2026-01-18 13:58:25 +00:00 · 2017-07-23 13:19:21 +02:00 · 2017-07-23 13:19:21 +02:00 · 04589d2d66
commit 04589d2d66
parent c0b3a59221 e383d84296
2 changed files with 15 additions and 0 deletions
--- a/assets/build/install.sh
+++ b/assets/build/install.sh
@ -169,6 +169,9 @@ exec_as_git bundle exec rake gitlab:assets:compile USE_DB=false SKIP_STORAGE_VAL
 # remove auto generated ${GITLAB_DATA_DIR}/config/secrets.yml
 rm -rf ${GITLAB_DATA_DIR}/config/secrets.yml

+# remove gitlab shell and workhorse secrets
+rm -f ${GITLAB_INSTALL_DIR}/.gitlab_shell_secret ${GITLAB_INSTALL_DIR}/.gitlab_workhorse_secret
+
 exec_as_git mkdir -p ${GITLAB_INSTALL_DIR}/tmp/pids/ ${GITLAB_INSTALL_DIR}/tmp/sockets/
 chmod -R u+rwX ${GITLAB_INSTALL_DIR}/tmp

--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@ -710,6 +710,18 @@ gitlab_configure_secrets() {
  GITLAB_SECRETS_DB_KEY_BASE \
  GITLAB_SECRETS_SECRET_KEY_BASE \
  GITLAB_SECRETS_OTP_KEY_BASE
+
+  local shell_secret="${GITLAB_INSTALL_DIR}/.gitlab_shell_secret"
+  if [[ ! -f "${shell_secret}" ]]; then
+    exec_as_git openssl rand -hex -out "${shell_secret}" 16
+    chmod 600 "${shell_secret}"
+  fi
+
+  local workhorse_secret="${GITLAB_INSTALL_DIR}/.gitlab_workhorse_secret"
+  if [[ ! -f "${workhorse_secret}" ]]; then
+    exec_as_git openssl rand -base64 -out "${workhorse_secret}" 32
+    chmod 600 "${workhorse_secret}"
+  fi
 }

 gitlab_configure_sidekiq() {