user/gitaly: new aport

2023-01-11 13:38:29 +00:00 · 2023-01-11 13:38:29 +00:00 · 95b9767c2b
commit 95b9767c2b
parent 4f3bd26171
6 changed files with 416 additions and 0 deletions
--- a/user/gitaly/APKBUILD
+++ b/user/gitaly/APKBUILD
@ -0,0 +1,191 @@
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
+pkgname=gitaly
+pkgver=15.3.3
+pkgrel=0
+pkgdesc="A Git RPC service for handling all the git calls made by GitLab"
+url="https://gitlab.com/gitlab-org/gitaly/"
+arch="all"
+# GPL-2.0-only WITH GCC-exception-2.0: bundled libgit2
+license="MIT AND GPL-2.0-only WITH GCC-exception-2.0"
+depends="
+	git>=2.33
+	ruby2.7
+	ruby2.7-bigdecimal
+	ruby2.7-bundler
+	ruby2.7-io-console
+	ruby2.7-json
+	"
+makedepends="
+	bash
+	cmake
+	go
+	icu-dev
+	libffi-dev
+	libgit2-dev=~1.4
+	libssh2-dev
+	libxml2-dev
+	libxslt-dev
+	ruby2.7-dev
+	ruby2.7-grpc=~1.42.0
+	zlib-dev
+	"
+subpackages="
+	$pkgname-backup
+	$pkgname-blackbox
+	$pkgname-praefect
+	"
+# FIXME: Makefile clones libgit2 and git repositories.
+source="https://gitlab.com/gitlab-org/$pkgname/-/archive/v$pkgver/$pkgname-v$pkgver.tar.gz
+	gemfile-use-local-grpc.patch
+	libgit-1.4-compat.patch
+	config.patch
+	$pkgname.initd
+	"
+builddir="$srcdir/$pkgname-v$pkgver"
+options="!check"
+
+export BUNDLE_DEPLOYMENT=true
+export BUNDLE_FORCE_RUBY_PLATFORM=true
+export BUNDLE_FROZEN=true
+export BUNDLE_JOBS=${JOBS:-2}
+export BUNDLE_WITHOUT="development test"
+
+prepare() {
+	local sysgemdir=$(ruby -e 'puts Gem.default_dir')
+
+	default_prepare
+
+	# This Google gem is totally messed, so we copy our fixed version
+	# instead of installing it from RubyGems using Bundler.
+	mkdir -p ruby/vendor/grpc
+	cp -r "$sysgemdir"/gems/grpc-*/* ruby/vendor/grpc/
+	cp "$sysgemdir"/specifications/grpc-*.gemspec \
+		ruby/vendor/grpc/grpc.gemspec
+	cp "$sysgemdir"/extensions/*/*/grpc-*/grpc/*.so \
+		ruby/vendor/grpc/src/ruby/lib/grpc/
+}
+
+build() {
+	cd "$builddir"/ruby
+
+	bundle config --local build.ffi --enable-system-libffi
+	bundle config --local build.nokogiri --use-system-libraries \
+		--with-xml2-include=/usr/include/libxml2 \
+		--with-xslt-include=/usr/include/libxslt
+	bundle config --local build.rugged --use-system-libraries
+	# https://github.com/protocolbuffers/protobuf/issues/2335#issuecomment-579913357
+	bundle config --local build.google-protobuf --with-cflags=-D__va_copy=va_copy
+
+	bundle install --no-cache
+
+	touch '.ruby-bundle'  # prevent 'make install' below from running 'bundle install' again
+
+	cd "$builddir"
+
+	# NOTE: This builds and links statically libgit2 with bundled deps.
+	cat > config.mak <<-EOF
+		PREFIX = /usr
+		GITALY_VERSION = "$pkgver"
+		# build without tracing libs, see
+		# https://gitlab.com/gitlab-org/labkit/-/merge_requests/2
+		SERVER_BUILD_TAGS = ""
+	EOF
+
+	make
+}
+
+package() {
+	local rubydir="$pkgdir/usr/lib/bundles/gitaly-ruby"
+
+	## Go part
+
+	make install DESTDIR="$pkgdir"
+
+	# Not very useful for us.
+	rm "$pkgdir"/usr/bin/gitaly-debug
+	rm "$pkgdir"/usr/bin/gitaly-wrapper
+
+	install -m644 -D config.toml.example "$pkgdir"/etc/gitlab/gitaly.toml
+	install -m644 -D config.praefect.toml.example "$pkgdir"/etc/gitlab/praefect.toml
+	install -m644 -D cmd/gitaly-blackbox/config.toml.example "$pkgdir"/etc/gitlab/gitaly-blackbox.toml
+
+	install -m755 -D "$srcdir"/gitaly.initd "$pkgdir"/etc/init.d/gitlab.gitaly
+
+	## Ruby part
+
+	mkdir -p "${rubydir%/*}"
+	cp -a ruby "$rubydir"
+
+	# Remove tests.
