Differences between revisions 1 and 230 (spanning 229 versions)
Revision 1 as of 2014-06-05 21:24:39
Size: 207
Comment: explanation of gitlab initial commit, much much much more to come
Revision 230 as of 2020-11-27 14:47:12
Size: 18612
Editor: Praveen A
Comment: add a point about scheduled security updates
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
warning!!! under construction

Gitlab is a git front end with repository management graphs links goodies commands to run and review capabilities similar in feel to a self hosted github.

== Install ==
||<tablestyle="float:right; margin: 0px;" style="padding:0.5em; border: 0px;font-size: 80%;"><<TableOfContents>>||

Gitlab is a git front end with repository management, graphs, links, goodies, commands to run, and review capabilities similar in feel to a self-hosted GitHub.

See [[/omnibus]] if you are looking for instructions to install upstream provided packages.

{{{#!wiki important
New upstream releases (including security updates) are announced at https://about.gitlab.com/releases/categories/releases/.
}}}

Debian is running its own Instance of GitLab under [[https://salsa.debian.org]], which is not based on the packaged version.

{{{#!wiki important
Note 1: For a smooth upgrade experience, always stay on the latest major version of gitlab. For example, if latest version of gitlab is 12.0.0 and you are currently on 11.3.6, then update to 12.0.0 as soon as possible, certainly before the debian package is updated to 13.x. Ideally, you should update as soon as a new version with security updates is available.
}}}

{{{#!wiki important
Note 2: It is recommended to subscribe to changes in this wiki page or frequently check this page for updates. Alternatively, you can subscribe to https://tracker.debian.org/pkg/gitlab to get notified when new versions are uploaded.
}}}

== New changes ==
 1. New in gitlab 13.3.8-1: You will need to install grpc gem from rubygems.org `gem install -v 1.30.2 grpc` (more details below). If you run gitaly on a different machine, you will need to do this on that machine as well.
 1. New in gitlab 13.2.6-3: We have switched to puma as application server replacing unicorn. Upstream already made the switch from 12.9 and unicorn support will be dropped in gitlab 14.0. They saw a memory reduction of 37% in gitlab.com after the switch. See more details about this switch at this upstream blog post https://about.gitlab.com/blog/2020/07/08/migrating-to-puma-on-gitlab/. puma defaults to listening only on unix sockets and if you are running gitaly on a different machine, then you will have to edit `/etc/gitlab/puma.rb` to bind to tcp:// url as well.
 1. [[#From_gitlab_13.2.3|New in gitlab 13.2.3]]

== Buster Fast Track (Recommended) ==
Gitlab 13.3.9 is available in [[FastTrack|unofficial fasttrack repo]] targeting buster as base distribution. (no open security issues).

{{{#!wiki important
Some packages are still needed from personal repo of gitlab maintainer because golang packages cannot be uploaded in fasttrack.debian.net because of a [[https://salsa.debian.org/fasttrack-team/support/-/issues/8|bug in dak setup]]. Please note the new URL of this repo if you are upgrading from an older version (people.debian.org/~praveen/gitlab is now people.debian.org/~praveen/gitaly and gpg key used for signing is also changed).
}}}

{{{#!wiki important
Make sure `contrib` section is enabled for `buster` and `buster/updates`
}}}

Modify `/etc/apt/sources.list` to add `contrib` section if missing:
{{{
deb http://deb.debian.org/debian buster main contrib
deb http://security.debian.org/ buster/updates main contrib
}}}

=== From gitlab 13.2.3 ===
{{{#!wiki important
Now gitaly is also built with ruby2.7 so it is now moved to buster-fasttrack from buster-backports. See the new repository link below.
}}}

And add the following lines:
{{{
deb https://fasttrack.debian.net/debian/ buster-fasttrack main contrib
# For dependency packages not in testing only temporarily due to freeze, transitions or delayed by backports-new or NEW.
deb https://fasttrack.debian.net/debian/ buster-backports main contrib
deb https://deb.debian.org/debian buster-backports main contrib
# Eventually the packages in this repo will be moved to fasttrack or official backports after fixing https://salsa.debian.org/fasttrack-team/support/-/issues/8 (Need help)
deb https://people.debian.org/~praveen/gitaly buster-backports main
deb https://people.debian.org/~praveen/gitaly buster-fasttrack main

# Optional: To avoid some hours of delay between upload and availability in archive
deb http://incoming.debian.org/debian-buildd buildd-buster-backports main contrib
}}}

Refresh list of available packages:
{{{
# apt update
}}}

You may encounter the following error message:
{{{
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0B76920762A6B785
}}}

If so, these commands can help (trust these repositories):
{{{
# wget https://people.debian.org/~praveen/gitaly/praveen.key.new.asc
# wget http://fasttrack.debian.net/fasttrack-archive-key.asc
# apt-key add praveen.key.new.asc
# apt-key add fasttrack-archive-key.asc
}}}

{{{#!wiki important
If you are upgrading ruby version to 2.7 (if your current ruby version is 2.5), you will need to use dist-upgrade first. Make sure /var/lib/gems/2.5.0/ is empty if you see any issues after the ruby version upgrade.

