summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Merge branch 'id-release-14-11-0' into 'main'v14.11.0Igor Drozdov2022-08-112-1/+6
|\ \ \ | |/ / |/| | | | | | | | Release 14.11.0 See merge request gitlab-org/gitlab-shell!677
| * | Release 14.11.0Igor Drozdov2022-08-112-1/+6
|/ /
* | Merge branch 'id-update-gitaly-to-v15' into 'main'Patrick Bajao2022-08-1012-393/+319
|\ \ | | | | | | | | | | | | Update Gitaly to v15 See merge request gitlab-org/gitlab-shell!676
| * | Update Gitaly to v15Igor Drozdov2022-08-0512-393/+319
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit also excludes gitlab-shell from dependencies: Gitaly specifies Gitlab Shell as a dependency as well in order to use gitlabnet client to perform API endpoints to Gitlab Rails. As a result, Gitlab Shell requires Gitaly -> Gitaly requires an older version of Gitlab Shell -> that version requires an older version of Gitlab Shell, etc. Let's use exclude to break the chain earlier
* | | Merge branch 'I-365101' into 'main'Igor Drozdov2022-08-052-1/+16
|\ \ \ | |/ / |/| | | | | | | | Fixed extra slashes in API request paths generated for geo See merge request gitlab-org/gitlab-shell!673
| * | Fixed extra slashes in API request paths generated for geoCarlos Yu2022-08-052-1/+16
| |/
* | Merge branch 'id-fix-git-receive-pack-in-tests' into 'main'Stan Hu2022-08-051-2/+15
|\ \ | |/ |/| | | | | Fix failing TestGitReceivePackSuccess See merge request gitlab-org/gitlab-shell!675
| * Fix failing TestGitReceivePackSuccessIgor Drozdov2022-08-051-2/+15
|/ | | | | | | | | After https://gitlab.com/gitlab-org/gitaly/-/merge_requests/4766 has been introduced, the test started fail because we basically cancel the git-receive-pack after the output is received This commit gracefully closes the connection to make the test pass
* Merge branch 'tchu-add-simple-roulette-to-dangerfile' into 'main'Patrick Bajao2022-07-281-1/+1
|\ | | | | | | | | Add simple_roulette to Dangerfile See merge request gitlab-org/gitlab-shell!672
| * Add simple_roulette to DangerfileTerri Chu2022-07-261-1/+1
|/
* Merge branch 'id-release-14-10-0' into 'main'v14.10.0Igor Drozdov2022-07-212-1/+5
|\ | | | | | | | | Release v14.10.0 See merge request gitlab-org/gitlab-shell!671
| * Release v14.10.0Igor Drozdov2022-07-212-1/+5
|/
* Merge branch '506-twofactorverify-command-to-support-push-notification' into ↵Patrick Bajao2022-07-215-116/+326
|\ | | | | | | | | | | | | | | | | 'main' Implement Push Auth support for 2FA verification Closes #506 See merge request gitlab-org/gitlab-shell!454
| * Simplify 2FA Push auth processingIgor Drozdov2022-07-2011-870/+573
| | | | | | | | Use a single channel to handle both Push Auth and OTP results
| * Implement Push Auth support for 2FA verificationkmcknight2022-07-188-61/+568
|/ | | | | | | | | | | | | | | | | When `2fa_verify` command is executed: - A user is asked to enter OTP - A blocking call for push auth is performed Then: - If the push auth request fails, the user is still able to enter OTP - If OTP is invalid, the `2fa_verify` command ends the execution - If OTP is valid or push auth request succeeded, then the user is successfully authenticated - If 30 seconds passed while no OTP or Push have been provided, then the `2fa_verify` command ends the execution
* Merge branch 'sh-fix-flaky-race-test' into 'main'Igor Drozdov2022-07-151-1/+2
|\ | | | | | | | | | | | | Fix flaky race test Closes #590 See merge request gitlab-org/gitlab-shell!670
| * Fix flaky race testStan Hu2022-07-141-1/+2
| | | | | | | | | | | | | | | | `ignoredError.err` was being used in a Goroutine handler, but the value of `ignoredError` changes with each test case. To avoid a race, make a local copy of the error before each Goroutine runs. Closes https://gitlab.com/gitlab-org/gitlab-shell/-/issues/590
* | Merge branch 'sh-release-14.9.0' into 'main'v14.9.0Stan Hu2022-07-152-1/+5
|\ \ | |/ |/| | | | | Release v14.9.0 See merge request gitlab-org/gitlab-shell!669
| * Release v14.9.0Stan Hu2022-07-142-1/+5
|/ | | | | - Update LabKit library to v1.16.0 !668 (https://gitlab.com/gitlab-org/labkit/-/releases/v1.16.0)
