user/gitlab-shell: drop due migration to ilot iports
This commit is contained in:
parent
9c03466cc0
commit
9320defbce
6 changed files with 0 additions and 270 deletions
|
|
@ -1,66 +0,0 @@
|
|||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
|
||||
pkgname=gitlab-shell
|
||||
pkgver=14.36.0
|
||||
pkgrel=0
|
||||
pkgdesc="GitLab Shell handles git SSH sessions for GitLab"
|
||||
url="https://gitlab.com/gitlab-org/gitlab-shell"
|
||||
arch="all"
|
||||
license="MIT"
|
||||
depends="git openssh"
|
||||
makedepends="go krb5-dev"
|
||||
pkgusers="git"
|
||||
pkggroups="git"
|
||||
install="$pkgname.pre-install $pkgname.post-install"
|
||||
# NOTE: user vs system gitconfig, see https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/6166
|
||||
source="https://gitlab.com/gitlab-org/gitlab-shell/-/archive/v$pkgver/gitlab-shell-v$pkgver.tar.gz
|
||||
config.patch
|
||||
change-config-path.patch
|
||||
gitconfig
|
||||
"
|
||||
builddir="$srcdir/$pkgname-v$pkgver"
|
||||
options="!check"
|
||||
|
||||
build() {
|
||||
# BUILD_TAGS - build without tracing libs,
|
||||
# see https://gitlab.com/gitlab-org/labkit/-/merge_requests/2
|
||||
make build \
|
||||
VERSION_STRING="$pkgver" \
|
||||
BUILD_TAGS=""
|
||||
}
|
||||
|
||||
package() {
|
||||
local datadir="$pkgdir/var/lib/gitlab"
|
||||
local libdir="$pkgdir/usr/lib/gitlab-shell"
|
||||
|
||||
# XXX: I couldn't figure out how/where is gitlab-shell called,
|
||||
# so I kept /usr/lib/gitlab-shell. It should be changed to /usr.
|
||||
make install DESTDIR="$pkgdir" PREFIX=/usr/lib/gitlab-shell
|
||||
|
||||
install -m644 VERSION "$libdir"/
|
||||
install -m644 -D config.yml.example "$pkgdir"/etc/gitlab/gitlab-shell.yml
|
||||
|
||||
cd "$pkgdir"
|
||||
|
||||
rm "$libdir"/bin/gitlab-sshd
|
||||
|
||||
install -d -m755 -o git -g git \
|
||||
"$pkgdir"/var/log/gitlab \
|
||||
"$datadir"
|
||||
|
||||
install -d -m02770 -o git -g git \
|
||||
"$datadir"/repositories
|
||||
|
||||
install -m644 -o git -g git "$srcdir"/gitconfig "$datadir"/.gitconfig
|
||||
|
||||
ln -s /etc/gitlab/gitlab-shell.yml "$libdir"/config.yml
|
||||
ln -s /etc/gitlab/gitlab_shell_secret "$libdir"/.gitlab_shell_secret
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
6b302be3630e60e3c9f76e58c61674bf08c3fe1395c9af5f354b9a557ecd1ddb43d27c9a995f868c4e4e2e734dd424a37c73e78d26b00f1f6a78f8670b45c371 gitlab-shell-v14.36.0.tar.gz
|
||||
e9dd69c57c65197493f75bdde682075c6ab22892ed07d37c7a73129fb42a8349a676d5986bfd17f1df331645334248383845f21ce08d1e9664c38e4bbf5343ba config.patch
|
||||
499b3a46ea94a33a23b01f6a7509d74f5a6781b930619b3b8ae42bdeae8a052cc636578744d7992b4ae4f9b9f72b11ee3d3c0f5e50986fa3f7e35b979b08aada change-config-path.patch
|
||||
c53da7f145593693392d9fa880ad5a1909bfc7504fd1c93d94a468c3e0f5cc80f712f41ee1dc8bf38105b410c1165658f208bd88a70c4674104c78af33d8d09c gitconfig
|
||||
"
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
--- a/support/gitlab_config.rb
|
||||
+++ b/support/gitlab_config.rb
|
||||
@@ -4,7 +4,7 @@ class GitlabConfig
|
||||
attr_reader :config
|
||||
|
||||
def initialize
|
||||
- @config = YAML.load_file(File.join(ROOT_PATH, 'config.yml'))
|
||||
+ @config = YAML.load_file(ENV.fetch('GITLAB_SHELL_CONFIG', '/etc/gitlab/gitlab-shell.yml'))