+	rm -R "$rubydir"/spec
+
+	cd "$rubydir"/vendor/bundle/ruby/*/gems
+
+	# Remove tests, docs and other unnecessary files.
+	rm -Rf */benchmark \
+		*/spec \
+		*/test \
+		*/tests \
+		*/appveyor.yml \
+		*/*.md \
+		*/*.rdoc \
+		*/*.txt \
+		*/CHANGELOG* \
+		*/CHANGES* \
+		*/CONTRIBUT* \
+		*/*LICENSE* \
+		*/Rakefile \
+		*/README*
+
+	# Remove bundled libgit2 and pg_query sources.
+	rm -R rugged-*/vendor/libgit2
+	rm -R pg_query-*/ext
+
+	# Remove assets, they are not used in gitaly-ruby.
+	rm -R gemojione-*/assets
+
+	# Remove sources and binaries of native extensions (they are installed
+	# in extensions directory).
+	find . -type d -name ext -maxdepth 2 -exec rm -frv '{}' +
+	find . -name '*.so' -delete
+
+	# Remove build logs and cache.
+	rm -R ../build_info/ ../cache/
+	find ../extensions/ \
+		-name gem_make.out -delete \
+		-o -name mkmf.log -delete
+}
+
+backup() {
+	pkgdesc="Utility used by the backup Rake task to create/restore repository backups from Gitaly"
+	depends=""
+
+	amove usr/bin/gitaly-backup
+}
+
+# TODO: Add init script.
+blackbox() {
+	pkgdesc="Prometheus exporter that measures GitLab server performance by performing a Git HTTP clone"
+	depends=""
+
+	amove etc/gitlab/gitaly-blackbox.toml
+	amove usr/bin/gitaly-blackbox
+}
+
+# TODO: Add init script.
+praefect() {
+	pkgdesc="A reverse-proxy for Gitaly to manage a cluster of Gitaly nodes for HA"
+	depends=""
+
+	amove etc/gitlab/praefect.toml
+	amove usr/bin/praefect
+}
+
+sha512sums="
+a3d4f929014df6f3e7034f493be9b27dcc1e820e42198582171a43c7ddf1bc9087329f13878f139a7d6dc1e6a92a76dabf26214409abe839d8f9508429f91ba0  gitaly-v15.3.3.tar.gz
+ebcb7296696b9c2b47b7770a37ae13663cb0343659d482ef45717ef5548ede69eedee707763c6dfd73c60ef303e03fbe5502967783c59c00475a1a6d0c5ee128  gemfile-use-local-grpc.patch
+7bf25645b1f236fabbbac472bc169d73fa7edb14a85d9adac4613d9ddad413f21fe7ec9779d4276971171da574e5d487c49367badd0939e7606476b16a56efeb  libgit-1.4-compat.patch
+8779e34b2a468a74c590ee29155e7b197eabcd323157b1e27208fa2f3100b31e1fd1ff80d7067198e66cfb1be506caedeecbfeb4e9f32aa5b8422455e1718e1a  config.patch
+c32105d921be16eaf559cf21d6840bc346cd92b5e37974cedecdb5a2d2ca1eb5e8fbb144f5fc8a1289bf9415102b313cf2d61ee510c80f08ab33a799f5ac7122  gitaly.initd
+"
--- a/user/gitaly/config.patch
+++ b/user/gitaly/config.patch
@ -0,0 +1,117 @@
+--- a/config.toml.example
+++ b/config.toml.example
+@@ -2,15 +2,15 @@
+ # Documentation lives at https://docs.gitlab.com/ee/administration/gitaly/ and
+ # https://docs.gitlab.com/ee//administration/gitaly/reference
+ 
+-socket_path = "/home/git/gitlab/tmp/sockets/private/gitaly.socket"
+socket_path = "/run/gitlab/gitaly.socket"
+ 
+ # The directory where Gitaly's executables are stored
+-bin_dir = "/home/git/gitaly/_build/bin"
+bin_dir = "/usr/bin"
+ 
+-# # Optional: The directory where Gitaly can create all files required to
+-# # properly operate at runtime. If not set, Gitaly will create a directory in
+-# # the global temporary directory. This directory must exist.
+-# runtime_dir = "/home/git/gitaly/run"
+# Optional: The directory where Gitaly can create all files required to
+# properly operate at runtime. If not set, Gitaly will create a directory in
+# the global temporary directory. This directory must exist.
+runtime_dir = "/run/gitaly"
+ 
+ # # Optional: listen on a TCP socket. This is insecure (no authentication)
+ # listen_addr = "localhost:9999"
+@@ -22,7 +22,7 @@
+ # # Optional: configure where the Gitaly creates the sockets for internal connections. If unset, Gitaly will create a randomly
+ # # named temp directory each time it boots.
+ # # Non Gitaly clients should never connect to these sockets.
+-# internal_socket_dir = "/home/git/gitlab/tmp/sockets/private/internal"
+internal_socket_dir = "/run/gitaly/internal"
+ 
+ # # Optional: authenticate Gitaly requests using a shared secret
+ # [auth]
+@@ -30,14 +30,14 @@
+ # transitioning = false # Set `transitioning` to true to temporarily allow unauthenticated while rolling out authentication.
+ 
+ # [tls]
+-# certificate_path = '/home/git/cert.cert'
+-# key_path = '/home/git/key.pem'
+# certificate_path = '/etc/gitlab/ssl/gitaly.crt'
+# key_path = '/etc/gitlab/ssl/gitaly.key'
+ 
+-# # Git settings
+-# [git]
+-# bin_path = "/usr/bin/git"
+# Git settings
+[git]
+bin_path = "/usr/bin/git"
+ # catfile_cache_size = 100
+-#
+
+ # # Set this setting to `true` to start ignoring gitconfig files installed in
+ # # the system. This includes both system-level (e.g. '/etc/gitconffig') and
+ # # global-level (e.g. `$HOME/.gitconfig`) files. This setting will become the
+@@ -51,7 +51,7 @@
+ 
+ [[storage]]
+ name = "default"
+-path = "/home/git/repositories"
+path = "/var/lib/gitlab/repositories"
+ 
+ # # You can optionally configure more storages for this Gitaly instance to serve up
+ #
+@@ -61,15 +61,15 @@
+ #
+ 
+ # # You can optionally configure Gitaly to output JSON-formatted log messages to stdout
+-# [logging]
+-# # The directory where Gitaly stores extra log files
+-dir = "/home/git/gitlab/log"
+-# format = "json"
+-# # Optional: Set log level to only log entries with that severity or above
+-# # One of, in order: debug, info, warn, errror, fatal, panic
+-# # Defaults to "info"
+-# level = "warn"
+-#
+[logging]
+# The directory where Gitaly stores extra log files
+dir = "/var/log/gitlab"
+format = "text"
+# Optional: Set log level to only log entries with that severity or above
+# One of, in order: debug, info, warn, errror, fatal, panic
+# Defaults to "info"
+level = "warn"
+
+ # # Additionally exceptions from the Go server can be reported to Sentry
+ # sentry_dsn = "https://<key>:<secret>@sentry.io/<project>"
+ # # Exceptions from gitaly-ruby can also be reported to Sentry
+@@ -81,7 +81,7 @@
+ 
+ [gitaly-ruby]
+ # The directory where gitaly-ruby is installed
+-dir = "/home/git/gitaly/ruby"
+dir = "/usr/lib/bundles/gitaly-ruby"
+ 
+ # # Gitaly-ruby resident set size (RSS) that triggers a memory restart (bytes)
+ # max_rss = 200000000
+@@ -101,14 +101,14 @@
+ 
+ [gitlab-shell]
+ # The directory where gitlab-shell is installed
+-dir = "/home/git/gitlab-shell"
+dir = "/usr/lib/gitlab-shell"
+ 
+-[hooks]
+-custom_hooks_dir = "/home/git/custom_hooks"
+# [hooks]
+# custom_hooks_dir = "/etc/gitlab/custom_hooks"
+ 
+ [gitlab]
+-secret_file = "/home/git/gitlab-shell/.gitlab_shell_secret"
+-url = "http+unix://%2Fhome%2Fgit%2Fgitlab%2Ftmp%2Fsockets%2Fgitlab-workhorse.socket"
+secret_file = "/etc/gitlab/gitlab_shell_secret"
+url = "http+unix://%2Frun%2Fgitlab%2Fworkhorse.socket"
+ # Only needed if a UNIX socket is used in `url` and GitLab is configured to
+ # use a relative path (e.g. /gitlab).
+ # relative_url_root = '/'
--- a/user/gitaly/gemfile-use-local-grpc.patch
+++ b/user/gitaly/gemfile-use-local-grpc.patch
@ -0,0 +1,53 @@
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Wed, 07 Mar 2018 17:24:00 +0200
+Subject: Don't fetch grpc gem from RubyGems
+
+Grpc gem is total shit, doesn't build from source without patching,
+embeds three third-party libs including Google's very own fork of
+OpenSSL and root CAs, contains a lot of bloat etc.
+
+Therefore I install this shit from my Alpine package and
+copy it into vendor/ before running bundler.
+
+This patch also downgrades grpc and google-protobuf (reverts
+https://gitlab.com/gitlab-org/gitaly/-/commit/7fbf17ddbd385b014d284b78dbaf832310e41add)
+to the same version gitlab-foss uses. It's just to avoid dealing with
+ruby-grpc upgrade.
+
+--- a/ruby/Gemfile
+++ b/ruby/Gemfile
+@@ -10 +10,2 @@
+-gem 'grpc', '~> 1.42.0' # keep in lock-step with grpc-tools
+# This Google gem is totally messed, we handle it specially.
+gem 'grpc', path: 'vendor/grpc', require: false
+--- a/ruby/Gemfile.lock
+++ b/ruby/Gemfile.lock
+@@ -1,3 +1,9 @@
+PATH
+  remote: vendor/grpc
+  specs:
+    grpc (1.42.0)
+      google-protobuf (~> 3.18)
+
+ GEM
+   remote: https://rubygems.org/
+   specs:
+@@ -84,9 +90,6 @@
+     google-protobuf (3.21.3)
+     googleapis-common-protos-types (1.3.0)
+       google-protobuf (~> 3.14)
+-    grpc (1.42.0)
+-      google-protobuf (~> 3.18)
+-      googleapis-common-protos-types (~> 1.0)
+     grpc-tools (1.42.0)
+     i18n (1.12.0)
+       concurrent-ruby (~> 1.0)
+@@ -235,7 +238,7 @@
+   gitlab-license_finder
+   gitlab-markup (~> 1.7.1)
+   google-protobuf (~> 3.21.0)
+-  grpc (~> 1.42.0)
+  grpc!
+   grpc-tools (~> 1.42.0)
+   licensee (~> 9.14.1)
+   pry (~> 0.12.2)
--- a/user/gitaly/gitaly.initd
+++ b/user/gitaly/gitaly.initd
@ -0,0 +1,39 @@
+#!/sbin/openrc-run
+
+name="Gitaly"
+description="A Git RPC service for handling all the git calls made by GitLab"
+
+: ${gitaly_config:="/etc/gitlab/gitaly.toml"}
+: ${gitaly_logfile:="/var/log/gitlab/gitaly.log"}
+
+command="/usr/bin/gitaly"
+command_args="$gitaly_config"
+command_background="yes"
+command_user="git"
+
+output_log="$gitaly_logfile"
+error_log="$gitaly_logfile"
+pidfile="/run/gitaly.pid"
+supervise_daemon_args="--env TZ=:/etc/localtime"
+start_stop_daemon_args="$supervise_daemon_args"
+
+rc_ulimit="-n 15000"
+
+required_files="$gitaly_config"
+
+depend() {
+	use net
+}
+
+start_pre() {
+	local socket_path=$(sed -En "s/^\s*socket_path\s*=\s*[\"']([^\"']+)[\"']/\1/p" "$gitaly_config")
+	local runtime_dir=$(sed -En "s/^\s*runtime_dir\s*=\s*[\"']([^\"']+)[\"']/\1/p" "$gitaly_config")
+
+	if [ "$socket_path" ]; then
+		checkpath -q -d -m 755 -o $command_user "${socket_path%/*}" || return 1
+	fi
+	if [ "$runtime_dir" ]; then
+		checkpath -q -d -m 750 -o $command_user "$runtime_dir" || return 1
+	fi
+	checkpath -f -m 640 -o $command_user "$gitaly_logfile"
+}
--- a/user/gitaly/gitlab-shell-fix-paths.patch
+++ b/user/gitaly/gitlab-shell-fix-paths.patch
@ -0,0 +1,11 @@
+--- a/ruby/vendor/gitlab-shell/lib/gitlab_config.rb
+++ b/ruby/vendor/gitlab-shell/lib/gitlab_config.rb
+@@ -4,7 +4,7 @@ class GitlabConfig
+   attr_reader :config
+ 
+   def initialize
+-    @config = YAML.load_file(File.join(ROOT_PATH, 'config.yml'))
+    @config = YAML.load_file(ENV.fetch('GITLAB_SHELL_CONFIG', '/etc/gitlab/gitlab-shell.yml'))
+   end
+ 
+   def home
--- a/user/gitaly/libgit-1.4-compat.patch
+++ b/user/gitaly/libgit-1.4-compat.patch
@ -0,0 +1,5 @@
+--- a/ruby/Gemfile.lock
+++ b/ruby/Gemfile.lock
+@@ -196 +196 @@
+-    rugged (1.2.0)
+    rugged (1.4.4)