From 6c9eee31f58328c35a4e629c0d0e7060d8de8022 Mon Sep 17 00:00:00 2001
From: Kay0u <pierre@kayou.io>
Date: Sun, 23 Jun 2024 20:54:54 +0200
Subject: [PATCH 1/3] 17.1.0

---
 conf/gitlab.rb                        | 25 ++++++++-
 manifest.toml                         |  2 +-
 scripts/upgrade.d/upgrade.16.last.sh  | 18 +++----
 scripts/upgrade.d/upgrade.17.first.sh | 76 +++++++++++++++++++++++++++
 scripts/upgrade.d/upgrade.last.sh     | 18 +++----
 5 files changed, 119 insertions(+), 20 deletions(-)
 create mode 100644 scripts/upgrade.d/upgrade.17.first.sh

diff --git a/conf/gitlab.rb b/conf/gitlab.rb
index 80a5d90..4a8905d 100644
--- a/conf/gitlab.rb
+++ b/conf/gitlab.rb
@@ -149,6 +149,14 @@ external_url '__GENERATED_EXTERNAL_URL__'
 ##! `10` for Light Red
 # gitlab_rails['gitlab_default_theme'] = 2
 
+### Custom html header tags
+###! See https://docs.gitlab.com/ee/administration/custom_html_header_tags.html for more
+# In some cases some custom header tags are needed
+# e.g., to add the EU cookie consent
+# Tip: you must add the externals source to the content_security_policy as
+#      well, typically the script_src and style_src.
+# gitlab_rails['custom_html_header_tags'] = nil
+
 ### Default project feature settings
 # gitlab_rails['gitlab_default_projects_features_issues'] = true
 # gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
@@ -846,6 +854,9 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 #### Redis local UNIX socket (will be disabled if TCP method is used)
 # gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
 
+#### Session cookie settings
+# gitlab_rails['session_store_session_cookie_token_prefix'] = ''
+
 #### Sentinel support
 ####! To have Sentinel working, you must enable Redis TCP connection support
 ####! above and define a few Sentinel hosts below (to get a reliable setup
@@ -857,6 +868,10 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 # ]
 # gitlab_rails['redis_sentinels_password'] = 'sentinel-requirepass-goes-here'
 
+# gitlab_rails']['redis_sentinel_master'] = nil
+# gitlab_rails']['redis_sentinel_master_ip'] = nil
+# gitlab_rails']['redis_sentinel_master_port'] = nil
+
 #### Cluster support
 ####! Cluster support is only available for selected Redis instances. `resque.yml` will not
 ####! support cluster mode to maintain full-compatibility with the GitLab rails application.
@@ -1088,7 +1103,8 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 #     'name' => 'test_endpoint',
 #     'url' => 'https://gitlab.example.com/notify2',
 #     'timeout' => '500ms',
-#     'threshold' => 5,
+#     'threshold' => 5, # DEPRECATED: use maxretries instead https://gitlab.com/gitlab-org/container-registry/-/issues/1243
+#     'maxretries' => 5,
 #     'backoff' => '1s',
 #     'headers' => {
 #       "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
@@ -1098,6 +1114,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 ### Default registry notifications
 # registry['default_notifications_timeout'] = "500ms"
 # registry['default_notifications_threshold'] = 5
+# registry['default_notifications_maxretries'] = 5
 # registry['default_notifications_backoff'] = "1s"
 # registry['default_notifications_headers'] = {}
 
@@ -2112,6 +2129,12 @@ nginx['listen_https'] = false
 # Experimental - Enable namespace in path
 # gitlab_pages['namespace_in_path'] = false
 
+##! Configure GitLab Pages client cert and client key which will be used as mutual TLS with GitLab API
+# gitlab_pages['client_cert'] = "/path/to/client.crt"
+# gitlab_pages['client_key'] = "/path/to/client.key"
+##! Configure root CA certs used to sign client certs which will be used with GitLab API
+# gitlab_pages['client_ca_certs'] = "/path/to/ca.crt"
+
 ################################################################################
 ## GitLab Pages NGINX
 ################################################################################
diff --git a/manifest.toml b/manifest.toml
index f46c5d6..04314a7 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -5,7 +5,7 @@ name = "GitLab"
 description.en = "Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features"
 description.fr = "Gestionnaire de dépôts Git proposant des fonctionnalités de wiki, suivi de bugs et de pipeline CI/CD"
 
-version = "17.0.2~ynh1"
+version = "17.1.0~ynh1"
 
 maintainers = ["kay0u"]
 
diff --git a/scripts/upgrade.d/upgrade.16.last.sh b/scripts/upgrade.d/upgrade.16.last.sh
index 1d6e233..c29686d 100644
--- a/scripts/upgrade.d/upgrade.16.last.sh
+++ b/scripts/upgrade.d/upgrade.16.last.sh
@@ -1,22 +1,22 @@
 #!/bin/bash
 
-gitlab_version="16.11.2"
+gitlab_version="16.11.4"
 
 # Upgrade path: https://gitlab-com.gitlab.io/support/toolbox/upgrade-path/
 # sha256sum found here: https://packages.gitlab.com/gitlab
 gitlab_debian_version="$(lsb_release -sc)"
 
-gitlab_x86_64_bookworm_source_sha256="339c827c08697817df5ed05387df9a58d2bf138181bb9c2b7b11a3803ab12e7c"
-gitlab_x86_64_bullseye_source_sha256="6199c64689c31cf48225d064001f645540c139931699930fba4a9ad1e539c205"
-gitlab_x86_64_buster_source_sha256="433bd5d6d2988b276d3767912e3035f3eb913d7e98a7ceb46e0325a4be0af0b4"
+gitlab_x86_64_bookworm_source_sha256="bb832ba67d86e111e616f933a1a8cc81ffa8ce973d47ebf3c793ceaf9696edb4"
+gitlab_x86_64_bullseye_source_sha256="2d5aa60b882d97d0be17c35ac86dbc4d5dc3c51adc099fa70de5da3f6dbc9603"
+gitlab_x86_64_buster_source_sha256="9aaccc3aee94a9ec4fa55c3d09d4e5dcf744fed0555b242c4bda9600314272d5"
 
-gitlab_arm64_bookworm_source_sha256="98e259ffe7c1466836b762c7b41e7d1203b31cc440129046ec1ca0072ae76df1"
-gitlab_arm64_bullseye_source_sha256="9c53d88dff37bd64b1e5d9832edec5984a6420475d21dc32cb46281268eaafec"
-gitlab_arm64_buster_source_sha256="951bb731adf2177b1fd74b0cc0f774cd7ee3b4ea951216cf1f245a78bcbc6159"
+gitlab_arm64_bookworm_source_sha256="2cb858e73dedaa212e05939bad187fe6d3caedf7f984c39665064fe7db4818c2"
+gitlab_arm64_bullseye_source_sha256="c4eda7e8b5dfcf48fb31226c917664d4b39f2747f551813f0243bfb123a69ff5"
+gitlab_arm64_buster_source_sha256="fe09d913344e88626341a4870cf60e30b550fa80e44eb2b9c106ff56c8817423"
 
 gitlab_arm_bookworm_source_sha256=""
-gitlab_arm_bullseye_source_sha256="56180fb6c7565fbccff14d868ccb3412a89c11212726a91e576df8fce5d79288"
-gitlab_arm_buster_source_sha256="b5e42c8f3c32683df957d1522c39af0165a33e27132a55fb18690db56f662ab8"
+gitlab_arm_bullseye_source_sha256="203fb855056b4e2b5a252dc3b3c6667294347d4cb44de8b4c7f0ee15de83a1bf"
+gitlab_arm_buster_source_sha256="2553fcfa670a185330cb26633bd0bdc3fbe15f9a0a4ad4fe203c4b465577b80b"
 
