Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
fe46e4eb
Commit
fe46e4eb
authored
Sep 29, 2016
by
Justin DiPierro
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Load Github::Shell's secret token from file on initialization instead of every request.
parent
9a13f885
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
40 additions
and
21 deletions
+40
-21
CHANGELOG
CHANGELOG
+1
-0
config/initializers/gitlab_shell_secret_token.rb
config/initializers/gitlab_shell_secret_token.rb
+1
-1
lib/api/helpers.rb
lib/api/helpers.rb
+1
-1
lib/gitlab/backend/shell.rb
lib/gitlab/backend/shell.rb
+31
-15
lib/tasks/gitlab/shell.rake
lib/tasks/gitlab/shell.rake
+1
-1
spec/lib/gitlab/backend/shell_spec.rb
spec/lib/gitlab/backend/shell_spec.rb
+5
-3
No files found.
CHANGELOG
View file @
fe46e4eb
...
@@ -42,6 +42,7 @@ v 8.13.0 (unreleased)
...
@@ -42,6 +42,7 @@ v 8.13.0 (unreleased)
- Prevent flash alert text from being obscured when container is fluid
- Prevent flash alert text from being obscured when container is fluid
- Append issue template to existing description !6149 (Joseph Frazier)
- Append issue template to existing description !6149 (Joseph Frazier)
- Trending projects now only show public projects and the list of projects is cached for a day
- Trending projects now only show public projects and the list of projects is cached for a day
- Memoize Gitlab Shell's secret token (!6599, Justin DiPierro)
- Revoke button in Applications Settings underlines on hover.
- Revoke button in Applications Settings underlines on hover.
- Use higher size on Gitlab::Redis connection pool on Sidekiq servers
- Use higher size on Gitlab::Redis connection pool on Sidekiq servers
- Add missing values to linter !6276 (Katarzyna Kobierska Ula Budziszewska)
- Add missing values to linter !6276 (Katarzyna Kobierska Ula Budziszewska)
...
...
config/initializers/gitlab_shell_secret_token.rb
View file @
fe46e4eb
Gitlab
::
Shell
.
new
.
generate_and_link_secret_token
Gitlab
::
Shell
.
ensure_secret_token!
lib/api/helpers.rb
View file @
fe46e4eb
...
@@ -433,7 +433,7 @@ module API
...
@@ -433,7 +433,7 @@ module API
end
end
def
secret_token
def
secret_token
File
.
read
(
Gitlab
.
config
.
gitlab_shell
.
secret_file
).
chomp
Gitlab
::
Shell
.
secret_token
end
end
def
send_git_blob
(
repository
,
blob
)
def
send_git_blob
(
repository
,
blob
)
...
...
lib/gitlab/backend/shell.rb
View file @
fe46e4eb
...
@@ -17,6 +17,18 @@ module Gitlab
...
@@ -17,6 +17,18 @@ module Gitlab
end
end
class
<<
self
class
<<
self
def
secret_token
@secret_token
||=
begin
File
.
read
(
Gitlab
.
config
.
gitlab_shell
.
secret_file
).
chomp
end
end
def
ensure_secret_token!
return
if
File
.
exist?
(
File
.
join
(
Gitlab
.
config
.
gitlab_shell
.
path
,
'.gitlab_shell_secret'
))
generate_and_link_secret_token
end
def
version_required
def
version_required
@version_required
||=
File
.
read
(
Rails
.
root
.
@version_required
||=
File
.
read
(
Rails
.
root
.
join
(
'GITLAB_SHELL_VERSION'
)).
strip
join
(
'GITLAB_SHELL_VERSION'
)).
strip
...
@@ -25,6 +37,25 @@ module Gitlab
...
@@ -25,6 +37,25 @@ module Gitlab
def
strip_key
(
key
)
def
strip_key
(
key
)
key
.
split
(
/ /
)[
0
,
2
].
join
(
' '
)
key
.
split
(
/ /
)[
0
,
2
].
join
(
' '
)
end
end
private
# Create (if necessary) and link the secret token file
def
generate_and_link_secret_token
secret_file
=
Gitlab
.
config
.
gitlab_shell
.
secret_file
shell_path
=
Gitlab
.
config
.
gitlab_shell
.
path
unless
File
.
size?
(
secret_file
)
# Generate a new token of 16 random hexadecimal characters and store it in secret_file.
token
=
SecureRandom
.
hex
(
16
)
File
.
write
(
secret_file
,
token
)
end
link_path
=
File
.
join
(
shell_path
,
'.gitlab_shell_secret'
)
if
File
.
exist?
(
shell_path
)
&&
!
File
.
exist?
(
link_path
)
FileUtils
.
symlink
(
secret_file
,
link_path
)
end
end
end
end
# Init new repository
# Init new repository
...
