summaryrefslogtreecommitdiff
path: root/bin
Commit message (Collapse)AuthorAgeFilesLines
* Remove gitlab-keys scriptpb-remove-gitlab-keysPatrick Bajao2019-08-232-37/+0
|
* Fix bin/compile in GDKJacob Vosmaer2019-08-201-1/+1
|
* Use go modJacob Vosmaer2019-08-191-2/+2
|
* Replace symlinks with actual binariesPatrick Bajao2019-08-152-2/+0
| | | | | | | | | | | | | | | | | | | We had `gitlab-shell-authorized-keys-check` and `gitlab-shell-authorized-principals-check` as symlinks to `gitlab-shell` before. We determine the `Command` and `CommandArgs` that we build based on the `Name` of the `Executable`. We also use that to know which fallback ruby executable should we fallback to. We use `os.Executable()` to do that. `os.Executable()` behaves differently depending on OS. It may return the symlink or the target's name. That can result to a buggy behavior. The fix is to create binaries for each instead of using a symlink. That way we don't need to rely on `os.Executable()` to get the name. We pass the `Name` of the executable instead.
* Support falling back to ruby version of checkersPatrick Bajao2019-07-294-78/+80
| | | | | | | | | | | | | | Rename the ruby scripts to have `-ruby` suffix and add a symlink for both to `./gitlab-shell`. The executable name will be used to determine how args will be parsed. For now, we only parse the arguments for gitlab-shell commands. If the executable is `gitlab-shell-authorized-keys-check` or `gitlab-shell-authorized-principals-check`, it'll always fallback to the ruby version. Ruby specs test the ruby script, the fallback from go to ruby and go implementation of both (still pending).
* Remove errant newline for consistencyAsh McKenzie2019-06-281-1/+1
|
* Merge branch 'gitlab-shell-no-glid-argument' into 'master'Nick Thomas2018-10-011-1/+1
|\ | | | | | | | | | | | | Remove mistaken support for `gitlab-shell user-123` Closes #151 See merge request gitlab-org/gitlab-shell!247
| * Remove mistaken support for `gitlab-shell user-123`gitlab-shell-no-glid-argumentJacob Vosmaer2018-09-281-1/+1
| |
* | Initial feature-flagged go/ruby switchNick Thomas2018-09-281-0/+0
|/
* Merge remote-tracking branch 'upstream/8-1-stable' into ↵Nick Thomas2018-08-141-1/+5
|\ | | | | | | 148-merge-8-1-1-to-master
| * Harden gitlab-shell against arguments following the gl_id parameter in the ↵Nick Thomas2018-08-091-1/+1
| | | | | | | | command line
| * Fix two regressions in SSH certificate supportÆvar Arnfjörð Bjarmason2018-08-081-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix two regressions in my 2e8b670 ("Add support for SSH certificate authentication", 2018-06-14) merged in gitlab-org/gitlab-shell!207. This fixes the issue noted in gitlab-org/gitlab-shell#145 where the command-line contains things other than the key/user/username, and also a regression where SSH certificates are being used, and the username presented in the key is unknown to GitLab. In that case, we should log the user in as "Anonymous" (on an instance that allows public access), but because of how the error checking around api.discover() was implemented we ended up erroring out instead.
* | Revert "Merge branch 'ash.mckenzie/srp-refactor' into 'master'"Nick Thomas2018-08-144-15/+15
| | | | | | | | | | This reverts commit 3aaf4751e09262c53544a1987f59b1308af9b6c1, reversing changes made to c6577e0d75f51b017f2f332838b97c3ca5b497c0.
* | Add missing require statement in create-hooksStan Hu2018-08-091-0/+1
| | | | | | | | Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/50160
* | Fixed comments in bin/gitlab-shell-authorized*Ash McKenzie2018-08-012-4/+4
| |
* | Merge remote-tracking branch 'origin/master' into ash.mckenzie/srp-refactorAsh McKenzie2018-08-012-3/+39
|\ \ | |/
| * Add support for SSH certificate authenticationÆvar Arnfjörð Bjarmason2018-07-262-3/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This along with the code submitted to gitlab-ce in the gitlab-org/gitlab-ce! MR implements SSH certificate authentication. See the docs added to gitlab-ce for why and how to enable this. This, along with that MR, closes gitlab-org/gitlab-ce#3457 Implementation notes: - Because it's easy to do, and because an earlier nascent version of this would pass user-ID to gitlab-shell, that's now supported, even though the SSH certificate authentication uses username-USERNAME. - The astute reader will notice that not all the API calls in gitlab-ce's lib/api/internal.rb support a "username" argument, some only support "user_id". There's a few reasons for this: a) For this to be efficient, I am bending over backwards to avoid extra API calls when using SSH certificates. Therefore the /allowed API call will now return a "user id" to us if we're allowed to proceed further. This is then fed to existing APIs that would only be called after a successful call to /allowed. b) Not all of the git-shell codepaths go through /internal/allowed, or ever deal with a repository, e.g. the argument-less "Welcome to GitLab", and /internal/2fa_recovery_codes. These need to use /internal/discover to figure out details about the user, so support looking that up by username. c) Once we have the "user id", the GL_ID gets passed down to e.g. user-authored hooks. I don't want to have those all break by having to handle a third GL_ID mode of "username" in addition to the current "key id" and "user id".
