gitlab: 7.4.2 -> 8.0.5

nixos/modules/services/misc/gitlab.nix

@@ -27,6 +27,7 @@ let
     http_settings:
       self_signed_cert: false
     repos_path: "${cfg.stateDir}/repositories"
+    secret_file: "${cfg.stateDir}/config/gitlab_shell_secret"
     log_file: "${cfg.stateDir}/log/gitlab-shell.log"
     redis:
       bin: ${pkgs.redis}/bin/redis-cli
@@ -142,7 +143,7 @@ in {
 
   config = mkIf cfg.enable {
 
-    environment.systemPackages = [ gitlab-runner pkgs.gitlab-shell ];
+    environment.systemPackages = [ pkgs.git gitlab-runner pkgs.gitlab-shell ];
 
     assertions = [
       { assertion = cfg.databasePassword != "";
@@ -154,7 +155,6 @@ in {
     services.redis.enable = mkDefault true;
     # We use postgres as the main data store.
     services.postgresql.enable = mkDefault true;
-    services.postgresql.package = mkDefault pkgs.postgresql;
     # Use postfix to send out mails.
     services.postfix.enable = mkDefault true;
 
@@ -209,6 +209,23 @@ in {
       };
     };
 
+    systemd.services.gitlab-git-http-server = {
+      after = [ "network.target" "gitlab.service" ];
+      wantedBy = [ "multi-user.target" ];
+      environment.HOME = "${cfg.stateDir}/home";
+      path = with pkgs; [
+        gitAndTools.git
+        openssh
+      ];
+      serviceConfig = {
+        Type = "simple";
+        User = "gitlab";
+        Group = "gitlab";
+        TimeoutSec = "300";
+        ExecStart = "${pkgs.gitlab-git-http-server}/bin/gitlab-git-http-server -listenUmask 0 -listenNetwork unix -listenAddr ${cfg.stateDir}/tmp/sockets/gitlab-git-http-server.socket -authBackend http://localhost:8080 ${cfg.stateDir}/repositories";
+      };
+    };
+
     systemd.services.gitlab = {
       after = [ "network.target" "postgresql.service" "redis.service" ];
       wantedBy = [ "multi-user.target" ];
@@ -219,6 +236,8 @@ in {
       environment.GITLAB_APPLICATION_LOG_PATH = "${cfg.stateDir}/log/application.log";
       environment.GITLAB_SATELLITES_PATH = "${cfg.stateDir}/satellites";
       environment.GITLAB_SHELL_PATH = "${pkgs.gitlab-shell}";
+      environment.GITLAB_SHELL_CONFIG_PATH = "${cfg.stateDir}/shell/config.yml";
+      environment.GITLAB_SHELL_SECRET_PATH = "${cfg.stateDir}/config/gitlab_shell_secret";
       environment.GITLAB_REPOSITORIES_PATH = "${cfg.stateDir}/repositories";
       environment.GITLAB_SHELL_HOOKS_PATH = "${cfg.stateDir}/shell/hooks";
       environment.BUNDLE_GEMFILE = "${pkgs.gitlab}/share/gitlab/Gemfile";
@@ -247,7 +266,7 @@ in {
         rm -rf ${cfg.stateDir}/config
         mkdir -p ${cfg.stateDir}/config
         # TODO: What exactly is gitlab-shell doing with the secret?
-        head -c 20 /dev/urandom > ${cfg.stateDir}/config/gitlab_shell_secret
+        tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 20 > ${cfg.stateDir}/config/gitlab_shell_secret
         mkdir -p ${cfg.stateDir}/home/.ssh
         touch ${cfg.stateDir}/home/.ssh/authorized_keys
 
@@ -272,6 +291,7 @@ in {
           fi
         fi
 
+      ${bundler}/bin/bundle exec rake -f ${pkgs.gitlab}/share/gitlab/Rakefile db:migrate RAILS_ENV=production
       # Install the shell required to push repositories
       ln -fs ${pkgs.writeText "config.yml" gitlabShellYml} ${cfg.stateDir}/shell/config.yml
       export GITLAB_SHELL_CONFIG_PATH=""${cfg.stateDir}/shell/config.yml
@@ -296,5 +316,4 @@ in {
     };
 
   };
-
 }

pkgs/applications/version-management/gitlab-git-http-server/default.nix

@@ -0,0 +1,23 @@
+{ stdenv, fetchgit, git, go }:
+
+stdenv.mkDerivation rec {
+  version = "0.2.14";
+  name = "gitlab-git-http-server-${version}";
+
+  srcs = fetchgit {
+    url = "https://gitlab.com/gitlab-org/gitlab-git-http-server.git";
+    rev = "7c63f08f7051348e56b903fc0bbefcfed398fc1c";
+    sha256 = "557d63a90c61371598b971a06bc056993610b58c2ef5762d9ef145ec2fdada78";
+  };
+
+  buildInputs = [ git go ];
+
+  buildPhase = ''
+    make PREFIX=$out
+  '';
+
+  installPhase = ''
+    mkdir -p $out/bin
+    make install PREFIX=$out
+  '';
+}

pkgs/applications/version-management/gitlab-shell/default.nix

@@ -6,8 +6,8 @@ stdenv.mkDerivation rec {
 
   srcs = fetchgit {
     url = "https://gitlab.com/gitlab-org/gitlab-shell.git";
-    rev = "823aba63e444afa2f45477819770fec3cb5f0159";
-    sha256 = "0ppf547xs9pvmk49v4h043d0j93k5n4q0yx3b9ssrc4qf2smflgq";
+    rev = "ebbb9d80811c23d49a7d1b75d7a7d2b8ffe7437b";
+    sha256 = "fe69ab85d75a3871b4afa11ebc17f43008d135bbdbd6c581f6bebee2a4a3c75d";
   };
 
   buildInputs = [
@@ -31,16 +31,13 @@ stdenv.mkDerivation rec {
     substituteInPlace lib/gitlab_config.rb --replace\
        "File.join(ROOT_PATH, 'config.yml')"\
        "ENV['GITLAB_SHELL_CONFIG_PATH']"
-    substituteInPlace lib/gitlab_net.rb --replace\
-       "File.read File.join(ROOT_PATH, '.gitlab_shell_secret')"\
-       "File.read ENV['GITLAB_SHELL_SECRET_PATH']"
 
     # Note that we're running gitlab-shell from current-system/sw
     # because otherwise updating gitlab-shell won't be reflected in
     # the hardcoded path of the authorized-keys file:
     substituteInPlace lib/gitlab_keys.rb --replace\
-        "auth_line = \"command=\\\"#{ROOT_PATH}/bin/gitlab-shell"\
-        "auth_line = \"command=\\\"GITLAB_SHELL_CONFIG_PATH=#{ENV['GITLAB_SHELL_CONFIG_PATH']} GITLAB_SHELL_SECRET_PATH=#{ENV['GITLAB_SHELL_SECRET_PATH']} /run/current-system/sw/bin/gitlab-shell"
+        "\"#{ROOT_PATH}/bin/gitlab-shell"\
+        "\"GITLAB_SHELL_CONFIG_PATH=#{ENV['GITLAB_SHELL_CONFIG_PATH']} /run/current-system/sw/bin/gitlab-shell"
 
     # We're setting GITLAB_SHELL_CONFIG_PATH in the ssh authorized key
     # environment because we need it in gitlab_configrb

pkgs/applications/version-management/gitlab/Gemfile

@@ -8,145 +8,174 @@ def linux_only(require_as)
   RUBY_PLATFORM.include?('linux') && require_as
 end
 
-gem "rails", "~> 4.1.0"
+gem 'rails', '4.1.12'
 
-# Make links from text
-gem 'rails_autolink', '~> 1.1'
+# Specify a sprockets version due to security issue
+# See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
+gem 'sprockets', '~> 2.12.3'
 
 # Default values for AR models
 gem "default_value_for", "~> 3.0.0"
 
 # Supported DBs
-gem "mysql2", group: :mysql
-gem "pg", group: :postgres
+gem "mysql2", '~> 0.3.16', group: :mysql
+gem "pg", '~> 0.18.2', group: :postgres
 
-# Auth
-gem "devise", '3.2.4'
-gem "devise-async", '0.9.0'
-gem 'omniauth', "~> 1.1.3"
-gem 'omniauth-google-oauth2'
-gem 'omniauth-twitter'
-gem 'omniauth-github'
-gem 'omniauth-shibboleth'
+# Authentication libraries
+gem "devise", '~> 3.5.2'
+gem "devise-async", '~> 0.9.0'
+gem 'omniauth', "~> 1.2.2"
+gem 'omniauth-google-oauth2', '~> 0.2.5'
+gem 'omniauth-twitter', '~> 1.0.1'
+gem 'omniauth-github', '~> 1.1.1'
+gem 'omniauth-shibboleth', '~> 1.1.1'
+gem 'omniauth-kerberos', '~> 0.2.0', group: :kerberos
+gem 'omniauth-gitlab', '~> 1.0.0'
+gem 'omniauth-bitbucket', '~> 0.0.2'
+gem 'omniauth-saml', '~> 1.4.0'
+gem 'doorkeeper', '~> 2.1.3'
+gem 'omniauth_crowd'
+gem "rack-oauth2", "~> 1.0.5"
+
+# Two-factor authentication
+gem 'devise-two-factor', '~> 2.0.0'
+gem 'rqrcode-rails3', '~> 0.1.7'
+gem 'attr_encrypted', '~> 1.3.4'
+
+# Browser detection
+gem "browser", '~> 1.0.0'
 
 # Extracting information from a git repository
 # Provide access to Gitlab::Git library
-gem "gitlab_git", '7.0.0.rc10'
-
-# Ruby/Rack Git Smart-HTTP Server Handler
-gem 'gitlab-grack', '~> 2.0.0.pre', require: 'grack'
+gem "gitlab_git", '~> 7.2.15'
 
 # LDAP Auth
-gem 'gitlab_omniauth-ldap', '1.1.0', require: "omniauth-ldap"
+# GitLab fork with several improvements to original library. For full list of changes
+# see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master
+gem 'gitlab_omniauth-ldap', '~> 1.2.1', require: "omniauth-ldap"
 
 # Git Wiki
-gem 'gollum-lib', '~> 3.0.0'
+gem 'gollum-lib', '~> 4.0.2'
 
 # Language detection
-gem "gitlab-linguist", "~> 3.0.0", require: "linguist"
+# GitLab fork of linguist does not require pygments/python dependency.
+# New version of original gem also dropped pygments support but it has strict
+# dependency to unstable rugged version. We have internal issue for replacing
+# fork with original gem when we meet on same rugged version - https://dev.gitlab.org/gitlab/gitlabhq/issues/2052.
+gem "gitlab-linguist", "~> 3.0.1", require: "linguist"
 
 # API
 gem "grape", "~> 0.6.1"
 gem "grape-entity", "~> 0.4.2"
-gem 'rack-cors', require: 'rack/cors'
+gem 'rack-cors', '~> 0.2.9', require: 'rack/cors'
 
