feat: update to 16.0.8

Update upstream source from tag 'upstream/16.0.8+ds1'
Update to upstream version '16.0.8+ds1' with Debian dir b0ac18f713
2023-09-09 12:37:22 +00:00 · 2023-09-09 12:35:44 +00:00 · 2023-09-09 11:40:26 +00:00 · 2023-09-09 11:38:58 +00:00 · 2023-09-09 11:38:58 +00:00 · 2023-07-11 23:39:55 +05:30
94 changed files with 14228 additions and 0 deletions
--- a/debian/.gitattributes
+++ b/debian/.gitattributes
@ -0,0 +1,3 @@
 .gitattributes export-ignore
 gbp.conf export-ignore
 salsa-ci.yml export-ignore
--- a/debian/.gitlab-ci.yml
+++ b/debian/.gitlab-ci.yml
@ -0,0 +1,47 @@
 ---
 # https://docs.gitlab.com/ce/ci/yaml/#include
 include:
  - remote: https://salsa.debian.org/onlyjob/ci/raw/master/onlyjob-ci.yml
 ## "amd64-unstable+lintian" job always runs by default (except on
 ## "buster-backports" branches).
 ## Only for arch:all packages:
 binary-indep:
  extends: .build-indep
 ## Job to check Build-Depends versioning:
 amd64-testing_unstable:
  extends: .build
  except:
    - buster-backports
    - tags
  variables:
    arch: amd64
    dist: testing_unstable
 i386-unstable:
  extends: .build
  except:
    - buster-backports
    - tags
  variables:
    arch: i386
    dist: unstable
 amd64-experimental:
  extends: .build
  except:
    - buster-backports
    - tags
  variables:
    arch: amd64
    dist: experimental
 amd64-stable:
  extends: .build
  when: manual
  allow_failure: true
  variables:
    arch: amd64
    dist: stable
--- a/debian/Gemfile.autopkgtest
+++ b/debian/Gemfile.autopkgtest
@ -0,0 +1,88 @@
 # --- Special code for migrating to Rails 5.0 ---
 def rails5?
  %w[1 true].include?(ENV["RAILS5"])
 end
 gem_versions = {}
 gem_versions['activerecord_sane_schema_dumper'] = rails5? ? '1.0'      : '0.2'
 gem_versions['default_value_for']               = rails5? ? '~> 3.0.5' : '~> 3.0'
 gem_versions['rails']                           = rails5? ? '5.0.7'    : '4.2.10'
 gem_versions['rails-i18n']                      = rails5? ? '~> 5.1'   : '~> 4.0.9'
 # --- The end of special code for migrating to Rails 5.0 ---
 source 'https://rubygems.org'
 gem 'rails', gem_versions['rails']
 # Use packaged native gems
 gem 'rake', '12.3.1'
 gem 'rails-dom-testing', '1.0.6'
 gem 'nokogiri', '1.8.4'
 gem 'pg', '~> 0.19.0'
 gem 'rack', '~> 1.6.4'
 gem 'sprockets-rails', '~> 2.3.2'
 if ENV["INCLUDE_TEST_DEPENDS"] == "true"
  gem 'bootsnap', '~> 1.3'
  gem 'pry-byebug', '~> 3.4.1', platform: :mri
  gem 'pry-rails', '~> 0.3.4'
  gem 'awesome_print', require: false
  gem 'fuubar', '~> 2.2.0'
  gem 'database_cleaner', '~> 1.5.0'
  gem 'factory_bot_rails', '~> 4.8.2'
  gem 'rspec-rails', '~> 3.7' # Use packaged version
  gem 'rspec-retry', '~> 0.4.5'
  gem 'rspec_profiling', '~> 0.0.5'
  gem 'rspec-set', '~> 0.1.3'
  gem 'rspec-parameterized', require: false
  # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
  gem 'minitest', '~> 5.7.0'
  # Generate Fake data
  gem 'ffaker', '~> 2.4'
  gem 'capybara', '~> 2.15'
  gem 'capybara-screenshot', '~> 1.0.0'
  gem 'selenium-webdriver', '~> 3.12'
  gem 'spring', '~> 2.0.0'
  gem 'spring-commands-rspec', '~> 1.0.4'
  gem 'gitlab-styles', '~> 2.4', require: false
  # Pin these dependencies, otherwise a new rule could break the CI pipelines
  gem 'rubocop', '~> 0.54.0'
  gem 'rubocop-rspec', '~> 1.22.1'
  gem 'scss_lint', '~> 0.56.0', require: false
  gem 'haml_lint', '~> 0.26.0', require: false
  gem 'simplecov', '~> 0.14.0', require: false
  gem 'bundler-audit', '~> 0.5.0', require: false
  gem 'benchmark-ips', '~> 2.3.0', require: false
  gem 'license_finder', '~> 5.4', require: false
  gem 'knapsack', '~> 1.16'
  gem 'activerecord_sane_schema_dumper', gem_versions['activerecord_sane_schema_dumper']
  gem 'stackprof', '~> 0.2.10', require: false
  gem 'simple_po_parser', '~> 1.1.2', require: false
  gem 'timecop', '~> 0.8.0'
 #end
 #group :test do
  gem 'shoulda-matchers', '~> 3.1.2', require: false
  gem 'email_spec', '~> 2.2.0'
  gem 'json-schema', '~> 2.8.0'
  gem 'webmock', '>= 2.3.2'
  gem 'rails-controller-testing' if rails5? # Rails5 only gem.
  gem 'test_after_commit', '~> 1.1' unless rails5? # Remove this gem when migrated to rails 5.0. It's been integrated to rails 5.0.
  gem 'sham_rack', '~> 1.3.6'
  gem 'concurrent-ruby', '~> 1.0.5'
  gem 'test-prof', '~> 0.2.5'
  gem 'rspec_junit_formatter'
 end
--- a/debian/README.Debian
+++ b/debian/README.Debian
@ -0,0 +1,161 @@
 Debian specific changes in gitlab
 =================================
 1. Redis connection: redis-server package in debian follows upstream default
 and listens on tcp port 6379. So gitlab package in debian is configured to use
 tcp sockets. gitlab developers recommend using unix sockets. You can change to
 using unix sockets by changing the following configuration files.
 /etc/redis/redis.conf, /etc/gitlab/resque.yml, and /etc/gitlab/cable.yml
 2. wiki backend: debian package uses gollum-rugged_adapter whereas gitlab
 upstream still use gollum-grit_adapter. grit is no longer maintained and grit
 developers recommend switching to rugged. gollum-lib developers have announced
 their intention to switch to rugged_adapter by default and this is in progress.
 3. default paths: debian package has changed some default values for paths
 which you can see at /etc/gitlab/gitlab-debian.conf
 4. database: gitlab package configures postgresql database with peer
 authentication.
 5. gem versions: some gem dependency requirements are relaxed to work with
 their packaged version in debian.
 You can find the list of gems required by gitlab and their corresponding
 package versions in debian at
 http://debian.fosscommunity.in/status/?appname=gitlab&sort=satisfied
 6. vendored js files: some embedded javascript files in
 vendor/assets/javascripts are replaced by their packaged version.
 7. root directory of rails is read only (/usr/share/gitlab); following symbolic
 links are added to enable write access to gitlab app
 > config -> /etc/gitlab
 > Gemfile.lock -> /var/lib/gitlab/Gemfile.lock
 > log -> /var/log/gitlab
 > builds -> /var/log/gitlab/builds
 > tmp -> /run/gitlab
 > /run/gitlab/cache -> var/lib/gitlab/cache
 > public -> /var/lib/gitlab/public
 > shared -> /var/lib/gitlab/shared
 > db -> /var/lib/gitlab/db
 > /usr/share/gitlab/.secret -> /var/lib/gitlab/.secret
 8. ssl certificates: This package tries to use letsencrypt package to obtain
 ssl certificates, if it is installed (via Recommends). If letsencrypt is not
 required, you can copy ssl certificate and key to /etc/gitlab/ssl as gitlab.crt
 and gitlab.key. If letsencrypt option is selected, symbolic links are added for
 certificates obtained using letsencrypt to /etc/gitlab/ssl.
 9. exim compatibility issue: If you use exim as your mta, then see
 https://github.com/gitlabhq/gitlabhq/issues/4866#issuecomment-145784636
 Useful diagnostics
 ==================
 Upstream documentation will instruct to run commands like the following:
    $ sudo -u gitlab -H bundle exec rake XXX RAILS_ENV=production
 Where XXX is something like "db:migrate", "gitlab:check" or "gitlab:env:info".
 In Debian, the rake command has to be called by the gitlab user from app home
 directory /usr/share/gitlab and with the environment variables from
 /etc/gitlab/gitlab-debian.conf set. So above command could be run like:
    $ runuser -u gitlab -- sh -c 'cd /usr/share/gitlab && . /etc/gitlab/gitlab-debian.conf && export DB RAILS_ENV && bundle exec rake XXX RAILS_ENV=production'
 One useful command to run in this environment is:
    $ bundle exec rake gitlab:check RAILS_ENV=production
 Which will output helpful diagnostics about the state of your system including
 how to fix possible problems. Another one is:
    $ bundle exec rake gitlab:env:info RAILS_ENV=production
 To see service status with systemd, you can use:
    $ systemctl status gitlab.service -l
    $ systemctl status gitlab-unicorn.service -l
    $ systemctl status gitlab-sidekiq.service -l
    $ systemctl status gitlab-workhorse.service -l
    $ journalctl -xn
 It is advised to attach the output of above commands to bugreports.
 Migrating from non-Debian gitlab
 ================================
 0. Backup everything you don't want to loose like:
      - the postgresql database used by your gitlab instance
      - the repositories/ directory
      - the public/uploads/ directory
      - your .ssh/authorized_keys
 1. Remove the init script for your old gitlab installation, like:
      $ rm /etc/init.d/gitlab
 2. Install Debian gitlab:
      $ apt-get install gitlab
 3. Stop gitlab services:
      $ systemctl stop gitlab.service
 4. Rename your old database to gitlab_production and set the user gitlab as
    its owner and the owner of all its tables, sequences and views
      $ su - postgres
      $ psql
      # drop database gitlab_production;
      # alter database gitlabhq_production rename to gitlab_production;
      # alter database gitlab_production owner to gitlab;
      # \q
      $ for tbl in `psql -qAt -c "select tablename from pg_tables where schemaname = 'public';" gitlab_production` ; do  psql -c "alter table \"$tbl\" owner to gitlab" gitlab_production ; done
      $ for tbl in `psql -qAt -c "select sequence_name from information_schema.sequences where sequence_schema = 'public';" gitlab_production` ; do  psql -c "alter table \"$tbl\" owner to gitlab" gitlab_production ; done
 5. Copy your old repository directory to /var/lib/gitlab/repositories/
 6. Copy your old public/uploads/ directory to /var/lib/gitlab/public/uploads/
 7. Copy your old .ssh/authorized_keys to /var/lib/gitlab/.ssh/authorized_keys
 8. Fix your /var/lib/gitlab/.ssh/authorized_keys to contain the right path to gitlab-shell like:
      $ sed -i 's/^command="[^ ]\+gitlab-shell /command="\/usr\/share\/gitlab-shell\/bin\/gitlab-shell /' /usr/share/gitlab/.ssh/authorized_keys
 9. Fix permission:
      $ chown -R gitlab:gitlab /var/lib/gitlab/repositories/ /var/lib/gitlab/public/uploads/ /var/lib/gitlab/.ssh/authorized_keys
      $ chmod -R ug+rwX,o-rwx /var/lib/gitlab/repositories/
      $ find /var/lib/gitlab/public/uploads -type f -exec chmod 0644 {} \;
      $ find /var/lib/gitlab/public/uploads -type d -not -path /var/lib/gitlab/public/uploads -exec chmod 0700 {} \;
 10. Migrate the database:
      $ runuser -u gitlab -- sh -c 'cd /usr/share/gitlab && . /etc/gitlab/gitlab-debian.conf && export DB RAILS_ENV && bundle exec rake db:migrate RAILS_ENV=production'
 11. Fix hooks:
      # su gitlab
      $ /usr/share/gitlab-shell/bin/create-hooks
 12. Start gitlab:
       $ systemctl start gitlab.service
 13. Check the installation:
      $ runuser -u gitlab -- sh -c 'cd /usr/share/gitlab && . /etc/gitlab/gitlab-debian.conf && export DB RAILS_ENV && bundle exec rake gitlab:check RAILS_ENV=production'
 Resetting admin password without web interface
 ==============================================
 The steps involve dropping into rails console as gitlab user for production environment and then resetting the admin password via the user object.
    $ gitlab-rails-console
    irb(main):001:0> user = User.where(admin: true).first
    irb(main):002:0> user.password = 'secret_pass'
    irb(main):003:0> user.password_confirmation = 'secret_pass'
    irb(main):004:0> user.save!
 Activating a newly registered user
 ======================================
 The steps involve dropping into rails console as gitlab user for production environment and running the following commands.
    $ gitlab-rails-console
    irb(main):001:0> user = User.find_by(email: 'useraddress@domain')
    irb(main):004:0> user.state='active'
    irb(main):005:0> user.save
 Granting an existing user admin access
 ======================================
 The steps involve dropping into rails console as gitlab user for production environment and running the following commands.
    $ gitlab-rails-console
    irb(main):001:0> user = User.find_by(email: 'useraddress@domain')
    irb(main):003:0> user.admin=true
    irb(main):004:0> user.state='active'
    irb(main):005:0> user.save
 Latest information regarding supported versions
 ===============================================
 Subscribe to https://wiki.debian.org/gitlab to get updates about new package
 versions in unofficial repositories.
--- a/debian/README.source
+++ b/debian/README.source
@ -0,0 +1,14 @@
 Git Branches and meanings:
 master		:always current development, now 9.x in contrib, using npm
 syslibs		:now 9.x in main, needs packages in NEW
 master-8	:created to continue working on gitlab 8.x when master moved
 to 9 (since 9.x upload in unstable, this branch is not relevant)
 stretch-updates	:now 8.x in main, security updates for stretch
 Create master-10 till 10.x is ready for unstable. Security updates should be
 in stretch-updates branch or in temporary branches created from it.
 certain go dependencies of gitlab-workhorse is not yet packaged.So you'll have
 to rename the previous workhorse orig tar when importing a new verision of gitlab
--- a/debian/changelog
+++ b/debian/changelog
--- a/debian/check-ruby-syntax.sh
+++ b/debian/check-ruby-syntax.sh
@ -0,0 +1,4 @@
 # For whole tree
 find . -name \*.rb -exec ruby -wc {} \; 2>&1 | grep error
 # For changed files
 for i in `git diff --name-only debian/13.1.1-1 HEAD | grep \.rb\$`; do ruby -wc $i; done
--- a/debian/clean
+++ b/debian/clean
@ -0,0 +1,48 @@
 ## Debian CI:
 debian/.gitlab-ci.yml
 # Build directory
 _build/
 # We don't need lint tasks
 lib/tasks/haml-lint.rake
 lib/tasks/rubocop.rake
 lib/tasks/scss-lint.rake
 debian/upstream-file-list.new
 debian/upstream-config-file-list.new
 # We have rails > 6.0.2
 config/initializers/active_record_fix_insert_all.rb
 # We have sidekiq 6
 config/initializers/mailer_retries.rb
 # We have puma 5.2.2
 config/initializers/puma_client_tempfile_patch.rb
 # For workhorse
 ## Failing tests that require test data from the Internet:
 workhorse/main_test.go
 workhorse/authorization_test.go
 workhorse/channel_test.go
 workhorse/gitaly_integration_test.go
 workhorse/gitaly_test.go
 workhorse/jobs_test.go
 workhorse/sendfile_test.go
 workhorse/upload_test.go
 workhorse/internal/upload/*_test.go
 workhorse/internal/objectstore/*_test.go
 workhorse/internal/redis/*_test.go
 ## Need definitions from excluded test files
 workhorse/cable_test.go
 ## Need github.com/johannesboyne/gofakes3/backend/s3mem
 workhorse/internal/objectstore/s3_object_test.go
 workhorse/internal/objectstore/test/s3_stub.go
 workhorse/internal/filestore/file_handler_test.go
 workhorse/internal/upload/destination/objectstore/test/s3_stub.go
 workhorse/internal/upload/destination/objectstore/s3_object_test.go
 workhorse/internal/upload/destination/destination_test.go
 ## Failing tests
 workhorse/internal/gitaly/gitaly_test.go
 workhorse/internal/gitaly/unmarshal_test.go
--- a/debian/conf/cable.yml
+++ b/debian/conf/cable.yml
@ -0,0 +1,9 @@
 production:
  adapter: redis
  url: redis://localhost:6379
 development:
  adapter: redis
  url: redis://localhost:6379
 test:
  adapter: redis
  url: redis://localhost:6379
--- a/debian/conf/database.yml
+++ b/debian/conf/database.yml
@ -0,0 +1,51 @@
 #
 # PRODUCTION
 #
 production:
  main:
    adapter: postgresql
    host: /var/run/postgresql
    encoding: unicode
    database: gitlab_production
    pool: 10
    # username: git
    # password:
    # host: localhost
    # port: 5432
 #
 # Development specific
 #
 development:
  main:
    adapter: postgresql
    encoding: unicode
    database: gitlabhq_development
    pool: 5
    username: postgres
    password:
 #
 # Staging specific
 #
 staging:
  main:
    adapter: postgresql
    encoding: unicode
    database: gitlabhq_staging
    pool: 5
    username: postgres
    password:
 # Warning: The database defined as "test" will be erased and
 # re-generated from your development database when you run "rake".
 # Do not set this db to the same as development or production.
 test: &test
  main:
    adapter: postgresql
    encoding: unicode
    host: /var/run/postgresql
    database: gitlab_test
    pool: 5
    #username: postgres
    password:
--- a/debian/conf/gitlab
+++ b/debian/conf/gitlab
@ -0,0 +1,73 @@
 #! /bin/sh
 # Copy this lib/support/init.d/gitlab.default.example file to
 # /etc/default/gitlab in order for it to apply to your system.
 # RAILS_ENV defines the type of installation that is running.
 # Normal values are "production", "test" and "development".
 RAILS_ENV="production"
 # Read debian specific configuration
 . /etc/gitlab/gitlab-debian.conf
 . /etc/gitlab-common/gitlab-common.conf
 for i in $(grep -v '#' /etc/gitlab/gitlab-debian.conf | cut -d= -f 1)
 do
  export $i
 done
 # app_user defines the user that GitLab is run as.
 # The default is "git".
 export app_user=${gitlab_user}
 # app_root defines the folder in which gitlab and it's components are installed.
 # The default is "/home/$app_user/gitlab"
 app_root=${gitlab_app_root}
 # gitlab_log_dir is defined in /etc/gitlab/gitlab-debian.conf
 # pid_path defines a folder in which the gitlab and it's components place their pids.
 # This variable is also used below to define the relevant pids for the gitlab components.
 # The default is "$app_root/tmp/pids"
 pid_path="${gitlab_pid_path}"
 # socket_path defines the folder in which gitlab places the sockets
 #The default is "$app_root/tmp/sockets"
 socket_path="${gitlab_pid_path}"
 # web_server_pid_path defines the path in which to create the pid file fo the web_server
 # The default is "$pid_path/unicorn.pid"
 web_server_pid_path="$pid_path/unicorn.pid"
 # sidekiq_pid_path defines the path in which to create the pid file for sidekiq
 # The default is "$pid_path/sidekiq.pid"
 sidekiq_pid_path="$pid_path/sidekiq.pid"
 # sidekiq_logfile defines log file used by sidekiq
 sidekiq_logfile="${gitlab_log_dir}/sidekiq.log"
 gitlab_workhorse_pid_path="$pid_path/gitlab-workhorse.pid"
 # The -listenXxx settings determine where gitlab-workhorse
 # listens for connections from NGINX. To listen on localhost:8181, write
 # '-listenNetwork tcp -listenAddr localhost:8181'.
 # The -authBackend setting tells gitlab-workhorse where it can reach
 # Unicorn.
 gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8080"
 gitlab_workhorse_log="${gitlab_log_dir}/gitlab-workhorse.log"
 # mail_room_enabled specifies whether mail_room, which is used to process incoming email, is enabled.
 # This is required for the Reply by email feature.
 # The default is "false"
 mail_room_enabled=false
 # mail_room_pid_path defines the path in which to create the pid file for mail_room
 # The default is "$pid_path/mail_room.pid"
 mail_room_pid_path="$pid_path/mail_room.pid"
 # mail_room_logfile defines log file used by mailroom
 mail_room_logfile="${gitlab_log_dir}/mail_room.log"
 # shell_path defines the path of shell for "$app_user" in case you are using
 # shell other than "bash"
 # The default is "/bin/bash"
 shell_path="/bin/bash"
--- a/debian/conf/gitlab-debian.conf.example
+++ b/debian/conf/gitlab-debian.conf.example
@ -0,0 +1,12 @@
 # Variables with all small letters are debian specific
 # Variables with all caps are passed to gitlab app
 RAILS_ENV=production
 DB=postgres
 GEM_HOME=/var/lib/gitlab/.gem
 # This will be replaced by debian/rules at the time of build.
 GITLAB_DEBIAN_VERSION="__NEW_VERSION__"
 SALSA_TAG_URL="https://salsa.debian.org/ruby-team/gitlab/tags/debian/"
 gitlab_app_root=/usr/share/gitlab
 gitlab_data_dir=/var/lib/gitlab
 gitlab_pid_path=/run/gitlab
 gitlab_log_dir=/var/log/gitlab
--- a/debian/conf/gitlab.target
+++ b/debian/conf/gitlab.target
@ -0,0 +1,14 @@
 #####################################################
 #
 # GitLab version    : 5.x - 7.x
 # Contributors      : davispuh, mtorromeo, axilleas, boeserwolf91, Stefan Tatschner (rumpelsepp)
 # Downloaded from   : https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/init/systemd
 #
 ####################################################
 [Unit]
 Description=GitLab Service
 Requires=gitlab-puma.service gitlab-sidekiq.service gitlab-mailroom.service gitlab-workhorse.service
 [Install]
 WantedBy=multi-user.target
--- a/debian/conf/gitlab.yml.example
+++ b/debian/conf/gitlab.yml.example
@ -0,0 +1,744 @@
 # # # # # # # # # # # # # # # # # #
 # GitLab application config file  #
 # # # # # # # # # # # # # # # # # #
 #
 ###########################  NOTE  #####################################
 # This file should not receive new settings. All configuration options #
 # * are being moved to ApplicationSetting model!                       #
 # If a setting requires an application restart say so in that screen.  #
 # If you change this file in a Merge Request, please also create       #
 # a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests  #
 ########################################################################
 #
 #
 # How to use:
 # 1. Copy file as gitlab.yml
 # 2. Update gitlab -> host with your fully qualified domain name
 # 3. Update gitlab -> email_from
 # 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git
 #    IMPORTANT: If Git was installed in a different location use that instead.
 #    You can check with `which git`. If a wrong path of Git is specified, it will
 #     result in various issues such as failures of GitLab CI builds.
 # 5. Review this configuration file for other settings you may want to adjust
 # For Debian specific changes: See /usr/share/doc/README.Debian
 production: &base
  #
  # 1. GitLab app settings
  # ==========================
  ## GitLab settings
  gitlab:
    ## Web server settings (note: host is the FQDN, do not include http://)
    #host: localhost
    #port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
    https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
    # Uncommment this line below if your ssh host is different from HTTP/HTTPS one
    # (you'd obviously need to replace ssh.host_example.com with your own host).
    # Otherwise, ssh host will be set to the `host:` value above
    # ssh_host: ssh.host_example.com
    # Relative URL support
    # WARNING: We recommend using an FQDN to host GitLab in a root path instead
    # of using a relative URL.
    # Documentation: http://doc.gitlab.com/ce/install/relative_url.html
    # Uncomment and customize the following line to run in a non-root path
    #
    # relative_url_root: /gitlab
    # Trusted Proxies
    # Customize if you have GitLab behind a reverse proxy which is running on a different machine.
    # Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
    trusted_proxies:
      # Examples:
      #- 192.168.1.0/24
      #- 192.168.2.1
      #- 2001:0db8::/32
    # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
    user: git #gitlab_user (DON'T REMOVE THIS COMMENT)
    user_home: /var/lib/gitlab
    ## Date & Time settings
    # Uncomment and customize if you want to change the default time zone of GitLab application.
    # To see all available zones, run `bundle exec rake time:zones:all RAILS_ENV=production`
    # time_zone: 'UTC'
    ## Email settings
    # Uncomment and set to false if you need to disable email sending from GitLab (default: true)
    # email_enabled: true
    # Email address used in the "From" field in mails sent by GitLab
    # Using environmental variables from /etc/gitlab/gitlab-debian.conf
    # email_from: example@example.com
    # email_display_name: GitLab
    # email_reply_to: noreply@example.com
    # email_subject_suffix: ''
    # Email server smtp settings are in config/initializers/smtp_settings.rb.sample
    # default_can_create_group: false  # default: true
    # username_changing_enabled: false # default: true - User can change her username/namespace
    ## Automatic issue closing
    # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
    # This happens when the commit is pushed or merged into the default branch of a project.
    # When not specified the default issue_closing_pattern as specified below will be used.
    # Tip: you can test your closing pattern at http://rubular.com.
    # issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing))(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)'
    ## Default project features settings
    default_projects_features:
      issues: true
      merge_requests: true
      wiki: true
      snippets: true
      builds: true
      container_registry: true
    ## Webhook settings
    # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
    # webhook_timeout: 10
    ## Repository downloads directory
    # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
    # The default is 'shared/cache/archive/' relative to the root of the Rails app.
    # repository_downloads_path: shared/cache/archive/
  ## Reply by email
  # Allow users to comment on issues and merge requests by replying to notification emails.
  # For documentation on how to set this up, see http://doc.gitlab.com/ce/administration/reply_by_email.html
  incoming_email:
    enabled: false
    # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
    # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
    address: "gitlab-incoming+%{key}@gmail.com"
    # Email account username
    # With third party providers, this is usually the full email address.
    # With self-hosted email servers, this is usually the user part of the email address.
    user: "gitlab-incoming@gmail.com"
    # Email account password
    password: "[REDACTED]"
    # IMAP server host
    host: "imap.gmail.com"
    # IMAP server port
    port: 993
    # Whether the IMAP server uses SSL
    ssl: true
    # Whether the IMAP server uses StartTLS
    start_tls: false
    # The mailbox where incoming mail will end up. Usually "inbox".
    mailbox: "inbox"
    # The IDLE command timeout.
    idle_timeout: 60
  ## Build Artifacts
  artifacts:
    enabled: true
    # The location where build artifacts are stored (default: shared/artifacts).
    # path: shared/artifacts
  ## Git LFS
  lfs:
    enabled: true
    # The location where LFS objects are stored (default: shared/lfs-objects).
    # storage_path: shared/lfs-objects
  ## GitLab Pages
  pages:
    enabled: false
    # The location where pages are stored (default: shared/pages).
    # path: shared/pages
    # The domain under which the pages are served:
    # http://group.example.com/project
    # or project path can be a group page: group.example.com
    host: example.com
    port: 80 # Set to 443 if you serve the pages with HTTPS
    https: false # Set to true if you serve the pages with HTTPS
    # external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages
    # external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages
  ## Mattermost
  ## For enabling Add to Mattermost button
  mattermost:
    enabled: false
    host: 'https://mattermost.example.com'
  ## Gravatar
  ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
  gravatar:
    # gravatar urls: possible placeholders: %{hash} %{size} %{email} %{username}
    # plain_url: "http://..."     # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
    # ssl_url:   "https://..."    # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
  ## Auxiliary jobs
  # Periodically executed jobs, to self-heal Gitlab, do external synchronizations, etc.
  # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
  cron_jobs:
    # Flag stuck CI jobs as failed
    stuck_ci_jobs_worker:
      cron: "0 * * * *"
    # Execute scheduled triggers
    pipeline_schedule_worker:
      cron: "19 * * * *"
    # Remove expired build artifacts
    expire_build_artifacts_worker:
      cron: "50 * * * *"
    # Periodically run 'git fsck' on all repositories. If started more than
    # once per hour you will have concurrent 'git fsck' jobs.
    repository_check_worker:
      cron: "20 * * * *"
    # Send admin emails once a week
    admin_email_worker:
      cron: "0 0 * * 0"
    # Remove outdated repository archives
    repository_archive_cache_worker:
      cron: "0 * * * *"
  registry:
    # enabled: true
    # host: registry.example.com
    # port: 5005
    # api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API
    # key: config/registry.key
    # path: shared/registry
    # issuer: gitlab-issuer
  #
  # 2. GitLab CI settings
  # ==========================
  gitlab_ci:
    # Default project notifications settings:
    #
    # Send emails only on broken builds (default: true)
    # all_broken_builds: true
    #
    # Add pusher to recipients list (default: false)
    # add_pusher: true
    # The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root
    # builds_path: builds/
  #
  # 3. Auth settings
  # ==========================
  ## LDAP settings
  # You can test connections and inspect a sample of the LDAP users with login
  # access by running:
  #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
  ldap:
    enabled: false
    servers:
      ##########################################################################
      #
      # Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab
      # Enterprise Edition now supports connecting to multiple LDAP servers.
      #
      # If you are updating from the old (pre-7.4) syntax, you MUST give your
      # old server the ID 'main'.
      #
      ##########################################################################
      main: # 'main' is the GitLab 'provider ID' of this LDAP server
        ## label
        #
        # A human-friendly name for your LDAP server. It is OK to change the label later,
        # for instance if you find out it is too large to fit on the web page.
        #
        # Example: 'Paris' or 'Acme, Ltd.'
        label: 'LDAP'
        # Example: 'ldap.mydomain.com'
        host: '_your_ldap_server'
        # This port is an example, it is sometimes different but it is always an integer and not a string
        port: 389 # usually 636 for SSL
        uid: 'sAMAccountName' # This should be the attribute, not the value that maps to uid.
