diff options
| author | Robert Speicher <rspeicher@gmail.com> | 2019-07-09 12:13:21 -0500 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2019-07-09 12:13:21 -0500 |
| commit | db04a18d7d8e77d52924e769044011824f7c6e3c (patch) | |
| tree | ac7b61bfa9dfab614c363488a0d877ca761899d5 | |
| parent | 6d3fede0af1de2106ec5779e33f0571f3e4261d2 (diff) | |
| download | gitlab-ce-db04a18d7d8e77d52924e769044011824f7c6e3c.tar.gz | |
CE-EE parity for shared config files
This copies over EE-specific changes to shared configuration files in
CE.
| -rw-r--r-- | config/gitlab.yml.example | 3 | ||||
| -rw-r--r-- | config/initializers/ar_speed_up_migration_checking.rb | 3 | ||||
| -rw-r--r-- | config/settings.rb | 25 |
3 files changed, 30 insertions, 1 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index c82d9b5ceef..334c241bcaa 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -664,6 +664,9 @@ production: &base # Port where the client side certificate is requested by the webserver (NGINX/Apache) # client_certificate_required_port: 3444 + # Browser session with smartcard sign-in is required for Git access + # required_for_git_access: false + ## Kerberos settings kerberos: # Allow the HTTP Negotiate authentication method for Git clients diff --git a/config/initializers/ar_speed_up_migration_checking.rb b/config/initializers/ar_speed_up_migration_checking.rb index aae774daa35..f98b246db0b 100644 --- a/config/initializers/ar_speed_up_migration_checking.rb +++ b/config/initializers/ar_speed_up_migration_checking.rb @@ -10,7 +10,8 @@ if Rails.env.test? # it reads + parses `db/migrate/*` each time. Memoizing it can save 0.5 # seconds per spec. def migrations(paths) - (@migrations ||= migrations_unmemoized(paths)).dup + @migrations ||= {} + (@migrations[paths] ||= migrations_unmemoized(paths)).dup end end end diff --git a/config/settings.rb b/config/settings.rb index 6df2132332c..da459afcce2 100644 --- a/config/settings.rb +++ b/config/settings.rb @@ -62,6 +62,31 @@ class Settings < Settingslogic (base_url(gitlab) + [gitlab.relative_url_root]).join('') end + def kerberos_protocol + kerberos.https ? "https" : "http" + end + + def kerberos_port + kerberos.use_dedicated_port ? kerberos.port : gitlab.port + end + + # Curl expects username/password for authentication. However when using GSS-Negotiate not credentials should be needed. + # By inserting in the Kerberos dedicated URL ":@", we give to curl an empty username and password and GSS auth goes ahead + # Known bug reported in http://sourceforge.net/p/curl/bugs/440/ and http://curl.haxx.se/docs/knownbugs.html + def build_gitlab_kerberos_url + [ + kerberos_protocol, + "://:@", + gitlab.host, + ":#{kerberos_port}", + gitlab.relative_url_root + ].join('') + end + + def alternative_gitlab_kerberos_url? + kerberos.enabled && (build_gitlab_kerberos_url != build_gitlab_url) + end + # check that values in `current` (string or integer) is a contant in `modul`. def verify_constant_array(modul, current, default) values = default || [] |