See https://git.fosscommunity.in/debian-ruby/TaskTracker/-/issues/166 for current status of ruby 2.7 in fasttrack.
}}}

=== Upgrading along with ruby ===

If you are installing for the first time, skip this section.

''Using apt''
{{{
# apt -t buster-fasttrack dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
  libruby2.5 ruby-did-you-mean ruby-trollop ruby2.5-dev ruby2.5-doc
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  ruby2.5
The following NEW packages will be installed:
  libruby2.7 ruby-optimist ruby2.7 ruby2.7-dev ruby2.7-doc
The following packages have been kept back:
  gitlab
The following packages will be upgraded:
  apt exim4-base exim4-config exim4-daemon-light libapt-pkg5.0 libdns-export1104 libgrpc9 libisc-export1100 puma ruby
  ruby-atomic ruby-bcrypt ruby-bcrypt-pbkdf ruby-bootsnap ruby-bson ruby-character-set ruby-charlock-holmes
  ruby-commonmarker ruby-concurrent ruby-concurrent-ext ruby-dev ruby-ed25519 ruby-enumerable-statistics
  ruby-escape-utils ruby-fast-blank ruby-ffi ruby-github-linguist ruby-google-protobuf ruby-gpgme ruby-grpc
  ruby-hamlit ruby-hitimes ruby-json ruby-kgio ruby-msgpack ruby-murmurhash3 ruby-nio4r ruby-nokogiri ruby-nokogumbo
  ruby-oj ruby-pg ruby-posix-spawn ruby-prof ruby-prometheus-client-mmap ruby-raindrops ruby-rbtrace ruby-re2
  ruby-redcarpet ruby-redcloth ruby-regexp-property-values ruby-rinku ruby-rugged ruby-sqlite3 ruby-stackprof
  ruby-thrift ruby-timfel-krb5-auth ruby-unf-ext ruby-unicode ruby-version-sorter ruby-vmstat ruby-websocket-driver
  ruby-yajl rubygems-integration unicorn
64 upgraded, 5 newly installed, 1 to remove and 1 not upgraded.
Need to get 20.5 MB of archives.
After this operation, 44.0 MB of additional disk space will be used.
Do you want to continue? [Y/n]
}}}

Now install gitlab:
{{{
# apt -t buster-backports install gitlab/buster-fasttrack gitaly/buster-fasttrack ruby-gitaly/buster-fasttrack
}}}

''Using aptitude''
{{{
# aptitude -t buster-fasttrack dist-upgrade
The following NEW packages will be installed:
  libruby2.7{a} ruby-optimist{a} ruby2.7{a} ruby2.7-dev{a} ruby2.7-doc{a}
The following packages will be REMOVED:
  libruby2.5{u} ruby-did-you-mean{u} ruby-trollop{u} ruby2.5{u} ruby2.5-dev{u} ruby2.5-doc{u}
The following packages will be upgraded:
  apt exim4-base exim4-config exim4-daemon-light gitlab libapt-pkg5.0 libdns-export1104 libgrpc9 libisc-export1100
  puma ruby ruby-atomic ruby-bcrypt ruby-bcrypt-pbkdf ruby-bootsnap ruby-bson ruby-character-set
  ruby-charlock-holmes ruby-commonmarker ruby-concurrent ruby-concurrent-ext ruby-dev ruby-ed25519
  ruby-enumerable-statistics ruby-escape-utils ruby-fast-blank ruby-ffi ruby-github-linguist ruby-google-protobuf
  ruby-gpgme ruby-grpc ruby-hamlit ruby-hitimes ruby-json ruby-kgio ruby-msgpack ruby-murmurhash3 ruby-nio4r
  ruby-nokogiri ruby-nokogumbo ruby-oj ruby-pg ruby-posix-spawn ruby-prof ruby-prometheus-client-mmap
  ruby-raindrops ruby-rbtrace ruby-re2 ruby-redcarpet ruby-redcloth ruby-regexp-property-values ruby-rinku
  ruby-rugged ruby-sqlite3 ruby-stackprof ruby-thrift ruby-timfel-krb5-auth ruby-unf-ext ruby-unicode
  ruby-version-sorter ruby-vmstat ruby-websocket-driver ruby-yajl rubygems-integration unicorn
65 packages upgraded, 5 newly installed, 6 to remove and 0 not upgraded.
Need to get 106 MB of archives. After unpacking 9,644 kB will be used.
Do you want to continue? [Y/n/?]
}}}

=== New installations ===

''Using apt''

At this point, it seems apt cannot resolve the dependencies correctly, see section below to use aptitude or manually specifiy the list of dependencies to install.

