init

config/software/gitlab-geo-psql.rb

+#
+# Copyright:: Copyright (c) 2016 GitLab Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'digest'
+
+name 'gitlab-geo-psql'
+
+license 'Apache-2.0'
+license_file File.expand_path('LICENSE', Omnibus::Config.project_root)
+
+skip_transitive_dependency_licensing true
+
+# This 'software' is self-contained in this file. Use the file contents
+# to generate a version string.
+default_version Digest::MD5.file(__FILE__).hexdigest
+
+build do
+  mkdir "#{install_dir}/bin/"
+
+  block do
+    File.open("#{install_dir}/bin/gitlab-geo-psql", 'w') do |file|
+      file.print <<-EOH
+#!/bin/sh
+
+error_echo()
+{
+  echo "$1" 2>& 1
+}
+
+gitlab_geo_psql_rc='/opt/gitlab/etc/gitlab-geo-psql-rc'
+
+
+if ! [ -f ${gitlab_geo_psql_rc} ] ; then
+  error_echo "$0 error: could not load ${gitlab_geo_psql_rc}"
+  error_echo "Either you are not allowed to read the file, or it does not exist yet."
+  error_echo "You can generate it with:   sudo gitlab-ctl reconfigure"
+  exit 1
+fi
+
+. ${gitlab_geo_psql_rc}
+
+if [ "$(id -n -u)" = "${psql_user}" ] ; then
+  privilege_drop=''
+else
+  privilege_drop="-u ${psql_user}:${psql_group}"
+fi
+
+cd /tmp; exec /opt/gitlab/embedded/bin/chpst ${privilege_drop} -U ${psql_user} /usr/bin/env PGSSLCOMPRESSION=0 /opt/gitlab/embedded/bin/psql -p ${psql_port} -h ${psql_host} -d ${psql_dbname} "$@"
+      EOH
+    end
+  end
+
+  command "chmod 755 #{install_dir}/bin/gitlab-geo-psql"
+end

config/software/gitlab-healthcheck.rb

+#
+# Copyright:: Copyright (c) 2016 GitLab Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'gitlab-healthcheck'
+
+license 'Apache-2.0'
+license_file File.expand_path('LICENSE', Omnibus::Config.project_root)
+
+skip_transitive_dependency_licensing true
+
+# This 'software' is self-contained in this file. Use the file contents
+# to generate a version string.
+default_version Digest::MD5.file(__FILE__).hexdigest
+
+build do
+  mkdir "#{install_dir}/bin/"
+
+  block do
+    File.open("#{install_dir}/bin/gitlab-healthcheck", 'w') do |file|
+      file.print <<-EOH
+#!/bin/bash
+
+error_echo()
+{
+  echo "$1" 2>& 1
+}
+
+gitlab_healthcheck_rc='/opt/gitlab/etc/gitlab-healthcheck-rc'
+
+
+if ! [ -f ${gitlab_healthcheck_rc} ] ; then
+  exit 1
+fi
+
+. ${gitlab_healthcheck_rc}
+
+exec /opt/gitlab/embedded/bin/curl "$@" "${flags[@]}" "${url}"
+      EOH
+    end
+  end
+
+  command "chmod 755 #{install_dir}/bin/gitlab-healthcheck"
+end

config/software/gitlab-kas.rb

+#
+# Copyright:: Copyright (c) 2020 GitLab Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require "#{Omnibus::Config.project_root}/lib/gitlab/version"
+version = Gitlab::Version.new('gitlab-kas')
+
+name 'gitlab-kas'
+default_version version.print
+
+license 'MIT'
+license_file 'LICENSE'
+
+skip_transitive_dependency_licensing true
+
+source git: version.remote
+
+build do
+  env = { 'TARGET_DIRECTORY' => "#{Omnibus::Config.source_dir}/gitlab-kas/build" }
+
+  make 'kas', env: env
+
+  mkdir "#{install_dir}/embedded/bin/"
+  move 'build/kas', "#{install_dir}/embedded/bin/gitlab-kas"
+
+  command "license_finder report --decisions-file=#{Omnibus::Config.project_root}/support/dependency_decisions.yml --format=json --columns name version licenses texts notice --save=license.json"
+  copy "license.json", "#{install_dir}/licenses/gitlab-kas.json"
+end

config/software/gitlab-pages.rb

+#
+# Copyright:: Copyright (c) 2016 GitLab B.V.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require "#{Omnibus::Config.project_root}/lib/gitlab/version"
+version = Gitlab::Version.new('gitlab-pages')
+
+name 'gitlab-pages'
+default_version version.print
+
+license 'MIT'
+license_file 'LICENSE'
+
+skip_transitive_dependency_licensing true
+
+source git: version.remote
+relative_path 'src/gitlab.com/gitlab-org/gitlab-pages'
+
+build do
+  env = {
+    # This is required for GO15VENDOREXPERIMENT=1 to work properly,
+    # since it requires the package to be in $GOPATH/src/package
+    'GOPATH' => "#{Omnibus::Config.source_dir}/gitlab-pages",
+    'GOTOOLCHAIN' => 'local',
+  }
+
+  # Pages compiles with CGO_ENABLED=0 by default, so we need to activate
+  # FIPS mode explicitly.
+  if Build::Check.use_system_ssl?
+    env['FIPS_MODE'] = '1'
+    env['GOEXPERIMENT'] = 'boringcrypto' if Build::Check.boringcrypto_supported?
+  end
+
+  make 'gitlab-pages', env: env
+
+  mkdir "#{install_dir}/embedded/bin/"
+  move 'gitlab-pages', "#{install_dir}/embedded/bin/gitlab-pages"
+
+  command "license_finder report --enabled-package-managers godep gomodules --decisions-file=#{Omnibus::Config.project_root}/support/dependency_decisions.yml --format=json --columns name version licenses texts notice --save=license.json"
+  copy "license.json", "#{install_dir}/licenses/gitlab-pages.json"
+end