 # Format dates and times
 # based on human-friendly examples
-gem "stamp"
+gem "stamp", '~> 0.5.0'
 
 # Enumeration fields
-gem 'enumerize'
+gem 'enumerize', '~> 0.7.0'
 
 # Pagination
 gem "kaminari", "~> 0.15.1"
 
 # HAML
-gem "haml-rails"
+gem "haml-rails", '~> 0.5.3'
 
 # Files attachments
-gem "carrierwave"
+gem "carrierwave", '~> 0.9.0'
 
 # Drag and Drop UI
-gem 'dropzonejs-rails'
+gem 'dropzonejs-rails', '~> 0.7.1'
 
 # for aws storage
-gem "fog", "~> 1.14"
-gem "unf"
+gem "fog", "~> 1.25.0"
+gem "unf", '~> 0.1.4'
 
 # Authorization
-gem "six"
+gem "six", '~> 0.2.0'
 
 # Seed data
-gem "seed-fu"
+gem "seed-fu", '~> 2.3.5'
 
-# Markup pipeline for GitLab
-gem 'html-pipeline-gitlab', '~> 0.1.0'
-
-# Markdown to HTML
-gem "github-markup"
-
-# Required markup gems by github-markdown
-gem 'redcarpet', '~> 3.1.2'
-gem 'RedCloth'
-gem 'rdoc', '~>3.6'
-gem 'org-ruby', '= 0.9.9'
-gem 'creole', '~>0.3.6'
-gem 'wikicloth', '=0.8.1'
-gem 'asciidoctor', '= 0.1.4'
+# Markdown and HTML processing
+gem 'html-pipeline', '~> 1.11.0'
+gem 'task_list',     '~> 1.0.2', require: 'task_list/railtie'
+gem 'github-markup', '~> 1.3.1'
+gem 'redcarpet',     '~> 3.3.2'
+gem 'RedCloth',      '~> 4.2.9'
+gem 'rdoc',          '~>3.6'
+gem 'org-ruby',      '~> 0.9.12'
+gem 'creole',        '~>0.3.6'
+gem 'wikicloth',     '0.8.1'
+gem 'asciidoctor',   '~> 1.5.2'
 
 # Diffs
 gem 'diffy', '~> 3.0.3'
 
 # Application server
 group :unicorn do
-  gem "unicorn", '~> 4.6.3'
-  gem 'unicorn-worker-killer'
+  gem "unicorn", '~> 4.8.2'
+  gem 'unicorn-worker-killer', '~> 0.4.2'
 end
 
 # State machine
-gem "state_machine"
+gem "state_machine", '~> 1.2.0'
+# Run events after state machine commits
+gem 'after_commit_queue'
 
 # Issue tags
-gem "acts-as-taggable-on"
+gem 'acts-as-taggable-on', '~> 3.4'
 
 # Background jobs
-gem 'slim'
-gem 'sinatra', require: nil
-gem 'sidekiq', '2.17.0'
+gem 'slim', '~> 2.0.2'
+gem 'sinatra', '~> 1.4.4', require: nil
+gem 'sidekiq', '3.3.0'
+gem 'sidetiq', '~> 0.6.3'
 
 # HTTP requests
-gem "httparty"
+gem "httparty", '~> 0.13.3'
 
 # Colored output to console
-gem "colored"
+gem "colored", '~> 1.2'
+gem "colorize", '~> 0.5.8'
 
 # GitLab settings
-gem 'settingslogic'
+gem 'settingslogic', '~> 2.0.9'
 
 # Misc
-gem "foreman"
-gem 'version_sorter'
+
+gem 'version_sorter', '~> 2.0.0'
 
 # Cache
-gem "redis-rails"
+gem "redis-rails", '~> 4.0.0'
 
 # Campfire integration
 gem 'tinder', '~> 1.9.2'
 
 # HipChat integration
-gem "hipchat", "~> 0.14.0"
+gem 'hipchat', '~> 1.5.0'
 
 # Flowdock integration
-gem "gitlab-flowdock-git-hook", "~> 0.4.2"
+gem "gitlab-flowdock-git-hook", "~> 1.0.1"
 
 # Gemnasium integration
 gem "gemnasium-gitlab-service", "~> 0.2"
 
 # Slack integration
-gem "slack-notifier", "~> 0.3.2"
+gem "slack-notifier", "~> 1.0.0"
+
+# Asana integration
+gem 'asana', '~> 0.0.6'
+
+# FogBugz integration
+gem 'ruby-fogbugz', '~> 0.2.1'
 
 # d3
-gem "d3_rails", "~> 3.1.4"
+gem 'd3_rails', '~> 3.5.5'
+
+#cal-heatmap
+gem "cal-heatmap-rails", "~> 0.0.1"
 
 # underscore-rails
 gem "underscore-rails", "~> 1.4.4"
@@ -155,104 +184,133 @@ gem "underscore-rails", "~> 1.4.4"
 gem "sanitize", '~> 2.0'
 
 # Protect against bruteforcing
-gem "rack-attack"
+gem "rack-attack", '~> 4.3.0'
 
 # Ace editor
-gem 'ace-rails-ap'
+gem 'ace-rails-ap', '~> 2.0.1'
 
 # Keyboard shortcuts
-gem 'mousetrap-rails'
+gem 'mousetrap-rails', '~> 1.4.6'
 
-# Semantic UI Sass for Sidebar
-gem 'semantic-ui-sass', '~> 0.16.1.0'
+# Detect and convert string character encoding
+gem 'charlock_holmes', '~> 0.6.9.4'
 
-gem "sass-rails", '~> 4.0.2'
-gem "coffee-rails"
-gem "uglifier"
-gem "therubyracer"
-gem 'turbolinks'
-gem 'jquery-turbolinks'
+gem "sass-rails", '~> 4.0.5'
+gem "coffee-rails", '~> 4.1.0'
+gem "uglifier", '~> 2.3.2'
+gem 'turbolinks', '~> 2.5.0'
+gem 'jquery-turbolinks', '~> 2.0.1'
 
-gem 'select2-rails'
-gem 'jquery-atwho-rails', "~> 0.3.3"
-gem "jquery-rails"
-gem "jquery-ui-rails"
-gem "jquery-scrollto-rails"
-gem "raphael-rails", "~> 2.1.2"
-gem 'bootstrap-sass', '~> 3.0'
-gem "font-awesome-rails", '~> 4.2'
-gem "gitlab_emoji", "~> 0.0.1.1"
-gem "gon", '~> 5.0.0'
-gem 'nprogress-rails'
-gem 'request_store'
-gem "virtus"
+gem 'addressable',        '~> 2.3.8'
+gem 'bootstrap-sass',     '~> 3.0'
+gem 'font-awesome-rails', '~> 4.2'
+gem 'gitlab_emoji',       '~> 0.1'
+gem 'gon',                '~> 5.0.0'
+gem 'jquery-atwho-rails', '~> 1.0.0'
+gem 'jquery-rails',       '~> 3.1.3'
+gem 'jquery-scrollto-rails', '~> 1.4.3'
+gem 'jquery-ui-rails',    '~> 4.2.1'
+gem 'nprogress-rails',    '~> 0.1.2.3'
+gem 'raphael-rails',      '~> 2.1.2'
+gem 'request_store',      '~> 1.2.0'
+gem 'select2-rails',      '~> 3.5.9'
+gem 'virtus',             '~> 1.0.1'
 
 group :development do
-  gem "annotate", "~> 2.6.0.beta2"
-  gem "letter_opener"
-  gem 'quiet_assets', '~> 1.0.1'
-  gem 'rack-mini-profiler', require: false
+  gem "foreman"
+  gem 'brakeman', '3.0.1', require: false
+
+  gem "annotate", "~> 2.6.0"
+  gem "letter_opener", '~> 1.1.2'
+  gem 'quiet_assets', '~> 1.0.2'
+  gem 'rack-mini-profiler', '~> 0.9.0', require: false
+  gem 'rerun', '~> 0.10.0'
 
   # Better errors handler
-  gem 'better_errors'
-  gem 'binding_of_caller'
-
-  gem 'rails_best_practices'
+  gem 'better_errors', '~> 1.0.1'
+  gem 'binding_of_caller', '~> 0.7.2'
 
   # Docs generator
-  gem "sdoc"
+  gem "sdoc", '~> 0.3.20'
 
   # thin instead webrick
-  gem 'thin'
+  gem 'thin', '~> 1.6.1'
 end
 
 group :development, :test do
-  gem 'coveralls', require: false
-  # gem 'rails-dev-tweaks'
-  gem 'spinach-rails'
-  gem "rspec-rails"
-  gem "capybara", '~> 2.2.1'
-  gem "pry"
-  gem "awesome_print"
-  gem "database_cleaner"
-  gem "launchy"
-  gem 'factory_girl_rails'
+  gem 'byebug', platform: :mri
+  gem 'pry-rails'
+
+  gem 'awesome_print', '~> 1.2.0'
+  gem 'fuubar', '~> 2.0.0'
+
+  gem 'database_cleaner', '~> 1.4.0'
+  gem 'factory_girl_rails', '~> 4.3.0'
+  gem 'rspec-rails',      '~> 3.3.0'
+  gem 'spinach-rails', '~> 0.2.1'
 
   # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
-  gem 'minitest', '~> 5.3.0'
+  gem 'minitest', '~> 5.7.0'
 
   # Generate Fake data
-  gem "ffaker"
+  gem 'ffaker', '~> 2.0.0'
 
-  # Guard
-  gem 'guard-rspec'
-  gem 'guard-spinach'
+  gem 'capybara',            '~> 2.4.0'
+  gem 'capybara-screenshot', '~> 1.0.0'
+  gem 'poltergeist',         '~> 1.6.0'
 
-  # Notification
-  gem 'rb-fsevent', require: darwin_only('rb-fsevent')
-  gem 'growl',      require: darwin_only('growl')
-  gem 'rb-inotify', require: linux_only('rb-inotify')
+  gem 'teaspoon', '~> 1.0.0'
+  gem 'teaspoon-jasmine', '~> 2.2.0'
 
-  # PhantomJS driver for Capybara
-  gem 'poltergeist', '~> 1.5.1'
+  gem 'spring', '~> 1.3.6'
+  gem 'spring-commands-rspec',    '~> 1.0.4'
+  gem 'spring-commands-spinach',  '~> 1.0.0'
+  gem 'spring-commands-teaspoon', '~> 0.0.2'
 
-  gem 'jasmine', '2.0.2'
-
-  gem "spring", '1.1.3'
-  gem "spring-commands-rspec", '1.0.1'
-  gem "spring-commands-spinach", '1.0.0'
+  gem 'rubocop',  '~> 0.28.0',  require: false
+  gem 'coveralls',  '~> 0.8.2', require: false
+  gem 'simplecov', '~> 0.10.0', require: false
 end
 
 group :test do
-  gem "simplecov", require: false
-  gem "shoulda-matchers", "~> 2.1.0"
-  gem 'email_spec'
-  gem "webmock"
-  gem 'test_after_commit'
+  gem 'shoulda-matchers', '~> 2.8.0', require: false
+  gem 'email_spec', '~> 1.6.0'
+  gem 'webmock', '~> 1.21.0'
+  gem 'test_after_commit', '~> 0.2.2'
+  gem 'sham_rack'
 end
 
 group :production do
   gem "gitlab_meta", '7.0'
 end
 
-gem "newrelic_rpm"
+gem "newrelic_rpm", '~> 3.9.4.245'
+gem 'newrelic-grape'
+
+gem 'octokit', '~> 3.7.0'
+
+gem "mail_room", "~> 0.5.2"
+
+gem 'email_reply_parser', '~> 0.5.8'
+
+## CI
+gem 'activerecord-deprecated_finders', '~> 1.0.3'
+gem 'activerecord-session_store', '~> 0.1.0'
+gem "nested_form", '~> 0.3.2'
+
+# Scheduled
+gem 'whenever', '~> 0.8.4', require: false
+
+# OAuth
+gem 'oauth2', '~> 1.0.0'
+
+# Soft deletion
+gem "paranoia", "~> 2.0"
+
+group :development, :test do
+  gem 'guard-rspec', '~> 4.2.0'
+
+  gem 'rb-fsevent', require: darwin_only('rb-fsevent')
+  gem 'growl',      require: darwin_only('growl')
+  gem 'rb-inotify', require: linux_only('rb-inotify')
+end

pkgs/applications/version-management/gitlab/default.nix

@@ -1,15 +1,8 @@
 { stdenv, lib, bundler, fetchgit, bundlerEnv, defaultGemConfig, libiconv, ruby
-, tzdata, git
+, tzdata, git, nodejs, procps
 }:
 
 let
-  gitlab = fetchgit {
-    url = "https://github.com/gitlabhq/gitlabhq.git";
-    rev = "477743a154e85c411e8a533980abce460b5669fc";
-    fetchSubmodules = false;
-    sha256 = "1gk77j886w6zvw5cawpgja6f87qirmjx7y4g5i3psxm4j67llxdp";
-  };
-
   env = bundlerEnv {
     name = "gitlab";
     inherit ruby;
@@ -28,18 +21,18 @@ in
 
