[DRE-commits] [gitlab] 01/02: use upstream patch for git 2.11 support backport
Praveen Arimbrathodiyil
praveen at moszumanska.debian.org
Tue Feb 7 08:40:37 UTC 2017
This is an automated email from the git hooks/post-receive script.
praveen pushed a commit to branch master
in repository gitlab.
commit f6c070a8a403a538cf9a40cc01116b4b00fa4975
Author: Praveen Arimbrathodiyil <praveen at debian.org>
Date: Tue Feb 7 11:23:02 2017 +0530
use upstream patch for git 2.11 support backport
---
debian/patches/0250-gitlab-shell-4.0-compat.patch | 227 ---------------------
debian/patches/0300-git-2-11-support.patch | 235 +++++++++++++++++++---
debian/patches/series | 1 -
3 files changed, 205 insertions(+), 258 deletions(-)
diff --git a/debian/patches/0250-gitlab-shell-4.0-compat.patch b/debian/patches/0250-gitlab-shell-4.0-compat.patch
deleted file mode 100644
index 51e2db2..0000000
--- a/debian/patches/0250-gitlab-shell-4.0-compat.patch
+++ /dev/null
@@ -1,227 +0,0 @@
---- a/lib/api/internal.rb
-+++ b/lib/api/internal.rb
-@@ -3,6 +3,8 @@
- class Internal < Grape::API
- before { authenticate_by_gitlab_shell_token! }
-
-+ helpers ::API::Helpers::InternalHelpers
-+
- namespace 'internal' do
- # Check if git command is allowed to project
- #
-@@ -14,36 +16,6 @@
- # ref - branch name
- # forced_push - forced_push
- # protocol - Git access protocol being used, e.g. HTTP or SSH
-- #
--
-- helpers do
-- def wiki?
-- @wiki ||= params[:project].end_with?('.wiki') &&
-- !Project.find_with_namespace(params[:project])
-- end
--
-- def project
-- @project ||= begin
-- project_path = params[:project]
--
-- # Check for *.wiki repositories.
-- # Strip out the .wiki from the pathname before finding the
-- # project. This applies the correct project permissions to
-- # the wiki repository as well.
-- project_path.chomp!('.wiki') if wiki?
--
-- Project.find_with_namespace(project_path)
-- end
-- end
--
-- def ssh_authentication_abilities
-- [
-- :read_project,
-- :download_code,
-- :push_code
-- ]
-- end
-- end
-
- post "/allowed" do
- status 200
---- /dev/null
-+++ b/lib/api/helpers/internal_helpers.rb
-@@ -0,0 +1,57 @@
-+module API
-+ module Helpers
-+ module InternalHelpers
-+ # Project paths may be any of the following:
-+ # * /repository/storage/path/namespace/project
-+ # * /namespace/project
-+ # * namespace/project
-+ #
-+ # In addition, they may have a '.git' extension and multiple namespaces
-+ #
-+ # Transform all these cases to 'namespace/project'
-+ def clean_project_path(project_path, storage_paths = Repository.storages.values)
-+ project_path = project_path.sub(/\.git\z/, '')
-+
-+ storage_paths.each do |storage_path|
-+ storage_path = File.expand_path(storage_path)
-+
-+ if project_path.start_with?(storage_path)
-+ project_path = project_path.sub(storage_path, '')
-+ break
-+ end
-+ end
-+
-+ project_path.sub(/\A\//, '')
-+ end
-+
-+ def project_path
-+ @project_path ||= clean_project_path(params[:project])
-+ end
-+
-+ def wiki?
-+ @wiki ||= project_path.end_with?('.wiki') &&
-+ !Project.find_with_namespace(project_path)
-+ end
-+
-+ def project
-+ @project ||= begin
-+ # Check for *.wiki repositories.
-+ # Strip out the .wiki from the pathname before finding the
-+ # project. This applies the correct project permissions to
-+ # the wiki repository as well.