config/software/gitlab-pg-ctl.rb

+#
+# Copyright:: Copyright (c) 2018 GitLab Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'digest'
+
+name 'gitlab-pg-ctl'
+
+license 'Apache-2.0'
+license_file File.expand_path('LICENSE', Omnibus::Config.project_root)
+
+skip_transitive_dependency_licensing true
+
+# This 'software' is self-contained in this file. Use the file contents
+# to generate a version string.
+default_version Digest::MD5.file(__FILE__).hexdigest
+
+build do
+  mkdir "#{install_dir}/embedded/bin/"
+
+  block do
+    File.open("#{install_dir}/embedded/bin/gitlab-pg-ctl", 'w') do |file|
+      file.print <<-EOH
+#!/bin/sh
+
+error_echo()
+{
+  echo "$1" 2>& 1
+}
+
+gitlab_psql_rc='/opt/gitlab/etc/gitlab-psql-rc'
+
+
+if ! [ -f ${gitlab_psql_rc} ] || ! [ -r ${gitlab_psql_rc} ] ; then
+  error_echo "$0 error: could not load ${gitlab_psql_rc}"
+  error_echo "Either you are not allowed to read the file, or it does not exist yet."
+  error_echo "You can generate it with:   sudo gitlab-ctl reconfigure"
+  exit 1
+fi
+
+. "${gitlab_psql_rc}"
+
+if [ "$(id -n -u)" = "${psql_user}" ] ; then
+  privilege_drop=''
+else
+  privilege_drop="-u ${psql_user}:${psql_group}"
+fi
+
+export PGDATA=${psql_host}/data
+cd /tmp; exec /opt/gitlab/embedded/bin/chpst ${privilege_drop} /opt/gitlab/embedded/bin/pg_ctl "$@"
+      EOH
+    end
+  end
+
+  command "chmod 755 #{install_dir}/embedded/bin/gitlab-pg-ctl"
+end

config/software/gitlab-psql.rb

+#
+# Copyright:: Copyright (c) 2016 GitLab Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'digest'
+
+name 'gitlab-psql'
+
+license 'Apache-2.0'
+license_file File.expand_path('LICENSE', Omnibus::Config.project_root)
+
+skip_transitive_dependency_licensing true
+
+# This 'software' is self-contained in this file. Use the file contents
+# to generate a version string.
+default_version Digest::MD5.file(__FILE__).hexdigest
+
+build do
+  mkdir "#{install_dir}/bin/"
+
+  block do
+    File.open("#{install_dir}/bin/gitlab-psql", 'w') do |file|
+      file.print <<-EOH
+#!/bin/sh
+
+error_echo()
+{
+  echo "$1" 2>& 1
+}
+
+gitlab_psql_rc='/opt/gitlab/etc/gitlab-psql-rc'
+
+
+if ! [ -f ${gitlab_psql_rc} ] ; then
+  error_echo "$0 error: could not load ${gitlab_psql_rc}"
+  error_echo "Either you are not allowed to read the file, or it does not exist yet."
+  error_echo "You can generate it with:   sudo gitlab-ctl reconfigure"
+  exit 1
+fi
+
+. ${gitlab_psql_rc}
+
+if [ "$(id -n -u)" = "${psql_user}" ] ; then
+  privilege_drop=''
+else
+  privilege_drop="-u ${psql_user}:${psql_group}"
+fi
+
+cd /tmp; exec /opt/gitlab/embedded/bin/chpst ${privilege_drop} -U ${psql_user} /usr/bin/env PGSSLCOMPRESSION=0 /opt/gitlab/embedded/bin/psql -p ${psql_port} -h ${psql_host} -d ${psql_dbname} "$@"
+      EOH
+    end
+  end
+
+  command "chmod 755 #{install_dir}/bin/gitlab-psql"
+end

config/software/gitlab-rails.rb

+#
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# Copyright:: Copyright (c) 2014-2022 GitLab Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require "#{Omnibus::Config.project_root}/lib/gitlab/version"
+require "#{Omnibus::Config.project_root}/lib/gitlab/ohai_helper.rb"
+
+EE = Build::Check.include_ee?
+
+software_name = EE ? 'gitlab-rails-ee' : 'gitlab-rails'
+version = Gitlab::Version.new(software_name)
+gitlab_bundle_gemfile = Gitlab::Util.get_env('GITLAB_BUNDLE_GEMFILE') || 'Gemfile'
+
+name 'gitlab-rails'
+
+default_version version.print
+source git: version.remote
+
+combined_licenses_file = "#{install_dir}/embedded/lib/ruby/gems/gitlab-gem-licenses"
+
+license 'MIT'
+license_file 'LICENSE'
+
+# TODO: Compare contents of this file with the output of license_finder and
+# tackle the missing ones and stop using this workaround.
+# https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6517
+license_file combined_licenses_file
+
+dependency 'pkg-config-lite'
+dependency 'ruby'
+dependency 'rubygems'
+dependency 'libxml2'
+dependency 'libxslt'
+dependency 'curl'
+dependency 'rsync'
+dependency 'libicu'
+dependency 'postgresql'
+dependency 'python-docutils'
+dependency 'krb5'
+dependency 'registry'
+dependency 'unzip'
+dependency 'gpgme'
+dependency 'graphicsmagick'
+dependency 'exiftool'
+
+if EE
+  dependency 'pgbouncer'
+  dependency 'patroni'
+end
+
+# libatomic is a runtime_dependency of the grpc gem for armhf/aarch64 platforms
+whitelist_file /grpc_c\.so/ if OhaiHelper.arm?
+
+build do
+  env = with_standard_compiler_flags(with_embedded_path)
+
+  # Remove ee code when building in CE mode from canonical source
+  if !EE && File.directory?('ee')
+    delete 'ee'
+    delete 'CHANGELOG-EE.md'
+  end
+
+  # Exclude rails directory from cache
+  cache_dir = File.join('/var/cache/omnibus/cache/git_cache', install_dir, 'info/exclude')
+  command "echo '/embedded/service/gitlab-rails' >> #{cache_dir}"
+
+  command "echo $(git log --pretty=format:'%h' --abbrev=11 -n 1) > REVISION"
+  # Set installation type to omnibus
+  command "echo 'omnibus-gitlab' > INSTALLATION_TYPE"
+
+  workhorse_env = { 'GOTOOLCHAIN' => 'local' }
+  workhorse_flags = " FIPS_MODE=1" if Build::Check.use_system_ssl?
+  make "install -C workhorse PREFIX=#{install_dir}/embedded#{workhorse_flags}", env: workhorse_env
+
+  bundle_without = %w(development test)
+
+  if Build::Check.use_system_ssl?
+    env['CMAKE_FLAGS'] = OpenSSLHelper.cmake_flags
+    # We need to add /opt/gitlab/embedded/lib/pkgconfig for the gpgme gem since we manually install its
+    # dependencies. We can drop this once when any of the two issues are resolved:
+    # 1. https://github.com/ueno/ruby-gpgme/issues/167
+    # 2. https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7344
+    env['PKG_CONFIG_PATH'] = "#{OpenSSLHelper.pkg_config_dirs}:/opt/gitlab/embedded/lib/pkgconfig"
+  end
+
+  env['CFLAGS'] = '-std=gnu99' if OhaiHelper.centos7? || OhaiHelper.os_platform == 'sles'
+
+  # Special configuration for Rust extensions, which require clang 3.9+.
+  if OhaiHelper.centos7?
+    env['PATH'] = "/opt/rh/llvm-toolset-7/root/bin:#{env['PATH']}"
+    env['LIBCLANG_PATH'] = '/opt/rh/llvm-toolset-7/root/usr/lib64'
+  elsif OhaiHelper.sles12?
+    env['BINDGEN_EXTRA_CLANG_ARGS'] = "-I/usr/lib64/clang/7.0.1/include"
+  elsif OhaiHelper.raspberry_pi?
+    # This is needed to workaround a bug in QEMU: https://gitlab.com/gitlab-org/gitlab-omnibus-builder/-/issues/60
+    # This has to be a tmpfs or some other filesystem other than ext4.
+    env['CARGO_HOME'] = '/run'
+  end
+
+  bundle "config set --local gemfile #{gitlab_bundle_gemfile}" if gitlab_bundle_gemfile != 'Gemfile'
+  bundle 'config force_ruby_platform true', env: env if OhaiHelper.ruby_native_gems_unsupported?
+
+  bundle 'config build.gpgme --use-system-libraries', env: env
+  bundle "config build.nokogiri --use-system-libraries --with-xml2-include=#{install_dir}/embedded/include/libxml2 --with-xslt-include=#{install_dir}/embedded/include/libxslt", env: env
+  bundle 'config build.grpc --with-ldflags=-Wl,--no-as-needed --with-dldflags=-latomic', env: env if OhaiHelper.raspberry_pi?
+  # Disable zstd decompression support to avoid linking against libzstd,
+  # which may not be a safe system dependency to use.
+  bundle 'config build.ruby-magic --with-magic-flags=--disable-zstdlib', env: env
+  # bundle "config set --local frozen 'true'", env: env
+  bundle "config set --local without #{bundle_without.join(' ')}", env: env
+  bundle "install --jobs #{workers} --retry 5", env: env
+
+  block 'delete unneeded precompiled shared libraries' do
+    next if OhaiHelper.ruby_native_gems_unsupported?
+
+    ruby_ver = shellout!("#{embedded_bin('ruby')} -e 'puts RUBY_VERSION.match(/\\d+\\.\\d+/)[0]'", env: env).stdout.chomp
+    gem_paths = {
+      'gitlab-glfm-markdown' => 'lib',
+      'google-protobuf' => 'lib/google',
+      'grpc' => 'src/ruby/lib/grpc',
+      'prometheus-client-mmap' => 'lib',
+      'nokogiri' => 'lib',
+      're2' => 'lib'
+    }
+
+    # Delete unused shared libraries included in the gems
+    gem_paths.each do |name, base_path|
+      gem_path = shellout!("#{embedded_bin('bundle')} show #{name}", env: env).stdout.strip
+      command "find #{File.join(gem_path, base_path)} ! -path '*/#{ruby_ver}/*' -name '*.so' -type f -print -delete"
+    end
+  end
+
+  # In order to compile the assets, we need to get to a state where rake can
+  # load the Rails environment.
+  copy 'config/gitlab.yml.example', 'config/gitlab.yml'
+  copy 'config/database.yml.postgresql', 'config/database.yml'
+  copy 'config/secrets.yml.example', 'config/secrets.yml'
+
+  # Copy asset cache and node modules from cache location to source directory
+  move "#{Omnibus::Config.project_root}/assets_cache", "#{Omnibus::Config.source_dir}/gitlab-rails/tmp/cache"
