summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Merge branch 'id-implement-client-keep-alive' into 'main'Patrick Bajao2022-05-126-19/+97
|\ | | | | | | | | Implement ClientKeepAlive option See merge request gitlab-org/gitlab-shell!622
| * Implement ClientKeepAlive optionIgor Drozdov2022-05-126-19/+97
| | | | | | | | | | | | | | | | | | | | Git clients sometimes open a connection and leave it idling, like when compressing objects. Settings like timeout client in HAProxy might cause these idle connections to be terminated. Let's send the keepalive message in order to prevent a client from closing
* | Merge branch 'bump/goproxyproto-062' into 'main'Igor Drozdov2022-05-112-3/+3
|\ \ | |/ |/| | | | | build: bump go-proxyproto to 0.6.2 See merge request gitlab-org/gitlab-shell!610
| * build: bump go-proxyproto to 0.6.2feistel2022-05-062-3/+3
| |
* | Merge branch 'id-release-14-1-0' into 'main'v14.1.1Igor Drozdov2022-05-112-1/+5
|\ \ | | | | | | | | | | | | Release 14.1.1 See merge request gitlab-org/gitlab-shell!621
| * | Release 14.1.1Igor Drozdov2022-05-112-1/+5
|/ / | | | | | | - Log the error that happens on sconn.Wait() !613
* | Merge branch 'id-fix-flacky-test' into 'main'Patrick Bajao2022-05-111-2/+2
|\ \ | | | | | | | | | | | | Use require.WithinDuration to fix flaky test See merge request gitlab-org/gitlab-shell!617
| * | Use require.WithinDuration to fix flacky testIgor Drozdov2022-05-091-2/+2
| |/
* | Merge branch 'id-sync-sshd-sessions' into 'main'Patrick Bajao2022-05-111-0/+2
|\ \ | | | | | | | | | | | | Log the error that happens on sconn.Wait() See merge request gitlab-org/gitlab-shell!613
| * | Log the error that happens on sconn.Wait()Igor Drozdov2022-05-061-0/+2
| |/ | | | | | | | | | | | | Warning level is used because a non-nil error is logged even for successful scenarios We plan to use it for debug reasons
* | Merge branch 'sh-release-14.1.0' into 'main'v14.1.0Igor Drozdov2022-05-112-1/+9
|\ \ | | | | | | | | | | | | Release 14.1.0 See merge request gitlab-org/gitlab-shell!620
| * | Release 14.1.0Stan Hu2022-05-102-1/+9
|/ /
* | Merge branch 'id-make-proxy-policy-configurable' into 'main'Stan Hu2022-05-104-15/+113
|\ \ | | | | | | | | | | | | Make PROXY policy configurable See merge request gitlab-org/gitlab-shell!619
| * | Make PROXY policy configurableIgor Drozdov2022-05-104-15/+113
| | | | | | | | | | | | | | | It would give us more flexibility when we decide to enable PROXY protocol
* | | Merge branch 'id-improve-errors-metrics' into 'main'Stan Hu2022-05-102-15/+14
|\ \ \ | |/ / |/| | | | | | | | Exclude authentication errors from error rate See merge request gitlab-org/gitlab-shell!611
| * | Exclude authentication errors from apdexIgor Drozdov2022-05-102-15/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | Most of the time a connection fails due to the client's misconfiguration or when a client cancels a request, so we shouldn't treat them as an error Warnings will help us to track the errors whether they happened on the server-side
* | | Merge branch 'sh-fix-remote-addr-handling' into 'main'Igor Drozdov2022-05-092-1/+89
|\ \ \ | | | | | | | | | | | | | | | | Fix check_ip argument when gitlab-sshd used with PROXY protocol See merge request gitlab-org/gitlab-shell!616
| * | | Fix check_ip argument when gitlab-sshd used with PROXY protocolStan Hu2022-05-092-1/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When gitlab-sshd were used with the PROXY protocol, the `check_ip` argument passed to `/api/v4/internal/allowed` was the Go remote address, which is a host and port combination (e.g. 127.0.0.1:12345). As a result, This prevents IP restrictions from working properly on Rails. We fix this by stripping out the port if it is present. When OpenSSH is used, this is not an issue because the IP address is extracted from `SSH_CONNECTION`. Changelog: fixed
* | | | Merge branch 'sean_carroll-main-patch-02429' into 'main'Igor Drozdov2022-05-061-1/+1
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | Remove departed team member from CODEOWNERS See merge request gitlab-org/gitlab-shell!615
| * | | Remove departed team member from CODEOWNERSSean Carroll2022-05-061-1/+1
|/ / /
* | | Merge branch 'id-fips-labkit' into 'main'Ash McKenzie2022-05-066-52/+47
|\ \ \ | |_|/ |/| | | | | | | | Use labkit for FIPS check See merge request gitlab-org/gitlab-shell!607
| * | Use labkit for FIPS checkIgor Drozdov2022-05-056-52/+47
|/ / | | | | | | | | New version of LabKit provides FIPS checks that we can use instead of the custom code
* | Merge branch 'pb-release-14-0-0' into 'main'v14.0.0Patrick Bajao2022-05-042-1/+4
|\ \ | | | | | | | | | | | | Release 14.0.0 See merge request gitlab-org/gitlab-shell!609
| * | Release 14.0.0Patrick Bajao2022-05-042-1/+4
|/ / | | | | | | Always use Gitaly sidechannel connections !567
* | Merge branch 'jv-always-use-sidechannel' into 'main'Patrick Bajao2022-05-0412-175/+41
|\ \ | | | | | | | | | | | | Always use Gitaly sidechannel connections See merge request gitlab-org/gitlab-shell!567
| * | Always use Gitaly sidechannel connectionsJacob Vosmaer2022-05-0212-175/+41
|/ / | | | | | | | | | | | | Before this change, the GitLab internal API could use a boolean response field to indicate whether gitlab-shell should make sidechannel connections go Gitaly. We now ignore that response field and always use sidechannel connections.
* | Merge branch 'id-release-13-26-0' into 'main'v13.26.0Igor Drozdov2022-04-292-1/+7
|\ \ | | | | | | | | | | | | Release 13.26.0 See merge request gitlab-org/gitlab-shell!608
| * | Release 13.26.0Igor Drozdov2022-04-292-1/+7
|/ / | | | | | | | | | | - Add JWT token to GitLab Rails request !596 - Drop go 1.16 support !601 - Remove `self_signed_cert` option !602
* | Merge branch '484_remove_outdated_func' into 'main'Ash McKenzie2022-04-271-10/+0
|\ \ | | | | | | | | | | | | Remove deprecated function NewHTTPClient See merge request gitlab-org/gitlab-shell!603
| * | Remove deprecated function NewHTTPClientVasilii Iakliushin2022-04-261-10/+0
| | | | | | | | | | | | | | | | | | Contributes to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/484 Changelog: removed
* | | Merge branch 'id-gitlabnet-jwt' into 'main'Patrick Bajao2022-04-274-9/+77
|\ \ \ | |/ / |/| | | | | | | | Add JWT token to GitLab Rails request See merge request gitlab-org/gitlab-shell!596
| * | Add JWT token to GitLab Rails requestIgor Drozdov2022-04-264-9/+77
|/ / | | | | | | | | It is passed as a Gitlab-Shell-Api-Request header and uses the same shared secret in order to encrypt the token
* | Merge branch 'drop/go-1.16' into 'main'Igor Drozdov2022-04-262-2/+63
|\ \ | | | | | | | | | | | | drop go 1.16 support See merge request gitlab-org/gitlab-shell!601
| * | drop go 1.16 supportfeistel2022-04-212-2/+63
| | |
* | | Merge branch '541_remove_self_signed_cert_option' into 'main'Igor Drozdov2022-04-266-29/+16
|\ \ \ | | | | | | | | | | | | | | | | Remove `self_signed_cert` option See merge request gitlab-org/gitlab-shell!602
| * | | Remove `self_signed_cert` optionVasilii Iakliushin2022-04-226-29/+16
| |/ / | | | | | | | | | | | | | | | Contributes to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/541 Changelog: removed
* | | Merge branch 'feat/status-rwmutex' into 'main'Igor Drozdov2022-04-261-3/+3
|\ \ \ | | | | | | | | | | | | | | | | feat: replace status mutex with RWMutex See merge request gitlab-org/gitlab-shell!604
| * | | feat: replace status mutex with RWMutexfeistel2022-04-221-3/+3
| |/ /
* | | Merge branch 'id-release-13-25-2' into 'main'v13.25.2Igor Drozdov2022-04-262-1/+6
|\ \ \ | | | | | | | | | | | | | | | | Release v13.25.2 See merge request gitlab-org/gitlab-shell!606
| * | | Release v13.25.2Igor Drozdov2022-04-262-1/+6
|/ / /
* | | Merge branch 'id-revert-ssh-connection-timeouts' into 'main'Patrick Bajao2022-04-264-53/+1
|\ \ \ | |/ / |/| | | | | | | | Revert "Abort long-running unauthenticated SSH connections" See merge request gitlab-org/gitlab-shell!605
| * | Revert "Abort long-running unauthenticated SSH connections"Igor Drozdov2022-04-254-53/+1
|/ / | | | | | | This reverts commit 3a2c8f2c47774a35d840ec8baf54341beede5d43.
* | Merge branch 'bump/go-tool-version' into 'main'Ash McKenzie2022-04-211-1/+1
|\ \ | | | | | | | | | | | | Bump Go to 1.17.9 for asdf users See merge request gitlab-org/gitlab-shell!600
| * | Bump Go to 1.17.9 for asdf usersfeistel2022-04-201-1/+1
| |/
* | Merge branch 'sh-fix-typo-fips' into 'main'Igor Drozdov2022-04-211-1/+1
|\ \ | |/ |/| | | | | Fix typo in FIPS mode message See merge request gitlab-org/gitlab-shell!599
| * Fix typo in FIPS mode messageStan Hu2022-04-191-1/+1
|/ | | | Rename Gitaly -> gitlab-shell
* Merge branch 'id-release-13-25-1' into 'main'v13.25.1Igor Drozdov2022-04-192-1/+7
|\ | | | | | | | | Release 13.25.1 See merge request gitlab-org/gitlab-shell!598
| * Release 13.25.1Igor Drozdov2022-04-192-1/+7
|/
* Merge branch 'sh-fips-mode' into 'main'Igor Drozdov2022-04-194-0/+40
|\ | | | | | | | | Add support for FIPS encryption See merge request gitlab-org/gitlab-shell!597
| * Add support for FIPS encryptionStan Hu2022-04-184-0/+40
|/ | | | | | | | | | | | | | This commit adds support of using a FIPS-validated SSL library with compiled Go executables when `FIPS_MODE=1 make` is run. A Go compiler that supports BoringSSL either directly (e.g. the `dev.boringcrypto` branch) or with a dynamically linked OpenSSL (e.g. https://github.com/golang-fips/go) is required. This is similar to the changes to support FIPS in GitLab Runner and in GitLab Pages: https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/716 Changelog: added
View Lorry Controller Status