gitlab: 8.0.5 -> 8.5.0, service improvements

Updates gitlab to the current stable version and fixes a lot of features that
were broken, at least with the current version and our configuration.

Quite a lot of sweat and tears has gone into testing nearly all features and
reading/patching the Gitlab source as we're about to deploy gitlab for our
whole company.

Things to note:

 * The gitlab config is now written as a nix attribute set and will be
   converted to JSON. Gitlab uses YAML but JSON is a subset of YAML.
   The `extraConfig` opition is also an attribute set that will be merged
   with the default config. This way *all* Gitlab options are supported.

 * Some paths like uploads and configs are hardcoded in rails  (at least
   after my study of the Gitlab source). This is why they are linked from
   the Gitlab root to /run/gitlab and then linked to the  configurable
   `statePath`.

 * Backup & restore should work out of the box from another Gitlab instance.

 * gitlab-git-http-server has been replaced by gitlab-workhorse upstream.
   Push & pull over HTTPS works perfectly. Communication to gitlab is done
   over unix sockets. An HTTP server is required to proxy requests to
   gitlab-workhorse over another unix socket at
   `/run/gitlab/gitlab-workhorse.socket`.

 * The user & group running gitlab are now configurable. These can even be
   changed for live instances.

 * The initial email address & password of the root user can be configured.

Fixes #8598.

pkgs/applications/version-management/gitlab/Gemfile

@@ -1,14 +1,10 @@
 source "https://rubygems.org"
 
-def darwin_only(require_as)
-  RUBY_PLATFORM.include?('darwin') && require_as
-end
+gem 'rails', '4.2.5.1'
+gem 'rails-deprecated_sanitizer', '~> 1.0.3'
 
-def linux_only(require_as)
-  RUBY_PLATFORM.include?('linux') && require_as
-end
-
-gem 'rails', '4.1.12'
+# Responders respond_to and respond_with
+gem 'responders', '~> 2.0'
 
 # Specify a sprockets version due to security issue
 # See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
@@ -22,20 +18,27 @@ gem "mysql2", '~> 0.3.16', group: :mysql
 gem "pg", '~> 0.18.2', group: :postgres
 
 # Authentication libraries
-gem "devise", '~> 3.5.2'
-gem "devise-async", '~> 0.9.0'
-gem 'omniauth', "~> 1.2.2"
-gem 'omniauth-google-oauth2', '~> 0.2.5'
-gem 'omniauth-twitter', '~> 1.0.1'
-gem 'omniauth-github', '~> 1.1.1'
-gem 'omniauth-shibboleth', '~> 1.1.1'
-gem 'omniauth-kerberos', '~> 0.2.0', group: :kerberos
-gem 'omniauth-gitlab', '~> 1.0.0'
-gem 'omniauth-bitbucket', '~> 0.0.2'
-gem 'omniauth-saml', '~> 1.4.0'
-gem 'doorkeeper', '~> 2.1.3'
-gem 'omniauth_crowd'
-gem "rack-oauth2", "~> 1.0.5"
+gem 'devise',                 '~> 3.5.4'
+gem 'devise-async',           '~> 0.9.0'
+gem 'doorkeeper',             '~> 2.2.0'
+gem 'omniauth',               '~> 1.3.1'
+gem 'omniauth-azure-oauth2',  '~> 0.0.6'
+gem 'omniauth-bitbucket',     '~> 0.0.2'
+gem 'omniauth-cas3',          '~> 1.1.2'
+gem 'omniauth-facebook',      '~> 3.0.0'
+gem 'omniauth-github',        '~> 1.1.1'
+gem 'omniauth-gitlab',        '~> 1.0.0'
+gem 'omniauth-google-oauth2', '~> 0.2.0'
+gem 'omniauth-kerberos',      '~> 0.3.0', group: :kerberos
+gem 'omniauth-saml',          '~> 1.4.2'
+gem 'omniauth-shibboleth',    '~> 1.2.0'
+gem 'omniauth-twitter',       '~> 1.2.0'
+gem 'omniauth_crowd',         '~> 2.2.0'
+gem 'rack-oauth2',            '~> 1.2.1'
+
+# Spam and anti-bot protection
+gem 'recaptcha', require: 'recaptcha/rails'
+gem 'akismet', '~> 2.0'
 