        # Examples: 'america\\momo' or 'CN=Gitlab Git,CN=Users,DC=mydomain,DC=com'
        bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
        password: '_the_password_of_the_bind_user'
        # Encryption method. The "method" key is deprecated in favor of
        # "encryption".
        #
        #   Examples: "start_tls" or "simple_tls" or "plain"
        #
        #   Deprecated values: "tls" was replaced with "start_tls" and "ssl" was
        #   replaced with "simple_tls".
        #
        encryption: 'plain'
        # Enables SSL certificate verification if encryption method is
        # "start_tls" or "simple_tls". (Defaults to false for backward-
        # compatibility)
        verify_certificates: false
        # Specifies the path to a file containing a PEM-format CA certificate,
        # e.g. if you need to use an internal CA.
        #
        #   Example: '/etc/ca.pem'
        #
        ca_file: ''
        # Specifies the SSL version for OpenSSL to use, if the OpenSSL default
        # is not appropriate.
        #
        #   Example: 'TLSv1_1'
        #
        ssl_version: ''
        # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
        # a request if the LDAP server becomes unresponsive.
        # A value of 0 means there is no timeout.
        timeout: 10
        # This setting specifies if LDAP server is Active Directory LDAP server.
        # For non AD servers it skips the AD specific queries.
        # If your LDAP server is not AD, set this to false.
        active_directory: true
        # If allow_username_or_email_login is enabled, GitLab will ignore everything
        # after the first '@' in the LDAP username submitted by the user on login.
        #
        # Example:
        # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
        # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
        #
        # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
        # disable this setting, because the userPrincipalName contains an '@'.
        allow_username_or_email_login: false
        # To maintain tight control over the number of active users on your GitLab installation,
        # enable this setting to keep new users blocked until they have been cleared by the admin
        # (default: false).
        block_auto_created_users: false
        # Base where we can search for users
        #
        #   Ex. 'ou=People,dc=gitlab,dc=example' or 'DC=mydomain,DC=com'
        #
        base: ''
        # Filter LDAP users
        #
        #   Format: RFC 4515 https://tools.ietf.org/search/rfc4515
        #   Ex. (employeeType=developer)
        #
        #   Note: GitLab does not support omniauth-ldap's custom filter syntax.
        #
        #   Example for getting only specific users:
        #   '(&(objectclass=user)(|(samaccountname=momo)(samaccountname=toto)))'
        #
        user_filter: ''
        # LDAP attributes that GitLab will use to create an account for the LDAP user.
        # The specified attribute can either be the attribute name as a string (e.g. 'mail'),
        # or an array of attribute names to try in order (e.g. ['mail', 'email']).
        # Note that the user's LDAP login will always be the attribute specified as `uid` above.
        attributes:
          # The username will be used in paths for the user's own projects
          # (like `gitlab.example.com/username/project`) and when mentioning
          # them in issues, merge request and comments (like `@username`).
          # If the attribute specified for `username` contains an email address,
          # the GitLab username will be the part of the email address before the '@'.
          username: ['uid', 'userid', 'sAMAccountName']
          email:    ['mail', 'email', 'userPrincipalName']
          # If no full name could be found at the attribute specified for `name`,
          # the full name is determined using the attributes specified for
          # `first_name` and `last_name`.
          name:       'cn'
          first_name: 'givenName'
          last_name:  'sn'
      # GitLab EE only: add more LDAP servers
      # Choose an ID made of a-z and 0-9 . This ID will be stored in the database
      # so that GitLab can remember which LDAP server a user belongs to.
      # uswest2:
      #   label:
      #   host:
      #   ....
  ## OmniAuth settings
  omniauth:
    # Allow login via Twitter, Google, etc. using OmniAuth providers
    enabled: false
    # Uncomment this to automatically sign in with a specific omniauth provider's without
    # showing GitLab's sign-in page (default: show the GitLab sign-in page)
    # auto_sign_in_with_provider: saml
    # Sync user's email address from the specified Omniauth provider every time the user logs
    # in (default: nil). And consequently make this field read-only.
    # sync_email_from_provider: cas3
    # CAUTION!
    # This allows users to login without having a user account first. Define the allowed providers
    # using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
    # User accounts will be created automatically when authentication was successful.
    allow_single_sign_on: ["saml"]
    # Locks down those users until they have been cleared by the admin (default: true).
    block_auto_created_users: true
    # Look up new users in LDAP servers. If a match is found (same uid), automatically
    # link the omniauth identity with the LDAP account. (default: false)
    auto_link_ldap_user: false
    # Allow users with existing accounts to login and auto link their account via SAML
    # login, without having to do a manual login first and manually add SAML
    # (default: false)
    auto_link_saml_user: false
    # Set different Omniauth providers as external so that all users creating accounts
    # via these providers will not be able to have access to internal projects. You
    # will need to use the full name of the provider, like `google_oauth2` for Google.
    # Refer to the examples below for the full names of the supported providers.
    # (default: [])
    external_providers: []
    ## Auth providers
    # Uncomment the following lines and fill in the data of the auth provider you want to use
    # If your favorite auth provider is not listed you can use others:
    # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
    # The 'app_id' and 'app_secret' parameters are always passed as the first two
    # arguments, followed by optional 'args' which can be either a hash or an array.
    # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
    providers:
      # See omniauth-cas3 for more configuration details
      # - { name: 'cas3',
      #     label: 'cas3',
      #     args: {
      #             url: 'https://sso.example.com',
      #             disable_ssl_verification: false,
      #             login_url: '/cas/login',
      #             service_validate_url: '/cas/p3/serviceValidate',
      #             logout_url: '/cas/logout'} }
      # - { name: 'authentiq',
      #     # for client credentials (client ID and secret), go to https://www.authentiq.com/developers
      #     app_id: 'YOUR_CLIENT_ID',
      #     app_secret: 'YOUR_CLIENT_SECRET',
      #     args: {
      #             scope: 'aq:name email~rs address aq:push'
      #             # callback_url parameter is optional except when 'gitlab.host' in this file is set to 'localhost'
      #             # callback_url: 'YOUR_CALLBACK_URL'
      #           }
      #   }
      # - { name: 'github',
      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET',
      #     url: "https://github.com/",
      #     verify_ssl: true,
      #     args: { scope: 'user:email' } }
      # - { name: 'bitbucket',
      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET' }
      # - { name: 'gitlab',
      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET',
      #     args: { scope: 'api' } }
      # - { name: 'google_oauth2',
      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET',
      #     args: { access_type: 'offline', approval_prompt: '' } }
      # - { name: 'facebook',
      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET' }
      # - { name: 'twitter',
      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET' }
      #
      # - { name: 'saml',
      #     label: 'Our SAML Provider',
      #     groups_attribute: 'Groups',
      #     external_groups: ['Contractors', 'Freelancers'],
      #     args: {
      #             assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
      #             idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
      #             idp_sso_target_url: 'https://login.example.com/idp',
      #             issuer: 'https://gitlab.example.com',
      #             name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
      #           } }
      #
      # - { name: 'crowd',
      #     args: {
      #       crowd_server_url: 'CROWD SERVER URL',
      #       application_name: 'YOUR_APP_NAME',
      #       application_password: 'YOUR_APP_PASSWORD' } }
      #
      # - { name: 'auth0',
      #     args: {
      #       client_id: 'YOUR_AUTH0_CLIENT_ID',
      #       client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
      #       namespace: 'YOUR_AUTH0_DOMAIN' } }
    # SSO maximum session duration in seconds. Defaults to CAS default of 8 hours.
    # cas3:
    #   session_duration: 28800
  # Shared file storage settings
  shared:
    # path: /mnt/gitlab # Default: shared
  # Gitaly settings
  gitaly:
    # Path to the directory containing Gitaly client executables.
    client_path: /usr/bin
    # Default Gitaly authentication token. Can be overriden per storage. Can
    # be left blank when Gitaly is running locally on a Unix socket, which
    # is the normal way to deploy Gitaly.
    token:
  #
  # 4. Advanced settings
  # ==========================
  ## Repositories settings
  repositories:
    # Paths where repositories can be stored. Give the canonicalized absolute pathname.
    # IMPORTANT: None of the path components may be symlink, because
    # gitlab-shell invokes Dir.pwd inside the repository path and that results
    # real path not the symlink.
    storages: # You must have at least a `default` storage path.
      default:
        path: /var/lib/gitlab/repositories/
        gitaly_address: unix:/run/gitlab/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port)
        # gitaly_token: 'special token' # Optional: override global gitaly.token for this storage.
        failure_count_threshold: 10 # number of failures before stopping attempts
        failure_wait_time: 30 # Seconds after an access failure before allowing access again
        failure_reset_time: 1800 # Time in seconds to expire failures
        storage_timeout: 5 # Time in seconds to wait before aborting a storage access attempt
  ## Backup settings
  backup:
    path: "tmp/backups"   # Relative paths are relative to Rails.root (default: tmp/backups/)
    # archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600)
    # keep_time: 604800   # default: 0 (forever) (in seconds)
    # pg_schema: public     # default: nil, it means that all schemas will be backed up
    # upload:
    #   # Fog storage connection settings, see http://fog.io/storage/ .
    #   connection:
    #     provider: AWS
    #     region: eu-west-1
    #     aws_access_key_id: AKIAKIAKI
    #     aws_secret_access_key: 'secret123'
    #   # The remote 'directory' to store your backups. For S3, this would be the bucket name.
    #   remote_directory: 'my.s3.bucket'
    #   # Use multipart uploads when file size reaches 100MB, see
    #   #  http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
    #   multipart_chunk_size: 104857600
    #   # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
    #   # encryption: 'AES256'
    #   # Specifies Amazon S3 storage class to use for backups, this is optional
    #   # storage_class: 'STANDARD'
  ## GitLab Shell settings
  gitlab_shell:
    path: /usr/share/gitlab-shell/
    hooks_path: /usr/share/gitlab-shell/hooks/
    # File that contains the secret key for verifying access for gitlab-shell.
    # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
    # secret_file: /var/lib/gitlab/.gitlab_shell_secret
    # Git over HTTP
    upload_pack: true
    receive_pack: true
    # Git import/fetch timeout
    # git_timeout: 800
    # If you use non-standard ssh port you need to specify it
    # ssh_port: 22
  workhorse:
    # File that contains the secret key for verifying access for gitlab-workhorse.
    # Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app).
    # secret_file: /var/lib/gitlab/.gitlab_workhorse_secret
  ## Git settings
  # CAUTION!
  # Use the default values unless you really know what you are doing
  git:
    bin_path: /usr/bin/git
    # The next value is the maximum memory size grit can use
    # Given in number of bytes per git object (e.g. a commit)
    # This value can be increased if you have very large commits
    max_size: 20971520 # 20.megabytes
    # Git timeout to read a commit, in seconds
    timeout: 10
  ## Webpack settings
  # If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running
  # on a given port instead of serving directly from /assets/webpack. This is only indended for use
  # in development.
  webpack:
    # dev_server:
    #   enabled: true
    #   host: localhost
    #   port: 3808
  ## Monitoring
  # Built in monitoring settings
  monitoring:
    # Time between sampling of unicorn socket metrics, in seconds
    # unicorn_sampler_interval: 10
    # IP whitelist to access monitoring endpoints
    ip_whitelist:
      - 127.0.0.0/8
    # Sidekiq exporter is webserver built in to Sidekiq to expose Prometheus metrics
    sidekiq_exporter:
    #  enabled: true
    #  address: localhost
    #  port: 3807
  #
  # 5. Extra customization
  # ==========================
  extra:
    ## Google analytics. Uncomment if you want it
    # google_analytics_id: '_your_tracking_id'
    ## Piwik analytics.
    # piwik_url: '_your_piwik_url'
    # piwik_site_id: '_your_piwik_site_id'
  rack_attack:
    git_basic_auth:
      # Rack Attack IP banning enabled
      # enabled: true
      #
      # Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers
      # ip_whitelist: ["127.0.0.1"]
      #
      # Limit the number of Git HTTP authentication attempts per IP
      # maxretry: 10
      #
      # Reset the auth attempt counter per IP after 60 seconds
      # findtime: 60
      #
      # Ban an IP for one hour (3600s) after too many auth attempts
      # bantime: 3600
 development:
  <<: *base
 test:
  <<: *base
  gravatar:
    enabled: true
  lfs:
    enabled: false
  gitlab:
    host: localhost
    port: 80
    # When you run tests we clone and setup gitlab-shell
    # In order to setup it correctly you need to specify
    # your system username you use to run GitLab
    # user: YOUR_USERNAME
  pages:
    path: tmp/tests/pages
  repositories:
    storages:
      default:
        path: tmp/tests/repositories/
        gitaly_address: unix:tmp/tests/gitaly/gitaly.socket
        failure_count_threshold: 999999
        failure_wait_time: 0
        storage_timeout: 30
      broken:
        path: tmp/tests/non-existent-repositories
        gitaly_address: unix:tmp/tests/gitaly/gitaly.socket
  gitaly:
    enabled: true
    token: secret
  backup:
    path: tmp/tests/backups
  gitlab_shell:
    path: tmp/tests/gitlab-shell/
    hooks_path: tmp/tests/gitlab-shell/hooks/
  issues_tracker:
    redmine:
      title: "Redmine"
      project_url: "http://redmine/projects/:issues_tracker_id"
      issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
      new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
    jira:
      title: "JIRA"
      url: https://sample_company.atlassian.net
      project_key: PROJECT
  omniauth:
    enabled: true
    allow_single_sign_on: true
    external_providers: []
    providers:
      - { name: 'cas3',
          label: 'cas3',
          args: { url: 'https://sso.example.com',
                  disable_ssl_verification: false,
                  login_url: '/cas/login',
                  service_validate_url: '/cas/p3/serviceValidate',
                  logout_url: '/cas/logout'} }
      - { name: 'github',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET',
          url: "https://github.com/",
          verify_ssl: false,
          args: { scope: 'user:email' } }
      - { name: 'bitbucket',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET' }
      - { name: 'gitlab',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET',
          args: { scope: 'api' } }
      - { name: 'google_oauth2',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET',
          args: { access_type: 'offline', approval_prompt: '' } }
      - { name: 'facebook',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET' }
      - { name: 'twitter',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET' }
      - { name: 'auth0',
          args: {
            client_id: 'YOUR_AUTH0_CLIENT_ID',
            client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
            namespace: 'YOUR_AUTH0_DOMAIN' } }
      - { name: 'authentiq',
          app_id: 'YOUR_CLIENT_ID',
          app_secret: 'YOUR_CLIENT_SECRET',
          args: { scope: 'aq:name email~rs address aq:push' } }
  ldap:
    enabled: false
    servers:
      main:
        label: ldap
        host: 127.0.0.1
        port: 3890
        uid: 'uid'
        encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
        base: 'dc=example,dc=com'
        user_filter: ''
        group_base: 'ou=groups,dc=example,dc=com'
        admin_group: ''
 staging:
  <<: *base
--- a/debian/conf/nginx.conf.example
+++ b/debian/conf/nginx.conf.example
@ -0,0 +1,121 @@
 ## GitLab
 ##
 ## Lines starting with two hashes (##) are comments with information.
 ## Lines starting with one hash (#) are configuration parameters that can be uncommented.
 ##
 ##################################
 ##        CONTRIBUTING          ##
 ##################################
 ##
 ## If you change this file in a Merge Request, please also create
 ## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
 ##
 ###################################
 ##         configuration         ##
 ###################################
 ##
 ## See installation.md#using-https for additional HTTPS configuration details.
 upstream gitlab-workhorse {
  # GitLab socket file,
  # for Omnibus this would be: unix:/var/opt/gitlab/gitlab-workhorse/socket
  server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
 }
 map $http_upgrade $connection_upgrade_gitlab {
    default upgrade;
    ''      close;
 }
 ## NGINX 'combined' log format with filtered query strings
 log_format gitlab_access $remote_addr - $remote_user [$time_local] "$request_method $gitlab_filtered_request_uri $server_protocol" $status $body_bytes_sent "$gitlab_filtered_http_referer" "$http_user_agent";
 ## Remove private_token from the request URI
 # In:  /foo?private_token=unfiltered&authenticity_token=unfiltered&feed_token=unfiltered&...
 # Out: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&feed_token=unfiltered&...
 map $request_uri $gitlab_temp_request_uri_1 {
  default $request_uri;
  ~(?i)^(?<start>.*)(?<temp>[\?&]private[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
 }
 ## Remove authenticity_token from the request URI
 # In:  /foo?private_token=[FILTERED]&authenticity_token=unfiltered&feed_token=unfiltered&...
 # Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=unfiltered&...
 map $gitlab_temp_request_uri_1 $gitlab_temp_request_uri_2 {
  default $gitlab_temp_request_uri_1;
  ~(?i)^(?<start>.*)(?<temp>[\?&]authenticity[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
 }
 ## Remove feed_token from the request URI
 # In:  /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=unfiltered&...
 # Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=[FILTERED]&...
 map $gitlab_temp_request_uri_2 $gitlab_filtered_request_uri {
  default $gitlab_temp_request_uri_2;
  ~(?i)^(?<start>.*)(?<temp>[\?&]feed[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
 }
 ## A version of the referer without the query string
 map $http_referer $gitlab_filtered_http_referer {
  default $http_referer;
  ~^(?<temp>.*)\? $temp;
 }
 ## Normal HTTP host
 server {
  ## Either remove "default_server" from the listen line below,
  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
  ## to be served if you visit any address that your server responds to, eg.
  ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
  listen 0.0.0.0:80;
  listen [::]:80;
  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  ## See app/controllers/application_controller.rb for headers set
  ## Real IP Module Config
  ## http://nginx.org/en/docs/http/ngx_http_realip_module.html
  real_ip_header X-Real-IP; ## X-Real-IP or X-Forwarded-For or proxy_protocol
  real_ip_recursive off;    ## If you enable 'on'
  ## If you have a trusted IP address, uncomment it and set it
  # set_real_ip_from YOUR_TRUSTED_ADDRESS; ## Replace this with something like 192.168.1.0/24
  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log gitlab_access;
  error_log   /var/log/nginx/gitlab_error.log;
  location / {
    client_max_body_size 0;
    gzip off;
    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;
    proxy_http_version 1.1;
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    Upgrade             $http_upgrade;
    proxy_set_header    Connection          $connection_upgrade_gitlab;
    proxy_pass http://gitlab-workhorse;
  }
  error_page 404 /404.html;
  error_page 422 /422.html;
  error_page 500 /500.html;
  error_page 502 /502.html;
  error_page 503 /503.html;
  location ~ ^/(404|422|500|502|503)\.html$ {
    # Location to the GitLab's public directory,
    # for Omnibus this would be: /opt/gitlab/embedded/service/gitlab-rails/public.
    root /usr/share/gitlab/public;
    internal;
  }
 }
--- a/debian/conf/nginx.ssl.conf.example
+++ b/debian/conf/nginx.ssl.conf.example
@ -0,0 +1,170 @@
 ## GitLab
 ##
 ## Modified from nginx http version
 ## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
 ## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
 ##
 ## Lines starting with two hashes (##) are comments with information.
 ## Lines starting with one hash (#) are configuration parameters that can be uncommented.
 ##
 ##################################
 ##        CONTRIBUTING          ##
 ##################################
 ##
 ## If you change this file in a Merge Request, please also create
 ## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
 ##
 ###################################
 ##         configuration         ##
 ###################################
 ##
 ## See installation.md#using-https for additional HTTPS configuration details.
 upstream gitlab-workhorse {
  # GitLab socket file,
  # for Omnibus this would be: unix:/var/opt/gitlab/gitlab-workhorse/socket
  server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
 }
 map $http_upgrade $connection_upgrade_gitlab_ssl {
    default upgrade;
    ''      close;
 }
 ## NGINX 'combined' log format with filtered query strings
 log_format gitlab_ssl_access $remote_addr - $remote_user [$time_local] "$request_method $gitlab_ssl_filtered_request_uri $server_protocol" $status $body_bytes_sent "$gitlab_ssl_filtered_http_referer" "$http_user_agent";
 ## Remove private_token from the request URI
 # In:  /foo?private_token=unfiltered&authenticity_token=unfiltered&feed_token=unfiltered&...
 # Out: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&feed_token=unfiltered&...
 map $request_uri $gitlab_ssl_temp_request_uri_1 {
  default $request_uri;
  ~(?i)^(?<start>.*)(?<temp>[\?&]private[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
 }
 ## Remove authenticity_token from the request URI
 # In:  /foo?private_token=[FILTERED]&authenticity_token=unfiltered&feed_token=unfiltered&...
 # Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=unfiltered&...
 map $gitlab_ssl_temp_request_uri_1 $gitlab_ssl_temp_request_uri_2 {
  default $gitlab_ssl_temp_request_uri_1;
  ~(?i)^(?<start>.*)(?<temp>[\?&]authenticity[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
 }
 ## Remove feed_token from the request URI
 # In:  /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=unfiltered&...
 # Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=[FILTERED]&...
 map $gitlab_ssl_temp_request_uri_2 $gitlab_ssl_filtered_request_uri {
  default $gitlab_ssl_temp_request_uri_2;
  ~(?i)^(?<start>.*)(?<temp>[\?&]feed[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
 }
 ## A version of the referer without the query string
 map $http_referer $gitlab_ssl_filtered_http_referer {
  default $http_referer;
  ~^(?<temp>.*)\? $temp;
 }
 ## Redirects all HTTP traffic to the HTTPS host
 server {
  ## Either remove "default_server" from the listen line below,
  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
  ## to be served if you visit any address that your server responds to, eg.
  ## the ip address of the server (http://x.x.x.x/)
  listen 0.0.0.0:80;
  listen [::]:80 ipv6only=on;
  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host$request_uri;
  access_log  /var/log/nginx/gitlab_access.log gitlab_ssl_access;
  error_log   /var/log/nginx/gitlab_error.log;
 }
 ## HTTPS host
 server {
  listen 0.0.0.0:443 ssl;
  listen [::]:443 ipv6only=on ssl;
  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
  ssl on;
  ssl_certificate /etc/gitlab/ssl/gitlab.crt;
  ssl_certificate_key /etc/gitlab/ssl/gitlab.key;
  # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;
  ## See app/controllers/application_controller.rb for headers set
  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
  ## Replace with your ssl_trusted_certificate. For more info see:
  ## - https://medium.com/devops-programming/4445f4862461
  ## - https://www.ruby-forum.com/topic/4419319
  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  # resolver_timeout 5s;
  ## [Optional] Generate a stronger DHE parameter:
  ##   sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
  ##
  # ssl_dhparam /etc/ssl/certs/dhparam.pem;
  ## [Optional] Enable HTTP Strict Transport Security
  # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
  ## Real IP Module Config
  ## http://nginx.org/en/docs/http/ngx_http_realip_module.html
  real_ip_header X-Real-IP; ## X-Real-IP or X-Forwarded-For or proxy_protocol
  real_ip_recursive off;    ## If you enable 'on'
  ## If you have a trusted IP address, uncomment it and set it
  # set_real_ip_from YOUR_TRUSTED_ADDRESS; ## Replace this with something like 192.168.1.0/24
  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log gitlab_ssl_access;
  error_log   /var/log/nginx/gitlab_error.log;
  location / {
    client_max_body_size 0;
    gzip off;
    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;
    proxy_http_version 1.1;
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    Upgrade             $http_upgrade;
    proxy_set_header    Connection          $connection_upgrade_gitlab_ssl;
    proxy_pass http://gitlab-workhorse;
  }
  error_page 404 /404.html;
  error_page 422 /422.html;
  error_page 500 /500.html;
  error_page 502 /502.html;
  error_page 503 /503.html;
  location ~ ^/(404|422|500|502|503)\.html$ {
    # Location to the GitLab's public directory,
    # for Omnibus this would be: /opt/gitlab/embedded/service/gitlab-rails/public
    root /usr/share/gitlab/public;
    internal;
  }
 }
--- a/debian/conf/puma.rb
+++ b/debian/conf/puma.rb
@ -0,0 +1,78 @@
 # frozen_string_literal: true
 # Load "path" as a rackup file.
 #
 # The default is "config.ru".
 #
 rackup 'config.ru'
 pidfile "#{ENV['gitlab_pid_path']}/puma.pid"
 state_path "#{ENV['gitlab_pid_path']}/puma.state"
 stdout_redirect File.join(ENV['gitlab_log_dir'],"puma.stdout.log"),
  File.join(ENV['gitlab_log_dir'],"puma.stderr.log"),
  true
 # Configure "min" to be the minimum number of threads to use to answer
 # requests and "max" the maximum.
 #
 # The default is "0, 16".
 #
 threads 1, 16
 # By default, workers accept all requests and queue them to pass to handlers.
 # When false, workers accept the number of simultaneous requests configured.
 #
 # Queueing requests generally improves performance, but can cause deadlocks if
 # the app is waiting on a request to itself. See https://github.com/puma/puma/issues/612
 #
 # When set to false this may require a reverse proxy to handle slow clients and
 # queue requests before they reach puma. This is due to disabling HTTP keepalive
 queue_requests false
 # Bind the server to "url". "tcp://", "unix://" and "ssl://" are the only
 # accepted protocols.
 bind "unix://#{ENV['gitlab_pid_path']}/gitlab.socket"
 workers 3
 require_relative "#{ENV['gitlab_app_root']}/lib/gitlab/cluster/lifecycle_events"
 require_relative "#{ENV['gitlab_app_root']}/lib/gitlab/cluster/puma_worker_killer_initializer"
 on_restart do
  # Signal application hooks that we're about to restart
  Gitlab::Cluster::LifecycleEvents.do_before_master_restart
 end
 before_fork do
  # Signal to the puma killer
  Gitlab::Cluster::PumaWorkerKillerInitializer.start @config.options unless ENV['DISABLE_PUMA_WORKER_KILLER']
  # Signal application hooks that we're about to fork
  Gitlab::Cluster::LifecycleEvents.do_before_fork
 end
 Gitlab::Cluster::LifecycleEvents.set_puma_options @config.options
 on_worker_boot do
  # Signal application hooks of worker start
  Gitlab::Cluster::LifecycleEvents.do_worker_start
 end
 # Preload the application before starting the workers; this conflicts with
 # phased restart feature. (off by default)
 preload_app!
 tag 'gitlab-puma-worker'
 # Verifies that all workers have checked in to the master process within
 # the given timeout. If not the worker process will be restarted. Default
 # value is 60 seconds.
 #
 worker_timeout 60
 # Use json formatter
 require_relative "#{ENV['gitlab_app_root']}/lib/gitlab/puma_logging/json_formatter"
 json_formatter = Gitlab::PumaLogging::JSONFormatter.new
 log_formatter do |str|
  json_formatter.call(str)
 end
--- a/debian/conf/resque.yml
+++ b/debian/conf/resque.yml
@ -0,0 +1,8 @@
 # If you change this file in a Merge Request, please also create
 # a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
 #
 development: redis://localhost:6379
 test: redis://localhost:6379
 # default redis configuration in debian is tcp 
 #production: unix:/var/run/redis/redis.sock
 production: redis://localhost:6379
--- a/debian/conf/smtp_settings.rb
+++ b/debian/conf/smtp_settings.rb
@ -0,0 +1,15 @@
 # To enable smtp email delivery for your GitLab instance do the following:
 # 1. Rename this file to smtp_settings.rb
 # 2. Edit settings inside this file
 # 3. Restart GitLab instance
 #
 # For full list of options and their values see http://api.rubyonrails.org/classes/ActionMailer/Base.html
 #
 # If you change this file in a Merge Request, please also create a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
 if Rails.env.production?