|
||||
end
|
||||
|
||||
def home
|
||||
|
|
@ -1,112 +0,0 @@
|
|||
diff --git a/config.yml.example.orig b/config.yml.example
|
||||
index fb147c4..98eb0e3 100644
|
||||
--- a/config.yml.example.orig
|
||||
+++ b/config.yml.example
|
||||
@@ -13,7 +13,7 @@ user: git
|
||||
# only listen on a Unix domain socket. For Unix domain sockets use
|
||||
# "http+unix://<urlquoted-path-to-socket>", e.g.
|
||||
# "http+unix://%2Fpath%2Fto%2Fsocket"
|
||||
-gitlab_url: "http+unix://%2Fhome%2Fgit%2Fgitlab%2Ftmp%2Fsockets%2Fgitlab-workhorse.socket"
|
||||
+gitlab_url: "http+unix://%2Frun%2Fgitlab%2Fworkhorse.socket"
|
||||
|
||||
# When a http+unix:// is used in gitlab_url, this is the relative URL root to GitLab.
|
||||
# Not used if gitlab_url is http:// or https://.
|
||||
@@ -29,15 +29,15 @@ http_settings:
|
||||
#
|
||||
|
||||
# File used as authorized_keys for gitlab user
|
||||
-auth_file: "/home/git/.ssh/authorized_keys"
|
||||
+auth_file: "/var/lib/gitlab/.ssh/authorized_keys"
|
||||
|
||||
# SSL certificate dir where custom certificates can be placed
|
||||
# https://golang.org/pkg/crypto/x509/
|
||||
-# ssl_cert_dir: /opt/gitlab/embedded/ssl/certs/
|
||||
+# ssl_cert_dir: /etc/gitlab/ssl/certs/
|
||||
|
||||
# File that contains the secret key for verifying access to GitLab.
|
||||
# Default is .gitlab_shell_secret in the gitlab-shell directory.
|
||||
-# secret_file: "/home/git/gitlab-shell/.gitlab_shell_secret"
|
||||
+secret_file: "/etc/gitlab/gitlab_shell_secret"
|
||||
#
|
||||
# The secret field supersedes the secret_file, and if set that
|
||||
# file will not be read.
|
||||
@@ -45,13 +45,13 @@ auth_file: "/home/git/.ssh/authorized_keys"
|
||||
|
||||
# Log file.
|
||||
# Default is gitlab-shell.log in the root directory.
|
||||
-# log_file: "/home/git/gitlab-shell/gitlab-shell.log"
|
||||
+log_file: "/var/log/gitlab/gitlab-shell.log"
|
||||
|
||||
# Log level. INFO by default
|
||||
-log_level: INFO
|
||||
+log_level: WARN
|
||||
|
||||
# Log format. 'json' by default, can be changed to 'text' if needed
|
||||
-# log_format: json
|
||||
+log_format: text
|
||||
|
||||
# Audit usernames.
|
||||
# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
|
||||
@@ -62,62 +62,6 @@ audit_usernames: false
|
||||
# For more details, visit https://docs.gitlab.com/ee/development/distributed_tracing.html
|
||||
# gitlab_tracing: opentracing://driver
|
||||
|
||||
-# This section configures the built-in SSH server. Ignored when running on OpenSSH.
|
||||
-sshd:
|
||||
- # Address which the SSH server listens on. Defaults to [::]:22.
|
||||
- listen: "[::]:22"
|
||||
- # Set to true if gitlab-sshd is being fronted by a load balancer that implements
|
||||
- # the PROXY protocol.
|
||||
- proxy_protocol: false
|
||||
- # Proxy protocol policy ("use", "require", "reject", "ignore"), "use" is the default value
|
||||
- # Values: https://github.com/pires/go-proxyproto/blob/195fedcfbfc1be163f3a0d507fac1709e9d81fed/policy.go#L20
|
||||
- proxy_policy: "use"
|
||||
- # Proxy allowed IP addresses. Takes precedent over proxy_policy. Disabled by default.
|
||||
- # proxy_allowed:
|
||||
- # - "192.168.0.1"
|
||||
- # - "192.168.1.0/24"
|
||||
- # Address which the server listens on HTTP for monitoring/health checks. Defaults to localhost:9122.
|
||||
- web_listen: "localhost:9122"
|
||||
- # Maximum number of concurrent sessions allowed on a single SSH connection. Defaults to 10.
|
||||
- concurrent_sessions_limit: 10
|
||||
- # Sets an interval after which server will send keepalive message to a client. Defaults to 15s.
|
||||
- client_alive_interval: 15
|
||||
- # The server waits for this time for the ongoing connections to complete before shutting down. Defaults to 10s.
|
||||
- grace_period: 10
|
||||
- # The server disconnects after this time if the user has not successfully logged in. Defaults to 60s.
|
||||
- login_grace_time: 60
|
||||
- # A short timeout to decide to abort the connection if the protocol header is not seen within it. Defaults to 500ms
|
||||
- proxy_header_timeout: 500ms
|
||||
- # The endpoint that returns 200 OK if the server is ready to receive incoming connections; otherwise, it returns 503 Service Unavailable. Defaults to "/start".
|
||||
- readiness_probe: "/start"
|
||||
- # The endpoint that returns 200 OK if the server is alive. Defaults to "/health".
|
||||
- liveness_probe: "/health"
|
||||
- # Specifies the available message authentication code algorithms that are used for protecting data integrity
|
||||
- macs: [hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1]
|
||||
- # Specifies the available Key Exchange algorithms
|
||||
- kex_algorithms: [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1]
|
||||
- # Specified the ciphers allowed
|
||||
- ciphers: [aes128-gcm@openssh.com, chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-ctr, aes192-ctr,aes256-ctr]
|
||||
- # Specified the available Public Key algorithms
|
||||
- public_key_algorithms: [ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, sk-ecdsa-sha2-nistp256@openssh.com, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519, sk-ssh-ed25519@openssh.com, rsa-sha2-256, rsa-sha2-512]
|
||||
- # SSH host key files.
|
||||
- host_key_files:
|
||||
- - /run/secrets/ssh-hostkeys/ssh_host_rsa_key
|
||||
- - /run/secrets/ssh-hostkeys/ssh_host_ecdsa_key
|
||||
- - /run/secrets/ssh-hostkeys/ssh_host_ed25519_key
|
||||
- host_key_certs:
|
||||
- - /run/secrets/ssh-hostkeys/ssh_host_rsa_key-cert.pub
|
||||
- - /run/secrets/ssh-hostkeys/ssh_host_ecdsa_key-cert.pub
|
||||
- - /run/secrets/ssh-hostkeys/ssh_host_ed25519_key-cert.pub
|
||||
- # GSSAPI-related settings
|
||||
- gssapi:
|
||||
- # Enable the gssapi-with-mic authentication method. Defaults to false.
|
||||
- enabled: false
|
||||
- # Keytab path. Defaults to "", system default (usually /etc/krb5.keytab).
|
||||
- keytab: ""
|
||||
- # The Kerberos service name to be used by sshd. Defaults to "", accepts any service name in keytab file.
|
||||
- service_principal_name: ""
|
||||
-
|
||||
lfs:
|
||||
# https://gitlab.com/groups/gitlab-org/-/epics/11872, disabled by default.
|
||||
pure_ssh_protocol: false
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
# Based on files/gitlab-cookbooks/gitlab/templates/default/gitconfig.erb
|
||||
# in omnibus-gitlab.
|
||||
|
||||
[user]
|
||||
name = GitLab
|
||||
email = gitlab@local.host
|
||||
|
||||
[core]
|
||||
# Needed for the web editor.
|
||||
autocrlf = input
|
||||
alternateRefsCommand="exit 0 #"
|
||||
# This option is unnecessary on journaled file systems and it's not recognized
|
||||
# by git >= 2.36.
|
||||
# fsyncObjectFiles = true
|
||||
|
||||
[gc]
|
||||
auto = 0
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
keys_file='/var/lib/gitlab/.ssh/authorized_keys'
|
||||
|
||||
if [ ! -f "$keys_file" ]; then
|
||||
keys_dir="$(dirname "$keys_file")"
|
||||
echo "* Initializing authorized_keys file in $keys_dir" 1>&2
|
||||
|
||||
mkdir -m0700 -p "$keys_dir"
|
||||
chown git:git "$keys_dir"
|
||||
|
||||
touch "$keys_file"
|
||||
chmod 0600 "$keys_file"
|
||||
chown git:git "$keys_file"
|
||||
fi
|
||||
|
||||
cat <<EOF >&2
|
||||
*
|
||||
* GitLab Shell has been initialized. Read /etc/gitlab/gitlab-shell.yml and
|
||||
* modify settings as need.
|
||||
*
|
||||
EOF
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
#!/bin/sh
|
||||
# It's very important to set user/group correctly.
|
||||
|
||||
git_dir='/var/lib/gitlab'
|
||||
|
||||
if ! getent group git >/dev/null; then
|
||||
echo '* Creating group git' >&2
|
||||
|
||||
addgroup -S git
|
||||
fi
|
||||
|
||||
if ! id git 2>/dev/null 1>&2; then
|
||||
echo '* Creating user git' >&2
|
||||
|
||||
adduser -DHS -G git -h "$git_dir" -s /bin/sh \
|
||||
-g "added by apk for gitlab-shell" git
|
||||
passwd -u git >/dev/null # unlock
|
||||
fi
|
||||
|
||||
if ! id -Gn git | grep -Fq redis; then
|
||||
echo '* Adding user git to group redis' >&2
|
||||
|
||||
addgroup git redis
|
||||
fi
|
||||
|
||||
user_home="$(getent passwd git | cut -d: -f6)"
|
||||
|
||||
if [ "$user_home" != "$git_dir" ]; then
|
||||
cat >&2 <<-EOF
|
||||
!!
|
||||
!! User git has home directory in $user_home, but this package and gitlab-ce
|
||||
!! package assumes $git_dir. Although it's possible to use a different
|
||||
!! directory, it's really not easy.
|
||||
!!
|
||||
!! Please change git's home directory to $git_dir, or adjust settings
|
||||
!! and move files yourself. Otherwise GitLab will not work!
|
||||
!!
|
||||
EOF
|
||||
fi
|
||||
|
||||
exit 0
|
||||
Loading…
Reference in a new issue