-+ project_path.chomp!('.wiki') if wiki?
-+
-+ Project.find_with_namespace(project_path)
-+ end
-+ end
-+
-+ def ssh_authentication_abilities
-+ [
-+ :read_project,
-+ :download_code,
-+ :push_code
-+ ]
-+ end
-+ end
-+ end
-+end
---- /dev/null
-+++ b/spec/requests/api/api_internal_helpers_spec.rb
-@@ -0,0 +1,32 @@
-+require 'spec_helper'
-+
-+describe ::API::Helpers::InternalHelpers do
-+ include ::API::Helpers::InternalHelpers
-+
-+ describe '.clean_project_path' do
-+ project = 'namespace/project'
-+ namespaced = File.join('namespace2', project)
-+
-+ {
-+ File.join(Dir.pwd, project) => project,
-+ File.join(Dir.pwd, namespaced) => namespaced,
-+ project => project,
-+ namespaced => namespaced,
-+ project + '.git' => project,
-+ namespaced + '.git' => namespaced,
-+ "/" + project => project,
-+ "/" + namespaced => namespaced,
-+ }.each do |project_path, expected|
-+ context project_path do
-+ # Relative and absolute storage paths, with and without trailing /
-+ ['.', './', Dir.pwd, Dir.pwd + '/'].each do |storage_path|
-+ context "storage path is #{storage_path}" do
-+ subject { clean_project_path(project_path, [storage_path]) }
-+
-+ it { is_expected.to eq(expected) }
-+ end
-+ end
-+ end
-+ end
-+ end
-+end
---- a/spec/requests/api/internal_spec.rb
-+++ b/spec/requests/api/internal_spec.rb
-@@ -191,6 +191,26 @@
- expect(json_response["status"]).to be_truthy
- expect(json_response["repository_path"]).to eq(project.repository.path_to_repo)
- end
-+
-+ context 'project as /namespace/project' do
-+ it do
-+ pull(key, project_with_repo_path('/' + project.path_with_namespace))
-+
-+ expect(response).to have_http_status(200)
-+ expect(json_response["status"]).to be_truthy
-+ expect(json_response["repository_path"]).to eq(project.repository.path_to_repo)
-+ end
-+ end
-+
-+ context 'project as namespace/project' do
-+ it do
-+ pull(key, project_with_repo_path(project.path_with_namespace))
-+
-+ expect(response).to have_http_status(200)
-+ expect(json_response["status"]).to be_truthy
-+ expect(json_response["repository_path"]).to eq(project.repository.path_to_repo)
-+ end
-+ end
- end
- end
-
-@@ -299,7 +319,7 @@
-
- context 'project does not exist' do
- it do
-- pull(key, OpenStruct.new(path_with_namespace: 'gitlab/notexists'))
-+ pull(key, project_with_repo_path('gitlab/notexist'))
-
- expect(response).to have_http_status(200)
- expect(json_response["status"]).to be_falsey
-@@ -392,11 +412,17 @@
- end
- end
-
-+ def project_with_repo_path(path)
-+ double().tap do |fake_project|
-+ allow(fake_project).to receive_message_chain('repository.path_to_repo' => path)
-+ end
-+ end
-+
- def pull(key, project, protocol = 'ssh')
- post(
- api("/internal/allowed"),
- key_id: key.id,
-- project: project.path_with_namespace,
-+ project: project.repository.path_to_repo,
- action: 'git-upload-pack',
- secret_token: secret_token,
- protocol: protocol
-@@ -408,7 +434,7 @@
- api("/internal/allowed"),
- changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master',
- key_id: key.id,
-- project: project.path_with_namespace,
-+ project: project.repository.path_to_repo,
- action: 'git-receive-pack',
