[DRE-maint] Bug#964193: gitlab: 500 Errrors at log in because of missing setting in gitlab.yml
Frederik Himpe
fhimpe at ai.vub.ac.be
Fri Jul 3 13:41:48 BST 2020
Package: gitlab
Version: 13.1.2-1+fto10+1
Severity: normal
I upgraded from 12.10.3-1+fto10+1 to 13.1.2-1+fto10+1 and when trying to
login after that, I got 500 errors.
Error from production log:
Settingslogic::MissingSetting (Missing setting 'admin_area_protected_paths_enabled' in 'rack_attack' section in /etc/gitlab/gitlab.yml):
config/initializers/rack_attack_new.rb:18:in `should_use_omnibus_protected_paths?'
config/initializers/rack_attack_new.rb:11:in `protected_paths_enabled?'
config/initializers/rack_attack_new.rb:90:in `block in <class:Attack>'
lib/gitlab/middleware/read_only/controller.rb:51:in `call'
lib/gitlab/middleware/read_only.rb:18:in `call'
lib/gitlab/middleware/same_site_cookies.rb:27:in `call'
lib/gitlab/middleware/basic_health_check.rb:25:in `call'
lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'
lib/gitlab/middleware/request_context.rb:23:in `call'
config/initializers/fix_local_cache_middleware.rb:9:in `call'
lib/gitlab/metrics/requests_rack_middleware.rb:60:in `call'
lib/gitlab/middleware/release_env.rb:12:in `call'
I hadd to add
admin_area_protected_paths_enabled: true
to gitlab.yml to make it work.
/etc/gitlab/gitlab.yml.example does not contain this option, nor could I
find much information about this specific option documented online. This
should be at least in gitlab.yml.example.
-- System Information:
Debian Release: 10.4
APT prefers stable
APT policy: (700, 'stable'), (650, 'proposed-updates'), (640, 'buster-backports'), (630, 'buster-fasttrack'), (600, 'oldstable'), (550, 'oldstable-proposed-updates'), (500, 'oldoldstable'), (500, 'testing'), (200, 'unstable'), (160, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gitlab depends on:
ii apache2 [httpd] 2.4.38-3+deb10u3
ii asciidoctor 2.0.10-2~bpo10+1
ii bc 1.07.1-2+b1
ii bundler 1.17.3-3
ii bzip2 1.0.6-9.2~deb10u1
ii dbconfig-pgsql 2.0.11+deb10u1
ii debconf [debconf-2.0] 1.5.71
ii gitlab-common 13.1.0+dfsg-1~bpo10+1
ii gitlab-workhorse 8.36.0+debian-1~bpo10+1
ii libjs-bootstrap4 [node-bootstrap] 4.3.1+dfsg2-1
ii libjs-popper.js [node-popper.js] 1.14.6+ds2-1
ii libjs-uglify 2.8.29-6
ii lsb-base 10.2019051400
ii node-autosize 4.0.2~dfsg1-3
ii node-axios 0.17.1+dfsg-2
ii node-babel-loader 8.1.0-3~bpo10+1
ii node-babel7 7.4.5+~cs7.3.8-1~bpo10+1
ii node-brace-expansion 1.1.8-1
ii node-cache-loader 4.1.0-1~bpo10+1
ii node-chart.js 2.7.3+dfsg-5
ii node-clipboard 2.0.6+ds-1~bpo10+1
ii node-compression-webpack-plugin 3.0.1-1~bpo10+1
ii node-core-js 3.6.5-1
ii node-css-loader 2.1.1-1~bpo10+1
ii node-d3-scale 2.2.2-2
ii node-d3-selection 1.4.0-5
ii node-dateformat 3.0.0-1
ii node-exports-loader 0.7.0-2~bpo10+1
ii node-fuzzaldrin-plus 0.5.0+dfsg-1
ii node-glob 7.1.6-1~bpo10+1
ii node-imports-loader 0.8.0-2~bpo10+1
ii node-jed 1.1.1-1
ii node-jquery 3.5.1+dfsg-4
ii node-jquery-ujs 1.2.2-2
ii node-js-cookie 2.2.0-2
ii node-jszip 3.2.2+dfsg-1
ii node-jszip-utils 0.0.2+dfsg-1
ii node-lodash 4.17.15+dfsg-2
ii node-marked 0.5.1+dfsg-1
ii node-mousetrap 1.6.1+ds-1
ii node-prismjs 1.11.0+dfsg-3
ii node-prosemirror-model 1.9.0-3
ii node-raven-js 3.22.1+dfsg-2
ii node-three-orbit-controls 82.1.0-2
ii node-three-stl-loader 1.0.6-2
ii node-timeago.js 4.0.2-2
ii node-underscore 1.9.1~dfsg-1
ii node-url-loader 3.0.0-1~bpo10+1
ii node-vue 2.6.11+dfsg-1~bpo10+1
ii node-vue-resource 1.5.1+dfsg-6
ii node-webpack-stats-plugin 0.2.1-1
ii node-worker-loader 2.0.0-2~bpo10+1
ii node-xterm 3.8.1-4
ii nodejs 10.21.0~dfsg-1~deb10u1
ii openssh-client 1:7.9p1-10+deb10u2
ii postfix [mail-transport-agent] 3.4.10-0+deb10u1
ii postgresql-client 11+200+deb10u3
ii postgresql-client-11 [postgresql-client] 11.7-0+deb10u1
ii postgresql-contrib 11+200+deb10u3
ii puma 3.12.0-2+deb10u1
ii rake 12.3.1-3+deb10u1
ii redis-server 5:5.0.3-4+deb10u1
ii ruby 1:2.5.1
ii ruby-ace-rails-ap 4.1.1-1
ii ruby-acme-client 2.0.5-1~bpo10+1
ii ruby-activerecord-explain-analyze 0.1.0-2~bpo10+1
ii ruby-acts-as-taggable-on 6.5.0-2~bpo10+1
ii ruby-addressable 2.7.0-1~bpo10+1
ii ruby-akismet 3.0.0-1~bpo10+1
ii ruby-apollo-upload-server 2.0.0~beta3-1~bpo10+1
ii ruby-asana 0.9.3-3~bpo10+1
ii ruby-asciidoctor-include-ext 0.3.1-2~bpo10+1
ii ruby-asciidoctor-plantuml 0.0.12-1~bpo10+1
ii ruby-attr-encrypted 3.1.0-2~bpo10+1
ii ruby-aws-sdk 2.9.32-2
ii ruby-babosa 1.0.2-2
ii ruby-base32 0.3.2-3
ii ruby-batch-loader 1.4.1+dfsg.1-1~bpo10+1
ii ruby-bcrypt-pbkdf 1.0.0-2
ii ruby-benchmark-memory 0.1.2-2~bpo10+1
ii ruby-bootsnap 1.4.6-1~bpo10+1
ii ruby-bootstrap-form 4.2.0-2
ii ruby-browser 2.5.3-1
ii ruby-carrierwave 1.3.1-2
ii ruby-charlock-holmes 0.7.6-1
ii ruby-chronic [ruby-gitlab-chronic] 0.10.5-2~bpo10+1
ii ruby-chronic-duration [ruby-gitlab-chronic-du 0.10.6.2-2~bpo10+1
ii ruby-commonmarker 0.20.2-1~bpo10+1
ii ruby-connection-pool 2.2.2-1
ii ruby-countries 3.0.0-2~bpo10+1
ii ruby-creole 0.5.0-2
ii ruby-default-value-for 3.3.0-1~bpo10+1
ii ruby-derailed-benchmarks 1.7.0-2~bpo10+1
ii ruby-device-detector 1.0.1-2
ii ruby-devise 4.7.1-2~bpo10+1
ii ruby-devise-two-factor 3.1.0-2~bpo10+1
ii ruby-diff-match-patch 0.1.0-2~bpo10+1
ii ruby-diffy 3.3.0-1~bpo10+1
ii ruby-discordrb-webhooks 3.3.0-1
ii ruby-doorkeeper 5.0.3-1~bpo10+1
ii ruby-doorkeeper-openid-connect 1.6.3-2~bpo10+1
ii ruby-ed25519 1.2.4-1
ii ruby-elasticsearch 6.8.1-2~bpo10+1
ii ruby-elasticsearch-api 6.8.1-2~bpo10+1
ii ruby-email-reply-trimmer 0.1.6-1
ii ruby-erubi 1.9.0-1~bpo10+1
ii ruby-escape-utils 1.2.1-1+b1
ii ruby-excon 0.72.0-2~bpo10+1
ii ruby-faraday 0.17.3-1~bpo10+1
ii ruby-fast-blank 1.0.0-1+b1
ii ruby-flipper [ruby-flipper-active-support-cac 0.17.1-4~bpo10+1
pn ruby-flipper-active-record <none>
ii ruby-flowdock 0.7.1-1
ii ruby-fog-aliyun 0.3.2-4
ii ruby-fog-aws 3.5.2-1~bpo10+1
ii ruby-fog-core 2.1.0-3
ii ruby-fog-google 1.10.0-2~bpo10+1
ii ruby-fog-local 0.6.0-1
ii ruby-fog-openstack 1.0.8-2
ii ruby-fog-rackspace 0.1.6-2
ii ruby-fogbugz 0.2.1-3
ii ruby-font-awesome-rails 4.7.0.5-1~bpo10+1
ii ruby-fugit 1.3.3+gh-1~bpo10+1
ii ruby-gemojione 3.3.0-1
ii ruby-gettext-i18n-rails 1.8.0-1
ii ruby-gettext-i18n-rails-js 1.3.0+dfsg-2
ii ruby-gitaly 13.1.0+dfsg-1~bpo10+1
ii ruby-github-markup 1.7.0+dfsg-2
ii ruby-gitlab-labkit 0.12.0-2~bpo10+1
ii ruby-gitlab-sidekiq-fetcher 0.5.2-1~bpo10+1
ii ruby-gon 6.2.1-1
ii ruby-google-api-client 0.33.0-2~bpo10+1
ii ruby-google-protobuf 3.11.4-3~bpo10+1
ii ruby-gpgme 2.0.19-1~bpo10+1
ii ruby-grape 1.3.3-1~bpo10+1
ii ruby-grape-entity 0.8.0-1~bpo10+1
ii ruby-grape-logging 1.7.0-1
ii ruby-grape-path-helpers 1.3.0-1~bpo10+1
ii ruby-graphiql-rails 1.4.10-1
ii ruby-graphql 1.10.7-2~bpo10+1
ii ruby-grpc 1.26.0-2~bpo10+1
ii ruby-hamlit 2.11.0-2~bpo10+1
ii ruby-hangouts-chat 0.0.5-2
ii ruby-hashie-forbidden-attributes 0.1.1-1
ii ruby-health-check 2.6.0-1
ii ruby-hipchat 1.5.2-3
ii ruby-html-pipeline 2.12.3-1~bpo10+1