{{{
# apt -t buster-fasttrack install puma ruby ruby-atomic ruby-bcrypt \
ruby-bcrypt-pbkdf ruby-bootsnap ruby-bson ruby-character-set \
ruby-charlock-holmes ruby-commonmarker ruby-concurrent ruby-concurrent-ext \
ruby-dev ruby-ed25519 ruby-enumerable-statistics ruby-escape-utils \
ruby-fast-blank ruby-ffi ruby-github-linguist ruby-google-protobuf ruby-gpgme \
ruby-grpc ruby-hitimes ruby-murmurhash3 ruby-json ruby-kgio ruby-kramdown \
ruby-msgpack ruby-murmurhash3 ruby-nio4r ruby-nokogiri ruby-nokogumbo ruby-oj\
ruby-pg ruby-posix-spawn ruby-prof ruby-prometheus-client-mmap ruby-raindrops \
ruby-rbtrace ruby-re2 ruby-redcarpet ruby-redcloth ruby-regexp-property-values \
ruby-rinku ruby-rugged ruby-sqlite3 ruby-stackprof ruby-thrift \
ruby-timfel-krb5-auth ruby-unf-ext ruby-unicode ruby-version-sorter \
ruby-vmstat ruby-websocket-driver ruby-yajl rubygems-integration unicorn \
ruby-js-regex
}}}

and install gitlab:
{{{
# apt -t buster-backports install gitlab/buster-fasttrack ruby-hamlit/buster-fasttrack
}}}

''Using aptitude''
{{{
# aptitude -t buster-backports install gitlab/buster-fasttrack
}}}

and choose `n` for first choice and then `Y` to prefer packages from fasttrack when it is available in both backports and fasttrack.

{{{#!wiki important
apt priority for buster-fasttrack is lowered to 100 from 500 to match buster-backports settings.
}}}

=== gitlab crash work around (install grpc from rubygems.org) ===

{{{#!wiki important
We have to use versions of grpc from rubygems.org (don't forget to remove this version when ruby-grpc is fixed in debian)

# gem install -v 1.30.2 grpc
}}}

See [[DebianBug:966653]] for details.

''Note: https://gitlab.debian.net is running on this version.''

== Unstable (be careful when updating packages) ==
Gitlab 13.3.9 is available in unstable (no open security issues).

We try to keep the version in unstable in a good shape with the latest security updates, but some times dependency updates break GitLab.

{{{#!wiki important
Currently gitlab installation is broken due to a change in libsass. See [[DebianBug:953415]] for more details.

A work around is to downgrade libsass and libsass-dev to 3.6.1. Use http://snapshot.debian.org/package/libsass/3.6.1-1/
}}}

{{{#!wiki important
Currently gitlab/gitaly crash due to a bug in ruby-grpc. As a work around, install grpc from rubygems.org (don't forget to remove this version when ruby-grpc is fixed in debian)

# gem install -v 1.30.2 grpc
}}}

See [[DebianBug:966653]] for more details.

{{{#!wiki important
Run rm -rf /var/lib/gitlab/.node_modules/uuid/ and retry installation if you got the following error: error An unexpected error occurred: "Package subpath './v4' is not defined by \"exports\" in "/var/lib/gitlab/.node_modules/uuid/package.json" during "Installing node modules...". See [[DebianBug:964218]] for more details.
}}}

Now install gitlab

{{{
# apt install gitlab
}}}

== Experimental - During freeze and transitions ==

If you are using experimental for the first time, check [[DebianExperimental]].

== Gitlab on Stretch ==

This is moved to [[gitlab/stretch]] now.

== Gitlab with apache2 ==

Gitlab can use apache instead of nginx.
To get a working configuration for your version the best thing to do is to follow the ([[https://gitlab.com/gitlab-org/gitlab-recipes/-/tree/master/web-server/apache|gitlab-recipes repository]]) instructions.