  Rails.application.config.action_mailer.delivery_method = :sendmail
  Rails.application.config.action_mailer.default_options = {from: "#{ENV['GITLAB_EMAIL_FROM']}" || "#{Settings.gitlab['email_from']}" || ''}
  ActionMailer::Base.sendmail_settings = {}
 end
--- a/debian/conf/tmpfiles.d/gitlab.conf
+++ b/debian/conf/tmpfiles.d/gitlab.conf
@ -0,0 +1,2 @@
 L /run/gitlab/cache - - - - /var/cache/gitlab
 L /run/gitlab/backups - - - - /var/lib/gitlab/backups
--- a/debian/control
+++ b/debian/control
@ -0,0 +1,578 @@
 Source: gitlab
 Section: net
 Priority: optional
 Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
 Uploaders: Cédric Boutillier <boutil@debian.org>,
 Pirate Praveen <praveen@debian.org>,
 Balasankar C <balasankarc@debian.org>,
 Sruthi Chandran <srud@debian.org>,
 Utkarsh Gupta <utkarsh@debian.org>
 Build-Depends: debhelper-compat (= 13),
               gem2deb,
               dh-golang,
 # See #1016217 (gccgo and x/net don't work well together right now)
 #               golang-any (>= 2:1.17~),
               golang-go (>= 2:1.18~),
               bc,
               golang-github-alecthomas-chroma-v2-dev,
               golang-github-aws-aws-sdk-go-dev,
               golang-github-azure-azure-storage-blob-go-dev (>= 0.10~),
               golang-github-beorn7-perks-dev,
               golang-github-client9-reopen-dev,
               golang-github-davecgh-go-spew-dev,
               golang-github-dgrijalva-jwt-go-dev (>= 3.2.0~),
               golang-github-disintegration-imaging-dev,
               golang-github-fzambia-sentinel-dev,
               golang-github-garyburd-redigo-dev,
               golang-github-golang-jwt-jwt-dev (>= 4.4.3~),
               golang-github-google-uuid-dev,
               golang-github-golang-protobuf-1-5-dev,
               golang-github-getsentry-raven-go-dev (>= 0.2~),
               golang-github-gomodule-redigo-dev,
 # protobuf-1-5
 #               golang-github-grpc-ecosystem-go-grpc-prometheus-dev,
               golang-github-hashicorp-yamux-dev (>= 0.0+git20210316.a95892c~),
               golang-github-jfbus-httprs-dev,
                 golang-github-jtolds-gls-dev (>= 4.20~),
               golang-github-jpillora-backoff-dev,
               golang-github-mitchellh-copystructure-dev,
               golang-github-mitchellh-reflectwalk-dev,
               golang-github-pmezard-go-difflib-dev,
 # protobuf-1-5
 #               golang-github-prometheus-client-golang-dev,
                  golang-github-cespare-xxhash-dev,
 #               golang-github-prometheus-client-model-dev,
 #               golang-github-prometheus-common-dev,
               golang-github-ryszard-goskiplist-dev,
               golang-github-sebest-xff-dev,
               golang-github-sirupsen-logrus-dev,
               golang-github-stretchr-testify-dev (>= 1.4~),
               golang-gitlab-gitlab-org-gitaly-dev (>= 16~),
                 golang-github-beevik-ntp-dev,
 # protobuf-1-5
 #               golang-gitlab-gitlab-org-labkit-dev (>= 1.14~),
                  golang-github-oklog-ulid-dev,
 #               golang-gocloud-dev,
               golang-golang-x-crypto-dev,
               golang-golang-x-net-dev,
               golang-golang-x-sys-dev (>= 0.0~git20180510.7dfd129~),
 # protobuf-1-5
 #               golang-google-genproto-dev,
               golang-honnef-go-tools-dev,
               golang-procfs-dev,
 # protobuf-1-5
 #               golang-protobuf-extensions-dev,
               golang-toml-dev,
               golang-websocket-dev,
 # protobuf-1-5
 #               golang-google-grpc-dev (>= 1.38~),
               libimage-exiftool-perl,
               golang-github-kylelemons-godebug-dev,
               golang-github-cli-browser-dev
 Standards-Version: 4.6.1
 Vcs-Git: https://salsa.debian.org/ruby-team/gitlab.git
 Vcs-Browser: https://salsa.debian.org/ruby-team/gitlab
 Homepage: https://about.gitlab.com/
 XS-Ruby-Versions: all
 XS-Go-Import-Path: gitlab.com/gitlab-org/gitlab
 Rules-Requires-Root: no
 Package: gitlab
 Section: contrib/net
 Architecture: all
 XB-Ruby-Versions: ${ruby:Versions}
 Depends: ${shlibs:Depends}, ${misc:Depends},
 gitlab-common (>= 16~),
 ruby (>= 1:2.7~),
   rubygems-integration (>= 1.18~),
 lsb-base (>= 3.0-6),
 rake (>= 12.3.0~),
 bundler (>= 1.17.3~),
 postgresql-client,
 postgresql-contrib (>= 12~),
 dbconfig-pgsql | dbconfig-no-thanks,
 bc,
 redis-server (>= 5:6.0.12~),
 # See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956211
 nodejs (>= 12~),
 nginx | httpd,
 default-mta | postfix | exim4 | mail-transport-agent,
 openssh-client,
 bzip2,
 ucf,
 gitlab-workhorse (>= ${source:Version}),
 ruby-rails (>= 2:6.1.7.2~),
   ruby-websocket-extensions (>= 0.1.5~),
   ruby-zeitwerk (>= 2.6.1~),
 ruby-bootsnap (>= 1.15~),
 ruby-ipaddr (>= 1.2.5~),
 ruby-responders (>= 3.0~),
 ruby-sprockets (>= 3.7~),
 ruby-view-component (>= 2.82~),
 ruby-pg (>= 1.5.3~),
 ruby-neighbor (>= 0.2.3~),
 ruby-rugged (>= 1.2~),
 ruby-grape-path-helpers (>= 1.7.1~),
 ruby-faraday (>= 1.0~),
 ruby-marginalia (>= 1.11.1~),
 # Authorization
 ruby-declarative-policy (>= 1.1),
 # Authentication libraries
 ruby-devise (>= 4.8.1~),
 ruby-bcrypt (>= 3.1.14~),
 ruby-doorkeeper (>= 5.6.6~),
 ruby-doorkeeper-openid-connect (>= 1.8.6~),
 ruby-rexml (>= 3.2.3.1~),
 ruby-saml (>= 1.13~),
 ruby-omniauth (>= 2.1~),
 ruby-omniauth-auth0 (>= 3.1~),
 ruby-omniauth-azure-activedirectory-v2 (>= 2.0~),
 ruby-omniauth-dingtalk-oauth2 (>= 1.0.1~),
 ruby-omniauth-alicloud (>= 2.0.1~),
 ruby-omniauth-facebook (>= 4.0~),
 ruby-omniauth-github (>= 2.0.1~),
 ruby-omniauth-gitlab (>= 1.0.2~),
 ruby-omniauth-google-oauth2 (>= 1.1~),
 ruby-omniauth-kerberos (>= 0.3.0-3~),
 ruby-omniauth-oauth2-generic (>= 0.2.2~),
 ruby-omniauth-saml (>= 2.1~),
 ruby-omniauth-twitter (>= 1.4~),
   ruby-omniauth-oauth (>= 1.2~),
 ruby-omniauth-authentiq (>= 0.3.3~),
 ruby-omniauth-openid-connect (>= 0.10~),
 ruby-openid-connect (>= 1.3~),
 ruby-omniauth-atlassian-oauth2 (>= 0.2.0~),
 ruby-rack-oauth2 (>= 1.21.3~),
 ruby-jwt (>= 2.1~),
 # Spam and anti-bot protection
 ruby-recaptcha (>= 5.12~),
 ruby-akismet (>= 3.0~),
 ruby-invisible-captcha (>= 2.0~),
 # Two-factor authentication
 ruby-devise-two-factor (>= 4.0.2~),
 ruby-rqrcode-rails3 (>= 0.1.7-2~),
   ruby-rqrcode (>= 1.2~),
 # GitLab Pages
 ruby-validates-hostname (>= 1.0.11~),
 ruby-zip (>= 2.3.2~),
 # GitLab Pages letsencrypt support
 ruby-acme-client (>= 2.0.9~),
 # Browser detection
 ruby-browser (>= 5.3.1~),
 # OS detection for usage ping
 ohai (>= 17.9.0~),
 # GPG
 ruby-gpgme (>= 2.0.22~),
 # LDAP Auth
 ruby-omniauth-ldap (>= 2.2~),
   ruby-ntlm (>= 0.6.1~),
 ruby-net-ldap (>= 0.17.1~),
 # API
 ruby-grape (>= 1.7~),
 ruby-grape-entity (>= 0.10~),
 ruby-rack-cors (>= 1.0.6~),
 # GraphQL API
 ruby-graphql (>= 1.13.12~),
 ruby-graphiql-rails (>= 1.4.10~),
 ruby-apollo-upload-server (>= 2.1~),
 # Used by BulkImport feature (group::import)
 ruby-graphlient (>= 0.4.0),
 #
 ruby-hashie (>= 5.0~),
 # Pagination
 ruby-kaminari (>= 1.2.2~),
 # HAML
 ruby-hamlit (>= 2.15~),
 # Files attachments
 ruby-carrierwave (>= 1.3.2~),
 ruby-mini-magick (>= 4.10.1~),
 # for backups
 ruby-fog-aws (>= 3.18~),
 ruby-fog-core (>= 2.1~),
   ruby-excon (>= 0.72~),
 ruby-fog-google (>= 1.19~),
 ruby-fog-local (>= 0.8~),
 ruby-fog-aliyun (>= 0.4.0~),
 ruby-gitlab-fog-azure-rm (>= 1.7~),
   ruby-azure-storage-blob (>= 2.0.0-3~),
   ruby-azure-storage-common (>= 2.0.1-5~),
 # for Google storage
 ruby-google-apis-core (>= 0.10~),
 ruby-google-apis-compute-v1 (>= 0.57~),
 ruby-google-apis-container-v1beta1 (>= 0.43~),
 ruby-google-apis-container-v1 (>= 0.43~),
 ruby-google-apis-cloudbilling-v1 (>= 0.21~),
 ruby-google-apis-cloudresourcemanager-v1 (>= 0.31~),
 ruby-google-apis-iam-v1 (>= 0.36~),
 ruby-google-apis-serviceusage-v1 (>= 0.28~),
 ruby-google-apis-sqladmin-v1beta4 (>= 0.41~),
 ruby-google-apis-androidpublisher-v3 (>= 0.34~),
 # for aws storage
 ruby-unf (>= 0.1.4-2~),
   ruby-unf-ext (>= 0.0.7.4),
 # Seed data
 ruby-seed-fu (>= 2.3.7~),
 # Search
 ruby-elasticsearch-model (>= 7.2~),
 ruby-elasticsearch (>= 5.0.3~),
 ruby-elasticsearch-rails (>= 7.2~),
 ruby-elasticsearch-api (>= 7.13.3~),
 ruby-aws-sdk-core (>= 3.172~),
 ruby-aws-sdk-cloudformation (>= 1.0~),
 ruby-aws-sdk-s3 (>= 1.122~),
 ruby-faraday-middleware-aws-sigv4,
 ruby-typhoeus (>= 1.4~),
 # Markdown and HTML processing
 ruby-html-pipeline (>= 2.14.3~),
 ruby-task-list (>= 2.3.1~),
 ruby-gitlab-markup (>= 1.9~),
 ruby-github-markup (>= 1.7~),
 ruby-commonmarker (>= 0.23.6~),
 ruby-kramdown (>= 2.3.1~),
 ruby-redcloth (>= 4.3.2-3~),
 # rdoc is built-in with ruby
 ruby-org (>= 0.9.12-2~),
 ruby-creole (>= 0.5.0~),
 ruby-wikicloth (>= 0.8.1~),
 asciidoctor (>= 2.0.17~),
 ruby-asciidoctor-include-ext (>= 0.4~),
 ruby-asciidoctor-plantuml (>= 0.0.16~),
 ruby-asciidoctor-kroki (>= 0.8~),
 ruby-rouge (>= 4.1~),
 ruby-truncato (>= 0.7.12~),
 ruby-bootstrap-form (>= 4.2~),
 ruby-nokogiri (>= 1.14.3~),
 ruby-escape-utils (>= 1.2.1~),
 # Calendar rendering
 ruby-icalendar,
 # Diffs
 ruby-diffy (>= 3.4~),
 ruby-diff-match-patch (>= 0.1~),
 # Application server
 ruby-rack (>= 2.2.7~),
 ruby-rack-timeout (>= 0.6.0~),
 puma (>= 5.6.5~),
 ruby-puma-worker-killer (>= 0.3.1~),
 ruby-sd-notify,
 # State machine
 ruby-state-machines-activerecord (>= 0.8~),
   ruby-state-machines-activemodel (>= 0.7.1~),
 # Issue tags
 ruby-acts-as-taggable-on (>= 9.0~),
 # Background jobs
 ruby-sidekiq (>= 6.5.7~),
 ruby-sidekiq-cron (>= 1.8~),
 ruby-redis-namespace (>= 1.9~),
 # Cron Parser
 ruby-fugit (>= 1.8.1~),
 # HTTP requests
 ruby-httparty (>= 0.16.4~),
 # Colored output to console
 ruby-rainbow (>= 3.0~),
 # Progress bar
 ruby-progressbar (>= 1.10~),
 # Linear-time regex library for untrusted regular expressions
 ruby-re2 (>= 1.5~),
 # Misc
 ruby-semver-dialects (>= 1.2.1~),
 ruby-version-sorter (>= 2.3~),
 # Export Ruby Regex to Javascript
 ruby-js-regex (>= 3.8~),
 # User agent parsing
 ruby-device-detector,
 # Redis
 ruby-redis (>= 4.7~),
 ruby-connection-pool (>= 2.0~),
 # Redis session store
 ruby-redis-actionpack (>= 5.3~),
 # Discord integration
 ruby-discordrb-webhooks (>= 3.4~),
 # JIRA integration
 ruby-jira (>= 2.1.4~),
 # Flowdock integration
 ruby-flowdock (>= 0.7~),
   ruby-posix-spawn (>= 0.3.13~),
 # Slack integration
 ruby-slack-messenger (>= 2.3.3~),
 # Hangouts Chat integration
 ruby-hangouts-chat (>= 0.0.5),
 # Asana integration
 ruby-asana (>= 0.10.13~),
 # FogBugz integration
 ruby-fogbugz (>= 0.3.0~),
 # Kubernetes integration
 ruby-kubeclient (>= 4.11~),
   ruby-recursive-open-struct (>= 1.1.1~),
   ruby-http (>= 4.4~),
 # AI
 ruby-ruby-openai (>= 3.7~),
 ruby-circuitbox (>= 2.0~),
 # Sanitize user input
 ruby-sanitize (>= 6.0~),
 ruby-babosa (>= 1.0.3~),
 # Sanitizes SVG input
 ruby-loofah (>= 2.20.0~),
 # Working with license
 ruby-licensee (>= 9.14.1~),
 # Protect against bruteforcing
 ruby-rack-attack (>= 6.6.1~),
 # Ace editor
 ruby-ace-rails-ap (>= 4.1~),
 # Detect and convert string character encoding
 ruby-charlock-holmes (>= 0.7.5~),
 # Detect mime content type from content
 ruby-ruby-magic (>= 0.6~),
 # Faster blank
 ruby-fast-blank,
 # Parse time & duration
 ruby-gitlab-chronic (>= 0.10.5~),
 ruby-gitlab-chronic-duration (>= 0.10.6.2~),
 #
 ruby-webpack-rails (>= 0.9.10~),
 # Many node modules are still in NEW, some are yet to be packaged
 # so we use yarn to downlod those and hence gitlab is in contrib
 yarnpkg (>= 1.22.4~),
 ruby-rack-proxy (>= 0.7.6~),
 #
 ruby-sassc-rails (>= 2.1~),
   ruby-sassc (>= 2.0~),
 ruby-autoprefixer-rails (>= 10.2.5.1~),
 ruby-terser (>= 1.0.2~),
 #
 ruby-addressable (>= 2.8~),
 ruby-tanuki-emoji (>= 0.6~),
 ruby-gon (>= 6.4~),
 ruby-request-store (>= 1.5.1~),
 ruby-virtus (>= 1.0.5-3~),
 ruby-base32 (>= 0.3.0~),
 # Sentry integration
 ruby-sentry-raven (>= 3.1~),
 ruby-sentry-ruby (>= 5.9~),
 ruby-sentry-rails (>= 5.9~),
 ruby-sentry-sidekiq (>= 5.9~),
 # PostgreSQL query parsing
 ruby-pg-query (>= 2.2.1~),
 #
 ruby-premailer-rails (>= 1.10.3-2~),
 # LabKit: Tracing and Correlation
 ruby-gitlab-labkit (>= 0.32~),
 # Thrift is a dependency of gitlab-labkit, we want a version higher than 0.14.0
 # because of https://gitlab.com/gitlab-org/gitlab/-/issues/321900
 ruby-thrift (>= 0.16~),
 # I18n
 ruby-ruby-parser (>= 3.20~),
 ruby-whitequark-parser (>= 3.0~),
 ruby-rails-i18n (>= 7.0~),
 ruby-gettext-i18n-rails (>= 1.8~),
 ruby-gettext-i18n-rails-js (>= 1.3~),
   ruby-gettext (>= 3.3.3~),
 #
 ruby-batch-loader (>= 2.0.1~),
 # Perf bar
 ruby-peek (>= 1.1~),
 # Snowplow events tracking
 ruby-snowplow-tracker (>= 0.8~),
 # Metrics
 ruby-method-source (>= 1.0~),
 ruby-webrick (>= 1.8.1~),
 ruby-prometheus-client-mmap (>= 0.23~),
 #
 ruby-warning (>= 1.3~),
 #
 ruby-octokit (>= 4.15~),
 #
 ruby-mail-room (>= 0.10.0+really0.0.23~),
 #
 ruby-email-reply-trimmer (>= 0.1~),
 ruby-html2text,
 #
 ruby-prof (>= 1.3~),
 ruby-stackprof (>= 0.2.23~),
 ruby-rbtrace (>= 0.4~),
 ruby-memory-profiler (>= 1.0~),
 ruby-activerecord-explain-analyze (>= 0.1~),
 # OAuth
 ruby-oauth2 (>= 2.0~),
 # oauth2 2.0 is installed from rubygems.org
   ruby-omniauth-oauth2 (>= 1.7.3~),
 # Health check
 ruby-health-check (>= 3.0~),
 # System information
 ruby-vmstat (>= 2.3~),
 ruby-sys-filesystem (>= 1.4.3~),
 # NTP client
 ruby-net-ntp,
 # SSH keys support
 ruby-ssh-data (>= 1.2~),
 # Spamcheck GRPC protocol definitions
 ruby-spamcheck (>= 1.10.1~),
 # Gitaly GRPC client
 ruby-gitaly (>= 15.11~),
 # KAS GRPC protocol definitions
 ruby-kas-grpc (>= 16~),
 #
 ruby-grpc (>= 1.42~),
 #
 ruby-google-protobuf (>= 3.19.4~),
 #
 ruby-toml-rb (>= 2.2~),
 # Feature toggles
 ruby-flipper (>= 0.25~),
 ruby-flipper-active-record (>= 0.25~),
 ruby-flipper-active-support-cache-store (>= 0.25~),
 ruby-unleash (>= 3.2.2~),
 ruby-gitlab-experiment (>= 0.7.1~),
 # Structured logging
 ruby-lograge (>= 0.10~),
 ruby-grape-logging (>= 1.8~),
 # DNS Lookup
 ruby-gitlab-net-dns (>= 0.9.2~),
 # Countries list
 ruby-countries (>= 4.0~),
 ruby-retriable (>= 3.1.2~),
 # LRU cache
 ruby-lru-redux,
 ruby-erubi (>= 1.9~),
 ruby-mail (>= 2.8.1),
 # File encryption
 ruby-lockbox (>= 1.1.1~),
 # Email validation
 ruby-valid-email,
 # JSON
 ruby-json (>= 2.6.3~),
 ruby-json-schema (>= 2.8.1-2~),
 ruby-json-schemer (>= 0.2.12~),
 ruby-oj (>= 3.14.1-2~),
 ruby-oj-introspect(>= 0.7.1-3~),
 ruby-multi-json (>= 1.14.1~),
 ruby-yajl (>= 1.4.3~),
 ruby-webauthn (>= 3.0~),
 ruby-parslet,
 ruby-ipynbdiff (>= 0.4.7~),
 ruby-ed25519 (>= 1.3~),
 # Vulnerability advisories
 ruby-cvss-suite,
 # Apple plist parsing
 ruby-cfpropertylist (>= 3.0~),
 ruby-app-store-connect,
 # For phone verification
 ruby-telesign (>= 2.2.4~),
 # for ruby 3.1
   ruby-net-http-persistent (>= 4.0~),
 ruby-telesignenterprise,
 # for google-cloud-storage
 ruby-digest-crc,
 # packaged node modules - all node packages are not packaged yet
 node-rails-actioncable,
 node-autosize (>= 4.0.2~dfsg1-5~),
 node-axios (>= 0.17.1~),
 node-babel7,
 node-babel-loader (>= 8.0~),
 node-babel-plugin-lodash,
 node-bootstrap,
 node-brace-expansion (>= 1.1.8~),
 node-cache-loader (>= 4.1~),
 node-clipboard (>= 2.0.8~),
 node-compression-webpack-plugin (>= 3.0.1~),
 node-copy-webpack-plugin (>= 5.0~),
 node-core-js (>= 3.2.1~),
 node-cron-validator,
 node-css-loader (>= 5.0~),
 # node-d3 includes d3-sankey
 node-d3 (>= 5.16~),
 node-d3-selection (>= 1.2~),
 node-dateformat (>= 5.0.1~),
 node-deckar01-task-list (>= 2.2.1),
 node-dompurify (>= 2.3.6~),
 node-exports-loader (>= 0.7~),
 node-imports-loader (>= 0.8~),
 node-file-loader (>= 5.0~),
 node-font-awesome,
 node-fuzzaldrin-plus (>= 0.5~),
 node-glob (>= 7.1.6~),
 node-jed (>= 1.1.1-2~),
 node-jquery (>= 3.5~),
 node-jquery-ujs,
 # Broken
 # node-jquery.waitforimages,
 node-js-cookie (>= 3.0~),
 node-js-yaml (>= 3.13.1~),
 node-jszip,
 node-jszip-utils (>= 0.0.2+dfsg-2~),
 node-katex (>= 0.13~),
 node-lodash (>= 4.17.21+dfsg+~cs8.31.198.20210220-9~bpo11+2),
 node-marked (>= 0.3~),
 # node-mermaid (>= 8.13.10~),
 node-minimatch,
 node-miragejs,
 node-mousetrap,
 node-pdfjs-dist,
 # Include node-pikaday only after @gitlab/ui is accepted
 # node-pikaday (>= 1.8.0-2~),
 node-popper.js (>= 1.16.1~),
 node-postcss (>= 8.4.5~),
 node-prismjs (>= 1.6~),
 node-prosemirror-markdown (>= 1.5.2~),
 node-prosemirror-model (>= 1.16.1~),
 node-prosemirror-state (>= 1.3.4~),
 node-prosemirror-view,
 node-raven-js,
 node-raw-loader (>= 4.0~),
 node-style-loader (>= 1.0~),
 node-three-orbit-controls (>= 82.1.0-3~),
 node-three-stl-loader (>= 1.0.4~),
 node-timeago.js (>= 4.0~),
 node-underscore (>= 1.9~),
 node-url-loader (>= 3.0~),
 node-uuid (>= 8.1~),
 node-vue (>= 2.6.10~),
 node-vue-resource (>= 1.5.1~),
 # Blocked by #927254
 # node-vue-router,
 webpack (>= 4.43~),
 node-webpack-stats-plugin,
 node-worker-loader (>= 2.0~),
 node-xterm,
 node-yaml,
 # using yarn install for remaining node modules as it is in contrib
 # node-babel-core,
 # node-babel-eslint,
 # node-babel-loader,
 # node-babel-plugin-transform-define,
 # node-babel-preset-latest,
 # node-babel-preset-stage-2,
 # node-debug (>= 3.1.0~),
 # node-katex,
 # node-marked,
 # gitlab-sidekiq was failing without puma
 puma
 Recommends: certbot,
 gitaly (>= 16~),
 openssh-server
 Conflicts: libruby2.5
 Description: git powered software platform to collaborate on code (non-omnibus)
 gitlab provides web based interface to host source code and track issues.
 It allows anyone for fork a repository and send merge requests. Code review
 is possible using merge request workflow. Using groups and roles project
 access can be controlled.
 .
 Unlike the official package from GitLab Inc., this package does not use
 omnibus.
 .
 Note: Currently this package is in contrib because it uses yarn to install
 some of its front end dependencies.
 Package: gitlab-workhorse
 Section: net
 Architecture: any
 Depends: ${misc:Depends},
         ${shlibs:Depends}
 Built-Using: ${misc:Built-Using}
 Description: unloads Git HTTP traffic from the GitLab Rails app (Unicorn)
 gitlab-workhorse was designed to unload Git HTTP traffic from the GitLab Rails
 app (Unicorn) to a separate daemon. It also serves 'git archive' downloads for
 GitLab. All authentication and authorization logic is still handled by the
 GitLab Rails app.
 .
 Architecture: Git client -> NGINX -> gitlab-workhorse (makes auth request to
 GitLab Rails app) -> git-upload-pack
--- a/debian/copyright
+++ b/debian/copyright
@ -0,0 +1,674 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: gitlab-foss
 Source: https://gitlab.com/gitlab-org/gitlab-foss
 Comment: This package installs front end dependencies (nodejs modules) using
 yarn package manager from outside debian. This can go to main when all
 those nodejs modules are packaged in main.
 Files: *
 Copyright: 2011-2015 GitLab B.V.
 License: Expat
 Files: app/assets/stylesheets/framework/animations.scss
 Copyright: 2016 Daniel Eden
 License: Expat
 Files: config/initializers/postgresql_cte.rb
 Copyright: 2012 Dan McClain
 License: Expat
 Files: config/initializers/postgresql_opclasses_support.rb
 Copyright: 2004-2016 David Heinemeier Hansson
 License: Expat
 Files: debian/*
 Copyright: 2015-2020 Pirate Praveen <praveen@debian.org>
 License: Expat
 Files: doc/legal/*_contributor_license_agreement.md
 Copyright: the Google Open Source Programs Office
 License: CC-BY-3.0
 Files: snowplow-javascript-tracker/*
 Copyright: 2010 Anthon Pang
           2012 Snowplow Analytics Ltd
 License: BSD-3-clause
 Files: vendor/Dockerfile/hexo/themes/landscape/Gruntfile.js*
 vendor/gitlab-ci-yml/*
 Copyright: 2016-2017, GitLab.org
 License: Expat
 Files: vendor/gitignore/*
 Copyright: Github, Inc
 License: CC0-1.0
 Files: vendor/assets/javascripts/jasmine-jquery.js
 Copyright: 2010-2014 Wojciech Zawistowski, Travis Jeffery
 License: Expat
 Files: vendor/assets/javascripts/jquery.endless-scroll.js
 Copyright: 2008 Fred Wu
 License: Expat or GPL-3+
 Files: vendor/assets/javascripts/u2f.js
 Copyright: 2014-2015, Google Inc.
 License: BSD-3-clause
 Files: vendor/assets/javascripts/jquery.scrollTo.js
 Copyright: 2007-2015, Ariel Flesler - aflesler<a>gmail<d>com | http://flesler.blogspot.com
 License: Expat
 Files: vendor/assets/javascripts/snowplow/sp.js
 Copyright: Anthon Pang, Snowplow Analytics Ltd
 License: BSD-2-clause
 Files: vendor/assets/stylesheets/cropper.css
 Copyright: 2014-2016, Fengyuan Chen and contributors
 License: Expat
 Files: vendor/assets/javascripts/latinise.js
 Copyright: Ed (http://semplicewebsites.com/removing-accents-javascript)
 License: public-domain
 Files: vendor/project_templates/hugo.tar.gz
 Copyright: 2014 Spencer Lyon
           2015 Dean Attali,
           2017 Michael Romero
           2011-2015 Twitter, Inc.
           2005, 2014 jQuery Foundation, Inc.
 License: Expat
 Comment: hugo.tar.gz has project.bundle which contains these notices
 Files: vendor/project_templates/hexo.tar.gz
 Copyright: 2013 Tommy Chen
           2012 Janis Skarnelis - janis@fancyapps.com
           2018 Font Awesome
 License: Expat and GPL-3+ and Font-Awesome-Free-License
 Comment: hexo.tar.gz has project.bundle which contains these notices
 Files: vendor/project_templates/gatsby.tar.gz
 Copyright: 2015 gatsbyjs
 License: Expat
 Comment: gatsby.tar.gz has project.bundle which contains the above notice
 Files: vendor/project_templates/nfhexo.tar.gz
 Copyright: 2013 Tommy Chen
           2012 Janis Skarnelis - janis@fancyapps.com
           2018 Font Awesome
 License: Expat and GPL-3+ and Font-Awesome-Free-License
 Comment: nfhexo.tar.gz has project.bundle which contains these notices
 Files: vendor/project_templates/nfhugo.tar.gz
 Copyright: 2014 Spencer Lyon
           2015 Dean Attali,
           2017 Michael Romero
           2011-2015 Twitter, Inc.
           2005, 2014 jQuery Foundation, Inc.
 License: Expat
 Comment: nfhugo.tar.gz has project.bundle which contains these notices
 Files: vendor/project_templates/spring.tar.gz
 Copyright: 2004 Apache Software Foundation (ASF)
 License: Apache-2.0
 Comment: spring.tar.gz has project.bundle which contains this notice
 License: Apache-2.0
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 .
   http://www.apache.org/licenses/LICENSE-2.0
 .
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 .
 On Debian systems, the full text of the Apache-2.0 license
 can be found in the file '/usr/share/common-licenses/Apache-2.0'
 License: BSD-2-clause
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:
 .
 1. Redistributions of source code must retain the above copyright
    notice, this list of conditions and the following disclaimer.
 .
 2. Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer in the
    documentation and/or other materials provided with the distribution.
 .
 THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 SUCH DAMAGE.
 License: BSD-3-clause
 All rights reserved.
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
 .
     * Redistributions of source code must retain the above copyright
       notice, this list of conditions and the following disclaimer.
     * Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in the
       documentation and/or other materials provided with the distribution.
     * Neither the name of highlight.js nor the names of its contributors
       may be used to endorse or promote products derived from this software
       without specific prior written permission.
 .
 THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
 EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 DISCLAIMED. IN NO EVENT SHALL THE REGENTS AND CONTRIBUTORS BE LIABLE FOR ANY
 DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 License: CC-BY-3.0
 THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS
 CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS
 PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK
 OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS
 PROHIBITED.
 .
 BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND
 AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS
 LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE
 RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS
 AND CONDITIONS.
 .
 1. Definitions
 .
   1. "Adaptation" means a work based upon the Work, or upon the Work
      and other pre-existing works, such as a translation, adaptation,
      derivative work, arrangement of music or other alterations of a
      literary or artistic work, or phonogram or performance and
      includes cinematographic adaptations or any other form in which
      the Work may be recast, transformed, or adapted including in any
      form recognizably derived from the original, except that a work
      that constitutes a Collection will not be considered an Adaptation
      for the purpose of this License. For the avoidance of doubt, where
      the Work is a musical work, performance or phonogram, the
      synchronization of the Work in timed-relation with a moving image
      ("synching") will be considered an Adaptation for the purpose of
      this License.
   2. "Collection" means a collection of literary or artistic works,
      such as encyclopedias and anthologies, or performances, phonograms
      or broadcasts, or other works or subject matter other than works
      listed in Section 1(f) below, which, by reason of the selection
      and arrangement of their contents, constitute intellectual
      creations, in which the Work is included in its entirety in
      unmodified form along with one or more other contributions, each
      constituting separate and independent works in themselves, which
      together are assembled into a collective whole. A work that
      constitutes a Collection will not be considered an Adaptation (as
      defined above) for the purposes of this License.
   3. "Distribute" means to make available to the public the original
      and copies of the Work or Adaptation, as appropriate, through sale
      or other transfer of ownership.
   4. "Licensor" means the individual, individuals, entity or entities
      that offer(s) the Work under the terms of this License.
   5. "Original Author" means, in the case of a literary or artistic
      work, the individual, individuals, entity or entities who created
      the Work or if no individual or entity can be identified, the
      publisher; and in addition (i) in the case of a performance the
      actors, singers, musicians, dancers, and other persons who act,
      sing, deliver, declaim, play in, interpret or otherwise perform
      literary or artistic works or expressions of folklore; (ii) in the
      case of a phonogram the producer being the person or legal entity
      who first fixes the sounds of a performance or other sounds; and,
      (iii) in the case of broadcasts, the organization that transmits
      the broadcast.
   6. "Work" means the literary and/or artistic work offered under the
      terms of this License including without limitation any production
      in the literary, scientific and artistic domain, whatever may be
      the mode or form of its expression including digital form, such as
      a book, pamphlet and other writing; a lecture, address, sermon or
      other work of the same nature; a dramatic or dramatico-musical
      work; a choreographic work or entertainment in dumb show; a
      musical composition with or without words; a cinematographic work
      to which are assimilated works expressed by a process analogous to
      cinematography; a work of drawing, painting, architecture,
      sculpture, engraving or lithography; a photographic work to which
      are assimilated works expressed by a process analogous to
      photography; a work of applied art; an illustration, map, plan,
      sketch or three-dimensional work relative to geography,
      topography, architecture or science; a performance; a broadcast; a
      phonogram; a compilation of data to the extent it is protected as
      a copyrightable work; or a work performed by a variety or circus
      performer to the extent it is not otherwise considered a literary
      or artistic work.
   7. "You" means an individual or entity exercising rights under this
      License who has not previously violated the terms of this License
      with respect to the Work, or who has received express permission
      from the Licensor to exercise rights under this License despite a
      previous violation.
   8. "Publicly Perform" means to perform public recitations of the Work
      and to communicate to the public those public recitations, by any
      means or process, including by wire or wireless means or public
      digital performances; to make available to the public Works in
      such a way that members of the public may access these Works from
      a place and at a place individually chosen by them; to perform the
      Work to the public by any means or process and the communication
      to the public of the performances of the Work, including by public
      digital performance; to broadcast and rebroadcast the Work by any
      means including signs, sounds or images.
   9. "Reproduce" means to make copies of the Work by any means
      including without limitation by sound or visual recordings and the
      right of fixation and reproducing fixations of the Work, including
      storage of a protected performance or phonogram in digital form or
      other electronic medium.
 .
 2. Fair Dealing Rights. Nothing in this License is intended to reduce,
    limit, or restrict any uses free from copyright or rights arising
    from limitations or exceptions that are provided for in connection
    with the copyright protection under copyright law or other
    applicable laws.
 .
 3. License Grant. Subject to the terms and conditions of this License,
    Licensor hereby grants You a worldwide, royalty-free, non-exclusive,
    perpetual (for the duration of the applicable copyright) license to
    exercise the rights in the Work as stated below:
 .
   1. to Reproduce the Work, to incorporate the Work into one or more
      Collections, and to Reproduce the Work as incorporated in the
      Collections;
   2. to create and Reproduce Adaptations provided that any such
      Adaptation, including any translation in any medium, takes
      reasonable steps to clearly label, demarcate or otherwise identify
      that changes were made to the original Work. For example, a
      translation could be marked "The original work was translated from
      English to Spanish," or a modification could indicate "The
      original work has been modified.";
   3. to Distribute and Publicly Perform the Work including as
      incorporated in Collections; and,
   4. to Distribute and Publicly Perform Adaptations.
   5.
 .
      For the avoidance of doubt:
         1. Non-waivable Compulsory License Schemes. In those
            jurisdictions in which the right to collect royalties
            through any statutory or compulsory licensing scheme cannot
            be waived, the Licensor reserves the exclusive right to
            collect such royalties for any exercise by You of the rights
            granted under this License;
         2. Waivable Compulsory License Schemes. In those jurisdictions
            in which the right to collect royalties through any
            statutory or compulsory licensing scheme can be waived, the
            Licensor waives the exclusive right to collect such
            royalties for any exercise by You of the rights granted
            under this License; and,
         3. Voluntary License Schemes. The Licensor waives the right to
            collect royalties, whether individually or, in the event
            that the Licensor is a member of a collecting society that
            administers voluntary licensing schemes, via that society,
            from any exercise by You of the rights granted under this
            License.
 .
 The above rights may be exercised in all media and formats whether now
 known or hereafter devised. The above rights include the right to make
 such modifications as are technically necessary to exercise the rights
 in other media and formats. Subject to Section 8(f), all rights not
 expressly granted by Licensor are hereby reserved.
 .
 4. Restrictions. The license granted in Section 3 above is expressly
    made subject to and limited by the following restrictions:
 .
