diff options
author | talyz <kim.lindberger@gmail.com> | 2021-02-10 18:42:07 +0100 |
---|---|---|
committer | talyz <kim.lindberger@gmail.com> | 2021-04-27 17:49:43 +0200 |
commit | 7a67a2d1a890eb1b3d98a4c98ce9283be2fe4e10 (patch) | |
tree | 6705da9b28603f33784e3c3bb1702da20e891cae /pkgs | |
parent | ba6f0e8f03632e0c5ae74ae10d0f745d4413dfd5 (diff) | |
download | nixpkgs-7a67a2d1a890eb1b3d98a4c98ce9283be2fe4e10.tar nixpkgs-7a67a2d1a890eb1b3d98a4c98ce9283be2fe4e10.tar.gz nixpkgs-7a67a2d1a890eb1b3d98a4c98ce9283be2fe4e10.tar.bz2 nixpkgs-7a67a2d1a890eb1b3d98a4c98ce9283be2fe4e10.tar.lz nixpkgs-7a67a2d1a890eb1b3d98a4c98ce9283be2fe4e10.tar.xz nixpkgs-7a67a2d1a890eb1b3d98a4c98ce9283be2fe4e10.tar.zst nixpkgs-7a67a2d1a890eb1b3d98a4c98ce9283be2fe4e10.zip |
gitlab: Add patch for db_key_base length bug, fix descriptions
The upstream recommended minimum length for db_key_base is 30 bytes, which our option descriptions repeated. Recently, however, upstream has, in many places, moved to using aes-256-gcm, which requires a key of exactly 32 bytes. To allow for shorter keys, the upstream code pads the key in some places. However, in many others, it just truncates the key if it's too long, leaving it too short if it was to begin with. This adds a patch that fixes this and updates the descriptions to recommend a key of at least 32 characters. See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53602
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/applications/version-management/gitlab/default.nix | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/pkgs/applications/version-management/gitlab/default.nix b/pkgs/applications/version-management/gitlab/default.nix index 5d2b923628b..89a2ac6ec95 100644 --- a/pkgs/applications/version-management/gitlab/default.nix +++ b/pkgs/applications/version-management/gitlab/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, fetchFromGitLab, bundlerEnv +{ stdenv, lib, fetchurl, fetchpatch, fetchFromGitLab, bundlerEnv , ruby, tzdata, git, nettools, nixosTests, nodejs, openssl , gitlabEnterprise ? false, callPackage, yarn , fixup_yarn_lock, replace, file @@ -125,6 +125,15 @@ stdenv.mkDerivation { patches = [ # Change hardcoded paths to the NixOS equivalent ./remove-hardcoded-locations.patch + + # Use the exactly 32 byte long version of db_key_base with + # aes-256-gcm, see + # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53602 + (fetchpatch { + name = "secrets_db_key_base_length.patch"; + url = "https://gitlab.com/gitlab-org/gitlab/-/commit/dea620633d446ca0f53a75674454ff0dd4bd8f99.patch"; + sha256 = "19m4z4np3sai9kqqqgabl44xv7p8lkcyqr6s5471axfxmf9m2023"; + }) ]; postPatch = '' |