ii ruby-html2text 0.2.0-1
ii ruby-httparty 0.17.0-1
ii ruby-icalendar 2.4.1-2
ii ruby-invisible-captcha 0.12.2-2~bpo10+1
ii ruby-jira 2.0.0-2~bpo10+1
ii ruby-jquery-atwho-rails 1.5.4+dfsg-1
ii ruby-js-regex 3.1.1-1
ii ruby-json 2.3.0+dfsg-1~bpo10+1
ii ruby-json-schema 2.8.1-1
ii ruby-jwt 2.1.0-2~bpo10+1
ii ruby-kaminari 1.2.1-1~bpo10+1
ii ruby-kgio 2.11.2-1+b1
ii ruby-kubeclient 4.6.0-1
ii ruby-licensee 8.9.2-1
ii ruby-lockbox 0.3.5-2~bpo10+1
ii ruby-lograge 0.10.0-1
ii ruby-loofah 2.4.0+dfsg-1~bpo10+1
ii ruby-lru-redux 1.1.0-2~bpo10+1
ii ruby-mail 2.7.1+dfsg1-1
ii ruby-mail-room 0.10.0+really0.0.6-1~bpo10+1
ii ruby-marginalia 1.8.0-2~bpo10+1
ii ruby-memory-profiler 0.9.14-2~bpo10+1
ii ruby-method-source 1.0.0-1~bpo10+1
ii ruby-mimemagic 0.3.2+dfsg-1
ii ruby-mini-magick 4.9.2-1+deb10u1
ii ruby-nakayoshi-fork 0.0.4-1
ii ruby-net-dns [ruby-gitlab-net-dns] 0.9.1-2~bpo10+1
ii ruby-net-ldap 0.16.1-1
ii ruby-net-ntp 2.1.3-2~bpo10+1
ii ruby-net-ssh 1:6.0.2-2~bpo10+1
ii ruby-nokogiri 1.10.9+dfsg-1~bpo10+1
ii ruby-ntlm 0.6.1-2
ii ruby-oauth2 1.4.4-1~bpo10+1
ii ruby-octokit 4.17.0-2~bpo10+1
ii ruby-omniauth 1.9.0-1~bpo10+1
ii ruby-omniauth-auth0 2.0.0-1
ii ruby-omniauth-authentiq 0.3.3-1
ii ruby-omniauth-azure-oauth2 0.0.10-1
ii ruby-omniauth-cas3 1.1.4-2
ii ruby-omniauth-crowd 2.4.0-1
ii ruby-omniauth-facebook 4.0.0-2
ii ruby-omniauth-github 1.4.0-1~bpo10+1
ii ruby-omniauth-gitlab 1.0.2-1
ii ruby-omniauth-google-oauth2 0.6.0-2~bpo10+1
ii ruby-omniauth-kerberos 0.3.0-3
ii ruby-omniauth-ldap 2.1.1-1
ii ruby-omniauth-oauth2-generic 0.2.2-1
ii ruby-omniauth-openid-connect 0.3.5-1~bpo10+1
ii ruby-omniauth-salesforce 1.0.5-2~bpo10+1
ii ruby-omniauth-saml 1.10.0-1
ii ruby-omniauth-shibboleth 1.3.0-1
ii ruby-omniauth-twitter 1.4.0-1
ii ruby-org 0.9.12-2
ii ruby-peek 1.1.0-1~bpo10+1
ii ruby-pg 1.1.3-3
ii ruby-posix-spawn 0.3.13-2+b1
ii ruby-premailer-rails 1.10.3-1~bpo10+1
ii ruby-prof 1.3.1-1~bpo10+1
ii ruby-progressbar 1.9.0-2
ii ruby-prometheus-client-mmap 0.10.0-1+b1
ii ruby-rack 2.1.1-4~bpo10+1
ii ruby-rack-attack 6.3.1-1~bpo10+1
ii ruby-rack-cors 1.1.1-1
ii ruby-rack-oauth2 1.11.0-2
ii ruby-rack-proxy 0.6.1-2
ii ruby-rack-timeout 0.4.2-1
ii ruby-rails 2:6.0.3.1+dfsg-1~bpo10+1
ii ruby-rails-i18n 6.0.0-2~bpo10+1
ii ruby-rainbow 3.0.0-2
ii ruby-raindrops 0.19.0-1+b2