+  move "#{Omnibus::Config.project_root}/node_modules", "#{Omnibus::Config.source_dir}/gitlab-rails"
+
+  assets_compile_env = {
+    'NODE_ENV' => 'production',
+    'RAILS_ENV' => 'production',
+    'PATH' => "#{install_dir}/embedded/bin:#{Gitlab::Util.get_env('PATH')}",
+    'SKIP_STORAGE_VALIDATION' => 'true',
+    'SKIP_DATABASE_CONFIG_VALIDATION' => 'true',
+  }
+  assets_compile_env['NODE_OPTIONS'] = '--max_old_space_size=3584' if OhaiHelper.is_32_bit?
+
+  assets_compile_env['NO_SOURCEMAPS'] = 'true' if Gitlab::Util.get_env('NO_SOURCEMAPS')
+  command 'yarn install --pure-lockfile --production'
+
+  # process PO files and generate MO and JSON files
+  bundle 'exec rake gettext:compile', env: assets_compile_env
+
+  # By default, copy assets from the fetch-assets job
+  # Compile from scratch if the COMPILE_ASSETS variable is set to to true
+  if Gitlab::Util.get_env('COMPILE_ASSETS').eql?('true')
+    # Up the default timeout from 10min to 4hrs for this command so it has the
+    # opportunity to complete on the pi
+    bundle 'exec rake gitlab:assets:compile', timeout: 14400, env: assets_compile_env
+  else
+    # Copy the asset files
+    sync "#{Gitlab::Util.get_env('CI_PROJECT_DIR')}/#{Gitlab::Util.get_env('ASSET_PATH')}", 'public/assets/'
+  end
+
+  bundle "exec license_finder report --project_path=#{File.dirname(gitlab_bundle_gemfile)} --decisions-file=config/dependency_decisions.yml --format=json --columns name version licenses texts notice --save=rails-license.json", env: env
+  command "license_finder report --decisions-file=#{Omnibus::Config.project_root}/support/dependency_decisions.yml --format=json --columns name version licenses texts notice --save=workhorse-license.json", cwd: "#{Omnibus::Config.source_dir}/gitlab-rails/workhorse"
+
+  # Merge rails and workhorse license files.
+  block "Merge license files of rails and workhorse" do
+    require 'json'
+    rails_licenses = JSON.parse(File.read("#{Omnibus::Config.source_dir}/gitlab-rails/rails-license.json"))['dependencies']
+    workhorse_licenses = JSON.parse(File.read("#{Omnibus::Config.source_dir}/gitlab-rails/workhorse/workhorse-license.json"))['dependencies']
+    output = { dependencies: rails_licenses.concat(workhorse_licenses).uniq }
+    File.write("#{install_dir}/licenses/gitlab-rails.json", JSON.pretty_generate(output))
+  end
+
+  # Move folders for caching. GitLab CI permits only relative path for Cache
+  # and Artifacts. So we need these folder in the root directory.
+  move "#{Omnibus::Config.source_dir}/gitlab-rails/tmp/cache", "#{Omnibus::Config.project_root}/assets_cache"
+  move "#{Omnibus::Config.source_dir}/gitlab-rails/node_modules", Omnibus::Config.project_root.to_s
+
+  # Tear down now that gitlab:assets:compile is done.
+  delete 'config/gitlab.yml'
+  delete 'config/database.yml'
+  delete 'config/secrets.yml'
+
+  # Remove auto-generated files
+  delete '.secret'
+  delete '.gitlab_shell_secret'
+  delete '.gitlab_workhorse_secret'
+  delete '.gitlab_pages_secret'
+  delete '.gitlab_kas_secret'
+  delete '.gitlab_suggested_reviewers_secret'
+  delete '.gitlab_incoming_email_secret'
+  delete '.gitlab_service_desk_email_secret'
+
+  # Remove directories that will be created by `gitlab-ctl reconfigure`
+  delete 'log'
+  delete 'tmp'
+  delete 'public/uploads'
+
+  # Drop uncompressed sourcemap files. We will keep the gziped versions.
+  command "find public/assets/webpack -name '*.map' -type f -print -delete"
+
+  # Cleanup after bundle
+  # Delete all .gem archives
+  command "find #{install_dir} -name '*.gem' -type f -print -delete"
+  # Delete all docs
+  command "find #{install_dir}/embedded/lib/ruby/gems -name 'doc' -type d -print -exec rm -r {} +"
+
+  # Because db/structure.sql is modified by `rake db:migrate` after installation,
+  # keep a copy of structure.sql around in case we need it. (I am looking at you,
+  # mysql-postgresql-converter.)
+  copy 'db/structure.sql', 'db/structure.sql.bundled'
+  copy 'ee/db/geo/structure.sql', 'ee/db/geo/structure.sql.bundled' if EE
+
+  mkdir "#{install_dir}/embedded/service/gitlab-rails"
+  sync './', "#{install_dir}/embedded/service/gitlab-rails/", exclude: %w(
+    .git
+    .gitignore
+    app/assets
+    ee/app/assets
+    ee/spec
+    features
+    gems/*.yml
+    gems/*/spec
+    gems/config
+    gems/README.md
+    qa
+    rubocop
+    spec
+    vendor/assets
+    vendor/gems/*/spec
+    vendor/gems/README.md
+    workhorse
+  )
+
+  mkdir "#{install_dir}/bin/"
+  mkdir "#{install_dir}/embedded/bin/"
+  # Create a wrapper for the rake tasks of the Rails app
+  erb dest: "#{install_dir}/bin/gitlab-rake",
+      source: 'bundle_exec_wrapper.erb',
+      mode: 0755,
+      vars: { command: 'rake "$@"', install_dir: install_dir }
+
+  # Create a wrapper for the rails command, useful for e.g. `rails console`
+  erb dest: "#{install_dir}/bin/gitlab-rails",
+      source: 'bundle_exec_wrapper.erb',
+      mode: 0755,
+      vars: { command: 'rails "$@"', install_dir: install_dir }
+
+  # Create a wrapper for the rake command for backup and restore
+  erb dest: "#{install_dir}/bin/gitlab-backup",
+      source: 'rake_backup_wrapper.erb',
+      mode: 0755,
+      vars: { install_dir: install_dir }
+
+  # Create a wrapper for the ruby command, useful for e.g. `ruby -e 'command'`
+  erb dest: "#{install_dir}/bin/gitlab-ruby",
+      source: 'bundle_exec_wrapper.erb',
+      mode: 0755,
+      vars: { command: 'ruby "$@"', install_dir: install_dir }
+
+  # Generate the combined license file for all gems GitLab is using
+  erb dest: "#{install_dir}/embedded/bin/gitlab-gem-license-generator",
+      source: 'gem_license_generator.erb',
+      mode: 0755,
+      vars: { install_dir: install_dir, license_file: combined_licenses_file }
+
+  command "#{install_dir}/embedded/bin/ruby #{install_dir}/embedded/bin/gitlab-gem-license-generator"
+  delete "#{install_dir}/embedded/bin/gitlab-gem-license-generator"
+end

