diff options
-rw-r--r-- | .SRCINFO | 14 | ||||
-rw-r--r-- | PKGBUILD | 19 | ||||
-rw-r--r-- | config.cfg | 27 | ||||
-rw-r--r-- | gitlab-pages.service | 11 | ||||
-rw-r--r-- | service.env | 9 |
5 files changed, 57 insertions, 23 deletions
@@ -1,8 +1,8 @@ # Generated by mksrcinfo v8 -# Sun Apr 1 18:02:24 UTC 2018 +# Sat Apr 28 19:11:45 UTC 2018 pkgbase = gitlab-pages pkgdesc = GitLab Pages daemon used to serve static websites for GitLab users - pkgver = 0.7.1 + pkgver = 0.9.0 pkgrel = 1 url = https://gitlab.com/gitlab-org/gitlab-pages arch = i686 @@ -10,12 +10,14 @@ pkgbase = gitlab-pages license = MIT makedepends = go backup = etc/gitlab-pages/config.cfg - source = https://gitlab.com/gitlab-org/gitlab-pages/repository/v0.7.1/archive.tar.gz + source = gitlab-pages-v0.9.0.tar.gz::https://gitlab.com/gitlab-org/gitlab-pages/repository/v0.9.0/archive.tar.gz source = config.cfg source = gitlab-pages.service - sha256sums = c9ab39dcadc4b82fd86957afb3d9fc12e795d18a2f10c8391b51553932f48773 - sha256sums = 9c69b96b33e194cccbcb0e0412f422be8f9fea45c95a9df5353cb752463e99d6 - sha256sums = 56568f9959efef8a1f40587dcd21942a9938aaa97e7bd0b5a628905147c7b4ed + source = service.env + sha256sums = 90e3c873382e42caccce0f4ab1b1a3bfef510849500eab28409f72661a557e16 + sha256sums = 558e9f5ec85fbf4ef7380016e64bcf00f09498596044f76a8eb87b6ef4154ce4 + sha256sums = ae62235f0fd66eaed7ad74048daf21b92058aba90e40fc2d3e7a684e9883c32e + sha256sums = fd8f9b60e2247077ad00765904237b6b1c36b11a952cd3b1ad88e74417b82a96 pkgname = gitlab-pages @@ -1,7 +1,7 @@ # Maintainer: Melvin Vermeeren <mail@mel.vin> # Useful: https://gitlab.com/gitlab-org/gitlab-ce/issues/29963 pkgname=gitlab-pages -pkgver=0.7.1 +pkgver=0.9.0 pkgrel=1 pkgdesc='GitLab Pages daemon used to serve static websites for GitLab users' url='https://gitlab.com/gitlab-org/gitlab-pages' @@ -9,20 +9,18 @@ license=('MIT') arch=('i686' 'x86_64') depends=() makedepends=('go') -source=("https://gitlab.com/gitlab-org/gitlab-pages/repository/v$pkgver/archive.tar.gz" +source=("$pkgname-v$pkgver.tar.gz::https://gitlab.com/gitlab-org/gitlab-pages/repository/v$pkgver/archive.tar.gz" 'config.cfg' - 'gitlab-pages.service') + 'gitlab-pages.service' + 'service.env') backup=('etc/gitlab-pages/config.cfg') -sha256sums=('c9ab39dcadc4b82fd86957afb3d9fc12e795d18a2f10c8391b51553932f48773' - '9c69b96b33e194cccbcb0e0412f422be8f9fea45c95a9df5353cb752463e99d6' - '56568f9959efef8a1f40587dcd21942a9938aaa97e7bd0b5a628905147c7b4ed') +sha256sums=('90e3c873382e42caccce0f4ab1b1a3bfef510849500eab28409f72661a557e16' + '558e9f5ec85fbf4ef7380016e64bcf00f09498596044f76a8eb87b6ef4154ce4' + 'ae62235f0fd66eaed7ad74048daf21b92058aba90e40fc2d3e7a684e9883c32e' + 'fd8f9b60e2247077ad00765904237b6b1c36b11a952cd3b1ad88e74417b82a96') build() { cd "$srcdir/$pkgname-v$pkgver-"* - # static build does not work with Arch's Go, you get: - # go install net: open /usr/lib/go/pkg/linux_amd64/net.a: permission denied - # this means the chroot function will not work - sed -i 's/\(export CGO_ENABLED := \)0/\11/' Makefile make } @@ -31,4 +29,5 @@ package() { install -Dm 755 gitlab-pages "$pkgdir/usr/bin/gitlab-pages" install -Dm 644 "$srcdir/config.cfg" "$pkgdir/etc/gitlab-pages/config.cfg" install -Dm 644 "$srcdir/gitlab-pages.service" "$pkgdir/usr/lib/systemd/system/gitlab-pages.service" + install -Dm 644 "$srcdir/service.env" "$pkgdir/etc/gitlab-pages/service.env" } diff --git a/config.cfg b/config.cfg index eaa6988ea3da..c8a377a1a82d 100644 --- a/config.cfg +++ b/config.cfg @@ -1,3 +1,18 @@ +# The path to the certificate file for the admin API (optional) +#admin-https-cert=string + +# The path to the key file for the admin API (optional) +#admin-https-key=string + +# The listen address for the admin API HTTPS listener (optional) +#admin-https-listener=string + +# Path to the file containing the admin secret token +#admin-secret-path=string + +# The path for the admin API unix socket listener (optional) +#admin-unix-listener=string + # API URL to proxy artifact requests to, e.g.: 'https://gitlab.com/api/v4' #artifacts-server=string @@ -5,10 +20,12 @@ #artifacts-server-timeout=int # Drop privileges to this group -#daemon-gid=uint +# Arch: chroot to GitLab group by default +daemon-gid=105 # Drop privileges to this user -#daemon-uid=uint +# Arch: chroot to GitLab user by default +daemon-uid=105 # Disable cross-origin requests #disable-cross-origin-requests @@ -25,6 +42,9 @@ # The log output format: 'text' or 'json' (default "text") #log-format=string +# Verbose logging +#log-verbose + # The address to listen on for metrics requests #metrics-address=string @@ -32,7 +52,8 @@ #pages-domain=string # The directory where pages are stored (default "shared/pages") -#pages-root=string +# Arch: chroot to default pages dir +pages-root=/var/lib/gitlab/shared/pages # The url path for a status page, e.g., /@status #pages-status=string diff --git a/gitlab-pages.service b/gitlab-pages.service index f3252552e68e..689e55396060 100644 --- a/gitlab-pages.service +++ b/gitlab-pages.service @@ -4,11 +4,15 @@ After=syslog.target network.target ConditionFileIsExecutable=/usr/bin/gitlab-pages [Service] -User=gitlab -Group=gitlab +User=root +Group=root StartLimitInterval=5 StartLimitBurst=10 -ExecStart=/usr/bin/gitlab-pages -config /etc/gitlab-pages/config.cfg +# systemd cannot handle User=${...}, so wrap it in ExecStart instead +EnvironmentFile=/etc/gitlab-pages/service.env +ExecStart=/usr/bin/setpriv --inh-caps=-all --clear-groups \ + --reuid=${GITLAB_PAGES_UID} --regid=${GITLAB_PAGES_GID} \ + /usr/bin/gitlab-pages -config /etc/gitlab-pages/config.cfg Restart=always RestartSec=120 StandardOutput=syslog @@ -17,7 +21,6 @@ SyslogIdentifier=gitlab-pages PrivateTmp=true ProtectSystem=full ProtectHome=true -CapabilityBoundingSet= [Install] WantedBy=multi-user.target diff --git a/service.env b/service.env new file mode 100644 index 000000000000..3044e149aba0 --- /dev/null +++ b/service.env @@ -0,0 +1,9 @@ +# environment for the systemd service + +# Arch: launch as root, gitlab-pages will chroot itself by default +# If you do not want to chroot change these to GitLab (105) +GITLAB_PAGES_UID=0 +GITLAB_PAGES_GID=0 + +# Arch: when chrooted pages requires this to point to the system's cert bundle +SSL_CERT_FILE=/etc/ca-certificates/extracted/tls-ca-bundle.pem |