 architecture=$(ynh_app_setting_get --app="$app" --key=architecture)
 
diff --git a/scripts/upgrade.d/upgrade.17.first.sh b/scripts/upgrade.d/upgrade.17.first.sh
new file mode 100644
index 0000000..bbeade1
--- /dev/null
+++ b/scripts/upgrade.d/upgrade.17.first.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+gitlab_version="17.0.2"
+
+# Upgrade path: https://gitlab-com.gitlab.io/support/toolbox/upgrade-path/
+# sha256sum found here: https://packages.gitlab.com/gitlab
+gitlab_debian_version="$(lsb_release -sc)"
+
+gitlab_x86_64_bookworm_source_sha256="447d32a4ee2fb278037f141eb5f2c2e4f9d5958c0e7b7101c7adb9f82c8b7635"
+gitlab_x86_64_bullseye_source_sha256="df2eab15f094e30570da37914eb5b59478591684d1fd85d7f515e7834a9198b1"
+gitlab_x86_64_buster_source_sha256="24863dd68cf6cf93b4b84dbc2f7b9662681c172b839f7fde30af1df2a1aac21f"
+
+gitlab_arm64_bookworm_source_sha256="d61abb2956b6c546fb0399c1ef8b0a040303ede9184f4553a7a8b2e4bc2b2188"
+gitlab_arm64_bullseye_source_sha256="5ed91c06407090c5a961599b08ed8d7078cf3df971483c3c4702e298b12feaec"
+gitlab_arm64_buster_source_sha256="127a53b317b03b523078c140023065a15c5d6f730478f7b1f49c280859576beb"
+
+gitlab_arm_bookworm_source_sha256=""
+gitlab_arm_bullseye_source_sha256="cffd318fce3bb73855f05d1761d79c49d21b1cf049ec2c16fc176d3b9d04ba4f"
+gitlab_arm_buster_source_sha256="787b26de09953df417a4233cdd25879cc45a85cdff46ec92d301a660dd4776cb"
+
+architecture=$(ynh_app_setting_get --app="$app" --key=architecture)
+
+# Evaluating indirect/reference variables https://mywiki.wooledge.org/BashFAQ/006#Indirection 
+# ref=gitlab_${architecture}_${gitlab_debian_version}_source_sha256
+# gitlab_source_sha256=${!ref}
+
+if [ "$architecture" = "x86-64" ]; then
+	if [ "$gitlab_debian_version" = "bookworm" ]
+	then
+		gitlab_source_sha256=$gitlab_x86_64_bookworm_source_sha256
+	elif [ "$gitlab_debian_version" = "bullseye" ]
+	then
+		gitlab_source_sha256=$gitlab_x86_64_bullseye_source_sha256
+	elif [ "$gitlab_debian_version" = "buster" ]
+	then
+		gitlab_source_sha256=$gitlab_x86_64_buster_source_sha256
+	fi
+elif [ "$architecture" = "arm64" ]; then
+	if [ "$gitlab_debian_version" = "bookworm" ]
+	then
+		gitlab_source_sha256=$gitlab_arm64_bookworm_source_sha256
+	elif [ "$gitlab_debian_version" = "bullseye" ]
+	then
+		gitlab_source_sha256=$gitlab_arm64_bullseye_source_sha256
+	elif [ "$gitlab_debian_version" = "buster" ]
+	then
+		gitlab_source_sha256=$gitlab_arm64_buster_source_sha256
+	fi
+elif [ "$architecture" = "arm" ]; then
+	if [ "$gitlab_debian_version" = "bookworm" ]
+	then
+		gitlab_source_sha256=$gitlab_arm_bookworm_source_sha256
+		if [ -z "$gitlab_arm_bookworm_source_sha256" ]
+		then
+			gitlab_source_sha256=$gitlab_arm_bullseye_source_sha256
+		fi
+	elif [ "$gitlab_debian_version" = "bullseye" ]
+	then
+		gitlab_source_sha256=$gitlab_arm_bullseye_source_sha256
+	elif [ "$gitlab_debian_version" = "buster" ]
+	then
+		gitlab_source_sha256=$gitlab_arm_buster_source_sha256
+	fi
+fi
+
+gitlab_filename="gitlab-ce-${gitlab_version}.deb"
+
+# Action to do in case of failure of the package_check
+package_check_action() {
+	ynh_backup_if_checksum_is_different --file="$config_path/gitlab.rb"
+	cat <<EOF >> "$config_path/gitlab.rb"
+# Last chance to fix Gitlab
+package['modify_kernel_parameters'] = false
+EOF
+	ynh_store_file_checksum --file="$config_path/gitlab.rb"
+}
diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh
index bbeade1..3f00ccf 100644
--- a/scripts/upgrade.d/upgrade.last.sh
+++ b/scripts/upgrade.d/upgrade.last.sh
@@ -1,22 +1,22 @@
 #!/bin/bash
 
