From 73cb6392fdf135f60abf949e5de17c970630ad23 Mon Sep 17 00:00:00 2001
From: pbe-axelor <p.belloy@axelor.com>
Date: Thu, 26 Sep 2019 06:58:29 +0200
Subject: [PATCH] Add S/MIME Email Signing (#2009)

* Add S/MIME Email Signing

See https://docs.gitlab.com/ce/administration/smime_signing_email.html

Signed-off-by: Pierre Belloy <p.belloy@axelor.com>

* Remove s/mime email configs if not enabled

Signed-off-by: Pierre Belloy <p.belloy@axelor.com>
---
 README.md                                 |  3 +++
 assets/runtime/config/gitlabhq/gitlab.yml | 11 +++++++++++
 assets/runtime/env-defaults               |  3 +++
 assets/runtime/functions                  | 13 ++++++++++++-
 4 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index bf454b4f..028a628f 100644
--- a/README.md
+++ b/README.md
@@ -772,6 +772,9 @@ Below is the complete list of available options that can be used to customize yo
 | `GITLAB_EMAIL_REPLY_TO` | The reply-to address of emails sent out by GitLab. Defaults to value of `GITLAB_EMAIL`, else defaults to `noreply@example.com`. |
 | `GITLAB_EMAIL_SUBJECT_SUFFIX` | The e-mail subject suffix used in e-mails sent by GitLab. No defaults. |
 | `GITLAB_EMAIL_ENABLED` | Enable or disable gitlab mailer. Defaults to the `SMTP_ENABLED` configuration. |
+| `GITLAB_EMAIL_SMIME_ENABLE` | Enable or disable email S/MIME signing. Defaults is `false`. |
+| `GITLAB_EMAIL_SMIME_KEY_FILE` | Specifies the path to a S/MIME private key file in PEM format, unencrypted. Defaults to ``. |
+| `GITLAB_EMAIL_SMIME_CERT_FILE` | Specifies the path to a S/MIME public certificate key in PEM format. Defaults to ``. |
 | `GITLAB_DEFAULT_THEME` | Default theme ID, by default 2. (1 - Indigo, 2 - Dark, 3 - Light, 4 - Blue, 5 - Green, 6 - Light Indigo, 7 - Light Blue, 8 - Light Green, 9 - Red, 10 - Light Red) |
 | `GITLAB_INCOMING_EMAIL_ADDRESS` | The incoming email address for reply by email. Defaults to the value of `IMAP_USER`, else defaults to `reply@example.com`. Please read the [reply by email](http://doc.gitlab.com/ce/incoming_email/README.html) documentation to currently set this parameter. |
 | `GITLAB_INCOMING_EMAIL_ENABLED` | Enable or disable gitlab reply by email feature. Defaults to the value of `IMAP_ENABLED`. |
diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml
index 2539bea2..e43c58db 100644
--- a/assets/runtime/config/gitlabhq/gitlab.yml
+++ b/assets/runtime/config/gitlabhq/gitlab.yml
@@ -70,6 +70,17 @@ production: &base
     email_display_name: {{GITLAB_EMAIL_DISPLAY_NAME}}
     email_reply_to: {{GITLAB_EMAIL_REPLY_TO}}
     email_subject_suffix: '{{GITLAB_EMAIL_SUBJECT_SUFFIX}}'
+    #start-email-smime
+    email_smime:
+      # Uncomment and set to true if you need to enable email S/MIME signing (default: false)
+      enabled: {{GITLAB_EMAIL_SMIME_ENABLE}}
+      # S/MIME private key file in PEM format, unencrypted
+      # Default is '.gitlab_smime_key' relative to Rails.root (i.e. root of the GitLab app).
+      key_file: {{GITLAB_EMAIL_SMIME_KEY_FILE}}
+      # S/MIME public certificate key in PEM format, will be attached to signed messages
+      # Default is '.gitlab_smime_cert' relative to Rails.root (i.e. root of the GitLab app).
+      cert_file: {{GITLAB_EMAIL_SMIME_CERT_FILE}}
+      #end-email-smime
 
     # Email server smtp settings are in config/initializers/smtp_settings.rb.sample
 
diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults
index c66f185f..7fef1ebd 100644
--- a/assets/runtime/env-defaults
+++ b/assets/runtime/env-defaults
@@ -283,6 +283,9 @@ GITLAB_EMAIL_SUBJECT_SUFFIX=${GITLAB_EMAIL_SUBJECT_SUFFIX:-}
 GITLAB_EMAIL=${GITLAB_EMAIL:-example@example.com}
 GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO:-noreply@example.com}
 GITLAB_EMAIL_DISPLAY_NAME=${GITLAB_EMAIL_DISPLAY_NAME:-GitLab}
+GITLAB_EMAIL_SMIME_ENABLE=${GITLAB_EMAIL_SMIME_ENABLE:-false}
+GITLAB_EMAIL_SMIME_KEY_FILE=${GITLAB_EMAIL_SMIME_KEY_FILE:-}
+GITLAB_EMAIL_SMIME_CERT_FILE=${GITLAB_EMAIL_SMIME_CERT_FILE:-}
 
 ## INCOMING MAIL
 IMAP_HOST=${IMAP_HOST:-imap.gmail.com}
diff --git a/assets/runtime/functions b/assets/runtime/functions
index 35ab8d35..d641c338 100644
--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@@ -125,7 +125,7 @@ gitlab_finalize_database_parameters() {
   DB_USER=${DB_USER:-${POSTGRESQL_ENV_USER}}
   DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_PASS}}
   DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_DB}}
-  
+
 
   if [[ -z ${DB_HOST} ]]; then
     echo
@@ -351,6 +351,17 @@ gitlab_configure_mail_delivery() {
     GITLAB_EMAIL_DISPLAY_NAME \
     GITLAB_EMAIL_REPLY_TO \
     GITLAB_EMAIL_SUBJECT_SUFFIX
+
+  if [[ ${GITLAB_EMAIL_SMIME_ENABLE} == true ]]; then
+    exec_as_git sed -i "/#start-email-smime/d" ${GITLAB_CONFIG}
+    exec_as_git sed -i "/#end-email-smime/d" ${GITLAB_CONFIG}
+    update_template ${GITLAB_CONFIG} \
+      GITLAB_EMAIL_SMIME_ENABLE \
+      GITLAB_EMAIL_SMIME_KEY_FILE \
+      GITLAB_EMAIL_SMIME_CERT_FILE
+  else
+    exec_as_git sed -i "/#start-email-smime/,/#end-email-smime/d" ${GITLAB_CONFIG}
+  fi
 }
 
 gitlab_configure_mailroom() {