summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2013-10-03 20:08:39 +0200
committermh <mh@immerda.ch>2013-10-03 20:08:39 +0200
commit820af303fee28441cfd0d20f6d03f21677f932f4 (patch)
treed0eca2df5b832fcc1bef48c36cd6a94880ebce9d
init of repo
-rw-r--r--SOURCES/gitlab.fc1
-rw-r--r--SOURCES/gitlab.httpd27
-rwxr-xr-xSOURCES/gitlab.init102
-rw-r--r--SOURCES/gitlab.te17
-rw-r--r--SPECS/gitlab.spec268
5 files changed, 415 insertions, 0 deletions
diff --git a/SOURCES/gitlab.fc b/SOURCES/gitlab.fc
new file mode 100644
index 0000000..caf27c4
--- /dev/null
+++ b/SOURCES/gitlab.fc
@@ -0,0 +1 @@
+/var/www/gitlab/.ssh(/.*)? -- gen_context(system_u:object_r:ssh_home_t,s0)
diff --git a/SOURCES/gitlab.httpd b/SOURCES/gitlab.httpd
new file mode 100644
index 0000000..a0ecc4d
--- /dev/null
+++ b/SOURCES/gitlab.httpd
@@ -0,0 +1,27 @@
+# This site only works with mod_passenger 4.0x (use RVM or similar)
+#
+# In order for gitlab (5.2) to run with mod_passenger you only need to
+# make sure that, sidekiq is running (see upstart script in init folder).
+# mod_passenger will start gitlab more or less automatically.
+#
+# Documentation of mod_passenger:
+# See: http://www.modrails.com/documentation/Users%20guide%20Apache.html
+
+NameVirtualHost *:443
+
+# Change to 80 if you want to access the site over HTTP
+<VirtualHost *:443>
+ ServerAdmin root@localhost
+
+ ServerName gitlab
+ # Mod_passenger needs to access the path
+ DocumentRoot /var/www/gitlab/gitlab/public
+ <Directory /var/www/gitlab/gitlab/public >
+ Allow from all
+ Options -MultiViews
+ </Directory>
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+ SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+</VirtualHost>
diff --git a/SOURCES/gitlab.init b/SOURCES/gitlab.init
new file mode 100755
index 0000000..a000af5
--- /dev/null
+++ b/SOURCES/gitlab.init
@@ -0,0 +1,102 @@
+#!/bin/bash
+#
+# GitLab
+# Contributors : @elvanja, @troyanov, @eiyaya, @foyo23, @nielsbasjes, @relip, @JasonMing, @andronat, @axilleas
+# App Version : 6.x
+
+# chkconfig: 2345 82 55
+# processname: sidekiq
+# description: Runs sidekiq for nginx integration.
+
+# Related (kudos @4sak3n0ne):
+# https://github.com/gitlabhq/gitlabhq/issues/1049#issuecomment-8386882
+# https://gist.github.com/3062860
+
+# Save original $PATH
+# /etc/rc.d/init.d/functions resets $PATH to default(/sbin:/usr/sbin:/bin:/usr/bin).
+# Consequently, rvm and compiled ruby with custom path (which isn't /usr/bin) cannot be executed.
+ORIGINAL_PATH=$PATH
+
+# Include RedHat function library
+. /etc/rc.d/init.d/functions
+
+# Restore original $PATH
+PATH=$ORIGINAL_PATH
+
+# The name of the service
+NAME=git
+
+# The username and path to the gitlab source
+USER=git
+APP_PATH=/var/www/gitlab/gitlab
+
+# The PID and LOCK files used by unicorn and sidekiq
+SPID=$APP_PATH/tmp/pids/sidekiq.pid
+SLOCK=/var/lock/subsys/sidekiq
+
+# Ruby related path update
+export PATH="/opt/ruby-1.9.3/bin:$PATH"
+
+start() {
+ cd $APP_PATH
+
+ # Start sidekiq
+ echo -n $"Starting sidekiq: "
+ daemon --pidfile=$SPID --user=$USER "RAILS_ENV=production bundle exec rake sidekiq:start"
+ sidekiq=$?
+ [ $sidekiq -eq 0 ] && touch $SLOCK
+ echo
+
+ return $sidekiq
+}
+
+stop() {
+ cd $APP_PATH
+
+ # Stop sidekiq
+ echo -n $"Stopping sidekiq: "
+ killproc -p $SPID
+ sidekiq=$?
+ [ $sidekiq -eq 0 ] && rm -f $SLOCK
+ echo
+
+ return $sidekiq
+}
+
+restart() {
+ stop
+ start
+}
+
+get_status() {
+ status -p $SPID sidekiq
+}
+
+query_status() {
+ get_status >/dev/null 2>&1
+}
+
+case "$1" in
+ start)
+ query_status && exit 0
+ start
+ ;;
+ stop)
+ query_status || exit 0
+ stop
+ ;;
+ restart)
+ restart
+ ;;
+ status)
+ get_status
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|restart|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
diff --git a/SOURCES/gitlab.te b/SOURCES/gitlab.te
new file mode 100644
index 0000000..dcc2c23
--- /dev/null
+++ b/SOURCES/gitlab.te
@@ -0,0 +1,17 @@
+module gitlab 1.0;
+
+require {
+ type httpd_t;
+ type postfix_pickup_t;
+ type semanage_t;
+ type httpd_sys_script_t;
+ class process signull;
+ class file { read open };
+}
+
+#============= httpd_t ==============
+allow httpd_t httpd_sys_script_t:file { read open };
+allow httpd_t httpd_sys_script_t:process signull;
+allow httpd_t postfix_pickup_t:file open;
+allow httpd_t semanage_t:file { read open };
+
diff --git a/SPECS/gitlab.spec b/SPECS/gitlab.spec
new file mode 100644
index 0000000..395f85f
--- /dev/null
+++ b/SPECS/gitlab.spec
@@ -0,0 +1,268 @@
+### application settings
+# add your specific settings here
+
+%define app_name gitlab
+%define app_version 6.1.0
+%define gitlabshell_version 1.7.1
+%define ruby_version 1.9.3
+
+# which bundle envs should not go into production?
+%define bundle_without_groups 'development test postgres puma aws unicorn'
+
+# directories to exclude in rpm - relative to Rails.root
+%define exclude_dirs 'doc spec features test vendor/cache log tmp db/*.sqlite'
+
+%define use_mysql 1
+
+### end of application settings
+### settings that should not be changed
+
+%define wwwdir /var/www/%{name}
+%define ruby_bindir /opt/ruby-%{ruby_version}/bin
+%define ruby_bin %{ruby_bindir}/ruby
+%define bundle_cmd RAILS_ENV=production %{ruby_bindir}/bundle
+%define git_user git
+
+##### start of the specfile
+Name: %{app_name}
+Version: %{app_version}
+Release: 1%{?dist}
+Summary: This is a rails application
+
+Group: Applications/Web
+License: NonPublic
+URL: https://www.gitlabhq.net
+#Source0: %{name}-%{version}.tar.gz
+Source0: %{name}.init
+Source1: %{name}.httpd
+Source10: gitlab.te
+Source11: gitlab.fc
+
+BuildRequires: opt-ruby-%{ruby_version}-rubygem-bundler
+BuildRequires: libxml2-devel
+BuildRequires: libxslt-devel
+BuildRequires: libicu-devel
+BuildRequires: mysql-devel
+BuildRequires: git
+BuildRequires: checkpolicy, selinux-policy-devel, /usr/share/selinux/devel/policyhelp
+Requires: logrotate
+Requires: mysql-server
+Requires: redis
+Requires: git
+Requires: httpd
+Requires: mod_ssl
+Requires: opt-ruby-%{ruby_version}
+Requires: opt-ruby-%{ruby_version}-mod_passenger
+Requires: opt-ruby-%{ruby_version}-rubygem-bundler
+%{!?_selinux_policy_version: %global _selinux_policy_version %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp 2>/dev/null)}
+%if "%{_selinux_policy_version}" != ""
+Requires: selinux-policy >= %{_selinux_policy_version}
+%endif
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un)
+
+%global selinux_types %(%{__awk} '/^#[[:space:]]*SELINUXTYPE=/,/^[^#]/ { if ($3 == "-") printf "%s ", $2 }' /etc/selinux/config 2>/dev/null)
+%global selinux_variants %([ -z "%{selinux_types}" ] && echo mls targeted || echo %{selinux_types})
+
+%description
+
+This is gitlab
+
+%pre
+# Run before the package is installed.
+# Creates the user and group which will be used to run the
+# application.
+getent group %{git_user} > /dev/null || groupadd -r %{git_user}
+getent passwd %{git_user} > /dev/null || \
+ useradd -m -g %{git_user} -d %{wwwdir} -s /bin/bash \
+ -c "Rails Application %{name}" %{git_user}
+getent group %{git_user} | grep -q apache || usermod -a -G %{git_user} apache
+
+test -d %{wwwdir} || mkdir -p %{wwwdir}
+chown %{git_user}.%{git_user} %{wwwdir}
+chmod 0750 %{wwwdir}
+exit 0
+
+
+%prep
+# prepare the source to install it during the package building
+# process.
