Commits · 4c3f8494ebed2543782fe0b380b3e5d7eac35775 · Igor Drozdov / Gitlab Shell · GitLab

As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.

Snippets Groups Projects

Aug 16, 2022
- Add Golang 1.19 to CI · 4c3f8494
  Igor Drozdov authored 2 years ago
  
  4c3f8494
Aug 11, 2022
- Merge branch 'id-update-danger-gem' into 'main' · 8d46766f
  Patrick Bajao authored 2 years ago
  
  Update gitlab-dangerfiles gem See merge request gitlab-org/gitlab-shell!678
  8d46766f
- Update gitlab-dangerfiles gem · ee1781a6
  Igor Drozdov authored 2 years ago
  
  ee1781a6
- Merge branch 'id-release-14-11-0' into 'main' · 6485d567
  Igor Drozdov authored 2 years ago
  
  Release 14.11.0 See merge request gitlab-org/gitlab-shell!677
  View commits for tag v14.11.0 v14.11.0
  
  6485d567
- Release 14.11.0 · 5dc08811
  Igor Drozdov authored 2 years ago
  
  5dc08811
Aug 10, 2022
- Merge branch 'id-update-gitaly-to-v15' into 'main' · dbf5fce6
  Patrick Bajao authored 2 years ago
  
  Update Gitaly to v15 See merge request gitlab-org/gitlab-shell!676
  dbf5fce6
Aug 05, 2022

Merge branch 'I-365101' into 'main' · c50becdf

Igor Drozdov authored 2 years ago

Fixed extra slashes in API request paths generated for geo

See merge request gitlab-org/gitlab-shell!673

c50becdf

Fixed extra slashes in API request paths generated for geo · 15e7e01e
Carlos Yu authored 2 years ago and Igor Drozdov committed 2 years ago

15e7e01e

Update Gitaly to v15 · 2c187671

Igor Drozdov authored 2 years ago

This commit also excludes gitlab-shell from dependencies:

Gitaly specifies Gitlab Shell as a dependency as well in order
to use gitlabnet client to perform API endpoints to Gitlab Rails.
As a result, Gitlab Shell requires Gitaly -> Gitaly requires an
older version of Gitlab Shell -> that version requires an older
version of Gitlab Shell, etc. Let's use exclude to break the
chain earlier

2c187671

Merge branch 'id-fix-git-receive-pack-in-tests' into 'main' · fe170537
Stan Hu authored 2 years ago
```
Fix failing TestGitReceivePackSuccess

See merge request gitlab-org/gitlab-shell!675
```
fe170537

Fix failing TestGitReceivePackSuccess · 67345c2a

Igor Drozdov authored 2 years ago

After https://gitlab.com/gitlab-org/gitaly/-/merge_requests/4766
has been introduced, the test started fail because we basically
cancel the git-receive-pack after the output is received

This commit gracefully closes the connection to make the test
pass

67345c2a

Jul 28, 2022
- Merge branch 'tchu-add-simple-roulette-to-dangerfile' into 'main' · 8f2a4e90
  Patrick Bajao authored 2 years ago
  
  Add simple_roulette to Dangerfile See merge request gitlab-org/gitlab-shell!672
  8f2a4e90
Jul 26, 2022
- Add simple_roulette to Dangerfile · b83c3189
  Terri Chu authored 2 years ago
  
  b83c3189
Jul 21, 2022
- Merge branch 'id-release-14-10-0' into 'main' · 28188013
  Igor Drozdov authored 2 years ago
  
  Release v14.10.0 See merge request gitlab-org/gitlab-shell!671
  View commits for tag v14.10.0 v14.10.0
  
  28188013
- Release v14.10.0 · f01e1e75
  Igor Drozdov authored 2 years ago
  
  f01e1e75
- Merge branch '506-twofactorverify-command-to-support-push-notification' into 'main' · 0790e49d
  Patrick Bajao authored 2 years ago
  
  Implement Push Auth support for 2FA verification Closes #506 See merge request gitlab-org/gitlab-shell!454
  0790e49d
Jul 20, 2022
- Simplify 2FA Push auth processing · f6feedf9
  Igor Drozdov authored 2 years ago
  
  Use a single channel to handle both Push Auth and OTP results
  f6feedf9
Jul 18, 2022

Implement Push Auth support for 2FA verification · fe5feeea

kmcknight authored 4 years ago and

Igor Drozdov committed 2 years ago

When `2fa_verify` command is executed:

- A user is asked to enter OTP
- A blocking call for push auth is performed

Then:

- If the push auth request fails, the user is still able to enter
OTP
- If OTP is invalid, the `2fa_verify` command ends the execution
- If OTP is valid or push auth request succeeded, then the user is
successfully authenticated
- If 30 seconds passed while no OTP or Push have been provided,
then the `2fa_verify` command ends the execution

fe5feeea

Jul 15, 2022

Merge branch 'sh-fix-flaky-race-test' into 'main' · 9cacca57
Igor Drozdov authored 2 years ago
```
Fix flaky race test

Closes #590

See merge request gitlab-org/gitlab-shell!670
```
9cacca57
Merge branch 'sh-release-14.9.0' into 'main' · aaa61b55
Stan Hu authored 2 years ago
```
Release v14.9.0

See merge request gitlab-org/gitlab-shell!669
```
View commits for tag v14.9.0 v14.9.0

aaa61b55

Fix flaky race test · f5ae8fa3

Stan Hu authored 2 years ago

`ignoredError.err` was being used in a Goroutine handler, but the
value of `ignoredError` changes with each test case. To avoid a race,
make a local copy of the error before each Goroutine runs.

Closes https://gitlab.com/gitlab-org/gitlab-shell/-/issues/590

f5ae8fa3

Release v14.9.0 · 973ae263

Stan Hu authored 2 years ago

- Update LabKit library to v1.16.0 !668
  (https://gitlab.com/gitlab-org/labkit/-/releases/v1.16.0)

973ae263

Jul 13, 2022

Merge branch 'vendor-v1.16.0' into 'main' · 2d25f827
Stan Hu authored 2 years ago
```
Update LabKit library to v1.16.0

See merge request gitlab-org/gitlab-shell!668
```
2d25f827

Update LabKit library to v1.16.0 · 4f53088e

Alejandro Rodríguez authored 2 years ago

* include original address in correlation CIDR checks ([ae96001](https://gitlab.com/gitlab-org/labkit/commit/ae9600163a6f5fa2ad06676a00b310af36573df4))
* run make recipes in parallel during backward compat check ([efa9c71](https://gitlab.com/gitlab-org/labkit/commit/efa9c71e13ef2bfe4415278e6b1e5c5ee8cc8022))

See https://gitlab.com/gitlab-org/labkit/-/releases/v1.16.0

4f53088e

Jul 05, 2022

Merge branch 'id-release-14-8' into 'main' · 9ce57ef8
Igor Drozdov authored 2 years ago
```
Release v14.8.0

See merge request gitlab-org/gitlab-shell!667
```
View commits for tag v14.8.0 v14.8.0

9ce57ef8

Release v14.8.0 · 02d85f98

Igor Drozdov authored 2 years ago

- go: Bump major version to v14 !666
- Pass original IP from PROXY requests to internal API calls !665
- Fix make install copying the wrong binaries !664
- gitlab-sshd: Add support for configuring host certificates !661

02d85f98

Merge branch 'pks-go-module-path-version' into 'main' · d52b5190
Igor Drozdov authored 2 years ago
```
go: Bump major version to v14

Closes #593

See merge request gitlab-org/gitlab-shell!666
```
d52b5190

go: Bump major version to v14 · 822e49b3

Patrick Steinhardt authored 2 years ago

While gitlab-shell currently has a major version of v14, the module path
it exposes is not using that major version like it is required by the Go
standard. This makes it impossible for dependents to import gitlab-shell
as a dependency without using a commit as version.

Fix this by changing the module path of gitlab-shell to instead be
`gitlab.com/gitlab-org/gitlab-shell/v14` and adjust all imports
accordingly.

