delta/gitlab/gitlab-shell.git/cmd/gitlab-shell, branch wc-intern-err gitlab.com: gitlab-org/gitlab-shell.git Suppress internal errors in client output 2021-12-28T21:06:19+00:00 Will Chandler wchandler@gitlab.com 2021-12-10T14:55:07+00:00 3a8bab437d8d0fd9bfa29bc5edd07ae5903af84d Until recently, Gitaly was silently swallowing any errors returned by SSH `git upload-pack` processes. Clients would still receive stderr output and a non-zero return code, but Gitlab-Shell would receive error as nil and log success. With 9deaf47f1ecb00f0f36d18ee4a0fb1576f5a0efe Gitaly will now return an error when git fails, but this causes Gitlab-Shell to print out the GRPC error code as a message to the client: > fatal: couldn't find remote ref not-a-real-ref > fatal: the remote end hung up unexpectedly > remote: > remote: > ======================================================================== > remote: > remote: rpc error: code = Internal desc = SSHUploadPack: exit status 128 > remote: > remote: > ======================================================================== > remote: The `remote:` text gives no additional context for the user and adds clutter. This commit suppresses the additional message added by Gitlab-Shell on failure when the error type is `Internal`, returning client output to the format it was prior to the Gitaly change. 
Until recently, Gitaly was silently swallowing any errors returned by
SSH `git upload-pack` processes. Clients would still receive stderr
output and a non-zero return code, but Gitlab-Shell would receive error
as nil and log success.

With 9deaf47f1ecb00f0f36d18ee4a0fb1576f5a0efe Gitaly will now return an
error when git fails, but this causes Gitlab-Shell to print out the
GRPC error code as a message to the client:

> fatal: couldn't find remote ref not-a-real-ref
> fatal: the remote end hung up unexpectedly
> remote:
> remote:
> ========================================================================
> remote:
> remote: rpc error: code = Internal desc = SSHUploadPack: exit status 128
> remote:
> remote:
> ========================================================================
> remote:

The `remote:` text gives no additional context for the user and adds
clutter.

This commit suppresses the additional message added by Gitlab-Shell on
failure when the error type is `Internal`, returning client output to
the format it was prior to the Gitaly change.
Relax key and username matching for sshd 2021-11-11T00:48:26+00:00 Stan Hu stanhu@gmail.com 2021-11-10T20:31:58+00:00 672013e702cb44c3bc1b46807703295448dc0afc Due to the way sshd works, gitlab-shell could be called with a single string in the form: ``` /path/to/gitlab-shell -c key-id ``` However, due to the tightening of the regular expressions in fcff692b this string no longer matches, so logins would fail with: ``` Failed to get username: who='' is invalid ``` This can be reproduced by changing the user's shell to point to gitlab-shell. For example: ``` usermod git -s /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell ``` While setting gitlab-shell as the user's shell isn't officially supported, gitlab-shell still should be able to cope with the key being specified as the last argument. We now split the argument list and use the last value. Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/530 
Due to the way sshd works, gitlab-shell could be called with a single
string in the form:

```
/path/to/gitlab-shell -c key-id
```

However, due to the tightening of the regular expressions in fcff692b
this string no longer matches, so logins would fail with:

```
Failed to get username: who='' is invalid
```

This can be reproduced by changing the user's shell to point to
gitlab-shell. For example:

```
usermod git -s /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell
```

While setting gitlab-shell as the user's shell isn't officially
supported, gitlab-shell still should be able to cope with the key being
specified as the last argument. We now split the argument list and use
the last value.

Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/530
Log command invocation 2021-10-07T09:43:27+00:00 Nick Thomas nick@gitlab.com 2021-10-07T09:43:27+00:00 e77f0d0603d622d3a2554e55fe62bc1615fca55b Use reflection to log the command we are about to execute, both in gitlab-shell and gitlab-sshd. Include the environment, which has all the context we need to understand what the command is expected to do. Changelog: added 
Use reflection to log the command we are about to execute, both in
gitlab-shell and gitlab-sshd. Include the environment, which has all
the context we need to understand what the command is expected to do.