 stdenv.mkDerivation rec {
   name = "gitlab-${version}";
-  version = "7.4.2";
-  buildInputs = [ ruby bundler tzdata git ];
-  unpackPhase = ''
-    runHook preUnpack
-    cp -r ${gitlab}/* .
-    chmod -R +w .
-    cp ${./Gemfile} Gemfile
-    cp ${./Gemfile.lock} Gemfile.lock
-    runHook postUnpack
-  '';
+  version = "8.0.5";
+  buildInputs = [ ruby bundler tzdata git nodejs procps ];
+  src = fetchgit {
+    url = "https://github.com/gitlabhq/gitlabhq.git";
+    rev = "2866c501b5a5abb69d101cc07261a1d684b4bd4c";
+    fetchSubmodules = false;
+    sha256 = "edc6bedd5e79940189355d8cb343d20b0781b69fcef56ccae5906fa5e81ed521";
+  };
+
   patches = [
     ./remove-hardcoded-locations.patch
+    ./disable-dump-schema-after-migration.patch
   ];
   postPatch = ''
     # For reasons I don't understand "bundle exec" ignores the
@@ -49,6 +42,10 @@ stdenv.mkDerivation rec {
     rm lib/tasks/test.rake
 
     mv config/gitlab.yml.example config/gitlab.yml
+    rm config/initializers/gitlab_shell_secret_token.rb
+
+    substituteInPlace app/controllers/admin/background_jobs_controller.rb \
+        --replace "ps -U" "${procps}/bin/ps -U"
 
     # required for some gems:
     cat > config/database.yml <<EOF

pkgs/applications/version-management/gitlab/disable-dump-schema-after-migration.patch

@@ -0,0 +1,11 @@
+diff --git a/config/environments/production.rb b/config/environments/production.rb
+index 3316ece..d60566c 100644
+--- a/config/environments/production.rb
++++ b/config/environments/production.rb
+@@ -77,4 +77,6 @@ Gitlab::Application.configure do
+   config.eager_load = true
+ 
+   config.allow_concurrency = false
++
++  config.active_record.dump_schema_after_migration = false
+ end

pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch

@@ -1,8 +1,8 @@
 diff --git a/config/environments/production.rb b/config/environments/production.rb
-index 78bf543..9b37122 100644
+index 3316ece..c34dec0 100644
 --- a/config/environments/production.rb
 +++ b/config/environments/production.rb
-@@ -66,10 +66,10 @@ Gitlab::Application.configure do
+@@ -67,10 +67,10 @@ Gitlab::Application.configure do
  
    config.action_mailer.delivery_method = :sendmail
    # Defaults to:
@@ -18,10 +18,10 @@ index 78bf543..9b37122 100644
    config.action_mailer.raise_delivery_errors = true
  
 diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
-index e7a8d08..834ecaf 100644
+index 15930fc..bdb423c 100644
 --- a/config/gitlab.yml.example
 +++ b/config/gitlab.yml.example
-@@ -17,8 +17,8 @@ production: &base
+@@ -29,8 +29,8 @@ production: &base
    ## GitLab settings
    gitlab:
      ## Web server settings (note: host is the FQDN, do not include http://)
@@ -32,21 +32,25 @@ index e7a8d08..834ecaf 100644
      https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
  
      # Uncommment this line below if your ssh host is different from HTTP/HTTPS one
-@@ -31,11 +31,11 @@ production: &base
+@@ -43,7 +43,7 @@ production: &base
      # relative_url_root: /gitlab
  
      # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
 -    # user: git
 +    user: gitlab
  
-     ## Email settings
+     ## Date & Time settings
+     # Uncomment and customize if you want to change the default time zone of GitLab application.
+@@ -54,7 +54,7 @@ production: &base
+     # Uncomment and set to false if you need to disable email sending from GitLab (default: true)
+     # email_enabled: true
      # Email address used in the "From" field in mails sent by GitLab
 -    email_from: example@example.com
 +    email_from: <%= ENV['GITLAB_EMAIL_FROM'] %>
+     email_display_name: GitLab
+     email_reply_to: noreply@example.com
  