- secret_token: secret_token,
- protocol: protocol
-@@ -420,7 +446,7 @@
- api("/internal/allowed"),
- ref: 'master',
- key_id: key.id,
-- project: project.path_with_namespace,
-+ project: project.repository.path_to_repo,
- action: 'git-upload-archive',
- secret_token: secret_token,
- protocol: 'ssh'
-@@ -432,7 +458,7 @@
- api("/internal/lfs_authenticate"),
- key_id: key_id,
- secret_token: secret_token,
-- project: project.path_with_namespace
-+ project: project.repository.path_to_repo
- )
- end
- end
diff --git a/debian/patches/0300-git-2-11-support.patch b/debian/patches/0300-git-2-11-support.patch
index 9c1cca0..33bfbd5 100644
--- a/debian/patches/0300-git-2-11-support.patch
+++ b/debian/patches/0300-git-2-11-support.patch
@@ -1,27 +1,81 @@
-From 8f3edeb7d50e8e8176627f668cda489935eccdf3 Mon Sep 17 00:00:00 2001
+From daf83fa62c940b0da7dc4e0893586b6a9a2dbbf9 Mon Sep 17 00:00:00 2001
From: Douglas Barbosa Alexandre <dbalexandre at gmail.com>
Date: Mon, 19 Dec 2016 09:37:16 +0000
-Subject: [PATCH] Merge branch '25301-git-2.11-force-push-bug' into 'master' Accept environment variables from the `pre-receive` script ## Summary 1. Starting version 2.11, git changed the way the pre-receive flow works. - Previously, the new potential objects would be added to the main repo. If the pre-receive passes, the new objects stay in the repo but are linked up. If the pre-receive fails, the new objects stay orphaned in the repo, and are cleaned up during the next `git gc`. - In 2 [...]
+Subject: [PATCH 1/3] [8.13 Backport] Merge branch
+ '25301-git-2.11-force-push-bug' into 'master'
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Accept environment variables from the `pre-receive` script
+
+1. Starting version 2.11, git changed the way the pre-receive flow works.
+ - Previously, the new potential objects would be added to the main repo. If the pre-receive passes, the new objects stay in the repo but are linked up. If the pre-receive fails, the new objects stay orphaned in the repo, and are cleaned up during the next `git gc`.
+ - In 2.11, the new potential objects are added to a temporary "alternate object directory", that git creates for this purpose. If the pre-receive passes, the objects from the alternate object directory are migrated to the main repo. If the pre-receive fails the alternate object directory is simply deleted.
+2. In our workflow, the pre-recieve script (in `gitlab-shell`) calls the
+ `/allowed` endpoint, which calls out directly to git to perform
+ various checks. These direct calls to git do _not_ have the necessary
+ environment variables set which allow access to the "alternate object
+ directory" (explained above). Therefore these calls to git are not able to
+ access any of the new potential objects to be added during this push.
+
+3. We fix this by accepting the relevant environment variables
+ (`GIT_ALTERNATE_OBJECT_DIRECTORIES`, `GIT_OBJECT_DIRECTORY`, and
+ `GIT_QUARANTINE_PATH`) on the `/allowed` endpoint, and then include
+ these environment variables while calling out to git.
+
+4. This commit includes these environment variables while making the "force
+ push" check.
