311 lines
11 KiB
Bash
Executable file
311 lines
11 KiB
Bash
Executable file
#! /bin/sh
|
|
# postinst script for gitlab
|
|
# copied from postinst script for hplip
|
|
# $Id: hplip.postinst,v 1.1 2005/10/15 21:39:04 hmh Exp $
|
|
#
|
|
# see: dh_installdeb(1)
|
|
|
|
set -e
|
|
|
|
# Setup variables
|
|
# Now using gitlab-debian.defaults to override variables used only in
|
|
# maintainer scripts. Earlier versions used gitlab-debian.conf for this.
|
|
# Now gitlab-debian.conf will only have user/admin configurable variables
|
|
# and variables required by systemd services.
|
|
gitlab_debian_conf_example=/usr/lib/gitlab/templates/gitlab-debian.conf.example
|
|
gitlab_debian_conf_private=/var/lib/gitlab/gitlab-debian.conf
|
|
gitlab_debian_conf=/etc/gitlab/gitlab-debian.conf
|
|
gitlab_debian_defaults=/usr/lib/gitlab/gitlab-debian.defaults
|
|
gitlab_debian_defaults_copy=/var/lib/gitlab/gitlab-debian.defaults
|
|
|
|
# Show debconf questions
|
|
. /usr/share/debconf/confmodule
|
|
|
|
# summary of how this script can be called:
|
|
# * <postinst> `configure' <most-recently-configured-version>
|
|
# * <old-postinst> `abort-upgrade' <new version>
|
|
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
|
|
# <new-version>
|
|
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
|
|
# <failed-install-package> <version> `removing'
|
|
# <conflicting-package> <version>
|
|
# for details, see http://www.debian.org/doc/debian-policy/ or
|
|
# the debian-policy package
|
|
#
|
|
# quoting from the policy:
|
|
# Any necessary prompting should almost always be confined to the
|
|
# post-installation script, and should be protected with a conditional
|
|
# so that unnecessary prompting doesn't happen if a package's
|
|
# installation fails and the `postinst' is called with `abort-upgrade',
|
|
# `abort-remove' or `abort-deconfigure'.
|
|
|
|
#######################################################################
|
|
# Read debian specific configuration
|
|
#######################################################################
|
|
|
|
# Bootstrap config file - first try
|
|
. ${gitlab_debian_conf_example}
|
|
# second try
|
|
test -f ${gitlab_debian_conf_private} || \
|
|
cp ${gitlab_debian_conf_example} ${gitlab_debian_conf_private}
|
|
. ${gitlab_debian_conf_private}
|
|
|
|
# If /etc/gitlab/gitlab-debian.conf is already present, use it
|
|
test -f ${gitlab_debian_conf} && . ${gitlab_debian_conf}
|
|
export DB RAILS_ENV
|
|
|
|
# Read default values (we cannot do this before gitlab-debian.conf is exported
|
|
# as we want to override variables set by gitlab-debian.conf in earlier gitlab
|
|
# versions with gitlab-debian.defaults)
|
|
. ${gitlab_debian_defaults}
|
|
|
|
# Copy defaults for use with postrm
|
|
cp ${gitlab_debian_defaults} ${gitlab_debian_defaults_copy}
|
|
|
|
# Read gitlab_user from debconf db
|
|
db_get gitlab/user
|
|
gitlab_user=${RET:-gitlab} >/dev/null
|
|
|
|
if ! grep gitlab_user ${gitlab_debian_conf_private}; then
|
|
echo "gitlab_user=${gitlab_user}" >> ${gitlab_debian_conf_private}
|
|
fi
|
|
|
|
# Create gitlab user
|
|
. /usr/lib/gitlab/scripts/adduser.sh
|
|
|
|
#######################################################################
|
|
# update Gemfile.lock, always
|
|
#######################################################################
|
|
su ${gitlab_user} -s /bin/sh -c "truncate -s 0 ${gitlab_data_dir}/Gemfile.lock"
|
|
cd ${gitlab_app_root}
|
|
if ! su ${gitlab_user} -s /bin/sh -c 'bundle --local --quiet'; then
|
|
if [ "$1" = "triggered" ]; then
|
|
# probably triggered in the middle of an system upgrade; ignore failure
|
|
# but abort here
|
|
echo "#########################################################################"
|
|
echo "# Failed to detect gitlab dependencies; if you are in the middle of an #"
|
|
echo "# upgrade, this is probably fine, there will be another attempt later. #"
|
|
echo "# #"
|
|
echo "# If you are NOT in the middle of an upgrade, there is probably a real #"
|
|
echo "# issue. Please report a bug. #"
|
|
echo "#########################################################################"
|
|
exit 0
|
|
else
|
|
# something is really broken
|
|
exit 1
|
|
fi
|
|
fi
|
|
cd - >/dev/null
|
|
|
|
case "$1" in
|
|
configure)
|
|
gitlab_builds_log=${gitlab_log_dir}/builds
|
|
gitlab_repo_path=${gitlab_data_dir}/repositories
|
|
gitlab_uploads_path=${gitlab_data_dir}/public/uploads
|
|
|
|
# Create directories and change ownership
|
|
echo "Creating runtime directories for gitlab..."
