As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.

Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • 608-improve-gitlab-shell-logging-structure
  • ashmckenzie/update-golangci-setup
  • 762_use_workhorse_ssh_endpoint
  • fix-issue-708
  • id-use-workhorse-git-ssh-rpc
  • ashmckenzie/debug-yamux-issues
  • ag-remove-geo-ffs
  • aakriti.gupta-main-patch-64039
  • ashmckenzie/gssapi-fixes
  • 671-race-golang-1-x-failed-with-stdin-send-error-eof
  • igor.drozdov-main-patch-82081
  • ashmckenzie/include-metadata-in-access-finish-log-line
  • 660-job-failed-4563144016
  • id-bump-logrus
  • sh-ssh-certificates
  • tmp-geo-push-poc
  • igor.drozdov-main-patch-40896
  • tmp-kerberos-testing
  • id-test-agains-1.19
  • v14.39.0
  • v14.38.0
  • v14.37.0
  • v14.36.0
  • v14.35.0
  • v14.34.0
  • v14.33.0
  • v14.32.0
  • v14.31.0
  • v14.30.1
  • v14.30.0
  • v14.29.0
  • v14.28.0
  • v14.27.0
  • v14.26.0
  • v14.25.0
  • v14.24.1
  • v14.24.0
  • v14.23.0
  • v14.22.0
40 results
Search by author
  • Any Author
  • Igor Drozdov Igor Drozdov idrozdov
1 author
  1. Dec 17, 2020
  3. Dec 16, 2020
  5. Dec 11, 2020
  7. Dec 10, 2020
  9. Nov 23, 2020
  11. Nov 20, 2020
  13. Nov 19, 2020
  15. Nov 18, 2020
  17. Nov 17, 2020
  19. Nov 06, 2020
  21. Nov 05, 2020
  23. Nov 04, 2020
  25. Nov 03, 2020
  27. Oct 23, 2020
  29. Oct 20, 2020
  31. Oct 19, 2020
    • Stan Hu's avatar
      Fix incorrect actor used to check permissions for SSH receive-pack · 354f5bf2
      Stan Hu authored 
      During a SSH receive-pack request (e.g. `git push`), gitlab-shell was
incorrectly using the user returned by the `/internal/allowed` API
endpoint to make an SSHReceivePack RPC call. This caused a number of
problems with deploy keys with write access:

1. Keys that were generated by a blocked user would be denied the
ability to write.

2. Keys that were generated by user that did not have write access to
the project would also be denied.

GitLab 12.4 removed the Ruby implementation of gitlab-shell in favor of
the Golang implementation, and these implementations worked slightly
differently. In
https://gitlab.com/gitlab-org/gitlab-shell/blob/v10.1.0/lib/gitlab_shell.rb,
the Ruby implementation would always use `@who` (e.g. `key-123`), but in
gitlab-shell v10.2.0 the Go implementation would always use the user
from the API response.

Reads did not have this issue because the user/deploy key is never
passed to Gitaly for additional permission checks. Writes need this
information for the pre-receive to check access to protected branches,
push rules, etc.

Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/479
      354f5bf2
    • Patrick Bajao's avatar
      Merge branch 'ashmckenzie/set-ssl-cert-dir-env-var' into 'master' · c09bdad6
      Patrick Bajao authored 
      Set SSL_CERT_DIR env var when building command

See merge request gitlab-org/gitlab-shell!423
      c09bdad6

As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.