summaryrefslogtreecommitdiff
path: root/bin
Commit message (Collapse)AuthorAgeFilesLines
* Remove mistaken support for `gitlab-shell user-123`gitlab-shell-no-glid-argumentJacob Vosmaer2018-09-281-1/+1
|
* Merge remote-tracking branch 'upstream/8-1-stable' into ↵Nick Thomas2018-08-141-1/+5
|\ | | | | | | 148-merge-8-1-1-to-master
| * Harden gitlab-shell against arguments following the gl_id parameter in the ↵Nick Thomas2018-08-091-1/+1
| | | | | | | | command line
| * Fix two regressions in SSH certificate supportÆvar Arnfjörð Bjarmason2018-08-081-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix two regressions in my 2e8b670 ("Add support for SSH certificate authentication", 2018-06-14) merged in gitlab-org/gitlab-shell!207. This fixes the issue noted in gitlab-org/gitlab-shell#145 where the command-line contains things other than the key/user/username, and also a regression where SSH certificates are being used, and the username presented in the key is unknown to GitLab. In that case, we should log the user in as "Anonymous" (on an instance that allows public access), but because of how the error checking around api.discover() was implemented we ended up erroring out instead.
* | Revert "Merge branch 'ash.mckenzie/srp-refactor' into 'master'"Nick Thomas2018-08-144-15/+15
| | | | | | | | | | This reverts commit 3aaf4751e09262c53544a1987f59b1308af9b6c1, reversing changes made to c6577e0d75f51b017f2f332838b97c3ca5b497c0.
* | Add missing require statement in create-hooksStan Hu2018-08-091-0/+1
| | | | | | | | Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/50160
* | Fixed comments in bin/gitlab-shell-authorized*Ash McKenzie2018-08-012-4/+4
| |
* | Merge remote-tracking branch 'origin/master' into ash.mckenzie/srp-refactorAsh McKenzie2018-08-012-3/+39
|\ \ | |/
| * Add support for SSH certificate authenticationÆvar Arnfjörð Bjarmason2018-07-262-3/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This along with the code submitted to gitlab-ce in the gitlab-org/gitlab-ce! MR implements SSH certificate authentication. See the docs added to gitlab-ce for why and how to enable this. This, along with that MR, closes gitlab-org/gitlab-ce#3457 Implementation notes: - Because it's easy to do, and because an earlier nascent version of this would pass user-ID to gitlab-shell, that's now supported, even though the SSH certificate authentication uses username-USERNAME. - The astute reader will notice that not all the API calls in gitlab-ce's lib/api/internal.rb support a "username" argument, some only support "user_id". There's a few reasons for this: a) For this to be efficient, I am bending over backwards to avoid extra API calls when using SSH certificates. Therefore the /allowed API call will now return a "user id" to us if we're allowed to proceed further. This is then fed to existing APIs that would only be called after a successful call to /allowed. b) Not all of the git-shell codepaths go through /internal/allowed, or ever deal with a repository, e.g. the argument-less "Welcome to GitLab", and /internal/2fa_recovery_codes. These need to use /internal/discover to figure out details about the user, so support looking that up by username. c) Once we have the "user id", the GL_ID gets passed down to e.g. user-authored hooks. I don't want to have those all break by having to handle a third GL_ID mode of "username" in addition to the current "key id" and "user id".
* | key_id is overloaded, use key_strAsh McKenzie2018-08-011-2/+2
| |
* | Use full_key to highlight it's the full SSH keyAsh McKenzie2018-08-013-10/+10
|/
* Flush log file after every writeJacob Vosmaer (GitLab)2018-03-231-0/+10
|
* Remove direct redis integrationNick Thomas2018-01-121-19/+4
|
* Remove the GitlabProjects implementationNick Thomas2018-01-122-31/+24
|
* Introduce a more-complete implementation of bin/authorized_keysNick Thomas2017-12-191-0/+42
| | | | | | | | | bin/authorized_keys doesn't check that the requesting user matches the expected user, so to enable database authorized keys lookups, we currently ask the admin to create a custom script for that purpose. Better is to have a complete script that can perform the whole task. This commit introduces bin/gitlab-shell-authorized-keys-check which does so.
* Support `redis` field on /internal/check API endpointAlejandro Rodríguez2017-09-051-12/+28
|
* Revert "Merge branch 'sh-disable-rubygems' into 'master'"Stan Hu2017-07-057-7/+7
| | | | | This reverts commit a18c90128e4d3eeae1233b1bc3c3998afd223c0d, reversing changes made to 0a64624152735766c428d1532e434dd0bf5a9748.
* Disable RubyGems to increase performanceStan Hu2017-07-037-7/+7
| | | | | | By default, RubyGems is enabled, which causes the Ruby interpreter to load 600+ additional files at startup when gitlab-shell is designed not to use any external gems.
