archives/gitlab-foss: new aport

archives/gitlab-foss/APKBUILD

@@ -0,0 +1,375 @@
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+pkgname=gitlab-foss
+_pkgname=${pkgname%-foss}
+pkgver=17.0.4
+_gittag=v$pkgver
+pkgrel=0
+pkgdesc="A version control for your server"
+url="https://gitlab.com/gitlab-org/gitlab-foss"
+arch="x86_64 aarch64"
+license="MIT"
+# ruby-irb is needed only for Rails console (gitlab-rails console)
+depends="
+	$pkgname-assets=$pkgver-r$pkgrel
+	ca-certificates
+	cmd:dpkg-deb
+	exiftool
+	git>=2.42.0
+	gitaly~=17.0
+	gitlab-shell>=14.35
+	graphicsmagick
+	http-parser
+	procps
+	py-docutils
+	python3
+	redis>=2.8
+	ruby3.2
+	ruby3.2-bigdecimal
+	ruby3.2-bundler
+	ruby3.2-fiddle
+	ruby3.2-io-console
+	ruby3.2-irb
+	ruby3.2-json
+	ruby3.2-rake
+	ruby3.2-rdoc
+	ruby3.2-webrick
+	shared-mime-info
+	tzdata
+	"
+makedepends="
+	cargo
+	clang-dev
+	cmd:chrpath
+	cmake
+	file-dev
+	go
+	gpgme-dev
+	icu-dev
+	libffi-dev
+	libgcrypt-dev
+	libpq-dev
+	libxml2-dev
+	libxslt-dev
+	linux-headers
+	llvm
+	nodejs
+	openssl-dev
+	protobuf-dev
+	re2-dev
+	ruby3.2-dev
+	rust
+	yarn>=1.2.0
+	"
+pkgusers="git"
+pkggroups="git www-data"
+install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
+subpackages="$pkgname-assets::noarch $pkgname-openrc"
+source="https://gitlab.com/gitlab-org/gitlab-foss/-/archive/$_gittag/gitlab-foss-$_gittag.tar.gz
+	database-config.patch
+	$_pkgname.initd
+	$_pkgname.mailroom.initd
+	$_pkgname.rails.initd
+	$_pkgname.sidekiq.initd
+	$_pkgname.workhorse.initd
+	$_pkgname.confd
+	$_pkgname.logrotate
+	bin-wrapper.in
+	upgrade-sys-filesystem-depend.patch
+	"
+builddir="$srcdir/gitlab-foss-$_gittag"
+
+_prefix="usr/lib/bundles/$_pkgname"
+
+export BUNDLE_DEPLOYMENT=true
+export BUNDLE_FORCE_RUBY_PLATFORM=true
+export BUNDLE_FROZEN=true
+# Should be tied to $JOBS, but rust native code fails to build
+export BUNDLE_JOBS=1
+
+prepare() {
+	default_prepare
+
+	# The default log level is very chatty.
+	sed -i 's/^\(\s*config.log_level\s*=\).*$/\1 :warn/' \
+		config/environments/production.rb
+
+	# This is not needed, the secret_token is generated by the
+	# gitlab-shell package. It also makes problems in the build phase.
+	rm config/initializers/gitlab_shell_secret_token.rb
+
+	# Remove all locale files except en.
+	find locale -type d -mindepth 1 ! -name en -exec rm -rf {} +
+
+	# Allow use of any bundler
+	sed -i -e '/BUNDLED/,+1d' Gemfile.lock
+}
+
+build() {
+	local bundle_without='exclude development kerberos mysql test'
+
+	cd "$builddir"/workhorse
+
+	make
+
+	cd "$builddir"
+
+	msg "Installing Ruby gems..."
+	bundle config --local without "$bundle_without"
+	bundle config --local build.ffi --enable-system-libffi
+	bundle config --local build.gpgme --use-system-libraries
+	bundle config --local build.re2 --enable-system-libraries
+	bundle config --local build.nokogiri --use-system-libraries \
+		--with-xml2-include=/usr/include/libxml2 \
+		--with-xslt-include=/usr/include/libxslt
+	bundle config --local build.ruby-magic --enable-system-libraries
+	bundle config --local build.google-protobuf '-- --with-cflags=-D__va_copy=va_copy'
+	bundle config --local path "vendor/bundle"
+
+	bundle install --no-cache
+
+	# Replace bundled CA bundle with symlink.
+	(
+		cd vendor/bundle/ruby/*/gems/aws-sdk-core-*/
+		rm ca-bundle.crt
+		ln -s /etc/ssl/certs/ca-certificates.crt ca-bundle.crt
+	)
+
+	# Remove faulty RPATH.
+	chrpath -d vendor/bundle/ruby/*/extensions/*/*/ruby-magic-*/magic/magic.so
+
+	# Patch installed gem gitlab-markup to use python3.
+	# Option "-S" causes that Python cannot find docutils module.
+	sed -i 's/python2 -S/python3/g' \
+		vendor/bundle/ruby/*/gems/gitlab-markup-*/lib/github/markups.rb
+
+	# Remove non-sense require of code for tests from top-level module
+	# (we're gonna delete tests from the package).
+	sed -i '/require .carrierwave\/test\/matchers./d' \
+		vendor/bundle/ruby/*/gems/carrierwave-*/lib/carrierwave.rb
+
+	msg "Installing npm modules..."
+	yarn install --production --frozen-lockfile