|
|
# Setup ssh key file
|
|
mkdir -p ${gitlab_data_dir}/.ssh
|
|
touch ${gitlab_data_dir}/.ssh/authorized_keys
|
|
chown -R ${gitlab_user}: ${gitlab_data_dir}/.ssh
|
|
# Create .bundle for .bundle/config
|
|
mkdir -p ${gitlab_data_dir}/.bundle
|
|
chown -R ${gitlab_user}: ${gitlab_data_dir}/.bundle
|
|
# Create more required directories
|
|
for i in ${gitlab_repo_path} ${gitlab_cache_path} ${gitlab_uploads_path}\
|
|
${gitlab_pid_path} ${gitlab_log_dir} ${gitlab_shell_log} ${gitlab_builds_log}; do
|
|
mkdir -p $i
|
|
chown -R ${gitlab_user}: $i
|
|
done
|
|
|
|
# nginx/httpd should be able to connect to gitlab-workhorse.socket and serve public
|
|
chown ${gitlab_user}:${nginx_user} -R ${gitlab_uploads_path}/.. ${gitlab_pid_path}
|
|
|
|
# Customize permissions
|
|
echo "Updating file permissions..."
|
|
chmod -R ug+rwX,o-rwx ${gitlab_repo_path}/
|
|
chmod -R ug-s ${gitlab_repo_path}/
|
|
find ${gitlab_repo_path}/ -type d -print0 | xargs -0 chmod g+s
|
|
for i in ${gitlab_data_dir} ${gitlab_shell_root}; do
|
|
chown -R ${gitlab_user}: $i
|
|
done
|
|
|
|
su ${gitlab_user} -s /bin/sh -c "chmod 700 ${gitlab_uploads_path}"
|
|
su ${gitlab_user} -s /bin/sh -c 'git config --global core.autocrlf "input"'
|
|
|
|
# Commands below needs to be run from gitlab_app_root
|
|
cd ${gitlab_app_root}
|
|
|
|
# Obtain hostname from debconf db
|
|
db_get gitlab/fqdn
|
|
if [ "${RET}" != "" ]; then
|
|
if ! grep GITLAB_HOST ${gitlab_debian_conf_private}; then
|
|
echo "Configuring hostname and email..."
|
|
export GITLAB_HOST=${RET} # We need this to configure nginx below
|
|
cat <<EOF >> ${gitlab_debian_conf_private}
|
|
GITLAB_HOST=${RET}
|
|
GITLAB_EMAIL_FROM="no-reply@${RET}"
|
|
GITLAB_EMAIL_DISPLAY_NAME="Gitlab"
|
|
GITLAB_EMAIL_REPLY_TO="no-reply@${RET}"
|
|
EOF
|
|
fi
|
|
|
|
# Check if ssl option is selected
|
|
db_get gitlab/ssl
|
|
gl_proto="http"
|
|
|
|
# Copy example configurations
|
|
test -f ${gitlab_yml_private} || \
|
|
cp ${gitlab_yml_example} ${gitlab_yml_private}
|
|
test -f ${gitlab_shell_config_private} || \
|
|
cp ${gitlab_shell_config_example} ${gitlab_shell_config_private}
|
|
|
|
sed -i "s/GITLAB_USER/${gitlab_user}/" ${gitlab_yml_private}
|
|
|
|
if [ "${RET}" = "true" ]; then
|
|
echo "Configuring nginx with HTTPS..."
|
|
if ! grep GITLAB_HTTPS ${gitlab_debian_conf_private}; then
|
|
echo GITLAB_HTTPS=${RET} >> ${gitlab_debian_conf_private}
|
|
# Workaround for #813770
|
|
gl_proto="https"
|
|
echo "Configuring gitlab with HTTPS..."
|
|
sed -i "s/#port: 80/port: 443/" ${gitlab_yml_private}
|
|
sed -i "s/https: false/https: true/" ${gitlab_yml_private}
|
|
echo "Updating gitlab_url in gitlab-shell configuration..."
|
|
sed -i \
|
|
"s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\
|
|
${gitlab_shell_config_private}
|
|
|
|
fi
|
|
|
|
mkdir -p /etc/gitlab/ssl
|
|
nginx_conf_example=${nginx_ssl_conf_example}
|
|
|
|
# Check if letsencrypt option is selected
|
|
db_get gitlab/letsencrypt
|
|
if [ "${RET}" = "true" ]; then
|
|
echo "Configuring letsencrypt..."
|
|
ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem \
|
|
/etc/gitlab/ssl/gitlab.crt
|
|
ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem \
|
|
/etc/gitlab/ssl/gitlab.key
|
|
|
|
# Check if certificate is already present
|
|
if [ -e /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem ]; then
|
|
echo "Let's encrypt certificate already present."
|
|
else
|
|
# Port 80 and 443 should be available for letsencrypt
|
|
if command -v nginx > /dev/null; then
|
|
echo "Stopping nginx for letsencrypt..."