* Merge branch 'vendor-v1.16.0' into 'main'Stan Hu2022-07-132-3/+4
|\ | | | | | | | | Update LabKit library to v1.16.0 See merge request gitlab-org/gitlab-shell!668
| * Update LabKit library to v1.16.0Alejandro Rodríguez2022-07-132-3/+4
|/ | | | | | | * include original address in correlation CIDR checks ([ae96001](https://gitlab.com/gitlab-org/labkit/commit/ae9600163a6f5fa2ad06676a00b310af36573df4)) * run make recipes in parallel during backward compat check ([efa9c71](https://gitlab.com/gitlab-org/labkit/commit/efa9c71e13ef2bfe4415278e6b1e5c5ee8cc8022)) See https://gitlab.com/gitlab-org/labkit/-/releases/v1.16.0
* Merge branch 'id-release-14-8' into 'main'v14.8.0Igor Drozdov2022-07-052-1/+8
|\ | | | | | | | | Release v14.8.0 See merge request gitlab-org/gitlab-shell!667
| * Release v14.8.0Igor Drozdov2022-07-052-1/+8
|/ | | | | | | - go: Bump major version to v14 !666 - Pass original IP from PROXY requests to internal API calls !665 - Fix make install copying the wrong binaries !664 - gitlab-sshd: Add support for configuring host certificates !661
* Merge branch 'pks-go-module-path-version' into 'main'Igor Drozdov2022-07-0592-373/+373
|\ | | | | | | | | | | | | go: Bump major version to v14 Closes #593 See merge request gitlab-org/gitlab-shell!666
| * go: Bump major version to v14Patrick Steinhardt2022-07-0592-373/+373
|/ | | | | | | | | | | | | While gitlab-shell currently has a major version of v14, the module path it exposes is not using that major version like it is required by the Go standard. This makes it impossible for dependents to import gitlab-shell as a dependency without using a commit as version. Fix this by changing the module path of gitlab-shell to instead be `gitlab.com/gitlab-org/gitlab-shell/v14` and adjust all imports accordingly. Changelog: fixed
* Merge branch 'sshd-forwarded-for' into 'main'Igor Drozdov2022-07-016-20/+76
|\ | | | | | | | | Pass original IP from PROXY requests to internal API calls See merge request gitlab-org/gitlab-shell!665
| * Pass original IP from PROXY requests to internal API callsAlejandro Rodríguez2022-06-306-20/+76
|/
* Merge branch 'sh-sshd-add-host-cert-support' into 'main'Igor Drozdov2022-06-2912-8/+191
|\ | | | | | | | | gitlab-sshd: Add support for configuring host certificates See merge request gitlab-org/gitlab-shell!661
| * gitlab-sshd: Add support for configuring host certificatesStan Hu2022-06-2612-8/+191
|/ | | | | | | | | | | | | | | | | This adds support for specifying host certificates via the `host_cert_files` option and advertises the signed key to the client. This acts similarly to OpenSSH's `HostCertificate` parameter: gitlab-sshd attempts to match a host key to its certificate, and then substitutes the matching host key with a certificate signed by a trusted certificate authority's key. This is the first requirement to supporting SSH certificates. This will enable the client to trust the server if both trust a common certificate authority. The `TrustedUserCAKeys` option will need to be supported later for the server to trust all user keys signed by this certificate authority. Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/495
* Merge branch 'fix-make-install' into 'main'Igor Drozdov2022-06-231-4/+3
|\ | | | | | | | | Fix make install copying the wrong binaries See merge request gitlab-org/gitlab-shell!664
| * Fix make install copying the wrong binariesStan Hu2022-06-231-4/+3
|/ | | | | | | | | | | | While testing https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1062, we found `make install` was not copying the right binaries, such as `gitlab-shell-authorized-keys-check`. This might have originally been written with a single binary in mind (https://gitlab.com/gitlab-org/gitlab-shell/-/issues/207). Changelog: fixed
* Merge branch 'id-release-14-7-4' into 'main'v14.7.4Igor Drozdov2022-06-162-1/+5
|\ | | | | | | | | Release v14.7.4 See merge request gitlab-org/gitlab-shell!663
| * Release v14.7.4Igor Drozdov2022-06-162-1/+5
|/ | | | - Update crypto module to fix RSA keys with old gpg-agent
* Merge branch 'sh-update-crypto-lib' into 'main'Igor Drozdov2022-06-162-3/+3
