diff options
| author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-25 12:11:15 +0000 |
|---|---|---|
| committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-25 12:11:17 +0000 |
| commit | 6eda59b7507ea27f645619d189bb690d8ab28172 (patch) | |
| tree | fcc83f443a5c8fc543db4b759248e7061c130edf | |
| parent | 9244acfd63e4acb27c469e84c30c8ee3767cefaf (diff) | |
| download | gitlab-ce-6eda59b7507ea27f645619d189bb690d8ab28172.tar.gz | |
Merge branch 'security-2780-disable-git-v2-protocol-11-5' into 'security-11-5'
[11.5] Disable git v2 protocol temporarily
See merge request gitlab/gitlabhq!2861
(cherry picked from commit 49f3d2ccb4c47073caac7d05fb068d09e20fb93c)
d28a201c Allow Gitaly to be built from a custom URL
66e00613 Disable git v2 protocol temporarily
| -rw-r--r-- | GITALY_SERVER_VERSION | 2 | ||||
| -rw-r--r-- | changelogs/unreleased/security-2780-disable-git-v2-protocol.yml | 5 | ||||
| -rw-r--r-- | doc/administration/git_protocol.md | 7 | ||||
| -rw-r--r-- | doc/development/gitaly.md | 19 | ||||
| -rw-r--r-- | spec/support/helpers/test_env.rb | 7 |
5 files changed, 38 insertions, 2 deletions
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 4db8830b115..b96194be1ce 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -0.129.0 +0.129.1 diff --git a/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml b/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml new file mode 100644 index 00000000000..30a08a98e83 --- /dev/null +++ b/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml @@ -0,0 +1,5 @@ +--- +title: Disable git v2 protocol temporarily +merge_request: +author: +type: security diff --git a/doc/administration/git_protocol.md b/doc/administration/git_protocol.md index 6b82771baf9..2b8b16c8e1b 100644 --- a/doc/administration/git_protocol.md +++ b/doc/administration/git_protocol.md @@ -5,6 +5,13 @@ description: "Set and configure Git protocol v2" # Configuring Git Protocol v2 > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/46555) in GitLab 11.4. +> [Temporarily disabled](https://gitlab.com/gitlab-org/gitlab-ce/issues/55769) in GitLab 11.5.8, 11.6.6, 11.7.1, and 11.8+ + +NOTE: **Note:** +Git protocol v2 support has been [temporarily disabled](https://gitlab.com/gitlab-org/gitlab-ce/issues/55769), +as a feature used to hide certain internal references does not function when it +is enabled, and this has a security impact. Once this problem has been resolved, +protocol v2 support will be re-enabled. --- diff --git a/doc/development/gitaly.md b/doc/development/gitaly.md index 32beafad307..fdae69bddd7 100644 --- a/doc/development/gitaly.md +++ b/doc/development/gitaly.md @@ -130,6 +130,25 @@ Gitaly. To use a custom Gitaly version in CI you need to update GITALY_SERVER_VERSION. You can use the format `=revision` to use a non-tagged commit from https://gitlab.com/gitlab-org/gitaly in CI. +To use a different Gitaly repository, e.g., if your changes are present +on a fork, you can specify a `GITALY_REPO_URL` environment variable when +running tests: + +```shell +GITALY_REPO_URL=https://gitlab.com/nick.thomas/gitaly bundle exec rspec spec/lib/gitlab/git/repository_spec.rb +``` + +If your fork of Gitaly is private, you can generate a [Deploy Token](../user/project/deploy_tokens/index.md) +and specify it in the URL: + +```shell +GITALY_REPO_URL=https://gitlab+deploy-token-1000:token-here@gitlab.com/nick.thomas/gitaly bundle exec rspec spec/lib/gitlab/git/repository_spec.rb +``` + +To use a custom Gitaly repository in CI, for instance if you want your +GitLab fork to always use your own Gitaly fork, set `GITALY_REPO_URL` +as a [CI environment variable](../ci/variables/README.md#variables). + --- [Return to Development documentation](README.md) diff --git a/spec/support/helpers/test_env.rb b/spec/support/helpers/test_env.rb index 9e87b877b93..c1163405414 100644 --- a/spec/support/helpers/test_env.rb +++ b/spec/support/helpers/test_env.rb @@ -156,11 +156,12 @@ module TestEnv def setup_gitaly socket_path = Gitlab::GitalyClient.address('default').sub(/\Aunix:/, '') gitaly_dir = File.dirname(socket_path) + install_gitaly_args = [gitaly_dir, repos_path, gitaly_url].compact.join(',') component_timed_setup('Gitaly', install_dir: gitaly_dir, version: Gitlab::GitalyClient.expected_server_version, - task: "gitlab:gitaly:install[#{gitaly_dir},#{repos_path}]") do + task: "gitlab:gitaly:install[#{install_gitaly_args}]") do start_gitaly(gitaly_dir) end @@ -210,6 +211,10 @@ module TestEnv # The process can already be gone if the test run was INTerrupted. end + def gitaly_url + ENV.fetch('GITALY_REPO_URL', nil) + end + def setup_factory_repo setup_repo(factory_repo_path, factory_repo_path_bare, factory_repo_name, BRANCH_SHA) |