+
+	# Since we have moved assets gems into a group, they are not implicitly
+	# loaded by default. This will be reverted after compiling assets.
+	sed -i.bak '/Bundler.require(\*Rails.groups/s/)/, :assets)/' \
+		config/application.rb
+
+	# assets:precompile and gettext:compile bootstraps the app,
+	# so they needs configs.
+	cp config/gitlab.yml.example config/gitlab.yml
+	cp config/database.yml.postgresql config/database.yml
+	cp config/secrets.yml.example config/secrets.yml
+
+	# The configured path is not readable for the user building
+	# the package, so we must remove it; GitLab will use the default path.
+	sed -i '/^\s*secret_file:.*/d' config/gitlab.yml
+
+	(
+		export NODE_ENV=production
+		export RAILS_ENV=production
+		export SKIP_STORAGE_VALIDATION=true
+		export USE_DB=false
+		export NO_SOURCEMAPS=true
+		export NODE_OPTIONS="--max_old_space_size=3584"
+
+		msg "Compiling GetText PO files..."
+		bundle exec rake gettext:compile
+
+		msg "Compiling assets (this will take few minutes)..."
+		bundle exec rake gitlab:assets:compile
+	)
+
+	# Revert changes.
+	mv config/application.rb.bak config/application.rb
+
+	msg "Cleaning assets gems..."
+	bundle config --local without 'exclude development kerberos mysql test assets'
+	bundle clean
+
+	# Create executables in bin/*.
+	# See also https://github.com/bundler/bundler/issues/6149.
+	bundle binstubs --force bundler gitlab-mail_room puma sidekiq
+
+	# Cleanup
+	rm config/database.yml config/gitlab.yml config/secrets.yml
+}
+
+package() {
+	local destdir="$pkgdir/$_prefix"
+	local datadir="$pkgdir/var/lib/gitlab"
+	local file dest
+
+	install -d -m755 "$destdir" "$destdir"/bin
+
+	install -d -m755 -o git -g git \
+		"$datadir" \
+		"$pkgdir"/etc/gitlab \
+		"$pkgdir"/var/log/gitlab \
+		"$datadir"/pages
+
+	install -d -m700 -o git -g git \
+		"$datadir"/artifacts \
+		"$datadir"/builds \
+		"$datadir"/ci_secure_files \
+		"$datadir"/dependency_proxy \
+		"$datadir"/encrypted_settings \
+		"$datadir"/external-diffs \
+		"$datadir"/lfs-objects \
+		"$datadir"/packages \
+		"$datadir"/pages \
+		"$datadir"/terraform_state \
+		"$datadir"/uploads
+
+	install -d -m0750 -o git -g www-data \
+		"$datadir"/pages
+
+	install -d -m02770 -o git -g git \
+		"$datadir"/repositories
+
+	# Install application files.
+	# Note: *VERSION files and doc directory are required (Help in GitLab
+	# menu refers to the doc directory).
+	cp -rl .bundle config.ru Gemfile* INSTALLATION_TYPE Rakefile ./*VERSION \
+		app data db doc fixtures config lib locale metrics_server public sidekiq_cluster vendor gems \
+		"$destdir"/
+
+	install -m755 -t "$destdir"/bin/ \
+		bin/bundle \
+		bin/mail_room \
+		bin/metrics-server \
+		bin/rails \
+		bin/rake \
+		bin/sidekiq \
+		bin/sidekiq-cluster \
+		bin/sidekiqmon \
+		bin/puma
+
+	cd "$destdir"
+
+	# Not needed in runtime since we have already compiled all assets.
+	rm -r app/assets
+	rm -r vendor/assets
+	find public/assets -name '*.vue' -delete
+	find public/assets -type d -exec rmdir --ignore-fail-on-non-empty '{}' \;
+	# These load gems in the assets group.
+	rm config/initializers/sprockets.rb
+
+	# Remove more stuff not neeeded in production.
+	rm -r lib/support
+	rm -r db/fixtures/development
+	find lib/tasks -maxdepth 1 -type f ! -name cache.rake ! -name setup.rake -delete
+	find lib/tasks/gitlab \( -name 'generate_docs.*' \
+	                      -o -name 'shell.*' \
+	                      -o -name 'test.*' \) -delete
+
+
+	cd "$destdir"/vendor/bundle/ruby/*/
+
+	# Remove tests, documentations and other useless files.
+	find gems/ \( -name 'doc' \
+	           -o -name 'spec' \
+	           -o -name 'test' \) \
+		-type d -maxdepth 2 -exec rm -fr "{}" +
+	find gems/ \( -name 'README*' \
+	           -o -name 'CHANGELOG*' \
+	           -o -name 'CONTRIBUT*' \
+	           -o -name '*LICENSE*' \
+	           -o -name 'Rakefile' \
+	           -o -name '.*' \) \
+		-type f -delete
+
+	# Remove bundled libgit2 sources.
+	rm -r gems/rugged-*/vendor/libgit2
+
+	# Remove assets, they are already compiled.
+	rm -r gems/tanuki_emoji-*/app/assets
+
+	# Remove build logs and cache.
+	rm -rf build_info/ cache/
+	find extensions/ \( -name gem_make.out -o -name mkmf.log \) -delete
+
+
+	cd "$destdir"
+
+	# Install and symlink config files.
+	for file in cable.yml.example \
+			database.yml.postgresql \
+			gitlab.yml.example \
+			puma.rb.example \
+			resque.yml.example \
+			sidekiq.yml.example \
+			initializers/smtp_settings.rb.sample
+	do
+		dest="$(basename "${file%.*}")"
+		install -m640 -g git -D config/$file "$pkgdir"/etc/gitlab/$dest
+		ln -sf /etc/gitlab/$dest "$pkgdir"/$_prefix/config/${file%.*}
+	done
+
+	# This file will be generated by the post-install script, just prepare symlink.
+	ln -sf /etc/gitlab/secrets.yml config/secrets.yml
+	# These shouldn't be necessary, they are all configurable, but OmniBus
+	# creates them too, so just to be sure...
+	ln -sf /etc/gitlab/gitlab_kas_secret .gitlab_kas_secret
+	ln -sf /etc/gitlab/gitlab_pages_secret .gitlab_pages_secret
+	ln -sf /etc/gitlab/gitlab_shell_secret .gitlab_shell_secret
+	ln -sf /etc/gitlab/gitlab_workhorse_secret .gitlab_workhorse_secret
+
+	# Some paths are hard-coded in GitLab, so we must make symlinks. :(
+	ln -sf /var/lib/gitlab/uploads public/uploads
+	ln -sf /var/log/gitlab log
+	ln -sf /var/tmp/gitlab tmp
+
+	cat > "$datadir"/.profile <<-EOF
+		export RAILS_ENV=production
+		export NODE_ENV=production
+		export EXECJS_RUNTIME=Disabled
+	EOF
+
+	# Install wrapper scripts to /usr/bin.
+	local name; for name in rake rails; do
+		sed "s/__COMMAND__/$name/g" "$srcdir"/bin-wrapper.in \
+			> "$builddir"/gitlab-$name
+		install -m755 -D "$builddir"/gitlab-$name "$pkgdir"/usr/bin/gitlab-$name
+	done
+
+
+	cd "$builddir"/workhorse
+
+	# Install workhorse.
+	make install DESTDIR="$pkgdir" PREFIX=/usr
+	install -m644 config.toml.example "$pkgdir"/etc/gitlab/workhorse.toml
+
+
+	for file in $_pkgname $_pkgname.rails $_pkgname.sidekiq $_pkgname.mailroom $_pkgname.workhorse; do
+		install -m755 -D "$srcdir"/$file.initd "$pkgdir"/etc/init.d/$file
+	done
+
+	install -m644 -D "$srcdir"/$_pkgname.confd \
+		"$pkgdir"/etc/conf.d/$_pkgname
+
+	install -m644 -D "$srcdir"/$_pkgname.logrotate \
+		"$pkgdir"/etc/logrotate.d/$_pkgname
+}
+
+assets() {
+	depends=""
+
+	amove $_prefix/public/assets
+}
+
+sha512sums="
+e09cfbbe4237f42bd8509c551031fd3526b75762beae7dac5164ecc4056ae07890a3ddb8500f1573f0ca9d697150654d1fcab3b3d0a3b93e5382addcee298c5b  gitlab-foss-v17.0.4.tar.gz
+daa496f3d9146f9dbddff62477bf49d5c7bd2f2a4cdbadc70ee51c8230f3ef01dc950ef157154b31c7e7bef0beecc5cbac50fbac65a79d6d9099b27bcba8b2ab  database-config.patch
+80d9bf2d064c1d4310566e087e14220e075430c46d9a6c4641c1141fbdc05381ae14a3ae7dfcb7dcb75dbf7af17a136f81764c7a4d109f248a81033782dce23b  gitlab.initd
+1f451b67a5d5e58650b0fe862a2b65cfb8bff5502b37d94ae90619c1ff9affbecf24428303a2849bebce5f94bef37078f0e5710e344bbab616134e910938384a  gitlab.mailroom.initd
+d8cdeb54c46f8204936bf5750833649e4586d3dd1942eed45955ed1661ae5f5080f59184fcb59a8f73c1405faccbf02b3db3d2c12fc2a4a81424cd35ce390768  gitlab.rails.initd
+cb4ec100f0ea7ffcbb37aead8423e636629e2f4848b2974a7b2468e96cb1081ca732ac336417b08dd943afb961df888c73af1334dcbe054dfd361e74f492fd86  gitlab.sidekiq.initd
+85c4e257a030832bd70ad1e257ae7cb568b31e01201fc845abac02d00f02492ca694be1fa2bf743dd8c8623e6a79d36adee3f4de02040134c11158a6001c064b  gitlab.workhorse.initd
+4dc00b16462f30591297fcb535fc364185d3ed76e9956597f0423a8dfd8a9a351f6ac29d9f0c73052c11324fba4768eb89a21c6bef4da99f15baaea8c9ab8407  gitlab.confd
+57f258246925fbef0780caebdf005983c72fe3db1ab3242a1e00137bd322f5ec6c0fd958db7178b8fc22103d071f550d6f71f08422bcd9e859d2a734b2ecef00  gitlab.logrotate
+a944c3886388ba1574bf8c96b6de4d9f24ef4a83f553c31a224e17a3b01f2a5c65b60c59b7ed7ca4b25670c60ea8dd41b96a8a623d909d2bb09bdf2520ed7f23  bin-wrapper.in
+0eaa7de9a906ddb0fe84b7afbaec893a134bbbdb9e71da75cf4095ef40404643e51447aee88d3cad6e565bc709b34ffd8901cc93061e4a2a410838aed42d3644  upgrade-sys-filesystem-depend.patch
+"