 # Two-factor authentication
 gem 'devise-two-factor', '~> 2.0.0'
@@ -47,7 +50,7 @@ gem "browser", '~> 1.0.0'
 
 # Extracting information from a git repository
 # Provide access to Gitlab::Git library
-gem "gitlab_git", '~> 7.2.15'
+gem "gitlab_git", '~> 8.2'
 
 # LDAP Auth
 # GitLab fork with several improvements to original library. For full list of changes
@@ -55,32 +58,21 @@ gem "gitlab_git", '~> 7.2.15'
 gem 'gitlab_omniauth-ldap', '~> 1.2.1', require: "omniauth-ldap"
 
 # Git Wiki
-gem 'gollum-lib', '~> 4.0.2'
+gem 'gollum-lib', '~> 4.1.0'
 
 # Language detection
-# GitLab fork of linguist does not require pygments/python dependency.
-# New version of original gem also dropped pygments support but it has strict
-# dependency to unstable rugged version. We have internal issue for replacing
-# fork with original gem when we meet on same rugged version - https://dev.gitlab.org/gitlab/gitlabhq/issues/2052.
-gem "gitlab-linguist", "~> 3.0.1", require: "linguist"
+gem "github-linguist", "~> 4.7.0", require: "linguist"
 
 # API
-gem "grape", "~> 0.6.1"
-gem "grape-entity", "~> 0.4.2"
-gem 'rack-cors', '~> 0.2.9', require: 'rack/cors'
-
-# Format dates and times
-# based on human-friendly examples
-gem "stamp", '~> 0.5.0'
-
-# Enumeration fields
-gem 'enumerize', '~> 0.7.0'
+gem 'grape',        '~> 0.13.0'
+gem 'grape-entity', '~> 0.4.2'
+gem 'rack-cors',    '~> 0.4.0', require: 'rack/cors'
 
 # Pagination
-gem "kaminari", "~> 0.15.1"
+gem "kaminari", "~> 0.16.3"
 
 # HAML
-gem "haml-rails", '~> 0.5.3'
+gem "haml-rails", '~> 0.9.0'
 
 # Files attachments
 gem "carrierwave", '~> 0.9.0'
@@ -89,7 +81,7 @@ gem "carrierwave", '~> 0.9.0'
 gem 'dropzonejs-rails', '~> 0.7.1'
 
 # for aws storage
-gem "fog", "~> 1.25.0"
+gem "fog", "~> 1.36.0"
 gem "unf", '~> 0.1.4'
 
 # Authorization
@@ -102,13 +94,18 @@ gem "seed-fu", '~> 2.3.5'
 gem 'html-pipeline', '~> 1.11.0'
 gem 'task_list',     '~> 1.0.2', require: 'task_list/railtie'
 gem 'github-markup', '~> 1.3.1'
-gem 'redcarpet',     '~> 3.3.2'
+gem 'redcarpet',     '~> 3.3.3'
 gem 'RedCloth',      '~> 4.2.9'
 gem 'rdoc',          '~>3.6'
 gem 'org-ruby',      '~> 0.9.12'
-gem 'creole',        '~>0.3.6'
+gem 'creole',        '~> 0.5.0'
 gem 'wikicloth',     '0.8.1'
 gem 'asciidoctor',   '~> 1.5.2'
+gem 'rouge',         '~> 1.10.1'
+
+# See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
+# and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
+gem 'nokogiri', '~> 1.6.7', '>= 1.6.7.2'
 
 # Diffs
 gem 'diffy', '~> 3.0.3'
@@ -120,7 +117,7 @@ group :unicorn do
 end
 
 # State machine
-gem "state_machine", '~> 1.2.0'
+gem "state_machines-activerecord", '~> 0.3.0'
 # Run events after state machine commits
 gem 'after_commit_queue'
 
@@ -128,17 +125,16 @@ gem 'after_commit_queue'
 gem 'acts-as-taggable-on', '~> 3.4'
 
 # Background jobs
-gem 'slim', '~> 2.0.2'
 gem 'sinatra', '~> 1.4.4', require: nil
-gem 'sidekiq', '3.3.0'
-gem 'sidetiq', '~> 0.6.3'
+gem 'sidekiq', '~> 4.0'
+gem 'sidekiq-cron', '~> 0.4.0'
+gem 'redis-namespace'
 