config/software/gitlab-redis-cli.rb

+#
+# Copyright:: Copyright (c) 2020 GitLab Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'digest'
+
+name 'gitlab-redis-cli'
+
+license 'Apache-2.0'
+license_file File.expand_path('LICENSE', Omnibus::Config.project_root)
+
+skip_transitive_dependency_licensing true
+
+# This 'software' is self-contained in this file. Use the file contents
+# to generate a version string.
+default_version Digest::MD5.file(__FILE__).hexdigest
+
+build do
+  mkdir "#{install_dir}/bin/"
+
+  block do
+    File.open("#{install_dir}/bin/gitlab-redis-cli", 'w') do |file|
+      file.print <<-EOH
+#!/bin/sh
+
+error_echo()
+{
+  echo "$1" 2>& 1
+}
+
+set_tls_params()
+{
+  REDIS_PARAMS="${REDIS_PARAMS} -p ${redis_tls_port} --tls"
+  if [ "${redis_tls_auth_clients}" = "yes" ]; then
+    REDIS_PARAMS="${REDIS_PARAMS} --cacertdir ${redis_tls_cacert_dir} \
+      --cacert ${redis_tls_cacert_file} \
+      --cert ${redis_tls_cert_file} \
+      --key ${redis_tls_key_file}"
+  fi
+}
+
+gitlab_redis_cli_rc='/opt/gitlab/etc/gitlab-redis-cli-rc'
+
+if ! [ -f ${gitlab_redis_cli_rc} ] || ! [ -r ${gitlab_redis_cli_rc} ] ; then
+  error_echo "$0 error: could not load ${gitlab_redis_cli_rc}"
+  error_echo "Either you are not allowed to read the file, or it does not exist yet."
+  error_echo "You can generate it with:   sudo gitlab-ctl reconfigure"
+  exit 1
+fi
+
+. "${gitlab_redis_cli_rc}"
+
+
+if [ -e "${redis_socket}" ]; then
+  REDIS_PARAMS="-s ${redis_socket}"
+else
+  REDIS_PARAMS="-h ${redis_host}"
+  if ! [ "${redis_port}" = "0" ]; then
+    REDIS_PARAMS="${REDIS_PARAMS} -p ${redis_port}"
+  elif ! [ "${redis_tls_port}" = "0" ]; then
+    set_tls_params
+  fi
+fi
+
+REDISCLI_AUTH="$(awk '/^requirepass /{
+  pwd = $0 ;
+  gsub(/^requirepass /,"",pwd);
+  gsub(/^"|"$/, "", pwd);
+  print pwd }' ${redis_dir}/redis.conf)"
+
+
+if [ -n "${REDISCLI_AUTH}" ]; then
+  export REDISCLI_AUTH
+fi
+
+exec /opt/gitlab/embedded/bin/redis-cli $REDIS_PARAMS "$@"
+      EOH
+    end
+  end
+
+  command "chmod 755 #{install_dir}/bin/gitlab-redis-cli"
+end

