From 9320defbce1216dfc958b718f204bfaba6867d90 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 9 Aug 2024 22:32:52 -0400 Subject: [PATCH] user/gitlab-shell: drop due migration to ilot iports --- user/gitlab-shell/APKBUILD | 66 ------------ user/gitlab-shell/change-config-path.patch | 11 -- user/gitlab-shell/config.patch | 112 -------------------- user/gitlab-shell/gitconfig | 17 --- user/gitlab-shell/gitlab-shell.post-install | 23 ---- user/gitlab-shell/gitlab-shell.pre-install | 41 ------- 6 files changed, 270 deletions(-) delete mode 100644 user/gitlab-shell/APKBUILD delete mode 100644 user/gitlab-shell/change-config-path.patch delete mode 100644 user/gitlab-shell/config.patch delete mode 100644 user/gitlab-shell/gitconfig delete mode 100644 user/gitlab-shell/gitlab-shell.post-install delete mode 100644 user/gitlab-shell/gitlab-shell.pre-install diff --git a/user/gitlab-shell/APKBUILD b/user/gitlab-shell/APKBUILD deleted file mode 100644 index b1d202a..0000000 --- a/user/gitlab-shell/APKBUILD +++ /dev/null @@ -1,66 +0,0 @@ -# Maintainer: Antoine Martin (ayakael) -# Contributor: Antoine Martin (ayakael) -# Contributor: Jakub Jirutka -pkgname=gitlab-shell -pkgver=14.36.0 -pkgrel=0 -pkgdesc="GitLab Shell handles git SSH sessions for GitLab" -url="https://gitlab.com/gitlab-org/gitlab-shell" -arch="all" -license="MIT" -depends="git openssh" -makedepends="go krb5-dev" -pkgusers="git" -pkggroups="git" -install="$pkgname.pre-install $pkgname.post-install" -# NOTE: user vs system gitconfig, see https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/6166 -source="https://gitlab.com/gitlab-org/gitlab-shell/-/archive/v$pkgver/gitlab-shell-v$pkgver.tar.gz - config.patch - change-config-path.patch - gitconfig - " -builddir="$srcdir/$pkgname-v$pkgver" -options="!check" - -build() { - # BUILD_TAGS - build without tracing libs, - # see https://gitlab.com/gitlab-org/labkit/-/merge_requests/2 - make build \ - VERSION_STRING="$pkgver" \ - BUILD_TAGS="" -} - -package() { - local datadir="$pkgdir/var/lib/gitlab" - local libdir="$pkgdir/usr/lib/gitlab-shell" - - # XXX: I couldn't figure out how/where is gitlab-shell called, - # so I kept /usr/lib/gitlab-shell. It should be changed to /usr. - make install DESTDIR="$pkgdir" PREFIX=/usr/lib/gitlab-shell - - install -m644 VERSION "$libdir"/ - install -m644 -D config.yml.example "$pkgdir"/etc/gitlab/gitlab-shell.yml - - cd "$pkgdir" - - rm "$libdir"/bin/gitlab-sshd - - install -d -m755 -o git -g git \ - "$pkgdir"/var/log/gitlab \ - "$datadir" - - install -d -m02770 -o git -g git \ - "$datadir"/repositories - - install -m644 -o git -g git "$srcdir"/gitconfig "$datadir"/.gitconfig - - ln -s /etc/gitlab/gitlab-shell.yml "$libdir"/config.yml - ln -s /etc/gitlab/gitlab_shell_secret "$libdir"/.gitlab_shell_secret -} - -sha512sums=" -6b302be3630e60e3c9f76e58c61674bf08c3fe1395c9af5f354b9a557ecd1ddb43d27c9a995f868c4e4e2e734dd424a37c73e78d26b00f1f6a78f8670b45c371 gitlab-shell-v14.36.0.tar.gz -e9dd69c57c65197493f75bdde682075c6ab22892ed07d37c7a73129fb42a8349a676d5986bfd17f1df331645334248383845f21ce08d1e9664c38e4bbf5343ba config.patch -499b3a46ea94a33a23b01f6a7509d74f5a6781b930619b3b8ae42bdeae8a052cc636578744d7992b4ae4f9b9f72b11ee3d3c0f5e50986fa3f7e35b979b08aada change-config-path.patch -c53da7f145593693392d9fa880ad5a1909bfc7504fd1c93d94a468c3e0f5cc80f712f41ee1dc8bf38105b410c1165658f208bd88a70c4674104c78af33d8d09c gitconfig -" diff --git a/user/gitlab-shell/change-config-path.patch b/user/gitlab-shell/change-config-path.patch deleted file mode 100644 index 52d44ce..0000000 --- a/user/gitlab-shell/change-config-path.