Commit 3c85cedb authored by gitlab update bot's avatar gitlab update bot
Browse files

Update to version 13.9.0

parent 7101b8f0
Pipeline #6284 passed with stage
in 7 minutes and 36 seconds
FROM ubuntu:16.04
FROM ubuntu:20.04
MAINTAINER GitLab Inc. <support@gitlab.com>
SHELL ["/bin/sh", "-c"],
......@@ -17,8 +17,7 @@ RUN apt-get update -q \
tzdata \
nano \
less \
&& rm -rf /var/lib/apt/lists/* \
&& sed 's/session\s*required\s*pam_loginuid.so/session optional pam_loginuid.so/g' -i /etc/pam.d/sshd
&& rm -rf /var/lib/apt/lists/*
# Remove MOTD
RUN rm -rf /etc/update-motd.d /etc/motd /etc/motd.dynamic
......
......@@ -15,6 +15,9 @@ external_url "http://#{host}"
# Explicitly disable init detection since we are running on a container
package['detect_init'] = false
# Explicitly disable attempt to update kernel parameters
package['modify_kernel_parameters'] = false
# Load custom config from environment variable: GITLAB_OMNIBUS_CONFIG
# Disabling the cop since rubocop considers using eval to be security risk but
# we don't have an easy way out, atleast yet.
......
......@@ -46,7 +46,9 @@ groupadd -g 992 gitlab-prometheus
groupadd -g 991 gitlab-consul
# Create accounts
useradd -m -u 998 -g git -m -s /bin/sh -d /var/opt/gitlab git
## The git account is created with * as crypted password as ssh treats the account as locked if it has a !
## Issue #5891 https://gitlab.com/gitlab-org/omnibus-gitlab
useradd -m -u 998 -g git -p '*' -m -s /bin/sh -d /var/opt/gitlab git
useradd -m -u 999 -g gitlab-www -m -s /bin/false -d /var/opt/gitlab/nginx gitlab-www
useradd -m -u 997 -g gitlab-redis -m -s /bin/false -d /var/opt/gitlab/redis gitlab-redis
useradd -m -u 996 -g gitlab-psql -m -s /bin/sh -d /var/opt/gitlab/postgresql gitlab-psql
......
......@@ -15,9 +15,10 @@ AuthorizedKeysFile %h/.ssh/authorized_keys /gitlab-data/ssh/authorized_keys
AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k
AuthorizedKeysCommandUser git
# Fix: User username not allowed because account is locked
# With "UsePAM yes" the "!" is seen as a password disabled account and not fully locked so ssh public key login works
UsePAM yes
# Please make sure that the account is created without passwordlogin ("*" in /etc/shadow) or configure pam.
# Issue #5891 https://gitlab.com/gitlab-org/omnibus-gitlab
UsePAM no
# Disabling use DNS in ssh since it tends to slow connecting
UseDNS no
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment