diff options
Diffstat (limited to 'pkgs/applications/version-management/gitlab-shell/default.nix')
-rw-r--r-- | pkgs/applications/version-management/gitlab-shell/default.nix | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/pkgs/applications/version-management/gitlab-shell/default.nix b/pkgs/applications/version-management/gitlab-shell/default.nix new file mode 100644 index 00000000000..467e39f7141 --- /dev/null +++ b/pkgs/applications/version-management/gitlab-shell/default.nix @@ -0,0 +1,59 @@ +{ stdenv, ruby, bundler, fetchgit }: + +stdenv.mkDerivation rec { + version = "2.1.0"; + name = "gitlab-shell-${version}"; + + srcs = fetchgit { + url = "https://gitlab.com/gitlab-org/gitlab-shell.git"; + rev = "823aba63e444afa2f45477819770fec3cb5f0159"; + sha256 = "0ppf547xs9pvmk49v4h043d0j93k5n4q0yx3b9ssrc4qf2smflgq"; + }; + + buildInputs = [ + ruby bundler + ]; + + installPhase = '' + mkdir -p $out/ + cp -R . $out/ + + # Nothing to install ATM for non-development but keeping the + # install command anyway in case that changes in the future: + export HOME=$(pwd) + bundle install -j4 --verbose --local --deployment --without development test + ''; + + # gitlab-shell will try to read its config relative to the source + # code by default which doesn't work in nixos because it's a + # read-only filesystem + postPatch = '' + substituteInPlace lib/gitlab_config.rb --replace\ + "File.join(ROOT_PATH, 'config.yml')"\ + "ENV['GITLAB_SHELL_CONFIG_PATH']" + substituteInPlace lib/gitlab_net.rb --replace\ + "File.read File.join(ROOT_PATH, '.gitlab_shell_secret')"\ + "File.read ENV['GITLAB_SHELL_SECRET_PATH']" + + # Note that we're running gitlab-shell from current-system/sw + # because otherwise updating gitlab-shell won't be reflected in + # the hardcoded path of the authorized-keys file: + substituteInPlace lib/gitlab_keys.rb --replace\ + "auth_line = \"command=\\\"#{ROOT_PATH}/bin/gitlab-shell"\ + "auth_line = \"command=\\\"GITLAB_SHELL_CONFIG_PATH=#{ENV['GITLAB_SHELL_CONFIG_PATH']} GITLAB_SHELL_SECRET_PATH=#{ENV['GITLAB_SHELL_SECRET_PATH']} /run/current-system/sw/bin/gitlab-shell" + + # We're setting GITLAB_SHELL_CONFIG_PATH in the ssh authorized key + # environment because we need it in gitlab_configrb + # . unsetenv_others will remove that so we're not doing it for + # now. + # + # TODO: Are there any security implications? The commit adding + # unsetenv_others didn't mention anything... + # + # Kernel::exec({'PATH' => ENV['PATH'], 'LD_LIBRARY_PATH' => ENV['LD_LIBRARY_PATH'], 'GL_ID' => ENV['GL_ID']}, *args, unsetenv_others: true) + substituteInPlace lib/gitlab_shell.rb --replace\ + " *args, unsetenv_others: true)"\ + " *args)" + ''; + +} |