| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |/ |
|
| |\
| |
| |
| |
| | |
Replace golang.org/x/crypto with gitlab-org/golang-crypto
See merge request gitlab-org/gitlab-shell!560
|
| |/
|
|
|
|
|
| |
This fork contains a fix for handling ssh-rsa public keys
of gitlab-sshd
Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/543
|
| |\
| |
| |
| |
| | |
Update link for gitlab-workhorse project location
See merge request gitlab-org/gitlab-shell!559
|
| | | |
|
| |\ \
| |/
|/|
| |
| | |
Update bundler to 2.3.6 because 2.1.4 is too old
See merge request gitlab-org/gitlab-shell!554
|
| |/ |
|
| |\
| |
| |
| |
| | |
Release 13.23.0
See merge request gitlab-org/gitlab-shell!558
|
| |/ |
|
| |\
| |
| |
| |
| | |
Add support for SSHUploadPackWithSidechannel RPC
See merge request gitlab-org/gitlab-shell!557
|
| | |
| |
| |
| |
| |
| |
| | |
If the GitLab API returns an allowed response with use_sidechannel set
to true, gitlab-shell will establish a sidechannel connection and use
SSHUploadPackWithSidechannel instead of SSHUploadPack. This is an
efficiency improvement.
|
| | |
| |
| |
| |
| |
| | |
This updates the Gitaly client go.mod dependency to Gitaly commit
2e398afa0490ccdf5a82e1a7c7d824ae491eba16. This causes a grpc-go
version bump, and hence a minor change in some of our test code.
|
| | |
| |
| |
| |
| |
| | |
This field will act as a feature flag that controls whether
gitlab-shell uses the old SSHUploadPack RPC or the new
SSHUploadPackWithSidechannel.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reduces coupling between tests in
internal/gitlabnet/accessverifier/client_test.go, and will make it
easier to add new test cases in the future.
Note that the test server had a special behavior for the username
"second", but this was never used. So we removed that behavior in this
commit.
|
| |\ \
| | |
| | |
| | |
| | | |
Rate limiting documentation
See merge request gitlab-org/gitlab-shell!556
|
| |/ / |
|
| |\ \
| | |
| | |
| | |
| | | |
Release v13.22.2
See merge request gitlab-org/gitlab-shell!555
|
| |/ / |
|
| |\ \
| |/
|/|
| |
| | |
Update to Ruby 2.7.5
See merge request gitlab-org/gitlab-shell!553
|
| |/
|
|
|
| |
We don't need Ruby 2.7.4 cluttering our GDK when everything else has
been upgraded to 2.7.5.
|
| |\
| |
| |
| |
| | |
Deprecate self_signed_cert config setting
See merge request gitlab-org/gitlab-shell!552
|
| |/
|
|
|
|
|
|
|
| |
The option isn't required to accept self-signed certs
On the other hand, if the option set to true it makes
machine-in-the-middle attack possible
Let's clarify it in the code that the option is deprecated
|
| |\
| |
| |
| |
| | |
Suppress internal errors in client output
See merge request gitlab-org/gitlab-shell!549
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until recently, Gitaly was silently swallowing any errors returned by
SSH `git upload-pack` processes. Clients would still receive stderr
output and a non-zero return code, but Gitlab-Shell would receive error
as nil and log success.
With 9deaf47f1ecb00f0f36d18ee4a0fb1576f5a0efe Gitaly will now return an
error when git fails, but this causes Gitlab-Shell to print out the
GRPC error code as a message to the client:
> fatal: couldn't find remote ref not-a-real-ref
> fatal: the remote end hung up unexpectedly
> remote:
> remote:
> ========================================================================
> remote:
> remote: rpc error: code = Internal desc = SSHUploadPack: exit status 128
> remote:
> remote:
> ========================================================================
> remote:
The `remote:` text gives no additional context for the user and adds
clutter.
This commit suppresses the additional message added by Gitlab-Shell on
failure when the error type is `Internal`, returning client output to
the format it was prior to the Gitaly change.
|
| |\
| |
| |
| |
| | |
Send full git request/response in SSHD tests
See merge request gitlab-org/gitlab-shell!550
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before 9deaf47f1ecb00f0f36d18ee4a0fb1576f5a0efe, Gitaly would return
success for `SSHUploadPack` and `SSHUploadArchive` regardless of the
exit code of the `git upload-pack|archive` process. As a result, the
gitlab-sshd acceptance tests could rely on no errors being returned from
Gitaly.
Currently these tests send the minimum request needed to start a
session, causing the server git process to fail as the `0000` flush
packet to end the session is never sent.
This commit fixes the tests by sending the full request/response needed
for a successful git operation.
|
| |\
| |
| |
| |
| | |
Bump .tool_versions to use Go v1.16.12
See merge request gitlab-org/gitlab-shell!548
|
| |/
|
|
| |
Part of https://gitlab.com/groups/gitlab-org/-/epics/7111
|
| |\
| |
| |
| |
| | |
Release v13.22.1
See merge request gitlab-org/gitlab-shell!547
|
| |/ |
|
| |\
| |
| |
| |
| | |
Remove SSL_CERT_DIR logging
See merge request gitlab-org/gitlab-shell!546
|
| |/
|
|
|
| |
This log entry doesn't respect log level, because the log level
is configured after this logging happens
|
| |\
| |
| |
| |
| | |
Fix usage of out-of-date Gitaly images
See merge request gitlab-org/gitlab-shell!544
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Our CI jobs and docker-compose pull in the "latest" tag of Gitaly. As it
turns out though, "latest" is pointing to Gitaly v13.3.0-rc5, which is
definitely not the latest versionat this point in time. This is because
CNG was converted to not use the "latest" tag anymore, but instead to
use a tag called "master" in gitlab-org/build/CNG!519.
Fix this by using the new "master" tag instead.
|
| |\ \
| |/
|/|
| |
| | |
Refactor flaky test case in sshd_test
See merge request gitlab-org/gitlab-shell!545
|
| |/
|
|
|
| |
- Use require.Regexp to expect ssh handshake error
- Use require.Eventually to refactor verifyStatus
|
| |\
| |
| |
| |
| | |
Update gitlab-shell VERSION to 13.22.0
See merge request gitlab-org/gitlab-shell!543
|
| |/ |
|
| |\
| |
| |
| |
| | |
Release v13.22.0
See merge request gitlab-org/gitlab-shell!541
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| |\
| |
| |
| |
| | |
Fix golang definition in tool versions
See merge request gitlab-org/gitlab-shell!542
|
| | | |
|
| |/ |
|
| |\
| |
| |
| |
| | |
Relax key and username matching for sshd
See merge request gitlab-org/gitlab-shell!540
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to the way sshd works, gitlab-shell could be called with a single
string in the form:
```
/path/to/gitlab-shell -c key-id
```
However, due to the tightening of the regular expressions in fcff692b
this string no longer matches, so logins would fail with:
```
Failed to get username: who='' is invalid
```
This can be reproduced by changing the user's shell to point to
gitlab-shell. For example:
```
usermod git -s /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell
```
While setting gitlab-shell as the user's shell isn't officially
supported, gitlab-shell still should be able to cope with the key being
specified as the last argument. We now split the argument list and use
the last value.
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/530
|
| |\
| |
| |
| |
| | |
Add logging to handler/exec.go and config/config.go
See merge request gitlab-org/gitlab-shell!539
|
| | | |
|
