diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/entities.rb | 13 | ||||
| -rw-r--r-- | lib/api/helpers.rb | 4 | ||||
| -rw-r--r-- | lib/api/issues.rb | 14 | ||||
| -rw-r--r-- | lib/api/merge_requests.rb | 12 | ||||
| -rw-r--r-- | lib/api/projects.rb | 21 | ||||
| -rw-r--r-- | lib/api/repositories.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/backend/shell.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/compare_result.rb | 9 | ||||
| -rw-r--r-- | lib/gitlab/issues_labels.rb | 38 | ||||
| -rw-r--r-- | lib/gitlab/ldap/access.rb | 13 | ||||
| -rw-r--r-- | lib/gitlab/markdown_helper.rb | 25 | ||||
| -rw-r--r-- | lib/gitlab/oauth/user.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/satellite/action.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/satellite/compare_action.rb | 35 | ||||
| -rw-r--r-- | lib/gitlab/satellite/merge_action.rb | 15 | ||||
| -rw-r--r-- | lib/gitlab/sidekiq_middleware/arguments_logger.rb | 10 | ||||
| -rw-r--r-- | lib/gitlab/theme.rb | 10 | ||||
| -rw-r--r-- | lib/gitlab/user_access.rb | 9 | ||||
| -rw-r--r-- | lib/gitlab/visibility_level.rb | 8 | ||||
| -rw-r--r-- | lib/support/nginx/gitlab | 6 | ||||
| -rw-r--r-- | lib/support/nginx/gitlab-ssl | 83 | ||||
| -rw-r--r-- | lib/tasks/gitlab/check.rake | 24 | ||||
| -rw-r--r-- | lib/tasks/gitlab/shell.rake | 3 |
23 files changed, 217 insertions, 145 deletions
diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 09fb97abf29..8731db59e57 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -102,6 +102,7 @@ module API class RepoCommit < Grape::Entity expose :id, :short_id, :title, :author_name, :author_email, :created_at + expose :safe_message, as: :message end class RepoCommitDetail < RepoCommit @@ -126,7 +127,7 @@ module API end class Issue < ProjectEntity - expose :label_list, as: :labels + expose :label_names, as: :labels expose :milestone, using: Entities::Milestone expose :assignee, :author, using: Entities::UserBasic end @@ -135,7 +136,7 @@ module API expose :target_branch, :source_branch, :upvotes, :downvotes expose :author, :assignee, using: Entities::UserBasic expose :source_project_id, :target_project_id - expose :label_list, as: :labels + expose :label_names, as: :labels end class SSHKey < Grape::Entity @@ -201,13 +202,13 @@ module API class Compare < Grape::Entity expose :commit, using: Entities::RepoCommit do |compare, options| - if compare.commit - Commit.new compare.commit - end + Commit.decorate(compare.commits).last end + expose :commits, using: Entities::RepoCommit do |compare, options| - Commit.decorate compare.commits + Commit.decorate(compare.commits) end + expose :diffs, using: Entities::RepoDiff do |compare, options| compare.diffs end diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index d7d209e16f7..8189e433789 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -5,6 +5,10 @@ module API SUDO_HEADER ="HTTP_SUDO" SUDO_PARAM = :sudo + def parse_boolean(value) + [ true, 1, '1', 't', 'T', 'true', 'TRUE', 'on', 'ON' ].include?(value) + end + def current_user private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s @current_user ||= User.find_by(authentication_token: private_token) diff --git a/lib/api/issues.rb b/lib/api/issues.rb index f50be3a815d..b29118b2fd8 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -50,10 +50,15 @@ module API post ":id/issues" do required_attributes! [:title] attrs = attributes_for_keys [:title, :description, :assignee_id, :milestone_id] - attrs[:label_list] = params[:labels] if params[:labels].present? + issue = ::Issues::CreateService.new(user_project, current_user, attrs).execute if issue.valid? + # Find or create labels and attach to issue + if params[:labels].present? + issue.add_labels_by_names(params[:labels].split(",")) + end + present issue, with: Entities::Issue else not_found! @@ -76,13 +81,16 @@ module API put ":id/issues/:issue_id" do issue = user_project.issues.find(params[:issue_id]) authorize! :modify_issue, issue - attrs = attributes_for_keys [:title, :description, :assignee_id, :milestone_id, :state_event] - attrs[:label_list] = params[:labels] if params[:labels].present? issue = ::Issues::UpdateService.new(user_project, current_user, attrs).execute(issue) if issue.valid? + # Find or create labels and attach to issue + if params[:labels].present? + issue.add_labels_by_names(params[:labels].split(",")) + end + present issue, with: Entities::Issue else not_found! diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index fc1f1254a9e..acca7cb6bad 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -76,10 +76,14 @@ module API authorize! :write_merge_request, user_project required_attributes! [:source_branch, :target_branch, :title] attrs = attributes_for_keys [:source_branch, :target_branch, :assignee_id, :title, :target_project_id, :description] - attrs[:label_list] = params[:labels] if params[:labels].present? merge_request = ::MergeRequests::CreateService.new(user_project, current_user, attrs).execute if merge_request.valid? + # Find or create labels and attach to issue + if params[:labels].present? + merge_request.add_labels_by_names(params[:labels].split(",")) + end + present merge_request, with: Entities::MergeRequest else handle_merge_request_errors! merge_request.errors @@ -103,12 +107,16 @@ module API # put ":id/merge_request/:merge_request_id" do attrs = attributes_for_keys [:source_branch, :target_branch, :assignee_id, :title, :state_event, :description] - attrs[:label_list] = params[:labels] if params[:labels].present? merge_request = user_project.merge_requests.find(params[:merge_request_id]) authorize! :modify_merge_request, merge_request merge_request = ::MergeRequests::UpdateService.new(user_project, current_user, attrs).execute(merge_request) if merge_request.valid? + # Find or create labels and attach to issue + if params[:labels].present? + merge_request.add_labels_by_names(params[:labels].split(",")) + end + present merge_request, with: Entities::MergeRequest else handle_merge_request_errors! merge_request.errors diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 732c969d7ef..149678e6803 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -7,7 +7,7 @@ module API helpers do def map_public_to_visibility_level(attrs) publik = attrs.delete(:public) - publik = [ true, 1, '1', 't', 'T', 'true', 'TRUE', 'on', 'ON' ].include?(publik) + publik = parse_boolean(publik) attrs[:visibility_level] = Gitlab::VisibilityLevel::PUBLIC if !attrs[:visibility_level].present? && publik == true attrs end @@ -15,10 +15,20 @@ module API # Get a projects list for authenticated user # + # Parameters: + # archived (optional) - if passed, limit by archived status + # # Example Request: # GET /projects get do - @projects = paginate current_user.authorized_projects + @projects = current_user.authorized_projects + + # If the archived parameter is passed, limit results accordingly + if params[:archived].present? + @projects = @projects.where(archived: parse_boolean(params[:archived])) + end + + @projects = paginate @projects present @projects, with: Entities::Project end @@ -77,6 +87,7 @@ module API # namespace_id (optional) - defaults to user namespace # public (optional) - if true same as setting visibility_level = 20 # visibility_level (optional) - 0 by default + # import_url (optional) # Example Request # POST /projects post do @@ -117,6 +128,7 @@ module API # snippets_enabled (optional) # public (optional) - if true same as setting visibility_level = 20 # visibility_level (optional) + # import_url (optional) # Example Request # POST /projects/user/:user_id post "user/:user_id" do @@ -130,7 +142,8 @@ module API :wiki_enabled, :snippets_enabled, :public, - :visibility_level] + :visibility_level, + :import_url] attrs = map_public_to_visibility_level(attrs) @project = ::Projects::CreateService.new(user, attrs).execute if @project.saved? @@ -219,7 +232,7 @@ module API # Example Request: # GET /projects/:id/labels get ':id/labels' do - @labels = user_project.issues_labels + @labels = user_project.labels present @labels, with: Entities::Label end end diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb index d091fa4f035..461ce4e59cf 100644 --- a/lib/api/repositories.rb +++ b/lib/api/repositories.rb @@ -147,7 +147,7 @@ module API get ':id/repository/compare' do authorize! :download_code, user_project required_attributes! [:from, :to] - compare = Gitlab::Git::Compare.new(user_project.repository.raw_repository, params[:from], params[:to], MergeRequestDiff::COMMITS_SAFE_SIZE) + compare = Gitlab::Git::Compare.new(user_project.repository.raw_repository, params[:from], params[:to]) present compare, with: Entities::Compare end diff --git a/lib/gitlab/backend/shell.rb b/lib/gitlab/backend/shell.rb index b93800e235f..53bff3037e5 100644 --- a/lib/gitlab/backend/shell.rb +++ b/lib/gitlab/backend/shell.rb @@ -27,7 +27,7 @@ module Gitlab # import_repository("gitlab/gitlab-ci", "https://github.com/randx/six.git") # def import_repository(name, url) - system "#{gitlab_shell_path}/bin/gitlab-projects", "import-project", "#{name}.git", url + system "#{gitlab_shell_path}/bin/gitlab-projects", "import-project", "#{name}.git", url, '240' end # Move repository diff --git a/lib/gitlab/compare_result.rb b/lib/gitlab/compare_result.rb new file mode 100644 index 00000000000..d72391dade5 --- /dev/null +++ b/lib/gitlab/compare_result.rb @@ -0,0 +1,9 @@ +module Gitlab + class CompareResult + attr_reader :commits, :diffs + + def initialize(compare) + @commits, @diffs = compare.commits, compare.diffs + end + end +end diff --git a/lib/gitlab/issues_labels.rb b/lib/gitlab/issues_labels.rb index bc49d27b521..0d34976736f 100644 --- a/lib/gitlab/issues_labels.rb +++ b/lib/gitlab/issues_labels.rb @@ -1,27 +1,27 @@ module Gitlab class IssuesLabels class << self - def important_labels - %w(bug critical confirmed) - end - - def warning_labels - %w(documentation support) - end - - def neutral_labels - %w(discussion suggestion) - end - - def positive_labels - %w(feature enhancement) - end - def generate(project) - labels = important_labels + warning_labels + neutral_labels + positive_labels + red = '#d9534f' + yellow = '#f0ad4e' + blue = '#428bca' + green = '#5cb85c' + + labels = [ + { title: "bug", color: red }, + { title: "critical", color: red }, + { title: "confirmed", color: red }, + { title: "documentation", color: yellow }, + { title: "support", color: yellow }, + { title: "discussion", color: blue }, + { title: "suggestion", color: blue }, + { title: "feature", color: green }, + { title: "enhancement", color: green } + ] - project.issues_default_label_list = labels - project.save + labels.each do |label| + project.labels.create(label) + end end end end diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb index 4e48ff11871..62709a12942 100644 --- a/lib/gitlab/ldap/access.rb +++ b/lib/gitlab/ldap/access.rb @@ -9,6 +9,19 @@ module Gitlab end end + def self.allowed?(user) + self.open do |access| + if access.allowed?(user) + # GitLab EE LDAP code goes here + user.last_credential_check_at = Time.now + user.save + true + else + false + end + end + end + def initialize(adapter=nil) @adapter = adapter end diff --git a/lib/gitlab/markdown_helper.rb b/lib/gitlab/markdown_helper.rb new file mode 100644 index 00000000000..abed12fe570 --- /dev/null +++ b/lib/gitlab/markdown_helper.rb @@ -0,0 +1,25 @@ +module Gitlab + module MarkdownHelper + module_function + + # Public: Determines if a given filename is compatible with GitHub::Markup. + # + # filename - Filename string to check + # + # Returns boolean + def markup?(filename) + filename.downcase.end_with?(*%w(.textile .rdoc .org .creole .wiki + .mediawiki .rst .adoc .asciidoc .asc)) + end + + # Public: Determines if a given filename is compatible with + # GitLab-flavored Markdown. + # + # filename - Filename string to check + # + # Returns boolean + def gitlab_markdown?(filename) + filename.downcase.end_with?(*%w(.mdown .md .markdown)) + end + end +end diff --git a/lib/gitlab/oauth/user.rb b/lib/gitlab/oauth/user.rb index 94d59180e15..0056eb3a28b 100644 --- a/lib/gitlab/oauth/user.rb +++ b/lib/gitlab/oauth/user.rb @@ -67,7 +67,9 @@ module Gitlab end def uid - auth.info.uid || auth.uid + uid = auth.info.uid || auth.uid + uid = uid.to_s unless uid.nil? + uid end def email diff --git a/lib/gitlab/satellite/action.rb b/lib/gitlab/satellite/action.rb index 5ea6f956765..be45cb5c98e 100644 --- a/lib/gitlab/satellite/action.rb +++ b/lib/gitlab/satellite/action.rb @@ -1,7 +1,7 @@ module Gitlab module Satellite class Action - DEFAULT_OPTIONS = { git_timeout: 30.seconds } + DEFAULT_OPTIONS = { git_timeout: Gitlab.config.satellites.timeout.seconds } attr_accessor :options, :project, :user diff --git a/lib/gitlab/satellite/compare_action.rb b/lib/gitlab/satellite/compare_action.rb index 9c9e69e3515..46c98a8f4ca 100644 --- a/lib/gitlab/satellite/compare_action.rb +++ b/lib/gitlab/satellite/compare_action.rb @@ -10,34 +10,16 @@ module Gitlab @source_project, @source_branch = source_project, source_branch end - # Only show what is new in the source branch compared to the target branch, not the other way around. - # The line below with merge_base is equivalent to diff with three dots (git diff branch1...branch2) - # From the git documentation: "git diff A...B" is equivalent to "git diff $(git-merge-base A B) B" - def diffs + # Compare 2 repositories and return Gitlab::CompareResult object + def result in_locked_and_timed_satellite do |target_repo| prepare_satellite!(target_repo) update_satellite_source_and_target!(target_repo) - common_commit = target_repo.git.native(:merge_base, default_options, ["origin/#{@target_branch}", "source/#{@source_branch}"]).strip - #this method doesn't take default options - diffs = target_repo.diff(common_commit, "source/#{@source_branch}") - diffs = diffs.map { |diff| Gitlab::Git::Diff.new(diff) } - diffs - end - rescue Grit::Git::CommandFailed => ex - raise BranchesWithoutParent - end - # Retrieve an array of commits between the source and the target - def commits - in_locked_and_timed_satellite do |target_repo| - prepare_satellite!(target_repo) - update_satellite_source_and_target!(target_repo) - commits = target_repo.commits_between("origin/#{@target_branch}", "source/#{@source_branch}") - commits = commits.map { |commit| Gitlab::Git::Commit.new(commit, nil) } - commits + Gitlab::CompareResult.new(compare(target_repo)) end rescue Grit::Git::CommandFailed => ex - handle_exception(ex) + raise BranchesWithoutParent end private @@ -46,10 +28,17 @@ module Gitlab def update_satellite_source_and_target!(target_repo) target_repo.remote_add('source', @source_project.repository.path_to_repo) target_repo.remote_fetch('source') - target_repo.git.checkout(default_options({b: true}), @target_branch, "origin/#{@target_branch}") rescue Grit::Git::CommandFailed => ex handle_exception(ex) end + + def compare(repo) + @compare ||= Gitlab::Git::Compare.new( + Gitlab::Git::Repository.new(repo.path), + "origin/#{@target_branch}", + "source/#{@source_branch}" + ) + end end end end diff --git a/lib/gitlab/satellite/merge_action.rb b/lib/gitlab/satellite/merge_action.rb index 6c32dfb3ad9..7c9b2294647 100644 --- a/lib/gitlab/satellite/merge_action.rb +++ b/lib/gitlab/satellite/merge_action.rb @@ -45,27 +45,30 @@ module Gitlab handle_exception(ex) end - # Get a raw diff of the source to the target def diff_in_satellite in_locked_and_timed_satellite do |merge_repo| prepare_satellite!(merge_repo) update_satellite_source_and_target!