-     # Email server smtp settings are in [a separate file](initializers/smtp_settings.rb.sample).
- 
-@@ -230,12 +230,12 @@ production: &base
+@@ -298,12 +298,12 @@ production: &base
    # GitLab Satellites
    satellites:
      # Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
@@ -58,10 +62,10 @@ index e7a8d08..834ecaf 100644
    backup:
 -    path: "tmp/backups"   # Relative paths are relative to Rails.root (default: tmp/backups/)
 +    path: <%= ENV['GITLAB_BACKUP_PATH'] %>
+     # archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600)
      # keep_time: 604800   # default: 0 (forever) (in seconds)
-     # upload:
-     #   # Fog storage connection settings, see http://fog.io/storage/ .
-@@ -249,11 +249,11 @@ production: &base
+     # pg_schema: public     # default: nil, it means that all schemas will be backed up
+@@ -322,15 +322,15 @@ production: &base
  
    ## GitLab Shell settings
    gitlab_shell:
@@ -74,9 +78,14 @@ index e7a8d08..834ecaf 100644
 +    repos_path: <%= ENV['GITLAB_REPOSITORIES_PATH'] %>
 +    hooks_path: <%= ENV['GITLAB_SHELL_HOOKS_PATH'] %>
  
+     # File that contains the secret key for verifying access for gitlab-shell.
+     # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
+-    # secret_file: /home/git/gitlab/.gitlab_shell_secret
++    secret_file: <%= ENV['GITLAB_SHELL_SECRET_PATH'] %>
+ 
      # Git over HTTP
      upload_pack: true
-@@ -266,7 +266,7 @@ production: &base
+@@ -343,7 +343,7 @@ production: &base
    # CAUTION!
    # Use the default values unless you really know what you are doing
    git:
@@ -85,7 +94,7 @@ index e7a8d08..834ecaf 100644
      # The next value is the maximum memory size grit can use
      # Given in number of bytes per git object (e.g. a commit)
      # This value can be increased if you have very large commits
-@@ -299,7 +299,7 @@ test:
+@@ -388,7 +388,7 @@ test:
    gravatar:
      enabled: true
    gitlab:
@@ -95,14 +104,14 @@ index e7a8d08..834ecaf 100644
  
      # When you run tests we clone and setup gitlab-shell
 diff --git a/lib/gitlab/app_logger.rb b/lib/gitlab/app_logger.rb
-index 8e4717b..abfe2e4 100644
+index dddcb25..d61f10a 100644
 --- a/lib/gitlab/app_logger.rb
 +++ b/lib/gitlab/app_logger.rb
 @@ -1,7 +1,7 @@
  module Gitlab
    class AppLogger < Gitlab::Logger
-     def self.file_name
--      'application.log'
+     def self.file_name_noext
+-      'application'
 +      ENV["GITLAB_APPLICATION_LOG_PATH"]
      end
  

pkgs/development/interpreters/ruby/bundler-env/default-gem-config.nix

@@ -17,7 +17,7 @@
 # This seperates "what to build" (the exact gem versions) from "how to build"
 # (to make gems behave if necessary).
 
-{ lib, fetchurl, writeScript, ruby, libxml2, libxslt, python, stdenv, which
+{ lib, fetchurl, writeScript, ruby, kerberos, libxml2, libxslt, python, stdenv, which
 , libiconv, postgresql, v8_3_16_14, clang, sqlite, zlib, imagemagick
 , pkgconfig , ncurses, xapian, gpgme, utillinux, fetchpatch, tzdata, icu, libffi
 , cmake, libssh2, openssl, mysql, darwin
@@ -105,6 +105,10 @@ in
     '';
   };
 
+  timfel-krb5-auth = attrs: {
+    buildInputs = [ kerberos ];
+  };
+
   therubyracer = attrs: {
     buildFlags = [
       "--with-v8-dir=${v8}"

pkgs/top-level/all-packages.nix

@@ -1594,13 +1594,15 @@ let
   gitinspector = callPackage ../applications/version-management/gitinspector { };
 
   gitlab = callPackage ../applications/version-management/gitlab {
-    ruby = ruby_2_1_3;
+    ruby = ruby_2_2_2;
   };
 
   gitlab-shell = callPackage ../applications/version-management/gitlab-shell {
-    ruby = ruby_2_1_3;
+    ruby = ruby_2_2_2;
   };
 
+  gitlab-git-http-server = callPackage ../applications/version-management/gitlab-git-http-server { };
+
   glusterfs = callPackage ../tools/filesystems/glusterfs { };
 
   glmark2 = callPackage ../tools/graphics/glmark2 { };