* Use gitaly-upload-pack and gitaly-receive-packJacob Vosmaer2017-05-231-24/+5
|
* Use recursive lookup for git repositories in the bin/create-hooks scriptDmitriy Zaporozhets2017-04-251-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Better variable nameJacob Vosmaer2017-04-121-5/+5
|
* Add hello-world executableJacob Vosmaer2017-04-121-0/+36
|
* Instrument GitLab Shell and log metrics data to a filePaco Guzman2016-10-111-1/+4
|
* Refactor 'GitlabKey' class awaysmall-fixesJacob Vosmaer2016-08-041-1/+1
| | | | | It is not nice to have both 'GitlabKeys' and 'GitlabKey'. We also do not need GitlabKey to be a class when it has no state.
* Improve output from redis checkJacob Vosmaer2016-08-041-1/+7
|
* Improve authorized_keys checkJacob Vosmaer2016-08-021-5/+3
| | | | | | The old check only looked if authorized_keys exists. With this change, we look whether we can actually open the file for reading and writing. When this fails we try to print useful diagnostic information.
* Manage authorized_keys permissions continuouslykeys-chmodJacob Vosmaer2016-08-011-2/+0
| | | | | | We can lazily create authorized_keys and set its permissions. This adds negligible overhead and it allows us to remove a setup step from GitLab both on source and in omnibus-gitlab.
* More ENV.deleteJacob Vosmaer2016-07-201-1/+1
|
* Refactor repository paths handling to allow multiple git mount pointsshardsAlejandro Rodríguez2016-06-293-17/+22
|
* Use Redis Ruby client instead of shelling out to redis-cliStan Hu2016-05-121-4/+1
| | | | Closes gitlab-org/gitlab-ce#17329
* Remove the update-head command since GitLab doesn't use it anymoreRémy Coutable2016-04-281-2/+0
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Invert clause when checking key for clarityuse-ssh-key-internal-apiPablo Carranza2016-03-241-3/+3
|
* Add empty key checkPablo Carranza2016-03-241-2/+2
|
* Change the key format when generating the authorized key to match the legacy onePablo Carranza2016-03-241-1/+1
|
* Change use of fingerprint for whole keyPablo Carranza2016-03-241-5/+5
|
* Add authorized keys bin script to find keys by fingerprintPablo Carranza2016-03-241-0/+25
|
* Limit availability of SSH_ORIGINAL_COMMANDJacob Vosmaer2015-11-251-1/+1
| | | | | Hoping this makes it more obvious when code touches the very unsafe contents of this variable.
* Revert "Merge branch 'use-load-path' into 'master' "Dmitriy Zaporozhets2015-11-125-12/+7
| | | | | This reverts commit ae498b6cd4122d3d7f35e6b73b50c53615ca3488, reversing changes made to 79fdf65c71e90773fbf52d6832b74cf5a7124755.
* use load path instead of require_relativePirate Praveen2015-11-105-7/+12
|
* GitlabShell doesn't need to set GL_ID at all.Douwe Maan2015-04-061-1/+4
|
* Write GitlabShell error to stderr.nice-error-messageDouwe Maan2015-04-061-2/+5
|
* Remove recursive commands from bin/installJacob Vosmaer2015-02-261-2/+1
| | | | | | | | | | It is not clear what we need these for anymore. Because these commands would recurse once through all existing files in all Git repositories, and then another time through all directories these commands could take very long on a server with a lot of repositories. We keep the 'chmod' on config.repos_path, to deny world access to all files and directories beneath it.
* Show nice error message when internal API is unreachable.Douwe Maan2015-02-111-5/+10
|
* Merge pull request #177 from feedhenry/keys_listDmitriy Zaporozhets2014-10-281-0/+2
|\ | | | | Added list-keys command, with associated spec
| * Added list-keys command and specDavid Martin2014-10-151-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removed puts and tidied up regex Address the hound Address the hound, again Use single quotes Add back travis.yml file Remove travis.yml, only keep on fh-master Use single quotes Use single quotes
* | Added list-projects command & specDavid Martin2014-10-151-0/+2
|/ | | | | | | | | | list-projects command usage Single quotes Use single quotes Use single quotes
* Ignore missing repositories in create-hooksJacob Vosmaer2014-09-091-1/+5
| | | | | | | When bin/create-hooks is run against a live GitLab server, there is a possibility of race conditions when a user deletes one of their repositories after bin/create-hooks found it. With this change, bin/create-hooks will ignore missing file errors.
* Add gitlab-keys batch-add-keysJacob Vosmaer2014-03-141-1/+3
| | | | | This command is intended to be called by the GitLab Rails code when restoring an application backup.
* Use safer shell invocations in bin/installJacob Vosmaer2014-03-071-9/+9
|
* Make support/rewrite-hooks.sh use bin/create_hooksJacob Vosmaer2014-02-261-0/+12
|
View Lorry Controller Status