diff options
| author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-25 12:11:20 +0000 |
|---|---|---|
| committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-25 12:11:22 +0000 |
| commit | 6092f269cd62d5bd5fd515143bde8f353b64fc4f (patch) | |
| tree | 4e5318a67c147182513914ea001c9c7c4b0670b9 | |
| parent | cdc01f897c45ad6b7638c1b37a9b5c5e583e27bd (diff) | |
| download | gitlab-ce-6092f269cd62d5bd5fd515143bde8f353b64fc4f.tar.gz | |
Merge branch 'security-2780-disable-git-v2-protocol-11-6' into 'security-11-6'
[11.6] Disable git v2 protocol temporarily
See merge request gitlab/gitlabhq!2860
(cherry picked from commit 5c80952f99aea931d53ac58b6068e1eabd8b6295)
d7d7bc0d Allow Gitaly to be built from a custom URL
c478d134 Disable git v2 protocol temporarily
| -rw-r--r-- | GITALY_SERVER_VERSION | 2 | ||||
| -rw-r--r-- | changelogs/unreleased/security-2780-disable-git-v2-protocol.yml | 5 | ||||
| -rw-r--r-- | doc/administration/git_protocol.md | 7 | ||||
| -rw-r--r-- | doc/development/gitaly.md | 19 | ||||
| -rw-r--r-- | spec/support/helpers/test_env.rb | 7 |
5 files changed, 38 insertions, 2 deletions
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 943f9cbc4ec..f8a696c8dc5 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -1.7.1 +1.7.2 diff --git a/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml b/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml new file mode 100644 index 00000000000..30a08a98e83 --- /dev/null +++ b/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml @@ -0,0 +1,5 @@ +--- +title: Disable git v2 protocol temporarily +merge_request: +author: +type: security diff --git a/doc/administration/git_protocol.md b/doc/administration/git_protocol.md index 341a00009e5..11b2adeeeb8 100644 --- a/doc/administration/git_protocol.md +++ b/doc/administration/git_protocol.md @@ -5,6 +5,13 @@ description: "Set and configure Git protocol v2" # Configuring Git Protocol v2 > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/46555) in GitLab 11.4. +> [Temporarily disabled](https://gitlab.com/gitlab-org/gitlab-ce/issues/55769) in GitLab 11.5.8, 11.6.6, 11.7.1, and 11.8+ + +NOTE: **Note:** +Git protocol v2 support has been [temporarily disabled](https://gitlab.com/gitlab-org/gitlab-ce/issues/55769), +as a feature used to hide certain internal references does not function when it +is enabled, and this has a security impact. Once this problem has been resolved, +protocol v2 support will be re-enabled. Git protocol v2 improves the v1 wire protocol in several ways and is enabled by default in GitLab for HTTP requests. In order to enable SSH, diff --git a/doc/development/gitaly.md b/doc/development/gitaly.md index 32beafad307..fdae69bddd7 100644 --- a/doc/development/gitaly.md +++ b/doc/development/gitaly.md @@ -130,6 +130,25 @@ Gitaly. To use a custom Gitaly version in CI you need to update GITALY_SERVER_VERSION. You can use the format `=revision` to use a non-tagged commit from https://gitlab.com/gitlab-org/gitaly in CI. +To use a different Gitaly repository, e.g., if your changes are present +on a fork, you can specify a `GITALY_REPO_URL` environment variable when +running tests: + +```shell +GITALY_REPO_URL=https://gitlab.com/nick.thomas/gitaly bundle exec rspec spec/lib/gitlab/git/repository_spec.rb +``` + +If your fork of Gitaly is private, you can generate a [Deploy Token](../user/project/deploy_tokens/index.md) +and specify it in the URL: + +```shell +GITALY_REPO_URL=https://gitlab+deploy-token-1000:token-here@gitlab.com/nick.thomas/gitaly bundle exec rspec spec/lib/gitlab/git/repository_spec.rb +``` + +To use a custom Gitaly repository in CI, for instance if you want your +GitLab fork to always use your own Gitaly fork, set `GITALY_REPO_URL` +as a [CI environment variable](../ci/variables/README.md#variables). + --- [Return to Development documentation](README.md) diff --git a/spec/support/helpers/test_env.rb b/spec/support/helpers/test_env.rb index d52c40ff4f1..b4832716a8f 100644 --- a/spec/support/helpers/test_env.rb +++ b/spec/support/helpers/test_env.rb @@ -159,11 +159,12 @@ module TestEnv def setup_gitaly socket_path = Gitlab::GitalyClient.address('default').sub(/\Aunix:/, '') gitaly_dir = File.dirname(socket_path) + install_gitaly_args = [gitaly_dir, repos_path, gitaly_url].compact.join(',') component_timed_setup('Gitaly', install_dir: gitaly_dir, version: Gitlab::GitalyClient.expected_server_version, - task: "gitlab:gitaly:install[#{gitaly_dir},#{repos_path}]") do + task: "gitlab:gitaly:install[#{install_gitaly_args}]") do Gitlab::SetupHelper.create_gitaly_configuration(gitaly_dir, { 'default' => repos_path }, force: true) start_gitaly(gitaly_dir) @@ -214,6 +215,10 @@ module TestEnv # The process can already be gone if the test run was INTerrupted. end + def gitaly_url + ENV.fetch('GITALY_REPO_URL', nil) + end + def setup_factory_repo setup_repo(factory_repo_path, factory_repo_path_bare, factory_repo_name, BRANCH_SHA) |