   1. You may Distribute or Publicly Perform the Work only under the
      terms of this License. You must include a copy of, or the Uniform
      Resource Identifier (URI) for, this License with every copy of the
      Work You Distribute or Publicly Perform. You may not offer or
      impose any terms on the Work that restrict the terms of this
      License or the ability of the recipient of the Work to exercise
      the rights granted to that recipient under the terms of the
      License. You may not sublicense the Work. You must keep intact all
      notices that refer to this License and to the disclaimer of
      warranties with every copy of the Work You Distribute or Publicly
      Perform. When You Distribute or Publicly Perform the Work, You may
      not impose any effective technological measures on the Work that
      restrict the ability of a recipient of the Work from You to
      exercise the rights granted to that recipient under the terms of
      the License. This Section 4(a) applies to the Work as incorporated
      in a Collection, but this does not require the Collection apart
      from the Work itself to be made subject to the terms of this
      License. If You create a Collection, upon notice from any Licensor
      You must, to the extent practicable, remove from the Collection
      any credit as required by Section 4(b), as requested. If You
      create an Adaptation, upon notice from any Licensor You must, to
      the extent practicable, remove from the Adaptation any credit as
      required by Section 4(b), as requested.
   2. If You Distribute, or Publicly Perform the Work or any Adaptations
      or Collections, You must, unless a request has been made pursuant
      to Section 4(a), keep intact all copyright notices for the Work
      and provide, reasonable to the medium or means You are utilizing:
      (i) the name of the Original Author (or pseudonym, if applicable)
      if supplied, and/or if the Original Author and/or Licensor
      designate another party or parties (e.g., a sponsor institute,
      publishing entity, journal) for attribution ("Attribution
      Parties") in Licensor's copyright notice, terms of service or by
      other reasonable means, the name of such party or parties; (ii)
      the title of the Work if supplied; (iii) to the extent reasonably
      practicable, the URI, if any, that Licensor specifies to be
      associated with the Work, unless such URI does not refer to the
      copyright notice or licensing information for the Work; and (iv) ,
      consistent with Section 3(b), in the case of an Adaptation, a
      credit identifying the use of the Work in the Adaptation (e.g.,
      "French translation of the Work by Original Author," or
      "Screenplay based on original Work by Original Author"). The
      credit required by this Section 4 (b) may be implemented in any
      reasonable manner; provided, however, that in the case of a
      Adaptation or Collection, at a minimum such credit will appear,
      if a credit for all contributing authors of the Adaptation or
      Collection appears, then as part of these credits and in a manner
      at least as prominent as the credits for the other contributing
      authors. For the avoidance of doubt, You may only use the credit
      required by this Section for the purpose of attribution in the
      manner set out above and, by exercising Your rights under this
      License, You may not implicitly or explicitly assert or imply any
      connection with, sponsorship or endorsement by the Original
      Author, Licensor and/or Attribution Parties, as appropriate, of
      You or Your use of the Work, without the separate, express prior
      written permission of the Original Author, Licensor and/or
      Attribution Parties.
   3. Except as otherwise agreed in writing by the Licensor or as may be
      otherwise permitted by applicable law, if You Reproduce,
      Distribute or Publicly Perform the Work either by itself or as
      part of any Adaptations or Collections, You must not distort,
      mutilate, modify or take other derogatory action in relation to
      the Work which would be prejudicial to the Original Author's honor
      or reputation. Licensor agrees that in those jurisdictions (e.g.
      Japan), in which any exercise of the right granted in Section 3(b)
      of this License (the right to make Adaptations) would be deemed to
      be a distortion, mutilation, modification or other derogatory
      action prejudicial to the Original Author's honor and reputation,
      the Licensor will waive or not assert, as appropriate, this
      Section, to the fullest extent permitted by the applicable
      national law, to enable You to reasonably exercise Your right
      under Section 3(b) of this License (right to make Adaptations) but
      not otherwise.
 .
 5. Representations, Warranties and Disclaimer
 .
 UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR
 OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY
 KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE,
 INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY,
 FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF
 LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF
 ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW
 THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO
 YOU.
 .
 6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE
    LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY
    FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY
    DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF
    LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
 .
 7. Termination
 .
   1. This License and the rights granted hereunder will terminate
      automatically upon any breach by You of the terms of this License.
      Individuals or entities who have received Adaptations or
      Collections from You under this License, however, will not have
      their licenses terminated provided such individuals or entities
      remain in full compliance with those licenses. Sections 1, 2, 5,
      6, 7, and 8 will survive any termination of this License.
   2. Subject to the above terms and conditions, the license granted
      here is perpetual (for the duration of the applicable copyright in
      the Work). Notwithstanding the above, Licensor reserves the right
      to release the Work under different license terms or to stop
      distributing the Work at any time; provided, however that any such
      election will not serve to withdraw this License (or any other
      license that has been, or is required to be, granted under the
      terms of this License), and this License will continue in full
      force and effect unless terminated as stated above.
 .
 8. Miscellaneous
 .
   1. Each time You Distribute or Publicly Perform the Work or a
      Collection, the Licensor offers to the recipient a license to the
      Work on the same terms and conditions as the license granted to
      You under this License.
   2. Each time You Distribute or Publicly Perform an Adaptation,
      Licensor offers to the recipient a license to the original Work on
      the same terms and conditions as the license granted to You under
      this License.
   3. If any provision of this License is invalid or unenforceable under
      applicable law, it shall not affect the validity or enforceability
      of the remainder of the terms of this License, and without further
      action by the parties to this agreement, such provision shall be
      reformed to the minimum extent necessary to make such provision
      valid and enforceable.
   4. No term or provision of this License shall be deemed waived and no
      breach consented to unless such waiver or consent shall be in
      writing and signed by the party to be charged with such waiver or
      consent.
   5. This License constitutes the entire agreement between the parties
      with respect to the Work licensed here. There are no
      understandings, agreements or representations with respect to the
      Work not specified here. Licensor shall not be bound by any
      additional provisions that may appear in any communication from
      You. This License may not be modified without the mutual written
      agreement of the Licensor and You.
   6. The rights granted under, and the subject matter referenced, in
      this License were drafted utilizing the terminology of the Berne
      Convention for the Protection of Literary and Artistic Works (as
      amended on September 28, 1979), the Rome Convention of 1961, the
      WIPO Copyright Treaty of 1996, the WIPO Performances and
      Phonograms Treaty of 1996 and the Universal Copyright Convention
      (as revised on July 24, 1971). These rights and subject matter
      take effect in the relevant jurisdiction in which the License
      terms are sought to be enforced according to the corresponding
      provisions of the implementation of those treaty provisions in the
      applicable national law. If the standard suite of rights granted
      under applicable copyright law includes additional rights not
      granted under this License, such additional rights are deemed to
      be included in the License; this License is not intended to
      restrict the license of any rights under applicable law.
 License: CC0-1.0
 CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL
 SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT
 RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS.
 CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR
 THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR
 DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR
 WORKS PROVIDED HEREUNDER.
 .
 Statement of Purpose
 .
 The laws of most jurisdictions throughout the world automatically confer
 exclusive Copyright and Related Rights (defined below) upon the creator and
 subsequent owner(s) (each and all, an "owner") of an original work of
 authorship and/or a database (each, a "Work").
 .
 Certain owners wish to permanently relinquish those rights to a Work for the
 purpose of contributing to a commons of creative, cultural and scientific
 works ("Commons") that the public can reliably and without fear of later
 claims of infringement build upon, modify, incorporate in other works, reuse
 and redistribute as freely as possible in any form whatsoever and for any
 purposes, including without limitation commercial purposes. These owners may
 contribute to the Commons to promote the ideal of a free culture and the
 further production of creative, cultural and scientific works, or to gain
 reputation or greater distribution for their Work in part through the use
 and efforts of others.
 .
 For these and/or other purposes and motivations, and without any expectation
 of additional consideration or compensation, the person associating CC0 with
 a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
 and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
 and publicly distribute the Work under its terms, with knowledge of his or her
 Copyright and Related Rights in the Work and the meaning and intended legal
 effect of CC0 on those rights.
 .
 Copyright and Related Rights. A Work made available under CC0 may be protected
 by copyright and related or neighboring rights ("Copyright and Related
 Rights"). Copyright and Related Rights include, but are not limited to,
 the following:
 .
 the right to reproduce, adapt, distribute, perform, display, communicate,
 and translate a Work;
 moral rights retained by the original author(s) and/or performer(s);
 publicity and privacy rights pertaining to a person's image or likeness
 depicted in a Work;
 rights protecting against unfair competition in regards to a Work, subject
 to the limitations in paragraph 4(a), below;
 rights protecting the extraction, dissemination, use and reuse of data
 in a Work;
 database rights (such as those arising under Directive 96/9/EC of the European
 Parliament and of the Council of 11 March 1996 on the legal protection of
 databases, and under any national implementation thereof, including any
 amended or successor version of such directive); and
 other similar, equivalent or corresponding rights throughout the world
 based on applicable law or treaty, and any national implementations thereof.
 .
 2. Waiver. To the greatest extent permitted by, but not in contravention of,
 applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
 unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
 and Related Rights and associated claims and causes of action, whether now
 known or unknown (including existing as well as future claims and causes of
 action), in the Work (i) in all territories worldwide, (ii) for the maximum
 duration provided by applicable law or treaty (including future time
 extensions), (iii) in any current or future medium and for any number of
 copies, and (iv) for any purpose whatsoever, including without limitation
 commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
 the Waiver for the benefit of each member of the public at large and to the
 detriment of Affirmer's heirs and successors, fully intending that such Waiver
 shall not be subject to revocation, rescission, cancellation, termination,
 or any other legal or equitable action to disrupt the quiet enjoyment of the
 Work by the public as contemplated by Affirmer's express Statement of Purpose.
 .
 3. Public License Fallback. Should any part of the Waiver for any reason be
 judged legally invalid or ineffective under applicable law, then the Waiver
 shall be preserved to the maximum extent permitted taking into account
 Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
 is so judged Affirmer hereby grants to each affected person a royalty-free,
 non transferable, non sublicensable, non exclusive, irrevocable and
 unconditional license to exercise Affirmer's Copyright and Related Rights
 in the Work (i) in all territories worldwide, (ii) for the maximum duration
 provided by applicable law or treaty (including future time extensions),
 (iii) in any current or future medium and for any number of copies, and (iv)
 for any purpose whatsoever, including without limitation commercial,
 advertising or promotional purposes (the "License"). The License shall be
 deemed effective as of the date CC0 was applied by Affirmer to the Work.
 Should any part of the License for any reason be judged legally invalid or
 ineffective under applicable law, such partial invalidity or ineffectiveness
 shall not invalidate the remainder of the License, and in such case Affirmer
 hereby affirms that he or she will not (i) exercise any of his or her
 remaining Copyright and Related Rights in the Work or (ii) assert any
 associated claims and causes of action with respect to the Work, in either
 case contrary to Affirmer's express Statement of Purpose.
 .
 4. Limitations and Disclaimers.
 .
 No trademark or patent rights held by Affirmer are waived, abandoned,
 surrendered, licensed or otherwise affected by this document.
 Affirmer offers the Work as-is and makes no representations or warranties
 of any kind concerning the Work, express, implied, statutory or otherwise,
 including without limitation warranties of title, merchantability, fitness
 for a particular purpose, non infringement, or the absence of latent or
 other defects, accuracy, or the present or absence of errors, whether
 or not discoverable, all to the greatest extent permissible under applicable
 law.
 .
 Affirmer disclaims responsibility for clearing rights of other persons that
 may apply to the Work or any use thereof, including without limitation any
 person's Copyright and Related Rights in the Work. Further, Affirmer
 disclaims responsibility for obtaining any necessary consents,
 permissions or other rights required for any use of the Work.
 .
 Affirmer understands and acknowledges that Creative Commons is not a party
 to this document and has no duty or obligation with respect to this CC0 or
 use of the Work.
 License: Expat
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 .
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 .
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 License: Font-Awesome-Free-License
 Font Awesome Free is free, open source, and GPL friendly. You can use it for
 commercial projects, open source projects, or really almost whatever you want.
 Full Font Awesome Free license: https://fontawesome.com/license/free.
 .
 # Icons: CC BY 4.0 License (https://creativecommons.org/licenses/by/4.0/)
 In the Font Awesome Free download, the CC BY 4.0 license applies to all icons
 packaged as SVG and JS file types.
 .
 # Fonts: SIL OFL 1.1 License (https://scripts.sil.org/OFL)
 In the Font Awesome Free download, the SIL OFL license applies to all icons
 packaged as web and desktop font files.
 .
 # Code: MIT License (https://opensource.org/licenses/MIT)
 In the Font Awesome Free download, the MIT license applies to all non-font and
 non-icon files.
 .
 # Attribution
 Attribution is required by MIT, SIL OFL, and CC BY licenses. Downloaded Font
 Awesome Free files already contain embedded comments with sufficient
 attribution, so you shouldn't need to do anything additional when using these
 files normally.
 .
 We've kept attribution comments terse, so we ask that you do not actively work
 to remove them from files, especially code. They're a great way for folks to
 learn about Font Awesome.
 .
 # Brand Icons
 All brand icons are trademarks of their respective owners. The use of these
 trademarks does not indicate endorsement of the trademark holder by Font
 Awesome, nor vice versa. **Please do not use brand logos for any purpose except
 to represent the company, product, or service to which they refer.**
 License: GPL-3+
 This program is free software; you can redistribute it
 and/or modify it under the terms of the GNU General Public
 License as published by the Free Software Foundation; either
 version 3 of the License, or (at your option) any later
 version.
 .
 This program is distributed in the hope that it will be
 useful, but WITHOUT ANY WARRANTY; without even the implied
 warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
 PURPOSE.  See the GNU General Public License for more
 details.
 .
 You should have received a copy of the GNU General Public
 License along with this package; if not, write to the Free
 Software Foundation, Inc., 51 Franklin St, Fifth Floor,
 Boston, MA  02110-1301 USA
 .
 On Debian systems, the full text of the GNU General Public
 License version 3 can be found in the file
 `/usr/share/common-licenses/GPL-3'.
 License: public-domain
 All scripts are Public Domain.
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@ -0,0 +1,2 @@
 [DEFAULT]
 component = [ 'snowplow-javascript-tracker', 'workhorse-vendor' ]
--- a/debian/gitlab-rails-console.sh
+++ b/debian/gitlab-rails-console.sh
@ -0,0 +1,12 @@
 #! /bin/sh
 set -e
 # Read debian specific configuration
 . /etc/gitlab-common/gitlab-common.conf
 . /etc/gitlab/gitlab-debian.conf
 export DB RAILS_ENV GEM_HOME
 cd /usr/share/gitlab
 runuser -u ${gitlab_user} -- sh -c "/usr/bin/bundle exec rails console -e production"
--- a/debian/gitlab-rake.sh
+++ b/debian/gitlab-rake.sh
@ -0,0 +1,12 @@
 #! /bin/bash
 # Using bash for ${variable@Q} option for passing quotes from command line argument to rake
 set -e
 # Read debian specific configuration
 . /etc/gitlab-common/gitlab-common.conf
 . /etc/gitlab/gitlab-debian.conf
 export DB RAILS_ENV GEM_HOME
 cd /usr/share/gitlab
 runuser -u ${gitlab_user} -- sh -c "/usr/bin/bundle exec rake ${@@Q}"
--- a/debian/gitlab-update-gemfile-lock.sh
+++ b/debian/gitlab-update-gemfile-lock.sh
@ -0,0 +1,16 @@
 #! /bin/sh
 set -e
 # Read debian specific configuration
 . /etc/gitlab-common/gitlab-common.conf
 . /etc/gitlab/gitlab-debian.conf
 export DB RAILS_ENV
 cd /usr/share/gitlab
 # Remove all lines from Gemfile.lock
 runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/Gemfile.lock && \
 truncate -s 0 ${gitlab_data_dir}/Gemfile.lock"
 # Regenerate Gemfile.lock
 runuser -u ${gitlab_user} -- sh -c '/usr/bin/bundle install --local'
--- a/debian/gitlab-workhorse.install
+++ b/debian/gitlab-workhorse.install
@ -0,0 +1 @@
 debian/tmp/usr/bin
--- a/debian/gitlab.config
+++ b/debian/gitlab.config
@ -0,0 +1,63 @@
 #!/bin/sh
 # config maintainer script for gitlab
 CONFIGFILE=/etc/gitlab/gitlab-debian.conf
 set -e
 # source debconf stuffs
 . /usr/share/debconf/confmodule
 # Load config file, if it exists.
  if [ -e $CONFIGFILE ]; then
      . $CONFIGFILE || true
      # Store values from config file into
      # debconf db.
      db_set gitlab/fqdn "$GITLAB_HOST"
      db_set gitlab/ssl "${GITLAB_HTTPS:-false}"
      db_set gitlab/letsencrypt "${gitlab_letsencrypt:-false}"
      if [ -n "$gitlab_letsencrypt_email" ]; then
        db_set gitlab/letsencrypt_email "${gitlab_letsencrypt_email}"
      fi
  fi
 # What is your fqdn?
 db_input high gitlab/fqdn || true
 db_go
 # Do you want https?
 db_input high gitlab/ssl || true
 db_go
 # Don't prompt for letsencrypt if not installed
 if command -v letsencrypt >/dev/null; then
  # Do you want Let's Encrypt?
  db_get gitlab/ssl
  if [ "${RET}" = "true" ]
  then
    db_input high gitlab/letsencrypt || true
    db_go
    db_get gitlab/letsencrypt
    gitlab_letsencrypt=$RET
    if [ "$gitlab_letsencrypt" = "true" ]; then
      # Get email for letsencrypt updates
      db_input high gitlab/letsencrypt_email || true
      db_go
    fi
  fi
 fi
 db_get gitlab-common/user
 gitlab_user=$RET
 # source dbconfig-common shell library, and call the hook function
 if [ -f /usr/share/dbconfig-common/dpkg/config ]; then
   . /usr/share/dbconfig-common/dpkg/config
   dbc_dbtypes="pgsql"
   dbc_dbname="gitlab_production"
   dbc_dbuser="$gitlab_user"
   dbc_go gitlab "$@"
 fi
--- a/debian/gitlab.dirs
+++ b/debian/gitlab.dirs
@ -0,0 +1,3 @@
 /var/cache/gitlab
 /var/log/gitlab
 /var/log/gitlab-shell
--- a/debian/gitlab.docs
+++ b/debian/gitlab.docs
@ -0,0 +1,2 @@
 README.md
 debian/README.Debian
--- a/debian/gitlab.gitlab-mailroom.service
+++ b/debian/gitlab.gitlab-mailroom.service
@ -0,0 +1,19 @@
 [Unit]
 Description=Gitlab mailroom Worker
 PartOf=gitlab.target
 Requires=gitlab-puma.service
 Wants=gitlab-puma.service
 After=gitlab-puma.service
 PartOf=gitlab.service
 ReloadPropagatedFrom=gitlab-puma.service
 [Service]
 Type=simple
 WorkingDirectory=/usr/share/gitlab
 EnvironmentFile=/etc/gitlab/gitlab-debian.conf
 SyslogIdentifier=gitlab-mailroom
 ExecStart=/usr/bin/bundle exec mail_room -q -c /etc/gitlab/mail_room.yml
 Restart=on-abnormal
 [Install]
 WantedBy=gitlab.target
--- a/debian/gitlab.gitlab-puma.service
+++ b/debian/gitlab.gitlab-puma.service
@ -0,0 +1,22 @@
 [Unit]
 Description=GitLab Puma Server
 PartOf=gitlab.target
 Wants=redis-server.service
 Wants=postgresql.service
 After=redis-server.service postgresql.service
 PartOf=gitlab.service
 ReloadPropagatedFrom=gitlab.service
 Conflicts=gitlab-unicorn.service
 [Service]
 Type=simple
 WorkingDirectory=/usr/share/gitlab
 EnvironmentFile=/etc/gitlab/gitlab-debian.conf
 EnvironmentFile=-/etc/default/gitlab
 SyslogIdentifier=gitlab-puma
 ExecStart=/usr/bin/bundle exec puma -C config/puma.rb -e $RAILS_ENV
 ExecReload=/bin/kill -USR2 $MAINPID
 Restart=on-abnormal
 [Install]
 WantedBy=gitlab.target
--- a/debian/gitlab.gitlab-sidekiq.service
+++ b/debian/gitlab.gitlab-sidekiq.service
@ -0,0 +1,25 @@
 [Unit]
 Description=GitLab Sidekiq Worker
 PartOf=gitlab.target
 Wants=redis-server.service
 Wants=postgresql.service
 After=redis-server.service postgresql.service
 PartOf=gitlab.service
 ReloadPropagatedFrom=gitlab.service
 [Service]
 Type=simple
 WorkingDirectory=/usr/share/gitlab
 EnvironmentFile=/etc/gitlab/gitlab-debian.conf
 Environment=SIDEKIQ_QUEUES=*
 SyslogIdentifier=gitlab-sidekiq
 ExecStartPre=truncate -s 0 Gemfile.lock
 ExecStartPre=/usr/bin/bundle install --local --quiet
 ExecStart=/usr/bin/bundle exec bin/sidekiq-cluster $SIDEKIQ_QUEUES -e $RAILS_ENV
 Restart=on-abnormal
 ## No "Type=notify" support; wait for service to initialise:
 ExecStartPost=-/bin/sh -c "for i in 4 4 4 4 4 4 4 4; do sleep $i; (ps -h -o command -p $MAINPID | grep -q -P \"sidekiq\s\d\.\d\.\d\") && exit 0; done"
 [Install]
 WantedBy=gitlab.target
--- a/debian/gitlab.gitlab-workhorse.service
+++ b/debian/gitlab.gitlab-workhorse.service
@ -0,0 +1,25 @@
 [Unit]
 Description=Gitlab Workhorse handles slow HTTP requests for Gitlab.
 PartOf=gitlab.target
 Requires=gitlab-puma.service
 Wants=gitlab-puma.service
 After=gitlab-puma.service
 PartOf=gitlab.service
 ReloadPropagatedFrom=gitlab-puma.service
 [Service]
 Type=simple
 WorkingDirectory=/usr/share/gitlab
 EnvironmentFile=/etc/gitlab/gitlab-debian.conf
 SyslogIdentifier=gitlab-workhorse
 ExecStart=/usr/bin/gitlab-workhorse \
    -listenUmask 0 \
    -listenNetwork unix \
    -listenAddr ${gitlab_pid_path}/gitlab-workhorse.socket \
    -authBackend http://127.0.0.1:8080 \
    -authSocket ${gitlab_pid_path}/gitlab.socket \
    -documentRoot ${gitlab_app_root}/public
 Restart=on-abnormal
 [Install]
 WantedBy=gitlab.target
--- a/debian/gitlab.init
+++ b/debian/gitlab.init
@ -0,0 +1 @@
 ../lib/support/init.d/gitlab
--- a/debian/gitlab.install
+++ b/debian/gitlab.install
@ -0,0 +1,77 @@
 debian/conf/gitlab etc/default
 debian/conf/puma.rb etc/gitlab
 debian/conf/database.yml etc/gitlab
 debian/conf/gitlab.yml.example usr/lib/gitlab/templates
 debian/conf/resque.yml etc/gitlab
 debian/conf/cable.yml etc/gitlab
 debian/conf/gitlab-debian.conf.example usr/lib/gitlab/templates
 debian/conf/*.target lib/systemd/system
 debian/conf/smtp_settings.rb etc/gitlab/initializers
 debian/conf/tmpfiles.d/gitlab.conf /usr/lib/tmpfiles.d/
 debian/conf/nginx.conf.example usr/lib/gitlab/templates
 debian/conf/nginx.ssl.conf.example usr/lib/gitlab/templates
 debian/rake-tasks.sh usr/lib/gitlab/scripts
 debian/gitlab-rake.sh usr/lib/gitlab/scripts
 debian/gitlab-rails-console.sh usr/lib/gitlab/scripts
 debian/gitlab-update-gemfile-lock.sh usr/lib/gitlab/scripts
 .browserslistrc usr/share/gitlab
 .editorconfig usr/share/gitlab
 .lefthook usr/share/gitlab
 .license_encryption_key.pub usr/share/gitlab
 .markdownlint.yml usr/share/gitlab
 .solargraph.yml.example usr/share/gitlab
 .vale.ini usr/share/gitlab
 babel.config.js usr/share/gitlab
 app usr/share/gitlab
 bin usr/share/gitlab
 CHANGELOG.md usr/share/gitlab
 changelogs usr/share/gitlab
 config/* etc/gitlab
 config.ru usr/share/gitlab
 CONTRIBUTING.md usr/share/gitlab
 crowdin.yml usr/share/gitlab
 danger usr/share/gitlab
 data usr/share/gitlab
 Dangerfile usr/share/gitlab
 doc usr/share/gitlab
 docker-compose.yml usr/share/gitlab
 Dockerfile.assets usr/share/gitlab
 fixtures usr/share/gitlab
 Gemfile usr/share/gitlab
 Guardfile usr/share/gitlab
 generator_templates usr/share/gitlab
 glfm_specification usr/share/gitlab
 GITLAB_ELASTICSEARCH_INDEXER_VERSION usr/share/gitlab
 GITLAB_KAS_VERSION usr/share/gitlab
 GITLAB_METRICS_EXPORTER_VERSION usr/share/gitlab
 GITLAB_PAGES_VERSION usr/share/gitlab
 GITALY_SERVER_VERSION usr/share/gitlab
 GITLAB_SHELL_VERSION usr/share/gitlab
 GITLAB_WORKHORSE_VERSION usr/share/gitlab
 haml_lint usr/share/gitlab
 INSTALLATION_TYPE usr/share/gitlab
 jest.config.*.js usr/share/gitlab
 jest_resolver.js usr/share/gitlab
 lib usr/share/gitlab
 locale usr/share/gitlab
 MAINTENANCE.md usr/share/gitlab
 metrics_server usr/share/gitlab 
 package.json usr/share/gitlab
 patches var/lib/gitlab
 PHILOSOPHY.md usr/share/gitlab
 PROCESS.md usr/share/gitlab
 rubocop usr/share/gitlab
 Rakefile usr/share/gitlab
 README.md usr/share/gitlab
 scripts usr/share/gitlab
 security.txt usr/share/gitlab
 sidekiq_cluster usr/share/gitlab
 storybook usr/share/gitlab
 tests.yml usr/share/gitlab
 yarn.lock var/lib/gitlab
 tooling usr/share/gitlab
 vendor usr/share/gitlab
 VERSION usr/share/gitlab
 shared var/lib/gitlab
 public var/lib/gitlab
 db var/lib/gitlab
--- a/debian/gitlab.links
+++ b/debian/gitlab.links
@ -0,0 +1,26 @@
 var/lib/gitlab/public usr/share/gitlab/public
 var/lib/gitlab/shared usr/share/gitlab/shared
 var/lib/gitlab/db usr/share/gitlab/db
 var/lib/gitlab/node_modules usr/share/gitlab/node_modules
 usr/share/gitlab/package.json var/lib/gitlab/package.json
 var/lib/gitlab/yarn-error.log usr/share/gitlab/yarn-error.log
 var/lib/gitlab/yarn.lock usr/share/gitlab/yarn.lock
 var/lib/gitlab/.yarn usr/share/gitlab/.yarn
 var/lib/gitlab/.yarnrc.yml usr/share/gitlab/.yarnrc.yml
 var/lib/gitlab/.ssh usr/share/gitlab/.ssh
 var/lib/gitlab/.bundle usr/share/gitlab/.bundle
 var/lib/gitlab/secrets.yml etc/gitlab/secrets.yml
 var/lib/gitlab/locale usr/share/gitlab/app/assets/javascripts/locale
 usr/share/gitlab/app/assets/javascripts/locale.static/index.js var/lib/gitlab/locale/index.js
 usr/share/gitlab/scripts var/lib/gitlab/scripts
 var/log/gitlab usr/share/gitlab/log
 var/log/gitlab/builds usr/share/gitlab/builds
 run/gitlab usr/share/gitlab/tmp
 etc/gitlab usr/share/gitlab/config
 /var/lib/gitlab/.gitlab_workhorse_secret    /usr/share/gitlab/.gitlab_workhorse_secret
 /var/lib/gitlab/.gitlab_shell_secret    /usr/share/gitlab/.gitlab_shell_secret
 /var/lib/gitlab/.gitlab_kas_secret    /usr/share/gitlab/.gitlab_kas_secret
 /var/lib/gitlab/Gemfile.lock    /usr/share/gitlab/Gemfile.lock
 /usr/lib/gitlab/scripts/gitlab-rake.sh  /usr/sbin/gitlab-rake
 /usr/lib/gitlab/scripts/gitlab-rails-console.sh  /usr/sbin/gitlab-rails-console
 /usr/lib/gitlab/scripts/gitlab-update-gemfile-lock.sh /usr/sbin/gitlab-update-gemfile-lock
--- a/debian/gitlab.lintian-overrides
+++ b/debian/gitlab.lintian-overrides
@ -0,0 +1,40 @@
 # Used by chkconfig tool for rpm based systems, it can be safely ignored
 gitlab: init.d-script-has-unknown-lsb-keyword etc/init.d/gitlab:15 chkconfig
 # just an example, not used directly
 gitlab: executable-not-elf-or-script usr/share/gitlab/lib/support/init.d/gitlab.default.example
 # just an example, not used directly
 gitlab: executable-not-elf-or-script usr/share/gitlab/lib/support/deploy/deploy.sh
 # comes from upstream, timestamp will not change on rebuilds
 gitlab: package-contains-timestamped-gzip usr/share/gitlab/spec/fixtures/ci_build_artifacts_metadata.gz
 # upgrade handled via apt, script not required
 gitlab: executable-not-elf-or-script usr/share/gitlab/bin/upgrade.rb
 gitlab: executable-not-elf-or-script usr/share/gitlab/bin/ci/upgrade.rb
 # False-positives: there are no init.d files for those services:
 init.d-script-not-marked-as-conffile etc/init.d/gitlab-sidekiq
 init.d-script-not-marked-as-conffile etc/init.d/gitlab-workhorse
 init.d-script-not-marked-as-conffile etc/init.d/gitlab-unicorn
 init.d-script-not-marked-as-conffile etc/init.d/gitlab-mailroom
 # Not needed; SysV uses one 'gitlab' init script.
 init.d-script-not-included-in-package etc/init.d/gitlab-workhorse
 init.d-script-not-included-in-package etc/init.d/gitlab-sidekiq
 init.d-script-not-included-in-package etc/init.d/gitlab-mailroom
 init.d-script-not-included-in-package etc/init.d/gitlab-unicorn
 # libjs-cropper is 1.2.2, embedded cropper.js is 2.3.0 and a different upstream 
 embedded-javascript-library usr/share/gitlab/app/assets/javascripts/lib/cropper.js please use libjs-cropper
 # This is not the raphael library
 embedded-javascript-library usr/share/gitlab/app/assets/javascripts/lib/raphael.js please use libjs-raphael
 embedded-javascript-library usr/share/gitlab/app/assets/javascripts/network/raphael.js please use libjs-raphael
 # This is not the jquery library
 embedded-javascript-library usr/share/gitlab/app/assets/javascripts/extensions/jquery.js please use libjs-jquery
 embedded-javascript-library usr/share/gitlab/vendor/assets/javascripts/extensions/jquery.js please use libjs-jquery
 embedded-javascript-library usr/share/gitlab/app/assets/javascripts/commons/jquery.js please use libjs-jquery
 # used as test data
 package-contains-vcs-control-file usr/share/gitlab/spec/javascripts/fixtures/.gitignore
 package-contains-eslint-config-file usr/share/gitlab/spec/javascripts/.eslintrc.yml
