Commits · b83c31896cccb5f15f1610024ca8bb11b73f5b34 · Igor Drozdov / Gitlab Shell · GitLab

As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.

Snippets Groups Projects

Jul 26, 2022
- Add simple_roulette to Dangerfile · b83c3189
  Terri Chu authored 2 years ago
  
  b83c3189
Jul 21, 2022
- Merge branch 'id-release-14-10-0' into 'main' · 28188013
  Igor Drozdov authored 2 years ago
  
  Release v14.10.0 See merge request gitlab-org/gitlab-shell!671
  View commits for tag v14.10.0 v14.10.0
  
  28188013
- Release v14.10.0 · f01e1e75
  Igor Drozdov authored 2 years ago
  
  f01e1e75
- Merge branch '506-twofactorverify-command-to-support-push-notification' into 'main' · 0790e49d
  Patrick Bajao authored 2 years ago
  
  Implement Push Auth support for 2FA verification Closes #506 See merge request gitlab-org/gitlab-shell!454
  0790e49d
Jul 20, 2022
- Simplify 2FA Push auth processing · f6feedf9
  Igor Drozdov authored 2 years ago
  
  Use a single channel to handle both Push Auth and OTP results
  f6feedf9
Jul 18, 2022

Implement Push Auth support for 2FA verification · fe5feeea

kmcknight authored 4 years ago and

Igor Drozdov committed 2 years ago

When `2fa_verify` command is executed:

- A user is asked to enter OTP
- A blocking call for push auth is performed

Then:

- If the push auth request fails, the user is still able to enter
OTP
- If OTP is invalid, the `2fa_verify` command ends the execution
- If OTP is valid or push auth request succeeded, then the user is
successfully authenticated
- If 30 seconds passed while no OTP or Push have been provided,
then the `2fa_verify` command ends the execution

fe5feeea

Jul 15, 2022

Merge branch 'sh-fix-flaky-race-test' into 'main' · 9cacca57
Igor Drozdov authored 2 years ago
```
Fix flaky race test

Closes #590

See merge request gitlab-org/gitlab-shell!670
```
9cacca57
Merge branch 'sh-release-14.9.0' into 'main' · aaa61b55
Stan Hu authored 2 years ago
```
Release v14.9.0

See merge request gitlab-org/gitlab-shell!669
```
View commits for tag v14.9.0 v14.9.0

aaa61b55

Fix flaky race test · f5ae8fa3

Stan Hu authored 2 years ago

`ignoredError.err` was being used in a Goroutine handler, but the
value of `ignoredError` changes with each test case. To avoid a race,
make a local copy of the error before each Goroutine runs.

Closes https://gitlab.com/gitlab-org/gitlab-shell/-/issues/590

f5ae8fa3

Release v14.9.0 · 973ae263

Stan Hu authored 2 years ago

- Update LabKit library to v1.16.0 !668
  (https://gitlab.com/gitlab-org/labkit/-/releases/v1.16.0)

973ae263

Jul 13, 2022

Merge branch 'vendor-v1.16.0' into 'main' · 2d25f827
Stan Hu authored 2 years ago
```
Update LabKit library to v1.16.0

See merge request gitlab-org/gitlab-shell!668
```
2d25f827

Update LabKit library to v1.16.0 · 4f53088e

Alejandro Rodríguez authored 2 years ago

* include original address in correlation CIDR checks ([ae96001](https://gitlab.com/gitlab-org/labkit/commit/ae9600163a6f5fa2ad06676a00b310af36573df4))
* run make recipes in parallel during backward compat check ([efa9c71](https://gitlab.com/gitlab-org/labkit/commit/efa9c71e13ef2bfe4415278e6b1e5c5ee8cc8022))

See https://gitlab.com/gitlab-org/labkit/-/releases/v1.16.0

4f53088e

Jul 05, 2022

Merge branch 'id-release-14-8' into 'main' · 9ce57ef8
Igor Drozdov authored 2 years ago
```
Release v14.8.0

See merge request gitlab-org/gitlab-shell!667
```
View commits for tag v14.8.0 v14.8.0

9ce57ef8

Release v14.8.0 · 02d85f98

Igor Drozdov authored 2 years ago

- go: Bump major version to v14 !666
- Pass original IP from PROXY requests to internal API calls !665
- Fix make install copying the wrong binaries !664
- gitlab-sshd: Add support for configuring host certificates !661

02d85f98

Merge branch 'pks-go-module-path-version' into 'main' · d52b5190
Igor Drozdov authored 2 years ago
```
go: Bump major version to v14

Closes #593

See merge request gitlab-org/gitlab-shell!666
```
d52b5190

go: Bump major version to v14 · 822e49b3

Patrick Steinhardt authored 2 years ago

While gitlab-shell currently has a major version of v14, the module path
it exposes is not using that major version like it is required by the Go
standard. This makes it impossible for dependents to import gitlab-shell
as a dependency without using a commit as version.

Fix this by changing the module path of gitlab-shell to instead be
`gitlab.com/gitlab-org/gitlab-shell/v14` and adjust all imports
accordingly.

Changelog: fixed

822e49b3

Jul 01, 2022

Merge branch 'sshd-forwarded-for' into 'main' · 0d7ef238

Igor Drozdov authored 2 years ago

Pass original IP from PROXY requests to internal API calls

See merge request gitlab-org/gitlab-shell!665

0d7ef238

Jun 30, 2022
- Pass original IP from PROXY requests to internal API calls · 9b60ce49
  Alejandro Rodríguez authored 2 years ago
  
  9b60ce49
Jun 29, 2022
- Merge branch 'sh-sshd-add-host-cert-support' into 'main' · 01f4e022
  Igor Drozdov authored 2 years ago
  
  gitlab-sshd: Add support for configuring host certificates See merge request gitlab-org/gitlab-shell!661
  01f4e022
Jun 26, 2022

gitlab-sshd: Add support for configuring host certificates · 4919ec7a

Stan Hu authored 2 years ago

This adds support for specifying host certificates via the
`host_cert_files` option and advertises the signed key to the
client. This acts similarly to OpenSSH's `HostCertificate` parameter:
gitlab-sshd attempts to match a host key to its certificate, and then
substitutes the matching host key with a certificate signed by a
trusted certificate authority's key.

This is the first requirement to supporting SSH certificates. This
will enable the client to trust the server if both trust a common
certificate authority. The `TrustedUserCAKeys` option will need to be
supported later for the server to trust all user keys signed by this
certificate authority.

Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/495

4919ec7a

Jun 23, 2022

Merge branch 'fix-make-install' into 'main' · 34ec4ec8
Igor Drozdov authored 2 years ago
```
Fix make install copying the wrong binaries

See merge request gitlab-org/gitlab-shell!664
```
34ec4ec8

Fix make install copying the wrong binaries · ae2081fc

Stan Hu authored 2 years ago

While testing
https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1062, we
found `make install` was not copying the right binaries, such as
`gitlab-shell-authorized-keys-check`.

This might have originally been written with a single binary in mind
(https://gitlab.com/gitlab-org/gitlab-shell/-/issues/207).

Changelog: fixed

ae2081fc

Jun 16, 2022

Merge branch 'id-release-14-7-4' into 'main' · 44c66836
Igor Drozdov authored 2 years ago
```
Release v14.7.4

See merge request gitlab-org/gitlab-shell!663
```
View commits for tag v14.7.4 v14.7.4

44c66836
Release v14.7.4 · 5c039eb7
Igor Drozdov authored 2 years ago
```
- Update crypto module to fix RSA keys with old gpg-agent
```
5c039eb7

Merge branch 'sh-update-crypto-lib' into 'main' · 162d77af

Igor Drozdov authored 2 years ago

gitlab-sshd: Update crypto module to fix RSA keys with old gpg-agent

See merge request gitlab-org/gitlab-shell!662

162d77af

gitlab-sshd: Update crypto module to fix RSA keys with old gpg-agent · 72d615be

Stan Hu authored 2 years ago

When we put gitlab-sshd in production, we noticed a number of clients
using RSA keys would fail to login. The server would report:

```
ssh: signature "ssh-rsa" not compatible with selected algorithm "rsa-sha2-512"
```

This is reproducible on Ubuntu 18.04, which ships gpg-agent v2.2.4 and
OpenSSH v7.6. That version of gpg-agent does not support
`rsa-sha2-256` or `rsa-sha2-512`, but OpenSSH does. As a result,
OpenSSH specifies `rsa-sha-512` as the public key algorithm to use in
the user authentication request message, but gpg-agent includes an
`ssh-rsa` signature. OpenSSH servers tolerates this discrepancy, but
the Go implementation fails because it expects a strict match.

This commit pulls in
https://gitlab.com/gitlab-org/golang-crypto/-/merge_requests/9 to fix
the problem.

Relates to:

1. https://github.com/golang/go/issues/53391
2. https://gitlab.com/gitlab-org/gitlab-shell/-/issues/587

Changelog: fixed

72d615be

Jun 14, 2022
- Merge branch 'freeze-bundle' into 'main' · ba1d0e65
  Igor Drozdov authored 2 years ago
  
  Set BUNDLE_FROZEN to true Closes #562 See merge request gitlab-org/gitlab-shell!659
  ba1d0e65
Jun 10, 2022

Set BUNDLE_FROZEN to true · 06524043

Alejandro Rodríguez authored 2 years ago

To follow rubygems' security adisory
https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79:

06524043

Jun 07, 2022

Merge branch 'sh-upgrade-bundler-version' into 'main' · ee3dadf4
Igor Drozdov authored 2 years ago
```
Upgrade Gemfile.lock to use bundler to v2.3.15

See merge request gitlab-org/gitlab-shell!658
```
ee3dadf4

Upgrade Gemfile.lock to use bundler to v2.3.15 · c00f41a9

Stan Hu authored 2 years ago

This is just to minimize the versions of bundler used for development.
The GDK runs `support/bundle-install` in this directory to obtain the
version of bundler needed.

This relates to https://gitlab.com/gitlab-org/gitlab/-/issues/364373.

c00f41a9

Jun 06, 2022

Merge branch 'id-release-14-7-3' into 'main' · 26bfd750
Igor Drozdov authored 2 years ago
```
Release v14.7.3

See merge request gitlab-org/gitlab-shell!657
```
View commits for tag v14.7.3 v14.7.3

26bfd750
Release v14.7.3 · bc455b1e
Igor Drozdov authored 2 years ago
```
- Ignore "not our ref" errors from gitlab-sshd error metrics
```
bc455b1e

Merge branch 'sh-ignore-not-our-ref-errors' into 'main' · b8a1bb4a

Igor Drozdov authored 2 years ago

Ignore "not our ref" errors from gitlab-sshd error metrics

See merge request gitlab-org/gitlab-shell!656

b8a1bb4a

Ignore "not our ref" errors from gitlab-sshd error metrics · b5de4796

Stan Hu authored 2 years ago

If a client requests a ref that cannot be found in the repository,
previously gitlab-sshd would record it as part of its service level
indicator metric. This is really an application error between the
client and the Git repository, so we exclude it from our metrics.

Relates to
https://gitlab.com/gitlab-com/gl-infra/reliability/-/issues/15848

Changelog: fixed

b5de4796

Merge branch 'id-release-14-7-2' into 'main' · 5085fe78
Igor Drozdov authored 2 years ago
```
Release 14.7.2

See merge request gitlab-org/gitlab-shell!655
```
View commits for tag v14.7.2 v14.7.2

5085fe78
Release 14.7.2 · d3023899
Igor Drozdov authored 2 years ago
```
- Exclude disallowed command from error rate
```
d3023899
Merge branch 'id-ignore-disallowed-cmd-err' into 'main' · 7780ac92
Patrick Bajao authored 2 years ago
```
Exclude disallowed command from error rate

See merge request gitlab-org/gitlab-shell!654
```
7780ac92

Jun 01, 2022
- Exclude disallowed command from error rate · 9cc4380a
  Igor Drozdov authored 2 years ago
  
  9cc4380a
May 25, 2022
- Merge branch 'id-release-14-7-1' into 'main' · 158109ab
  Igor Drozdov authored 2 years ago
  
  Release 14.7.1 See merge request gitlab-org/gitlab-shell!652
  View commits for tag v14.7.1 v14.7.1
  
  158109ab
- Release 14.7.1 · 51ef1667
  Igor Drozdov authored 2 years ago
  
  - Log gitlab-sshd session level indicator errors !650 - Improve establish session duration metrics !651
  51ef1667

As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.