config/software/gitlab-scripts.rb

+#
+# Copyright:: Copyright (c) 2015 GitLab B.V.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'gitlab-scripts'
+
+license 'Apache-2.0'
+license_file File.expand_path('LICENSE', Omnibus::Config.project_root)
+
+skip_transitive_dependency_licensing true
+
+source path: File.expand_path('files/gitlab-scripts', Omnibus::Config.project_root)
+
+build do
+  mkdir "#{install_dir}/embedded/bin/"
+  copy '*', "#{install_dir}/embedded/bin/"
+end

config/software/gitlab-selinux.rb

+#
+# Copyright:: Copyright (c) 2014 GitLab B.V.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'gitlab-selinux'
+
+license 'Apache-2.0'
+license_file File.expand_path('LICENSE', Omnibus::Config.project_root)
+
+skip_transitive_dependency_licensing true
+
+source path: File.expand_path('files/gitlab-selinux', Omnibus::Config.project_root)
+
+build do
+  policy_directory = File.expand_path('files/gitlab-selinux', Omnibus::Config.project_root)
+
+  # Only type enforcement (te) is provided in the current policy
+  Dir.glob("#{policy_directory}/*.te").each do |te_file|
+    mod_file = te_file.sub(/\.te$/, ".mod")
+    policy_file = te_file.sub(/\.te$/, ".pp")
+
+    command "checkmodule -M -m -o #{mod_file} #{te_file}", cwd: policy_directory
+    command "semodule_package -o #{policy_file} -m #{mod_file}", cwd: policy_directory
+  end
+
+  mkdir "#{install_dir}/embedded/selinux"
+  copy "#{policy_directory}/*.pp", "#{install_dir}/embedded/selinux"
+end

config/software/gitlab-shell.rb

+#
+## Copyright:: Copyright (c) 2014 GitLab.com
+## License:: Apache License, Version 2.0
+##
+## Licensed under the Apache License, Version 2.0 (the "License");
+## you may not use this file except in compliance with the License.
+## You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+##
+#
+require "#{Omnibus::Config.project_root}/lib/gitlab/version"
+version = Gitlab::Version.new('gitlab-shell')
+
+name 'gitlab-shell'
+default_version version.print
+
+license 'MIT'
+license_file 'LICENSE'
+
+skip_transitive_dependency_licensing true
+
+dependency 'ruby'
+
+source git: version.remote
+
+build do
+  env = with_standard_compiler_flags(with_embedded_path)
+  mkdir "#{install_dir}/embedded/service/gitlab-shell"
+  command 'make build', env: env
+  sync './', "#{install_dir}/embedded/service/gitlab-shell/", exclude: ['.git', '.gitignore', 'go', 'go_build']
+end

config/software/gnupg.rb

+#
+# Copyright:: Copyright (c) 2017 GitLab Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'gnupg'
+default_version '2.2.41'
+
+dependency 'libassuan'
+dependency 'npth'
+dependency 'libgcrypt'
+dependency 'libksba'
+dependency 'zlib'
+dependency 'bzip2'
+
+license 'LGPL-2.1'
+license_file 'COPYING.LGPL3'
+
+skip_transitive_dependency_licensing true
+
+source url: "https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-#{version}.tar.bz2",
+       sha256: '13f3291007a5e8546fcb7bc0c6610ce44aaa9b3995059d4f8145ba09fd5be3e1'
+
+relative_path "gnupg-#{version}"
+
+build do
+  env = with_standard_compiler_flags(with_embedded_path)
+  # For gnupg to build fine in Debian Wheezy and Centos ^
+  env['LDFLAGS'] << " -lrt"
+
+  config_flags = ""
+  # CentOS 6 doesn't have inotify, which will raise an error
+  # IN_EXCL_UNLINK undeclared. Hence disabling it explicitly.
+  config_flags = "ac_cv_func_inotify_init=no" if ohai['platform'] =~ /centos/ && ohai['platform_version'] =~ /^6/
+
+  prefix = "#{install_dir}/embedded"
+  command './configure ' \
+    "--prefix=#{prefix} --with-libgpg-error-prefix=#{prefix} --disable-doc --without-readline --disable-sqlite --disable-gnutls --disable-dirmngr #{config_flags}", env: env
+
+  make "-j #{workers}", env: env
+  make 'install', env: env
+end