+
+See https://gitlab.com/gitlab-org/gitlab-shell/merge_requests/120
+
+Signed-off-by: Rémy Coutable <remy at rymai.me>
---
- lib/api/helpers/internal_helpers.rb | 8 ++++++++
- lib/api/internal.rb | 6 +++++-
- lib/gitlab/checks/change_access.rb | 5 +++--
- lib/gitlab/checks/force_push.rb | 11 ++++++++---
- lib/gitlab/git/rev_list.rb | 42 ++++++++++++++++++++++++++++++++++++++++++
- lib/gitlab/git_access.rb | 5 +++--
- lib/gitlab/popen.rb | 4 ++--
- spec/lib/gitlab/checks/force_push_spec.rb | 19 +++++++++++++++++++
- spec/lib/gitlab/git/rev_list_spec.rb | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
- 10 files changed, 147 insertions(+), 10 deletions(-)
+ .../unreleased/25301-git-2-11-force-push-bug.yml | 4 ++
+ lib/api/internal.rb | 14 +++++-
+ lib/gitlab/checks/change_access.rb | 5 +-
+ lib/gitlab/checks/force_push.rb | 11 +++--
+ lib/gitlab/git/rev_list.rb | 42 +++++++++++++++++
+ lib/gitlab/git_access.rb | 5 +-
+ lib/gitlab/popen.rb | 4 +-
+ spec/lib/gitlab/checks/force_push_spec.rb | 19 ++++++++
+ spec/lib/gitlab/git/rev_list_spec.rb | 53 ++++++++++++++++++++++
+ 9 files changed, 147 insertions(+), 10 deletions(-)
create mode 100644 changelogs/unreleased/25301-git-2-11-force-push-bug.yml
create mode 100644 lib/gitlab/git/rev_list.rb
create mode 100644 spec/lib/gitlab/checks/force_push_spec.rb
create mode 100644 spec/lib/gitlab/git/rev_list_spec.rb
+diff --git a/changelogs/unreleased/25301-git-2-11-force-push-bug.yml b/changelogs/unreleased/25301-git-2-11-force-push-bug.yml
+new file mode 100644
+index 0000000..afe5772
+--- /dev/null
++++ b/changelogs/unreleased/25301-git-2-11-force-push-bug.yml
+@@ -0,0 +1,4 @@
++---
++title: Accept environment variables from the `pre-receive` script
++merge_request: 7967
++author:
+diff --git a/lib/api/internal.rb b/lib/api/internal.rb
+index 9a5d1ec..89e47a7 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
-@@ -33,7 +33,11 @@
+@@ -43,6 +43,14 @@ module API
+ :push_code
+ ]
+ end
++
++ def parse_allowed_environment_variables
++ return if params[:env].blank?
++
++ JSON.parse(params[:env])
++
++ rescue JSON::ParserError
++ end
+ end
+
+ post "/allowed" do
+@@ -61,7 +69,11 @@ module API
if wiki?
Gitlab::GitAccessWiki.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities)
else
@@ -34,9 +88,11 @@ Subject: [PATCH] Merge branch '25301-git-2.11-force-push-bug' into 'master' Acce
end
access_status = access.check(params[:action], params[:changes])
+diff --git a/lib/gitlab/checks/change_access.rb b/lib/gitlab/checks/change_access.rb
+index cb10652..3d20301 100644
--- a/lib/gitlab/checks/change_access.rb
+++ b/lib/gitlab/checks/change_access.rb
-@@ -3,11 +3,12 @@
+@@ -3,11 +3,12 @@ module Gitlab
class ChangeAccess
attr_reader :user_access, :project
@@ -50,7 +106,7 @@ Subject: [PATCH] Merge branch '25301-git-2.11-force-push-bug' into 'master' Acce
end
def exec
-@@ -68,7 +69,7 @@
+@@ -68,7 +69,7 @@ module Gitlab
end
def forced_push?
@@ -59,6 +115,8 @@ Subject: [PATCH] Merge branch '25301-git-2.11-force-push-bug' into 'master' Acce
end
def matching_merge_request?