@@ -201,21 +232,6 @@ module Gitlab
...
@@ -201,21 +232,6 @@ module Gitlab
File
.
exist?
(
full_path
(
storage
,
dir_name
))
File
.
exist?
(
full_path
(
storage
,
dir_name
))
end
end
# Create (if necessary) and link the secret token file
def
generate_and_link_secret_token
secret_file
=
Gitlab
.
config
.
gitlab_shell
.
secret_file
unless
File
.
size?
(
secret_file
)
# Generate a new token of 16 random hexadecimal characters and store it in secret_file.
token
=
SecureRandom
.
hex
(
16
)
File
.
write
(
secret_file
,
token
)
end
link_path
=
File
.
join
(
gitlab_shell_path
,
'.gitlab_shell_secret'
)
if
File
.
exist?
(
gitlab_shell_path
)
&&
!
File
.
exist?
(
link_path
)
FileUtils
.
symlink
(
secret_file
,
link_path
)
end
end
protected
protected
def
gitlab_shell_path
def
gitlab_shell_path
...
...
lib/tasks/gitlab/shell.rake
View file @
fe46e4eb
...
@@ -78,7 +78,7 @@ namespace :gitlab do
...
@@ -78,7 +78,7 @@ namespace :gitlab do
f
.
puts
"PATH=
#{
ENV
[
'PATH'
]
}
"
f
.
puts
"PATH=
#{
ENV
[
'PATH'
]
}
"
end
end
Gitlab
::
Shell
.
new
.
generate_and_link_secret_token
Gitlab
::
Shell
.
ensure_secret_token!
end
end
desc
"GitLab | Setup gitlab-shell"
desc
"GitLab | Setup gitlab-shell"
...
...
spec/lib/gitlab/backend/shell_spec.rb
View file @
fe46e4eb
...
@@ -22,15 +22,14 @@ describe Gitlab::Shell, lib: true do
...
@@ -22,15 +22,14 @@ describe Gitlab::Shell, lib: true do
it
{
expect
(
gitlab_shell
.
url_to_repo
(
'diaspora'
)).
to
eq
(
Gitlab
.
config
.
gitlab_shell
.
ssh_path_prefix
+
"diaspora.git"
)
}
it
{
expect
(
gitlab_shell
.
url_to_repo
(
'diaspora'
)).
to
eq
(
Gitlab
.
config
.
gitlab_shell
.
ssh_path_prefix
+
"diaspora.git"
)
}
describe
'
generate_and_link_
secret_token'
do
describe
'
memoized
secret_token'
do
let
(
:secret_file
)
{
'tmp/tests/.secret_shell_test'
}
let
(
:secret_file
)
{
'tmp/tests/.secret_shell_test'
}
let
(
:link_file
)
{
'tmp/tests/shell-secret-test/.gitlab_shell_secret'
}
let
(
:link_file
)
{
'tmp/tests/shell-secret-test/.gitlab_shell_secret'
}
before
do
before
do
allow
(
Gitlab
.
config
.
gitlab_shell
).
to
receive
(
:path
).
and_return
(
'tmp/tests/shell-secret-test'
)
allow
(
Gitlab
.
config
.
gitlab_shell
).
to
receive
(
:secret_file
).
and_return
(
secret_file
)
allow
(
Gitlab
.
config
.
gitlab_shell
).
to
receive
(
:secret_file
).
and_return
(
secret_file
)
allow
(
Gitlab
.
config
.
gitlab_shell
).
to
receive
(
:path
).
and_return
(
'tmp/tests/shell-secret-test'
)
FileUtils
.
mkdir
(
'tmp/tests/shell-secret-test'
)
FileUtils
.
mkdir
(
'tmp/tests/shell-secret-test'
)
gitlab_shell
.
generate_and_link_secret_token
end
end
after
do
after
do
...
@@ -39,7 +38,10 @@ describe Gitlab::Shell, lib: true do
...
@@ -39,7 +38,10 @@ describe Gitlab::Shell, lib: true do
end
end
it
'creates and links the secret token file'
do
it
'creates and links the secret token file'
do
secret_token
=
Gitlab
::
Shell
.
secret_token
expect
(
File
.
exist?
(
secret_file
)).
to
be
(
true
)
expect
(
File
.
exist?
(
secret_file
)).
to
be
(
true
)
expect
(
File
.
read
(
secret_file
).
chomp
).
to
eq
(
secret_token
)
expect
(
File
.
symlink?
(
link_file
)).
to
be
(
true
)
expect
(
File
.
symlink?
(
link_file
)).
to
be
(
true
)
expect
(
File
.
readlink
(
link_file
)).
to
eq
(
secret_file
)
expect
(
File
.
readlink
(
link_file
)).
to
eq
(
secret_file
)
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment