diff options
| author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-25 12:11:25 +0000 |
|---|---|---|
| committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-25 12:11:27 +0000 |
| commit | 6e64a6f434e4a8a6edb6a2201ea01b1e636ea9e0 (patch) | |
| tree | 62bfe03b148e2e39ef537bef9b9469ae78677c6b | |
| parent | 304a2529db8963b06e16ea9df101ce0c07de702a (diff) | |
| download | gitlab-ce-6e64a6f434e4a8a6edb6a2201ea01b1e636ea9e0.tar.gz | |
Merge branch 'security-2780-disable-git-v2-protocol-11-7' into 'security-11-7'
[11.7] Disable git v2 protocol temporarily
See merge request gitlab/gitlabhq!2859
(cherry picked from commit f20f2b452fe91849645249044a9b3d3e381697a2)
49ebf1a3 Allow Gitaly to be built from a custom URL
0cab1a90 Disable git v2 protocol temporarily
| -rw-r--r-- | GITALY_SERVER_VERSION | 2 | ||||
| -rw-r--r-- | changelogs/unreleased/security-2780-disable-git-v2-protocol.yml | 5 | ||||
| -rw-r--r-- | doc/administration/git_protocol.md | 7 | ||||
| -rw-r--r-- | doc/development/gitaly.md | 19 | ||||
| -rw-r--r-- | spec/support/helpers/test_env.rb | 7 |
5 files changed, 38 insertions, 2 deletions
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index f8f4f03b3dc..6b89d58f861 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -1.12.1 +1.12.2 diff --git a/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml b/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml new file mode 100644 index 00000000000..30a08a98e83 --- /dev/null +++ b/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml @@ -0,0 +1,5 @@ +--- +title: Disable git v2 protocol temporarily +merge_request: +author: +type: security diff --git a/doc/administration/git_protocol.md b/doc/administration/git_protocol.md index 341a00009e5..11b2adeeeb8 100644 --- a/doc/administration/git_protocol.md +++ b/doc/administration/git_protocol.md @@ -5,6 +5,13 @@ description: "Set and configure Git protocol v2" # Configuring Git Protocol v2 > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/46555) in GitLab 11.4. +> [Temporarily disabled](https://gitlab.com/gitlab-org/gitlab-ce/issues/55769) in GitLab 11.5.8, 11.6.6, 11.7.1, and 11.8+ + +NOTE: **Note:** +Git protocol v2 support has been [temporarily disabled](https://gitlab.com/gitlab-org/gitlab-ce/issues/55769), +as a feature used to hide certain internal references does not function when it +is enabled, and this has a security impact. Once this problem has been resolved, +protocol v2 support will be re-enabled. Git protocol v2 improves the v1 wire protocol in several ways and is enabled by default in GitLab for HTTP requests. In order to enable SSH, diff --git a/doc/development/gitaly.md b/doc/development/gitaly.md index 32beafad307..fdae69bddd7 100644 --- a/doc/development/gitaly.md +++ b/doc/development/gitaly.md @@ -130,6 +130,25 @@ Gitaly. To use a custom Gitaly version in CI you need to update GITALY_SERVER_VERSION. You can use the format `=revision` to use a non-tagged commit from https://gitlab.com/gitlab-org/gitaly in CI. +To use a different Gitaly repository, e.g., if your changes are present +on a fork, you can specify a `GITALY_REPO_URL` environment variable when +running tests: + +```shell +GITALY_REPO_URL=https://gitlab.com/nick.thomas/gitaly bundle exec rspec spec/lib/gitlab/git/repository_spec.rb +``` + +If your fork of Gitaly is private, you can generate a [Deploy Token](../user/project/deploy_tokens/index.md) +and specify it in the URL: + +```shell +GITALY_REPO_URL=https://gitlab+deploy-token-1000:token-here@gitlab.com/nick.thomas/gitaly bundle exec rspec spec/lib/gitlab/git/repository_spec.rb +``` + +To use a custom Gitaly repository in CI, for instance if you want your +GitLab fork to always use your own Gitaly fork, set `GITALY_REPO_URL` +as a [CI environment variable](../ci/variables/README.md#variables). + --- [Return to Development documentation](README.md) diff --git a/spec/support/helpers/test_env.rb b/spec/support/helpers/test_env.rb index d352a7cdf1a..f485eb7b0eb 100644 --- a/spec/support/helpers/test_env.rb +++ b/spec/support/helpers/test_env.rb @@ -160,11 +160,12 @@ module TestEnv def setup_gitaly socket_path = Gitlab::GitalyClient.address('default').sub(/\Aunix:/, '') gitaly_dir = File.dirname(socket_path) + install_gitaly_args = [gitaly_dir, repos_path, gitaly_url].compact.join(',') component_timed_setup('Gitaly', install_dir: gitaly_dir, version: Gitlab::GitalyClient.expected_server_version, - task: "gitlab:gitaly:install[#{gitaly_dir},#{repos_path}]") do + task: "gitlab:gitaly:install[#{install_gitaly_args}]") do Gitlab::SetupHelper.create_gitaly_configuration(gitaly_dir, { 'default' => repos_path }, force: true) start_gitaly(gitaly_dir) @@ -215,6 +216,10 @@ module TestEnv # The process can already be gone if the test run was INTerrupted. end + def gitaly_url + ENV.fetch('GITALY_REPO_URL', nil) + end + def setup_factory_repo setup_repo(factory_repo_path, factory_repo_path_bare, factory_repo_name, BRANCH_SHA) |