+#%setup -c -q -n %{name}-%{version}
+%setup -c -q -T -n %{name}-%{version}
+git clone https://github.com/gitlabhq/gitlabhq.git gitlab
+pushd gitlab
+ git checkout -brelease_v%{app_version} v%{app_version}
+popd
+git clone https://github.com/gitlabhq/gitlab-shell.git
+pushd gitlab-shell
+ git checkout -brelease_v%{gitlabshell_version} v%{gitlabshell_version}
+popd
+cp -p %{SOURCE0} %{name}.init
+cp -p %{SOURCE1} %{name}.httpd
+
+mkdir SELinux
+cp -p %{SOURCE10} %{SOURCE11} SELinux
+
+%build
+# build/compile any code
+# this can be left empty as for most rails applications we won't build
+# any code.
+
+cd SELinux
+for selinuxvariant in %{selinux_variants}
+do
+ make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
+ mv gitlab.pp gitlab.pp.${selinuxvariant}
+ make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
+done
+cd -
+
+%install
+# Install the application code into the build root directory. This directory
+# structure will be packaged into the package.
+rm -rf $RPM_BUILD_ROOT
+
+install -Dp -m0755 %{name}.init $RPM_BUILD_ROOT/%{_initddir}/%{name}
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/
+install -Dp -m0755 %{name}.httpd $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/%{name}.conf
+
+mkdir $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
+echo "# Rotate rails logs for %{name}
+# Created by %{name}.rpm
+%{wwwdir}/%{name}/%{name}/log/*.log %{wwwdir}/gitlab-shell/gitlab-shell.log {
+ daily
+ missingok
+ rotate 7
+ compress
+ delaycompress
+ notifempty
+ copytruncate
+}
+" > $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name}
+
+for selinuxvariant in %{selinux_variants}
+do
+ install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
+ install -p -m 644 SELinux/gitlab.pp.${selinuxvariant} \
+ %{buildroot}%{_datadir}/selinux/${selinuxvariant}/gitlab.pp
+done
+
+# we do not want to ship .git
+#rm -rf gitlab*/.git
+
+pushd gitlab
+
+export PATH=%{ruby_bindir}:$PATH
+([ ! -f ~/.gemrc ] || grep -q no-ri ~/.gemrc) || echo "gem: --no-ri --no-rdoc" >> ~/.gemrc
+%{bundle_cmd} install --deployment --without %{bundle_without_groups}
+
+
+# remove unnecessary files
+for dir in %{exclude_dirs}; do
+ [ -e $dir ] && rm -rf $dir
+done
+#stupid automatic shebang finder
+rm vendor/bundle/ruby/1.9.1/gems/pygments.rb-0.4.2/vendor/pygments-main/external/lasso-builtins-generator-9.lasso
+# fix wrong permisions
+chmod -R g+rX vendor/bundle/ruby/1.9.1/gems/underscore-rails-1.4.4/
+
+popd
+
+chmod -R o-rwx .
+
+install -p -d -m0750 $RPM_BUILD_ROOT/%{wwwdir}/%{name}
+install -p -d -m0700 $RPM_BUILD_ROOT/%{wwwdir}/.ssh
+install -p -d -m0750 $RPM_BUILD_ROOT/%{wwwdir}/repositories
+install -p -d -m0750 $RPM_BUILD_ROOT/%{wwwdir}/gitlab-satellites
+install -p -d -m0770 $RPM_BUILD_ROOT/%{wwwdir}/%{name}/log
+install -p -d -m0770 $RPM_BUILD_ROOT/%{wwwdir}/%{name}/tmp
+install -p -d -m0770 $RPM_BUILD_ROOT/%{wwwdir}/%{name}/tmp/cache
+install -p -d -m0770 $RPM_BUILD_ROOT/%{wwwdir}/%{name}/tmp/pids
+install -p -d -m0770 $RPM_BUILD_ROOT/%{wwwdir}/%{name}/tmp/sockets
+install -p -d -m0770 $RPM_BUILD_ROOT/%{wwwdir}/%{name}/public/uploads
+
+cp -p -r gitlab-shell $RPM_BUILD_ROOT/%{wwwdir}/
+cp -p -r gitlab/* $RPM_BUILD_ROOT/%{wwwdir}/%{name}/
+cp -p -r gitlab/{.bundle,.git*} $RPM_BUILD_ROOT/%{wwwdir}/%{name}/
+touch $RPM_BUILD_ROOT/%{wwwdir}/.ssh/authorized_keys
+touch $RPM_BUILD_ROOT/%{wwwdir}/gitlab-shell/gitlab-shell.log
+
+# fix shebangs
+grep -sHE '^#!/usr/(local/)?bin/ruby' $RPM_BUILD_ROOT/%{wwwdir}/%{name}* -r | awk -F: '{ print $1 }' | uniq | while read line; do sed -i 's@^#\!/usr/\(local/\)\?bin/ruby@#\!%{ruby_bin}@' $line; done
+grep -sHE '^#!/usr/bin/env ruby' $RPM_BUILD_ROOT/%{wwwdir}/%{name}* -r | awk -F: '{ print $1 }' | uniq | while read line; do sed -i 's@^#\!/usr/bin/env ruby@#\!%{ruby_bin}@' $line; done
+grep -sHE '^#!/usr/bin/env rake' $RPM_BUILD_ROOT/%{wwwdir}/%{name}* -r | awk -F: '{ print $1 }' | uniq | while read line; do sed -i 's@^#\!/usr/bin/env rake@#\!%{ruby_bindir}/rake@' $line; done
+
+%post
+# Runs after the package got installed.
