BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixpkgs-suyu/pkgs/applications/version-management/gitlab/gitaly/default.nix
Milan c25756f91c
gitlab: 12.8.1 -> 12.8.2 (#81803) 
Includes multiple security fixes mentioned in
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
(unfortunately, no CVE numbers as of yet)

 - Directory Traversal to Arbitrary File Read
 - Account Takeover Through Expired Link
 - Server Side Request Forgery Through Deprecated Service
 - Group Two-Factor Authentication Requirement Bypass
 - Stored XSS in Merge Request Pages
 - Stored XSS in Merge Request Submission Form
 - Stored XSS in File View
 - Stored XSS in Grafana Integration
 - Contribution Analytics Exposed to Non-members
 - Incorrect Access Control in Docker Registry via Deploy Tokens
 - Denial of Service via Permission Checks
 - Denial of Service in Design For Public Issue
 - GitHub Tokens Displayed in Plaintext on Integrations Page
 - Incorrect Access Control via LFS Import
 - Unescaped HTML in Header
 - Private Merge Request Titles Leaked via Widget
 - Project Namespace Exposed via Vulnerability Feedback Endpoint
 - Denial of Service Through Recursive Requests
 - Project Authorization Not Being Updated
 - Incorrect Permission Level For Group Invites
 - Disclosure of Private Group Epic Information
 - User IP Address Exposed via Badge images
 - Update postgresql (GitLab Omnibus)
2020-03-05 16:37:21 +01:00

77 lines
2.2 KiB
Nix
Raw Blame History

{ stdenv, fetchFromGitLab, fetchFromGitHub, buildGoPackage, ruby,
bundlerEnv, pkgconfig, libgit2 }:
let
rubyEnv = bundlerEnv rec {
name = "gitaly-env";
inherit ruby;
copyGemFiles = true;
gemdir = ./.;
gemset =
let x = import (gemdir + "/gemset.nix");
in x // {
# grpc expects the AR environment variable to contain `ar rpc`. See the
# discussion in nixpkgs #63056.
grpc = x.grpc // {
patches = [ ../fix-grpc-ar.patch ];
dontBuild = false;
};
};
};
libgit2_0_27 = libgit2.overrideAttrs (oldAttrs: rec {
version = "0.27.8";
src = fetchFromGitHub {
owner = "libgit2";
repo = "libgit2";
rev = "v${version}";
sha256 = "0wzx8nkyy9m7mx6cks58chjd4289vjsw97mxm9w6f1ggqsfnmbr9";
};
});
in buildGoPackage rec {
version = "12.8.2";
pname = "gitaly";
src = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitaly";
rev = "v${version}";
sha256 = "1zc44y5yl799vqg12w3iaivk4xwj9i4k6f198svplipa760nl9ic";
};
# Fix a check which assumes that hook files are writeable by their
# owner.
patches = [ ./fix-executable-check.patch ];
goPackagePath = "gitlab.com/gitlab-org/gitaly";
passthru = {
inherit rubyEnv;
};
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ rubyEnv.wrappedRuby libgit2_0_27 ];
goDeps = ./deps.nix;
preBuild = "rm -r go/src/gitlab.com/gitlab-org/labkit/vendor";
postInstall = ''
mkdir -p $ruby
cp -rv $src/ruby/{bin,lib,proto,git-hooks,gitlab-shell} $ruby
# gitlab-shell will try to read its config relative to the source
# code by default which doesn't work in nixos because it's a
# read-only filesystem
substituteInPlace $ruby/gitlab-shell/lib/gitlab_config.rb --replace \
"File.join(ROOT_PATH, 'config.yml')" \
"'/run/gitlab/shell-config.yml'"
'';
outputs = [ "bin" "out" "ruby" ];
meta = with stdenv.lib; {
homepage = https://gitlab.com/gitlab-org/gitaly;
description = "A Git RPC service for handling all the git calls made by GitLab";
platforms = platforms.linux;
maintainers = with maintainers; [ roblabla globin fpletz talyz ];
license = licenses.mit;
};
}
Reference in a new issue View git blame Copy permalink