diff --git a/archives/gitaly/APKBUILD b/archives/gitaly/APKBUILD new file mode 100644 index 0000000..1b400ca --- /dev/null +++ b/archives/gitaly/APKBUILD @@ -0,0 +1,86 @@ +# Maintainer: Antoine Martin (ayakael) +# Contributor: Antoine Martin (ayakael) +# Contributor: Jakub Jirutka +pkgname=gitaly +pkgver=17.0.4 +pkgrel=0 +pkgdesc="A Git RPC service for handling all the git calls made by GitLab" +url="https://gitlab.com/gitlab-org/gitaly/" +arch="all" +# GPL-2.0-only WITH GCC-exception-2.0: bundled libgit2 +license="MIT AND GPL-2.0-only WITH GCC-exception-2.0" +depends=" + git>=2.42 + " +makedepends=" + bash + cmake + go + icu-dev + libssh2-dev + libxml2-dev + libxslt-dev + " +subpackages=" + $pkgname-backup + $pkgname-blackbox + $pkgname-praefect + $pkgname-openrc + " +source="https://gitlab.com/gitlab-org/gitaly/-/archive/v$pkgver/gitaly-v$pkgver.tar.gz + config.patch + $pkgname.initd + " +builddir="$srcdir/$pkgname-v$pkgver" +options="!check" + +build() { + make V=1 BUILD_TAGS="tracer_static tracer_static_jaeger" +} + +package() { + ## Go part + + make install DESTDIR="$pkgdir" PREFIX=/usr + + # Not very useful for us. + rm "$pkgdir"/usr/bin/gitaly-debug + rm "$pkgdir"/usr/bin/gitaly-wrapper + + install -m644 -D config.toml.example "$pkgdir"/etc/gitlab/gitaly.toml + install -m644 -D config.praefect.toml.example "$pkgdir"/etc/gitlab/praefect.toml + install -m644 -D cmd/gitaly-blackbox/config.toml.example "$pkgdir"/etc/gitlab/gitaly-blackbox.toml + + install -m755 -D "$srcdir"/gitaly.initd "$pkgdir"/etc/init.d/gitlab.gitaly +} + +backup() { + pkgdesc="Utility used by the backup Rake task to create/restore repository backups from Gitaly" + depends="" + + amove usr/bin/gitaly-backup +} + +# TODO: Add init script. +blackbox() { + pkgdesc="Prometheus exporter that measures GitLab server performance by performing a Git HTTP clone" + depends="" + + amove etc/gitlab/gitaly-blackbox.toml + amove usr/bin/gitaly-blackbox +} + +# TODO: Add init script. +praefect() { + pkgdesc="A reverse-proxy for Gitaly to manage a cluster of Gitaly nodes for HA" + depends="" + + amove etc/gitlab/praefect.toml + amove usr/bin/praefect +} + +sha512sums=" +2d06498c519c20804dd592cac3214cf8124ece1dda0d15342f8ccc6d9c9d2715dad24f9940e4d87b824320483c9882004bcef3747a8de347c1d48ec983a9f5cb gitaly-v17.0.4.tar.gz +7685330e637c3a34db941c9e6b8776d0611ec16297e8be998a3eb4716c455d9f015d433a4d27720c24e520d489dd56bdab7c0e4264f2852b4b0bfd6ecaa7f773 config.patch +c32105d921be16eaf559cf21d6840bc346cd92b5e37974cedecdb5a2d2ca1eb5e8fbb144f5fc8a1289bf9415102b313cf2d61ee510c80f08ab33a799f5ac7122 gitaly.initd +" diff --git a/archives/gitaly/config.patch b/archives/gitaly/config.patch new file mode 100644 index 0000000..9df7db0 --- /dev/null +++ b/archives/gitaly/config.patch @@ -0,0 +1,91 @@ +diff --git a/config.toml.example.orig b/config.toml.example +index 82b8502..9982087 100644 +--- a/config.toml.example.orig ++++ b/config.toml.example +@@ -2,19 +2,24 @@ + # For Gitaly documentation, see https://docs.gitlab.com/ee/administration/gitaly/. + + # A path which Gitaly should open a Unix socket. +-socket_path = "/home/git/gitlab/tmp/sockets/private/gitaly.socket" ++socket_path = "/run/gitlab/gitaly.socket" + + # Directory containing Gitaly executables. +-bin_dir = "/home/git/gitaly/_build/bin" ++bin_dir = "/usr/bin" + + # # Optional. The directory where Gitaly can create all files required to + # # properly operate at runtime. If not set, Gitaly will create a directory in + # # the global temporary directory. This directory must exist. +-# runtime_dir = "/home/git/gitaly/run" ++runtime_dir = "/run/gitaly" + + # # Optional if socket_path is set. TCP address for Gitaly to listen on. This is insecure (unencrypted connection). + # listen_addr = "localhost:9999" + ++# # Optional: configure where the Gitaly creates the sockets for internal connections. If unset, Gitaly will create a randomly ++# # named temp directory each time it boots. ++# # Non Gitaly clients should never connect to these sockets. ++internal_socket_dir = "/run/gitaly/internal" ++ + # # Optional. TCP over TLS address for Gitaly to listen on. + # tls_listen_addr = "localhost:8888" + +@@ -35,9 +40,9 @@ bin_dir = "/home/git/gitaly/_build/bin" + # # Gitaly supports TLS encryption. You must bring your own certificates because this isn’t provided automatically. + # [tls] + # # Path to the certificate. +-# certificate_path = '/home/git/cert.cert' ++# certificate_path = '/etc/gitlab/ssl/gitaly.crt' + # # Path to the key. +-# key_path = '/home/git/key.pem' ++# key_path = '/etc/gitlab/ssl/gitaly.key' + + # # Git settings + # [git] +@@ -58,7 +63,7 @@ bin_dir = "/home/git/gitaly/_build/bin" + # # The name of the storage + name = "default" + # # The path to the storage. +-path = "/home/git/repositories" ++path = "/var/lib/gitlab/repositories" + + # # You can optionally configure more storages for this Gitaly instance to serve up + # +@@ -70,12 +75,12 @@ path = "/home/git/repositories" + # # Optional. Configure Gitaly to output JSON-formatted log messages to stdout. + # [logging] + # # Directory where Gitaly stores extra log files. +-dir = "/home/git/gitlab/log" ++dir = "/vat/log/gitlab" + # # Log format. Either 'text' or 'json'. +-# format = "json" ++format = "text" + # # Optional. Set log level to only log entries with that severity or above. + # # Valid values are, in order, 'debug', 'info', 'warn', 'error', 'fatal', and 'panic'. Defaults to 'info'. +-# level = "warn" ++level = "warn" + # # Additionally, exceptions from the Go server can be reported to Sentry. Sentry DSN (Data Source Name) + # # for exception monitoring. + # sentry_dsn = "https://:@sentry.io/" +@@ -91,18 +96,18 @@ sentry_environment = "" + # # Custom Git hooks that are used to perform tasks based on changes performed in any repository. + [hooks] + # # Directory where custom Git hooks are installed. If left unset, no custom hooks are used. +-custom_hooks_dir = "/home/git/custom_hooks" ++custom_hooks_dir = "/etc/gitlab/custom_hooks" + + # # Gitaly must connect to the GitLab application to perform access checks when a user performs a change. + [gitlab] + # # URL of the GitLab server. +-url = "http+unix://%2Fhome%2Fgit%2Fgitlab%2Ftmp%2Fsockets%2Fgitlab-workhorse.socket" ++url = "http+unix://%2Frun%2Fgitlab%2Fworkhorse.socket" + # # 'relative_url_root' is only needed if a UNIX socket is used in 'url' and GitLab is configured to + # # use a relative path. For example, '/gitlab'. + # relative_url_root = '/' + # # Path of the file containing the secret token used to authenticate with GitLab. Use either 'secret_token' or 'secret' + # # but not both. +-secret_file = "/home/git/gitlab-shell/.gitlab_shell_secret" ++secret_file = "/etc/gitlab/gitlab_shell_secret" + # # Secret token used to authenticate with GitLab. + # secret = "" + diff --git a/archives/gitaly/gitaly.initd b/archives/gitaly/gitaly.initd new file mode 100644 index 0000000..290c922 --- /dev/null +++ b/archives/gitaly/gitaly.initd @@ -0,0 +1,39 @@ +#!/sbin/openrc-run + +name="Gitaly" +description="A Git RPC service for handling all the git calls made by GitLab" + +: ${gitaly_config:="/etc/gitlab/gitaly.toml"} +: ${gitaly_logfile:="/var/log/gitlab/gitaly.log"} + +command="/usr/bin/gitaly" +command_args="$gitaly_config" +command_background="yes" +command_user="git" + +output_log="$gitaly_logfile" +error_log="$gitaly_logfile" +pidfile="/run/gitaly.pid" +supervise_daemon_args="--env TZ=:/etc/localtime" +start_stop_daemon_args="$supervise_daemon_args" + +rc_ulimit="-n 15000" + +required_files="$gitaly_config" + +depend() { + use net +} + +start_pre() { + local socket_path=$(sed -En "s/^\s*socket_path\s*=\s*[\"']([^\"']+)[\"']/\1/p" "$gitaly_config") + local runtime_dir=$(sed -En "s/^\s*runtime_dir\s*=\s*[\"']([^\"']+)[\"']/\1/p" "$gitaly_config") + + if [ "$socket_path" ]; then + checkpath -q -d -m 755 -o $command_user "${socket_path%/*}" || return 1 + fi + if [ "$runtime_dir" ]; then + checkpath -q -d -m 750 -o $command_user "$runtime_dir" || return 1 + fi + checkpath -f -m 640 -o $command_user "$gitaly_logfile" +}