summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO14
-rw-r--r--PKGBUILD19
-rw-r--r--config.cfg27
-rw-r--r--gitlab-pages.service11
-rw-r--r--service.env9
5 files changed, 57 insertions, 23 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 62375603d907..d17d62cc0d4e 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,8 +1,8 @@
# Generated by mksrcinfo v8
-# Sun Apr 1 18:02:24 UTC 2018
+# Sat Apr 28 19:11:45 UTC 2018
pkgbase = gitlab-pages
pkgdesc = GitLab Pages daemon used to serve static websites for GitLab users
- pkgver = 0.7.1
+ pkgver = 0.9.0
pkgrel = 1
url = https://gitlab.com/gitlab-org/gitlab-pages
arch = i686
@@ -10,12 +10,14 @@ pkgbase = gitlab-pages
license = MIT
makedepends = go
backup = etc/gitlab-pages/config.cfg
- source = https://gitlab.com/gitlab-org/gitlab-pages/repository/v0.7.1/archive.tar.gz
+ source = gitlab-pages-v0.9.0.tar.gz::https://gitlab.com/gitlab-org/gitlab-pages/repository/v0.9.0/archive.tar.gz
source = config.cfg
source = gitlab-pages.service
- sha256sums = c9ab39dcadc4b82fd86957afb3d9fc12e795d18a2f10c8391b51553932f48773
- sha256sums = 9c69b96b33e194cccbcb0e0412f422be8f9fea45c95a9df5353cb752463e99d6
- sha256sums = 56568f9959efef8a1f40587dcd21942a9938aaa97e7bd0b5a628905147c7b4ed
+ source = service.env
+ sha256sums = 90e3c873382e42caccce0f4ab1b1a3bfef510849500eab28409f72661a557e16
+ sha256sums = 558e9f5ec85fbf4ef7380016e64bcf00f09498596044f76a8eb87b6ef4154ce4
+ sha256sums = ae62235f0fd66eaed7ad74048daf21b92058aba90e40fc2d3e7a684e9883c32e
+ sha256sums = fd8f9b60e2247077ad00765904237b6b1c36b11a952cd3b1ad88e74417b82a96
pkgname = gitlab-pages
diff --git a/PKGBUILD b/PKGBUILD
index fda57cf2cdb8..c63d62efd5d7 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
# Maintainer: Melvin Vermeeren <mail@mel.vin>
# Useful: https://gitlab.com/gitlab-org/gitlab-ce/issues/29963
pkgname=gitlab-pages
-pkgver=0.7.1
+pkgver=0.9.0
pkgrel=1
pkgdesc='GitLab Pages daemon used to serve static websites for GitLab users'
url='https://gitlab.com/gitlab-org/gitlab-pages'
@@ -9,20 +9,18 @@ license=('MIT')
arch=('i686' 'x86_64')
depends=()
makedepends=('go')
-source=("https://gitlab.com/gitlab-org/gitlab-pages/repository/v$pkgver/archive.tar.gz"
+source=("$pkgname-v$pkgver.tar.gz::https://gitlab.com/gitlab-org/gitlab-pages/repository/v$pkgver/archive.tar.gz"
'config.cfg'
- 'gitlab-pages.service')
+ 'gitlab-pages.service'
+ 'service.env')
backup=('etc/gitlab-pages/config.cfg')
-sha256sums=('c9ab39dcadc4b82fd86957afb3d9fc12e795d18a2f10c8391b51553932f48773'
- '9c69b96b33e194cccbcb0e0412f422be8f9fea45c95a9df5353cb752463e99d6'
- '56568f9959efef8a1f40587dcd21942a9938aaa97e7bd0b5a628905147c7b4ed')
+sha256sums=('90e3c873382e42caccce0f4ab1b1a3bfef510849500eab28409f72661a557e16'
+ '558e9f5ec85fbf4ef7380016e64bcf00f09498596044f76a8eb87b6ef4154ce4'
+ 'ae62235f0fd66eaed7ad74048daf21b92058aba90e40fc2d3e7a684e9883c32e'
+ 'fd8f9b60e2247077ad00765904237b6b1c36b11a952cd3b1ad88e74417b82a96')
build() {
cd "$srcdir/$pkgname-v$pkgver-"*
- # static build does not work with Arch's Go, you get:
- # go install net: open /usr/lib/go/pkg/linux_amd64/net.a: permission denied
- # this means the chroot function will not work
- sed -i 's/\(export CGO_ENABLED := \)0/\11/' Makefile
make
}
@@ -31,4 +29,5 @@ package() {