(merge_repo) - diff = merge_repo.git.native(:diff, default_options, "origin/#{merge_request.target_branch}", "source/#{merge_request.source_branch}") + + # Only show what is new in the source branch compared to the target branch, not the other way around. + # The line below with merge_base is equivalent to diff with three dots (git diff branch1...branch2) + # From the git documentation: "git diff A...B" is equivalent to "git diff $(git-merge-base A B) B" + common_commit = merge_repo.git.native(:merge_base, default_options, ["origin/#{merge_request.target_branch}", "source/#{merge_request.source_branch}"]).strip + merge_repo.git.native(:diff, default_options, common_commit, "source/#{merge_request.source_branch}") end rescue Grit::Git::CommandFailed => ex handle_exception(ex) end - # Only show what is new in the source branch compared to the target branch, not the other way around. - # The line below with merge_base is equivalent to diff with three dots (git diff branch1...branch2) - # From the git documentation: "git diff A...B" is equivalent to "git diff $(git-merge-base A B) B" def diffs_between_satellite in_locked_and_timed_satellite do |merge_repo| prepare_satellite!(merge_repo) update_satellite_source_and_target!(merge_repo) if merge_request.for_fork? + # Only show what is new in the source branch compared to the target branch, not the other way around. + # The line below with merge_base is equivalent to diff with three dots (git diff branch1...branch2) + # From the git documentation: "git diff A...B" is equivalent to "git diff $(git-merge-base A B) B" common_commit = merge_repo.git.native(:merge_base, default_options, ["origin/#{merge_request.target_branch}", "source/#{merge_request.source_branch}"]).strip - #this method doesn't take default options diffs = merge_repo.diff(common_commit, "source/#{merge_request.source_branch}") else raise "Attempt to determine diffs between for a non forked merge request in satellite MergeRequest.id:[#{merge_request.id}]" diff --git a/lib/gitlab/sidekiq_middleware/arguments_logger.rb b/lib/gitlab/sidekiq_middleware/arguments_logger.rb new file mode 100644 index 00000000000..7813091ec7b --- /dev/null +++ b/lib/gitlab/sidekiq_middleware/arguments_logger.rb @@ -0,0 +1,10 @@ +module Gitlab + module SidekiqMiddleware + class ArgumentsLogger + def call(worker, job, queue) + Sidekiq.logger.info "arguments: #{job['args']}" + yield + end + end + end +end diff --git a/lib/gitlab/theme.rb b/lib/gitlab/theme.rb index 44237a062fc..b7c50cb734d 100644 --- a/lib/gitlab/theme.rb +++ b/lib/gitlab/theme.rb @@ -1,10 +1,10 @@ module Gitlab class Theme - BASIC = 1 - MARS = 2 - MODERN = 3 - GRAY = 4 - COLOR = 5 + BASIC = 1 unless const_defined?(:BASIC) + MARS = 2 unless const_defined?(:MARS) + MODERN = 3 unless const_defined?(:MODERN) + GRAY = 4 unless const_defined?(:GRAY) + COLOR = 5 unless const_defined?(:COLOR) def self.css_class_by_id(id) themes = { diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb index 16df21b49ba..4885baf9526 100644 --- a/lib/gitlab/user_access.rb +++ b/lib/gitlab/user_access.rb @@ -3,13 +3,8 @@ module Gitlab def self.allowed?(user) return false if user.blocked? - if Gitlab.config.ldap.enabled - if user.ldap_user? - # Check if LDAP user exists and match LDAP user_filter - Gitlab::LDAP::Access.open do |adapter| - return false unless adapter.allowed?(user) - end - end + if user.requires_ldap_check? + return false unless Gitlab::LDAP::Access.allowed?(user) end true diff --git a/lib/gitlab/visibility_level.rb b/lib/gitlab/visibility_level.rb index eada9bcddf5..ea1319268f8 100644 --- a/lib/gitlab/visibility_level.rb +++ b/lib/gitlab/visibility_level.rb @@ -5,9 +5,9 @@ # module Gitlab module VisibilityLevel - PRIVATE = 0 - INTERNAL = 10 - PUBLIC = 20 + PRIVATE = 0 unless const_defined?(:PRIVATE) + INTERNAL = 10 unless const_defined?(:INTERNAL) + PUBLIC = 20 unless const_defined?(:PUBLIC) class << self def values @@ -21,7 +21,7 @@ module Gitlab 'Public' => PUBLIC } end - + def allowed_for?(user, level) user.is_admin? || !Gitlab.config.gitlab.restricted_visibility_levels.include?(level) end diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index 36306eeb3a6..49306fb63da 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -20,9 +20,9 @@ upstream gitlab { } server { - listen *:80 default_server; # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea - server_name YOUR_SERVER_FQDN; # e.g., server_name source.example.com; - server_tokens off; # don't show the version number, a security best practice + listen *:80 default_server; + server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com + server_tokens off; ## Don't show the nginx version number, a security best practice root /home/git/gitlab/public; # Increase this if you want to upload large attachments diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index 22e923b377c..54a4a080a9f 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -3,33 +3,11 @@ ## ## Modified from nginx http version ## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/ +## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ## -## Lines starting with two hashes (##) are comments containing information -## for configuration. One hash (#) comments are actual configuration parameters -## which you can comment/uncomment to your liking. -## -################################### -## SSL configuration ## -################################### -## -## Optimal configuration is taken from: -## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html -## Make sure to read it and understand what each option does. -## -## [Optional] Generate a self-signed ssl certificate: -## mkdir /etc/nginx/ssl/ -## cd /etc/nginx/ssl/ -## sudo openssl req -newkey rsa:2048 -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key -## sudo chmod o-r gitlab.key -## -## Edit `gitlab-shell/config.yml`: -## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` -## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` -## 3) Set "self_signed_cert" to `true` -## Edit `gitlab/config/gitlab.yml`: -## 1) Define port for http "port: 443" -## 2) Enable https "https: true" -## 3) Update ssl for gravatar "ssl_url: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" +## Lines starting with two hashes (##) are comments with information. +## Lines starting with one hash (#) are configuration parameters. +## The last category can be commented/uncommented to your liking. ## ################################## ## CHUNKED TRANSFER ## @@ -48,33 +26,41 @@ ## [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99 ## [1] https://github.com/agentzh/chunkin-nginx-module#status ## [2] https://github.com/agentzh/chunkin-nginx-module - +## +################################### +## SSL file editing ## +################################### +## +## Edit `gitlab-shell/config.yml`: +## 1) Set "gitlab_url" param in `gitlab-shell/config.yml` to `https://git.example.com` +## 2) Set "ca_file" to `/etc/nginx/ssl/gitlab.crt` +## 3) Set "self_signed_cert" to `true` +## Edit `gitlab/config/gitlab.yml`: +## 1) Define port for http "port: 443" +## 2) Enable https "https: true" +## 3) Update ssl for gravatar "ssl_url: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" +## +################################### +## SSL configuration ## +################################### +## upstream gitlab { - - ## Uncomment if you have set up unicorn to listen on a unix socket (recommended). server unix:/home/git/gitlab/tmp/sockets/gitlab.socket; - - ## Uncomment if unicorn is configured to listen on a tcp port. - ## Check the port number in /home/git/gitlab/config/unicorn.rb - # server 127.0.0.1:8080; } ## This is a normal HTTP host which redirects all traffic to the HTTPS host. server { - listen *:80; - ## Replace git.example.com with your FQDN. - server_name git.example.com; - server_tokens