Bug#854617: gitlab: Package installation/upgrade fails when gitlab_user is changed

Wed, 08 Feb 2017 09:39:38 -0800 

Package: gitlab
Version: 8.13.11+dfsg-2
Severity: important
Tags: patch

Hi,

I want to use the gitlab package as replacement for our gitlab source
installation, which uses the user 'git' (instead of 'gitlab'). Thus I
changed gitlab_user in /etc/gitlab/gitlab-debian.conf for 'gitlab' to
'git'. I had to adjust the tmpfiles configuration:

    sed 's/gitlab www-data/git www-data/' /usr/lib/tmpfiles.d/gitlab.conf > 
/etc/tmpfiles.d/gitlab.conf

and the service files:

    for service in mailroom unicorn sidekiq workhorse; do
        path=/etc/systemd/system/gitlab-${service}.service.d
        mkdir -p $path
        printf "[Service]\nUser=git\n" > $path/override.conf
    done

gitlab is running with these changes, but package upgrades will fail,
because grantpriv.sh hard-codes the gitlab user. Please apply the
attached patches for it. Thanks.

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin

Email: benjamin.dr...@profitbricks.com
URL:  http://www.profitbricks.com

Sitz der Gesellschaft: Berlin.
Registergericht: Amtsgericht Charlottenburg, HRB 125506B.
Geschäftsführer: Andreas Gauger, Achim Weiss.

>From adeb934e082afa39daa6fbe4364902b3e9ab7b26 Mon Sep 17 00:00:00 2001
From: Benjamin Drung <benjamin.dr...@profitbricks.com>
Date: Wed, 8 Feb 2017 18:17:40 +0100
Subject: [PATCH 1/2] Honor gitlab_user setting in grantpriv.sh

If the sysadmin changes the gitlab user in
/etc/gitlab/gitlab-debian.conf, the package installation or upgrade will
fail, because grantpriv.sh will always grant privileges to the gitlab
user. Thus adapt grantpriv.sh to honor the gitlab_user setting.
---
 debian/grantpriv.sh | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/debian/grantpriv.sh b/debian/grantpriv.sh
index f64d957..848fe3c 100755
--- a/debian/grantpriv.sh
+++ b/debian/grantpriv.sh
@@ -1,26 +1,28 @@
 #!/bin/sh
 
-user=gitlab
 dbname=gitlab_production
 
+# Take gitlab_user from envornment variable or use gitlab
+test -n "${gitlab_user:-}" || gitlab_user="gitlab"
+
 # If gitlab user cannot access gitlab_production,
 # then it means the gitlab role does not exist
-if ! su gitlab -c 'psql gitlab_production -c ""'
+if ! su ${gitlab_user} -c 'psql gitlab_production -c ""'
 then
-	echo "Create $user user with create database privillege..."
-	su postgres -c "psql -c \"CREATE USER $user CREATEDB;\"" || {
+	echo "Create ${gitlab_user} user with create database privillege..."
+	su postgres -c "psql -c \"CREATE USER ${gitlab_user} CREATEDB;\"" || {
 	  exit 1 
 	  }
 fi
 
 # By default the gitlab_prodcution is not owned by gitlab user
-echo "Make $user user owner of $dbname database..."
-su postgres -c "psql -c \"ALTER DATABASE $dbname OWNER to $user;\"" || {
+echo "Make ${gitlab_user} user owner of $dbname database..."
+su postgres -c "psql -c \"ALTER DATABASE $dbname OWNER to ${gitlab_user};\"" || {
   exit 1 
   }
 
-echo "Grant all privileges to $user user..."
-su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE template1 to $user;\"" || {
+echo "Grant all privileges to ${gitlab_user} user..."
+su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE template1 to ${gitlab_user};\"" || {
   exit 1
   }
 
-- 
2.9.3


>From 994a6c48f2f850f77326d5a22b8ab348990e01e0 Mon Sep 17 00:00:00 2001
From: Benjamin Drung <benjamin.dr...@profitbricks.com>
Date: Wed, 8 Feb 2017 18:25:53 +0100
Subject: [PATCH 2/2] grantpriv.sh: Use 'set -e' to make code more readable

Use 'set -e' to let the script fail when any command fails. This allows
us to remove the "command || exit 1" constructs.
---
 debian/grantpriv.sh | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/debian/grantpriv.sh b/debian/grantpriv.sh
index 848fe3c..354a44c 100755
--- a/debian/grantpriv.sh
+++ b/debian/grantpriv.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+set -e
 
 dbname=gitlab_production
 
@@ -10,23 +11,15 @@ test -n "${gitlab_user:-}" || gitlab_user="gitlab"
 if ! su ${gitlab_user} -c 'psql gitlab_production -c ""'
 then
 	echo "Create ${gitlab_user} user with create database privillege..."
-	su postgres -c "psql -c \"CREATE USER ${gitlab_user} CREATEDB;\"" || {
-	  exit 1 
-	  }
+	su postgres -c "psql -c \"CREATE USER ${gitlab_user} CREATEDB;\""
 fi
 
 # By default the gitlab_prodcution is not owned by gitlab user
 echo "Make ${gitlab_user} user owner of $dbname database..."
-su postgres -c "psql -c \"ALTER DATABASE $dbname OWNER to ${gitlab_user};\"" || {
-  exit 1 
-  }
+su postgres -c "psql -c \"ALTER DATABASE $dbname OWNER to ${gitlab_user};\""
 
 echo "Grant all privileges to ${gitlab_user} user..."
-su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE template1 to ${gitlab_user};\"" || {
-  exit 1
-  }
+su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE template1 to ${gitlab_user};\""
 
 # enable the pg_trgm extension
-su postgres -c "psql -d $dbname -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\"" || {
-  exit 1
-    }
+su postgres -c "psql -d $dbname -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\""
-- 
2.9.3

Reply via email to