ii ruby-rbtrace 0.4.10-1
ii ruby-re2 1.2.0-1~bpo10+1
ii ruby-recaptcha 4.11.1-2
ii ruby-redcloth 4.3.2-3+b1
ii ruby-redis 4.1.2-4~bpo10+1
ii ruby-redis-actionpack 5.2.0-2~bpo10+1
ii ruby-redis-activesupport 5.2.0-1~bpo10+1
ii ruby-redis-namespace 1.6.0-1
ii ruby-redis-rails 5.0.2-3
ii ruby-request-store 1.5.0-2~bpo10+1
ii ruby-responders 3.0.0-3~bpo10+1
ii ruby-retriable 3.1.2-1~bpo10+1
ii ruby-rouge 3.19.0-1~bpo10+1
ii ruby-rqrcode-rails3 0.1.7-1
ii ruby-ruby-parser 3.11.0-4~bpo10+1
ii ruby-rugged 0.28.4.1+ds-1+b1
ii ruby-sanitize 4.6.6-2
ii ruby-sassc 2.0.1-2~bpo10+1
ii ruby-sassc-rails 2.1.2-3~bpo10+1
ii ruby-seed-fu 2.3.7-3~bpo10+1
ii ruby-sentry-raven 2.13.0-1
ii ruby-settingslogic 2.0.9-3
ii ruby-sidekiq 5.2.7+dfsg-1~bpo10+1
ii ruby-sidekiq-cron 1.1.0-3
ii ruby-slack-messenger 2.3.3-2~bpo10+1
ii ruby-snowplow-tracker 0.6.1-2~bpo10+1
ii ruby-sprockets 3.7.2-1
ii ruby-sshkey 2.0.0-2~bpo10+1
ii ruby-stackprof 0.2.15-2~bpo10+1
ii ruby-state-machines-activemodel 0.7.1-2~bpo10+1
ii ruby-state-machines-activerecord 0.6.0-2~bpo10+1
ii ruby-sys-filesystem 1.1.7-2
ii ruby-task-list [node-deckar01-task-list] 2.3.1-1~bpo10+1
ii ruby-toml-rb 1.0.0-2
ii ruby-truncato 0.7.11-1
ii ruby-u2f 0.2.1-2
ii ruby-uglifier 2.7.2+dfsg-2
ii ruby-unf 0.1.4-2
ii ruby-unf-ext 0.0.7.5-1
ii ruby-unicorn-worker-killer 0.4.4-1
ii ruby-unleash 0.1.6-2~bpo10+1
ii ruby-valid-email 0.1.3-2~bpo10+1
ii ruby-validates-hostname 1.0.10-1~bpo10+1
ii ruby-version-sorter 2.2.4-1+b1
ii ruby-virtus 1.0.5-3
ii ruby-vmstat 2.3.0-2+b1
ii ruby-webpack-rails 0.9.11+git-1
ii ruby-wikicloth 0.8.1+dfsg-4
ii ruby-zip 2.0.0-1~bpo10+1
ii ucf 3.0038+nmu1
ii unicorn 5.5.3-1~bpo10+1
ii webpack 4.30.0-9~bpo10+1
ii yarnpkg 1.22.4-2~bpo10+1
Versions of packages gitlab recommends:
ii certbot 0.31.0-1
ii gitaly 13.1.0+dfsg-1~bpo10+1
gitlab suggests no packages.
-- Configuration Files:
/etc/gitlab/database.yml [Errno 13] Permission denied: '/etc/gitlab/database.yml'
/etc/gitlab/resque.yml [Errno 13] Permission denied: '/etc/gitlab/resque.yml'
-- debconf information excluded
-- debsums errors found:
debsums: changed file /usr/lib/gitlab/scripts/rake-tasks.sh (from gitlab package)
debsums: changed file /var/lib/gitlab/yarn.lock (from gitlab package)
More information about the Pkg-ruby-extras-maintainers
mailing list