* | key_id is overloaded, use key_strAsh McKenzie2018-08-011-2/+2
| |
* | Use full_key to highlight it's the full SSH keyAsh McKenzie2018-08-013-10/+10
|/
* Flush log file after every writeJacob Vosmaer (GitLab)2018-03-231-0/+10
|
* Remove direct redis integrationNick Thomas2018-01-121-19/+4
|
* Remove the GitlabProjects implementationNick Thomas2018-01-122-31/+24
|
* Introduce a more-complete implementation of bin/authorized_keysNick Thomas2017-12-191-0/+42
| | | | | | | | | bin/authorized_keys doesn't check that the requesting user matches the expected user, so to enable database authorized keys lookups, we currently ask the admin to create a custom script for that purpose. Better is to have a complete script that can perform the whole task. This commit introduces bin/gitlab-shell-authorized-keys-check which does so.
* Support `redis` field on /internal/check API endpointAlejandro Rodríguez2017-09-051-12/+28
|
* Revert "Merge branch 'sh-disable-rubygems' into 'master'"Stan Hu2017-07-057-7/+7
| | | | | This reverts commit a18c90128e4d3eeae1233b1bc3c3998afd223c0d, reversing changes made to 0a64624152735766c428d1532e434dd0bf5a9748.
* Disable RubyGems to increase performanceStan Hu2017-07-037-7/+7
| | | | | | By default, RubyGems is enabled, which causes the Ruby interpreter to load 600+ additional files at startup when gitlab-shell is designed not to use any external gems.
* Use gitaly-upload-pack and gitaly-receive-packJacob Vosmaer2017-05-231-24/+5
|
* Use recursive lookup for git repositories in the bin/create-hooks scriptDmitriy Zaporozhets2017-04-251-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Better variable nameJacob Vosmaer2017-04-121-5/+5
|
* Add hello-world executableJacob Vosmaer2017-04-121-0/+36
|
* Instrument GitLab Shell and log metrics data to a filePaco Guzman2016-10-111-1/+4
|
* Refactor 'GitlabKey' class awaysmall-fixesJacob Vosmaer2016-08-041-1/+1
| | | | | It is not nice to have both 'GitlabKeys' and 'GitlabKey'. We also do not need GitlabKey to be a class when it has no state.
* Improve output from redis checkJacob Vosmaer2016-08-041-1/+7
|
* Improve authorized_keys checkJacob Vosmaer2016-08-021-5/+3
| | | | | | The old check only looked if authorized_keys exists. With this change, we look whether we can actually open the file for reading and writing. When this fails we try to print useful diagnostic information.
* Manage authorized_keys permissions continuouslykeys-chmodJacob Vosmaer2016-08-011-2/+0
| | | | | | We can lazily create authorized_keys and set its permissions. This adds negligible overhead and it allows us to remove a setup step from GitLab both on source and in omnibus-gitlab.
* More ENV.deleteJacob Vosmaer2016-07-201-1/+1
|
* Refactor repository paths handling to allow multiple git mount pointsshardsAlejandro Rodríguez2016-06-293-17/+22
|
* Use Redis Ruby client instead of shelling out to redis-cliStan Hu2016-05-121-4/+1
| | | | Closes gitlab-org/gitlab-ce#17329
* Remove the update-head command since GitLab doesn't use it anymoreRémy Coutable2016-04-281-2/+0
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Invert clause when checking key for clarityuse-ssh-key-internal-apiPablo Carranza2016-03-241-3/+3
|
* Add empty key checkPablo Carranza2016-03-241-2/+2
|
* Change the key format when generating the authorized key to match the legacy onePablo Carranza2016-03-241-1/+1
|
* Change use of fingerprint for whole keyPablo Carranza2016-03-241-5/+5
|
* Add authorized keys bin script to find keys by fingerprintPablo Carranza2016-03-241-0/+25
|
* Limit availability of SSH_ORIGINAL_COMMANDJacob Vosmaer2015-11-251-1/+1
| | | | | Hoping this makes it more obvious when code touches the very unsafe contents of this variable.
* Revert "Merge branch 'use-load-path' into 'master' "Dmitriy Zaporozhets2015-11-125-12/+7
| | | | | This reverts commit ae498b6cd4122d3d7f35e6b73b50c53615ca3488, reversing changes made to 79fdf65c71e90773fbf52d6832b74cf5a7124755.
* use load path instead of require_relativePirate Praveen2015-11-105-7/+12
|
* GitlabShell doesn't need to set GL_ID at all.Douwe Maan2015-04-061-1/+4
|
* Write GitlabShell error to stderr.nice-error-messageDouwe Maan2015-04-061-2/+5
|
* Remove recursive commands from bin/installJacob Vosmaer2015-02-261-2/+1
| | | | | | | | | | It is not clear what we need these for anymore. Because these commands would recurse once through all existing files in all Git repositories, and then another time through all directories these commands could take very long on a server with a lot of repositories. We keep the 'chmod' on config.repos_path, to deny world access to all files and directories beneath it.
View Lorry Controller Status