config/software/go-crond.rb

+#
+# Copyright 2018 GitLab
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'go-crond'
+version = Gitlab::Version.new('go-crond', '23.12.0')
+default_version version.print(false)
+
+license 'BSD-2-Clause'
+license_file 'LICENSE'
+
+source git: version.remote
+
+relative_path 'src/github.com/webdevops/go-crond'
+
+build do
+  env = {
+    'GOPATH' => "#{Omnibus::Config.source_dir}/go-crond",
+    'GOTOOLCHAIN' => 'local',
+  }
+
+  make 'build', env: env
+
+  mkdir "#{install_dir}/embedded/bin/"
+  copy 'go-crond', "#{install_dir}/embedded/bin/"
+end

config/software/gpgme.rb

+#
+# Copyright:: Copyright (c) 2017 GitLab Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'gpgme'
+
+default_version '1.18.0'
+
+dependency 'libassuan'
+dependency 'gnupg'
+dependency 'zlib'
+
+license 'LGPL-2.1'
+license_file 'COPYING.LESSER'
+
+skip_transitive_dependency_licensing true
+
+source url: "https://www.gnupg.org/ftp/gcrypt/gpgme/gpgme-#{version}.tar.bz2",
+       sha256: '361d4eae47ce925dba0ea569af40e7b52c645c4ae2e65e5621bf1b6cdd8b0e9e'
+
+relative_path "gpgme-#{version}"
+
+build do
+  env = with_standard_compiler_flags(with_embedded_path)
+  env['CFLAGS'] << ' -std=c99'
+  command './configure ' \
+    "--prefix=#{install_dir}/embedded --disable-doc --disable-languages", env: env
+
+  make "-j #{workers}", env: env
+  make 'install', env: env
+end
+
+project.exclude 'embedded/bin/gpgme-config'

config/software/graphicsmagick.rb

+#
+# Copyright:: Copyright (c) 2018-2021 GitLab Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'graphicsmagick'
+default_version '1.3.36'
+
+license 'MIT'
+license_file 'Copyright.txt'
+
+skip_transitive_dependency_licensing true
+
+dependency 'libpng'
+dependency 'libjpeg-turbo'
+dependency 'libtiff'
+dependency 'zlib'
+
+source url: "https://sourceforge.net/projects/graphicsmagick/files/graphicsmagick/#{version}/GraphicsMagick-#{version}.tar.gz",
+       sha256: '1e6723c48c4abbb31197fadf8396b2d579d97e197123edc70a4f057f0533d563'
+
+relative_path "GraphicsMagick-#{version}"
+
+build do
+  env = with_standard_compiler_flags(with_embedded_path)
+
+  configure_command = [
+    './configure',
+    "--prefix=#{install_dir}/embedded",
+    '--disable-openmp',
+    '--without-magick-plus-plus',
+    '--with-perl=no',
+    '--without-bzlib',
+    '--without-dps',
+    '--without-fpx',
+    '--without-gslib',
+    '--without-jbig',
+    '--without-webp',
+    '--without-jp2',
+    '--without-lcms2',
+    '--without-trio',
+    '--without-ttf',
+    '--without-umem',
+    '--without-wmf',
+    '--without-xml',
+    '--without-x',
+    '--with-tiff=yes',
+    '--with-lzma=yes',
+    '--with-jpeg=yes',
+    '--with-zlib=yes',
+    '--with-png=yes',
+    "--with-sysroot=#{install_dir}/embedded",
+    "--without-zstd"
+  ]
+
+  command configure_command.join(' '), env: env
+
+  make "-j #{workers}", env: env
+  make 'install', env: env
+end

config/software/inspec-gem.rb

+#
+# Copyright 2012-2014 Chef Software, Inc.
+# Copyright 2017-2022 GitLab Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'mixlib/shellout'
+
+name 'inspec-gem'
+# The version here should be in agreement with the chef-bin/cinc version and
+# /Gemfile.lock so that our rspec testing stays consistent with the package
+# contents.
+default_version '6.6.0'
+
+license 'MIT'
+license_file 'LICENSE'
+
+skip_transitive_dependency_licensing true
+
+dependency 'omnibus-gitlab-gems'
+
+build do
+  env = with_standard_compiler_flags(with_embedded_path)
+
+  block 'patch inspec files' do
+    prefix_path = "#{install_dir}/embedded"
+    gem_path = shellout!("#{embedded_bin('ruby')} -e \"puts Gem.path.find { |path| path.start_with?(\'#{prefix_path}\') }\"", env: env).stdout.chomp
+
+    # This can be dropped when inspec is updated with https://github.com/inspec/inspec/issues/7030
+    patch source: "fix-uninitialized-constant-parser-mixin.patch",
+          target: "#{gem_path}/gems/inspec-core-#{version}/lib/inspec/utils/profile_ast_helpers.rb"
+  end
+end

