Merge branch '7-4-stable-non-conflict' into 'master'

7-4-stable to master. With resolved conflicts See merge request !1221

Merge branch '7-4-stable-non-conflict' into 'master'
7-4-stable to master. With resolved conflicts See merge request !1221
f9885c0c · Valery Sizov · 2f6856f7 · 21e8f43a · f9885c0c · f9885c0c
Commit f9885c0c authored Oct 27, 2014 by Valery Sizov
5 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,6 +4,15 @@ v 7.5.0
  - Fix LDAP authentication for Git HTTP access
  - Fix LDAP config lookup for provider 'ldap'

+v 7.4.2
+  - Fix internal snippet exposing for unauthenticated users
+
+v 7.4.1
+  - Fix LDAP authentication for Git HTTP access
+  - Fix LDAP config lookup for provider 'ldap'
+  - Fix public snippets
+  - Fix 500 error on projects with nested submodules
+
 v 7.4.0
  - Refactored membership logic
  - Improve error reporting on users API (Julien Bianchi)

--- a/app/finders/snippets_finder.rb
+++ b/app/finders/snippets_finder.rb
@@ -29,6 +29,8 @@ class SnippetsFinder
  def by_user(current_user, user, scope)
    snippets = user.snippets.fresh.non_expired

+    return snippets.are_public unless current_user
+
    if user == current_user
      case scope
      when 'are_internal' then

--- a/doc/update/6.x-or-7.x-to-7.4.md
+++ b/doc/update/6.x-or-7.x-to-7.4.md
@@ -13,7 +13,11 @@ possible to edit the label text and color. The characters `?`, `&` and `,` are
 no longer allowed however so those will be removed from your tags during the
 database migrations for GitLab 7.2.

-## 0. Backup
+## 0. Stop server
+
+    sudo service gitlab stop
+
+## 1. Backup

 It's useful to make a backup just in case things go south:
 (With MySQL, this may require granting "LOCK TABLES" privileges to the GitLab user on the database version)
@@ -23,10 +27,6 @@ cd /home/git/gitlab
 sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
 ```

-## 1. Stop server
-
-    sudo service gitlab stop
-
 ## 2. Update Ruby

 If you are still using Ruby 1.9.3 or below, you will need to update Ruby.
@@ -99,6 +99,8 @@ sudo apt-get install pkg-config cmake
    sed 's/^port .*/port 0/' /etc/redis/redis.conf.orig | sudo tee /etc/redis/redis.conf
    # Enable Redis socket for default Debian / Ubuntu path
    echo 'unixsocket /var/run/redis/redis.sock' | sudo tee -a /etc/redis/redis.conf
+    # Be sure redis group can write to the socket, enable only if supported (>= redis 2.4.0).
+    sudo sed -i '/# unixsocketperm/ s/^# unixsocketperm.*/unixsocketperm 0775/' /etc/redis/redis.conf
    # Activate the changes to redis.conf
    sudo service redis-server restart
    # Add git to the redis group
@@ -158,8 +160,8 @@ git diff 6-0-stable:config/gitlab.yml.example 7-4-stable:config/gitlab.yml.examp
 * Make `/home/git/gitlab/config/gitlab.yml` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-4-stable/config/gitlab.yml.example but with your settings.
 * Make `/home/git/gitlab/config/unicorn.rb` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-4-stable/config/unicorn.rb.example but with your settings.
 * Make `/home/git/gitlab-shell/config.yml` the same as https://gitlab.com/gitlab-org/gitlab-shell/blob/v2.0.1/config.yml.example but with your settings.
-* HTTP setups: Make `/etc/nginx/sites-available/nginx` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-4-stable/lib/support/nginx/gitlab but with your settings.
-* HTTPS setups: Make `/etc/nginx/sites-available/nginx-ssl` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-4-stable/lib/support/nginx/gitlab-ssl but with your settings.
+* HTTP setups: Make `/etc/nginx/sites-available/gitlab` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-4-stable/lib/support/nginx/gitlab but with your settings.
+* HTTPS setups: Make `/etc/nginx/sites-available/gitlab-ssl` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-4-stable/lib/support/nginx/gitlab-ssl but with your settings.
 * Copy rack attack middleware config

 ```bash
@@ -196,6 +198,76 @@ When using Google omniauth login, changes of the Google account required.
 Ensure that `Contacts API` and the `Google+ API` are enabled in the [Google Developers Console](https://console.developers.google.com/).
 More details can be found at the [integration documentation](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/integration/google.md).

+## 12. Optional optimizations for GitLab setups with MySQL databases
+
+Only applies if running MySQL database created with GitLab 6.7 or earlier. If you are not experiencing any issues you may not need the following instructions however following them will bring your database in line with the latest recommended installation configuration and help avoid future issues. Be sure to follow these directions exactly. These directions should be safe for any MySQL instance but to be sure make a current MySQL database backup beforehand.
+
+```
+# Stop GitLab
+sudo service gitlab stop
+
+# Secure your MySQL installation (added in GitLab 6.2)
+sudo mysql_secure_installation
+
+# Login to MySQL
+mysql -u root -p
+
+# do not type the 'mysql>', this is part of the prompt
+
+# Convert all tables to use the InnoDB storage engine (added in GitLab 6.8)
+SELECT CONCAT('ALTER TABLE gitlabhq_production.', table_name, ' ENGINE=InnoDB;') AS 'Copy & run these SQL statements:' FROM information_schema.tables WHERE table_schema = 'gitlabhq_production' AND `ENGINE` <> 'InnoDB' AND `TABLE_TYPE` = 'BASE TABLE';
+
+# If previous query returned results, copy & run all outputed SQL statements
+
+# Convert all tables to correct character set
+SET foreign_key_checks = 0;
+SELECT CONCAT('ALTER TABLE gitlabhq_production.', table_name, ' CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;') AS 'Copy & run these SQL statements:' FROM information_schema.tables WHERE table_schema = 'gitlabhq_production' AND `TABLE_COLLATION` <> 'utf8_unicode_ci' AND `TABLE_TYPE` = 'BASE TABLE';
+
+# If previous query returned results, copy & run all outputed SQL statements
+
+# turn foreign key checks back on
+SET foreign_key_checks = 1;
+
+# Find MySQL users
+mysql> SELECT user FROM mysql.user WHERE user LIKE '%git%';
+
+# If git user exists and gitlab user does not exist 
+# you are done with the database cleanup tasks
+mysql> \q
+
+# If both users exist skip to Delete gitlab user
+
+# Create new user for GitLab (changed in GitLab 6.4)
+# change $password in the command below to a real password you pick
+mysql> CREATE USER 'git'@'localhost' IDENTIFIED BY '$password';
+
+# Grant the git user necessary permissions on the database
+mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, LOCK TABLES ON `gitlabhq_production`.* TO 'git'@'localhost';
+
+# Delete the old gitlab user
+mysql> DELETE FROM mysql.user WHERE user='gitlab';
+
+# Quit the database session
+mysql> \q
+
+# Try connecting to the new database with the new user
+sudo -u git -H mysql -u git -p -D gitlabhq_production
+
+# Type the password you replaced $password with earlier
+
+# You should now see a 'mysql>' prompt
+
+# Quit the database session
+mysql> \q
+
+# Update database configuration details
+# See config/database.yml.mysql for latest recommended configuration details
+#   Remove the reaping_frequency setting line if it exists (removed in GitLab 6.8)
+#   Set production -> pool: 10 (updated in GitLab 5.3)
+#   Set production -> username: git
+#   Set production -> password: the password your replaced $password with earlier
+sudo -u git -H editor /home/git/gitlab/config/database.yml
+
 ## Things went south? Revert to previous version (6.0)

 ### 1. Revert the code to the previous version

--- a/doc/update/7.3-to-7.4.md
+++ b/doc/update/7.3-to-7.4.md
 # From 7.3 to 7.4

-### 0. Backup
+### 0. Stop server

-```bash
-cd /home/git/gitlab
-sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
-```
+    sudo service gitlab stop

-### 1. Stop server
+### 1. Backup

 ```bash
-sudo service gitlab stop
-```
+cd /home/git/gitlab
+sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production

 ### 2. Get latest code

 ```bash
-cd /home/git/gitlab
 sudo -u git -H git fetch --all
 sudo -u git -H git checkout -- db/schema.rb # local changes will be restored automatically
 ```
@@ -56,31 +52,7 @@ sudo -u git -H bundle exec rake assets:clean assets:precompile cache:clear RAILS
 sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
 ```