-gitlab_version="17.0.2"
+gitlab_version="17.1.0"
 
 # Upgrade path: https://gitlab-com.gitlab.io/support/toolbox/upgrade-path/
 # sha256sum found here: https://packages.gitlab.com/gitlab
 gitlab_debian_version="$(lsb_release -sc)"
 
-gitlab_x86_64_bookworm_source_sha256="447d32a4ee2fb278037f141eb5f2c2e4f9d5958c0e7b7101c7adb9f82c8b7635"
-gitlab_x86_64_bullseye_source_sha256="df2eab15f094e30570da37914eb5b59478591684d1fd85d7f515e7834a9198b1"
-gitlab_x86_64_buster_source_sha256="24863dd68cf6cf93b4b84dbc2f7b9662681c172b839f7fde30af1df2a1aac21f"
+gitlab_x86_64_bookworm_source_sha256="69a57e488fe82afccdbe95753299ff479d38d23ee91c8aba3d9ef3e1ee783262"
+gitlab_x86_64_bullseye_source_sha256="c85ce193c1b5b90588506b51872391b97a2c342a7143335adeb3958d08a3c342"
+gitlab_x86_64_buster_source_sha256="be5ff642253c817bfccccf6545f8550de24106c9ae9e3e600f11d8dfc6982199"
 
-gitlab_arm64_bookworm_source_sha256="d61abb2956b6c546fb0399c1ef8b0a040303ede9184f4553a7a8b2e4bc2b2188"
-gitlab_arm64_bullseye_source_sha256="5ed91c06407090c5a961599b08ed8d7078cf3df971483c3c4702e298b12feaec"
-gitlab_arm64_buster_source_sha256="127a53b317b03b523078c140023065a15c5d6f730478f7b1f49c280859576beb"
+gitlab_arm64_bookworm_source_sha256="e8c3f62cdce151e9ca0e33a2125d330dc0fee8fe87932118b95ca6950d3349ae"
+gitlab_arm64_bullseye_source_sha256="85193e62e2850638a26b339c001da1ee73f063d653ae8d9c3db2f74fee295a1a"
+gitlab_arm64_buster_source_sha256="a41bc4334f21659eb331939a63e54358f9bb27d156f4b286e68729567e63b622"
 
 gitlab_arm_bookworm_source_sha256=""
-gitlab_arm_bullseye_source_sha256="cffd318fce3bb73855f05d1761d79c49d21b1cf049ec2c16fc176d3b9d04ba4f"
-gitlab_arm_buster_source_sha256="787b26de09953df417a4233cdd25879cc45a85cdff46ec92d301a660dd4776cb"
+gitlab_arm_bullseye_source_sha256="7d117dee3ba272e8ee607fd351ee7b714eb4c479ca8c08818404373d4a19a11e"
+gitlab_arm_buster_source_sha256="971255f63407de4a9bae34b7985b2b98b4995a1373215ffedf1e265912e900bc"
 
 architecture=$(ynh_app_setting_get --app="$app" --key=architecture)
 

From 9099dbab3728eacc16faa748532f797f0e8ef455 Mon Sep 17 00:00:00 2001
From: yunohost-bot <yunohost@yunohost.org>
Date: Sun, 23 Jun 2024 18:55:07 +0000
Subject: [PATCH 2/3] Auto-update READMEs

---
 README.md         | 2 +-
 README_es.md      | 2 +-
 README_eu.md      | 2 +-
 README_fr.md      | 2 +-
 README_gl.md      | 2 +-
 README_zh_Hans.md | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 64f28c0..632baf0 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ It shall NOT be edited by hand.
 
 Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features
 
-**Shipped version:** 17.0.2~ynh1
+**Shipped version:** 17.1.0~ynh1
 
 **Demo:** <https://gitlab.com/explore>
 
diff --git a/README_es.md b/README_es.md
index 45e9b10..ad1ce5a 100644
--- a/README_es.md
+++ b/README_es.md
@@ -18,7 +18,7 @@ No se debe editar a mano.
 
 Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features
 
-**Versión actual:** 17.0.2~ynh1
+**Versión actual:** 17.1.0~ynh1
 
 **Demo:** <https://gitlab.com/explore>
 
diff --git a/README_eu.md b/README_eu.md
index 731bf26..09cb1da 100644
--- a/README_eu.md
+++ b/README_eu.md
@@ -18,7 +18,7 @@ EZ editatu eskuz.
 
 Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features
 
-**Paketatutako bertsioa:** 17.0.2~ynh1
+**Paketatutako bertsioa:** 17.1.0~ynh1
 
 **Demoa:** <https://gitlab.com/explore>
 
diff --git a/README_fr.md b/README_fr.md
index f2b4296..b5a0109 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -18,7 +18,7 @@ Il NE doit PAS être modifié à la main.
 
 Gestionnaire de dépôts Git proposant des fonctionnalités de wiki, suivi de bugs et de pipeline CI/CD
 
-**Version incluse :** 17.0.2~ynh1
+**Version incluse :** 17.1.0~ynh1
 
 **Démo :** <https://gitlab.com/explore>
 
diff --git a/README_gl.md b/README_gl.md
index c2ebb8f..e43d39d 100644
--- a/README_gl.md
+++ b/README_gl.md
@@ -18,7 +18,7 @@ NON debe editarse manualmente.
 
 Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features
 
-**Versión proporcionada:** 17.0.2~ynh1
+**Versión proporcionada:** 17.1.0~ynh1
 
 **Demo:** <https://gitlab.com/explore>
 
diff --git a/README_zh_Hans.md b/README_zh_Hans.md
index ab29e98..f967211 100644
--- a/README_zh_Hans.md
+++ b/README_zh_Hans.md
@@ -18,7 +18,7 @@
 
 Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features
 
-**分发版本：** 17.0.2~ynh1
+**分发版本：** 17.1.0~ynh1
 
 **演示：** <https://gitlab.com/explore>
 

From 747aa493f6fc3c43d8b4b90be29c779cad1e3690 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com>
Date: Mon, 24 Jun 2024 05:46:12 +0200
Subject: [PATCH 3/3] Update restore: i guess you meant to check "system
 users", not yunohost users

---
 scripts/restore | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/restore b/scripts/restore
index cb9b69e..8d47189 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -87,7 +87,7 @@ gitlab-ctl stop sidekiq
 ynh_exec_warn_less gitlab-backup restore force=yes BACKUP=$last_backup
 
 # https://docs.gitlab.com/ce/raketasks/backup_restore.html#container-registry-push-failures-after-restoring-from-a-backup
-if ynh_user_exists --username="registry" && [ -d "/var/opt/gitlab/gitlab-rails/shared/registry/docker" ]; then
+if ynh_system_user_exists --username="registry" && [ -d "/var/opt/gitlab/gitlab-rails/shared/registry/docker" ]; then
 	chown -R registry:registry /var/opt/gitlab/gitlab-rails/shared/registry/docker
 fi