From 13dac63c2f39f76f129d0ac0f13ed53a0af80344 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Klinkovsk=C3=BD?= <j.l.k@gmx.com>
Date: Sun, 11 Dec 2022 12:15:34 +0100
Subject: [PATCH] Symlink /usr/share/webapps/gitlab/tmp to /var/tmp to avoid
 ReadWritePaths in gitlab-backup.service

---
 trunk/PKGBUILD              | 11 +++++++----
 trunk/gitlab-backup.service |  1 -
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD
index ce5be3e8..7b95bcf5 100644
--- a/trunk/PKGBUILD
+++ b/trunk/PKGBUILD
@@ -9,7 +9,7 @@
 
 pkgname=gitlab
 pkgver=15.6.1
-pkgrel=2
+pkgrel=3
 pkgdesc="Project management and code hosting application"
 arch=('x86_64')
 url="https://gitlab.com/gitlab-org/gitlab-foss"
@@ -45,7 +45,7 @@ sha512sums=('SKIP'
             '5b1ca2958f03a5baf1c5576a1568072e8ed749e2d15745ecbcc4860d2dbd543f2f3ed077e8d87afac2670c9436b19fe498217b49916d56a4e31fb9811aeb9067'
             '451a030940f124bccd6d29c1924861b361d52db32cff6e745c144286c2afc7065e117f825721145ed2dd4406f5bcfa97e228a80b968aaa9a675613b71b776eba'
             '419848c668928276620b5229e457a39e0ed7e111f1da68a30c3e0ae1a644af1c869b004b35435ccec4ddcdf6cf7418b1ab71e6e2ee8a2c861c6625c8bfd908f6'
-            '69a992006176c85ec2abca75d6233d87586ff42101c8f0b9144218e063cdc3e154c69aa3eb4af9494580b388b0c33d148d2da73d91e4440867ce25a28bbab682'
+            'd86e16747ad79f514ce180646c68bec8b6fa61764b2b14b1621db998f48955c3fb81f4e19ecb0fbab9d603dd25d95929e6d72a473652608373e6551f26244738'
             'f8067d1ee444a50dc9b2ed871974225ad521c310eb191e075adb0e45e47168da7d16b92f2e40d7ce755041dd4426a05f0ad1385392b4db526aeaf8a638eb024f'
             'c76d634647336aaf157bc66ba094a363e971c0d275875a7df4521819147f54cd4c709eb8e024cdac9e900d99167e8a78a222587e7292e915573ef29060e6ec21'
             '879be339148123e32b58a5669fdd3d3bb8b5d711326cb618f95b1680a6ac3a83c85d8862f2691b352fa26c95e4764dbb827856e22a3e2b9e4a76c13fe42864b5'
@@ -141,10 +141,13 @@ package() {
   # Create symlinks that point to data directories under /var
   ln -fs "${_logdir}" "${pkgdir}${_appdir}/log"
   ln -fs "${_datadir}/builds" "${pkgdir}${_appdir}/builds"
-  mkdir "${pkgdir}${_appdir}/tmp/"
-  ln -fs "${_datadir}/backups" "${pkgdir}${_appdir}/tmp/backups"
   ln -fs "${_datadir}/uploads" "${pkgdir}${_appdir}/public/uploads"
   ln -fs "${_datadir}/shared" "${pkgdir}${_appdir}/shared"
+  # The path to backups is configured in gitlab.yml, but the gitlab:backup rake
+  # task writes a PID file in this directory (the path is hardcoded in
+  # /usr/share/webapps/gitlab/lib/tasks/gitlab/backup.rake).
+  # See https://bugs.archlinux.org/task/76630
+  ln -fs /var/tmp "${pkgdir}${_appdir}/tmp"
 
   # TODO: workhorse and shell secret files are the application data and should be stored under /var/lib/gitlab
   ln -fs "${_etcdir}/gitlab_workhorse_secret" "${pkgdir}${_appdir}/.gitlab_workhorse_secret"
diff --git a/trunk/gitlab-backup.service b/trunk/gitlab-backup.service
index 902394c3..9b739c1f 100644
--- a/trunk/gitlab-backup.service
+++ b/trunk/gitlab-backup.service
@@ -15,6 +15,5 @@ PrivateTmp=true
 PrivateDevices=true
 ProtectSystem=full
 ProtectHome=true
-ReadWritePaths=<APPDIR>/tmp
 NoNewPrivileges=true
 ExecStart=/usr/bin/bundle-2.7 exec rake gitlab:backup:create
-- 
2.38.1