Update to version 13.9.0

3c85cedb · gitlab update bot · 7101b8f0 · 3c85cedb · 3c85cedb · 3c85cedb
Commit 3c85cedb authored Feb 23, 2021 by gitlab update bot
--- a/Dockerfile.upstream
+++ b/Dockerfile.upstream
-FROM ubuntu:16.04
+FROM ubuntu:20.04
 MAINTAINER GitLab Inc. <support@gitlab.com>

 SHELL ["/bin/sh", "-c"],
@@ -17,8 +17,7 @@ RUN apt-get update -q \
      tzdata \
      nano \
      less \
-    && rm -rf /var/lib/apt/lists/* \
-    && sed 's/session\s*required\s*pam_loginuid.so/session optional pam_loginuid.so/g' -i /etc/pam.d/sshd
+    && rm -rf /var/lib/apt/lists/*

 # Remove MOTD
 RUN rm -rf /etc/update-motd.d /etc/motd /etc/motd.dynamic

--- a/VERSION
+++ b/VERSION
-13.8.4
+13.9.0
--- a/assets/gitlab.rb
+++ b/assets/gitlab.rb
@@ -15,6 +15,9 @@ external_url "http://#{host}"
 # Explicitly disable init detection since we are running on a container
 package['detect_init'] = false

+# Explicitly disable attempt to update kernel parameters
+package['modify_kernel_parameters'] = false
+
 # Load custom config from environment variable: GITLAB_OMNIBUS_CONFIG
 # Disabling the cop since rubocop considers using eval to be security risk but
 # we don't have an easy way out, atleast yet.

--- a/assets/setup
+++ b/assets/setup
@@ -46,7 +46,9 @@ groupadd -g 992 gitlab-prometheus
 groupadd -g 991 gitlab-consul

 # Create accounts
-useradd -m -u 998 -g git -m -s /bin/sh -d /var/opt/gitlab git
+## The git account is created with * as crypted password as ssh treats the account as locked if it has a ! 
+## Issue #5891 https://gitlab.com/gitlab-org/omnibus-gitlab
+useradd -m -u 998 -g git -p '*' -m -s /bin/sh -d /var/opt/gitlab git
 useradd -m -u 999 -g gitlab-www -m -s /bin/false -d /var/opt/gitlab/nginx gitlab-www
 useradd -m -u 997 -g gitlab-redis -m -s /bin/false -d /var/opt/gitlab/redis gitlab-redis
 useradd -m -u 996 -g gitlab-psql -m -s /bin/sh -d /var/opt/gitlab/postgresql gitlab-psql

--- a/assets/sshd_config
+++ b/assets/sshd_config
@@ -15,9 +15,10 @@ AuthorizedKeysFile %h/.ssh/authorized_keys /gitlab-data/ssh/authorized_keys
 AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k
 AuthorizedKeysCommandUser git

-# Fix: User username not allowed because account is locked
 # With "UsePAM yes" the "!" is seen as a password disabled account and not fully locked so ssh public key login works
-UsePAM yes
+# Please make sure that the account is created without passwordlogin ("*" in /etc/shadow) or configure pam. 
+# Issue #5891 https://gitlab.com/gitlab-org/omnibus-gitlab
+UsePAM no

 # Disabling use DNS in ssh since it tends to slow connecting
 UseDNS no