archives/gitlab-foss/bin-wrapper.in

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+BUNDLE_DIR='/usr/lib/bundles/gitlab'
+export RAILS_ENV='production'
+export NODE_ENV='production'
+export EXECJS_RUNTIME='Disabled'
+
+cd $BUNDLE_DIR
+install -m 700 -o git -g git -d "$(readlink ./tmp)"
+
+if [ "$(id -un)" != 'git' ]; then
+	exec su git -c '"$0" "$@"' -- bin/__COMMAND__ "$@"
+else
+	exec bin/__COMMAND__ "$@"
+fi

archives/gitlab-foss/database-config.patch

@@ -0,0 +1,66 @@
+diff --git a/config/database.yml.postgresql.orig b/config/database.yml.postgresql
+index da9f458..2d6d44e 100644
+--- a/config/database.yml.postgresql.orig
++++ b/config/database.yml.postgresql
+@@ -26,13 +26,6 @@ production:
+     username: git
+     password: "secure password"
+     host: localhost
+-  geo:
+-    adapter: postgresql
+-    encoding: unicode
+-    database: gitlabhq_geo_production
+-    username: git
+-    password: "secure password"
+-    host: localhost
+ 
+ #
+ # Development specific
+@@ -57,13 +50,6 @@ development:
+     host: localhost
+     variables:
+       statement_timeout: 15s
+-  geo:
+-    adapter: postgresql
+-    encoding: unicode
+-    database: gitlabhq_geo_development
+-    username: postgres
+-    password: "secure password"
+-    host: localhost
+ 
+ #
+ # Staging specific
+@@ -84,13 +70,6 @@ staging:
+     username: git
+     password: "secure password"
+     host: localhost
+-  geo:
+-    adapter: postgresql
+-    encoding: unicode
+-    database: gitlabhq_geo_staging
+-    username: git
+-    password: "secure password"
+-    host: localhost
+ 
+ # Warning: The database defined as "test" will be erased and
+ # re-generated from your development database when you run "rake".
+@@ -119,19 +98,3 @@ test: &test
+     reaping_frequency: nil
+     variables:
+       statement_timeout: 15s
+-  geo:
+-    adapter: postgresql
+-    encoding: unicode
+-    database: gitlabhq_geo_test
+-    username: postgres
+-    password:
+-    host: localhost
+-    reaping_frequency: nil
+-  embedding:
+-    adapter: postgresql
+-    encoding: unicode
+-    database: gitlabhq_embedding_test
+-    username: postgres
+-    password:
+-    host: localhost
+-    reaping_frequency: nil

archives/gitlab-foss/gitlab-foss.post-install

@@ -0,0 +1,108 @@
+#!/bin/sh
+set -eu
+
+group='git'
+data_dir='/var/lib/gitlab'
+secrets_file='/etc/gitlab/secrets.yml'
+shell_secret_file='/etc/gitlab/gitlab_shell_secret'
+workhorse_secret_file='/etc/gitlab/gitlab_workhorse_secret'
+kas_secret_file='/etc/gitlab/gitlab_kas_secret'
+
+gen_random_b64() {
+	local bits="$1"
+	ruby <<-EOF
+		require 'securerandom'
+		require 'base64'
+		puts Base64.strict_encode64(SecureRandom.random_bytes($bits))
+	EOF
+}
+
+
+echo "* Checking $secrets_file" >&2
+
+ruby <<-EOF
+	require 'openssl'
+	require 'securerandom'
+	require 'yaml'
+
+	secrets_file = '$secrets_file'
+	changed = false
+
+	secrets = YAML.load_file(secrets_file) if File.exist?(secrets_file)
+	secrets ||= {}
+	prod = secrets['production'] ||= {}
+	prod['db_key_base'] ||= ( changed = true; SecureRandom.hex(64) )
+	prod['secret_key_base'] ||= ( changed = true; SecureRandom.hex(64) )
+	prod['otp_key_base'] ||= ( changed = true; SecureRandom.hex(64) )
+	prod['encrypted_settings_key_base'] ||= ( changed = true; SecureRandom.hex(64) )
+	prod['openid_connect_signing_key'] ||= begin
+	  changed = true
+	  prod.delete('jws_private_key') || OpenSSL::PKey::RSA.new(2048).to_pem
+	end
+	# db/fixtures/production/010_settings.rb
+	prod['ci_jwt_signing_key'] ||= ( changed = true; OpenSSL::PKey::RSA.new(2048).to_pem )
+
+	if changed
+	  STDERR.puts "* Generating random secrets into #{secrets_file}"
+	  File.write(secrets_file, YAML.dump(secrets), mode: 'w', perm: 0640)
+	end
+EOF
+chown root:$group "$secrets_file"
+
+if [ ! -f "$shell_secret_file" ]; then
+	echo "* Generating random secret in $shell_secret_file" >&2
+
+	head -c 512 /dev/urandom | LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 64 > "$shell_secret_file"
+	chown root:$group "$shell_secret_file"
+	chmod 0640 "$shell_secret_file"
+fi
+
+if [ ! -f "$workhorse_secret_file" ]; then
+	echo "* Generating random secret in $workhorse_secret_file" >&2
+
+	# Sync with lib/gitlab/workhorse.rb.
+	gen_random_b64 32 > "$workhorse_secret_file"
+	chown root:$group "$workhorse_secret_file"
+	chmod 0640 "$workhorse_secret_file"
+fi
+
+if [ ! -f "$kas_secret_file" ]; then
+	echo "* Generating random secret in $kas_secret_file" >&2
+
+	# Sync with lib/gitlab/workhorse.rb.
+	gen_random_b64 32 > "$kas_secret_file"
+	chown root:$group "$kas_secret_file"
+	chmod 0640 "$kas_secret_file"
+fi
+
+# NOTE: We create this symlink in post-install script instead of APKBULD,
+# so user can decide to have tmp dir inside $data_dir (e.g. it's on bigger disk).
+if [ ! -e "$data_dir"/tmp ]; then
+	ln -s /var/tmp/gitlab "$data_dir"/tmp
+fi
+
+
+if [ "${0##*.}" = 'post-upgrade' ]; then
+	cat >&2 <<-EOF
+	*
+	* To finish GitLab upgrade run:
+	*
+	*     gitlab-rake gitlab:db:configure
+	*
+	EOF
+else
+	cat >&2 <<-EOF
+	*
+	* 1. Adjust settings in /etc/gitlab/database.yml and gitlab.yml.
+	*
+	* 2. Create database for GitLab:
+	*
+	*     psql -c "CREATE ROLE gitlab PASSWORD 'top-secret' INHERIT LOGIN;"
+	*     psql -c "CREATE DATABASE gitlab OWNER gitlab ENCODING 'UTF-8';"
+	*     psql -d gitlab -c "CREATE EXTENSION pg_trgm; CREATE EXTENSION btree_gist;"
+	*
+	* 3. Run "gitlab-rake gitlab:setup", or "gitlab-rake gitlab:db:configure" if
+	*    you are updating existing database.
+	*
+	EOF
+fi

archives/gitlab-foss/gitlab-foss.post-upgrade

@@ -0,0 +1 @@
+gitlab-foss.post-install

archives/gitlab-foss/gitlab-foss.pre-install

@@ -0,0 +1,53 @@
+#!/bin/sh
+# It's very important to set user/group correctly.
+
+git_dir='/var/lib/gitlab'
+
+if ! getent group git 1>/dev/null; then
+	echo '* Creating group git' 1>&2
+
+	addgroup -S git
+fi
+
+if ! id git 2>/dev/null 1>&2; then
+	echo '* Creating user git' 1>&2
+
+	adduser -DHS -G git -h "$git_dir" -s /bin/sh  \
+		-g "added by apk for gitlab-foss" git
+	passwd -u git 1>/dev/null  # unlock
+fi
+
+if ! id -Gn git | grep -Fq redis; then
+	echo '* Adding user git to group redis' 1>&2
+
+	addgroup git redis
+fi
+
+if [ "$(id -gn git)" != 'git' ]; then
+	cat >&2 <<-EOF
+	!!
+	!! User git has primary group $(id -gn git). We strongly recommend to change
+	!! git's primary group to git, otherwise GitLab may not work correctly.
+	!!
+	EOF
+
+	# Add it at least as a supplementary group.
+	adduser git git
+fi
+
+user_home="$(getent passwd git | cut -d: -f6)"
+
+if [ "$user_home" != "$git_dir" ]; then
+	cat >&2 <<-EOF
+	!!
+	!! User git has home directory in $user_home, but this package assumes
+	!! $git_dir. Although it's possible to use a different directory,
+	!! it's really not easy.
+	!!
+	!! Please change git's home directory to $git_dir, or adjust settings
+	!! and move files yourself. Otherwise GitLab will not work!
+	!!
+	EOF
+fi
+
+exit 0

archives/gitlab-foss/gitlab-rails.confd

@@ -0,0 +1,20 @@
+# Configuration for /etc/init.d/gitlab.rails
+
+# Path to the Puma configuration file.
+#puma_config="/etc/gitlab/puma.rb"
+
+# IP address and port for Puma server to listen on.
+#puma_listen_tcp="127.0.0.1:8080"
+
+# Absolute path of unix socket for Puma server to listen on.
+#puma_listen_unix="/run/gitlab/gitlab.socket"
+
+# Path to the file to redirect stdout from Puma server to.
+#puma_stdout_file="/var/log/gitlab/puma_stdout.log"
+
+# Path to the file to redirect stderr from Puma server to.
+#puma_stderr_file="/var/log/gitlab/puma_stderr.log"
+
+# Action Cable uses a separate thread pool per Puma worker. This configures
+# number of threads in the pool.
+#action_cable_worker_pool_size=4

archives/gitlab-foss/gitlab.confd

@@ -0,0 +1,85 @@
+# Configuration file for /etc/init.d/gitlab and
+# /etc/init.d/gitlab.{mailroom,rails,sidekiq,workhorse}
+
+
+# Path to the base directory for the Prometheus metrics used by Puma and
+# Sidekiq.
+#metrics_dir=/dev/shm/gitlab
+
+
+# How many Puma worker processes to create (0 to disable cluster mode).
+#puma_workers=3
+
+# IP address and port for Puma server to listen on.
+#puma_listen_tcp="127.0.0.1:8080"
+
+# Absolute path of unix socket for Puma server to listen on.
+#puma_listen_unix="/run/gitlab/gitlab.socket"
+
+# Action Cable uses a separate thread pool per Puma worker. This configures
+# number of threads in the pool.
+#action_cable_worker_pool_size=4
+
+
+# IP address and port, or absolute path of the unix socket, where should
+# Workhorse listen on for connections from a web server.
+#workhorse_listen="/run/gitlab/workhorse.socket"
+
+# How long to wait for response headers when proxying the request.
+#workhorse_proxy_header_timeout="1m0s"
+
+# Number of API requests allowed at single time.
+#workhorse_api_limit=
+
+# Maximum queueing duration of requests (default 30s).
+#workhorse_api_queue_duration=
+
+# Number of API requests allowed to be queued.
+#workhorse_api_queue_limit=
+
+# Long polling duration for job requesting for runners (default 0s - disabled)
+#workhorse_ci_long_polling_duration=
+
+# Log format to use: text, json, structured, none. Defaults to "text".
+#workhorse_log_format=
+
+# Prometheus listening address.
+#workhorse_prometheus_listen=
+
+# Sentry DSN for Workhorse.
+#workhorse_sentry_dsn=
+
+
+# Specify how many processes to create using sidekiq-cluster and which queue
+# they should handle. Each whitespace-separated item equates to one additional
+# Sidekiq process, and comma-separated values in each item determine the queues
+# it works on. The special queue name "*" means all queues.
+# Example: "* gitlab_shell process_commit,post_receive"
+# See https://docs.gitlab.com/ee/administration/sidekiq/extra_sidekiq_processes.html.
+#sidekiq_queue_groups="*"
+
+# Maximum threads to use with Sidekiq (default: 50, 0 to disable).
+#sidekiq_max_concurrency=
+
+# Minimum threads to use with Sidekiq (default: 0).
+#sidekiq_min_concurrency=
+
+# The number of seconds to wait between worker checks.
+#sidekiq_interval=
+
+# Graceful timeout for all running processes.
+#sidekiq_shutdown_timeout=
+
+# Run workers for all queues in sidekiq_queues.yml except the given ones.
+#sidekiq_negate=no
+
+# Run workers based on the provided selector.
+#sidekiq_queue_selector=no
+
+# Memory limit (in MiB) for the Sidekiq process. If the RSS (Resident Set Size)
+# of the Sidekiq process exceeds this limit, a delayed shutdown is triggered.
+#sidekiq_memkiller_max_rss=2000
+
+
+# Enable mail_room to handle incoming mails?
+#mailroom_enabled="no"