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/support/gitlab_config.rb -+++ b/support/gitlab_config.rb -@@ -4,7 +4,7 @@ class GitlabConfig - attr_reader :config - - def initialize -- @config = YAML.load_file(File.join(ROOT_PATH, 'config.yml')) -+ @config = YAML.load_file(ENV.fetch('GITLAB_SHELL_CONFIG', '/etc/gitlab/gitlab-shell.yml')) - end - - def home diff --git a/user/gitlab-shell/config.patch b/user/gitlab-shell/config.patch deleted file mode 100644 index 6dabe44..0000000 --- a/user/gitlab-shell/config.patch +++ /dev/null @@ -1,112 +0,0 @@ -diff --git a/config.yml.example.orig b/config.yml.example -index fb147c4..98eb0e3 100644 ---- a/config.yml.example.orig -+++ b/config.yml.example -@@ -13,7 +13,7 @@ user: git - # only listen on a Unix domain socket. For Unix domain sockets use - # "http+unix://", e.g. - # "http+unix://%2Fpath%2Fto%2Fsocket" --gitlab_url: "http+unix://%2Fhome%2Fgit%2Fgitlab%2Ftmp%2Fsockets%2Fgitlab-workhorse.socket" -+gitlab_url: "http+unix://%2Frun%2Fgitlab%2Fworkhorse.socket" - - # When a http+unix:// is used in gitlab_url, this is the relative URL root to GitLab. - # Not used if gitlab_url is http:// or https://. -@@ -29,15 +29,15 @@ http_settings: - # - - # File used as authorized_keys for gitlab user --auth_file: "/home/git/.ssh/authorized_keys" -+auth_file: "/var/lib/gitlab/.ssh/authorized_keys" - - # SSL certificate dir where custom certificates can be placed - # https://golang.org/pkg/crypto/x509/ --# ssl_cert_dir: /opt/gitlab/embedded/ssl/certs/ -+# ssl_cert_dir: /etc/gitlab/ssl/certs/ - - # File that contains the secret key for verifying access to GitLab. - # Default is .gitlab_shell_secret in the gitlab-shell directory. --# secret_file: "/home/git/gitlab-shell/.gitlab_shell_secret" -+secret_file: "/etc/gitlab/gitlab_shell_secret" - # - # The secret field supersedes the secret_file, and if set that - # file will not be read. -@@ -45,13 +45,13 @@ auth_file: "/home/git/.ssh/authorized_keys" - - # Log file. - # Default is gitlab-shell.log in the root directory. --# log_file: "/home/git/gitlab-shell/gitlab-shell.log" -+log_file: "/var/log/gitlab/gitlab-shell.log" - - # Log level. INFO by default --log_level: INFO -+log_level: WARN - - # Log format. 'json' by default, can be changed to 'text' if needed --# log_format: json -+log_format: text - - # Audit usernames. - # Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but -@@ -62,62 +62,6 @@ audit_usernames: false - # For more details, visit https://docs.gitlab.com/ee/development/distributed_tracing.html - # gitlab_tracing: opentracing://driver - --# This section configures the built-in SSH server. Ignored when running on OpenSSH. --sshd: -- # Address which the SSH server listens on. Defaults to [::]:22. -- listen: "[::]:22" -- # Set to true if gitlab-sshd is being fronted by a load balancer that implements -- # the PROXY protocol. -- proxy_protocol: false -- # Proxy protocol policy ("use", "require", "reject", "ignore"), "use" is the default value -- # Values: https://github.com/pires/go-proxyproto/blob/195fedcfbfc1be163f3a0d507fac1709e9d81fed/policy.go#L20 -- proxy_policy: "use" -- # Proxy allowed IP addresses. Takes precedent over proxy_policy. Disabled by default. -- # proxy_allowed: -- # - "192.168.0.1" -- # - "192.168.1.0/24" -- # Address which the server listens on HTTP for monitoring/health checks. Defaults to localhost:9122. -- web_listen: "localhost:9122" -- # Maximum number of concurrent sessions allowed on a single SSH connection. Defaults to 10. -- concurrent_sessions_limit: 10 -- # Sets an interval after which server will send keepalive message to a client. Defaults to 15s. -- client_alive_interval: 15 -- # The server waits for this time for the ongoing connections to complete before shutting down. Defaults to 10s. -- grace_period: 10 -- # The server disconnects after this time if the user has not successfully logged in. Defaults to 60s. -- login_grace_time: 60 -- # A short timeout to decide to abort the connection if the protocol header is not seen within it. Defaults to 500ms -- proxy_header_timeout: 500ms -- # The endpoint that returns 200 OK if the server is ready to receive incoming connections; otherwise, it returns 503 Service Unavailable. Defaults to "/start". -- readiness_probe: "/start" -- # The endpoint that returns 200 OK if the server is alive. Defaults to "/health". -- liveness_probe: "/health" -- # Specifies the available message authentication code algorithms that are used for protecting data integrity -- macs: [hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1] -- # Specifies the available Key Exchange algorithms -- kex_algorithms: [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1] -- # Specified the ciphers allowed -- ciphers: [aes128-gcm@openssh.com, chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-ctr, aes192-ctr,aes256-ctr] -- # Specified the available Public Key algorithms -- public_key_algorithms: [ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, sk-ecdsa-sha2-nistp256@openssh.com, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519, sk-ssh-ed25519@openssh.com, rsa-sha2-256, rsa-sha2-512] -- # SSH host key files. -- host_key_files: -- - /run/secrets/ssh-hostkeys/ssh_host_rsa_key -- - /run/secrets/ssh-hostkeys/ssh_host_ecdsa_key -- - /run/secrets/ssh-hostkeys/ssh_host_ed25519_key -- host_key_certs: -- - /run/secrets/ssh-hostkeys/ssh_host_rsa_key-cert.pub -- - /run/secrets/ssh-hostkeys/ssh_host_ecdsa_key-cert.pub -- - /run/secrets/ssh-hostkeys/ssh_host_ed25519_key-cert.pub -- # GSSAPI-related settings -- gssapi: -- # Enable the gssapi-with-mic authentication method. Defaults to false. -- enabled: false -- # Keytab path. Defaults to "", system default (usually /etc/krb5.keytab). -- keytab: "" -- # The Kerberos service name to be used by sshd. Defaults to "", accepts any service name in keytab file. -- service_principal_name: "" -- - lfs: - # https://gitlab.com/groups/gitlab-org/-/epics/11872, disabled by default. - pure_ssh_protocol: false diff --git a/user/gitlab-shell/gitconfig b/user/gitlab-shell/gitconfig deleted file mode 100644 index ccf8053..0000000 --- a/user/gitlab-shell/gitconfig +++ /dev/null @@ -1,17 +0,0 @@ -# Based on files/gitlab-cookbooks/gitlab/templates/default/gitconfig.erb -# in omnibus-gitlab. - -[user] -name = GitLab -email = gitlab@local.host - -[core] -# Needed for the web editor. -autocrlf = input -alternateRefsCommand="exit 0 #" -# This option is unnecessary on journaled file systems and it's not recognized -# by git >= 2.36. -# fsyncObjectFiles = true - -[gc] -auto = 0 diff --git a/user/gitlab-shell/gitlab-shell.post-install b/user/gitlab-shell/gitlab-shell.post-install deleted file mode 100644 index 01c425c..0000000 --- a/user/gitlab-shell/gitlab-shell.post-install +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -set -eu - -keys_file='/var/lib/gitlab/.ssh/authorized_keys' - -if [ ! -f "$keys_file" ]; then - keys_dir="$(dirname "$keys_file")" - echo "* Initializing authorized_keys file in $keys_dir" 1>&2 - - mkdir -m0700 -p "$keys_dir" - chown git:git "$keys_dir" - - touch "$keys_file" - chmod 0600 "$keys_file" - chown git:git "$keys_file" -fi - -cat <&2 -* -* GitLab Shell has been initialized. Read /etc/gitlab/gitlab-shell.yml and -* modify settings as need. -* -EOF diff --git a/user/gitlab-shell/gitlab-shell.pre-install b/user/gitlab-shell/gitlab-shell.pre-install deleted file mode 100644 index 9421862..0000000 --- a/user/gitlab-shell/gitlab-shell.pre-install +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh -# It's very important to set user/group correctly. - -git_dir='/var/lib/gitlab' - -if ! getent group git >/dev/null; then - echo '* Creating group git' >&2 - - addgroup -S git -fi - -if ! id git 2>/dev/null 1>&2; then - echo '* Creating user git' >&2 - - adduser -DHS -G git -h "$git_dir" -s /bin/sh \ - -g "added by apk for gitlab-shell" git - passwd -u git >/dev/null # unlock -fi - -if ! id -Gn git | grep -Fq redis; then - echo '* Adding user git to group redis' >&2 - - addgroup git redis -fi - -user_home="$(getent passwd git | cut -d: -f6)" - -if [ "$user_home" != "$git_dir" ]; then - cat >&2 <<-EOF - !! - !! User git has home directory in $user_home, but this package and gitlab-ce - !! package assumes $git_dir. Although it's possible to use a different - !! directory, it's really not easy. - !! - !! Please change git's home directory to $git_dir, or adjust settings - !! and move files yourself. Otherwise GitLab will not work! - !! - EOF -fi - -exit 0