Terry : Upgrade GitLab From 6.1 To 6.2

GitLab 6.2

v 6.2.4

  • Security: Cast API private_token to string (CVE-2013-4580)
  • Security: Require gitlab-shell 1.7.8 (CVE-2013-4581, CVE-2013-4582, CVE-2013-4583)
  • Fix for Git SSH access for LDAP users

v 6.2.3

  • Security: More protection against CVE-2013-4489
  • Security: Require gitlab-shell 1.7.4 (CVE-2013-4490, CVE-2013-4546)
  • Fix sidekiq rake tasks

v 6.2.2

  •  Security: Update gitlab_git (CVE-2013-4489)

v 6.2.1

  • Security: Fix issue with generated passwords for new users

v 6.2.0

  • Public project pages are now visible to everyone (files, issues, wik, etc.)
    THIS MEANS YOUR ISSUES AND WIKI FOR PUBLIC PROJECTS ARE PUBLICLY VISIBLE AFTER THE UPGRADE
  • Add group access to permissions page
  • Require current password to change one
  • Group owner or admin can remove other group owners
  • Remove group transfer since we have multiple owners
  • Respect authorization in Repository API
  • Improve UI for Project#files page
  • Add more security specs
  • Added search for projects by name to api (Izaak Alpert)
  • Make default user theme configurable (Izaak Alpert)
  • Update logic for validates_merge_request for tree of MR (Andrew Kumanyaev)
  • Rake tasks for web hooks management (Jonhnny Weslley)
  • Extended User API to expose admin and can_create_group for user creation/updating (Boyan Tabakov)
  • API: Remove group
  • API: Remove project
  • Avatar upload on profile page with a maximum of 100KB (Steven Thonus)
  • Store the sessions in Redis instead of the cookie store
  • Fixed relative links in markdown
  • User must confirm his email if signup enabled
  • User must confirm changed email

Upgrade Steps

0. Backup

It's useful to make a backup just in case things go south: (With MySQL, this may require granting "LOCK TABLES" privileges to the GitLab user on the database version)

cd /home/git/gitlab
sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production

1. Stop Server

sudo service gitlab stop

2. Get the latest code

su - git
cd /home/git/gitlab
sudo -u git -H git fetch
sudo -u git -H git checkout 6-2-stable # Latest version of 6-2-stable addresses CVE-2013-4489

3. Update gitlab-shell

cd /home/git/gitlab-shell
sudo -u git -H git fetch
sudo -u git -H git checkout v1.7.9 # Addresses multiple critical security vulnerabilities

4. Install additional packages

# Add support for lograte for better log file handling
sudo apt-get install logrotate

5. Install libs, migration etc

cd /home/git/gitlab

# MySQL
sudo -u git -H bundle install --without development test postgres --deployment

#PostgreSQL
sudo -u git -H bundle install --without development test mysql --deployment

sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production
sudo -u git -H bundle exec rake assets:clean RAILS_ENV=production
sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
sudo -u git -H bundle exec rake cache:clear RAILS_ENV=production

6. Update config files

Tip: to see what changed in gitlab.yml.example in this release use next command

git diff 6-1-stable:config/gitlab.yml.example 6-2-stable:config/gitlab.yml.example

Make /home/git/gitlab/config/gitlab.yml same as https://github.com/gitlabhq/gitlabhq/blob/6-2-stable/config/gitlab.yml.example but with your settings.

Make /home/git/gitlab/config/unicorn.rb same as https://github.com/gitlabhq/gitlabhq/blob/6-2-stable/config/unicorn.rb.example but with your settings.

Copy rack attack middleware config

sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb

Uncomment config.middleware.use Rack::Attack in /home/git/gitlab/config/application.rb

Set up logrotate

sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab

7. Update Init script

# Backup the old init scriptsudo cp /etc/init.d/gitlab{,.old}sudo rm /etc/init.d/gitlab# Download the new init script
# curl --output /etc/init.d/gitlab https://raw.github.com/gitlabhq/gitlabhq/6-2-stable/lib/support/init.d/gitlab
# OR
wget --no-check-certificate -O /etc/init.d/gitlab https://raw.github.com/gitlabhq/gitlabhq/6-2-stable/lib/support/init.d/gitlab
chmod +x /etc/init.d/gitlab

8. Start application

sudo service gitlab start
sudo service nginx restart

9. Check Application Status

Check if GitLab and its environment are configured correctly

cd /home/gitlab
su - git
bundle exec rake gitlab:env:info RAILS_ENV=production

To make sure you didn't miss anything run a more thorough check with

bundle exec rake gitlab:check RAILS_ENV=production

If all items are green, then congratulations upgrade complete!

Reference

ChangeLog