--- a/debian/gitlab.maintscript
+++ b/debian/gitlab.maintscript
--- a/debian/gitlab.postinst
+++ b/debian/gitlab.postinst
@ -0,0 +1,396 @@
 #! /bin/sh
 # postinst script for gitlab
 # copied from postinst script for hplip
 # $Id: hplip.postinst,v 1.1 2005/10/15 21:39:04 hmh Exp $
 #
 # see: dh_installdeb(1)
 set -e
 # Setup variables
 # Now using gitlab-common.defaults to override variables used only in
 # maintainer scripts. Earlier versions used gitlab-debian.conf for this.
 # Now gitlab-debian.conf will only have user/admin configurable variables
 # and variables required by systemd services.
 gitlab_common_defaults=/usr/lib/gitlab-common/gitlab-common.defaults
 test -f ${gitlab_common_defaults} && . ${gitlab_common_defaults}
 # Show debconf questions
 . /usr/share/debconf/confmodule
 . /usr/share/dbconfig-common/dpkg/postinst
 # summary of how this script can be called:
 #        * <postinst> `configure' <most-recently-configured-version>
 #        * <old-postinst> `abort-upgrade' <new version>
 #        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
 #          <new-version>
 #        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
 #          <failed-install-package> <version> `removing'
 #          <conflicting-package> <version>
 # for details, see http://www.debian.org/doc/debian-policy/ or
 # the debian-policy package
 #
 # quoting from the policy:
 #     Any necessary prompting should almost always be confined to the
 #     post-installation script, and should be protected with a conditional
 #     so that unnecessary prompting doesn't happen if a package's
 #     installation fails and the `postinst' is called with `abort-upgrade',
 #     `abort-remove' or `abort-deconfigure'.
 #######################################################################
 # Read debian specific configuration
 #######################################################################
 # Always copy the example configuration file in case there are newer entries
 # added by maintainer
 cp ${gitlab_debian_conf_example} ${gitlab_debian_conf_private}
 . ${gitlab_debian_conf_private}
 # If /etc/gitlab/gitlab-debian.conf is already present, use it
 test -f ${gitlab_debian_conf} && . ${gitlab_debian_conf}
 export DB RAILS_ENV
 # Read default values (we cannot do this before gitlab-debian.conf is exported
 # as we want to override variables set by gitlab-debian.conf in earlier gitlab
 # versions with gitlab-debian.defaults)
 . ${gitlab_common_defaults}
 # Read gitlab_user from gitlab-common.conf
 test -f ${gitlab_common_conf} && . ${gitlab_common_conf}
 # Required for embedded gems
 export GEM_HOME=/var/lib/gitlab/.gem
 export GEM_PATH=$(gem env gempath)
 # Once bundler gets --prefer-local option (merged upstream) these will be automated
 # Updating these rubygem packages are complicated
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 1.8.0 "^graphiql-rails$" >/dev/null; then gem install -v 1.8.0 graphiql-rails; fi"
 # TODO: Update packages for these gems
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 1.44.0 "^google-cloud-storage$" >/dev/null; then gem install -v 1.44.0 google-cloud-storage; fi"
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 3.22.2' "^google-protobuf$" >/dev/null; then gem install -v '~> 3.22.2' google-protobuf; fi"
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 0.1.3' "^net-protocol$" >/dev/null; then gem install -v '~> 0.1.3' net-protocol; fi"
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 1.3' "^duo_api$" >/dev/null; then gem install -v '~> 1.3' duo_api; fi"
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 0.3' "^google-cloud-profiler-v2$" >/dev/null; then gem install -v '~> 0.3' google-cloud-profiler-v2; fi"
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 1.10' "^faraday$" >/dev/null; then gem install -v '~> 1.10' faraday; fi"
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 0.0.12' "^arr-pm$" >/dev/null; then gem install -v '~> 0.0.12' arr-pm; fi"
 # we have a newer incompatible version in the archive
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 0.6.1' "^omniauth_openid_connect$" >/dev/null; then gem install -v '~> 0.6.1' omniauth_openid_connect; fi"
 # Packaged version is probably buggy - task lists on issues broken
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 2.3.2 "^deckar01-task_list$" >/dev/null; then gem install -v 2.3.2 deckar01-task_list; fi"
 # We have a newer incompatible version in the archive
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 0.10.0 "^google-apis-core$" >/dev/null; then gem install -v 0.10.0 google-apis-core; fi"
 # archive has gitaly 16.0
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 15.9.0.pre.rc3' "^gitaly$" >/dev/null; then gem install -v '~> 15.9.0.pre.rc3' gitaly; fi"
 # Uninstall rack 3.x
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~>3.0' "^rack$" >/dev/null; then gem uninstall -v '~>3.0' rack; fi"
 # Gitlab needs this specific version due to
 # https://github.com/fog/fog-google/issues/421
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 2.1.0 "^fog-core$" >/dev/null; then gem install -v 2.1.0 fog-core; fi"
 # new gem
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 0.0.17.pre.alpha1 "^devfile$" >/dev/null; then gem install -v 0.0.17.pre.alpha1 devfile; fi"
 #######################################################################
 # update Gemfile.lock and yarn.lock, always
 #######################################################################
 runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/Gemfile.lock && \
 truncate -s 0 ${gitlab_data_dir}/Gemfile.lock"
 # Don't modify yarn.lock until all dependencies are packaged
 #runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/yarn.lock && \
 #truncate -s 0 ${gitlab_data_dir}/yarn.lock"
 runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/yarn-error.log"
 cd ${gitlab_app_root}
 if ! runuser -u ${gitlab_user} -- sh -c 'bundle --local --quiet'; then
  if [ "$1" = "triggered" ]; then
    # probably triggered in the middle of an system upgrade; ignore failure
    # but abort here
    echo "#########################################################################"
    echo "# Failed to detect gitlab dependencies; if you are in the middle of an #"
    echo "# upgrade, this is probably fine, there will be another attempt later.  #"
    echo "#                                                                       #"
    echo "# If you are NOT in the middle of an upgrade, there is probably a real  #"
    echo "# issue. Please report a bug.                                           #"
    echo "#########################################################################"
    exit 0
  else
    # something is really broken
    exit 1
  fi
 fi
 cd - >/dev/null
 case "$1" in
  configure)
    gitlab_builds_log=${gitlab_log_dir}/builds
    gitlab_repo_path=${gitlab_data_dir}/repositories
    gitlab_uploads_path=${gitlab_data_dir}/public/uploads
    # Create directories and change ownership
    echo "Creating runtime directories for gitlab..."
    # Setup ssh key file
    runuser -u ${gitlab_user} -- sh -c "mkdir -p ${gitlab_data_dir}/.ssh"
    runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/.ssh/authorized_keys"
    # Create .bundle for .bundle/config
    runuser -u ${gitlab_user} -- sh -c "mkdir -p ${gitlab_data_dir}/.bundle"
    # Create locale for app/assets/javascripts/locale
    runuser -u ${gitlab_user} -- sh -c "mkdir -p ${gitlab_data_dir}/locale"
    # Create backup directory for tmp/backups symbolic link
    runuser -u ${gitlab_user} -- sh -c "mkdir -p ${gitlab_data_dir}/backups"
    # Create more required directories
    mkdir -p ${gitlab_pid_path}
    chown ${gitlab_user}: ${gitlab_data_dir}/public ${gitlab_cache_path} \
    ${gitlab_log_dir} ${gitlab_shell_log} ${gitlab_pid_path} \
    ${gitlab_data_dir}/db ${gitlab_data_dir}/locale ${gitlab_data_dir}/shared \
    ${gitlab_data_dir}/shared/* ${gitlab_data_dir}/shared/artifacts/* \
    ${gitlab_data_dir}/shared/artifacts/tmp/*
    for i in ${gitlab_repo_path} ${gitlab_uploads_path}\
    ${gitlab_shell_log} ${gitlab_builds_log}; do
      runuser -u ${gitlab_user} -- sh -c "mkdir -p $i"
    done
    # nginx/httpd should be able to connect to gitlab-workhorse.socket and serve public
    chown ${gitlab_user}:${nginx_user} ${gitlab_uploads_path}/../* ${gitlab_pid_path}
    # Customize permissions
    echo "Updating file permissions..."
    chmod ug+rwX,o-rwx,u-s,g+s ${gitlab_repo_path}/
    for i in ${gitlab_data_dir} ${gitlab_shell_root}; do
      chown ${gitlab_user}: $i
    done
    # Make package.json writable for yarn 2
    chown ${gitlab_user}: /var/lib/gitlab/package.json
    chown ${gitlab_user}: /var/lib/gitlab/yarn.lock
    runuser -u ${gitlab_user} -- sh -c "chmod 700 ${gitlab_uploads_path}"
    runuser -u ${gitlab_user} -- sh -c 'git config --global core.autocrlf "input"'
    # Commands below needs to be run from gitlab_app_root
    cd ${gitlab_app_root}
    # Obtain hostname from debconf db
    echo "Configuring hostname and email..."
    db_get gitlab/fqdn
    GITLAB_HOST=$RET
    GITLAB_EMAIL_FROM="no-reply@$GITLAB_HOST"
    GITLAB_EMAIL_DISPLAY_NAME="Gitlab"
    GITLAB_EMAIL_REPLY_TO="no-reply@$GITLAB_HOST"
    # Check if ssl option is selected
    db_get gitlab/ssl
    GITLAB_HTTPS=$RET
    gl_proto="http"
    db_get gitlab/letsencrypt
    gitlab_letsencrypt=$RET
    db_get gitlab/letsencrypt_email
    gitlab_letsencrypt_email=$RET
    cp -a -f ${gitlab_debian_conf_private} ${gitlab_debian_conf_private}.tmp
    # If the admin deleted or commented some variables but then set
    # them via debconf, (re-)add them to the conffile.
    test -z "$GITLAB_HOST" || grep -Eq '^ *GITLAB_HOST=' ${gitlab_debian_conf_private} || \
        echo "GITLAB_HOST=" >> ${gitlab_debian_conf_private}
    test -z "$GITLAB_EMAIL_FROM" || grep -Eq '^ *GITLAB_EMAIL_FROM=' ${gitlab_debian_conf_private} || \
        echo "GITLAB_EMAIL_FROM=" >> ${gitlab_debian_conf_private}
    test -z "$GITLAB_EMAIL_DISPLAY_NAME" || grep -Eq '^ *GITLAB_EMAIL_DISPLAY_NAME=' ${gitlab_debian_conf_private} || \
        echo "GITLAB_EMAIL_DISPLAY_NAME=" >> ${gitlab_debian_conf_private}
    test -z "$GITLAB_EMAIL_REPLY_TO" || grep -Eq '^ *GITLAB_EMAIL_REPLY_TO=' ${gitlab_debian_conf_private} || \
        echo "GITLAB_EMAIL_REPLY_TO=" >> ${gitlab_debian_conf_private}
    test -z "$GITLAB_HTTPS" || grep -Eq '^ *GITLAB_HTTPS=' ${gitlab_debian_conf_private} || \
        echo "GITLAB_HTTPS=" >> ${gitlab_debian_conf_private}
    test -z "$gitlab_letsencrypt" || grep -Eq '^ *gitlab_letsencrypt=' ${gitlab_debian_conf_private} || \
        echo "gitlab_letsencrypt=" >> ${gitlab_debian_conf_private}
    test -z "$gitlab_letsencrypt_email" || grep -Eq '^ *gitlab_letsencrypt_email=' ${gitlab_debian_conf_private} || \
        echo "gitlab_letsencrypt_email=" >> ${gitlab_debian_conf_private}
    sed -e "s/^ *GITLAB_HOST=.*/GITLAB_HOST=\"$GITLAB_HOST\"/" \
        -e "s/^ *GITLAB_EMAIL_FROM=.*/GITLAB_EMAIL_FROM=\"$GITLAB_EMAIL_FROM\"/" \
        -e "s/^ *GITLAB_EMAIL_DISPLAY_NAME=.*/GITLAB_EMAIL_DISPLAY_NAME=\"$GITLAB_EMAIL_DISPLAY_NAME\"/" \
        -e "s/^ *GITLAB_EMAIL_REPLY_TO=.*/GITLAB_EMAIL_REPLY_TO=\"$GITLAB_EMAIL_REPLY_TO\"/" \
        -e "s/^ *GITLAB_HTTPS=.*/GITLAB_HTTPS=\"$GITLAB_HTTPS\"/" \
        -e "s/^ *gitlab_letsencrypt=.*/gitlab_letsencrypt=\"$gitlab_letsencrypt\"/" \
        -e "s/^ *gitlab_letsencrypt_email=.*/gitlab_letsencrypt_email=\"$gitlab_letsencrypt_email\"/" \
            < ${gitlab_debian_conf_private} > ${gitlab_debian_conf_private}.tmp
    mv -f ${gitlab_debian_conf_private}.tmp ${gitlab_debian_conf_private}
    # Copy example configurations
    cp ${gitlab_yml_example} ${gitlab_yml_private}
    cp ${gitlab_shell_config_example} ${gitlab_shell_config_private}
    # Set gitlab user first time
    sed -i "s/GITLAB_USER/${gitlab_user}/" ${gitlab_yml_private}
    # Update gitlab user (its a hack, proper fix is to have gitlab accept GITLAB_USER variable)
    sed -i "s/^ *user:.* #gitlab_user/    user: $gitlab_user #gitlab_user/" ${gitlab_yml_private}
    if [ "$GITLAB_HTTPS" = "true" ]; then
      echo "Configuring nginx with HTTPS..."
      # Workaround for #813770
      gl_proto="https"
      echo "Configuring gitlab with HTTPS..."
      sed -i "s/#port: 80/port: 443/" ${gitlab_yml_private}
      sed -i "s/https: false/https: true/" ${gitlab_yml_private}
      echo "Updating gitlab_url in gitlab-shell configuration..."
      sed -i \
 	  "s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\
 	  ${gitlab_shell_config_private}
      mkdir -p /etc/gitlab/ssl
      nginx_conf_example=${nginx_ssl_conf_example}
      # Check if letsencrypt option is selected
      if [ "$gitlab_letsencrypt" = "true" ]; then
 	  echo "Configuring letsencrypt..."
        ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem \
        /etc/gitlab/ssl/gitlab.crt
        ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem \
        /etc/gitlab/ssl/gitlab.key
        # Check if certificate is already present
        if [ -e /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem ]; then
          echo "Let's encrypt certificate already present."
        else
          # Port 80 and 443 should be available for letsencrypt
          if command -v nginx > /dev/null; then
 	    echo "Stopping nginx for letsencrypt..."
 	    invoke-rc.d nginx stop
 	  fi
          db_get gitlab/letsencrypt_email
          gitlab_letsencrypt_email=$RET
          LETSENCRYPT_CMD="letsencrypt --standalone --agree-tos -m $gitlab_letsencrypt_email -d ${GITLAB_HOST} certonly"
          $LETSENCRYPT_CMD || {
 	    echo "letsencrypt auto configuration failed..."
 	    echo "Stop your webserver and try running letsencrypt manually..."
 	    echo "$LETSENCRYPT_CMD"
 	  }
          if command -v nginx > /dev/null; then
 		  echo "Starting nginx (letsencrypt configuration completed) ..."
 	    invoke-rc.d nginx start
 	  fi
        fi 
      fi
    else
      # Revert https setting
      sed -i "s/port: 443/#port: 80/" ${gitlab_yml_private}
      sed -i "s/https: true/https: false/" ${gitlab_yml_private}
    fi
    # Cleanup in case letsencrypt were disabled later
    if [ "$gitlab_letsencrypt" = "false" ]; then
        if [ -L /etc/gitlab/ssl/gitlab.crt ]; then
          if [ "$(file /etc/gitlab/ssl/gitlab.crt|awk '{ print $NF }')" = "/etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem" ]; then
            echo "Removing symbolic links to letsencrypt certificate..."
            rm -f /etc/gitlab/ssl/gitlab.crt
          fi
        fi
        if [ -L /etc/gitlab/ssl/gitlab.key ]; then
          if [ "$(file /etc/gitlab/ssl/gitlab.key|awk '{ print $NF }')" = "/etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem" ]; then
            echo "Removing symbolic links to letsencrypt certificate private key..."
            rm -f /etc/gitlab/ssl/gitlab.key
          fi
        fi
    fi
      # Override User for systemd services
      for service in mailroom puma sidekiq workhorse; do
        path=/etc/systemd/system/gitlab-${service}.service.d
        mkdir -p $path
        if [ -e $path/override.conf ]; then
          echo "$path/override.conf already exist"
          # Make sure only gitlab user is updated
          sed -i "s/^ *User=.*/User=$gitlab_user/" $path/override.conf
        else
          printf "[Service]\nUser=${gitlab_user}\n" > $path/override.conf
        fi
      done
      # Manage gitlab-shell's config.yml via ucf
      mkdir -p /etc/gitlab-shell
      echo "Registering ${gitlab_shell_config} via ucf"
      ucf --debconf-ok --three-way ${gitlab_shell_config_private} ${gitlab_shell_config}
      ucfr gitlab ${gitlab_shell_config}
      # Manage gitlab.yml via ucf
      echo "Registering ${gitlab_yml} via ucf"
      ucf --debconf-ok --three-way ${gitlab_yml_private} ${gitlab_yml}
      ucfr gitlab ${gitlab_yml}
      # Manage gitlab-debian.conf via ucf
      echo "Registering ${gitlab_debian_conf} via ucf"
      ucf --debconf-ok --three-way ${gitlab_debian_conf_private} ${gitlab_debian_conf}
      ucfr gitlab ${gitlab_debian_conf}
      # configure nginx site
      if test -d /etc/nginx/sites-available/; then
        if test -f ${nginx_conf_example}; then
          nginx_site="/etc/nginx/sites-available/${GITLAB_HOST}"
          sed -e "s/YOUR_SERVER_FQDN/${GITLAB_HOST}/"\
          ${nginx_conf_example} >${nginx_site_private}
          ucf --debconf-ok --three-way ${nginx_site_private} ${nginx_site}
          ucfr gitlab ${nginx_site}
          ln -fs ${nginx_site} /etc/nginx/sites-enabled/
        else
          echo "nginx example configuration file not found"
          exit 1
        fi
      fi
      # Reload nginx
      if command -v nginx > /dev/null; then
        echo "Reloading nginx configuration..."
        invoke-rc.d nginx reload
      fi
    dbc_go gitlab "$@"
    db_stop
    # enable the pg_trgm extension
    runuser -u postgres -- sh -c "psql -d gitlab_production -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\""
    # enable the btree_gist extension
    runuser -u postgres -- sh -c "psql -d gitlab_production -c \"CREATE EXTENSION IF NOT EXISTS btree_gist;\""
    # Allow gitlab user to create schema
    runuser -u postgres -- sh -c "psql -c \"GRANT CREATE ON database gitlab_production TO ${gitlab_user};\""
    # Remove Gemfile.lock if present
    rm -f ${gitlab_data_dir}/Gemfile.lock
    # Create Gemfile.lock and .secret in /var/lib/gitlab
    runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/Gemfile.lock"
    echo "Verifying we have all required libraries..."
    runuser -u ${gitlab_user} -- sh -c 'bundle install --without development test --local'
    echo "Running final rake tasks and tweaks..."
    . /usr/lib/gitlab/scripts/rake-tasks.sh
    ;;
  triggered)
    # Already handled
    ;;
  abort-upgrade|abort-remove|abort-deconfigure)
    ;;
  *)
    echo "postinst called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 #DEBHELPER#
 case "$1" in
  configure)
    if command -v gitaly > /dev/null; then
      echo "Restarting gitaly..."
      invoke-rc.d gitaly restart
    fi
    echo "Restarting gitlab-sidekiq..."
    systemctl restart gitlab-sidekiq
    echo "Restarting gitlab..."
    invoke-rc.d gitlab restart
    echo "Running rake checks..."
    gitlab-rake gitlab:check
  ;;
 esac
--- a/debian/gitlab.postrm
+++ b/debian/gitlab.postrm
@ -0,0 +1,223 @@
 #! /bin/sh
 # postrm.skeleton
 # Skeleton maintainer script showing all the possible cases.
 # Written by Charles Briscoe-Smith, March-June 1998.  Public Domain.
 # Abort if any command returns an error value
 set -e
 # Set variables
 gitlab_common_defaults=/var/lib/gitlab-common/gitlab-common.defaults
 # This script is called twice during the removal of the package; once
 # after the removal of the package's files from the system, and as
 # the final step in the removal of this package, after the package's
 # conffiles have been removed.
 # Ensure the menu system is updated
 # Read debian specific configuration
 if [ -f ${gitlab_common_defaults} ]
 then
  . ${gitlab_common_defaults}
 else
  echo "${gitlab_common_defaults} not found. Not removing anything."
  exit 0
 fi
 if [ -f ${gitlab_debian_conf} ]
 then
  . ${gitlab_debian_conf}
 else
  echo "${gitlab_debian_conf} not found. Not removing anything."
  exit 0
 fi
 if [ -f ${gitlab_common_conf} ]
 then
  . ${gitlab_common_conf}
 else
  echo "${gitlab_common_conf} not found. Not removing anything."
  exit 0
 fi
 safely_remove() {
  CANDIDATE_DIR=$1
  if [ -n "${CANDIDATE_DIR}" ];then
    if [ -e ${CANDIDATE_DIR} ]; then
      echo "Removing: $i"
      rm -rf ${CANDIDATE_DIR}
    fi
  fi
 }
 case "$1" in
  remove)
    # This package is being removed, but its configuration has not yet
    # been purged.
    :
    # Remove diversion
    # ldconfig is NOT needed during removal of a library, only during
    # installation
    ;;
  purge)
    # This package has previously been removed and is now having
    # its configuration purged from the system.
    :
    # purge debconf questions
    if [ -e /usr/share/debconf/confmodule ]; then
      # Source debconf library.
      . /usr/share/debconf/confmodule
      # Do you want to remove all data?
      db_input high gitlab/purge_data || true
      db_go
      # Check if we should remove data?
      db_get gitlab/purge_data
      if [ "${RET}" = "true" ]; then
        if [ -n "${gitlab_data_dir}" ] && [ -d ${gitlab_data_dir} ]; then
          for i in shared public db repositories secrets.yml Gemfile.lock; do
            if [ -e ${gitlab_data_dir}/$i ]; then
              echo "Removing: ${gitlab_data_dir}/$i"
              rm -rf ${gitlab_data_dir}/$i; fi
          done
        fi
 	for i in ${gitlab_log_dir} ${gitlab_cache_path} ${gitlab_pid_path}; do
 		safely_remove $i
 	done
 	# Remove locale directory
 	echo "Removing: ${gitlab_app_root}/app/assets/javascripts/locale"
 	safely_remove ${gitlab_app_root}/app/assets/javascripts/locale
        if [ ! -z "${gitlab_user}" ]; then
            # Do only if gitlab_user is set
            if command -v dropdb >/dev/null; then
                echo "Removing Database: gitlab_production"
                if runuser -u ${gitlab_user} -- sh -c 'psql gitlab_production -c ""' ; then su postgres -c "dropdb gitlab_production"; fi
            else
                echo "dropdb command not found. Hence not removing database."
           fi
        else
            echo "gitlab_user not set. Hence not removing user."
        fi
        safely_remove ${gitlab_ssl_path}
      fi
      # Remove my changes to the db.
      db_purge
    fi
    nginx_site="/etc/nginx/sites-available/${GITLAB_HOST}"
    dbconfig_config="/etc/dbconfig-common/gitlab.conf"
    if [ -f ${nginx_site} ]; then echo "Found nginx site configuration at ${nginx_site}..."; fi
    # we mimic dpkg as closely as possible, so we remove configuration
    # files with dpkg backup extensions too:
    ### Some of the following is from Tore Anderson:
    for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist;  do
 	rm -f ${nginx_site}$ext
 	rm -f ${gitlab_debian_conf}$ext
 	rm -f ${gitlab_yml}$ext
 	rm -f ${gitlab_tmpfiles}$ext
 	rm -f ${gitlab_shell_config}$ext
        rm -f ${dbconfig_config}$ext
    done
    for i in ${nginx_site} ${gitlab_debian_conf} ${gitlab_yml} \
 ${gitlab_tmpfiles} ${gitlab_shell_config} ${dbconfig_config}; do
      # remove the configuration file itself
      if [ -f $i ] ; then rm -f $i; fi
      # and finally clear it out from the ucf database
      if which ucf >/dev/null; then
        if [ -n "$i" ]; then ucf --purge $i; fi
      fi
      if which ucfr >/dev/null; then
        if [ -n "$i" ]; then ucfr --purge gitlab $i; fi
      fi
    done
    # remove generated assets
    if [ -n "${gitlab_data_dir}" ]; then safely_remove ${gitlab_data_dir}/public/assets; fi
    # Remove private copies of configuration files
    rm -f ${nginx_site_private}
    rm -f ${gitlab_debian_conf_private}
    rm -f ${gitlab_yml_private}
    rm -f ${gitlab_tmpfiles_private}
    rm -f ${gitlab_shell_config_private}
    # Remove systemd service overrides
    for service in mailroom unicorn sidekiq workhorse; do
      path=/etc/systemd/system/gitlab-${service}.service.d
      rm -rf $path
    done
       # cleanup complete
    exit 0
    ;;
  disappear)
    if test "$2" != overwriter; then
      echo "$0: undocumented call to \`postrm $*'" 1>&2
      exit 0
    fi
    # This package has been completely overwritten by package $3
    # (version $4).  All our files are already gone from the system.
    # This is a special case: neither "prerm remove" nor "postrm remove"
    # have been called, because dpkg didn't know that this package would
    # disappear until this stage.
    :
    ;;
  upgrade)
    # About to upgrade FROM THIS VERSION to version $2 of this package.
    # "prerm upgrade" has been called for this version, and "preinst
    # upgrade" has been called for the new version.  Last chance to
    # clean up.
    :
    ;;
  failed-upgrade)
    # About to upgrade from version $2 of this package TO THIS VERSION.
    # "prerm upgrade" has been called for the old version, and "preinst
    # upgrade" has been called for this version.  This is only used if
    # the previous version's "postrm upgrade" couldn't handle it and
    # returned non-zero. (Fix old postrm bugs here.)
    :
    ;;
  abort-install)
    # Back out of an attempt to install this package.  Undo the effects of
    # "preinst install...".  There are two sub-cases.
    :
    if test "${2+set}" = set; then
      # When the install was attempted, version $2's configuration
      # files were still on the system.  Undo the effects of "preinst
      # install $2".
      :
    else
      # We were being installed from scratch.  Undo the effects of
      # "preinst install".
      :
    fi ;;
  abort-upgrade)
    # Back out of an attempt to upgrade this package from version $2
    # TO THIS VERSION.  Undo the effects of "preinst upgrade $2".
    :
    ;;
  *) echo "$0: didn't understand being called with \`$1'" 1>&2
     exit 0;;
 esac
 #DEBHELPER#
 exit 0
--- a/debian/gitlab.preinst
+++ b/debian/gitlab.preinst
@ -0,0 +1,16 @@
 #!/bin/sh
 set -e
 pg_version=$(pg_lsclusters |grep 5432 |awk '{print $1}')
 if [ "${pg_version}" -lt 12 ]; then
  echo "========================================================================"
  echo "Upgrade postgresql to at least version 12 before upgrading gitlab."
  echo "You can use pg_upgradecluster command to upgrade the postgresql version."
  echo "Aborting gitlab installation..."
  echo "========================================================================"
  exit 1
 fi
 #DEBHELPER#
--- a/debian/gitlab.service
+++ b/debian/gitlab.service
@ -0,0 +1,13 @@
 [Unit]
 Description=GitLab Services
 BindsTo=gitlab-puma.service gitlab-sidekiq.service gitlab-mailroom.service gitlab-workhorse.service
 After=gitlab-puma.service gitlab-sidekiq.service gitlab-mailroom.service gitlab-workhorse.service
 [Service]
 Type=idle
 RemainAfterExit=yes
 ExecStart=-/bin/true
 ExecReload=-/bin/true
 [Install]
 WantedBy=gitlab.target
--- a/debian/gitlab.templates
+++ b/debian/gitlab.templates
@ -0,0 +1,66 @@
 Template: gitlab/fqdn
 Type: string
 Default: localhost
 _Description: Fully qualified domain name for this instance of Gitlab:
 Please choose the domain name which should be used to access this
 instance of Gitlab.
 .
 This should be the fully qualified name as seen from the Internet, with
 the domain name that will be used to access the Gitlab instance, without any
 protocol specifiers like https://.
 .
 If a reverse proxy is used, give the hostname that the proxy server
 responds to.
 .
 Example: git.example.com
 Template: gitlab/ssl
 Type: boolean
 Default: false
 _Description: Enable https?
 Enabling https means that an SSL/TLS certificate is required to access this
 Gitlab instance (as Nginx will be configured to respond only to https
 requests). A self-signed certificate is enough for local testing (and can be
 generated using, for instance, the package easy-rsa), but it is not
 recommended for a production instance.
 .
 Some certificate authorities like Let's Encrypt (letsencrypt.org), CAcert
 (cacert.org) offer free SSL/TLS certificates.
 Note: CAcert issued certificates are not trusted by all browsers, it requires
 installing CAcert's root certificate in such cases.
 .
 Nginx must be reloaded after the certificate and key files are made available
 at /etc/gitlab/ssl. letsencrypt package may be used to automate interaction
 with Let's Encrypt to obtain a certificate.
 Template: gitlab/letsencrypt
 Type: boolean
 Default: false
 _Description: Use Let's Encrypt?
 Symbolic links to certificate and key created using letsencrypt package
 (/etc/letencrypt/live) will be added to /etc/gitlab/ssl if this option is
 selected.
 .
 Otherwise, certificate and key files have to be placed manually to
 /etc/gitlab/ssl directory as 'gitlab.crt' and 'gitlab.key'.
 .
 Nginx will be stopped, if this option is selected, to allow letsencrypt to use
 ports 80 and 443 during domain ownership validation and certificate retrieval
 step.
 .
 Note: letsencrypt does not have a usable nginx plugin currently, so
 certificates must be renewed manually after 3 months, when current
 letsencrypt certificate expire. If you choose yes here, you will also be
 agreeing to letsencrypt terms of service.
 Template: gitlab/letsencrypt_email
 Type: string
 _Description: Email address for letsencrypt updates:
 Please provide a valid email address for letsencrypt updates.
 Template: gitlab/purge_data
 Type: boolean
 Default: true 
 _Description: Remove all data?
 This will permanently remove all data of this Gitlab instance such as database,
 repositories, uploaded files, SSH public keys etc.
--- a/debian/gitlab.triggers
+++ b/debian/gitlab.triggers
@ -0,0 +1,2 @@
 interest-noawait /usr/lib/ruby/vendor_ruby
 interest-noawait /usr/share/rubygems-integration
--- a/debian/ignored-file-list
+++ b/debian/ignored-file-list
@ -0,0 +1,38 @@
 builds
 .codeclimate.yml
 db
 debian
 .dockerignore
 .eslintignore
 .eslintrc.yml
 .foreman
 Gemfile.lock
 .gitattributes
 .github
 .gitignore
 .gitlab
 .gitlab-ci.yml
 .gitpod.yml
 .haml-lint.yml
 .haml-lint_todo.yml
 LICENSE
 log
 .mailmap
 .mdlrc
 .mdlrc.style
 .nvmrc
 .prettierignore
 .prettierrc
 .projections.json.example
 public
 qa
 .rubocop_revert_ignores.txt
 .rubocop_todo.yml
 .rubocop.yml
 .ruby-version
 snowplow-javascript-tracker
 .test_license_encryption_key.pub
 .theia
 tmp
 workhorse-vendor
 .yamllint
--- a/debian/missing-sources/latinise.js
+++ b/debian/missing-sources/latinise.js
--- a/debian/not-installed
+++ b/debian/not-installed
@ -0,0 +1 @@
 usr/share/gocode
--- a/debian/patches/Gemfile/0010-relax-stable-libs.patch
+++ b/debian/patches/Gemfile/0010-relax-stable-libs.patch
@ -0,0 +1,497 @@
 We should be able to update minor versions of stable libs without breaking
 gitlab Gemfile
 --- a/Gemfile
 +++ b/Gemfile
@@ -13,63 +13,63 @@
 # NOTE: When incrementing the major or minor version here, also increment activerecord_version
 # in vendor/gems/attr_encrypted/attr_encrypted.gemspec until we resolve
 # https://gitlab.com/gitlab-org/gitlab/-/issues/375713
 -gem 'rails', '~> 6.1.7.2'
 +gem 'rails', '~> 6.1.7', '>= 6.1.7.2'
 -gem 'bootsnap', '~> 1.16.0', require: false
 +gem 'bootsnap', '~> 1.16', require: false
 gem 'openssl', '~> 3.0'
 -gem 'ipaddr', '~> 1.2.5'
 +gem 'ipaddr', '~> 1.2', '>= 1.2.5'
 # Responders respond_to and respond_with
 gem 'responders', '~> 3.0'
 -gem 'sprockets', '~> 3.7.0'
 +gem 'sprockets', '~> 3.7'
 -gem 'view_component', '~> 2.82.0'
 +gem 'view_component', '~> 2.82'
 # Supported DBs
 -gem 'pg', '~> 1.5.3'
 +gem 'pg', '~> 1.5', '>= 1.5.3'
 gem 'neighbor', '~> 0.2.3'
 gem 'rugged', '~> 1.5'
 -gem 'grape-path-helpers', '~> 1.7.1'
 +gem 'grape-path-helpers', '~> 1.7', '>= 1.7.1'
 gem 'faraday', '~> 1.0'
 -gem 'marginalia', '~> 1.11.1'
 +gem 'marginalia', '~> 1.11', '>= 1.11.1'
 # Authorization
 -gem 'declarative_policy', '~> 1.1.0'
 +gem 'declarative_policy', '~> 1.1'
 # Authentication libraries
 -gem 'devise', '~> 4.8.1'
 +gem 'devise', '~> 4.8', '>= 4.8.1'
 gem 'devise-pbkdf2-encryptable', '~> 0.0.0', path: 'vendor/gems/devise-pbkdf2-encryptable'
 gem 'bcrypt', '~> 3.1', '>= 3.1.14'
 gem 'doorkeeper', '~> 5.6', '>= 5.6.6'
 gem 'doorkeeper-openid_connect', '~> 1.8', '>= 1.8.6'
 -gem 'rexml', '~> 3.2.5'
 -gem 'ruby-saml', '~> 1.13.0'
 -gem 'omniauth', '~> 2.1.0'
 +gem 'rexml', '~> 3.2', '>= 3.2.5'
 +gem 'ruby-saml', '~> 1.13'
 +gem 'omniauth', '~> 2.1'
 gem 'omniauth-auth0', '~> 3.1'
 gem 'omniauth-azure-activedirectory-v2', '~> 2.0'
 gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'vendor/gems/omniauth-azure-oauth2' # See gem README.md
 gem 'omniauth-dingtalk-oauth2', '~> 1.0'
 -gem 'omniauth-alicloud', '~> 2.0.1'
 -gem 'omniauth-facebook', '~> 4.0.0'
 -gem 'omniauth-github', '2.0.1'
 +gem 'omniauth-alicloud', '~> 2.0', '>= 2.0.1'
 +gem 'omniauth-facebook', '~> 4.0'
 +gem 'omniauth-github', '~> 2.0', '>= 2.0.1'
 gem 'omniauth-gitlab', '~> 4.0.0', path: 'vendor/gems/omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md
 gem 'omniauth-google-oauth2', '~> 1.1'
 gem 'omniauth-oauth2-generic', '~> 0.2.2'
 -gem 'omniauth-saml', '~> 2.1.0'
 +gem 'omniauth-saml', '~> 2.1'
 gem 'omniauth-twitter', '~> 1.4'
 gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md
 gem 'omniauth_openid_connect', '~> 0.6.1'
 # Locked until Ruby 3.0 upgrade since upgrading will pull in an updated net-smtp gem.
 # See https://docs.gitlab.com/ee/development/emails.html#rationale.
 -gem 'openid_connect', '= 1.3.0'
 +gem 'openid_connect', '~> 1.3'
 gem 'omniauth-salesforce', '~> 1.0.5', path: 'vendor/gems/omniauth-salesforce' # See gem README.md
 gem 'omniauth-atlassian-oauth2', '~> 0.2.0'
 -gem 'rack-oauth2', '~> 1.21.3'
 +gem 'rack-oauth2', '~> 1.21', '>= 1.21.3'
 gem 'jwt', '~> 2.5'
 # Kerberos authentication. EE-only
@@ -79,59 +79,59 @@
 # Spam and anti-bot protection
 gem 'recaptcha', '~> 5.12', require: 'recaptcha/rails'
 gem 'akismet', '~> 3.0'
 -gem 'invisible_captcha', '~> 2.0.0'
 +gem 'invisible_captcha', '~> 2.0'
 # Two-factor authentication
 -gem 'devise-two-factor', '~> 4.0.2'
 +gem 'devise-two-factor', '~> 4.0', '>= 4.0.2'
 gem 'rqrcode-rails3', '~> 0.1.7'
 gem 'attr_encrypted', '~> 3.2.4', path: 'vendor/gems/attr_encrypted'
 # GitLab Pages
 -gem 'validates_hostname', '~> 1.0.11'
 -gem 'rubyzip', '~> 2.3.2', require: 'zip'
 +gem 'validates_hostname', '~> 1.0', '>= 1.0.11'
 +gem 'rubyzip', '~> 2.3', '>= 2.3.2', require: 'zip'
 # GitLab Pages letsencrypt support
 gem 'acme-client', '~> 2.0'
 # Browser detection
 -gem 'browser', '~> 5.3.1'
 +gem 'browser', '~> 5.3', '>= 5.3.1'
 # OS detection for usage ping
 gem 'ohai', '~> 17.9'
 # GPG
 -gem 'gpgme', '~> 2.0.22'
 +gem 'gpgme', '~> 2.0', '>= 2.0.22'
 # LDAP Auth
 # GitLab fork with several improvements to original library. For full list of changes
 # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master
 -gem 'gitlab_omniauth-ldap', '~> 2.2.0', require: 'omniauth-ldap'
 +gem 'gitlab_omniauth-ldap', '~> 2.2', require: 'omniauth-ldap'
 gem 'net-ldap', '~> 0.17.1'
 # API
 -gem 'grape', '~> 1.5.2'
 +gem 'grape', '~> 1.5','>= 1.5.2'
 gem 'grape-entity', '~> 0.10.0'
 -gem 'rack-cors', '~> 1.1.1', require: 'rack/cors'
 +gem 'rack-cors', '~> 1.1', '>= 1.1.1', require: 'rack/cors'
 gem 'grape-swagger', '~>1.5.0', group: [:development, :test]
 gem 'grape-swagger-entity', '~> 0.5.1', group: [:development, :test]
 # GraphQL API
 -gem 'graphql', '~> 1.13.12'
 +gem 'graphql', '~> 1.13', '>= 1.13.12'
 gem 'graphiql-rails', '~> 1.8'
 -gem 'apollo_upload_server', '~> 2.1.0'
 +gem 'apollo_upload_server', '~> 2.1'
 gem 'graphql-docs', '~> 2.1.0', group: [:development, :test]
 gem 'graphlient', '~> 0.5.0' # Used by BulkImport feature (group::import)
 -gem 'hashie', '~> 5.0.0'
 +gem 'hashie', '~> 5.0'
 # Pagination
 -gem 'kaminari', '~> 1.2.2'
 +gem 'kaminari', '~> 1.2', '>= 1.2.2'
 # HAML
 -gem 'hamlit', '~> 2.15.0'
 +gem 'hamlit', '~> 2.15'
 # Files attachments
 gem 'carrierwave', '~> 1.3'
 -gem 'mini_magick', '~> 4.10.1'
 +gem 'mini_magick', '~> 4.10','>= 4.10.1'
 # for backups
 gem 'fog-aws', '~> 3.18'
@@ -147,10 +147,10 @@
 # We may want to update this dependency if this is ever addressed upstream, e.g. via
 # https://github.com/aliyun/aliyun-oss-ruby-sdk/pull/93
 gem 'fog-aliyun', '~> 0.4'
 -gem 'gitlab-fog-azure-rm', '~> 1.7.0', require: 'fog/azurerm'
 +gem 'gitlab-fog-azure-rm', '~> 1.7', require: 'fog/azurerm'
 # for Google storage
 -gem 'google-cloud-storage', '~> 1.44.0'
 +gem 'google-cloud-storage', '~> 1.44'
 gem 'google-apis-core', '~> 0.10.0'
 gem 'google-apis-compute_v1', '~> 0.57.0'
 gem 'google-apis-container_v1', '~> 0.43.0'
@@ -166,36 +166,36 @@
 gem 'unf', '~> 0.1.4'
 # Seed data
 -gem 'seed-fu', '~> 2.3.7'
 +gem 'seed-fu', '~> 2.3','>= 2.3.7'
 # Search
 gem 'elasticsearch-model', '~> 7.2'
 gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation'
 -gem 'elasticsearch-api',   '7.13.3'
 -gem 'aws-sdk-core', '~> 3.172.0'
 +gem 'elasticsearch-api',   '~> 7.13', '>= 7.13.3'
 +gem 'aws-sdk-core', '~> 3.172'
 gem 'aws-sdk-cloudformation', '~> 1'
 -gem 'aws-sdk-s3', '~> 1.122.0'
 +gem 'aws-sdk-s3', '~> 1.122'
 gem 'faraday_middleware-aws-sigv4', '~>0.3.0'
 -gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive connections
 +gem 'typhoeus', '~> 1.4' # Used with Elasticsearch to support http keep-alive connections
 # Markdown and HTML processing
 -gem 'html-pipeline', '~> 2.14.3'
 -gem 'deckar01-task_list', '2.3.2'
 -gem 'gitlab-markup', '~> 1.9.0', require: 'github/markup'
 +gem 'html-pipeline', '~> 2.14','>= 2.14.3'
 +gem 'deckar01-task_list', '~> 2.3', '>= 2.3.2'
 +gem 'gitlab-markup', '~> 1.9', require: 'github/markup'
 gem 'commonmarker', '~> 0.23.6'
 -gem 'kramdown', '~> 2.3.1'
 -gem 'RedCloth', '~> 4.3.2'
 -gem 'rdoc', '~> 6.3.2'
 +gem 'kramdown', '~> 2.3', '>= 2.3.1'
 +gem 'RedCloth', '~> 4.3', '>= 4.3.2'
 +gem 'rdoc', '~> 6.3', '>= 6.3.2'
 gem 'org-ruby', '~> 0.9.12'
 gem 'creole', '~> 0.5.0'
 -gem 'wikicloth', '0.8.1'
 -gem 'asciidoctor', '~> 2.0.18'
 +gem 'wikicloth', '~> 0.8.1'
 +gem 'asciidoctor', '~> 2.0', '>= 2.0.18'
 gem 'asciidoctor-include-ext', '~> 0.4.0', require: false
 gem 'asciidoctor-plantuml', '~> 0.0.16'
 gem 'asciidoctor-kroki', '~> 0.8.0', require: false
 -gem 'rouge', '~> 4.1.0'
 +gem 'rouge', '~> 4.1'
 gem 'truncato', '~> 0.7.12'
 -gem 'nokogiri', '~> 1.14.3'
 +gem 'nokogiri', '~> 1.14', '>= 1.14.3'
 # Calendar rendering
 gem 'icalendar'
@@ -205,12 +205,12 @@
 gem 'diff_match_patch', '~> 0.1.0'
 # Application server
 -gem 'rack', '~> 2.2.7'
 +gem 'rack', '~> 2.2', '>= 2.2.7'
 # https://github.com/zombocom/rack-timeout/blob/master/README.md#rails-apps-manually
 gem 'rack-timeout', '~> 0.6.3', require: 'rack/timeout/base'
 group :puma do
 -  gem 'puma', '~> 5.6.5', require: false
 +  gem 'puma', '~> 5.6', '>= 5.6.5', require: false
   gem 'puma_worker_killer', '~> 0.3.1', require: false
   gem 'sd_notify', '~> 0.1.0', require: false
 end
@@ -222,13 +222,13 @@
 gem 'acts-as-taggable-on', '~> 9.0'
 # Background jobs
 -gem 'sidekiq', '~> 6.5.7'
 -gem 'sidekiq-cron', '~> 1.8.0'
 -gem 'redis-namespace', '~> 1.9.0'
 +gem 'sidekiq', '~> 6.5', '>= 6.5.7'
 +gem 'sidekiq-cron', '~> 1.8'
 +gem 'redis-namespace', '~> 1.9'
 gem 'gitlab-sidekiq-fetcher', path: 'vendor/gems/sidekiq-reliable-fetch', require: 'sidekiq-reliable-fetch'
 # Cron Parser
 -gem 'fugit', '~> 1.8.1'
 +gem 'fugit', '~> 1.8', '>= 1.8.1'
 # HTTP requests
 gem 'httparty', '~> 0.20.0'
@@ -240,11 +240,11 @@
 gem 'ruby-progressbar', '~> 1.10'
 # Linear-time regex library for untrusted regular expressions
 -gem 're2', '~> 1.6.0'
 +gem 're2', '~> 1.6'
 # Misc
 -gem 'semver_dialects', '~> 1.2.1'
 +gem 'semver_dialects', '~> 1.2', '>= 1.2.1'
 gem 'version_sorter', '~> 2.3'
 # Export Ruby Regex to Javascript
@@ -254,21 +254,21 @@
 gem 'device_detector'
 # Redis
 -gem 'redis', '~> 4.8.0'
 +gem 'redis', '~> 4.8'
 gem 'connection_pool', '~> 2.0'
 # Redis session store
 -gem 'redis-actionpack', '~> 5.3.0'
 +gem 'redis-actionpack', '~> 5.3'
 # Discord integration
 gem 'discordrb-webhooks', '~> 3.4', require: false
 # Jira integration
 -gem 'jira-ruby', '~> 2.1.4'
 +gem 'jira-ruby',  '~> 2.1', '>= 2.1.4'
 gem 'atlassian-jwt', '~> 0.2.0'
 # Slack integration
 -gem 'slack-messenger', '~> 2.3.4'
 +gem 'slack-messenger', '~> 2.3', '>= 2.3.4'
 # Hangouts Chat integration
 gem 'hangouts-chat', '~> 0.0.5', require: 'hangouts_chat'
@@ -280,18 +280,18 @@
 gem 'ruby-fogbugz', '~> 0.3.0'
 # Kubernetes integration
 -gem 'kubeclient', '~> 4.11.0'
 +gem 'kubeclient', '~> 4.11'
 # AI
 gem 'ruby-openai', '~> 3.7'
 -gem 'circuitbox', '2.0.0'
 +gem 'circuitbox', '2.0'
 # Sanitize user input
 gem 'sanitize', '~> 6.0'
 -gem 'babosa', '~> 1.0.4'
 +gem 'babosa', '~> 1.0', '>= 1.0.4'
 # Sanitizes SVG input
 -gem 'loofah', '~> 2.21.0'
 +gem 'loofah', '~> 2.21'
 # Working with license
 # Detects the open source license the repository includes
@@ -313,32 +313,32 @@
 gem 'rack-proxy', '~> 0.7.6'
 -gem 'sassc-rails', '~> 2.1.0'
 -gem 'autoprefixer-rails', '10.2.5.1'
 -gem 'terser', '1.0.2'
 +gem 'sassc-rails', '~> 2.1'
 +gem 'autoprefixer-rails', '~> 10.2', '>= 10.2.5.1'
 +gem 'terser', '~> 1.0', '>= 1.0.2'
 gem 'addressable', '~> 2.8'
 gem 'tanuki_emoji', '~> 0.6'
 -gem 'gon', '~> 6.4.0'
 -gem 'request_store', '~> 1.5.1'
 +gem 'gon', '~> 6.4'
 +gem 'request_store', '~> 1.5', '>= 1.5.1'
 gem 'base32', '~> 0.3.0'
 -gem 'gitlab-license', '~> 2.2.1'
 +gem 'gitlab-license', '~> 2.2', '>= 2.2.1'
 # Protect against bruteforcing
 -gem 'rack-attack', '~> 6.6.1'
 +gem 'rack-attack', '~> 6.6', '>= 6.6.1'
 # Sentry integration
 gem 'sentry-raven', '~> 3.1'
 -gem 'sentry-ruby', '~> 5.8.0'
 -gem 'sentry-rails', '~> 5.8.0'
 -gem 'sentry-sidekiq', '~> 5.8.0'
 +gem 'sentry-ruby', '~> 5.8'
 +gem 'sentry-rails', '~> 5.8'
 +gem 'sentry-sidekiq', '~> 5.8'
 # PostgreSQL query parsing
 #
 gem 'pg_query', '~> 2.2', '>= 2.2.1'
 -gem 'premailer-rails', '~> 1.10.3'
 +gem 'premailer-rails', '~> 1.10', '>= 1.10.3'
 gem 'gitlab-labkit', '~> 0.32.0'
 gem 'thrift', '>= 0.16.0'
@@ -346,11 +346,11 @@
 # I18n
 gem 'ruby_parser', '~> 3.20', require: false
 gem 'rails-i18n', '~> 7.0'
 -gem 'gettext_i18n_rails', '~> 1.8.0'
 +gem 'gettext_i18n_rails', '~> 1.8'
 gem 'gettext_i18n_rails_js', '~> 1.3'
 gem 'gettext', '~> 3.3', require: false, group: :development
 -gem 'batch-loader', '~> 2.0.1'
 +gem 'batch-loader', '~> 2.0', '>= 2.0.1'
 # Perf bar
 gem 'peek', '~> 1.1'
@@ -362,10 +362,10 @@
 gem 'snowplow-tracker', '~> 0.8.0'
 # Metrics
 -gem 'webrick', '~> 1.8.1', require: false
 +gem 'webrick', '~> 1.8', '>= 1.8.1', require: false
 gem 'prometheus-client-mmap', '~> 0.23', require: 'prometheus/client'
 -gem 'warning', '~> 1.3.0'
 +gem 'warning', '~> 1.3'
 group :development do
   gem 'lefthook', '~> 1.3.13', require: false
@@ -493,8 +493,8 @@
 gem 'health_check', '~> 3.0'
 # System information
 -gem 'vmstat', '~> 2.3.0'
 -gem 'sys-filesystem', '~> 1.4.3'
 +gem 'vmstat', '~> 2.3'
 +gem 'sys-filesystem', '~> 1.4', '>= 1.4.3'
 # NTP client
 gem 'net-ntp'
@@ -503,25 +503,25 @@
 gem 'ssh_data', '~> 1.3'
 # Spamcheck GRPC protocol definitions
 -gem 'spamcheck', '~> 1.3.0'
 +gem 'spamcheck', '~> 1.3'
 # Gitaly GRPC protocol definitions
 -gem 'gitaly', '~> 15.9.0-rc3'
 +gem 'gitaly', '~> 15.9'
 # KAS GRPC protocol definitions
 gem 'kas-grpc', '~> 0.1.0'
 -gem 'grpc', '~> 1.42.0'
 +gem 'grpc', '~> 1.42'
 gem 'google-protobuf', '~> 3.22', '>= 3.22.3'
 -gem 'toml-rb', '~> 2.2.0'
 +gem 'toml-rb', '~> 2.2'
 # Feature toggles
 gem 'flipper', '~> 0.25.0'
 gem 'flipper-active_record', '~> 0.25.0'
 gem 'flipper-active_support_cache_store', '~> 0.25.0'
 -gem 'unleash', '~> 3.2.2'
 +gem 'unleash', '~> 3.2', '>= 3.2.2'
 gem 'gitlab-experiment', '~> 0.7.1'
 # Structured logging
@@ -532,9 +532,9 @@
 gem 'gitlab-net-dns', '~> 0.9.2'
 # Countries list
 -gem 'countries', '~> 4.0.0'
 +gem 'countries', '~> 4.0'
 -gem 'retriable', '~> 3.1.2'
 +gem 'retriable', '~> 3.1', '>= 3.1.2'
 # LRU cache
 gem 'lru_redux'
@@ -546,24 +546,24 @@
 # `config/initializers/mail_starttls_patch.rb` has also been patched to
 # fix STARTTLS handling until https://github.com/mikel/mail/pull/1536 is
 # released.
 -gem 'mail', '= 2.8.1'
 +gem 'mail', '~> 2.8.1'
 gem 'mail-smtp_pool', '~> 0.1.0', path: 'vendor/gems/mail-smtp_pool', require: false
 gem 'microsoft_graph_mailer', '~> 0.1.0', path: 'vendor/gems/microsoft_graph_mailer'
 # File encryption
 -gem 'lockbox', '~> 1.1.1'
 +gem 'lockbox', '~> 1.1', '>= 1.1.1'
 # Email validation
 gem 'valid_email', '~> 0.1'
 # JSON
 -gem 'json', '~> 2.6.3'
 +gem 'json', '~> 2.6', '>= 2.6.3'
 gem 'json_schemer', '~> 0.2.18'
 -gem 'oj', '~> 3.13.21'
 +gem 'oj', '~> 3.13', '>= 3.13.21'
 gem 'oj-introspect', '~> 0.7'
 -gem 'multi_json', '~> 1.14.1'
 -gem 'yajl-ruby', '~> 1.4.3', require: 'yajl'
 +gem 'multi_json', '~> 1.14', '>= 1.14.1'
 +gem 'yajl-ruby', '~> 1.4','>= 1.4.3', require: 'yajl'
 gem 'webauthn', '~> 3.0'
@@ -574,14 +574,14 @@
 gem 'ipynbdiff', path: 'vendor/gems/ipynbdiff'
 -gem 'ed25519', '~> 1.3.0'
 +gem 'ed25519', '~> 1.3'
 # Error Tracking OpenAPI client
 # See https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/rake_tasks.md#update-openapi-client-for-error-tracking-feature
 gem 'error_tracking_open_api', path: 'vendor/gems/error_tracking_open_api'
 # Vulnerability advisories
 -gem 'cvss-suite', '~> 3.0.1', require: 'cvss_suite'
 +gem 'cvss-suite', '~> 3.0','>= 3.0.1', require: 'cvss_suite'
 # Work with RPM packages
 gem 'arr-pm', '~> 0.0.12'
--- a/debian/patches/Gemfile/0020-remove-development-test.patch
+++ b/debian/patches/Gemfile/0020-remove-development-test.patch
@ -0,0 +1,114 @@
 Bundler will fail when it can't find these locally
 --- a/Gemfile
 +++ b/Gemfile
@@ -111,14 +111,12 @@
 gem 'grape', '~> 1.5','>= 1.5.2'
 gem 'grape-entity', '~> 0.10.0'
 gem 'rack-cors', '~> 1.1', '>= 1.1.1', require: 'rack/cors'
 -gem 'grape-swagger', '~>1.5.0', group: [:development, :test]
 -gem 'grape-swagger-entity', '~> 0.5.1', group: [:development, :test]
 +
 # GraphQL API
 gem 'graphql', '~> 1.13', '>= 1.13.12'
 gem 'graphiql-rails', '~> 1.8'
 gem 'apollo_upload_server', '~> 2.1'
 -gem 'graphql-docs', '~> 2.1.0', group: [:development, :test]
 gem 'graphlient', '~> 0.5.0' # Used by BulkImport feature (group::import)
 gem 'hashie', '~> 5.0'
@@ -348,7 +346,6 @@
 gem 'rails-i18n', '~> 7.0'
 gem 'gettext_i18n_rails', '~> 1.8'
 gem 'gettext_i18n_rails_js', '~> 1.3'
 -gem 'gettext', '~> 3.3', require: false, group: :development
 gem 'batch-loader', '~> 2.0', '>= 2.0.1'
@@ -367,85 +364,6 @@
 gem 'warning', '~> 1.3'
 -group :development do
 -  gem 'lefthook', '~> 1.3.13', require: false
 -  gem 'rubocop'
 -  gem 'solargraph', '~> 0.47.2', require: false
 -
 -  gem 'letter_opener_web', '~> 2.0.0'
 -  gem 'lookbook', '~> 2.0', '>= 2.0.1'
 -
 -  # Better errors handler
 -  gem 'better_errors', '~> 2.10.0'
 -
 -  gem 'sprite-factory', '~> 1.7'
 -
 -  gem "listen", "~> 3.7"
 -end
 -
 -group :development, :test do
 -  gem 'deprecation_toolkit', '~> 1.5.1', require: false
 -  gem 'bullet', '~> 7.0.2'
 -  gem 'pry-byebug'
 -  gem 'pry-rails', '~> 0.3.9'
 -  gem 'pry-shell', '~> 0.6.1'
 -
 -  gem 'awesome_print', require: false
 -
 -  gem 'database_cleaner', '~> 1.7.0'
 -  gem 'factory_bot_rails', '~> 6.2.0'
 -  gem 'rspec-rails', '~> 6.0.1'
 -
 -  # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
 -  gem 'minitest', '~> 5.11.0'
 -
 -  # Generate Fake data
 -  gem 'ffaker', '~> 2.10'
 -
 -  gem 'spring', '~> 4.1.0'
 -  gem 'spring-commands-rspec', '~> 1.0.4'
 -
 -  gem 'gitlab-styles', '~> 10.0.0', require: false
 -
 -  gem 'haml_lint', '~> 0.40.0', require: false
 -  gem 'bundler-audit', '~> 0.7.0.1', require: false
 -
 -  # Benchmarking & profiling
 -  gem 'benchmark-ips', '~> 2.11.0', require: false
 -  gem 'benchmark-memory', '~> 0.1', require: false
 -
 -  gem 'knapsack', '~> 1.21.1'
 -  gem 'crystalball', '~> 0.7.0', require: false
 -
 -  gem 'simple_po_parser', '~> 1.1.6', require: false
 -
 -  gem 'png_quantizator', '~> 0.2.1', require: false
 -
 -  gem 'parallel', '~> 1.19', require: false
 -
 -  gem 'test_file_finder', '~> 0.1.3'
 -
 -  gem 'sigdump', '~> 0.2.4', require: 'sigdump/setup'
 -
 -  gem 'pact', '~> 1.63'
 -end
 -
 -group :development, :test, :danger do
 -  gem 'gitlab-dangerfiles', '~> 3.10.0', require: false
 -end
 -
 -group :development, :test, :coverage do
 -  gem 'simplecov', '~> 0.21', require: false
 -  gem 'simplecov-lcov', '~> 0.8.0', require: false
 -  gem 'simplecov-cobertura', '~> 1.3.1', require: false
 -  gem 'undercover', '~> 0.4.4', require: false
 -end
 -
 -# Gems required in omnibus-gitlab pipeline
 -group :development, :test, :omnibus do
 -  gem 'license_finder', '~> 7.0', require: false
 -end
 -
 group :test do
   gem 'fuubar', '~> 2.2.0'
   gem 'rspec-retry', '~> 0.6.2'
--- a/debian/patches/Gemfile/0030-make-test-dependencies-conditional.patch
+++ b/debian/patches/Gemfile/0030-make-test-dependencies-conditional.patch
@ -0,0 +1,13 @@
 Make test dependencies conditional so we can enable them when running autopkgtest
 --- a/Gemfile
 +++ b/Gemfile
@@ -364,7 +364,7 @@
 gem 'warning', '~> 1.3'
 -group :test do
 +if ENV["INCLUDE_TEST_DEPENDS"] == "true"
   gem 'fuubar', '~> 2.2.0'
   gem 'rspec-retry', '~> 0.6.2'
   gem 'rspec_profiling', '~> 0.0.6'
--- a/debian/patches/Gemfile/0040-relax-httparty.patch
+++ b/debian/patches/Gemfile/0040-relax-httparty.patch
@ -0,0 +1,13 @@
 Allow newer versions of httparty to satisfy dependency
 --- a/Gemfile
 +++ b/Gemfile
@@ -229,7 +229,7 @@
 gem 'fugit', '~> 1.8', '>= 1.8.1'
 # HTTP requests
 -gem 'httparty', '~> 0.20.0'
 +gem 'httparty', '~> 0.20'
 # Colored output to console
 gem 'rainbow', '~> 3.0'
--- a/debian/patches/Gemfile/0090-remove-ee-only-gems.patch
+++ b/debian/patches/Gemfile/0090-remove-ee-only-gems.patch
@ -0,0 +1,22 @@
 This gem is used only in gitlab Enterprise Edition
 --- a/Gemfile
 +++ b/Gemfile
@@ -73,7 +73,7 @@
 gem 'jwt', '~> 2.5'
 # Kerberos authentication. EE-only
 -gem 'gssapi', '~> 1.3.1', group: :kerberos
 +
 gem 'timfel-krb5-auth', '~> 0.8', group: :kerberos
 # Spam and anti-bot protection
@@ -321,8 +321,6 @@
 gem 'request_store', '~> 1.5', '>= 1.5.1'
 gem 'base32', '~> 0.3.0'
 -gem 'gitlab-license', '~> 2.2', '>= 2.2.1'
 -
 # Protect against bruteforcing
 gem 'rack-attack', '~> 6.6', '>= 6.6.1'
--- a/debian/patches/Gemfile/0180-add-parser-gem.patch
+++ b/debian/patches/Gemfile/0180-add-parser-gem.patch
@ -0,0 +1,14 @@
 Forwarded: https://gitlab.com/gitlab-org/gitlab/-/issues/354323
 --- a/Gemfile
 +++ b/Gemfile
@@ -32,6 +32,9 @@
 gem 'neighbor', '~> 0.2.3'
 +# Background migrations/fix vulnerabilities
 +gem 'parser', '~> 3.0'
 +
 gem 'rugged', '~> 1.5'
 gem 'grape-path-helpers', '~> 1.7', '>= 1.7.1'
--- a/debian/patches/Gemfile/0220-relax-oj-in-ipynbdiff.patch
+++ b/debian/patches/Gemfile/0220-relax-oj-in-ipynbdiff.patch
@ -0,0 +1,17 @@
 Description: Patch to allow oj >= 3.13
 Author: Mohammed Bilal <mdbilal@disroot.org>
 Forwarded: not-needed
 Last-Update: 2023-02-08 
 ---
 This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
 --- a/vendor/gems/ipynbdiff/ipynbdiff.gemspec
 +++ b/vendor/gems/ipynbdiff/ipynbdiff.gemspec
@@ -23,7 +23,7 @@
   s.require_paths = ['lib']
   s.add_runtime_dependency 'diffy', '~> 3.4'
 -  s.add_runtime_dependency 'oj', '~> 3.13.16'
 +  s.add_runtime_dependency 'oj', '>= 3.13.16'
   s.add_development_dependency 'bundler', '~> 2.2'
   s.add_development_dependency 'pry', '~> 0.14'
--- a/debian/patches/Gemfile/0230-relax-gitaly-for-rc.patch
+++ b/debian/patches/Gemfile/0230-relax-gitaly-for-rc.patch
@ -0,0 +1,15 @@
 rubygems.org only has pre releases
 Forwarded: not-needed
 --- a/Gemfile
 +++ b/Gemfile
@@ -425,7 +425,7 @@
 gem 'spamcheck', '~> 1.3'
 # Gitaly GRPC protocol definitions
 -gem 'gitaly', '~> 15.9'
 +gem 'gitaly', '~> 15.9.0-rc3'
 # KAS GRPC protocol definitions
 gem 'kas-grpc', '~> 0.1.0'
--- a/debian/patches/nodejs/0010-set-webpack-root.patch
+++ b/debian/patches/nodejs/0010-set-webpack-root.patch
@ -0,0 +1,13 @@
 Debian specific patch to help webpack find sources
 --- a/config/webpack.config.js
 +++ b/config/webpack.config.js
@@ -44,7 +44,7 @@
 const GraphqlKnownOperationsPlugin = require('./plugins/graphql_known_operations_plugin');
 -const ROOT_PATH = path.resolve(__dirname, '..');
 +const ROOT_PATH = '/usr/share/gitlab';
 const SUPPORTED_BROWSERS = fs.readFileSync(path.join(ROOT_PATH, '.browserslistrc'), 'utf-8');
 const SUPPORTED_BROWSERS_HASH = crypto
   .createHash('sha256')
--- a/debian/patches/nodejs/0030-use-yarnpkg.patch
+++ b/debian/patches/nodejs/0030-use-yarnpkg.patch
@ -0,0 +1,36 @@
 Yarn executable in debian is yarnpkg
 --- a/lib/tasks/yarn.rake
 +++ b/lib/tasks/yarn.rake
@@ -3,7 +3,7 @@
 namespace :yarn do
   desc 'Ensure Yarn is installed'
   task :available do
 -    unless system('yarn --version', out: File::NULL)
 +    unless system('yarnpkg --version', out: File::NULL)
       warn(
         'Error: Yarn executable was not detected in the system.'.color(:red),
         'Download Yarn at https://yarnpkg.com/en/docs/install'.color(:green)
@@ -14,10 +14,10 @@
   desc 'Ensure Node dependencies are installed'
   task check: ['yarn:available'] do
 -    unless system('yarn check --ignore-engines', out: File::NULL)
 +    unless system('yarnpkg check --ignore-engines', out: File::NULL)
       warn(
 -        'Error: You have unmet dependencies. (`yarn check` command failed)'.color(:red),
 -        'Run `yarn install` to install missing modules.'.color(:green)
 +        'Error: You have unmet dependencies. (`yarnpkg check` command failed)'.color(:red),
 +        'Run `yarnpkg install` to install missing modules.'.color(:green)
       )
       abort
     end
@@ -25,7 +25,7 @@
   desc 'Install Node dependencies with Yarn'
   task install: ['yarn:available'] do
 -    unless system('yarn install --pure-lockfile --ignore-engines --prefer-offline')
 +    unless system('yarnpkg install')
       abort 'Error: Unable to install node modules.'.color(:red)