Changelog: added
Don't swallow an error parsing SSH_ORIGINAL_COMMAND 2021-09-27T19:25:10+00:00 Nick Thomas nick@gitlab.com 2021-09-27T18:28:06+00:00 5564ea9ca23217687a6e6c091f3b4fc11e375a2f 






refactor: unify instantiation of command.Shell
2021-09-20T08:19:41+00:00

feistel
6742251-feistel@users.noreply.gitlab.com

2021-09-20T08:19:41+00:00

65dadb7e51e206b6411a4518f8a26471d586bc6f












refactor: cleanup func signature and remove unused args
2021-09-08T15:04:21+00:00

feistel
6742251-feistel@users.noreply.gitlab.com

2021-09-08T15:04:21+00:00

d0e09b414a9b069ec7bcbed2880b93c27cf3727c












refactor: rearchitect command and executable Go modules
2021-09-08T14:41:57+00:00

feistel
6742251-feistel@users.noreply.gitlab.com

2021-09-08T14:40:35+00:00

67415dc4f6f293460517d4281b5e4e80e66ffb91












refactor: add acceptargs field to executable
2021-09-08T09:54:44+00:00

feistel
6742251-feistel@users.noreply.gitlab.com

2021-09-08T09:54:44+00:00

8b4621aa6cba1674192ffb6e3c3e801a567f2516

parse logic will only run if the executable accept args.
healthcheck is the only one not accepting arguments.





parse logic will only run if the executable accept args.
healthcheck is the only one not accepting arguments.







Switch to labkit for logging system setup
2021-08-04T07:12:54+00:00

Nick Thomas
nick@gitlab.com

2021-08-03T14:07:13+00:00

1274858f5565d59dcc36813964334a21fffc369b

- We start supporting the "color" format for logs.
- We now respond to SIGHUP by reopening the log file.
- We now respect the log format when no log filename is specified.

Output to syslog in the event of logging system setup is preserved in
OpenSSH mode.

Changelog: added





- We start supporting the "color" format for logs.
- We now respond to SIGHUP by reopening the log file.
- We now respect the log format when no log filename is specified.

Output to syslog in the event of logging system setup is preserved in
OpenSSH mode.

Changelog: added







Fix opentracing setup for gitlab-sshd
2021-05-17T14:52:55+00:00

Nick Thomas
nick@gitlab.com

2021-05-14T15:47:16+00:00

de13980f3795679958a65881a813723da37894f5

Previously, opentracing (if configured) was initialized late in the
gitlab-shell process's lifespan, coming just before making a gRPC
call to Gitaly.

By moving the opentracing initialization to be at process startup, we
make it available for the whole process lifecycle, which is very useful
to gitlab-sshd, as it means we'll only call tracing.Initialize() once
on process startup, rather than once per SSH connection.

To get this working, we need to introduce a context to gitlab-sshd.
This carries the client/service name, but also carries an initial
correlation ID. The main outcome of this is that all calls to the
authorized_keys endpoint from a given gitlab-sshd process will now
share a correlation ID. I don't have a strong opinion about this either
way.

Changelog: fixed





Previously, opentracing (if configured) was initialized late in the
gitlab-shell process's lifespan, coming just before making a gRPC
call to Gitaly.

By moving the opentracing initialization to be at process startup, we
make it available for the whole process lifecycle, which is very useful
to gitlab-sshd, as it means we'll only call tracing.Initialize() once
on process startup, rather than once per SSH connection.

To get this working, we need to introduce a context to gitlab-sshd.
This carries the client/service name, but also carries an initial
correlation ID. The main outcome of this is that all calls to the
authorized_keys endpoint from a given gitlab-sshd process will now
share a correlation ID. I don't have a strong opinion about this either
way.

Changelog: fixed