+diff --git a/lib/gitlab/checks/force_push.rb b/lib/gitlab/checks/force_push.rb
+index 5fe8655..de0c904 100644
--- a/lib/gitlab/checks/force_push.rb
+++ b/lib/gitlab/checks/force_push.rb
@@ -1,15 +1,20 @@
@@ -85,6 +143,9 @@ Subject: [PATCH] Merge branch '25301-git-2.11-force-push-bug' into 'master' Acce
end
end
end
+diff --git a/lib/gitlab/git/rev_list.rb b/lib/gitlab/git/rev_list.rb
+new file mode 100644
+index 0000000..25e9d61
--- /dev/null
+++ b/lib/gitlab/git/rev_list.rb
@@ -0,0 +1,42 @@
@@ -130,9 +191,11 @@ Subject: [PATCH] Merge branch '25301-git-2.11-force-push-bug' into 'master' Acce
+ end
+ end
+end
+diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
+index bcbf645..74e8713 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
-@@ -17,12 +17,13 @@
+@@ -17,12 +17,13 @@ module Gitlab
attr_reader :actor, :project, :protocol, :user_access, :authentication_abilities
@@ -147,7 +210,7 @@ Subject: [PATCH] Merge branch '25301-git-2.11-force-push-bug' into 'master' Acce
end
def check(cmd, changes)
-@@ -99,7 +100,7 @@
+@@ -99,7 +100,7 @@ module Gitlab
end
def change_access_check(change)
@@ -156,9 +219,11 @@ Subject: [PATCH] Merge branch '25301-git-2.11-force-push-bug' into 'master' Acce
end
def protocol_allowed?
+diff --git a/lib/gitlab/popen.rb b/lib/gitlab/popen.rb
+index cc74bb2..4bc5cda 100644
--- a/lib/gitlab/popen.rb
+++ b/lib/gitlab/popen.rb
-@@ -5,13 +5,13 @@
+@@ -5,13 +5,13 @@ module Gitlab
module Popen
extend self
@@ -174,6 +239,9 @@ Subject: [PATCH] Merge branch '25301-git-2.11-force-push-bug' into 'master' Acce
options = { chdir: path }
unless File.directory?(path)
+diff --git a/spec/lib/gitlab/checks/force_push_spec.rb b/spec/lib/gitlab/checks/force_push_spec.rb
+new file mode 100644
+index 0000000..f628801
--- /dev/null
+++ b/spec/lib/gitlab/checks/force_push_spec.rb
@@ -0,0 +1,19 @@
@@ -196,6 +264,9 @@ Subject: [PATCH] Merge branch '25301-git-2.11-force-push-bug' into 'master' Acce
+ end
+ end
+end
+diff --git a/spec/lib/gitlab/git/rev_list_spec.rb b/spec/lib/gitlab/git/rev_list_spec.rb
+new file mode 100644
+index 0000000..444639a
--- /dev/null
+++ b/spec/lib/gitlab/git/rev_list_spec.rb
@@ -0,0 +1,53 @@
@@ -252,20 +323,124 @@ Subject: [PATCH] Merge branch '25301-git-2.11-force-push-bug' into 'master' Acce
+ end
+ end
+end
---- a/lib/api/helpers/internal_helpers.rb
-+++ b/lib/api/helpers/internal_helpers.rb
-@@ -52,6 +52,14 @@
- :push_code
- ]
+--
+2.10.2
+
+
+From 0ce20138298eaebfb9e8225d21e7b0088716e5ad Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy at rymai.me>
+Date: Tue, 20 Dec 2016 09:45:37 +0100
+Subject: [PATCH 2/3] Reject blank environment vcariables in
+ Gitlab::Git::RevList
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Rémy Coutable <remy at rymai.me>
+---
+ lib/gitlab/git/rev_list.rb | 4 ++--
+ spec/lib/gitlab/git/rev_list_spec.rb | 7 +++++++
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/lib/gitlab/git/rev_list.rb b/lib/gitlab/git/rev_list.rb
+index 25e9d61..79dd0cf 100644
+--- a/lib/gitlab/git/rev_list.rb
++++ b/lib/gitlab/git/rev_list.rb
+@@ -22,7 +22,7 @@ module Gitlab
+
+ def valid?