config/software/jemalloc.rb

+#
+# Copyright:: Copyright (c) 2016 GitLab Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'jemalloc'
+version = Gitlab::Version.new('jemalloc', '5.3.0')
+default_version version.print(false)
+
+license 'jemalloc'
+license_file 'COPYING'
+
+skip_transitive_dependency_licensing true
+
+source git: version.remote
+
+# Ensure redis is compiled first so it can build its own jemalloc
+dependency 'redis'
+
+env = with_standard_compiler_flags(with_embedded_path)
+
+relative_path "jemalloc-#{version}"
+
+build do
+  # CentOS 6 doesn't have a new enough version of autoconf so we have to
+  # use the one packaged in EPEL
+  if ohai['platform'] =~ /centos/ && ohai['platform_version'] =~ /^6/
+    command 'sed -i -e s:autoconf:autoconf268: autogen.sh', env: env
+    env['AUTOCONF'] = '/usr/bin/autoconf268'
+  end
+
+  autogen_command = [
+    './autogen.sh',
+    '--enable-prof',
+    "--prefix=#{install_dir}/embedded"
+  ]
+
+  # jemallocs page size must be >= to the runtime pagesize
+  # Use large for arm/newer platforms based on debian rules:
+  # https://salsa.debian.org/debian/jemalloc/-/blob/c0a88c37a551be7d12e4863435365c9a6a51525f/debian/rules#L8-23
+  autogen_command << (OhaiHelper.arm64? ? '--with-lg-page=16' : '--with-lg-page=12')
+
+  command autogen_command.join(' '), env: env
+  make "-j #{workers} install", env: env
+end
+
+project.exclude "embedded/bin/jemalloc-config"

config/software/krb5.rb

+#
+# Copyright:: Copyright (c) 2014 GitLab B.V.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'krb5'
+
+version = Gitlab::Version.new('krb5', 'krb5-1.17')
+
+default_version version.print(false)
+display_version version.print(false).delete_prefix('krb5-')
+
+license 'MIT'
+license_file 'NOTICE'
+
+skip_transitive_dependency_licensing true
+
+dependency 'openssl' unless Build::Check.use_system_ssl?
+
+source git: version.remote
+
+build do
+  env = with_standard_compiler_flags(with_embedded_path)
+  cwd = "#{Omnibus::Config.source_dir}/krb5/src"
+
+  # Add configure option allowing libkeyutils to be disabled even if
+  # it is detected
+  #
+  # TEMPORARY: 1.17 uses configure.in, but because autoconf is moving to
+  # having this file named configure.ac, the upstream patches that now
+  move "#{cwd}/configure.in", "#{cwd}/configure.ac"
+  patch source: 'Add-option-to-build-without-libkeyutils.patch'
+  move "#{cwd}/configure.ac", "#{cwd}/configure.in"
+
+  command "autoreconf", env: env, cwd: cwd
+  command './configure' \
+           " --prefix=#{install_dir}/embedded --without-system-verto --without-keyutils --disable-pkinit", env: env, cwd: cwd
+
+  make " -j #{workers}", env: env, cwd: cwd
+  make 'install', env: env, cwd: cwd
+end
+
+project.exclude "embedded/bin/krb5-config"

config/software/libarchive.rb

+#
+# Copyright:: Copyright (c) 2022 GitLab Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'libarchive'
+default_version '3.6.2'
+
+license 'BSD-2-Clause'
+license_file 'COPYING'
+
+skip_transitive_dependency_licensing true
+
+source url: "https://www.libarchive.org/downloads/libarchive-#{version}.tar.gz",
+       sha256: 'ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3'
+
+relative_path "libarchive-#{version}"
+
+build do
+  env = with_standard_compiler_flags(with_embedded_path)
+
+  # If libarchive is present in system library locations and not bundled with
+  # omnibus-gitlab package, then Chef will incorrectly attempt to use it, and
+  # can potentially fail as seen from
+  # https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7741. Hence, we need
+  # to bundle libarchive in the package. But, we don't need support for any of
+  # the possible extensions as we are not using it's functionality at all. So,
+  # when it comes to these extensions, YAGNI. Hence disabling all that can be
+  # disabled.
+  disable_flags = [
+    '--without-zlib',
+    '--without-bz2lib',
+    '--without-libb2',
+    '--without-iconv',
+    '--without-lz4',
+    '--without-zstd',
+    '--without-lzma',
+    '--without-cng',
+    '--without-openssl',
+    '--without-xml2',
+    '--without-expat',
+    '--without-lzo2',
+    '--without-mbedtls',
+    '--without-nettle',
+    '--disable-posix-regex-lib',
+    '--disable-xattr',
+    '--disable-acl',
+    '--disable-bsdtar',
+    '--disable-bsdcat',
+    '--disable-bsdcpio',
+  ]
+
+  configure disable_flags.join(' '), env: env
+
+  make "-j #{workers}", env: env
+  make 'install', env: env
+end

config/software/libassuan.rb

+#
+# Copyright:: Copyright (c) 2017 GitLab Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'libassuan'
+default_version '2.5.5'
+
+license 'LGPL-2.1'
+license_file 'COPYING.LIB'
+
+skip_transitive_dependency_licensing true
+
+source url: "https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-#{version}.tar.bz2",
+       sha256: '8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4'
+
+dependency 'libgpg-error'
+
+relative_path "libassuan-#{version}"
+
+build do
+  env = with_standard_compiler_flags(with_embedded_path)
+  prefix = "#{install_dir}/embedded"
+  command './configure ' \
+    "--prefix=#{prefix} --with-libgpg-error-prefix=#{prefix} --disable-doc", env: env
+
+  make "-j #{workers}", env: env
+  make 'install', env: env
+end
+
+project.exclude "embedded/bin/libassuan-config"