install -Dm 755 gitlab-pages "$pkgdir/usr/bin/gitlab-pages"
install -Dm 644 "$srcdir/config.cfg" "$pkgdir/etc/gitlab-pages/config.cfg"
install -Dm 644 "$srcdir/gitlab-pages.service" "$pkgdir/usr/lib/systemd/system/gitlab-pages.service"
+ install -Dm 644 "$srcdir/service.env" "$pkgdir/etc/gitlab-pages/service.env"
}
diff --git a/config.cfg b/config.cfg
index eaa6988ea3da..c8a377a1a82d 100644
--- a/config.cfg
+++ b/config.cfg
@@ -1,3 +1,18 @@
+# The path to the certificate file for the admin API (optional)
+#admin-https-cert=string
+
+# The path to the key file for the admin API (optional)
+#admin-https-key=string
+
+# The listen address for the admin API HTTPS listener (optional)
+#admin-https-listener=string
+
+# Path to the file containing the admin secret token
+#admin-secret-path=string
+
+# The path for the admin API unix socket listener (optional)
+#admin-unix-listener=string
+
# API URL to proxy artifact requests to, e.g.: 'https://gitlab.com/api/v4'
#artifacts-server=string
@@ -5,10 +20,12 @@
#artifacts-server-timeout=int
# Drop privileges to this group
-#daemon-gid=uint
+# Arch: chroot to GitLab group by default
+daemon-gid=105
# Drop privileges to this user
-#daemon-uid=uint
+# Arch: chroot to GitLab user by default
+daemon-uid=105
# Disable cross-origin requests
#disable-cross-origin-requests
@@ -25,6 +42,9 @@
# The log output format: 'text' or 'json' (default "text")
#log-format=string
+# Verbose logging
+#log-verbose
+
# The address to listen on for metrics requests
#metrics-address=string
@@ -32,7 +52,8 @@
#pages-domain=string
# The directory where pages are stored (default "shared/pages")
-#pages-root=string
+# Arch: chroot to default pages dir
+pages-root=/var/lib/gitlab/shared/pages
# The url path for a status page, e.g., /@status
#pages-status=string
diff --git a/gitlab-pages.service b/gitlab-pages.service
index f3252552e68e..689e55396060 100644
--- a/gitlab-pages.service
+++ b/gitlab-pages.service
@@ -4,11 +4,15 @@ After=syslog.target network.target
ConditionFileIsExecutable=/usr/bin/gitlab-pages
[Service]
-User=gitlab
-Group=gitlab
+User=root
+Group=root
StartLimitInterval=5
StartLimitBurst=10
-ExecStart=/usr/bin/gitlab-pages -config /etc/gitlab-pages/config.cfg
+# systemd cannot handle User=${...}, so wrap it in ExecStart instead
+EnvironmentFile=/etc/gitlab-pages/service.env
+ExecStart=/usr/bin/setpriv --inh-caps=-all --clear-groups \
+ --reuid=${GITLAB_PAGES_UID} --regid=${GITLAB_PAGES_GID} \
+ /usr/bin/gitlab-pages -config /etc/gitlab-pages/config.cfg
Restart=always
RestartSec=120
StandardOutput=syslog
@@ -17,7 +21,6 @@ SyslogIdentifier=gitlab-pages
PrivateTmp=true
ProtectSystem=full
ProtectHome=true
-CapabilityBoundingSet=
[Install]
WantedBy=multi-user.target
diff --git a/service.env b/service.env
new file mode 100644
index 000000000000..3044e149aba0
--- /dev/null
+++ b/service.env
@@ -0,0 +1,9 @@
+# environment for the systemd service
+
+# Arch: launch as root, gitlab-pages will chroot itself by default
+# If you do not want to chroot change these to GitLab (105)
+GITLAB_PAGES_UID=0
+GITLAB_PAGES_GID=0
+
+# Arch: when chrooted pages requires this to point to the system's cert bundle
+SSL_CERT_FILE=/etc/ca-certificates/extracted/tls-ca-bundle.pem