Basically you will have to :
Disable nginx
Set www-data as web server user.
Allow Modules dependencies
# mod_rewrite
# mod_ssl
# mod_proxy
# mod_proxy_http
# mod_headers

{{{
a2enmod rewrite proxy_http headers
}}}

and as says in recipe

Allow gitlab-workhorse to listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
{{{
 gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
}}}


== Gitlab Common Errors ==

If you have this kind of error
{{{
  Cloning into'public-test-project-ssh'...
  Received disconnect from YOUR_SERVER_IP port 22:2: Too many authentication failures
  Disconnected from YOUR_SERVER_IP port 22
  fatal: Can't read distant repository.
}}}
on an ssh clone
{{{
  git clone gitlab@ssh.your-gitlab-instance.org:public-test-group/public-test-project.git public-test-project-ssh
}}}
{{{#!wiki important
Note : In your command line host should match your ssh hostname for gitlab as group and project name.
}}}

To be sure you should find a line like the following in /var/log/auth.log

{{{
User gitlab from YOUR_CLIENT_IP not allowed because not listed in AllowUsers
}}}

You may have to allow gitlab user in /etc/ssh/sshd_config

{{{
AllowUsers user1 user2 gitlab
AllowGroups user1 group2 gitlab
}}}
{{{#!wiki important
Note : user1, user2, group2 are here for the example adapt to your setup.
}}}
Do not forget to restart the service

{{{
service ssh restart
}}}

== Debug installation and configuration ==

Gitlab is composed of several parts. As always logs (/var/log/gitlab), debian specific documentation (/usr/share/doc/gitlab/) and ([[https://docs.gitlab.com/ |official]]) documentation provide lots of information.

`gitlab-rake` is convenience script to easily run rake commands provided by gitlab in debian environment.

{{{
# gitlab-rake gitlab:check
# gitlab-rake gitlab:env:info
}}}

`gitlab-rails-console` is another convenience script to launch a rails console in gitlab debian environment.

{{{
# gitlab-rails-console
}}}

Just make sure you don't have any gems installed from rubygems.org conflicting with debian packaged versions of the gems required by gitlab. `/var/lib/gems/<ruby_version>` (`/var/lib/gems/2.5.0` or `/var/lib/gems/2.7.0`) should not have any gems.

== rake aborted errors during installation ==
If your update failed for some reason (usually when dependencies are not satisfied for `bundle install --local`), and you retry installation after fixing dependencies, you may see errors like
{{{
rake aborted!
NameError: uninitialized constant Gitlab::Patch::ActiveRecordQueryCache
/usr/share/gitlab/config/initializers/active_record_query_cache.rb:3:in `<top (required)>'
}}}

You will have to manually remove problem creating initializers from `/etc/gitlab/initializers`. A list of such initializers can be found from gitlab source package or from https://salsa.debian.org/ruby-team/gitlab in `debian/maintscript` file. All lines starting with `rm_conffile` and corresponding versions are what you need to check.

== manually installing ruby dependencies ==
When ruby dependencies are installed manually, we need to update gitlab and gitaly's Gemfile.lock to use the recently installed version. See [[DebianBug:944698]] for details.

{{{
cd /usr/share/gitlab
truncate -s0 Gemfile.lock
sudo -u gitlab bundle install --local # use the gitlab username instead of gitlab if you changed it
cd /usr/share/gitaly/ruby
truncate -s0 Gemfile.lock
sudo -u gitlab bundle install --local # use the gitlab username instead of gitlab if you changed it
}}}

== Contact maintainers ==
You can reach the maintainers of the gitlab package via https://wiki.debian.org/gitlab/BackportChecklist

 1. Matrix at #debian-gitlab:poddery.com ([[https://chat.poddery.com/#/room/#debian-gitlab:poddery.com|join via browser]])
 1. IRC #debian-gitlab on OFTC network ([[https://webchat.oftc.net/?channels=debian-gitlab&uio=MT11bmRlZmluZWQb1|join via browser]])

== Maintainer's corner ==

 1. Installing gitlab on an lxc container to test - See [[gitlab/lxc]]
 1. Backport/Fasttrack checklist - See [[gitlab/BackportChecklist]]
 1. Dependencies Transitions checklist - See [[gitlab/DependenciesTransitions]]
 1. Managing Components - See [[gitlab/ManagingComponents]]

=== TODO ===
 1. Aim to get gitlab back in main by bullseye release by packaging all node dependencies. [[Javascript/Nodejs/Tasks/gitlab|current status]] This is now an Outreachy project (from December 2019 to March 2020).
 1. Get autopkgtest working so we can detect problems when someone updates dependencies without coordinating with us. [[https://git.fosscommunity.in/debian-ruby/TaskTracker/-/issues/154|Current Status]]

