Package: gitlab Version: 8.13.11+dfsg-2 Severity: important Tags: patch Hi,
I want to use the gitlab package as replacement for our gitlab source installation, which uses the user 'git' (instead of 'gitlab'). Thus I changed gitlab_user in /etc/gitlab/gitlab-debian.conf for 'gitlab' to 'git'. I had to adjust the tmpfiles configuration: sed 's/gitlab www-data/git www-data/' /usr/lib/tmpfiles.d/gitlab.conf > /etc/tmpfiles.d/gitlab.conf and the service files: for service in mailroom unicorn sidekiq workhorse; do path=/etc/systemd/system/gitlab-${service}.service.d mkdir -p $path printf "[Service]\nUser=git\n" > $path/override.conf done gitlab is running with these changes, but package upgrades will fail, because grantpriv.sh hard-codes the gitlab user. Please apply the attached patches for it. Thanks. -- Benjamin Drung System Developer Debian & Ubuntu Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Email: benjamin.dr...@profitbricks.com URL: http://www.profitbricks.com Sitz der Gesellschaft: Berlin. Registergericht: Amtsgericht Charlottenburg, HRB 125506B. Geschäftsführer: Andreas Gauger, Achim Weiss.
>From adeb934e082afa39daa6fbe4364902b3e9ab7b26 Mon Sep 17 00:00:00 2001 From: Benjamin Drung <benjamin.dr...@profitbricks.com> Date: Wed, 8 Feb 2017 18:17:40 +0100 Subject: [PATCH 1/2] Honor gitlab_user setting in grantpriv.sh If the sysadmin changes the gitlab user in /etc/gitlab/gitlab-debian.conf, the package installation or upgrade will fail, because grantpriv.sh will always grant privileges to the gitlab user. Thus adapt grantpriv.sh to honor the gitlab_user setting. --- debian/grantpriv.sh | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/debian/grantpriv.sh b/debian/grantpriv.sh index f64d957..848fe3c 100755 --- a/debian/grantpriv.sh +++ b/debian/grantpriv.sh @@ -1,26 +1,28 @@ #!/bin/sh -user=gitlab dbname=gitlab_production +# Take gitlab_user from envornment variable or use gitlab +test -n "${gitlab_user:-}" || gitlab_user="gitlab" + # If gitlab user cannot access gitlab_production, # then it means the gitlab role does not exist -if ! su gitlab -c 'psql gitlab_production -c ""' +if ! su ${gitlab_user} -c 'psql gitlab_production -c ""' then - echo "Create $user user with create database privillege..." - su postgres -c "psql -c \"CREATE USER $user CREATEDB;\"" || { + echo "Create ${gitlab_user} user with create database privillege..." + su postgres -c "psql -c \"CREATE USER ${gitlab_user} CREATEDB;\"" || { exit 1 } fi # By default the gitlab_prodcution is not owned by gitlab user -echo "Make $user user owner of $dbname database..." -su postgres -c "psql -c \"ALTER DATABASE $dbname OWNER to $user;\"" || { +echo "Make ${gitlab_user} user owner of $dbname database..." +su postgres -c "psql -c \"ALTER DATABASE $dbname OWNER to ${gitlab_user};\"" || { exit 1 } -echo "Grant all privileges to $user user..." -su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE template1 to $user;\"" || { +echo "Grant all privileges to ${gitlab_user} user..." +su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE template1 to ${gitlab_user};\"" || { exit 1 } -- 2.9.3
>From 994a6c48f2f850f77326d5a22b8ab348990e01e0 Mon Sep 17 00:00:00 2001 From: Benjamin Drung <benjamin.dr...@profitbricks.com> Date: Wed, 8 Feb 2017 18:25:53 +0100 Subject: [PATCH 2/2] grantpriv.sh: Use 'set -e' to make code more readable Use 'set -e' to let the script fail when any command fails. This allows us to remove the "command || exit 1" constructs. --- debian/grantpriv.sh | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/debian/grantpriv.sh b/debian/grantpriv.sh index 848fe3c..354a44c 100755 --- a/debian/grantpriv.sh +++ b/debian/grantpriv.sh @@ -1,4 +1,5 @@ #!/bin/sh +set -e dbname=gitlab_production @@ -10,23 +11,15 @@ test -n "${gitlab_user:-}" || gitlab_user="gitlab" if ! su ${gitlab_user} -c 'psql gitlab_production -c ""' then echo "Create ${gitlab_user} user with create database privillege..." - su postgres -c "psql -c \"CREATE USER ${gitlab_user} CREATEDB;\"" || { - exit 1 - } + su postgres -c "psql -c \"CREATE USER ${gitlab_user} CREATEDB;\"" fi # By default the gitlab_prodcution is not owned by gitlab user echo "Make ${gitlab_user} user owner of $dbname database..." -su postgres -c "psql -c \"ALTER DATABASE $dbname OWNER to ${gitlab_user};\"" || { - exit 1 - } +su postgres -c "psql -c \"ALTER DATABASE $dbname OWNER to ${gitlab_user};\"" echo "Grant all privileges to ${gitlab_user} user..." -su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE template1 to ${gitlab_user};\"" || { - exit 1 - } +su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE template1 to ${gitlab_user};\"" # enable the pg_trgm extension -su postgres -c "psql -d $dbname -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\"" || { - exit 1 - } +su postgres -c "psql -d $dbname -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\"" -- 2.9.3