archives/gitlab-foss/gitlab.initd

@@ -0,0 +1,50 @@
+#!/sbin/openrc-run
+
+name="GitLab"
+description="Meta script for starting/stopping all the GitLab components"
+
+: ${mailroom_enabled:="no"}
+: ${pages_enabled:="yes"}
+
+subservices="gitlab.rails gitlab.gitaly gitlab.sidekiq gitlab.workhorse"
+if yesno "$mailroom_enabled"; then
+	subservices="$subservices gitlab.mailroom"
+fi
+if yesno "$pages_enabled" && [ -e /etc/init.d/gitlab.pages ]; then
+	subservices="$subservices gitlab.pages"
+fi
+
+depend() {
+	need redis postgresql
+	use net
+}
+
+start() {
+	local ret=0
+
+	ebegin "Starting all GitLab components"
+	local svc; for svc in $subservices; do
+		service $svc start || ret=1
+	done
+	eend $ret
+}
+
+stop() {
+	local ret=0
+
+	ebegin "Stopping all GitLab components"
+	local svc; for svc in $subservices; do
+		service $svc stop || ret=1
+	done
+	eend $ret
+}
+
+status() {
+	local ret=0
+
+	local svc; for svc in $subservices; do
+		echo "$svc:"
+		service $svc status || ret=1
+	done
+	eend $ret
+}

archives/gitlab-foss/gitlab.logrotate

@@ -0,0 +1,24 @@
+/var/log/gitlab/workhorse.log {
+	compress
+	maxsize 10M
+	minsize 1M
+	missingok
+	postrotate
+		/etc/init.d/gitlab.workhorse --quiet --ifstarted reopen
+	endscript
+	sharedscripts
+	rotate 5
+	weekly
+}
+
+/var/log/gitlab/*.log {
+	compress
+	copytruncate
+	delaycompress
+	maxsize 10M
+	minsize 1M
+	missingok
+	sharedscripts
+	rotate 10
+	weekly
+}

archives/gitlab-foss/gitlab.mailroom.initd

@@ -0,0 +1,40 @@
+#!/sbin/openrc-run
+
+supervisor=supervise-daemon
+
+name="GitLab (mailroom)"
+description="GitLab service for processing incoming mails."
+
+: ${gitlab_base:="/usr/lib/bundles/gitlab"}
+: ${gitlab_config:="/etc/gitlab/gitlab.yml"}
+: ${mailroom_logfile:="/var/log/gitlab/mail_room.log"}
+: ${mailroom_config:="$gitlab_base/config/mail_room.yml"}
+
+command="$gitlab_base/bin/mail_room"
+command_args="-c $mailroom_config"
+command_background="yes"
+command_user="git"
+
+directory="$gitlab_base"
+error_log="$mailroom_logfile"
+output_log="$mailroom_logfile"
+
+supervise_daemon_args="
+	--env RAILS_ENV=production
+	--env TZ=:/etc/localtime
+	--env MAIL_ROOM_GITLAB_CONFIG_FILE=$gitlab_config
+	"
+start_stop_daemon_args="--interpreted $supervise_daemon_args"
+pidfile="/run/gitlab/mail_room.pid"
+
+required_files="$mailroom_config $gitlab_config"
+
+depend() {
+	need redis
+	use net
+}
+
+start_pre() {
+	checkpath -d -m 755 -o $command_user -q "${pidfile%/*}" || return 1
+	checkpath -f -m 640 -o $command_user "$mailroom_logfile"
+}