 # HTTP requests
 gem "httparty", '~> 0.13.3'
 
 # Colored output to console
-gem "colored", '~> 1.2'
-gem "colorize", '~> 0.5.8'
+gem "colorize", '~> 0.7.0'
 
 # GitLab settings
 gem 'settingslogic', '~> 2.0.9'
@@ -151,7 +147,7 @@ gem 'version_sorter', '~> 2.0.0'
 gem "redis-rails", '~> 4.0.0'
 
 # Campfire integration
-gem 'tinder', '~> 1.9.2'
+gem 'tinder', '~> 1.10.0'
 
 # HipChat integration
 gem 'hipchat', '~> 1.5.0'
@@ -163,28 +159,32 @@ gem "gitlab-flowdock-git-hook", "~> 1.0.1"
 gem "gemnasium-gitlab-service", "~> 0.2"
 
 # Slack integration
-gem "slack-notifier", "~> 1.0.0"
+gem "slack-notifier", "~> 1.2.0"
 
 # Asana integration
-gem 'asana', '~> 0.0.6'
+gem 'asana', '~> 0.4.0'
 
 # FogBugz integration
 gem 'ruby-fogbugz', '~> 0.2.1'
 
 # d3
-gem 'd3_rails', '~> 3.5.5'
+gem 'd3_rails', '~> 3.5.0'
 
 #cal-heatmap
-gem "cal-heatmap-rails", "~> 0.0.1"
+gem 'cal-heatmap-rails', '~> 3.5.0'
 
 # underscore-rails
-gem "underscore-rails", "~> 1.4.4"
+gem "underscore-rails", "~> 1.8.0"
 
 # Sanitize user input
 gem "sanitize", '~> 2.0'
+gem 'babosa', '~> 1.0.2'
+
+# Sanitizes SVG input
+gem "loofah", "~> 2.0.3"
 
 # Protect against bruteforcing
-gem "rack-attack", '~> 4.3.0'
+gem "rack-attack", '~> 4.3.1'
 
 # Ace editor
 gem 'ace-rails-ap', '~> 2.0.1'
@@ -193,38 +193,52 @@ gem 'ace-rails-ap', '~> 2.0.1'
 gem 'mousetrap-rails', '~> 1.4.6'
 
 # Detect and convert string character encoding
-gem 'charlock_holmes', '~> 0.6.9.4'
+gem 'charlock_holmes', '~> 0.7.3'
 
-gem "sass-rails", '~> 4.0.5'
+gem "sass-rails", '~> 5.0.0'
 gem "coffee-rails", '~> 4.1.0'
-gem "uglifier", '~> 2.3.2'
+gem "uglifier", '~> 2.7.2'
 gem 'turbolinks', '~> 2.5.0'
-gem 'jquery-turbolinks', '~> 2.0.1'
+gem 'jquery-turbolinks', '~> 2.1.0'
 
 gem 'addressable',        '~> 2.3.8'
-gem 'bootstrap-sass',     '~> 3.0'
+gem 'bootstrap-sass',     '~> 3.3.0'
 gem 'font-awesome-rails', '~> 4.2'
-gem 'gitlab_emoji',       '~> 0.1'
-gem 'gon',                '~> 5.0.0'
-gem 'jquery-atwho-rails', '~> 1.0.0'
-gem 'jquery-rails',       '~> 3.1.3'
+gem 'gitlab_emoji',       '~> 0.3.0'
+gem 'gon',                '~> 6.0.1'
+gem 'jquery-atwho-rails', '~> 1.3.2'
+gem 'jquery-rails',       '~> 4.0.0'
 gem 'jquery-scrollto-rails', '~> 1.4.3'
-gem 'jquery-ui-rails',    '~> 4.2.1'
-gem 'nprogress-rails',    '~> 0.1.2.3'
+gem 'jquery-ui-rails',    '~> 5.0.0'
+gem 'nprogress-rails',    '~> 0.1.6.7'
 gem 'raphael-rails',      '~> 2.1.2'
 gem 'request_store',      '~> 1.2.0'
 gem 'select2-rails',      '~> 3.5.9'
 gem 'virtus',             '~> 1.0.1'
+gem 'net-ssh',            '~> 3.0.1'
+
+# Sentry integration
+gem 'sentry-raven'
+
+# Metrics
+group :metrics do
+  gem 'allocations', '~> 1.0', require: false, platform: :mri
+  gem 'method_source', '~> 0.8', require: false
+  gem 'influxdb', '~> 0.2', require: false
+  gem 'connection_pool', '~> 2.0', require: false
+end
 