=== Prioritizing tasks ===

We should try to pick tasks according to the following priority list,

 1. Update to latest security release (in unstable/experimental and fasttrack). Remember to add the CVEs fixed in the release (listed in the release blog post) to `debian/changelog`. Subscribe to `Security Alerts: Notification alerts to critical security updates.` at https://about.gitlab.com/company/preference-center/ to get notified by email about new security releases. Usually we have security releases once or twice per month.
 1. Update to next feature release (in unstable/experimental and fasttrack) before support for current stable release ends (usually 3 months). See [[Teams/Ruby/Packaging/newUpstreamRailsApp]].
 1. We should try to keep the same upstream version in both unstable/experimental and fasttrack to avoid maintaining two versions. This means not starting a feature update close to a scheduled security release (usually at the end or starting of every month). Because a feature update may take more days to complete and involve complexities compared to a security update.
 1. Package remaining node modules and switch to packaged versions. Update `0740-use-packaged-modules.patch` by removing the newly packaged module from `package.json` and adding it to `Depends` in `debian/control`. It is better to backport the packaged modules first to avoid updates getting blocked (sometimes you may need to backport a large number of build dependencies).

Gitlab is a git front end with repository management, graphs, links, goodies, commands to run, and review capabilities similar in feel to a self-hosted ?GitHub.

See /omnibus if you are looking for instructions to install upstream provided packages.

New upstream releases (including security updates) are announced at https://about.gitlab.com/releases/categories/releases/.

Debian is running its own Instance of GitLab under https://salsa.debian.org, which is not based on the packaged version.

Note 1: For a smooth upgrade experience, always stay on the latest major version of gitlab. For example, if latest version of gitlab is 12.0.0 and you are currently on 11.3.6, then update to 12.0.0 as soon as possible, certainly before the debian package is updated to 13.x. Ideally, you should update as soon as a new version with security updates is available.

Note 2: It is recommended to subscribe to changes in this wiki page or frequently check this page for updates. Alternatively, you can subscribe to https://tracker.debian.org/pkg/gitlab to get notified when new versions are uploaded.

New changes

  1. New in gitlab 13.3.8-1: You will need to install grpc gem from rubygems.org gem install -v 1.30.2 grpc (more details below). If you run gitaly on a different machine, you will need to do this on that machine as well.

  2. New in gitlab 13.2.6-3: We have switched to puma as application server replacing unicorn. Upstream already made the switch from 12.9 and unicorn support will be dropped in gitlab 14.0. They saw a memory reduction of 37% in gitlab.com after the switch. See more details about this switch at this upstream blog post https://about.gitlab.com/blog/2020/07/08/migrating-to-puma-on-gitlab/. puma defaults to listening only on unix sockets and if you are running gitaly on a different machine, then you will have to edit /etc/gitlab/puma.rb to bind to tcp:// url as well.

  3. New in gitlab 13.2.3

Buster Fast Track (Recommended)

Gitlab 13.3.9 is available in unofficial fasttrack repo targeting buster as base distribution. (no open security issues).

Some packages are still needed from personal repo of gitlab maintainer because golang packages cannot be uploaded in fasttrack.debian.net because of a bug in dak setup. Please note the new URL of this repo if you are upgrading from an older version (people.debian.org/~praveen/gitlab is now people.debian.org/~praveen/gitaly and gpg key used for signing is also changed).

Make sure contrib section is enabled for buster and buster/updates

Modify /etc/apt/sources.list to add contrib section if missing:

deb http://deb.debian.org/debian buster main contrib
deb http://security.debian.org/ buster/updates main contrib

From gitlab 13.2.3

Now gitaly is also built with ruby2.7 so it is now moved to buster-fasttrack from buster-backports. See the new repository link below.