Changelog: fixed

822e49b3

Jul 01, 2022

Merge branch 'sshd-forwarded-for' into 'main' · 0d7ef238

Igor Drozdov authored 2 years ago

Pass original IP from PROXY requests to internal API calls

See merge request gitlab-org/gitlab-shell!665

0d7ef238

Jun 30, 2022
- Pass original IP from PROXY requests to internal API calls · 9b60ce49
  Alejandro Rodríguez authored 2 years ago
  
  9b60ce49
Jun 29, 2022
- Merge branch 'sh-sshd-add-host-cert-support' into 'main' · 01f4e022
  Igor Drozdov authored 2 years ago
  
  gitlab-sshd: Add support for configuring host certificates See merge request gitlab-org/gitlab-shell!661
  01f4e022
Jun 26, 2022

gitlab-sshd: Add support for configuring host certificates · 4919ec7a

Stan Hu authored 2 years ago

This adds support for specifying host certificates via the
`host_cert_files` option and advertises the signed key to the
client. This acts similarly to OpenSSH's `HostCertificate` parameter:
gitlab-sshd attempts to match a host key to its certificate, and then
substitutes the matching host key with a certificate signed by a
trusted certificate authority's key.

This is the first requirement to supporting SSH certificates. This
will enable the client to trust the server if both trust a common
certificate authority. The `TrustedUserCAKeys` option will need to be
supported later for the server to trust all user keys signed by this
certificate authority.

Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/495

4919ec7a

Jun 23, 2022

Merge branch 'fix-make-install' into 'main' · 34ec4ec8
Igor Drozdov authored 2 years ago
```
Fix make install copying the wrong binaries

See merge request gitlab-org/gitlab-shell!664
```
34ec4ec8

Fix make install copying the wrong binaries · ae2081fc

Stan Hu authored 2 years ago

While testing
https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1062, we
found `make install` was not copying the right binaries, such as
`gitlab-shell-authorized-keys-check`.

This might have originally been written with a single binary in mind
(https://gitlab.com/gitlab-org/gitlab-shell/-/issues/207).

Changelog: fixed

ae2081fc

Jun 16, 2022

Merge branch 'id-release-14-7-4' into 'main' · 44c66836
Igor Drozdov authored 2 years ago
```
Release v14.7.4

See merge request gitlab-org/gitlab-shell!663
```
View commits for tag v14.7.4 v14.7.4

44c66836
Release v14.7.4 · 5c039eb7
Igor Drozdov authored 2 years ago
```
- Update crypto module to fix RSA keys with old gpg-agent
```
5c039eb7

Merge branch 'sh-update-crypto-lib' into 'main' · 162d77af

Igor Drozdov authored 2 years ago

gitlab-sshd: Update crypto module to fix RSA keys with old gpg-agent

See merge request gitlab-org/gitlab-shell!662

162d77af

gitlab-sshd: Update crypto module to fix RSA keys with old gpg-agent · 72d615be

Stan Hu authored 2 years ago

When we put gitlab-sshd in production, we noticed a number of clients
using RSA keys would fail to login. The server would report:

```
ssh: signature "ssh-rsa" not compatible with selected algorithm "rsa-sha2-512"
```

This is reproducible on Ubuntu 18.04, which ships gpg-agent v2.2.4 and
OpenSSH v7.6. That version of gpg-agent does not support
`rsa-sha2-256` or `rsa-sha2-512`, but OpenSSH does. As a result,
OpenSSH specifies `rsa-sha-512` as the public key algorithm to use in
the user authentication request message, but gpg-agent includes an
`ssh-rsa` signature. OpenSSH servers tolerates this discrepancy, but
the Go implementation fails because it expects a strict match.

This commit pulls in
https://gitlab.com/gitlab-org/golang-crypto/-/merge_requests/9 to fix
the problem.

Relates to:

1. https://github.com/golang/go/issues/53391
2. https://gitlab.com/gitlab-org/gitlab-shell/-/issues/587

Changelog: fixed

72d615be

Jun 14, 2022
- Merge branch 'freeze-bundle' into 'main' · ba1d0e65
  Igor Drozdov authored 2 years ago
  
  Set BUNDLE_FROZEN to true Closes #562 See merge request gitlab-org/gitlab-shell!659
  ba1d0e65
Jun 10, 2022

Set BUNDLE_FROZEN to true · 06524043

Alejandro Rodríguez authored 2 years ago

To follow rubygems' security adisory
https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79:

06524043

As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.