|\ | | | | | | | | gitlab-sshd: Update crypto module to fix RSA keys with old gpg-agent See merge request gitlab-org/gitlab-shell!662
| * gitlab-sshd: Update crypto module to fix RSA keys with old gpg-agentStan Hu2022-06-152-3/+3
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | When we put gitlab-sshd in production, we noticed a number of clients using RSA keys would fail to login. The server would report: ``` ssh: signature "ssh-rsa" not compatible with selected algorithm "rsa-sha2-512" ``` This is reproducible on Ubuntu 18.04, which ships gpg-agent v2.2.4 and OpenSSH v7.6. That version of gpg-agent does not support `rsa-sha2-256` or `rsa-sha2-512`, but OpenSSH does. As a result, OpenSSH specifies `rsa-sha-512` as the public key algorithm to use in the user authentication request message, but gpg-agent includes an `ssh-rsa` signature. OpenSSH servers tolerates this discrepancy, but the Go implementation fails because it expects a strict match. This commit pulls in https://gitlab.com/gitlab-org/golang-crypto/-/merge_requests/9 to fix the problem. Relates to: 1. https://github.com/golang/go/issues/53391 2. https://gitlab.com/gitlab-org/gitlab-shell/-/issues/587 Changelog: fixed
* Merge branch 'freeze-bundle' into 'main'Igor Drozdov2022-06-141-0/+1
|\ | | | | | | | | | | | | Set BUNDLE_FROZEN to true Closes #562 See merge request gitlab-org/gitlab-shell!659
| * Set BUNDLE_FROZEN to trueAlejandro Rodríguez2022-06-101-0/+1
|/ | | | | To follow rubygems' security adisory https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79:
* Merge branch 'sh-upgrade-bundler-version' into 'main'Igor Drozdov2022-06-071-1/+1
|\ | | | | | | | | Upgrade Gemfile.lock to use bundler to v2.3.15 See merge request gitlab-org/gitlab-shell!658
| * Upgrade Gemfile.lock to use bundler to v2.3.15Stan Hu2022-06-071-1/+1
| | | | | | | | | | | | | | | | This is just to minimize the versions of bundler used for development. The GDK runs `support/bundle-install` in this directory to obtain the version of bundler needed. This relates to https://gitlab.com/gitlab-org/gitlab/-/issues/364373.
* | Merge branch 'id-release-14-7-3' into 'main'v14.7.3Igor Drozdov2022-06-062-1/+5
|\ \ | | | | | | | | | | | | Release v14.7.3 See merge request gitlab-org/gitlab-shell!657
| * | Release v14.7.3Igor Drozdov2022-06-062-1/+5
|/ / | | | | | | - Ignore "not our ref" errors from gitlab-sshd error metrics
* | Merge branch 'sh-ignore-not-our-ref-errors' into 'main'Igor Drozdov2022-06-062-1/+7
|\ \ | |/ |/| | | | | Ignore "not our ref" errors from gitlab-sshd error metrics See merge request gitlab-org/gitlab-shell!656
| * Ignore "not our ref" errors from gitlab-sshd error metricsStan Hu2022-06-062-1/+7
|/ | | | | | | | | | | | If a client requests a ref that cannot be found in the repository, previously gitlab-sshd would record it as part of its service level indicator metric. This is really an application error between the client and the Git repository, so we exclude it from our metrics. Relates to https://gitlab.com/gitlab-com/gl-infra/reliability/-/issues/15848 Changelog: fixed
* Merge branch 'id-release-14-7-2' into 'main'v14.7.2Igor Drozdov2022-06-062-1/+5
|\ | | | | | | | | Release 14.7.2 See merge request gitlab-org/gitlab-shell!655
| * Release 14.7.2Igor Drozdov2022-06-062-1/+5
|/ | | | - Exclude disallowed command from error rate
* Merge branch 'id-ignore-disallowed-cmd-err' into 'main'Patrick Bajao2022-06-062-26/+26
|\ | | | | | | | | Exclude disallowed command from error rate See merge request gitlab-org/gitlab-shell!654
| * Exclude disallowed command from error rateIgor Drozdov2022-06-012-26/+26
|/
* Merge branch 'id-release-14-7-1' into 'main'v14.7.1Igor Drozdov2022-05-252-1/+6
|\ | | | | | | | | Release 14.7.1 See merge request gitlab-org/gitlab-shell!652
| * Release 14.7.1Igor Drozdov2022-05-252-1/+6
|/ | | | | - Log gitlab-sshd session level indicator errors !650 - Improve establish session duration metrics !651
* Merge branch 'id-calculate-started-just-before-session-handling' into 'main'Stan Hu2022-05-251-2/+1
|\ | | | | | | | | Calculate session start after the connection is established See merge request gitlab-org/gitlab-shell!653
View Lorry Controller Status