Commit ab39d1ac authored by Kevin Daudt's avatar Kevin Daudt 💻
Browse files

gitlab: copy shell before setup

Gitlab checks the gitlab-shell version by looking at the VERSION file
that's present in the gitlab-shell directory. But because we copied
gitlab-shell only after installing gitlab in the image, gitlab could not
determine the version and would always show a warning that the version
is unknown.

Because the gitlab-shell directory contains a dangling
.gitlab-shell-secret symlink, gitlab fails during setup because it sees
that the size of the file is 0 and tries to write a new secret into it,
but fails because the file (symlink) exists.

Write a bogus secret in the location that the secrets file points to so
that gitlab skips generating the secret, as gitlab-shell already takes
care of that in the entrypoint.
parent 1cf0dd71
......@@ -7,13 +7,12 @@ ARG GITLAB_VERSION
ENV GITLAB_VERSION=$GITLAB_VERSION
COPY overlay /
COPY --from=gitlab-shell /home/git/gitlab-shell /home/git/gitlab-shell
RUN setup.sh
EXPOSE 80
COPY --from=gitlab-shell /home/git/gitlab-shell /home/git/gitlab-shell
ENTRYPOINT [ "entrypoint.sh" ]
CMD [ "start" ]
......@@ -19,6 +19,7 @@ setup_image() {
ln -s /etc/gitlab/gitlab-shell/config.yml /home/git/gitlab-shell/config.yml
ln -s /etc/gitlab/gitlab-shell/secret/gitlab_shell_secret /home/git/gitlab-shell/.gitlab_shell_secret
echo 'changeme' >/etc/gitlab/gitlab-shell/secret/gitlab_shell_secret
chown -R git:git /home/git/
}
......
......@@ -4,9 +4,9 @@
set -eu -o pipefail
generate_gitlab_secret() {
if ! [ -f /etc/gitlab-shell/secret/gitlab_shell_secret ]; then
dd status=none if=/dev/urandom bs=1 count=256 |
sha512sum |
secret_file=/etc/gitlab-shell/secret/gitlab_shell_secret
if ! [ -f $secret_file ] || [ "$(cat "$secret_file")" = "changeme" ]; then
head -c 256 /dev/urandom | sha512sum |
cut -d' ' -f1 >/etc/gitlab/gitlab-shell/secret/gitlab_shell_secret
fi
}
......
......@@ -110,6 +110,11 @@ for config in gitlab.yml.example database.yml.postgresql; do
ln -sf $config "$gitlab_location"/config/${config%.*}
done
# This needs to exist, otherwise gitlab will fail by trying to write to
# a symlink.
install -dm0755 /etc/gitlab/gitlab-shell/secret
echo 'changeme' >/etc/gitlab/gitlab-shell/secret/gitlab_shell_secret
# https://github.com/protocolbuffers/protobuf/pull/6848
if [ -n "$PROTOBUF_VERSION" ]; then
echo "Building local protobuf version: $PROTOBUF_VERSION"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment