Package: gitlab
Version: 8.13.11+dfsg-2
Severity: important
Tags: patch
Hi,
I want to use the gitlab package as replacement for our gitlab source
installation, which uses the user 'git' (instead of 'gitlab'). Thus I
changed gitlab_user in /etc/gitlab/gitlab-debian.conf for 'gitlab' to
'git'. I had to adjust the tmpfiles configuration:
sed 's/gitlab www-data/git www-data/' /usr/lib/tmpfiles.d/gitlab.conf >
/etc/tmpfiles.d/gitlab.conf
and the service files:
for service in mailroom unicorn sidekiq workhorse; do
path=/etc/systemd/system/gitlab-${service}.service.d
mkdir -p $path
printf "[Service]\nUser=git\n" > $path/override.conf
done
gitlab is running with these changes, but package upgrades will fail,
because grantpriv.sh hard-codes the gitlab user. Please apply the
attached patches for it. Thanks.
--
Benjamin Drung
System Developer
Debian & Ubuntu Developer
ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin
Email: [email protected]
URL: http://www.profitbricks.com
Sitz der Gesellschaft: Berlin.
Registergericht: Amtsgericht Charlottenburg, HRB 125506B.
Geschäftsführer: Andreas Gauger, Achim Weiss.
>From adeb934e082afa39daa6fbe4364902b3e9ab7b26 Mon Sep 17 00:00:00 2001
From: Benjamin Drung <[email protected]>
Date: Wed, 8 Feb 2017 18:17:40 +0100
Subject: [PATCH 1/2] Honor gitlab_user setting in grantpriv.sh
If the sysadmin changes the gitlab user in
/etc/gitlab/gitlab-debian.conf, the package installation or upgrade will
fail, because grantpriv.sh will always grant privileges to the gitlab
user. Thus adapt grantpriv.sh to honor the gitlab_user setting.
---
debian/grantpriv.sh | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/debian/grantpriv.sh b/debian/grantpriv.sh
index f64d957..848fe3c 100755
--- a/debian/grantpriv.sh
+++ b/debian/grantpriv.sh
@@ -1,26 +1,28 @@
#!/bin/sh
-user=gitlab
dbname=gitlab_production
+# Take gitlab_user from envornment variable or use gitlab
+test -n "${gitlab_user:-}" || gitlab_user="gitlab"
+
# If gitlab user cannot access gitlab_production,
# then it means the gitlab role does not exist
-if ! su gitlab -c 'psql gitlab_production -c ""'
+if ! su ${gitlab_user} -c 'psql gitlab_production -c ""'
then
- echo "Create $user user with create database privillege..."
- su postgres -c "psql -c \"CREATE USER $user CREATEDB;\"" || {
+ echo "Create ${gitlab_user} user with create database privillege..."
+ su postgres -c "psql -c \"CREATE USER ${gitlab_user} CREATEDB;\"" || {
exit 1
}
fi
# By default the gitlab_prodcution is not owned by gitlab user
-echo "Make $user user owner of $dbname database..."
-su postgres -c "psql -c \"ALTER DATABASE $dbname OWNER to $user;\"" || {
+echo "Make ${gitlab_user} user owner of $dbname database..."
+su postgres -c "psql -c \"ALTER DATABASE $dbname OWNER to ${gitlab_user};\"" || {
exit 1
}
-echo "Grant all privileges to $user user..."
-su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE template1 to $user;\"" || {
+echo "Grant all privileges to ${gitlab_user} user..."
+su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE template1 to ${gitlab_user};\"" || {
exit 1
}
--
2.9.3
>From 994a6c48f2f850f77326d5a22b8ab348990e01e0 Mon Sep 17 00:00:00 2001
From: Benjamin Drung <[email protected]>
Date: Wed, 8 Feb 2017 18:25:53 +0100
Subject: [PATCH 2/2] grantpriv.sh: Use 'set -e' to make code more readable
Use 'set -e' to let the script fail when any command fails. This allows
us to remove the "command || exit 1" constructs.
---
debian/grantpriv.sh | 17 +++++------------
1 file changed, 5 insertions(+), 12 deletions(-)
diff --git a/debian/grantpriv.sh b/debian/grantpriv.sh
index 848fe3c..354a44c 100755
--- a/debian/grantpriv.sh
+++ b/debian/grantpriv.sh
@@ -1,4 +1,5 @@
#!/bin/sh
+set -e
dbname=gitlab_production
@@ -10,23 +11,15 @@ test -n "${gitlab_user:-}" || gitlab_user="gitlab"
if ! su ${gitlab_user} -c 'psql gitlab_production -c ""'
then
echo "Create ${gitlab_user} user with create database privillege..."
- su postgres -c "psql -c \"CREATE USER ${gitlab_user} CREATEDB;\"" || {
- exit 1
- }
+ su postgres -c "psql -c \"CREATE USER ${gitlab_user} CREATEDB;\""
fi
# By default the gitlab_prodcution is not owned by gitlab user
echo "Make ${gitlab_user} user owner of $dbname database..."
-su postgres -c "psql -c \"ALTER DATABASE $dbname OWNER to ${gitlab_user};\"" || {
- exit 1
- }
+su postgres -c "psql -c \"ALTER DATABASE $dbname OWNER to ${gitlab_user};\""
echo "Grant all privileges to ${gitlab_user} user..."
-su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE template1 to ${gitlab_user};\"" || {
- exit 1
- }
+su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE template1 to ${gitlab_user};\""
# enable the pg_trgm extension
-su postgres -c "psql -d $dbname -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\"" || {
- exit 1
- }
+su postgres -c "psql -d $dbname -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\""
--
2.9.3