 group :development do
   gem "foreman"
-  gem 'brakeman', '3.0.1', require: false
+  gem 'brakeman', '~> 3.1.0', require: false
 
   gem "annotate", "~> 2.6.0"
   gem "letter_opener", '~> 1.1.2'
   gem 'quiet_assets', '~> 1.0.2'
-  gem 'rack-mini-profiler', '~> 0.9.0', require: false
-  gem 'rerun', '~> 0.10.0'
+  gem 'rerun', '~> 0.11.0'
+  gem 'bullet', require: false
+  gem 'rblineprof', platform: :mri, require: false
+  gem 'web-console', '~> 2.0'
 
   # Better errors handler
   gem 'better_errors', '~> 1.0.1'
@@ -241,7 +255,7 @@ group :development, :test do
   gem 'byebug', platform: :mri
   gem 'pry-rails'
 
-  gem 'awesome_print', '~> 1.2.0'
+  gem 'awesome_print', '~> 1.2.0', require: false
   gem 'fuubar', '~> 2.0.0'
 
   gem 'database_cleaner', '~> 1.4.0'
@@ -257,7 +271,7 @@ group :development, :test do
 
   gem 'capybara',            '~> 2.4.0'
   gem 'capybara-screenshot', '~> 1.0.0'
-  gem 'poltergeist',         '~> 1.6.0'
+  gem 'poltergeist',         '~> 1.8.1'
 
   gem 'teaspoon', '~> 1.0.0'
   gem 'teaspoon-jasmine', '~> 2.2.0'
@@ -267,16 +281,21 @@ group :development, :test do
   gem 'spring-commands-spinach',  '~> 1.0.0'
   gem 'spring-commands-teaspoon', '~> 0.0.2'
 
-  gem 'rubocop',  '~> 0.28.0',  require: false
+  gem 'rubocop', '~> 0.35.0', require: false
   gem 'coveralls',  '~> 0.8.2', require: false
   gem 'simplecov', '~> 0.10.0', require: false
+  gem 'flog', require: false
+  gem 'flay', require: false
+  gem 'bundler-audit', require: false
+
+  gem 'benchmark-ips', require: false
 end
 
 group :test do
   gem 'shoulda-matchers', '~> 2.8.0', require: false
   gem 'email_spec', '~> 1.6.0'
   gem 'webmock', '~> 1.21.0'
-  gem 'test_after_commit', '~> 0.2.2'
+  gem 'test_after_commit', '~> 0.4.2'
   gem 'sham_rack'
 end
 
@@ -284,12 +303,9 @@ group :production do
   gem "gitlab_meta", '7.0'
 end
 
-gem "newrelic_rpm", '~> 3.9.4.245'
-gem 'newrelic-grape'
+gem 'octokit', '~> 3.8.0'
 
-gem 'octokit', '~> 3.7.0'
-
-gem "mail_room", "~> 0.5.2"
+gem "mail_room", "~> 0.6.1"
 
 gem 'email_reply_parser', '~> 0.5.8'
 
@@ -298,19 +314,10 @@ gem 'activerecord-deprecated_finders', '~> 1.0.3'
 gem 'activerecord-session_store', '~> 0.1.0'
 gem "nested_form", '~> 0.3.2'
 
-# Scheduled
-gem 'whenever', '~> 0.8.4', require: false
-
 # OAuth
 gem 'oauth2', '~> 1.0.0'
 
 # Soft deletion
 gem "paranoia", "~> 2.0"
 
-group :development, :test do
-  gem 'guard-rspec', '~> 4.2.0'
-
-  gem 'rb-fsevent', require: darwin_only('rb-fsevent')
-  gem 'growl',      require: darwin_only('growl')
-  gem 'rb-inotify', require: linux_only('rb-inotify')
-end
+gem "activerecord-nulldb-adapter"

pkgs/applications/version-management/gitlab/default.nix

@@ -1,7 +1,10 @@
-{ stdenv, lib, bundler, fetchgit, bundlerEnv, defaultGemConfig, libiconv, ruby
+{ stdenv, lib, bundler, fetchFromGitHub, bundlerEnv, defaultGemConfig, libiconv, ruby
 , tzdata, git, nodejs, procps
 }:
 