+ environment_variables.all? do |(name, value)|
+- value.start_with?(project.repository.path_to_repo)
++ value.to_s.start_with?(project.repository.path_to_repo)
+ end
end
+
+@@ -35,7 +35,7 @@ module Gitlab
+ end
+
+ def environment_variables
+- @environment_variables ||= env.slice(*ALLOWED_VARIABLES)
++ @environment_variables ||= env.slice(*ALLOWED_VARIABLES).compact
+ end
+ end
+ end
+diff --git a/spec/lib/gitlab/git/rev_list_spec.rb b/spec/lib/gitlab/git/rev_list_spec.rb
+index 444639a..1f9c987 100644
+--- a/spec/lib/gitlab/git/rev_list_spec.rb
++++ b/spec/lib/gitlab/git/rev_list_spec.rb
+@@ -26,6 +26,13 @@ describe Gitlab::Git::RevList, lib: true do
+
+ expect(rev_list).not_to be_valid
+ end
+
-+ def parse_allowed_environment_variables
-+ return if params[:env].blank?
-+
-+ JSON.parse(params[:env])
++ it "ignores nil values" do
++ env = { var => nil }
++ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env)
+
-+ rescue JSON::ParserError
-+ end
++ expect(rev_list).to be_valid
++ end
+ end
end
end
- end
+--
+2.10.2
+
+
+From b54b031638e7a98c1e51b369cff53602db40e4b0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy at rymai.me>
+Date: Mon, 6 Feb 2017 10:04:21 +0100
+Subject: [PATCH 3/3] Update gitlab-shell to 3.6.7
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Rémy Coutable <remy at rymai.me>
+---
+ GITLAB_SHELL_VERSION | 2 +-
+ changelogs/unreleased/use-gitlab-shell-3-6-7.yml | 4 ++++
+ doc/update/8.12-to-8.13.md | 4 ++--
+ 3 files changed, 7 insertions(+), 3 deletions(-)
+ create mode 100644 changelogs/unreleased/use-gitlab-shell-3-6-7.yml
+
+diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION
+index 4f2c1d1..5b34131 100644
+--- a/GITLAB_SHELL_VERSION
++++ b/GITLAB_SHELL_VERSION
+@@ -1 +1 @@
+-3.6.6
++3.6.7
+diff --git a/changelogs/unreleased/use-gitlab-shell-3-6-7.yml b/changelogs/unreleased/use-gitlab-shell-3-6-7.yml
+new file mode 100644
+index 0000000..c6600ce
+--- /dev/null
++++ b/changelogs/unreleased/use-gitlab-shell-3-6-7.yml
+@@ -0,0 +1,4 @@
++---
++title: Use gitlab-shell v3.6.7
++merge_request:
++author:
+diff --git a/doc/update/8.12-to-8.13.md b/doc/update/8.12-to-8.13.md
+index c0084d9..6457ec9 100644
+--- a/doc/update/8.12-to-8.13.md
++++ b/doc/update/8.12-to-8.13.md
+@@ -72,7 +72,7 @@ sudo -u git -H git checkout 8-13-stable-ee
+ ```bash
+ cd /home/git/gitlab-shell
+ sudo -u git -H git fetch --all --tags
+-sudo -u git -H git checkout v3.6.6
++sudo -u git -H git checkout v3.6.7
+ ```
+
+ ### 6. Update gitlab-workhorse
+@@ -166,7 +166,7 @@ See [smtp_settings.rb.sample] as an example.
+ Ensure you're still up-to-date with the latest init script changes:
+
+ sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
+-
++
+ For Ubuntu 16.04.1 LTS:
+
+ sudo systemctl daemon-reload
+--
+2.10.2
+
diff --git a/debian/patches/series b/debian/patches/series
index 63f8726..070c46f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,5 +8,4 @@ pid-log-paths.patch
052-relax-grape.patch
0200-remove-order-dependency-in-label-finder-spec.patch
0210-use-jquery-ui-rails6.patch
-0250-gitlab-shell-4.0-compat.patch
0300-git-2-11-support.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/gitlab.git
More information about the Pkg-ruby-extras-commits
mailing list