|
|
invoke-rc.d nginx stop
|
|
fi
|
|
|
|
letsencrypt -d ${GITLAB_HOST} certonly || {
|
|
echo "letsencrypt auto configuration failed..."
|
|
echo "Stop your webserver and try running letsencrypt manually..."
|
|
echo "letsencrypt -d ${GITLAB_HOST} certonly"
|
|
}
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# Manage tmpfiles.d/gitlab.conf via ucf
|
|
test -f ${gitlab_tmpfiles_private} || \
|
|
cp ${gitlab_tmpfiles_example} ${gitlab_tmpfiles_private}
|
|
sed -i "s/GITLAB_USER/${gitlab_user}/" ${gitlab_tmpfiles_private}
|
|
echo "Registering ${gitlab_tmpfiles} via ucf"
|
|
ucf --debconf-ok --three-way ${gitlab_tmpfiles_private} ${gitlab_tmpfiles}
|
|
ucfr gitlab ${gitlab_tmpfiles}
|
|
|
|
# Override User for systemd services
|
|
for service in mailroom unicorn sidekiq workhorse; do
|
|
path=/etc/systemd/system/gitlab-${service}.service.d
|
|
mkdir -p $path
|
|
printf "[Service]\nUser=${gitlab_user}\n" > $path/override.conf
|
|
done
|
|
|
|
# Manage gitlab-shell's config.yml via ucf
|
|
mkdir -p /etc/gitlab-shell
|
|
echo "Registering ${gitlab_shell_config} via ucf"
|
|
ucf --debconf-ok --three-way ${gitlab_shell_config_private} ${gitlab_shell_config}
|
|
ucfr gitlab ${gitlab_shell_config}
|
|
|
|
# Manage gitlab.yml via ucf
|
|
echo "Registering ${gitlab_yml} via ucf"
|
|
ucf --debconf-ok --three-way ${gitlab_yml_private} ${gitlab_yml}
|
|
ucfr gitlab ${gitlab_yml}
|
|
|
|
# Manage gitlab-debian.conf via ucf
|
|
echo "Registering ${gitlab_debian_conf} via ucf"
|
|
ucf --debconf-ok --three-way ${gitlab_debian_conf_private} ${gitlab_debian_conf}
|
|
ucfr gitlab ${gitlab_debian_conf}
|
|
|
|
# configure nginx site
|
|
if test -d /etc/nginx/sites-available/; then
|
|
if test -f ${nginx_conf_example}; then
|
|
nginx_site="/etc/nginx/sites-available/${GITLAB_HOST}"
|
|
sed -e "s/YOUR_SERVER_FQDN/${GITLAB_HOST}/"\
|
|
${nginx_conf_example} >${nginx_site_private}
|
|
ucf --debconf-ok --three-way ${nginx_site_private} ${nginx_site}
|
|
ucfr gitlab ${nginx_site}
|
|
ln -fs ${nginx_site} /etc/nginx/sites-enabled/
|
|
rm -f ${nginx_conf_example_tmp}
|
|
else
|
|
echo "nginx example configuration file not found"
|
|
exit 1
|
|
fi
|
|
fi
|
|
# Reload nginx
|
|
if command -v nginx > /dev/null; then
|
|
echo "Reloading nginx configuration..."
|
|
invoke-rc.d nginx reload
|
|
fi
|
|
else
|
|
echo "Failed to retrieve fully qualified domain name"
|
|
exit 1
|
|
fi
|
|
db_stop
|
|
|
|
echo "Create database if not present"
|
|
if ! su postgres -s /bin/sh -c "psql gitlab_production -c ''"; then
|
|
su postgres -c 'createdb -E unicode -T template0 gitlab_production'
|
|
fi
|
|
|
|
# Adjust database privileges
|
|
. /usr/lib/gitlab/scripts/grantpriv.sh
|
|
|
|
# Remove Gemfile.lock if present
|
|
rm -f ${gitlab_data_dir}/Gemfile.lock
|
|
|
|
# Create Gemfile.lock and .secret in /var/lib/gitlab
|
|
su ${gitlab_user} -s /bin/sh -c "touch ${gitlab_data_dir}/Gemfile.lock"
|
|
|
|
echo "Verifying we have all required libraries..."
|
|
su ${gitlab_user} -s /bin/sh -c 'bundle install --without development test --local'
|
|
|
|
echo "Running final rake tasks and tweaks..."
|
|
. /usr/lib/gitlab/scripts/rake-tasks.sh
|
|
;;
|
|
|
|
triggered)
|
|
# Already handled
|
|
;;
|
|
|
|
abort-upgrade|abort-remove|abort-deconfigure)
|
|
;;
|
|
|
|
*)
|
|
echo "postinst called with unknown argument \`$1'" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
#DEBHELPER#
|
|
|
|
case "$1" in
|
|
configure)
|
|
echo "Running rake checks..."
|
|
. /usr/lib/gitlab/scripts/gitlab-check.sh
|
|
;;
|
|
esac
|