summaryrefslogtreecommitdiffstats
path: root/SPECS/gitlab.spec
blob: 395f85f91b4cfeeb317c825ffe18b81b4c638b62 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
### application settings
# add your specific settings here

%define app_name     gitlab
%define app_version  6.1.0
%define gitlabshell_version  1.7.1
%define ruby_version 1.9.3

# which bundle envs should not go into production?
%define bundle_without_groups 'development test postgres puma aws unicorn'

# directories to exclude in rpm - relative to Rails.root
%define exclude_dirs 'doc spec features test vendor/cache log tmp db/*.sqlite'

%define use_mysql       1

### end of application settings
### settings that should not be changed

%define wwwdir      /var/www/%{name}
%define ruby_bindir /opt/ruby-%{ruby_version}/bin
%define ruby_bin %{ruby_bindir}/ruby
%define bundle_cmd  RAILS_ENV=production %{ruby_bindir}/bundle
%define git_user git

##### start of the specfile
Name:		%{app_name}
Version:	%{app_version}
Release:	1%{?dist}
Summary:	This is a rails application

Group:		Applications/Web
License:	NonPublic
URL:		https://www.gitlabhq.net
#Source0:	%{name}-%{version}.tar.gz
Source0:	%{name}.init
Source1:	%{name}.httpd
Source10:       gitlab.te
Source11:       gitlab.fc

BuildRequires:  opt-ruby-%{ruby_version}-rubygem-bundler
BuildRequires:  libxml2-devel
BuildRequires:  libxslt-devel
BuildRequires:  libicu-devel
BuildRequires:	mysql-devel
BuildRequires:	git
BuildRequires:  checkpolicy, selinux-policy-devel, /usr/share/selinux/devel/policyhelp
Requires:	logrotate
Requires:	mysql-server
Requires:	redis
Requires:	git
Requires:	httpd
Requires:       mod_ssl
Requires:	opt-ruby-%{ruby_version}
Requires:	opt-ruby-%{ruby_version}-mod_passenger
Requires:	opt-ruby-%{ruby_version}-rubygem-bundler
%{!?_selinux_policy_version: %global _selinux_policy_version %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp 2>/dev/null)}
%if "%{_selinux_policy_version}" != ""
Requires:      selinux-policy >= %{_selinux_policy_version}
%endif
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-%(id -un)

%global selinux_types %(%{__awk} '/^#[[:space:]]*SELINUXTYPE=/,/^[^#]/ { if ($3 == "-") printf "%s ", $2 }' /etc/selinux/config 2>/dev/null)
%global selinux_variants %([ -z "%{selinux_types}" ] && echo mls targeted || echo %{selinux_types})

%description

This is gitlab

%pre
# Run before the package is installed.
# Creates the user and group which will be used to run the
# application.
getent group %{git_user} > /dev/null || groupadd -r %{git_user}
getent passwd %{git_user} > /dev/null || \
  useradd -m -g %{git_user} -d %{wwwdir} -s /bin/bash \
  -c "Rails Application %{name}" %{git_user}
getent group %{git_user} | grep -q apache || usermod -a -G %{git_user} apache

test -d %{wwwdir} || mkdir -p %{wwwdir}
chown %{git_user}.%{git_user} %{wwwdir}
chmod 0750 %{wwwdir}
exit 0


%prep
# prepare the source to install it during the package building
# process.
#%setup -c -q -n %{name}-%{version}
%setup -c -q -T -n %{name}-%{version}
git clone https://github.com/gitlabhq/gitlabhq.git gitlab
pushd gitlab
  git checkout -brelease_v%{app_version} v%{app_version}
popd
git clone https://github.com/gitlabhq/gitlab-shell.git
pushd gitlab-shell
  git checkout -brelease_v%{gitlabshell_version} v%{gitlabshell_version}
popd
cp -p %{SOURCE0} %{name}.init
cp -p %{SOURCE1} %{name}.httpd

mkdir SELinux
cp -p %{SOURCE10} %{SOURCE11} SELinux

%build
# build/compile any code
# this can be left empty as for most rails applications we won't build
# any code.

cd SELinux
for selinuxvariant in %{selinux_variants}
do
  make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
  mv gitlab.pp gitlab.pp.${selinuxvariant}
  make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
done
cd -

%install
# Install the application code into the build root directory. This directory
# structure will be packaged into the package.
rm -rf $RPM_BUILD_ROOT

install -Dp -m0755 %{name}.init $RPM_BUILD_ROOT/%{_initddir}/%{name}
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/
install -Dp -m0755 %{name}.httpd $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/%{name}.conf

mkdir $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
echo "# Rotate rails logs for %{name}
# Created by %{name}.rpm
%{wwwdir}/%{name}/%{name}/log/*.log %{wwwdir}/gitlab-shell/gitlab-shell.log {
  daily
  missingok
  rotate 7
  compress
  delaycompress
  notifempty
  copytruncate
}
" > $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name}

for selinuxvariant in %{selinux_variants}
do
  install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
  install -p -m 644 SELinux/gitlab.pp.${selinuxvariant} \
    %{buildroot}%{_datadir}/selinux/${selinuxvariant}/gitlab.pp
done

# we do not want to ship .git
#rm -rf gitlab*/.git

pushd gitlab

export PATH=%{ruby_bindir}:$PATH
([ ! -f ~/.gemrc ] || grep -q no-ri ~/.gemrc) || echo "gem: --no-ri --no-rdoc" >> ~/.gemrc
%{bundle_cmd} install --deployment --without %{bundle_without_groups}


# remove unnecessary files
for dir in %{exclude_dirs}; do
  [ -e $dir ] && rm -rf $dir
done
#stupid automatic shebang finder
rm vendor/bundle/ruby/1.9.1/gems/pygments.rb-0.4.2/vendor/pygments-main/external/lasso-builtins-generator-9.lasso
# fix wrong permisions
chmod -R g+rX vendor/bundle/ruby/1.9.1/gems/underscore-rails-1.4.4/

popd

chmod -R o-rwx .

install -p -d -m0750 $RPM_BUILD_ROOT/%{wwwdir}/%{name}
install -p -d -m0700 $RPM_BUILD_ROOT/%{wwwdir}/.ssh
install -p -d -m0750 $RPM_BUILD_ROOT/%{wwwdir}/repositories
install -p -d -m0750 $RPM_BUILD_ROOT/%{wwwdir}/gitlab-satellites
install -p -d -m0770 $RPM_BUILD_ROOT/%{wwwdir}/%{name}/log
install -p -d -m0770 $RPM_BUILD_ROOT/%{wwwdir}/%{name}/tmp
install -p -d -m0770 $RPM_BUILD_ROOT/%{wwwdir}/%{name}/tmp/cache
install -p -d -m0770 $RPM_BUILD_ROOT/%{wwwdir}/%{name}/tmp/pids
install -p -d -m0770 $RPM_BUILD_ROOT/%{wwwdir}/%{name}/tmp/sockets
install -p -d -m0770 $RPM_BUILD_ROOT/%{wwwdir}/%{name}/public/uploads

cp -p -r gitlab-shell $RPM_BUILD_ROOT/%{wwwdir}/
cp -p -r gitlab/* $RPM_BUILD_ROOT/%{wwwdir}/%{name}/
cp -p -r gitlab/{.bundle,.git*} $RPM_BUILD_ROOT/%{wwwdir}/%{name}/
touch $RPM_BUILD_ROOT/%{wwwdir}/.ssh/authorized_keys
touch $RPM_BUILD_ROOT/%{wwwdir}/gitlab-shell/gitlab-shell.log

# fix shebangs
grep -sHE '^#!/usr/(local/)?bin/ruby' $RPM_BUILD_ROOT/%{wwwdir}/%{name}* -r | awk -F: '{ print $1 }' | uniq | while read line; do sed -i 's@^#\!/usr/\(local/\)\?bin/ruby@#\!%{ruby_bin}@' $line; done
grep -sHE '^#!/usr/bin/env ruby' $RPM_BUILD_ROOT/%{wwwdir}/%{name}*  -r | awk -F: '{ print $1 }' | uniq | while read line; do sed -i 's@^#\!/usr/bin/env ruby@#\!%{ruby_bin}@' $line; done
grep -sHE '^#!/usr/bin/env rake' $RPM_BUILD_ROOT/%{wwwdir}/%{name}* -r | awk -F: '{ print $1 }' | uniq | while read line; do sed -i 's@^#\!/usr/bin/env rake@#\!%{ruby_bindir}/rake@' $line; done

%post
# Runs after the package got installed.
# Configure here any services etc.

touch %{wwwdir}/.bash_profile
chown %{git_user}.%{git_user} %{wwwdir}/.bash_profile
grep -q "%{ruby_version}/bin" %{wwwdir}/.bash_profile || echo "export PATH=%{ruby_bindir}:\$PATH" >> %{wwwdir}/.bash_profile
grep -q RAILS_ENV %{wwwdir}/.bash_profile || echo "export RAILS_ENV=production" >> %{wwwdir}/.bash_profile
grep -q 'bundle exec rails' %{wwwdir}/.bash_profile || echo "alias rails='bundle exec rails'" >> %{wwwdir}/.bash_profile

test `su %{git_user} -c 'git config user.name' | wc -l` -gt 0 || su %{git_user} -c 'git config --global user.name "GitLab"'
test `su %{git_user} -c 'git config user.email' | wc -l` -gt 0 || su %{git_user} -c 'git config --global user.email "gitlab@gitlab"'
su %{git_user} -c 'git config --global core.autocrlf input'

# generate random secret file
test -f %{wwwdir}/%{name}/.secret || (echo -n `cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 128 | head -n 1` > %{wwwdir}/%{name}/.secret && chgrp %{git_user} %{wwwdir}/%{name}/.secret && chmod o-rwx %{wwwdir}/%{name}/.secret)

# allow httpd to connect to redis
getsebool httpd_can_network_connect | grep -qE 'on$' || setsebool -P httpd_can_network_connect on
for selinuxvariant in %{selinux_variants}; do
  /usr/sbin/semodule -s ${selinuxvariant} -i \
    %{_datadir}/selinux/${selinuxvariant}/gitlab.pp &> /dev/null || :
done
/sbin/restorecon -R %{wwwdir}/.ssh

%preun
# Run before uninstallation
# $1 will be 1 if the package is upgraded
# and 0 if the package is deinstalled.

if [ "$1" = 0 ] ; then
  /sbin/service %{name} stop > /dev/null 2>&1
  /sbin/chkconfig --del %{name} || :
fi

%postun
# Run after uninstallation
# $1 will be 1 if the package is upgraded
# and 0 if the package is deinstalled.
 
if [ $1 -eq 0 ] ; then
  userdel git
  groupdel git

  for selinuxvariant in %{selinux_variants}; do 
    /usr/sbin/semodule -s ${selinuxvariant} -r gitlab &> /dev/null || :
  done
fi

%files
# describe all the files that should be included in the package
%defattr(-,root,root,)
%{_sysconfdir}/logrotate.d/%{name}
%{_sysconfdir}/httpd/conf.d/%{name}.conf
%attr(0755,root,root) %{_initddir}/%{name}

%attr(-,root,%{git_user}) %{wwwdir}/*
%attr(0700,%{git_user},%{git_user}) %{wwwdir}/.ssh
%attr(0600,%{git_user},%{git_user}) %{wwwdir}/.ssh/authorized_keys
%attr(-,%{git_user},%{git_user}) %{wwwdir}/repositories
%attr(-,%{git_user},%{git_user}) %{wwwdir}/gitlab-satellites
%attr(-,%{git_user},%{git_user}) %{wwwdir}/gitlab-shell/gitlab-shell.log
# run application as dedicated user
%attr(-,%{git_user},%{git_user}) %{wwwdir}/%{name}/config.ru
# allow write access to special directories
%attr(0770,%{git_user},%{git_user}) %{wwwdir}/%{name}/log
%attr(0770,%{git_user},%{git_user}) %{wwwdir}/%{name}/public
%attr(0770,%{git_user},%{git_user}) %{wwwdir}/%{name}/tmp

%{_datadir}/selinux/*/gitlab.pp

%changelog
# write a changelog!