|grep -v debian |wc -l)
+ignored=32
+if ! [ $(echo "$ucount" - "$dcount"|bc) -eq $ignored ]; then
+  echo "Found new files added by upstream and not added to debian/install"
+  echo "Add them to debian/gitlab.install or adjust 'ignored=${ignored}'"
+  echo "in debian/upstream-file-count-check.sh as required and update"
+  echo "debian/upstream-file-list"
+  ls -1a |grep -vx .git > debian/upstream-file-list.new
+  diff -u debian/upstream-file-list debian/upstream-file-list.new
+  exit 1
+fi

debian/upstream-file-list

@@ -0,0 +1,71 @@
+.
+..
+app
+.babelrc.js
+bin
+builds
+CHANGELOG.md
+changelogs
+.codeclimate.yml
+config
+config.ru
+CONTRIBUTING.md
+.csscomb.json
+danger
+Dangerfile
+db
+debian
+doc
+docker
+docker-compose.yml
+.eslintignore
+.eslintrc.yml
+fixtures
+.foreman
+Gemfile
+Gemfile.lock
+Gemfile.rails5
+Gemfile.rails5.lock
+generator_templates
+GITALY_SERVER_VERSION
+.gitattributes
+.github
+.gitignore
+.gitlab
+.gitlab-ci.yml
+GITLAB_PAGES_VERSION
+GITLAB_SHELL_VERSION
+GITLAB_WORKHORSE_VERSION
+.haml-lint.yml
+INSTALLATION_TYPE
+lib
+LICENSE
+locale
+log
+.mailmap
+MAINTENANCE.md
+.nvmrc
+package.json
+.pkgr.yml
+plugins
+.prettierignore
+.prettierrc
+PROCESS.md
+Procfile
+public
+qa
+Rakefile
+README.md
+rubocop
+.rubocop_todo.yml
+.rubocop.yml
+.ruby-version
+scripts
+.scss-lint.yml
+shared
+spec
+symbol
+tmp
+vendor
+VERSION
+yarn.lock

debian/watch

@@ -0,0 +1,8 @@
+version=4
+opts="\
+repacksuffix=+dfsg,\
+repack,compression=xz,\
+uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha|b|a)\d*)$/$1~$2/,\
+filenamemangle=s/.*v(.*)\/.*/gitlab-$1.tar.bz2/,\
+dversionmangle=s/(\d)[\+]?(debian|dfsg|ds|deb|gh)\d*(\~)*(rc)*(\d)*$/$1$3$4$5/ \
+" https://gitlab.com/gitlab-org/gitlab-ce/tags .*/gitlab-ce-v(\d[\d.]*)\.tar\.bz2