And add the following lines:

deb https://fasttrack.debian.net/debian/ buster-fasttrack main contrib
# For dependency packages not in testing only temporarily due to freeze, transitions or delayed by backports-new or NEW.
deb https://fasttrack.debian.net/debian/ buster-backports main contrib 
deb https://deb.debian.org/debian buster-backports main contrib 
# Eventually the packages in this repo will be moved to fasttrack or official backports after fixing https://salsa.debian.org/fasttrack-team/support/-/issues/8 (Need help)
deb https://people.debian.org/~praveen/gitaly buster-backports main
deb https://people.debian.org/~praveen/gitaly buster-fasttrack main

# Optional: To avoid some hours of delay between upload and availability in archive
deb http://incoming.debian.org/debian-buildd buildd-buster-backports main contrib

Refresh list of available packages:

# apt update

You may encounter the following error message:

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0B76920762A6B785

If so, these commands can help (trust these repositories):

# wget https://people.debian.org/~praveen/gitaly/praveen.key.new.asc
# wget http://fasttrack.debian.net/fasttrack-archive-key.asc
# apt-key add praveen.key.new.asc
# apt-key add fasttrack-archive-key.asc

If you are upgrading ruby version to 2.7 (if your current ruby version is 2.5), you will need to use dist-upgrade first. Make sure /var/lib/gems/2.5.0/ is empty if you see any issues after the ruby version upgrade.

See https://git.fosscommunity.in/debian-ruby/TaskTracker/-/issues/166 for current status of ruby 2.7 in fasttrack.

Upgrading along with ruby

If you are installing for the first time, skip this section.

Using apt

# apt -t buster-fasttrack dist-upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
  libruby2.5 ruby-did-you-mean ruby-trollop ruby2.5-dev ruby2.5-doc
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  ruby2.5
The following NEW packages will be installed:
  libruby2.7 ruby-optimist ruby2.7 ruby2.7-dev ruby2.7-doc
The following packages have been kept back:
  gitlab
The following packages will be upgraded:
  apt exim4-base exim4-config exim4-daemon-light libapt-pkg5.0 libdns-export1104 libgrpc9 libisc-export1100 puma ruby
  ruby-atomic ruby-bcrypt ruby-bcrypt-pbkdf ruby-bootsnap ruby-bson ruby-character-set ruby-charlock-holmes
  ruby-commonmarker ruby-concurrent ruby-concurrent-ext ruby-dev ruby-ed25519 ruby-enumerable-statistics
  ruby-escape-utils ruby-fast-blank ruby-ffi ruby-github-linguist ruby-google-protobuf ruby-gpgme ruby-grpc
  ruby-hamlit ruby-hitimes ruby-json ruby-kgio ruby-msgpack ruby-murmurhash3 ruby-nio4r ruby-nokogiri ruby-nokogumbo
  ruby-oj ruby-pg ruby-posix-spawn ruby-prof ruby-prometheus-client-mmap ruby-raindrops ruby-rbtrace ruby-re2
  ruby-redcarpet ruby-redcloth ruby-regexp-property-values ruby-rinku ruby-rugged ruby-sqlite3 ruby-stackprof
  ruby-thrift ruby-timfel-krb5-auth ruby-unf-ext ruby-unicode ruby-version-sorter ruby-vmstat ruby-websocket-driver
  ruby-yajl rubygems-integration unicorn
64 upgraded, 5 newly installed, 1 to remove and 1 not upgraded.
Need to get 20.5 MB of archives.
After this operation, 44.0 MB of additional disk space will be used.
Do you want to continue? [Y/n] 

Now install gitlab:

# apt -t buster-backports install gitlab/buster-fasttrack gitaly/buster-fasttrack ruby-gitaly/buster-fasttrack

Using aptitude

# aptitude -t buster-fasttrack dist-upgrade
The following NEW packages will be installed:
  libruby2.7{a} ruby-optimist{a} ruby2.7{a} ruby2.7-dev{a} ruby2.7-doc{a} 
The following packages will be REMOVED:
  libruby2.5{u} ruby-did-you-mean{u} ruby-trollop{u} ruby2.5{u} ruby2.5-dev{u} ruby2.5-doc{u} 
The following packages will be upgraded:
  apt exim4-base exim4-config exim4-daemon-light gitlab libapt-pkg5.0 libdns-export1104 libgrpc9 libisc-export1100 
  puma ruby ruby-atomic ruby-bcrypt ruby-bcrypt-pbkdf ruby-bootsnap ruby-bson ruby-character-set 
  ruby-charlock-holmes ruby-commonmarker ruby-concurrent ruby-concurrent-ext ruby-dev ruby-ed25519 
  ruby-enumerable-statistics ruby-escape-utils ruby-fast-blank ruby-ffi ruby-github-linguist ruby-google-protobuf 
  ruby-gpgme ruby-grpc ruby-hamlit ruby-hitimes ruby-json ruby-kgio ruby-msgpack ruby-murmurhash3 ruby-nio4r 
  ruby-nokogiri ruby-nokogumbo ruby-oj ruby-pg ruby-posix-spawn ruby-prof ruby-prometheus-client-mmap 
  ruby-raindrops ruby-rbtrace ruby-re2 ruby-redcarpet ruby-redcloth ruby-regexp-property-values ruby-rinku 
  ruby-rugged ruby-sqlite3 ruby-stackprof ruby-thrift ruby-timfel-krb5-auth ruby-unf-ext ruby-unicode 
  ruby-version-sorter ruby-vmstat ruby-websocket-driver ruby-yajl rubygems-integration unicorn 
65 packages upgraded, 5 newly installed, 6 to remove and 0 not upgraded.
Need to get 106 MB of archives. After unpacking 9,644 kB will be used.
Do you want to continue? [Y/n/?]  

New installations

Using apt

At this point, it seems apt cannot resolve the dependencies correctly, see section below to use aptitude or manually specifiy the list of dependencies to install.

# apt -t buster-fasttrack install puma ruby ruby-atomic ruby-bcrypt \
ruby-bcrypt-pbkdf ruby-bootsnap ruby-bson ruby-character-set \
ruby-charlock-holmes ruby-commonmarker ruby-concurrent ruby-concurrent-ext \
ruby-dev ruby-ed25519 ruby-enumerable-statistics ruby-escape-utils \
ruby-fast-blank ruby-ffi ruby-github-linguist ruby-google-protobuf ruby-gpgme \
ruby-grpc ruby-hitimes ruby-murmurhash3 ruby-json ruby-kgio ruby-kramdown \
ruby-msgpack ruby-murmurhash3 ruby-nio4r ruby-nokogiri ruby-nokogumbo ruby-oj\
ruby-pg ruby-posix-spawn ruby-prof ruby-prometheus-client-mmap ruby-raindrops \
ruby-rbtrace ruby-re2 ruby-redcarpet ruby-redcloth ruby-regexp-property-values \
ruby-rinku ruby-rugged ruby-sqlite3 ruby-stackprof ruby-thrift \
ruby-timfel-krb5-auth ruby-unf-ext ruby-unicode ruby-version-sorter \
ruby-vmstat ruby-websocket-driver ruby-yajl rubygems-integration unicorn \
ruby-js-regex

and install gitlab:

# apt -t buster-backports install gitlab/buster-fasttrack ruby-hamlit/buster-fasttrack

Using aptitude

# aptitude -t buster-backports install gitlab/buster-fasttrack

and choose n for first choice and then Y to prefer packages from fasttrack when it is available in both backports and fasttrack.

apt priority for buster-fasttrack is lowered to 100 from 500 to match buster-backports settings.

gitlab crash work around (install grpc from rubygems.org)

We have to use versions of grpc from rubygems.org (don't forget to remove this version when ruby-grpc is fixed in debian)

# gem install -v 1.30.2 grpc

See 966653 for details.

Note: https://gitlab.debian.net is running on this version.

Unstable (be careful when updating packages)

Gitlab 13.3.9 is available in unstable (no open security issues).

We try to keep the version in unstable in a good shape with the latest security updates, but some times dependency updates break GitLab.

Currently gitlab installation is broken due to a change in libsass. See 953415 for more details.

A work around is to downgrade libsass and libsass-dev to 3.6.1. Use http://snapshot.debian.org/package/libsass/3.6.1-1/

Currently gitlab/gitaly crash due to a bug in ruby-grpc. As a work around, install grpc from rubygems.org (don't forget to remove this version when ruby-grpc is fixed in debian)

# gem install -v 1.30.2 grpc

See 966653 for more details.

Run rm -rf /var/lib/gitlab/.node_modules/uuid/ and retry installation if you got the following error: error An unexpected error occurred: "Package subpath './v4' is not defined by \"exports\" in "/var/lib/gitlab/.node_modules/uuid/package.json" during "Installing node modules...". See 964218 for more details.

Now install gitlab

# apt install gitlab

Experimental - During freeze and transitions

If you are using experimental for the first time, check DebianExperimental.

Gitlab on Stretch

This is moved to gitlab/stretch now.

Gitlab with apache2

Gitlab can use apache instead of nginx. To get a working configuration for your version the best thing to do is to follow the (gitlab-recipes repository) instructions.

Basically you will have to : Disable nginx Set www-data as web server user. Allow Modules dependencies # mod_rewrite # mod_ssl # mod_proxy # mod_proxy_http # mod_headers

a2enmod rewrite proxy_http headers

and as says in recipe

Allow gitlab-workhorse to listen on port 8181, edit or create /etc/default/gitlab and change or add the following:

 gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"

Gitlab Common Errors

If you have this kind of error

  Cloning into'public-test-project-ssh'...
  Received disconnect from YOUR_SERVER_IP port 22:2: Too many authentication failures
  Disconnected from YOUR_SERVER_IP port 22
  fatal: Can't read distant repository.

on an ssh clone

  git clone gitlab@ssh.your-gitlab-instance.org:public-test-group/public-test-project.git public-test-project-ssh

Note : In your command line host should match your ssh hostname for gitlab as group and project name.