+/* When updating the Gemfile add `gem "activerecord-nulldb-adapter"`
+   to allow building the assets without a database */
+
 let
   env = bundlerEnv {
     name = "gitlab";
@@ -21,19 +24,23 @@ in
 
 stdenv.mkDerivation rec {
   name = "gitlab-${version}";
-  version = "8.0.5";
+  version = "8.5.0";
+
   buildInputs = [ ruby bundler tzdata git nodejs procps ];
-  src = fetchgit {
-    url = "https://github.com/gitlabhq/gitlabhq.git";
-    rev = "2866c501b5a5abb69d101cc07261a1d684b4bd4c";
-    fetchSubmodules = false;
-    sha256 = "edc6bedd5e79940189355d8cb343d20b0781b69fcef56ccae5906fa5e81ed521";
+
+  src = fetchFromGitHub {
+    owner = "gitlabhq";
+    repo = "gitlabhq";
+    rev = "v${version}";
+    sha256 = "1rhl906xnvpxkw3ngwfzi80cl3daihx5vizy04b9b39adyd3i5hl";
   };
 
   patches = [
     ./remove-hardcoded-locations.patch
     ./disable-dump-schema-after-migration.patch
+    ./nulladapter.patch
   ];
+
   postPatch = ''
     # For reasons I don't understand "bundle exec" ignores the
     # RAILS_ENV causing tests to be executed that fail because we're
@@ -41,7 +48,6 @@ stdenv.mkDerivation rec {
     # tests works though.:
     rm lib/tasks/test.rake
 
-    mv config/gitlab.yml.example config/gitlab.yml
     rm config/initializers/gitlab_shell_secret_token.rb
 
     substituteInPlace app/controllers/admin/background_jobs_controller.rb \
@@ -50,7 +56,7 @@ stdenv.mkDerivation rec {
     # required for some gems:
     cat > config/database.yml <<EOF
       production:
-        adapter: postgresql
+        adapter: <%= ENV["GITLAB_DATABASE_ADAPTER"] || sqlite %>
         database: gitlab
         host: <%= ENV["GITLAB_DATABASE_HOST"] || "127.0.0.1" %>
         password: <%= ENV["GITLAB_DATABASE_PASSWORD"] || "blerg" %>
@@ -58,14 +64,22 @@ stdenv.mkDerivation rec {
         encoding: utf8
     EOF
   '';
+
   buildPhase = ''
     export GEM_HOME=${env}/${ruby.gemPath}
-    bundle exec rake assets:precompile RAILS_ENV=production
+    mv config/gitlab.yml.example config/gitlab.yml
+    GITLAB_DATABASE_ADAPTER=nulldb bundle exec rake assets:precompile RAILS_ENV=production
+    mv config/gitlab.yml config/gitlab.yml.example
+    mv config config.dist
   '';
+
   installPhase = ''
     mkdir -p $out/share
     cp -r . $out/share/gitlab
+    ln -sf /run/gitlab/uploads $out/share/gitlab/public/uploads
+    ln -sf /run/gitlab/config $out/share/gitlab/config
   '';
+
   passthru = {
     inherit env;
     inherit ruby;

pkgs/applications/version-management/gitlab/nulladapter.patch

@@ -0,0 +1,29 @@
+index acd1874..f493451 100644
+--- a/Gemfile
++++ b/Gemfile
+@@ -318,3 +318,5 @@ gem 'oauth2', '~> 1.0.0'
+ 
+ # Soft deletion
+ gem "paranoia", "~> 2.0"
++
++gem "activerecord-nulldb-adapter"
+index 14d2c76..7a010f0 100644
+--- a/Gemfile.lock
++++ b/Gemfile.lock
+@@ -34,6 +34,8 @@ GEM
+       activesupport (= 4.2.5.1)
+       arel (~> 6.0)
+     activerecord-deprecated_finders (1.0.4)
++    activerecord-nulldb-adapter (0.3.2)
++      activerecord (>= 2.0.0)
+     activerecord-session_store (0.1.2)
+       actionpack (>= 4.0.0, < 5)
+       activerecord (>= 4.0.0, < 5)
+@@ -880,6 +882,7 @@ DEPENDENCIES
+   RedCloth (~> 4.2.9)
+   ace-rails-ap (~> 2.0.1)
+   activerecord-deprecated_finders (~> 1.0.3)
++  activerecord-nulldb-adapter
+   activerecord-session_store (~> 0.1.0)
+   acts-as-taggable-on (~> 3.4)
+   addressable (~> 2.3.8)

pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch

@@ -1,8 +1,8 @@
 diff --git a/config/environments/production.rb b/config/environments/production.rb
-index 3316ece..c34dec0 100644
+index 9095266..694a4c5 100644
 --- a/config/environments/production.rb
 +++ b/config/environments/production.rb
-@@ -67,10 +67,10 @@ Gitlab::Application.configure do
+@@ -67,10 +67,10 @@ Rails.application.configure do
  
    config.action_mailer.delivery_method = :sendmail
    # Defaults to:
@@ -18,74 +18,10 @@ index 3316ece..c34dec0 100644
    config.action_mailer.raise_delivery_errors = true
  
 diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
-index 15930fc..bdb423c 100644
+index 05f127d..1daef74 100644
 --- a/config/gitlab.yml.example
 +++ b/config/gitlab.yml.example
-@@ -29,8 +29,8 @@ production: &base
-   ## GitLab settings
-   gitlab:
-     ## Web server settings (note: host is the FQDN, do not include http://)
--    host: localhost
--    port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
-+    host: <%= ENV['GITLAB_HOST'] || 'localhost' %>
-+    port: <%= ENV['GITLAB_PORT'] || 80 %>
-     https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
- 
-     # Uncommment this line below if your ssh host is different from HTTP/HTTPS one
-@@ -43,7 +43,7 @@ production: &base
-     # relative_url_root: /gitlab
- 
-     # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
--    # user: git
-+    user: gitlab
- 
-     ## Date & Time settings
-     # Uncomment and customize if you want to change the default time zone of GitLab application.
-@@ -54,7 +54,7 @@ production: &base
-     # Uncomment and set to false if you need to disable email sending from GitLab (default: true)
-     # email_enabled: true
-     # Email address used in the "From" field in mails sent by GitLab
--    email_from: example@example.com
-+    email_from: <%= ENV['GITLAB_EMAIL_FROM'] %>
-     email_display_name: GitLab
-     email_reply_to: noreply@example.com
- 
-@@ -298,12 +298,12 @@ production: &base
-   # GitLab Satellites
-   satellites:
-     # Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
--    path: /home/git/gitlab-satellites/
-+    path: <%= ENV['GITLAB_SATELLITES_PATH'] %>
-     timeout: 30
- 
-   ## Backup settings
-   backup:
--    path: "tmp/backups"   # Relative paths are relative to Rails.root (default: tmp/backups/)
-+    path: <%= ENV['GITLAB_BACKUP_PATH'] %>
-     # archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600)
-     # keep_time: 604800   # default: 0 (forever) (in seconds)
-     # pg_schema: public     # default: nil, it means that all schemas will be backed up
-@@ -322,15 +322,15 @@ production: &base
- 
-   ## GitLab Shell settings
-   gitlab_shell:
--    path: /home/git/gitlab-shell/
-+    path: <%= ENV['GITLAB_SHELL_PATH'] %>
- 
-     # REPOS_PATH MUST NOT BE A SYMLINK!!!
--    repos_path: /home/git/repositories/
--    hooks_path: /home/git/gitlab-shell/hooks/
-+    repos_path: <%= ENV['GITLAB_REPOSITORIES_PATH'] %>
-+    hooks_path: <%= ENV['GITLAB_SHELL_HOOKS_PATH'] %>
- 
-     # File that contains the secret key for verifying access for gitlab-shell.
-     # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
--    # secret_file: /home/git/gitlab/.gitlab_shell_secret
-+    secret_file: <%= ENV['GITLAB_SHELL_SECRET_PATH'] %>
- 
-     # Git over HTTP
-     upload_pack: true
-@@ -343,7 +343,7 @@ production: &base
+@@ -423,7 +422,7 @@ production: &base
    # CAUTION!
    # Use the default values unless you really know what you are doing
    git:
@@ -94,25 +30,82 @@ index 15930fc..bdb423c 100644
      # The next value is the maximum memory size grit can use
      # Given in number of bytes per git object (e.g. a commit)
      # This value can be increased if you have very large commits
-@@ -388,7 +388,7 @@ test:
-   gravatar:
-     enabled: true
-   gitlab:
--    host: localhost
-+    host: <%= ENV['GITLAB_HOST'] %>
-     port: 80
- 
-     # When you run tests we clone and setup gitlab-shell
-diff --git a/lib/gitlab/app_logger.rb b/lib/gitlab/app_logger.rb
-index dddcb25..d61f10a 100644
---- a/lib/gitlab/app_logger.rb
-+++ b/lib/gitlab/app_logger.rb
-@@ -1,7 +1,7 @@
- module Gitlab
-   class AppLogger < Gitlab::Logger
-     def self.file_name_noext
--      'application'
-+      ENV["GITLAB_APPLICATION_LOG_PATH"]
+
+diff --git a/lib/gitlab/logger.rb b/lib/gitlab/logger.rb
+index 59b2114..4f4a39a 100644
+--- a/lib/gitlab/logger.rb
++++ b/lib/gitlab/logger.rb
+@@ -13,20 +13,20 @@ module Gitlab
      end
  
-     def format_message(severity, timestamp, progname, msg)
+     def self.read_latest
+-      path = Rails.root.join("log", file_name)
++      path = File.join(ENV["GITLAB_LOG_PATH"], file_name)
+       self.build unless File.exist?(path)
+       tail_output, _ = Gitlab::Popen.popen(%W(tail -n 2000 #{path}))
+       tail_output.split("\n")
+     end
+ 
+     def self.read_latest_for(filename)
+-      path = Rails.root.join("log", filename)
++      path = File.join(ENV["GITLAB_LOG_PATH"], filename)
+       tail_output, _ = Gitlab::Popen.popen(%W(tail -n 2000 #{path}))
+       tail_output.split("\n")
+     end
+ 
+     def self.build
+-      new(Rails.root.join("log", file_name))
++      new(File.join(ENV["GITLAB_LOG_PATH"], file_name))
+     end
+   end
+ end
+diff --git a/lib/gitlab/uploads_transfer.rb b/lib/gitlab/uploads_transfer.rb
+index be8fcc7..7642d74 100644
+--- a/lib/gitlab/uploads_transfer.rb
++++ b/lib/gitlab/uploads_transfer.rb
+@@ -29,7 +29,7 @@ module Gitlab
+     end
+ 
+     def root_dir
+-      File.join(Rails.root, "public", "uploads")
++      ENV['GITLAB_UPLOADS_PATH'] || File.join(Rails.root, "public", "uploads")
+     end
+   end
+ end
+diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake
+index 81099cb..a40b1ad 100644
+--- a/lib/tasks/gitlab/check.rake
++++ b/lib/tasks/gitlab/check.rake
+@@ -223,7 +223,7 @@ namespace :gitlab do
+     def check_log_writable
+       print "Log directory writable? ... "
+ 
+-      log_path = Rails.root.join("log")
++      log_path = ENV["GITLAB_LOG_PATH"]
+ 
+       if File.writable?(log_path)
+         puts "yes".green
+@@ -263,10 +263,12 @@ namespace :gitlab do
+     def check_uploads
+       print "Uploads directory setup correctly? ... "
+ 
+-      unless File.directory?(Rails.root.join('public/uploads'))
++      uploads_dir = ENV['GITLAB_UPLOADS_PATH'] || Rails.root.join('public/uploads')
++
++      unless File.directory?(uploads_dir)
+         puts "no".red
+         try_fixing_it(
+-          "sudo -u #{gitlab_user} mkdir -m 750 #{Rails.root}/public/uploads"
++          "sudo -u #{gitlab_user} mkdir -m 750 #{uploads_dir}"
+         )
+         for_more_information(
+           see_installation_guide_section "GitLab"
+@@ -275,7 +277,7 @@ namespace :gitlab do
+         return
+       end
+ 
+-      upload_path = File.realpath(Rails.root.join('public/uploads'))
++      upload_path = File.realpath(Rails.root.join(uploads_dir))
+       upload_path_tmp = File.join(upload_path, 'tmp')
+ 
+       if File.stat(upload_path).mode == 040750