-
-### 4. Configure Redis to use sockets
-
-    # Configure redis to use sockets
-    sudo cp /etc/redis/redis.conf /etc/redis/redis.conf.orig
-    # Disable Redis listening on TCP by setting 'port' to 0
-    sed 's/^port .*/port 0/' /etc/redis/redis.conf.orig | sudo tee /etc/redis/redis.conf
-    # Enable Redis socket for default Debian / Ubuntu path
-    echo 'unixsocket /var/run/redis/redis.sock' | sudo tee -a /etc/redis/redis.conf
-    # Be sure redis group can write to the socket, enable only if supported (>= redis 2.4.0).
-    sed -i '/# unixsocketperm/ s/^# unixsocketperm.*/unixsocketperm 0775/' /etc/redis/redis.conf
-    # Activate the changes to redis.conf
-    sudo service redis-server restart
-    # Add git to the redis group
-    sudo usermod -aG redis git
-
-    # Configure Redis connection settings
-    sudo -u git -H cp config/resque.yml.example config/resque.yml
-    # Change the Redis socket path if you are not using the default Debian / Ubuntu configuration
-    sudo -u git -H editor config/resque.yml
-
-    # Configure gitlab-shell to use Redis sockets
-    sudo -u git -H sed -i 's|^  # socket.*|  socket: /var/run/redis/redis.sock|' /home/git/gitlab-shell/config.yml
-
-### 5. Update config files
+### 4. Update config files

 #### New configuration options for gitlab.yml

@@ -93,25 +65,25 @@ git diff origin/7-3-stable:config/gitlab.yml.example origin/7-4-stable:config/gi
 #### Change timeout for unicorn

 ```
-# config/unicorn.rb
-timeout 60
+# set timeout to 60
+sudo -u git -H editor config/unicorn.rb
 ```

 #### Change nginx https settings

-* HTTPS setups: Make `/etc/nginx/sites-available/nginx-ssl` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-4-stable/lib/support/nginx/gitlab-ssl but with your setting
+* HTTPS setups: Make `/etc/nginx/sites-available/gitlab-ssl` the same as https://gitlab.com/gitlab-org/gitlab-ce/blob/7-4-stable/lib/support/nginx/gitlab-ssl but with your setting

-#### Update database.yml config file(for mysql only) if needed (basically it is required for old gitlab installations)
+#### MySQL Databases: Update database.yml config file

 * Add `collation: utf8_general_ci` to config/database.yml as seen in [config/database.yml.mysql](config/database.yml.mysql)


-### 6. Start application
+### 5. Start application

    sudo service gitlab start
    sudo service nginx restart

-### 7. Check application status
+### 6. Check application status

 Check if GitLab and its environment are configured correctly:

@@ -123,17 +95,15 @@ To make sure you didn't miss anything run a more thorough check with:

 If all items are green, then congratulations upgrade is complete!

-### 8. Update OmniAuth configuration

-When using Google omniauth login, changes of the Google account required.
-Ensure that `Contacts API` and the `Google+ API` are enabled in the [Google Developers Console](https://console.developers.google.com/).
-More details can be found at the [integration documentation](../integration/google.md).
-
-### 9. Optional optimizations for GitLab setups with MySQL databases
+### 7. Optional optimizations for GitLab setups with MySQL databases

 Only applies if running MySQL database created with GitLab 6.7 or earlier. If you are not experiencing any issues you may not need the following instructions however following them will bring your database in line with the latest recommended installation configuration and help avoid future issues. Be sure to follow these directions exactly. These directions should be safe for any MySQL instance but to be sure make a current MySQL database backup beforehand.

 ```
+# Stop GitLab
+sudo service gitlab stop
+
 # Secure your MySQL installation (added in GitLab 6.2)
 sudo mysql_secure_installation

@@ -195,6 +165,9 @@ mysql> \q
 #   Set production -> username: git
 #   Set production -> password: the password your replaced $password with earlier
 sudo -u git -H editor /home/git/gitlab/config/database.yml
+
+# Run thorough check
+sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
 ```



--- a/spec/finders/snippets_finder_spec.rb
+++ b/spec/finders/snippets_finder_spec.rb
@@ -64,6 +64,13 @@ describe SnippetsFinder do
      snippets = SnippetsFinder.new.execute(user, filter: :by_user, user: user)
      snippets.should include(@snippet1, @snippet2, @snippet3)
    end
+
+    it "returns only public snippets if unauthenticated user" do
+      snippets = SnippetsFinder.new.execute(nil, filter: :by_user, user: user)
+      snippets.should include(@snippet3)
+      snippets.should_not include(@snippet2, @snippet1)
+    end
+
  end

  context 'by_project filter' do