     end
   end
--- a/debian/patches/series
+++ b/debian/patches/series
@ -0,0 +1,21 @@
 Gemfile/0010-relax-stable-libs.patch
 Gemfile/0020-remove-development-test.patch
 Gemfile/0030-make-test-dependencies-conditional.patch
 Gemfile/0040-relax-httparty.patch
 Gemfile/0090-remove-ee-only-gems.patch
 Gemfile/0180-add-parser-gem.patch
 Gemfile/0220-relax-oj-in-ipynbdiff.patch
 Gemfile/0230-relax-gitaly-for-rc.patch
 nodejs/0010-set-webpack-root.patch
 nodejs/0030-use-yarnpkg.patch
 tweaks/0010-source-init-functions.patch
 tweaks/0020-fix-mail-room-path.patch
 tweaks/0030-fix-gitlab-yml-path.patch
 tweaks/0040-debian-usage-ping.patch
 tweaks/0050-add-salsa-link-to-help.patch
 tweaks/0060-fix-relative-paths.patch
 tweaks/0070-remove-capybara-screenshot-rspec.patch
 tweaks/0080-search-binaries-in-path.patch
 tweaks/0090-cross-platform-text.patch
 tweaks/0100-rename-gitlab-shell-check.patch
 tweaks/0110-remove-dangerfiles.patch
--- a/debian/patches/tweaks/0010-source-init-functions.patch
+++ b/debian/patches/tweaks/0010-source-init-functions.patch
@ -0,0 +1,24 @@
 Description: fix lintian warning and init script error
 Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/12954
 --- a/lib/support/init.d/gitlab
 +++ b/lib/support/init.d/gitlab
@@ -15,6 +15,9 @@
 # chkconfig: - 85 14
 ### END INIT INFO
 +### source init functions
 +. /lib/init/vars.sh
 +. /lib/lsb/init-functions
 ###
 # DO NOT EDIT THIS FILE!
@@ -37,7 +40,7 @@
 web_server_pid_path="$pid_path/puma.pid"
 mail_room_enabled=false
 mail_room_pid_path="$pid_path/mail_room.pid"
 -gitlab_workhorse_dir=$(cd $app_root/../gitlab-workhorse 2> /dev/null && pwd)
 +gitlab_workhorse_dir=$app_root/../gitlab-workhorse
 gitlab_workhorse_pid_path="$pid_path/gitlab-workhorse.pid"
 gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8080 -authSocket $rails_socket -documentRoot $app_root/public"
 gitlab_workhorse_log="$app_root/log/gitlab-workhorse.log"
--- a/debian/patches/tweaks/0020-fix-mail-room-path.patch
+++ b/debian/patches/tweaks/0020-fix-mail-room-path.patch
@ -0,0 +1,12 @@
 require_relative does not work with debian package layout
 --- a/config/mail_room.yml
 +++ b/config/mail_room.yml
@@ -1,6 +1,6 @@
 :mailboxes:
   <%
 -    require_relative "../lib/gitlab/mail_room" unless defined?(Gitlab::MailRoom)
 +    require "/usr/share/gitlab/lib/gitlab/mail_room" unless defined?(Gitlab::MailRoom)
     Gitlab::MailRoom.enabled_configs.each do |key, config|
   %>
     -
--- a/debian/patches/tweaks/0030-fix-gitlab-yml-path.patch
+++ b/debian/patches/tweaks/0030-fix-gitlab-yml-path.patch
@ -0,0 +1,12 @@
 Fix for debian package layout
 --- a/config/settings.rb
 +++ b/config/settings.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 -require_relative '../lib/gitlab_settings'
 +require_relative '/usr/share/gitlab/lib/gitlab_settings'
 file = ENV.fetch('GITLAB_CONFIG') { Rails.root.join('config/gitlab.yml') }
 section = ENV.fetch('GITLAB_ENV') { Rails.env }
--- a/debian/patches/tweaks/0040-debian-usage-ping.patch
+++ b/debian/patches/tweaks/0040-debian-usage-ping.patch
@ -0,0 +1,10 @@
 Description: Set installation type to debian-native for usage ping differentiation
 Author: Balasankar C <balasankarc@debian.org>
 Last-Update: 2019-01-04
 ---
 This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
 --- a/INSTALLATION_TYPE
 +++ b/INSTALLATION_TYPE
@@ -1 +1 @@
 -source
 +debian-native
--- a/debian/patches/tweaks/0050-add-salsa-link-to-help.patch
+++ b/debian/patches/tweaks/0050-add-salsa-link-to-help.patch
@ -0,0 +1,19 @@
 Description: Use link to gitlab project on Salsa in help page
 Author: Balasankar C <balasankarc@debian.org>
 Last-Update: 2018-12-16
 ---
 This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
 --- a/app/helpers/version_check_helper.rb
 +++ b/app/helpers/version_check_helper.rb
@@ -24,7 +24,10 @@
   def link_to_version
     link = link_to(Gitlab::Source.ref, Gitlab::Source.release_url)
 -    if Gitlab.pre_release?
 +    if ENV['GITLAB_DEBIAN_VERSION'] && ENV['SALSA_TAG_URL']
 +      debian_tag = ENV['GITLAB_DEBIAN_VERSION'].gsub('~', '_')
 +      link_to ENV['GITLAB_DEBIAN_VERSION'], ENV['SALSA_TAG_URL'] + debian_tag
 +    elsif Gitlab.pre_release?
       [Gitlab::VERSION, content_tag(:small, link)].join(' ').html_safe
     else
       link
--- a/debian/patches/tweaks/0060-fix-relative-paths.patch
+++ b/debian/patches/tweaks/0060-fix-relative-paths.patch
@ -0,0 +1,38 @@
 Debian specific patch to adapt to debian policy mandated paths
 --- a/config/initializers/1_settings.rb
 +++ b/config/initializers/1_settings.rb
@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 -require_relative '../settings'
 -require_relative '../object_store_settings'
 -require_relative '../smime_signature_settings'
 +require '/usr/share/gitlab/config/settings'
 +require '/usr/share/gitlab/config/object_store_settings'
 +require '/usr/share/gitlab/config/smime_signature_settings'
 # Default settings
 Settings['shared'] ||= {}
 --- a/config/environment.rb
 +++ b/config/environment.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 # Load the Rails application.
 -require_relative 'application'
 +require '/usr/share/gitlab/config/application'
 # Initialize the Rails application.
 Rails.application.initialize!
 --- a/config/initializers_before_autoloader/001_fast_gettext.rb
 +++ b/config/initializers_before_autoloader/001_fast_gettext.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 -require_relative '../../lib/gitlab/i18n'
 -require_relative '../../lib/gitlab/i18n/pluralization'
 +require '/usr/share/gitlab/lib/gitlab/i18n'
 +require '/usr/share/gitlab/lib/gitlab/i18n/pluralization'
 Gitlab::I18n.setup(domain: 'gitlab', default_locale: :en)
--- a/debian/patches/tweaks/0070-remove-capybara-screenshot-rspec.patch
+++ b/debian/patches/tweaks/0070-remove-capybara-screenshot-rspec.patch
@ -0,0 +1,29 @@
 --- a/spec/support/capybara.rb
 +++ b/spec/support/capybara.rb
@@ -3,7 +3,6 @@
 # rubocop:disable Style/GlobalVars
 require 'capybara/rails'
 require 'capybara/rspec'
 -require 'capybara-screenshot/rspec'
 require 'selenium-webdriver'
 # Give CI some extra time
@@ -129,18 +128,6 @@
 Capybara.default_normalize_ws = true
 Capybara.enable_aria_label = true
 -Capybara::Screenshot.append_timestamp = false
 -
 -Capybara::Screenshot.register_filename_prefix_formatter(:rspec) do |example|
 -  example.full_description.downcase.parameterize(separator: "_")[0..SCREENSHOT_FILENAME_LENGTH]
 -end
 -# Keep only the screenshots generated from the last failing test suite
 -Capybara::Screenshot.prune_strategy = :keep_last_run
 -# From https://github.com/mattheworiordan/capybara-screenshot/issues/84#issuecomment-41219326
 -Capybara::Screenshot.register_driver(:chrome) do |driver, path|
 -  driver.browser.save_screenshot(path)
 -end
 -
 RSpec.configure do |config|
   config.include CapybaraHelpers, type: :feature
--- a/debian/patches/tweaks/0080-search-binaries-in-path.patch
+++ b/debian/patches/tweaks/0080-search-binaries-in-path.patch
@ -0,0 +1,27 @@
 Description: Search for gitlab-workhorse binaries also in the environment in PATH variable
 Author: Nilesh Patra <npatra974@gmail.com>
 Last-Update: 2021-01-26
 --- a/workhorse/internal/testhelper/testhelper.go
 +++ b/workhorse/internal/testhelper/testhelper.go
@@ -12,6 +12,7 @@
 	"runtime"
 	"testing"
 	"time"
 +	"os/exec"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/stretchr/testify/require"
@@ -96,8 +97,11 @@
 	rootDir := RootDir()
 	for _, exe := range workhorseExecutables {
 -		if _, err := os.Stat(path.Join(rootDir, exe)); os.IsNotExist(err) {
 -			return fmt.Errorf("cannot find executable %s. Please run 'make prepare-tests'", exe)
 +		_, err := exec.LookPath(exe)
 +		if err != nil {
 +			if _, rootdirerr := os.Stat(path.Join(rootDir, exe)); os.IsNotExist(rootdirerr) {
 +				return fmt.Errorf("cannot find executable %s. Please run 'make prepare-tests'", exe)
 +			}
 		}
 	}
--- a/debian/patches/tweaks/0090-cross-platform-text.patch
+++ b/debian/patches/tweaks/0090-cross-platform-text.patch
@ -0,0 +1,8 @@
 --- a/.gitattributes
 +++ b/.gitattributes
@@ -1,3 +1,5 @@
 +# Auto detect text files and perform LF normalization
 +*        text=auto
 VERSION merge=ours
 Dangerfile gitlab-language=ruby
 *.rb diff=ruby
--- a/debian/patches/tweaks/0100-rename-gitlab-shell-check.patch
+++ b/debian/patches/tweaks/0100-rename-gitlab-shell-check.patch
@ -0,0 +1,18 @@
 Description: Look for gitlab-shell-check binary during installation process
 Author: Mohammed Bilal <mdbilal@disroot.org>
 Bug-Debian: http://bugs.debian.org/985840
 Forwarded: not-needed
 Last-Update: 2023-02-07
 ---
 This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
 --- a/lib/system_check/gitlab_shell_check.rb
 +++ b/lib/system_check/gitlab_shell_check.rb
@@ -26,7 +26,7 @@
     def check_gitlab_shell_self_test
       gitlab_shell_repo_base = gitlab_shell_path
 -      check_cmd = File.expand_path('bin/check', gitlab_shell_repo_base)
 +      check_cmd = File.expand_path('bin/gitlab-shell-check', gitlab_shell_repo_base)
       $stdout.puts "Running #{check_cmd}"
       if system(check_cmd, chdir: gitlab_shell_repo_base)
--- a/debian/patches/tweaks/0110-remove-dangerfiles.patch
+++ b/debian/patches/tweaks/0110-remove-dangerfiles.patch
@ -0,0 +1,15 @@
 We don't need this in production
 Forwarded: not-needed
 --- a/Rakefile
 +++ b/Rakefile
@@ -17,5 +17,6 @@
 Knapsack.load_tasks if defined?(Knapsack)
 -require 'gitlab-dangerfiles'
 -Gitlab::Dangerfiles.load_tasks
 +# This is development only
 +#require 'gitlab-dangerfiles'
 +#Gitlab::Dangerfiles.load_tasks
--- a/debian/po/POTFILES.in
+++ b/debian/po/POTFILES.in
@ -0,0 +1 @@
 [type: gettext/rfc822deb] gitlab.templates
--- a/debian/rake-tasks.sh
+++ b/debian/rake-tasks.sh
@ -0,0 +1,61 @@
 #! /bin/sh
 set -e
 # Read debian specific configuration
 . /etc/gitlab/gitlab-debian.conf
 export DB RAILS_ENV
 export GEM_HOME=/var/lib/gitlab/.gem
 export GEM_PATH=$(gem env gempath)
 cd /usr/share/gitlab
 # Remove all lines from Gemfile.lock
 runuser -u ${gitlab_user} -- sh -c "touch ${gitlab_data_dir}/Gemfile.lock && \
 truncate -s 0 ${gitlab_data_dir}/Gemfile.lock"
 # Regenerate Gemfile.lock
 runuser -u ${gitlab_user} -- sh -c '/usr/bin/bundle install --local'
 # Check if the db is already present
 db_relations="$(LANG=C runuser -u postgres -- sh -c "psql gitlab_production -c \"\d\"" 2>&1)"
 if [ "$db_relations" = "No relations found." ] || \
  [ "$db_relations" = "Did not find any relations." ]; then
  echo "Initializing database..."
  test -f ${gitlab_home}/db/structure.sql || \
  runuser -u ${gitlab_user} -- sh -c \
  "cp ${gitlab_data_dir}/db/structure.sql.template ${gitlab_data_dir}/db/structure.sql"
  runuser -u ${gitlab_user} -- sh -c \
  "touch ${gitlab_data_dir}/.gitlab_shell_secret"
  runuser -u ${gitlab_user} -- sh -c 'touch /var/lib/gitlab/secrets.yml'
  runuser -u ${gitlab_user} -- sh -c '/usr/bin/bundle exec rake db:structure:load'
 else
  echo "gitlab_production database is not empty, skipping gitlab setup"
 fi
 runuser -u ${gitlab_user} -- sh -c '/usr/bin/bundle exec rake db:migrate'
 # Restrict permissions for secret files
 chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret
 echo "Installing node modules..."
 cd /var/lib/gitlab
 runuser -u ${gitlab_user} -- sh -c 'install -d /var/lib/gitlab/.cache'
 runuser -u ${gitlab_user} -- sh -c 'yarnpkg set version berry'
 runuser -u ${gitlab_user} -- sh -c 'if ! grep nodeLinker .yarnrc.yml >/dev/null; then echo "nodeLinker: \"node-modules\"" >>.yarnrc.yml; fi'
 runuser -u ${gitlab_user} -- sh -c 'NODE_ENV=production yarnpkg install'
 # Remove write permissions of .yarn-metadata.json files
 runuser -u ${gitlab_user} -- sh -c 'test -d "/var/lib/gitlab/.cache/yarn/v6" && find /var/lib/gitlab/.cache/yarn/v6/ -name .yarn-metadata.json -perm -a=w -exec chmod 644 {} \;'
 cd /usr/share/gitlab
 echo "Precompiling locales..."
 runuser -u ${gitlab_user} -- sh -c '/usr/bin/bundle exec rake gettext:po_to_json'
 echo "Precompiling assets..."
 runuser -u ${gitlab_user} -- sh -c '/usr/bin/bundle exec rake tmp:cache:clear assets:precompile'
 echo "Webpacking..."
 # Workaround for webpack crashing with nodejs 10 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956211
 # Build assets in production mode - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956508
 runuser -u ${gitlab_user} -- sh -c 'NODE_ENV="production" NODE_PATH="node_modules" NODE_OPTIONS="--max-old-space-size=4096" webpack --config config/webpack.config.js'
--- a/debian/ruby-gitlab-ce.git.docs
+++ b/debian/ruby-gitlab-ce.git.docs
@ -0,0 +1,6 @@
 # FIXME: doc/ dir found in source. Consider installing the docs.
 # Examples:
 # doc/manual.html
 # doc/site/*
 # FIXME: READMEs found
 # README.md
--- a/debian/rules
+++ b/debian/rules
@ -0,0 +1,90 @@
 #!/usr/bin/make -f
 include /usr/share/dpkg/pkg-info.mk
 BUILDDIR := _build/src/gitlab.com/gitlab-org/gitlab
 VENDORDIR := ${BUILDDIR}/vendor
 SYSTEMGOCODE := /usr/share/gocode/src
 %:
 	dh $@ --buildsystem=ruby --with=ruby --package=gitlab
 	dh $@ --buildsystem=golang --with=golang --builddirectory=_build \
 	--package=gitlab-workhorse --sourcedirectory=workhorse
 override_dh_auto_configure-indep:
 	dh_auto_configure -O--package=gitlab -O--buildsystem=ruby -O--with=ruby
 override_dh_auto_configure-arch:
 	dh_auto_configure -O--package=gitlab-workhorse -O--buildsystem=golang \
 	-O--with=golang -O--builddirectory=_build -O--sourcedirectory=workhorse
 	# we don't need gitlab's (ruby) vendor directory
 	rm -rf ${VENDORDIR}
 	# workhorse-vendor is meant for workhorse, but should be renamed
 	mv ${BUILDDIR}/workhorse-vendor ${VENDORDIR}
 	# merge vendor from gitaly with vendor in build directory using simbolic links
 	cp -arsn ${SYSTEMGOCODE}/gitlab.com/gitlab-org/gitaly/v16/vendor/* \
 	${VENDORDIR}/
 	# import paths in vendor needs version as directory (go.mod is ignored)
 	mkdir -p ${VENDORDIR}/github.com/cespare/xxhash/v2
 	mkdir -p ${VENDORDIR}/github.com/oklog/ulid/v2
 	cp -arsn ${SYSTEMGOCODE}/github.com/cespare/xxhash/* ${VENDORDIR}/github.com/cespare/xxhash/v2
 	cp -arsn ${SYSTEMGOCODE}/github.com/oklog/ulid/* ${VENDORDIR}/github.com/oklog/ulid/v2
 	# only go files gets copied, but we need files like gitlab-logo.png
 	cp -rf workhorse ${BUILDDIR}
 	# Remove non-existent symlink
 	find ${BUILDDIR} -name test.git -delete
 override_dh_auto_build-indep:
 	dh_auto_build -O--package=gitlab -O--buildsystem=ruby -O--with=ruby
 override_dh_auto_build-arch:
 	dh_auto_build -O--package=gitlab-workhorse -O--buildsystem=golang \
 	-O--with=golang -O--builddirectory=_build -O--sourcedirectory=workhorse
 	# Rename binary to gitlab-workhorse (upstream is passing -o in Makefile)
 	if [ -f _build/bin/workhorse ]; then \
 	mv _build/bin/workhorse _build/bin/gitlab-workhorse; fi
 override_dh_auto_test-indep:
 	dh_auto_test -O--package=gitlab -O--buildsystem=ruby -O--with=ruby
 override_dh_auto_test-arch:
 	PATH="$(CURDIR)/_build/bin:$$PATH" dh_auto_test -O--package=gitlab-workhorse \
 	-O--buildsystem=golang -O--with=golang -O--builddirectory=_build \
 	-O--sourcedirectory=workhorse
 override_dh_auto_install-indep:
 	# skip gem2deb copying files to /usr/lib/ruby
 override_dh_auto_install-arch:
 	dh_auto_install -O--package=gitlab-workhorse -O--buildsystem=golang \
 	-O--with=golang -O--builddirectory=_build -O--sourcedirectory=workhorse
 override_dh_install-indep:
 	sh debian/upstream-file-count-check.sh
 	sh debian/upstream-config-file-check.sh
 	dh_install -XLICENSE -O--package=gitlab -O--buildsystem=ruby -O--with=ruby
 	dh_installexamples -O--package=gitlab -O--buildsystem=ruby -O--with=ruby
 	# Make sure we are installing all required files in debian/install
 	rm -rf debian/gitlab/usr/share/gitlab/tmp/*
 	find debian/gitlab/usr/share/gitlab/ -name .eslintrc.yml -delete
 	mv debian/gitlab/usr/share/gitlab/app/assets/javascripts/locale \
 	debian/gitlab/usr/share/gitlab/app/assets/javascripts/locale.static
 	if [ -f debian/gitlab/var/lib/gitlab/db/structure.sql ]; then \
 	  mv debian/gitlab/var/lib/gitlab/db/structure.sql debian/gitlab/var/lib/gitlab/db/structure.sql.template; fi
 	sed -i 's/__NEW_VERSION__/${DEB_VERSION}/g' debian/gitlab/usr/lib/gitlab/templates/gitlab-debian.conf.example
 override_dh_install-arch:
 	dh_install -XLICENSE -O--package=gitlab-workhorse -O--buildsystem=golang \
 	-O--with=golang -O--builddirectory=_build -O--sourcedirectory=workhorse
 override_dh_installsystemd-indep:
 	dh_installsystemd --no-start -p gitlab --name=gitlab-sidekiq -O--package=gitlab
 	dh_installsystemd --no-start -p gitlab --name=gitlab-puma -O--package=gitlab
 	dh_installsystemd --no-start -p gitlab --name=gitlab-mailroom -O--package=gitlab
 	dh_installsystemd --no-start -p gitlab --name=gitlab-workhorse -O--package=gitlab
 	dh_installsystemd -O--package=gitlab -O--buildsystem=ruby -O--with=ruby
 override_dh_golang-indep:
 	# don't fail in arch:all build, is there a better way ?
 override_dh_dwz:
 	# Do nothing
--- a/debian/salsa-ci.yml
+++ b/debian/salsa-ci.yml
@ -0,0 +1,7 @@
 ---
 include:
  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
 variables:
  RELEASE: 'experimental'
--- a/debian/source/format
+++ b/debian/source/format
@ -0,0 +1 @@
 3.0 (quilt)
--- a/debian/source/include-binaries
+++ b/debian/source/include-binaries
@ -0,0 +1,2 @@
 debian/gems-compat/activesupport-5.1.7/lib/active_support/values/unicode_tables.dat
 debian/gems-compat/thrift-0.11.0.0/thrift.gemspec
--- a/debian/source/lintian-overrides
+++ b/debian/source/lintian-overrides
@ -0,0 +1,52 @@
 # source is provided as snowplow-javascript-tracker component
 gitlab source: source-is-missing vendor/assets/javascripts/snowplow/sp.js line length is 32154 characters (>512)
 # json evil license is listed as an example
 gitlab source: license-problem-json-evil doc/development/licensing.md
 # Waiting for upstream change for debconf integration
 # https://gitlab.com/gitlab-org/gitlab-ce/issues/3717
 gitlab source: missing-templates-pot
 # False positive
 gitlab source: source-is-missing app/assets/javascripts/editor/editor_lite.js
 gitlab source: source-is-missing spec/javascripts/vue_mr_widget/mock_data.js line length is 518 characters (>512)
 gitlab source: source-is-missing spec/frontend/vue_mr_widget/mock_data.js line length is 518 characters (>512)
 gitlab source: source-is-missing vendor/assets/javascripts/fuzzaldrin-plus.js line length is 480 characters (>256)
 gitlab source: source-is-missing app/assets/javascripts/labels_select.js line length is 407 characters (>256)
 gitlab source: source-is-missing app/assets/javascripts/shortcuts_blob.js line length is 289 characters (>256)
 gitlab source: source-is-missing app/assets/javascripts/shortcuts_dashboard_navigation.js line length is 289 characters (>256)
 gitlab source: source-is-missing app/assets/javascripts/shortcuts_find_file.js line length is 289 characters (>256)
 gitlab source: source-is-missing app/assets/javascripts/shortcuts_issuable.js line length is 289 characters (>256)
 gitlab source: source-is-missing app/assets/javascripts/shortcuts_navigation.js line length is 289 characters (>256)
 gitlab source: source-is-missing app/assets/javascripts/shortcuts_network.js line length is 289 characters (>256)
 gitlab source: source-is-missing spec/javascripts/fixtures/emoji_menu.js line length is 32752 characters (>512)
 gitlab source: source-is-missing app/assets/javascripts/blob/blob_gitignore_selector.js line length is 289 characters (>256)
 gitlab source: source-is-missing app/assets/javascripts/blob/blob_license_selector.js line length is 289 characters (>256)
 gitlab source: source-is-missing app/assets/javascripts/pages/projects/graphs/show/stat_graph_contributors_graph.js line length is 291 characters (>256)
 gitlab source: source-is-missing app/assets/javascripts/issuable_index.js line length is 603 characters (>512)
 gitlab source: source-is-missing spec/javascripts/vue_mr_widget/mock_data.js line length is 546 characters (>512)
 gitlab source: source-is-missing app/assets/javascripts/pages/projects/graphs/show/stat_graph_contributors_graph.js line length is 289 characters (>256)
 gitlab source: source-is-missing spec/javascripts/diffs/mock_data/diff_discussions.js line length is 594 characters (>512)
 gitlab source: source-is-missing app/assets/javascripts/labels_select.js line length is 271 characters (>256)
 gitlab source: source-is-missing spec/javascripts/diffs/mock_data/diff_discussions.js line length is 566 characters (>512)
 gitlab source: source-is-missing app/assets/javascripts/visual_review_toolbar/components/wrapper_icons.js line length is 519 characters (>512)
 gitlab source: source-is-missing spec/frontend/diffs/mock_data/diff_discussions.js line length is 566 characters (>512)
 gitlab source: source-is-missing spec/frontend/monitoring/mock_data.js line length is 774 characters (>512)
 # unicode data
 gitlab source: source-is-missing app/assets/javascripts/lib/utils/regexp.js line length is 4905 characters (>512)
 # test data
 gitlab source: source-is-missing spec/fixtures/not_a_png.png
 gitlab source: source-is-missing spec/javascripts/lib/utils/mock_data.js line length is 2173 characters (>512)
 gitlab source: source-is-missing spec/frontend/lib/utils/mock_data.js line length is 2173 characters (>512)
 # encoding data
 gitlab source: source-is-missing vendor/assets/javascripts/xterm/encoding-indexes.js line length is 32697 characters (>512)
 # Source is provided by jquery-at.js
 gitlab source: source-is-missing vendor/assets/javascripts/jquery.atwho.js line length is 285 characters (>256)
 # Source is provided by jquery-caret.js
 gitlab source: source-is-missing vendor/assets/javascripts/jquery.caret.js line length is 538 characters (>512)
 # Source is provided by pdf.js
 gitlab source: source-is-missing vendor/assets/javascripts/pdf.js line length is 695 characters (>512)
 gitlab source: source-is-missing vendor/assets/javascripts/pdf.worker.js line length is 695 characters (>512)
 # Source provided by node-xterm
 gitlab source: source-is-missing vendor/assets/javascripts/xterm/xterm.js line length is 848 characters (>512)
--- a/debian/tests/control
+++ b/debian/tests/control
@ -0,0 +1,44 @@
 Tests: spec
 Depends: @, 
  sudo,
  gem2deb-test-runner,
 # For building native gems
  ruby-rspec,
  ruby-dev,
  gcc,
  libc6-dev,
  ruby-sqlite3,
 # For building gitlab-shell
  golang-any,
 # Dependencies in test group
  ruby-fuubar (>= 2.2~),
  ruby-rspec-retry (>= 0.6.1~),
  ruby-rspec-profiling,
  ruby-rspec-parameterized,
  ruby-capybara,
  ruby-selenium-webdriver (>= 3.142~),
  ruby-shoulda-matchers (>= 4.0.1~),
  ruby-email-spec (>= 2.2~),
  ruby-json-schema (>= 2.8~),
  ruby-webmock (>= 3.5.1~),
  ruby-rails-controller-testing,
  ruby-test-prof (>= 0.12~),
  ruby-rspec-junit-formatter,
  ruby-bullet,
  ruby-pry-byebug (>= 3.5.1~),
  ruby-pry-rails,
  ruby-awesome-print,
  ruby-database-cleaner (>= 1.7~),
  ruby-factory-bot-rails (>= 5.1~),
  ruby-rspec-rails (>= 4.0~beta3~),
  ruby-ffaker (>= 2.10~),
  ruby-spring (>= 2.0~),
  ruby-spring-commands-rspec,
  ruby-simplecov,
  ruby-knapsack,
  ruby-simple-po-parser,
  ruby-timecop (>= 0.9.1~),
  ruby-png-quantizator,
  ruby-parallel (>= 1.19~),
  ruby-rblineprof
 Restrictions: needs-root, needs-internet
--- a/debian/tests/spec
+++ b/debian/tests/spec
@ -0,0 +1,46 @@
 #!/bin/sh
 export SOURCE_TREE=${PWD}
 if [ -z "$ADTTMP" ]; then
  ADTTMP=$(mktemp -d)
  cleanup() {
    rm -rf "$ADTTMP"
  }
  trap cleanup INT TERM EXIT
 fi
 cd $ADTTMP
 exec 2>&1
 set -ex
 cd /usr/share/gitlab
 su gitlab -c 'truncate -s 0 Gemfile.lock'
 . /etc/gitlab/gitlab-debian.conf
 export RAILS_ENV=test
 export DB=postgres
 export INCLUDE_TEST_DEPENDS="true"
 su gitlab -c "bundle install --local"
 su gitlab -c "mkdir -p tmp/tests/gitlab-shell"
 export dbname=gitlab_test
 export gitlab_user=gitlab
 su postgres -c "createdb $dbname"
 # enable the pg_trgm extension
 su postgres -c "psql -d $dbname -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\"" || {
  exit 1
  }
 # enable the btree_gist extension
 su postgres -c "psql -d $dbname -c \"CREATE EXTENSION IF NOT EXISTS btree_gist;\"" || {
  exit 1
  }
 # Allow gitlab user required permissions
 su postgres -c "psql -c \"GRANT ALL on schema public TO ${gitlab_user};\""
 su postgres -c "psql -c \"GRANT ALL on database ${dbname} TO ${gitlab_user};\""
 # gitlab user need to create files here
 chown -R ${gitlab_user}: /usr/share/gitlab/db
 su gitlab -c "bundle exec rake db:migrate"
 su gitlab -c "bundle exec rake -f ${SOURCE_TREE}/debian/tests/spec.rake"
 #config 2/2 failed, controllers many failed
--- a/debian/tests/spec.rake
+++ b/debian/tests/spec.rake
@ -0,0 +1,42 @@
 require 'gem2deb/rake/spectask'
 Gem2Deb::Rake::RSpecTask.new do |spec|
 # directories without any spec.rb files: support, features, fixtures
 # TODO: enable javascript tests
 	spec.pattern = FileList[
 'spec/config/mail_room_spec.rb'
 #'spec/config/**/*_spec.rb',
 #'spec/controllers/*_spec.rb',
 #'spec/factories_spec.rb',
 #'spec/finders/**/*_spec.rb',
 #'spec/helpers/*_spec.rb',
 #'spec/initializers/*_spec.rb',
 #'spec/lib/**/*_spec.rb',
 #'spec/routing/**/*_spec.rb',
 #'spec/services/**/*_spec.rb',
 #'spec/tasks/**/*_spec.rb',
 #'spec/uploaders/*_spec.rb',
 #'spec/views/**/*_spec.rb',
 #'spec/workers/**/*_spec.rb',
 ] - FileList[
 #'spec/services/git_push_service_spec.rb',
 #'spec/services/create_deployment_service_spec.rb',
 #'spec/services/ci/image_for_build_service_spec.rb',
 #'spec/services/ci/process_pipeline_service_spec.rb',
 #'spec/services/ci/send_pipeline_notification_service_spec.rb',
 #'spec/services/merge_requests/merge_when_build_succeeds_service_spec.rb',
 #'spec/services/system_note_service_spec.rb',
 #'spec/controllers/registrations_controller_spec.rb',
 #'spec/lib/gitlab/metrics/sampler_spec.rb',
 #'spec/lib/banzai/filter/sanitization_filter_spec.rb',
 #'spec/lib/gitlab/badge/build/status_spec.rb',
 #'spec/lib/gitlab/database/migration_helpers_spec.rb',
 #'spec/lib/gitlab/git/hook_spec.rb',
 #'spec/lib/gitlab/saml/user_spec.rb',
 #'spec/lib/gitlab/sherlock/line_profiler_spec.rb',
 #'spec/lib/gitlab/upgrader_spec.rb',
 #'spec/lib/gitlab/url_sanitizer_spec.rb',
 #'spec/lib/gitlab/workhorse_spec.rb'
 ]
 # https://gitlab.com/gitlab-org/gitlab-ce/issues/25174
 end
--- a/debian/tests/todo/config
+++ b/debian/tests/todo/config
@ -0,0 +1 @@
 possible devise version issue https://gitlab.com/gitlab-org/gitlab-ce/issues/22291
--- a/debian/tests/todo/controllers
+++ b/debian/tests/todo/controllers
@ -0,0 +1 @@
 https://gitlab.com/gitlab-org/gitlab-ce/issues/22867
--- a/debian/tests/todo/helpers
+++ b/debian/tests/todo/helpers
@ -0,0 +1,233 @@
 $ DB=postgres sudo -u gitlab -E -H bundle exec rspec spec/helpers/
 Error deleting useless .secret file: Permission denied @ unlink_internal - /usr/share/gitlab/.secret
 DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
 Please register a mime type using `register_mime_type` then
 use `register_compressor` or `register_transformer`.
 https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
 (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:57)
 DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
 Please register a mime type using `register_mime_type` then
 use `register_compressor` or `register_transformer`.
 https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
 (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:58)
 ......FF....................................................................................................F...............................................................................................................F.FF.FF.FF.......................FF.......................................................
 Failures:
  1) ApplicationHelper project_icon returns an url for the avatar
     Failure/Error:
       expect(helper.project_icon("#{project.namespace.to_param}/#{project.to_param}").to_s).
         to eq "<img src=\"#{avatar_url}\" alt=\"Banana sample\" />"
       expected: "<img src=\"http://localhost/uploads/project/avatar/1/banana_sample.gif\" alt=\"Banana sample\" />"
            got: "<img src=\"http://nishumbha/uploads/project/avatar/1/banana_sample.gif\" alt=\"Banana sample\" />"
       (compared using ==)
     # ./spec/helpers/application_helper_spec.rb:61:in `block (3 levels) in <top (required)>'
  2) ApplicationHelper project_icon gives uploaded icon when present
     Failure/Error:
       expect(helper.project_icon("#{project.namespace.to_param}/#{project.to_param}").to_s).to match(
         image_tag(avatar_url))
       expected "<img src=\"http://nishumbha/namespace2/gitlabhq/avatar\" alt=\"Avatar\" />" to match "<img src=\"http://localhost/namespace2/gitlabhq/avatar\" alt=\"Avatar\" />"
     # ./spec/helpers/application_helper_spec.rb:71:in `block (3 levels) in <top (required)>'
  3) GitlabMarkdownHelper#link_to_gfm replaces commit message with emoji to link
     Failure/Error:
       expect(actual).
         to eq %Q(<img class="emoji" title=":book:" alt=":book:" src="http://localhost/assets/1F4D6.png" height="20" width="20" align="absmiddle"><a href="/foo">Book</a>)
       expected: "<img class=\"emoji\" title=\":book:\" alt=\":book:\" src=\"http://localhost/assets/1F4D6.png\" height=\"20\" width=\"20\" align=\"absmiddle\"><a href=\"/foo\">Book</a>"
            got: "<img class=\"emoji\" title=\":book:\" alt=\":book:\" src=\"http://nishumbha/assets/1F4D6-9d912a9d1bb10dc7f2645b345ed09e90461e83df0de275acb806f1f75cef1fcf.png\" height=\"20\" width=\"20\" align=\"absmiddle\"><a href=\"/foo\">Book</a>"
       (compared using ==)
     # ./spec/helpers/gitlab_markdown_helper_spec.rb:115:in `block (3 levels) in <top (required)>'
  4) PageLayoutHelper page_image defaults to the GitLab logo
     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
     # ./spec/helpers/page_layout_helper_spec.rb:45:in `block (3 levels) in <top (required)>'
  5) PageLayoutHelper page_image with @project assigned falls back to the default when avatar_url is nil
     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
     # ./spec/helpers/page_layout_helper_spec.rb:61:in `block (5 levels) in <top (required)>'
  6) PageLayoutHelper page_image with no assignments falls back to the default
     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
     # ./spec/helpers/page_layout_helper_spec.rb:67:in `block (5 levels) in <top (required)>'
  7) PageLayoutHelper page_image with @user assigned falls back to the default when avatar_url is nil
     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
     # ./spec/helpers/page_layout_helper_spec.rb:61:in `block (5 levels) in <top (required)>'
  8) PageLayoutHelper page_image with no assignments falls back to the default
     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
     # ./spec/helpers/page_layout_helper_spec.rb:67:in `block (5 levels) in <top (required)>'
  9) PageLayoutHelper page_image with @group assigned falls back to the default when avatar_url is nil
     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
     # ./spec/helpers/page_layout_helper_spec.rb:61:in `block (5 levels) in <top (required)>'
  10) PageLayoutHelper page_image with no assignments falls back to the default
      Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
        expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
      # ./spec/helpers/page_layout_helper_spec.rb:67:in `block (5 levels) in <top (required)>'
  11) ProjectsHelper#license_short_name when project.repository has a license_key returns the nickname of the license if present
      Failure/Error: license.nickname || license.name
      Licensee::InvalidLicense:
        'agpl-3.0' is not a valid license key
      # ./app/helpers/projects_helper.rb:116:in `license_short_name'
      # ./spec/helpers/projects_helper_spec.rb:106:in `block (4 levels) in <top (required)>'
  12) ProjectsHelper#license_short_name when project.repository has a license_key returns the name of the license if nickname is not present
      Failure/Error: license.nickname || license.name
      Licensee::InvalidLicense:
        'mit' is not a valid license key
      # ./app/helpers/projects_helper.rb:116:in `license_short_name'
      # ./spec/helpers/projects_helper_spec.rb:112:in `block (4 levels) in <top (required)>'
 Finished in 1 minute 41.2 seconds (files took 9.4 seconds to load)
 310 examples, 12 failures
 Failed examples:
 rspec ./spec/helpers/application_helper_spec.rb:57 # ApplicationHelper project_icon returns an url for the avatar
 rspec ./spec/helpers/application_helper_spec.rb:65 # ApplicationHelper project_icon gives uploaded icon when present
 rspec ./spec/helpers/gitlab_markdown_helper_spec.rb:113 # GitlabMarkdownHelper#link_to_gfm replaces commit message with emoji to link
 rspec ./spec/helpers/page_layout_helper_spec.rb:44 # PageLayoutHelper page_image defaults to the GitLab logo
 rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:2:2] # PageLayoutHelper page_image with @project assigned falls back to the default when avatar_url is nil
 rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:3:1] # PageLayoutHelper page_image with no assignments falls back to the default
 rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:4:2] # PageLayoutHelper page_image with @user assigned falls back to the default when avatar_url is nil
 rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:5:1] # PageLayoutHelper page_image with no assignments falls back to the default
 rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:6:2] # PageLayoutHelper page_image with @group assigned falls back to the default when avatar_url is nil
 rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:7:1] # PageLayoutHelper page_image with no assignments falls back to the default
 rspec ./spec/helpers/projects_helper_spec.rb:103 # ProjectsHelper#license_short_name when project.repository has a license_key returns the nickname of the license if present
 rspec ./spec/helpers/projects_helper_spec.rb:109 # ProjectsHelper#license_short_name when project.repository has a license_key returns the name of the license if nickname is not present
 pravi@nishumbha:/usr/share/gitlab$ 
 $ DB=postgres sudo -u gitlab -E -H bundle exec rspec spec/helpers/
 Error deleting useless .secret file: Permission denied @ unlink_internal - /usr/share/gitlab/.secret
 DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
 Please register a mime type using `register_mime_type` then
 use `register_compressor` or `register_transformer`.
 https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
 (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:57)
 DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
 Please register a mime type using `register_mime_type` then
 use `register_compressor` or `register_transformer`.
 https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
 (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:58)
 ......FF....................................................................................................F...............................................................................................................F.FF.FF.FF.......................FF.......................................................
 Failures:
  1) ApplicationHelper project_icon returns an url for the avatar
     Failure/Error:
       expect(helper.project_icon("#{project.namespace.to_param}/#{project.to_param}").to_s).
         to eq "<img src=\"#{avatar_url}\" alt=\"Banana sample\" />"
       expected: "<img src=\"http://localhost/uploads/project/avatar/1/banana_sample.gif\" alt=\"Banana sample\" />"
            got: "<img src=\"http://nishumbha/uploads/project/avatar/1/banana_sample.gif\" alt=\"Banana sample\" />"
       (compared using ==)
     # ./spec/helpers/application_helper_spec.rb:61:in `block (3 levels) in <top (required)>'
  2) ApplicationHelper project_icon gives uploaded icon when present
     Failure/Error:
       expect(helper.project_icon("#{project.namespace.to_param}/#{project.to_param}").to_s).to match(
         image_tag(avatar_url))
       expected "<img src=\"http://nishumbha/namespace2/gitlabhq/avatar\" alt=\"Avatar\" />" to match "<img src=\"http://localhost/namespace2/gitlabhq/avatar\" alt=\"Avatar\" />"
     # ./spec/helpers/application_helper_spec.rb:71:in `block (3 levels) in <top (required)>'
  3) GitlabMarkdownHelper#link_to_gfm replaces commit message with emoji to link
     Failure/Error:
       expect(actual).
         to eq %Q(<img class="emoji" title=":book:" alt=":book:" src="http://localhost/assets/1F4D6.png" height="20" width="20" align="absmiddle"><a href="/foo">Book</a>)
       expected: "<img class=\"emoji\" title=\":book:\" alt=\":book:\" src=\"http://localhost/assets/1F4D6.png\" height=\"20\" width=\"20\" align=\"absmiddle\"><a href=\"/foo\">Book</a>"
            got: "<img class=\"emoji\" title=\":book:\" alt=\":book:\" src=\"http://nishumbha/assets/1F4D6-9d912a9d1bb10dc7f2645b345ed09e90461e83df0de275acb806f1f75cef1fcf.png\" height=\"20\" width=\"20\" align=\"absmiddle\"><a href=\"/foo\">Book</a>"
       (compared using ==)
     # ./spec/helpers/gitlab_markdown_helper_spec.rb:115:in `block (3 levels) in <top (required)>'
  4) PageLayoutHelper page_image defaults to the GitLab logo
     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
     # ./spec/helpers/page_layout_helper_spec.rb:45:in `block (3 levels) in <top (required)>'
  5) PageLayoutHelper page_image with @project assigned falls back to the default when avatar_url is nil
     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
     # ./spec/helpers/page_layout_helper_spec.rb:61:in `block (5 levels) in <top (required)>'
  6) PageLayoutHelper page_image with no assignments falls back to the default
     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
     # ./spec/helpers/page_layout_helper_spec.rb:67:in `block (5 levels) in <top (required)>'
  7) PageLayoutHelper page_image with @user assigned falls back to the default when avatar_url is nil
     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
     # ./spec/helpers/page_layout_helper_spec.rb:61:in `block (5 levels) in <top (required)>'
  8) PageLayoutHelper page_image with no assignments falls back to the default
     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
     # ./spec/helpers/page_layout_helper_spec.rb:67:in `block (5 levels) in <top (required)>'
  9) PageLayoutHelper page_image with @group assigned falls back to the default when avatar_url is nil
     Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
       expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
     # ./spec/helpers/page_layout_helper_spec.rb:61:in `block (5 levels) in <top (required)>'
  10) PageLayoutHelper page_image with no assignments falls back to the default
      Failure/Error: expect(helper.page_image).to end_with 'assets/gitlab_logo.png'
        expected "http://test.host/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" to end with "assets/gitlab_logo.png"
      # ./spec/helpers/page_layout_helper_spec.rb:67:in `block (5 levels) in <top (required)>'
  11) ProjectsHelper#license_short_name when project.repository has a license_key returns the nickname of the license if present
      Failure/Error: license.nickname || license.name
      Licensee::InvalidLicense:
        'agpl-3.0' is not a valid license key
      # ./app/helpers/projects_helper.rb:116:in `license_short_name'
      # ./spec/helpers/projects_helper_spec.rb:106:in `block (4 levels) in <top (required)>'
  12) ProjectsHelper#license_short_name when project.repository has a license_key returns the name of the license if nickname is not present
      Failure/Error: license.nickname || license.name
      Licensee::InvalidLicense:
        'mit' is not a valid license key
      # ./app/helpers/projects_helper.rb:116:in `license_short_name'
      # ./spec/helpers/projects_helper_spec.rb:112:in `block (4 levels) in <top (required)>'
 Finished in 1 minute 41.2 seconds (files took 9.4 seconds to load)
 310 examples, 12 failures
 Failed examples:
 rspec ./spec/helpers/application_helper_spec.rb:57 # ApplicationHelper project_icon returns an url for the avatar
 rspec ./spec/helpers/application_helper_spec.rb:65 # ApplicationHelper project_icon gives uploaded icon when present
 rspec ./spec/helpers/gitlab_markdown_helper_spec.rb:113 # GitlabMarkdownHelper#link_to_gfm replaces commit message with emoji to link
 rspec ./spec/helpers/page_layout_helper_spec.rb:44 # PageLayoutHelper page_image defaults to the GitLab logo
 rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:2:2] # PageLayoutHelper page_image with @project assigned falls back to the default when avatar_url is nil
 rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:3:1] # PageLayoutHelper page_image with no assignments falls back to the default
 rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:4:2] # PageLayoutHelper page_image with @user assigned falls back to the default when avatar_url is nil
 rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:5:1] # PageLayoutHelper page_image with no assignments falls back to the default
 rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:6:2] # PageLayoutHelper page_image with @group assigned falls back to the default when avatar_url is nil
 rspec ./spec/helpers/page_layout_helper_spec.rb[1:2:7:1] # PageLayoutHelper page_image with no assignments falls back to the default
 rspec ./spec/helpers/projects_helper_spec.rb:103 # ProjectsHelper#license_short_name when project.repository has a license_key returns the nickname of the license if present
 rspec ./spec/helpers/projects_helper_spec.rb:109 # ProjectsHelper#license_short_name when project.repository has a license_key returns the name of the license if nickname is not present
 pravi@nishumbha:/usr/share/gitlab$ 
--- a/debian/tests/todo/initializers
+++ b/debian/tests/todo/initializers
@ -0,0 +1,67 @@
 $ DB=postgres sudo -u gitlab -E -H bundle exec rspec spec/initializers/
 6_validations_spec.rb    settings_spec.rb         
 secret_token_spec.rb     trusted_proxies_spec.rb  
 pravi@nishumbha:/usr/share/gitlab$ DB=postgres sudo -u gitlab -E -H bundle exec rspec spec/initializers/
 [sudo] password for pravi: 
 Error deleting useless .secret file: Permission denied @ unlink_internal - /usr/share/gitlab/.secret
 DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
 Please register a mime type using `register_mime_type` then
 use `register_compressor` or `register_transformer`.
 https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
 (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:57)
 DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
 Please register a mime type using `register_mime_type` then
 use `register_compressor` or `register_transformer`.
 https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
 (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:58)
 Error deleting useless .secret file: Permission denied @ unlink_internal - /usr/share/gitlab/.secret
 ..............F....FF.........
 Failures:
  1) create_tokens setting secret_key_base and otp_key_base when the other secrets all exist when secret_key_base and otp_key_base do not exist uses the file secret
     Failure/Error: expect(new_secrets['db_key_base']).to eq('db_key_base')
       expected: "db_key_base"
            got: nil
       (compared using ==)
     # ./spec/initializers/secret_token_spec.rb:136:in `block (6 levels) in <top (required)>'
     # ./config/initializers/secret_token.rb:84:in `write_secrets_yml'
     # ./config/initializers/secret_token.rb:31:in `create_tokens'
     # ./spec/initializers/secret_token_spec.rb:139:in `block (5 levels) in <top (required)>'
  2) create_tokens setting secret_key_base and otp_key_base when db_key_base is blank but exists in secrets.yml warns about the blank value existing in secrets.yml and exits
     Failure/Error:
       expect(self).to receive(:warn) do |warning|
         expect(warning).to include('db_key_base')
         expect(warning).to include('<%= an_erb_expression %>')
       end
       (#<RSpec::ExampleGroups::CreateTokens::SettingSecretKeyBaseAndOtpKeyBase::WhenDbKeyBaseIsBlankButExistsInSecretsYml:0x0000000ebe43b8>).warn(*(any args))
           expected: 1 time with any arguments
           received: 0 times with any arguments
     # ./spec/initializers/secret_token_spec.rb:184:in `block (4 levels) in <top (required)>'
  3) create_tokens setting secret_key_base and otp_key_base when db_key_base is blank but exists in secrets.yml does not update secrets.yml
     Failure/Error: expect { create_tokens }.to raise_error(SystemExit)
       expected SystemExit, got #<RSpec::Mocks::MockExpectationError: (File (class)).write("config/secrets.yml", "---\ntest:\n  otp_key_base: otp_key_base\n  secret_key_base: secret_key_base\n  db_key_base: \"<%= an_erb_expression %>\"\nproduction:\n  db_key_base: c0ee30ba71733e9d3524f8ab03e0018524bc7a67cb5fce8847b3071758c333de28cd847b2fc7f9a476ddbf92ce52c2d38015e1e91a1ae272fc08c4198035d2e4\n", {:mode=>"w", :perm=>384})
           expected: 0 times with any arguments
           received: 1 time with arguments: ("config/secrets.yml", "---\ntest:\n  otp_key_base: otp_key_base\n  secret_key_base: secret_key_base\n  db_key_base: \"<%= an_erb_expression %>\"\nproduction:\n  db_key_base: c0ee30ba71733e9d3524f8ab03e0018524bc7a67cb5fce8847b3071758c333de28cd847b2fc7f9a476ddbf92ce52c2d38015e1e91a1ae272fc08c4198035d2e4\n", {:mode=>"w", :perm=>384})> with backtrace:
         # ./config/initializers/secret_token.rb:84:in `write_secrets_yml'
         # ./config/initializers/secret_token.rb:31:in `create_tokens'
         # ./spec/initializers/secret_token_spec.rb:196:in `block (5 levels) in <top (required)>'
         # ./spec/initializers/secret_token_spec.rb:196:in `block (4 levels) in <top (required)>'
     # ./spec/initializers/secret_token_spec.rb:196:in `block (4 levels) in <top (required)>'
 Finished in 23.38 seconds (files took 8.94 seconds to load)
 30 examples, 3 failures
 Failed examples:
 rspec ./spec/initializers/secret_token_spec.rb:130 # create_tokens setting secret_key_base and otp_key_base when the other secrets all exist when secret_key_base and otp_key_base do not exist uses the file secret
 rspec ./spec/initializers/secret_token_spec.rb:183 # create_tokens setting secret_key_base and otp_key_base when db_key_base is blank but exists in secrets.yml warns about the blank value existing in secrets.yml and exits
 rspec ./spec/initializers/secret_token_spec.rb:192 # create_tokens setting secret_key_base and otp_key_base when db_key_base is blank but exists in secrets.yml does not update secrets.yml
--- a/debian/tests/todo/lib/ci
+++ b/debian/tests/todo/lib/ci
@ -0,0 +1 @@
 spec/lib/banzai/ https://gitlab.com/gitlab-org/gitlab-ce/issues/22289
--- a/debian/tests/todo/lib/container_registry
+++ b/debian/tests/todo/lib/container_registry
@ -0,0 +1,36 @@
 $ sudo -u gitlab -E -H bundle exec rspec spec/lib/container_registry/
 Error deleting useless .secret file: Permission denied @ unlink_internal - /usr/share/gitlab/.secret
 DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
 Please register a mime type using `register_mime_type` then
 use `register_compressor` or `register_transformer`.
 https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
 (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:57)
 DEPRECATION WARNING: Sprockets method `register_engine` is deprecated.
 Please register a mime type using `register_mime_type` then
 use `register_compressor` or `register_transformer`.
 https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors
 (called from block (2 levels) in <class:Railtie> at /usr/lib/ruby/vendor_ruby/sass/rails/railtie.rb:58)
 ...........F...............................
 Failures:
  1) ContainerRegistry::Blob#data when externally stored for invalid file should raise ArgumentError with "invalid address"
     Failure/Error: it { expect{ subject }.to raise_error(ArgumentError, 'invalid address') }
       expected ArgumentError with "invalid address", got #<NoMethodError: undefined method `request_uri' for #<URI::Generic file:/etc/passwd>> with backtrace:
         # ./lib/container_registry/client.rb:79:in `redirect_response'
         # ./lib/container_registry/client.rb:69:in `response_body'
         # ./lib/container_registry/client.rb:37:in `blob'
         # ./lib/container_registry/blob.rb:45:in `data'
         # ./spec/lib/container_registry/blob_spec.rb:66:in `block (3 levels) in <top (required)>'
         # ./spec/lib/container_registry/blob_spec.rb:107:in `block (6 levels) in <top (required)>'
         # ./spec/lib/container_registry/blob_spec.rb:107:in `block (5 levels) in <top (required)>'
     # ./spec/lib/container_registry/blob_spec.rb:107:in `block (5 levels) in <top (required)>'
 Finished in 20.94 seconds (files took 8.65 seconds to load)
 43 examples, 1 failure
 Failed examples:
 rspec ./spec/lib/container_registry/blob_spec.rb:107 # ContainerRegistry::Blob#data when externally stored for invalid file should raise ArgumentError with "invalid address"
--- a/debian/tests/todo/models
+++ b/debian/tests/todo/models
@ -0,0 +1 @@
 https://gitlab.com/gitlab-org/gitlab-ce/issues/22290
--- a/debian/unpack-components.sh
+++ b/debian/unpack-components.sh
@ -0,0 +1,36 @@
 #!/bin/bash
 : <<=cut
 =head1 DESCRIPTION
 Unpack MUT components.
 =head1 SYNOPSIS
 ./debian/unpack-components.sh
 =cut
 set -e
 set -u
 DEB_SOURCE="$( dpkg-parsechangelog -SSource )"
 DEB_VERSION_UPSTREAM="$( dpkg-parsechangelog -SVersion | sed -e 's/-[^-]*$//' )"
 if ls ../${DEB_SOURCE}_${DEB_VERSION_UPSTREAM}.orig-*.tar.* 2>>/dev/null; then
    for T in ../${DEB_SOURCE}_${DEB_VERSION_UPSTREAM}.orig-*.tar.*; do
        C="${T##*.orig-}"
        C="${C%%.tar*}"
        mkdir -p "${C}"
        tar xf ${T} -C "${C}" --strip-components=1
        if [ "$(ls -m ${C})" == "${C}" ]; then
            ## --strip-components=1 did not work.
            mv "${C}" "${C}.tmp"
            mv "${C}.tmp/${C}" .
            rmdir "${C}.tmp"
        fi
    done
 else
    printf "W: no components to extract.\n"
    exit 0
 fi
--- a/debian/upstream-config-file-check.sh
+++ b/debian/upstream-config-file-check.sh
@ -0,0 +1,13 @@
 set -e
 export LC_ALL=C.UTF-8
 find config | sort > debian/upstream-config-file-list.new
 if ! diff -u debian/upstream-config-file-list debian/upstream-config-file-list.new
 then
  echo "---------------------\n"
  echo "Obsolete config files are:"
  echo "---------------------"
  comm -13 debian/upstream-config-file-list.new debian/upstream-config-file-list
  echo "---------------------\n"
  echo "These should be added to debian/maintscript"
  echo "---------------------"
 fi
--- a/debian/upstream-config-file-list
+++ b/debian/upstream-config-file-list
--- a/debian/upstream-file-count-check.sh
+++ b/debian/upstream-file-count-check.sh
@ -0,0 +1,16 @@
 LC_ALL=C.UTF-8 ls -1a |grep -vx .git |grep -vx .pc |grep -vx _build |grep -vx \*.rej > debian/upstream-file-list.new
 if ! diff -u debian/upstream-file-list debian/upstream-file-list.new
 then
  echo "Upstream added or removed files"
  echo "Update 'debian/gitlab.install' and/or 'debian/ignored-file-list'"
  echo "\nNewly added files are:"
  echo "---------------------"
  comm -23 debian/upstream-file-list.new debian/upstream-file-list
  echo "---------------------\n"
  echo "Removed files are:"
  echo "---------------------"
  comm -13 debian/upstream-file-list.new debian/upstream-file-list
  echo "---------------------"
  echo "\nAfter updating the ignore and install files, rename 'debian/upstream-file-list.new' as 'debian/upstream-file-list'. If not using dpkg-buildpackage, generate 'debian/upstream-file-list.new' manually and then rename.\n"
  exit 1
 fi
--- a/debian/upstream-file-list
+++ b/debian/upstream-file-list
@ -0,0 +1,111 @@
 .
 ..
 .browserslistrc
 .codeclimate.yml
 .dockerignore
 .editorconfig
 .eslintignore
 .eslintrc.yml
 .foreman
 .git-blame-ignore-revs
 .gitattributes
 .github
 .gitignore
 .gitlab
 .gitlab-ci.yml
 .gitleaksignore
 .gitpod.yml
 .haml-lint.yml
 .haml-lint_todo.yml
 .lefthook
 .license_encryption_key.pub
 .mailmap
 .markdownlint.yml
 .nvmrc
 .prettierignore
 .prettierrc
 .projections.json.example
 .rubocop.yml
 .rubocop_revert_ignores.txt
 .rubocop_todo
 .rubocop_todo.yml
 .ruby-version
 .solargraph.yml.example
 .stylelintrc
 .test_license_encryption_key.pub
 .theia
 .vale.ini
 .yamllint
 CHANGELOG.md
 CONTRIBUTING.md
 Dangerfile
 Dockerfile.assets
 GITALY_SERVER_VERSION
 GITLAB_ELASTICSEARCH_INDEXER_VERSION
 GITLAB_KAS_VERSION
 GITLAB_METRICS_EXPORTER_VERSION
 GITLAB_PAGES_VERSION
 GITLAB_SHELL_VERSION
 GITLAB_WORKHORSE_VERSION
 Gemfile
 Gemfile.checksum
 Gemfile.lock
 Guardfile
 INSTALLATION_TYPE
 LICENSE
 MAINTENANCE.md
 PHILOSOPHY.md
 PROCESS.md
 Pipfile
 Pipfile.lock
 README.md
 Rakefile
 VERSION
 app
 babel.config.js
 bin
 builds
 changelogs
 config
 config.ru
 crowdin.yml
 danger
 data
 db
 debian
 doc
 docker-compose.yml
 file_hooks
 fixtures
 generator_templates
 glfm_specification
 haml_lint
 jest.config.base.js
 jest.config.contract.js
 jest.config.integration.js
 jest.config.js
 jest_resolver.js
 lefthook.yml
 lib
 locale
 log
 metrics_server
 package.json
 patches
 public
 qa
 rubocop
 scripts
 security.txt
 shared
 sidekiq_cluster
 snowplow-javascript-tracker
 spec
 storybook
 tests.yml
 tmp
 tooling
 vendor
 workhorse
 workhorse-vendor
 yarn.lock
--- a/debian/watch
+++ b/debian/watch
@ -0,0 +1,12 @@
 version=4
 # uscan: repacksuffix is not compatible with the multiple upstream tarballs; use oversionmangle.
 opts="uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha|b|a)\d*)$/$1~$2/,\
 repack,compression=xz,oversionmangle=s{\Z}{+ds1},\
 dversionmangle=s/(\d)[\+]?(debian|dfsg|ds|deb|gh)\d*(\~)*(rc)*(\d)*$/$1$3$4$5/ \
 " https://gitlab.com/gitlab-org/gitlab-foss/-/tags?sort=updated_desc .*/gitlab-foss-v(\d[\d.]*)\.tar\.gz
 opts="pgpmode=none,component=snowplow-javascript-tracker,\
 " https://github.com/snowplow/snowplow-javascript-tracker/tags?after=2.11.0-rc3 \
 .*/archive/.*/v?(2\.10\.0)@ARCHIVE_EXT@$ ignore
		`@ -0,0 +1,2 @@`
							`L /run/gitlab/cache - - - - /var/cache/gitlab`
							`L /run/gitlab/backups - - - - /var/lib/gitlab/backups`
		`@ -0,0 +1,2 @@`
							`[DEFAULT]`
							`component = [ 'snowplow-javascript-tracker', 'workhorse-vendor' ]`
		`@ -0,0 +1,2 @@`
							`interest-noawait /usr/lib/ruby/vendor_ruby`
							`interest-noawait /usr/share/rubygems-integration`
		`@ -0,0 +1,2 @@`
							`debian/gems-compat/activesupport-5.1.7/lib/active_support/values/unicode_tables.dat`
							`debian/gems-compat/thrift-0.11.0.0/thrift.gemspec`
		`@ -0,0 +1 @@`
							`possible devise version issue https://gitlab.com/gitlab-org/gitlab-ce/issues/22291`
		`@ -0,0 +1 @@`
							`https://gitlab.com/gitlab-org/gitlab-ce/issues/22867`
		`@ -0,0 +1 @@`
							`spec/lib/banzai/ https://gitlab.com/gitlab-org/gitlab-ce/issues/22289`