To be sure you should find a line like the following in /var/log/auth.log

User gitlab from YOUR_CLIENT_IP not allowed because not listed in AllowUsers

You may have to allow gitlab user in /etc/ssh/sshd_config

AllowUsers user1 user2 gitlab
AllowGroups user1 group2 gitlab

Note : user1, user2, group2 are here for the example adapt to your setup.

Do not forget to restart the service

service ssh restart

Debug installation and configuration

Gitlab is composed of several parts. As always logs (/var/log/gitlab), debian specific documentation (/usr/share/doc/gitlab/) and (official) documentation provide lots of information.

gitlab-rake is convenience script to easily run rake commands provided by gitlab in debian environment.

# gitlab-rake gitlab:check
# gitlab-rake gitlab:env:info

gitlab-rails-console is another convenience script to launch a rails console in gitlab debian environment.

# gitlab-rails-console

Just make sure you don't have any gems installed from rubygems.org conflicting with debian packaged versions of the gems required by gitlab. /var/lib/gems/<ruby_version> (/var/lib/gems/2.5.0 or /var/lib/gems/2.7.0) should not have any gems.

rake aborted errors during installation

If your update failed for some reason (usually when dependencies are not satisfied for bundle install --local), and you retry installation after fixing dependencies, you may see errors like

rake aborted!
NameError: uninitialized constant Gitlab::Patch::ActiveRecordQueryCache
/usr/share/gitlab/config/initializers/active_record_query_cache.rb:3:in `<top (required)>'

You will have to manually remove problem creating initializers from /etc/gitlab/initializers. A list of such initializers can be found from gitlab source package or from https://salsa.debian.org/ruby-team/gitlab in debian/maintscript file. All lines starting with rm_conffile and corresponding versions are what you need to check.

manually installing ruby dependencies

When ruby dependencies are installed manually, we need to update gitlab and gitaly's Gemfile.lock to use the recently installed version. See 944698 for details.

cd /usr/share/gitlab
truncate -s0 Gemfile.lock
sudo -u gitlab bundle install --local # use the gitlab username instead of gitlab if you changed it
cd /usr/share/gitaly/ruby
truncate -s0 Gemfile.lock
sudo -u gitlab bundle install --local # use the gitlab username instead of gitlab if you changed it

Contact maintainers

You can reach the maintainers of the gitlab package via https://wiki.debian.org/gitlab/BackportChecklist

  1. Matrix at #debian-gitlab:poddery.com (join via browser)

  2. IRC #debian-gitlab on OFTC network (join via browser)

Maintainer's corner

  1. Installing gitlab on an lxc container to test - See gitlab/lxc

  2. Backport/Fasttrack checklist - See gitlab/BackportChecklist

  3. Dependencies Transitions checklist - See gitlab/DependenciesTransitions

  4. Managing Components - See gitlab/ManagingComponents

TODO

  1. Aim to get gitlab back in main by bullseye release by packaging all node dependencies. current status This is now an Outreachy project (from December 2019 to March 2020).

  2. Get autopkgtest working so we can detect problems when someone updates dependencies without coordinating with us. Current Status

Prioritizing tasks

We should try to pick tasks according to the following priority list,

  1. Update to latest security release (in unstable/experimental and fasttrack). Remember to add the CVEs fixed in the release (listed in the release blog post) to debian/changelog. Subscribe to Security Alerts: Notification alerts to critical security updates. at https://about.gitlab.com/company/preference-center/ to get notified by email about new security releases. Usually we have security releases once or twice per month.

  2. Update to next feature release (in unstable/experimental and fasttrack) before support for current stable release ends (usually 3 months). See Teams/Ruby/Packaging/newUpstreamRailsApp.

  3. We should try to keep the same upstream version in both unstable/experimental and fasttrack to avoid maintaining two versions. This means not starting a feature update close to a scheduled security release (usually at the end or starting of every month). Because a feature update may take more days to complete and involve complexities compared to a security update.
  4. Package remaining node modules and switch to packaged versions. Update 0740-use-packaged-modules.patch by removing the newly packaged module from package.json and adding it to Depends in debian/control. It is better to backport the packaged modules first to avoid updates getting blocked (sometimes you may need to backport a large number of build dependencies).