From e67e1b53536ba6a7dba5afa2ff937e8c2ddae986 Mon Sep 17 00:00:00 2001
From: Kevin Daudt <kdaudt@alpinelinux.org>
Date: Thu, 30 Mar 2023 22:51:56 +0200
Subject: [PATCH] alpine: upgrade to 3.17

Alpine 3.17 comes with ruby-3.1, which runs into some compattibility
issues for certain gems. So this includes some patches to make sure it's
compattible:

1. openssl is pinned to 3.0.1, the versions shipped with ruby 3.1[0]
2. net-smtp, net-imap and net-pop gems are added as they are no longer
   bundled[1]
3. psych is kept on a version <4 as version 4 is backwards
   incompattible[2].

[0]:https://gitlab.com/gitlab-org/gitlab/-/blob/v15.10.0-ee/Gemfile#L22
[1]:https://github.com/mikel/mail/pull/1439
[2]:https://bugs.ruby-lang.org/issues/1786
---
 Dockerfile                               |  2 +-
 VERSIONS                                 |  4 +--
 gitaly/Dockerfile                        |  2 +-
 overlay/tmp/gitlab/openssl-3.0.patch     | 35 ++++++++++++++++++++++++
 overlay/tmp/gitlab/ruby-3.1-compat.patch | 14 ++++++++++
 overlay/usr/local/bin/setup.sh           |  2 ++
 6 files changed, 55 insertions(+), 4 deletions(-)
 create mode 100644 overlay/tmp/gitlab/openssl-3.0.patch
 create mode 100644 overlay/tmp/gitlab/ruby-3.1-compat.patch

diff --git a/Dockerfile b/Dockerfile
index c8df11e..3520483 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,7 +11,7 @@ ENV GITLAB_VERSION=$GITLAB_VERSION
 COPY overlay /
 COPY --from=gitlab-shell /home/git/gitlab-shell /home/git/gitlab-shell
 
-RUN  setup.sh
+RUN setup.sh
 
 EXPOSE 80
 
diff --git a/VERSIONS b/VERSIONS
index 361c98e..39549e9 100644
--- a/VERSIONS
+++ b/VERSIONS
@@ -1,3 +1,3 @@
 GITLAB_VERSION=15.10.7
-ALPINE_VERSION=3.16
-RUBY_VERSION=3.0
+ALPINE_VERSION=3.17
+RUBY_VERSION=3.1
diff --git a/gitaly/Dockerfile b/gitaly/Dockerfile
index 0d2bf50..a74b50f 100644
--- a/gitaly/Dockerfile
+++ b/gitaly/Dockerfile
@@ -60,7 +60,7 @@ FROM alpinelinux/gitlab-shell:$GITLAB_SHELL_VERSION as gitlab-shell
 
 ######################################################
 
-FROM ruby:2.7-alpine$ALPINE_VERSION
+FROM ruby:$RUBY_VERSION-alpine$ALPINE_VERSION
 
 COPY overlay /
 COPY build/setup-image /usr/local/bin/
diff --git a/overlay/tmp/gitlab/openssl-3.0.patch b/overlay/tmp/gitlab/openssl-3.0.patch
new file mode 100644
index 0000000..fe07b43
--- /dev/null
+++ b/overlay/tmp/gitlab/openssl-3.0.patch
@@ -0,0 +1,35 @@
+diff --git a/Gemfile b/Gemfile
+index 8cafe3b8909c..bdb425b4aeda 100644
+--- a/Gemfile
++++ b/Gemfile
+@@ -19,7 +19,7 @@ gem 'bootsnap', '~> 1.16.0', require: false
+ 
+ # Pin openssl to match the version bundled with our supported Rubies.
+ # See https://stdgems.org/openssl/#gem-version.
+-gem 'openssl', '2.2.2'
++gem 'openssl', '3.0.1'
+ # This gem was originally bundled with Ruby 2.7, but is unbundled as of Ruby 3.
+ # Since the latest version caused problems with GitLab, we pin this to an older
+ # version for now.
+diff --git a/Gemfile.lock b/Gemfile.lock
+index 1f1f566be37c..bd274e05d353 100644
+--- a/Gemfile.lock
++++ b/Gemfile.lock
+@@ -1070,7 +1070,7 @@ GEM
+       validate_email
+       validate_url
+       webfinger (>= 1.0.1)
+-    openssl (2.2.2)
++    openssl (3.0.1)
+       ipaddr
+     openssl-signature_algorithm (1.3.0)
+       openssl (> 2.0)
+@@ -1826,7 +1826,7 @@ DEPENDENCIES
+   omniauth_crowd (~> 2.4.0)!
+   omniauth_openid_connect (~> 0.6.1)
+   openid_connect (= 1.3.0)
+-  openssl (= 2.2.2)
++  openssl (= 3.0.1)
+   org-ruby (~> 0.9.12)
+   pact (~> 1.63)
+   parallel (~> 1.19)
diff --git a/overlay/tmp/gitlab/ruby-3.1-compat.patch b/overlay/tmp/gitlab/ruby-3.1-compat.patch
new file mode 100644
index 0000000..4406218
--- /dev/null
+++ b/overlay/tmp/gitlab/ruby-3.1-compat.patch
@@ -0,0 +1,14 @@
+diff --git a/Gemfile b/Gemfile
+index bdb425b4aeda..e453baac9fe4 100644
+--- a/Gemfile
++++ b/Gemfile
+@@ -602,3 +602,9 @@ install_if -> { Gem::Version.new(RUBY_VERSION) >= Gem::Version.new("3.0.0") } do
+ end
+ 
+ gem 'duo_api', '~> 1.3'
++
++# ruby 3.1 compattibility
++gem 'net-smtp'
++gem 'net-imap'
++gem 'net-pop'
++gem 'psych', '<4'
diff --git a/overlay/usr/local/bin/setup.sh b/overlay/usr/local/bin/setup.sh
index b7f91a9..f8bd81e 100755
--- a/overlay/usr/local/bin/setup.sh
+++ b/overlay/usr/local/bin/setup.sh
@@ -107,6 +107,8 @@ apply_patch -p0 -i /tmp/gitlab/puma-socket-path.patch
 apply_patch -p1 -i /tmp/gitlab/cable-defaults.patch
 apply_patch -p1 -i /tmp/gitlab/database-remove-geo.patch
 apply_patch -p1 -i /tmp/gitlab/mr-119042-mr-failed.patch
+apply_patch -p1 -i /tmp/gitlab/openssl-3.0.patch
+apply_patch -p1 -i /tmp/gitlab/ruby-3.1-compat.patch
 apply_patch -p0 -i /tmp/logrotate/logrotate-defaults.patch
 apply_patch -p0 -i /tmp/nginx/nginx-config.patch
 apply_patch -p0 -i /tmp/resque/resque-config.patch