archives/gitlab-foss/gitlab.rails.initd

@@ -0,0 +1,119 @@
+#!/sbin/openrc-run
+
+name="GitLab Rails"
+description="GitLab application"
+
+extra_started_commands="reload reopen"
+description_reload="Reload configuration"
+description_reopen="Reopen log files"
+
+: ${gitlab_base:="/usr/lib/bundles/gitlab"}
+: ${metrics_dir:="/dev/shm/gitlab"}
+
+: ${action_cable_worker_pool_size:=4}
+: ${gitlab_config:="/etc/gitlab/gitlab.yml"}
+: ${puma_workers:=3}
+: ${puma_listen_unix:="/run/gitlab/gitlab.socket"}
+: ${puma_listen_tcp:="127.0.0.1:8080"}
+: ${puma_stdout_file:="/var/log/gitlab/puma_stdout.log"}
+: ${puma_stderr_file:="/var/log/gitlab/puma_stderr.log"}
+: ${puma_config:="/etc/gitlab/puma.rb"}
+: ${puma_metrics_dir:="$metrics_dir/puma"}
+
+command="$gitlab_base/bin/puma"
+command_args="
+	--config $puma_config
+	--workers $puma_workers
+	--bind tcp://$puma_listen_tcp
+	--bind unix://$puma_listen_unix
+	--redirect-stdout $puma_stdout_file
+	--redirect-stderr $puma_stderr_file
+	--redirect-append
+	--state /run/gitlab/puma.state
+	"
+command_background="yes"
+command_user="git"
+directory="$gitlab_base"
+
+supervise_daemon_args="
+	--env ACTION_CABLE_WORKER_POOL_SIZE=$action_cable_worker_pool_size
+	--env RAILS_ENV=production
+	--env NODE_ENV=production
+	--env EXECJS_RUNTIME=Disabled
+	--env GITLAB_BASE=$gitlab_base
+	--env TZ=:/etc/localtime
+	--env prometheus_multiproc_dir=$puma_metrics_dir
+	${supervise_daemon_args:-}
+	"
+start_stop_daemon_args="
+	--interpreted
+	$supervise_daemon_args
+	$start_stop_daemon_args
+	"
+pidfile="/run/gitlab/puma.pid"
+
+required_files="$gitlab_config $puma_config"
+
+depend() {
+	need redis
+	want sshd postgresql docker-registry
+	use net
+}
+
+start_pre() {
+	checkpath -d -m 755 -o $command_user -q "${pidfile%/*}" || return 1
+	checkpath -d -m 700 -o $command_user -q "$(readlink -f "$gitlab_base"/tmp)" || return 1
+	checkpath -d -m 700 -o $command_user -q "$metrics_dir" || return 1
+	checkpath -d -m 700 -o $command_user --directory-truncate "$puma_metrics_dir" || return 1
+	checkpath -f -m 644 -o $command_user "$puma_stdout_file" || return 1
+	checkpath -f -m 644 -o $command_user "$puma_stderr_file" || return 1
+
+	# Ruby requires sticky bit on TMP directory.
+	checkpath -d -m 1777 /tmp
+
+	local downloads_path="$(_parse_yaml "$gitlab_config" \
+		production.gitlab.repository_downloads_path)"
+
+	if [ -n "$downloads_path" ]; then
+		checkpath -d -m 700 -o $command_user -q "$downloads_path"
+	fi
+
+	checkpath --directory --owner $command_user --mode 0775 \
+		/var/tmp/gitlab/downloads \
+		/var/tmp/gitlab/backups
+
+}
+
+reload() {
+	ebegin "Reloading $name"
+
+	if [ "$supervisor" ]; then
+		$supervisor "$RC_SVCNAME" --signal USR2
+	else
+		start-stop-daemon --pidfile "$pidfile" --signal USR2
+	fi
+	eend $?
+}
+
+reopen() {
+	ebegin "Telling $name to reopen log files"
+
+	if [ "$supervisor" ]; then
+		$supervisor "$RC_SVCNAME" --signal USR1
+	else
+		start-stop-daemon --pidfile "$pidfile" --signal USR1
+	fi
+	eend $?
+}
+
+_parse_yaml() {
+	local file="$1"
+	local key="$2"
+	local default="${3:-}"
+	local key_path="$(echo "[\"$key\"]" | sed 's/\./"]["/g')"
+
+	ruby <<-EOF
+	require "yaml"
+	puts YAML.load_file("$file")$key_path rescue puts "$default"
+	EOF
+}

archives/gitlab-foss/gitlab.sidekiq.initd

@@ -0,0 +1,76 @@
+#!/sbin/openrc-run
+
+extra_started_commands="finish"
+
+name="GitLab Sidekiq"
+description="GitLab backgroud workers"
+description_finish="Stop fetching new jobs and finish current ones"
+
+: ${gitlab_base:="/usr/lib/bundles/gitlab"}
+: ${metrics_dir:="/dev/shm/gitlab"}
+
+: ${sidekiq_logfile:="/var/log/gitlab/sidekiq.log"}
+: ${sidekiq_memkiller_max_rss:="2000"}  # default per Omnibus
+: ${sidekiq_metrics_dir:="$metrics_dir/sidekiq"}
+: ${sidekiq_negate:="no"}
+: ${sidekiq_queue_groups:="*"}
+: ${sidekiq_queue_selector:="no"}
+
+command="$gitlab_base/bin/sidekiq-cluster"
+# Note: The rest of the options is set in start_pre().
+command_args="-r $gitlab_base -e production ${command_args:-}"
+command_background="yes"
+command_user="git"
+
+directory="$gitlab_base"
+error_log="$sidekiq_logfile"
+output_log="$sidekiq_logfile"
+
+supervise_daemon_args="
+	--env RAILS_ENV=production
+	--env NODE_ENV=production
+	--env EXECJS_RUNTIME=Disabled
+	--env TZ=:/etc/localtime
+	--env SIDEKIQ_MEMORY_KILLER_MAX_RSS=$(( sidekiq_memkiller_max_rss * 1024 ))
+	--env prometheus_multiproc_dir=$sidekiq_metrics_dir
+	"
+start_stop_daemon_args="--interpreted $supervise_daemon_args"
+pidfile="/run/gitlab/sidekiq.pid"
+
+depend() {
+	need redis
+	use net postgresql
+}
+
+start_pre() {
+	yesno "$sidekiq_queue_selector" && command_args="$command_args --queue-selector"
+
+	command_args="$command_args
+		$(optif --max-concurrency ${sidekiq_max_concurrency:-})
+		$(optif --min-concurrency ${sidekiq_min_concurrency:-})
+		$(optif --interval ${sidekiq_interval:-})
+		$(optif --timeout ${sidekiq_shutdown_timeout:-})
+		$(set -f; printf "'%s' " $sidekiq_queue_groups)
+		"
+	yesno "$sidekiq_negate" && command_args="$command_args --negate"
+
+	checkpath -d -m 755 -o $command_user -q "${pidfile%/*}" || return 1
+	checkpath -d -m 700 -o $command_user -q "$metrics_dir" || return 1
+	checkpath -d -m 700 -o $command_user --directory-truncate "$sidekiq_metrics_dir" || return 1
+	checkpath -f -m 644 -o $command_user "$sidekiq_logfile"
+}
+
+finish() {
+	ebegin "Telling $name to stop fetching new jobs"
+
+	if [ "$supervisor" ]; then
+		$supervisor "$RC_SVCNAME" --signal TSTP
+	else
+		start-stop-daemon --pidfile "$pidfile" --signal TSTP
+	fi
+	eend $?
+}
+
+optif() {
+	test -n "$2" && printf '%s/n' "$1=$2" || true
+}

archives/gitlab-foss/gitlab.workhorse.initd

@@ -0,0 +1,75 @@
+#!/sbin/openrc-run
+
+extra_started_commands="reopen"
+
+name="GitLab Workhorse"
+description="A reverse proxy for GitLab."
+description_reopen="Reopen log files"
+
+: ${gitlab_base:="/usr/lib/bundles/gitlab"}
+: ${workhorse_logfile:="/var/log/gitlab/workhorse.log"}
+: ${workhorse_access_log:="no"}
+
+command="/usr/bin/gitlab-workhorse"
+# Note: The rest of the options is set in start_pre().
+command_args="
+	-authBackend=http://${puma_listen_tcp:="127.0.0.1:8080"}
+	-config=${workhorse_config:="/etc/gitlab/workhorse.toml"}
+	-documentRoot=${gitlab_public_dir:="$gitlab_base/public"}
+	-listenAddr=${workhorse_listen:="/run/gitlab/workhorse.socket"}
+	-listenUmask=${workhorse_listen_umask:="000"}
+	-logFile=$workhorse_logfile
+	-secretPath=${workhorse_secret_path:="/etc/gitlab/gitlab_workhorse_secret"}
+	"
+command_background="yes"
+command_user="git"
+directory="$gitlab_base"
+pidfile="/run/gitlab/workhorse.pid"
+
+depend() {
+	use net
+}
+
+start_pre() {
+	local listen_net="tcp"
+	[ "${workhorse_listen:0:1}" = '/' ] && listen_net="unix"
+
+	command_args="$command_args
+		-listenNetwork=$listen_net
+		$(optif -apiCiLongPollingDuration "$workhorse_ci_long_polling_duration")
+		$(optif -apiLimit "$workhorse_api_limit")
+		$(optif -apiQueueDuration "$workhorse_api_queue_duration")
+		$(optif -apiQueueLimit "$workhorse_api_queue_limit")
+		$(optif -authSocket "$puma_listen_unix")
+		$(optif -logFormat "$workhorse_log_format")
+		$(optif -prometheusListenAddr "$workhorse_prometheus_listen_addr")
+		$(optif -proxyHeadersTimeout "$workhorse_proxy_header_timeout")"
+	# FIXME: not implemented
+	#yesno "$workhorse_access_log" || command_args="$command_args -disableAccessLog"
+
+	start_stop_daemon_args="$start_stop_daemon_args
+		$(optif '--env GITLAB_WORKHORSE_SENTRY_DSN' "$workhorse_sentry_dns")"
+	supervise_daemon_args="$supervise_daemon_args
+		$(optif '--env GITLAB_WORKHORSE_SENTRY_DSN' "$workhorse_sentry_dns")"
+
+	checkpath -d -m 755 -o $command_user -q "${pidfile%/*}" || return 1
+	if [ "$listen_net" = "unix" ]; then
+		checkpath -d -m 755 -o $command_user -q "${workhorse_listen%/*}" || return 1
+	fi
+	checkpath -f -m 640 -o $command_user "$workhorse_logfile"
+}
+
+reopen() {
+	ebegin "Telling $name to reopen log files"
+
+	if [ "$supervisor" ]; then
+		$supervisor "$RC_SVCNAME" --signal HUP
+	else
+		start-stop-daemon --pidfile "$pidfile" --signal HUP
+	fi
+	eend $?
+}
+
+optif() {
+	test -n "$2" && printf '%s/n' "$1=$2" || true
+}

archives/gitlab-foss/upgrade-sys-filesystem-depend.patch

@@ -0,0 +1,35 @@
+diff --git a/Gemfile.orig b/Gemfile
+index c1e9e34..a4448b7 100644
+--- a/Gemfile.orig
++++ b/Gemfile
+@@ -525,7 +525,7 @@ gem 'health_check', '~> 3.0' # rubocop:todo Gemfile/MissingFeatureCategory
+ 
+ # System information
+ gem 'vmstat', '~> 2.3.0' # rubocop:todo Gemfile/MissingFeatureCategory
+-gem 'sys-filesystem', '~> 1.4.3' # rubocop:todo Gemfile/MissingFeatureCategory
++gem 'sys-filesystem', '~> 1.4.5' # rubocop:todo Gemfile/MissingFeatureCategory
+ 
+ # NTP client
+ gem 'net-ntp' # rubocop:todo Gemfile/MissingFeatureCategory
+diff --git a/Gemfile.lock.orig b/Gemfile.lock
+index bb66169..a4da10b 100644
+--- a/Gemfile.lock.orig
++++ b/Gemfile.lock
+@@ -1657,7 +1657,7 @@ GEM
+       attr_required (>= 0.0.5)
+       httpclient (>= 2.4)
+     sync (0.5.0)
+-    sys-filesystem (1.4.3)
++    sys-filesystem (1.4.5)
+       ffi (~> 1.1)
+     sysexits (1.2.0)
+     table_print (1.5.7)
+@@ -2123,7 +2123,7 @@ DEPENDENCIES
+   stackprof (~> 0.2.25)
+   state_machines-activerecord (~> 0.8.0)
+   static_holmes (~> 0.7.7)
+-  sys-filesystem (~> 1.4.3)
++  sys-filesystem (~> 1.4.5)
+   tanuki_emoji (~> 0.9)
+   telesignenterprise (~> 2.2)
+   terser (= 1.0.2)