diff --git a/README.md b/README.md index d791581..9124137 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features -**Shipped version:** 16.0.1~ynh1 +**Shipped version:** 16.1.1~ynh1 **Demo:** https://gitlab.com/explore diff --git a/README_fr.md b/README_fr.md index 617f5b1..f21b763 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Gestionnaire de dépôts Git proposant des fonctionnalités de wiki, suivi de bugs et de pipeline CI/CD -**Version incluse :** 16.0.1~ynh1 +**Version incluse :** 16.1.1~ynh1 **Démo :** https://gitlab.com/explore diff --git a/conf/gitlab.rb b/conf/gitlab.rb index 20c4da3..ec5249d 100644 --- a/conf/gitlab.rb +++ b/conf/gitlab.rb @@ -201,7 +201,7 @@ external_url '__GENERATED_EXTERNAL_URL__' # gitlab_rails['ssh_keys_expiring_soon_notification_worker_cron'] = "0 1 * * *" # gitlab_rails['loose_foreign_keys_cleanup_worker_cron'] = "*/5 * * * *" # gitlab_rails['ci_runner_versions_reconciliation_worker_cron'] = "@daily" -# gitlab_rails['ci_runners_stale_machines_cleanup_worker_cron'] = "36 4 * * *" +# gitlab_rails['ci_runners_stale_machines_cleanup_worker_cron'] = "36 * * * *" ### Webhook Settings ###! Number of seconds to wait for HTTP response after sending webhook HTTP POST @@ -512,7 +512,7 @@ external_url '__GENERATED_EXTERNAL_URL__' # gitlab_rails['mattermost_host'] = "https://mattermost.example.com" ### LDAP Settings -###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html +###! Docs: https://docs.gitlab.com/ee/administration/auth/ldap/index.html ###! **Be careful not to break the indentation in the ldap_servers block. It is ###! in yaml format and the spaces must be retained. Using tabs will not work.** @@ -829,7 +829,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__ # gitlab_rails['redis_sentinels'] = [ # {'host' => '127.0.0.1', 'port' => 26379}, # ] - +# gitlab_rails['redis_sentinels_password'] = 'sentinel-requirepass-goes-here' #### Cluster support ####! Cluster support is only available for selected Redis instances. `resque.yml` will not @@ -846,46 +846,55 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__ ###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances # gitlab_rails['redis_cache_instance'] = nil # gitlab_rails['redis_cache_sentinels'] = nil +# gitlab_rails['redis_cache_sentinels_password'] = nil # gitlab_rails['redis_cache_username'] = nil # gitlab_rails['redis_cache_password'] = nil # gitlab_rails['redis_cache_cluster_nodes'] = nil # gitlab_rails['redis_queues_instance'] = nil # gitlab_rails['redis_queues_sentinels'] = nil +# gitlab_rails['redis_queues_sentinels_password'] = nil # gitlab_rails['redis_queues_username'] = nil # gitlab_rails['redis_queues_password'] = nil # gitlab_rails['redis_queues_cluster_nodes'] = nil # gitlab_rails['redis_shared_state_instance'] = nil # gitlab_rails['redis_shared_state_sentinels'] = nil +# gitlab_rails['redis_shared_state_sentinels_password'] = nil # gitlab_rails['redis_shared_state_username'] = nil # gitlab_rails['redis_shared_state_password'] = nil # gitlab_rails['redis_shared_state_cluster_nodes'] = nil # gitlab_rails['redis_trace_chunks_instance'] = nil # gitlab_rails['redis_trace_chunks_sentinels'] = nil +# gitlab_rails['redis_trace_chunks_sentinels_password'] = nil # gitlab_rails['redis_trace_chunks_username'] = nil # gitlab_rails['redis_trace_chunks_password'] = nil # gitlab_rails['redis_trace_chunks_cluster_nodes'] = nil # gitlab_rails['redis_actioncable_instance'] = nil # gitlab_rails['redis_actioncable_sentinels'] = nil +# gitlab_rails['redis_actioncable_sentinels_password'] = nil # gitlab_rails['redis_actioncable_username'] = nil # gitlab_rails['redis_actioncable_password'] = nil # gitlab_rails['redis_actioncable_cluster_nodes'] = nil # gitlab_rails['redis_rate_limiting_instance'] = nil # gitlab_rails['redis_rate_limiting_sentinels'] = nil +# gitlab_rails['redis_rate_limiting_sentinels_password'] = nil # gitlab_rails['redis_rate_limiting_username'] = nil # gitlab_rails['redis_rate_limiting_password'] = nil # gitlab_rails['redis_rate_limiting_cluster_nodes'] = nil # gitlab_rails['redis_sessions_instance'] = nil # gitlab_rails['redis_sessions_sentinels'] = nil +# gitlab_rails['redis_sessions_sentinels_password'] = nil # gitlab_rails['redis_sessions_username'] = nil # gitlab_rails['redis_sessions_password'] = nil # gitlab_rails['redis_sessions_cluster_nodes'] = nil # gitlab_rails['redis_cluster_rate_limiting_instance'] = nil # gitlab_rails['redis_cluster_rate_limiting_sentinels'] = nil +# gitlab_rails['redis_cluster_rate_limiting_sentinels_password'] = nil # gitlab_rails['redis_cluster_rate_limiting_username'] = nil # gitlab_rails['redis_cluster_rate_limiting_password'] = nil # gitlab_rails['redis_cluster_rate_limiting_cluster_nodes'] = nil # gitlab_rails['redis_repository_cache_instance'] = nil # gitlab_rails['redis_repository_cache_sentinels'] = nil +# gitlab_rails['redis_repository_cache_sentinels_password'] = nil # gitlab_rails['redis_repository_cache_username'] = nil # gitlab_rails['redis_repository_cache_password'] = nil # gitlab_rails['redis_repository_cache_cluster_nodes'] = nil @@ -1123,6 +1132,7 @@ puma['port'] = __PORT_PUMA__ # puma['ssl_certificate_key'] = nil # puma['ssl_client_certificate'] = nil # puma['ssl_cipher_filter'] = nil +# puma['ssl_key_password_command'] = nil # puma['ssl_verify_mode'] = 'none' # puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid' @@ -2483,7 +2493,6 @@ nginx['listen_https'] = false # deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html . # gitaly['enable'] = true # gitaly['dir'] = "/var/opt/gitlab/gitaly" -# gitaly['log_directory'] = "/var/log/gitlab/gitaly" # gitaly['log_group'] = nil # gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly" # gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env" @@ -2514,6 +2523,7 @@ nginx['listen_https'] = false # }, # graceful_restart_timeout: '1m', # Grace time for a gitaly process to finish ongoing requests # logging: { +# dir: "/var/log/gitlab/gitaly", # level: 'warn', # format: 'json', # sentry_dsn: 'https://:@sentry.io/', @@ -2748,6 +2758,13 @@ package['modify_kernel_parameters'] = __MODIFY_KERNEL_PARAMETERS__ ##! Note: We do not recommend changing these values unless absolutely necessary # package['systemd_after'] = 'multi-user.target' # package['systemd_wanted_by'] = 'multi-user.target' + +##! Settings to control secret generation and storage +##! Note: We do not recommend changing these values unless absolutely necessary +##! Set to false to only parse secrets from `gitlab-secrets.json` file but not generate them. +# package['generate_default_secrets'] = true +##! Set to false to prevent creating `gitlab-secrets.json` file +# package['generate_secrets_json_file'] = true ################################################################################ ################################################################################ ## Configuration Settings for GitLab EE only ## @@ -2850,6 +2867,9 @@ package['modify_kernel_parameters'] = __MODIFY_KERNEL_PARAMETERS__ ##! Uncomment to change default port # sentinel['port'] = 26379 +##! Uncomment to require a Sentinel password. This may be different from the Redis master password. +# sentinel['password'] = 'sentinel-password-goes-here' + #### Support to run sentinels in a Docker or NAT environment #####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues # In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel diff --git a/scripts/upgrade.d/upgrade.15.last.sh b/scripts/upgrade.d/upgrade.15.last.sh index c7b0b22..052013c 100644 --- a/scripts/upgrade.d/upgrade.15.last.sh +++ b/scripts/upgrade.d/upgrade.15.last.sh @@ -35,20 +35,10 @@ elif [ "$architecture" = "arm64" ]; then elif [ "$architecture" = "arm" ]; then if [ "$gitlab_debian_version" = "bullseye" ] then - # If the version for arm doesn't exist, then use an older one - if [ -z "$gitlab_arm_buster_source_sha256" ]; then - gitlab_version="15.11.5" - gitlab_arm_buster_source_sha256="838c832db002b3db16d52f92f2d1390737e43ad81dff78b185829d01ce4e2096" - fi - gitlab_source_sha256=$gitlab_arm_buster_source_sha256 + gitlab_source_sha256=$gitlab_arm_bullseye_source_sha256 elif [ "$gitlab_debian_version" = "buster" ] then - # If the version for arm doesn't exist, then use an older one - if [ -z "$gitlab_arm_bullseye_source_sha256" ]; then - gitlab_version="15.11.5" - gitlab_arm_bullseye_source_sha256="fdbe645ef18cfeeef2fc15c9979c6ced35f6717873538b2ade934e3e24b1dd51" - fi - gitlab_source_sha256=$gitlab_arm_bullseye_source_sha256 + gitlab_source_sha256=$gitlab_arm_buster_source_sha256 fi fi diff --git a/scripts/upgrade.d/upgrade.16.first.sh b/scripts/upgrade.d/upgrade.16.first.sh index 6a45e32..bb9a63f 100644 --- a/scripts/upgrade.d/upgrade.16.first.sh +++ b/scripts/upgrade.d/upgrade.16.first.sh @@ -35,20 +35,10 @@ elif [ "$architecture" = "arm64" ]; then elif [ "$architecture" = "arm" ]; then if [ "$gitlab_debian_version" = "bullseye" ] then - # If the version for arm doesn't exist, then use an older one - if [ -z "$gitlab_arm_buster_source_sha256" ]; then - gitlab_version="16.0.0" - gitlab_arm_buster_source_sha256="821bf4d6cf9f12373dc89d7ec757f3546a94a339ad5c1f044d102b9468e840b6" - fi - gitlab_source_sha256=$gitlab_arm_buster_source_sha256 + gitlab_source_sha256=$gitlab_arm_bullseye_source_sha256 elif [ "$gitlab_debian_version" = "buster" ] then - # If the version for arm doesn't exist, then use an older one - if [ -z "$gitlab_arm_bullseye_source_sha256" ]; then - gitlab_version="16.0.0" - gitlab_arm_bullseye_source_sha256="2bb0c4145d467c2d79a9067f090ace1b967318a49dc34e969d5abc06040d111e" - fi - gitlab_source_sha256=$gitlab_arm_bullseye_source_sha256 + gitlab_source_sha256=$gitlab_arm_buster_source_sha256 fi fi diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index d25f10f..786014c 100644 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,23 +1,29 @@ #!/bin/bash -gitlab_version="16.0.1" +gitlab_version="16.1.1" # sha256sum found here: https://packages.gitlab.com/gitlab gitlab_debian_version="$(lsb_release -sc)" -gitlab_x86_64_bullseye_source_sha256="80c07ddf3d1df889a039b0aeb098bd34b836819016a0d33368e7838bb9d95070" -gitlab_x86_64_buster_source_sha256="03d6417811d81fadda4526a7c8d82529c25c6cb60ee9d4e1e6e82fb2d447e1b0" +gitlab_x86_64_bookworm_source_sha256="93a347b794b54b9aeead46a1cd7ff03fbdad6a41f75679e584091d5dcc1e9bff" +gitlab_x86_64_bullseye_source_sha256="8314b2d0029769cce1f24fa775d7680c49f88fc5c53176e24f699828d1cb1647" +gitlab_x86_64_buster_source_sha256="74592bfba421cced9911b0373fcc1f12639b283dd822b076d300e90c419f7bfb" -gitlab_arm64_bullseye_source_sha256="6649ef36a3d3e970ae2eb0b4c70ca8edb6c22c8daa9d955af2b9651a8634f06f" -gitlab_arm64_buster_source_sha256="20524140314569f13a0ed1bbfb03e1338976762b20296848b63c7811e2f01e3c" +gitlab_arm64_bookworm_source_sha256="de1449f54ecec2ed2f1f6321c539e6d848faaf0ba6734c23ac1c20c657e642a5" +gitlab_arm64_bullseye_source_sha256="adff825941e91a0421fffc491e1e3d2632e5a210fd66320e304c850d07f73ed4" +gitlab_arm64_buster_source_sha256="a7a5e0228d6fb23919679af7548ba1255e785f4a7fe7e5926545a2a254577980" -gitlab_arm_buster_source_sha256="c5a5ffa84706e9cc136ff2daded867acf2308c06a4145ae4632a672b0187268b" -gitlab_arm_bullseye_source_sha256="5ae1219572c78778cc061ed5e13e03ecf3901c317bd218d4a454322bf886f45e" +gitlab_arm_bookworm_source_sha256="" +gitlab_arm_bullseye_source_sha256="5aa71840a808f99f27afb9bf89deb73bda9185e1f91a1f1796f21e5bba8ac104" +gitlab_arm_buster_source_sha256="4a2e40b602797121780676197570093814d035281034ff30f08060255969bdb8" architecture=$(ynh_app_setting_get --app="$app" --key=architecture) if [ "$architecture" = "x86-64" ]; then - if [ "$gitlab_debian_version" = "bullseye" ] + if [ "$gitlab_debian_version" = "bookworm" ] + then + gitlab_source_sha256=$gitlab_x86_64_bookworm_source_sha256 + elif [ "$gitlab_debian_version" = "bullseye" ] then gitlab_source_sha256=$gitlab_x86_64_bullseye_source_sha256 elif [ "$gitlab_debian_version" = "buster" ] @@ -25,7 +31,10 @@ if [ "$architecture" = "x86-64" ]; then gitlab_source_sha256=$gitlab_x86_64_buster_source_sha256 fi elif [ "$architecture" = "arm64" ]; then - if [ "$gitlab_debian_version" = "bullseye" ] + if [ "$gitlab_debian_version" = "bookworm" ] + then + gitlab_source_sha256=$gitlab_arm64_bookworm_source_sha256 + elif [ "$gitlab_debian_version" = "bullseye" ] then gitlab_source_sha256=$gitlab_arm64_bullseye_source_sha256 elif [ "$gitlab_debian_version" = "buster" ] @@ -33,7 +42,14 @@ elif [ "$architecture" = "arm64" ]; then gitlab_source_sha256=$gitlab_arm64_buster_source_sha256 fi elif [ "$architecture" = "arm" ]; then - if [ "$gitlab_debian_version" = "bullseye" ] + if [ "$gitlab_debian_version" = "bookworm" ] + then + gitlab_source_sha256=$gitlab_arm_bookworm_source_sha256 + if [ -z "$gitlab_arm_bookworm_source_sha256" ] + then + gitlab_source_sha256=$gitlab_arm_bullseye_source_sha256 + fi + elif [ "$gitlab_debian_version" = "bullseye" ] then gitlab_source_sha256=$gitlab_arm_bullseye_source_sha256 elif [ "$gitlab_debian_version" = "buster" ] diff --git a/upgrade-versions.sh b/upgrade-versions.sh index 6608850..a90a0c1 100755 --- a/upgrade-versions.sh +++ b/upgrade-versions.sh @@ -8,7 +8,7 @@ # Example: ./upgrade-versions.sh scripts/upgrade.d/upgrade.last.sh 13.3.1 file=$(basename $1) -debian_versions=("buster" "bullseye") +debian_versions=("buster" "bullseye" "bookworm") version=$2 current_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" gitlab_directory="$( cd "$( dirname "$current_dir/$1" )/../../" >/dev/null 2>&1 && pwd )"