off; - ## root doesn't have to be a valid path since we are redirecting - root /nowhere; + listen *:80 default_server; + server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com + server_tokens off; ## Don't show the nginx version number, a security best practice + root /nowhere; ## root doesn't have to be a valid path since we are redirecting rewrite ^ https://$server_name$request_uri permanent; } server { listen 443 ssl; - ## Replace git.example.com with your FQDN. - server_name git.example.com; + server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com server_tokens off; root /home/git/gitlab/public; @@ -93,22 +79,7 @@ server { ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache builtin:1000 shared:SSL:10m; - ## Enable OCSP stapling to reduce the overhead and latency of running SSL. - ## Replace with your ssl_trusted_certificate. For more info see: - ## - https://medium.com/devops-programming/4445f4862461 - ## - https://www.ruby-forum.com/topic/4419319 - ssl_stapling on; - ssl_stapling_verify on; - ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; - resolver 208.67.222.222 208.67.222.220 valid=300s; - resolver_timeout 10s; - ssl_prefer_server_ciphers on; - ## [Optional] Generate a stronger DHE parameter (recommended): - ## cd /etc/ssl/certs - ## openssl dhparam -out dhparam.pem 2048 - ## - # ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security max-age=63072000; add_header X-Frame-Options DENY; diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake index 28fc56591cb..032ed5ee370 100644 --- a/lib/tasks/gitlab/check.rake +++ b/lib/tasks/gitlab/check.rake @@ -27,6 +27,7 @@ namespace :gitlab do check_projects_have_namespace check_satellites_exist check_redis_version + check_ruby_version check_git_version finished_checking "GitLab" @@ -317,7 +318,8 @@ namespace :gitlab do options = { "user.name" => "GitLab", - "user.email" => Gitlab.config.gitlab.email_from + "user.email" => Gitlab.config.gitlab.email_from, + "core.autocrlf" => "input" } correct_options = options.map do |name, value| run(%W(git config --global --get #{name})).try(:squish) == value @@ -329,7 +331,8 @@ namespace :gitlab do puts "no".red try_fixing_it( sudo_gitlab("git config --global user.name \"#{options["user.name"]}\""), - sudo_gitlab("git config --global user.email \"#{options["user.email"]}\"") + sudo_gitlab("git config --global user.email \"#{options["user.email"]}\""), + sudo_gitlab("git config --global core.autocrlf \"#{options["core.autocrlf"]}\"") ) for_more_information( see_installation_guide_section "GitLab" @@ -816,6 +819,23 @@ namespace :gitlab do end end + def check_ruby_version + required_version = Gitlab::VersionInfo.new(2, 0, 0) + current_version = Gitlab::VersionInfo.parse(run(%W(ruby --version))) + + print "Ruby version >= #{required_version} ? ... " + + if current_version.valid? && required_version <= current_version + puts "yes (#{current_version})".green + else + puts "no".red + try_fixing_it( + "Update your ruby to a version >= #{required_version} from #{current_version}" + ) + fix_and_rerun + end + end + def check_git_version required_version = Gitlab::VersionInfo.new(1, 7, 10) current_version = Gitlab::VersionInfo.parse(run(%W(#{Gitlab.config.git.bin_path} --version))) diff --git a/lib/tasks/gitlab/shell.rake b/lib/tasks/gitlab/shell.rake index dfc90bb3339..ff27e6a3066 100644 --- a/lib/tasks/gitlab/shell.rake +++ b/lib/tasks/gitlab/shell.rake @@ -4,7 +4,8 @@ namespace :gitlab do task :install, [:tag, :repo] => :environment do |t, args| warn_user_is_not_gitlab - args.with_defaults(tag: "v1.9.3", repo: "https://gitlab.com/gitlab-org/gitlab-shell.git") + default_version = File.read(File.join(Rails.root, "GITLAB_SHELL_VERSION")).strip + args.with_defaults(tag: 'v' + default_version, repo: "https://gitlab.com/gitlab-org/gitlab-shell.git") user = Settings.gitlab.user home_dir = Settings.gitlab.user_home |