+# Configure here any services etc.
+
+touch %{wwwdir}/.bash_profile
+chown %{git_user}.%{git_user} %{wwwdir}/.bash_profile
+grep -q "%{ruby_version}/bin" %{wwwdir}/.bash_profile || echo "export PATH=%{ruby_bindir}:\$PATH" >> %{wwwdir}/.bash_profile
+grep -q RAILS_ENV %{wwwdir}/.bash_profile || echo "export RAILS_ENV=production" >> %{wwwdir}/.bash_profile
+grep -q 'bundle exec rails' %{wwwdir}/.bash_profile || echo "alias rails='bundle exec rails'" >> %{wwwdir}/.bash_profile
+
+test `su %{git_user} -c 'git config user.name' | wc -l` -gt 0 || su %{git_user} -c 'git config --global user.name "GitLab"'
+test `su %{git_user} -c 'git config user.email' | wc -l` -gt 0 || su %{git_user} -c 'git config --global user.email "gitlab@gitlab"'
+su %{git_user} -c 'git config --global core.autocrlf input'
+
+# generate random secret file
+test -f %{wwwdir}/%{name}/.secret || (echo -n `cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 128 | head -n 1` > %{wwwdir}/%{name}/.secret && chgrp %{git_user} %{wwwdir}/%{name}/.secret && chmod o-rwx %{wwwdir}/%{name}/.secret)
+
+# allow httpd to connect to redis
+getsebool httpd_can_network_connect | grep -qE 'on$' || setsebool -P httpd_can_network_connect on
+for selinuxvariant in %{selinux_variants}; do
+ /usr/sbin/semodule -s ${selinuxvariant} -i \
+ %{_datadir}/selinux/${selinuxvariant}/gitlab.pp &> /dev/null || :
+done
+/sbin/restorecon -R %{wwwdir}/.ssh
+
+%preun
+# Run before uninstallation
+# $1 will be 1 if the package is upgraded
+# and 0 if the package is deinstalled.
+
+if [ "$1" = 0 ] ; then
+ /sbin/service %{name} stop > /dev/null 2>&1
+ /sbin/chkconfig --del %{name} || :
+fi
+
+%postun
+# Run after uninstallation
+# $1 will be 1 if the package is upgraded
+# and 0 if the package is deinstalled.
+
+if [ $1 -eq 0 ] ; then
+ userdel git
+ groupdel git
+
+ for selinuxvariant in %{selinux_variants}; do
+ /usr/sbin/semodule -s ${selinuxvariant} -r gitlab &> /dev/null || :
+ done
+fi
+
+%files
+# describe all the files that should be included in the package
+%defattr(-,root,root,)
+%{_sysconfdir}/logrotate.d/%{name}
+%{_sysconfdir}/httpd/conf.d/%{name}.conf
+%attr(0755,root,root) %{_initddir}/%{name}
+
+%attr(-,root,%{git_user}) %{wwwdir}/*
+%attr(0700,%{git_user},%{git_user}) %{wwwdir}/.ssh
+%attr(0600,%{git_user},%{git_user}) %{wwwdir}/.ssh/authorized_keys
+%attr(-,%{git_user},%{git_user}) %{wwwdir}/repositories
+%attr(-,%{git_user},%{git_user}) %{wwwdir}/gitlab-satellites
+%attr(-,%{git_user},%{git_user}) %{wwwdir}/gitlab-shell/gitlab-shell.log
+# run application as dedicated user
+%attr(-,%{git_user},%{git_user}) %{wwwdir}/%{name}/config.ru
+# allow write access to special directories
+%attr(0770,%{git_user},%{git_user}) %{wwwdir}/%{name}/log
+%attr(0770,%{git_user},%{git_user}) %{wwwdir}/%{name}/public
+%attr(0770,%{git_user},%{git_user}) %{wwwdir}/%{name}/tmp
+
+%{_datadir}/selinux/*/gitlab.pp
+
+%changelog
+# write a changelog!
+
+