Merge branch 'gitlab-workhorse-safeties' into 'master'

Security and safety improvements for gitlab-workhorse integration Companion to https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/60 - Use a custom content type when sending data to gitlab-workhorse - Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse This will allow us to build features in gitlab-workhorse that require more trust, and protect us against programming mistakes in the future. This is designed so that no action is required for installations from source. For omnibus-gitlab we need to add code that manages the shared secret. See merge request !5907
author: Jacob Vosmaer (GitLab) <jacob@gitlab.com> 2016-09-09 11:33:08 +0000
committer: Jacob Vosmaer (GitLab) <jacob@gitlab.com> 2016-09-09 11:33:08 +0000
commit: b7e6da5a4baf1e6ac0e6d62ef6ff5a09de44d6f1 (patch)
tree: e99ed8e70ababbeaacf301345e8d356ff73c0409 /config
parent: 483a28a46bc3ad060749e36585912033440ae8c3 (diff)
parent: 7ad0bfac2301e6d5be9d0621edcf695ce9f9c01a (diff)
download: gitlab-ce-b7e6da5a4baf1e6ac0e6d62ef6ff5a09de44d6f1.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/config/initializers/gitlab_workhorse_secret.rb b/config/initializers/gitlab_workhorse_secret.rb
new file mode 100644
index 00000000000..ed54dc11098
--- /dev/null
+++ b/config/initializers/gitlab_workhorse_secret.rb
@@ -0,0 +1,8 @@
+begin
+  Gitlab::Workhorse.secret
+rescue
+  Gitlab::Workhorse.write_secret
+end
+
+# Try a second time. If it does not work this will raise.
+Gitlab::Workhorse.secret
author	Jacob Vosmaer (GitLab) <jacob@gitlab.com>	2016-09-09 11:33:08 +0000
committer	Jacob Vosmaer (GitLab) <jacob@gitlab.com>	2016-09-09 11:33:08 +0000
commit	b7e6da5a4baf1e6ac0e6d62ef6ff5a09de44d6f1 (patch)
tree	e99ed8e70ababbeaacf301345e8d356ff73c0409 /config
parent	483a28a46bc3ad060749e36585912033440ae8c3 (diff)
parent	7ad0bfac2301e6d5be9d0621edcf695ce9f9c01a (diff)
download	gitlab-ce-b7e6da5a4baf1e6ac0e6d62ef6ff5a09de44d6f1.tar.gz