diff options
| -rw-r--r-- | config.yml.example | 2 | ||||
| -rw-r--r-- | lib/gitlab_net.rb | 24 | ||||
| -rw-r--r-- | lib/gitlab_shell.rb | 2 | ||||
| -rwxr-xr-x | support/rewrite-hooks.sh | 5 |
4 files changed, 28 insertions, 5 deletions
diff --git a/config.yml.example b/config.yml.example index 339e5a2..569432f 100644 --- a/config.yml.example +++ b/config.yml.example @@ -7,6 +7,8 @@ gitlab_url: "http://localhost/" http_settings: # user: someone # password: somepass +# ca_file: /etc/ssl/cert.pem +# ca_path: /etc/pki/tls/certs self_signed_cert: false # Repositories path diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb index c15de8e..99d0044 100644 --- a/lib/gitlab_net.rb +++ b/lib/gitlab_net.rb @@ -44,10 +44,14 @@ class GitlabNet url = URI.parse(url) http = Net::HTTP.new(url.host, url.port) - http.use_ssl = (url.scheme == 'https') - if config.http_settings['self_signed_cert'] && http.use_ssl? - http.verify_mode = OpenSSL::SSL::VERIFY_NONE + if URI::HTTPS === url + http.use_ssl = true + http.cert_store = cert_store + + if config.http_settings['self_signed_cert'] + http.verify_mode = OpenSSL::SSL::VERIFY_NONE + end end request = Net::HTTP::Get.new(url.request_uri) @@ -63,4 +67,18 @@ class GitlabNet end end end + + def cert_store + @cert_store ||= OpenSSL::X509::Store.new.tap { |store| + store.set_default_paths + + if ca_file = config.http_settings['ca_file'] + store.add_file(ca_file) + end + + if ca_path = config.http_settings['ca_path'] + store.add_path(ca_path) + end + } + end end diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb index 7ec1621..01ef4a1 100644 --- a/lib/gitlab_shell.rb +++ b/lib/gitlab_shell.rb @@ -6,7 +6,7 @@ class GitlabShell attr_accessor :key_id, :repo_name, :git_cmd, :repos_path, :repo_name def initialize - @key_id = ARGV.shift + @key_id = /key-[0-9]+/.match(ARGV.join).to_s @origin_cmd = ENV['SSH_ORIGINAL_COMMAND'] @config = GitlabConfig.new @repos_path = @config.repos_path diff --git a/support/rewrite-hooks.sh b/support/rewrite-hooks.sh index 6de4dfc..1d0542e 100755 --- a/support/rewrite-hooks.sh +++ b/support/rewrite-hooks.sh @@ -1,7 +1,10 @@ #!/bin/bash +# $1 is an optional argument specifying the location of the repositories directory. +# Defaults to /home/git/repositories if not provided + home_dir="/home/git" -src="$home_dir/repositories" +src=${1:-"$home_dir/repositories"} for dir in `ls "$src/"` do |