Hardening mode in VirtualBox is quite restrictive and on some systems it
could make sense to disable hardening mode, especially while we still
have issues with hostonly networking and other issues[TM] we don't know
or haven't tested yet.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit e03e0ff42a)
We're going to create more than one VirtualBox VM, so let's dynamically
generate subs specific to a particular VirtualBox VM, merging everything
into the testScript and machine expressions.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit 77831e8467)
Currently it pretty much tests starting up virtual machines and just
shutting down afterwards, but for both VBoxManage and the VirtualBox
GUI.
This helps catching errors in hardened mode, however we still need to
test whether networking works the way intended (and I fear that this is
broken at the moment).
The VirtualBox VM is _not_ using hardware virtualization support (thus
we use system = "i686-linux", because x86_64 has no emulation support),
because we're already within a qemu VM, which means it's going to be
slow as hell (that's why I've written own subs just for testing
startup/shutdown/whatnot with respective timeouts).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit 69858d7743)
Before we do substitutions, the Exec= line is (currently)
"Exec=libreofficedev4.3 --some-arg". Our substitution logic doesn't handle
that, resulting in broken "Exec=$out/bin/sofficedev4.3 --some-arg"
($out/bin/sofficedev4.3 doesn't exist).
Looking at libreoffice source, the .desktop files refer to a UNIXBASISROOTNAME
variable which come from instsetoo_native/util/openoffice.lst.in. Currently, it
can have one of two values, presumably depending on whether the build is
"normal" or "development":
libreoffice${major}.${minor}
libreofficedev${major}.${minor}
Handle both these cases, and also leave the old non-versioned substitution
around, just in case.
Fixes issue #3463.
(cherry picked from commit 64661f0597)
Problems are worked around by using older gcc wrapper for gnat bootstrap.
(from ca441636f1^)
I tried nicer solutions first, but I was unable to fix all problems for hours.
(cherry picked from commit 1a0a161920)
Small typo prevented the post resume script to restart network manager
(cherry picked from commit aba0d8a73d)
Signed-off-by: Domen Kožar <domen@dev.si>
I couldn't find any source that looked reliable, but I guess it's better
than nothing: it's fairly simple patch that fixes the build.
(cherry picked from commit 274a9419c1)
It turns out that installing therubytracer, with dependency on old v8, even
when using source libv8 version is problematic.
(see
http://stackoverflow.com/questions/21666379/problems-installing-gitlab-on-odroid-v8-lib-not-available).
But wait, rails does not even need therubytracer, just any kind of javascript
server side execution framework like nodejs. Well just use that, as also
suggested from different internet sources (look link above), it works just
fine.
We only need to have setuid-root wrappers for VBox{Headless,SDL} and
VirtualBox, otherwise VBoxManage will run as root and NOT drop
privileges!
Fixes#5283.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit 0d71ec8a6e)
I had to make several adjustments to make it work with nixos:
* Replace relative config file lookups with ENV variable.
* Modify gitlab-shell to not clear then environment when running
pre-receive.
* Modify gitlab-shell to write some environment variables into
the .authorized_keys file to make sure gitlab-shell reads the
correct config file.
* Log unicorn output to syslog.
I tried various ways of adding a syslog package but the bundler would
not pick them up. Please fix in a better way if possible.
* Gitlab-runner program wrapper.
This is useful to run e.g. backups etc. with the correct
environment set up.