Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gitlab-shell: 8.3.3->8.4.1, fix hardcoded paths #49385

Merged
merged 2 commits into from Nov 29, 2018
Merged

gitlab-shell: 8.3.3->8.4.1, fix hardcoded paths #49385

merged 2 commits into from Nov 29, 2018

Conversation

krav
Copy link
Contributor

@krav krav commented Oct 29, 2018

Motivation for this change

This upgrades gitlab-shell to be current with gitlab.

In addition it fixes paths in the generated authorized_keys file, which hardcoded paths to the running gitlab-shell and broke upgrades.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • [x]Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@globin
Copy link
Member

globin commented Oct 29, 2018

Per GITLAB_SHELL_VERSION in the latest gitlab releases it should be 8.3.3

@krav
Copy link
Contributor Author

krav commented Oct 30, 2018
edited

Per GITLAB_SHELL_VERSION in the latest gitlab releases it should be 8.3.3

Oops, seems I accidentally looked at the master branch. Should I change this PR to include only the patch? Or just let it sit here until the next release the 22.?

GitLab will break for existing users after upgrading and garbage collecting, since /var/gitlab/state/home/.ssh/authorized_keys is not regenerated. Is there a place to inform users of this, or should we fix it for them with ExecStarPre= in the unit? Not a big fan of the latter, because it's not clear how long such a thing should persist.

Mic92
Mic92 reviewed Oct 30, 2018
View reviewed changes
pkgs/applications/version-management/gitlab-shell/remove-hardcoded-locations.patch Outdated

def self.command(whatever)
- "#{ROOT_PATH}/bin/gitlab-shell #{whatever}"
+ "/var/run/current-system/sw/bin/gitlab-shell #{whatever}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should also point to /run/

Mic92
Mic92 reviewed Oct 30, 2018
View reviewed changes
pkgs/applications/version-management/gitlab-shell/remove-hardcoded-locations.patch Outdated
end
func NewFromDir(dir string) (*Config, error) {
- return newFromFile(path.Join(dir, configFile))
+ return newFromFile("/run/gitlab/shell-config.yml")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is dir usually?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

os.Getwd(), which I assume is the gitlab homedir, /var/gitlab/state/home. Note that this part of the patch is already included in nixpkgs.

@globin
Copy link
Member

globin commented Oct 30, 2018

Please only include the patch, it's easy enough to bump gitlab shell when updating the rest

@flokli
Copy link
Contributor

flokli commented Nov 3, 2018

@krav GitLab was bumped to 11.4.4, but gitlab-shell should still be 8.3.3.

So as @globin said, please remove the bump to 8.4.1 for now.

@flokli flokli mentioned this pull request Nov 3, 2018
Merged
9 tasks
@krav krav force-pushed the gitlab-shell-authorized-keys branch 4 times, most recently from 1d9fe15 to d5596ea Compare November 8, 2018 12:12
@flokli
Copy link
Contributor

flokli commented Nov 8, 2018

@globin can you verify this works, and we probably can strip

        # The gitlab:shell:setup regenerates the authorized_keys file so that
        # the store path to the gitlab-shell in it gets updated
        ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup

from nixos/modules/services/misc/gitlab.nix too?

@flokli
Copy link
Contributor

flokli commented Nov 27, 2018

@krav Is there anything missing from here, after #50962 being merged? Can you rebase this on top of master?

@flokli flokli mentioned this pull request Nov 27, 2018
Merged
10 tasks
@krav krav force-pushed the gitlab-shell-authorized-keys branch from 553b3cc to 7101820 Compare November 28, 2018 14:06
@krav
Copy link
Contributor Author

krav commented Nov 28, 2018

@flokli Done. I don't think there's anything missing, this is a reasonably simple change.

@flokli flokli force-pushed the gitlab-shell-authorized-keys branch from 7101820 to 62e5de4 Compare November 28, 2018 17:28
@flokli
Copy link
Contributor

flokli commented Nov 28, 2018

I squashed together the two commits changing remove-hardcoded-locations.patch, so it's more understandable that there's only a chunk patching lib/gitlab_keys.rb added.

@krav krav requested a review from infinisil as a code owner November 28, 2018 18:17
@flokli
Copy link
Contributor

flokli commented Nov 28, 2018

@krav I stripped the authorized_keys file regeneration on each gitlab startup, and added a note about that to the changelog. I'm thinking about simply not backporting 658c865 to 18.09, so for 19.03 everybody will most likely already have a authorized_keys file that's using /var/run/current-system/sw/bin/gitlab-shell command :-)

@krav
Copy link
Contributor Author

krav commented Nov 28, 2018

@flokli I have to admit I wasn't aware of the rake task. It's a recent addition to the module, it seems @WilliButz and I were solving the same problem. Not backporting 658c865 sounds sensible. I've looked through the relevant gitlab rake code, and it seems to fork() into gitlab-shell to regenerate the keys, so with this patch everyone should get /run/current-system/ on restart.

@flokli flokli force-pushed the gitlab-shell-authorized-keys branch from 658c865 to a93fbdf Compare November 28, 2018 21:21
@flokli
Copy link
Contributor

flokli commented Nov 28, 2018

@infinisil good to merge?

@flokli flokli force-pushed the gitlab-shell-authorized-keys branch from a93fbdf to 3caeeab Compare November 28, 2018 22:10
@flokli
Copy link
Contributor

flokli commented Nov 28, 2018

Squashed together be77bbd and 62e5de4 into a3ec5dc for easier backporting into #51072

@flokli flokli merged commit 4376222 into NixOS:master Nov 29, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 left review comments

@infinisil infinisil Awaiting requested review from infinisil

Assignees
No one assigned
Labels
6.topic: nixos 8.has: changelog 8.has: documentation 8.has: module (update) 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@krav @globin @flokli @Mic92 @GrahamcOfBorg