Commit 509a32f4 authored by Marin Jankovski's avatar Marin Jankovski

Merge branch 'shell-secret-path' of https://github.com/jirutka/gitlabhq into...

Merge branch 'shell-secret-path' of https://github.com/jirutka/gitlabhq into jirutka-shell-secret-path
parents 9c642776 ed3298fc
...@@ -70,6 +70,7 @@ v 7.11.0 (unreleased) ...@@ -70,6 +70,7 @@ v 7.11.0 (unreleased)
- Ensure that the first added admin performs repository imports - Ensure that the first added admin performs repository imports
- Update Asciidoctor gem to version 1.5.2. (Jakub Jirutka) - Update Asciidoctor gem to version 1.5.2. (Jakub Jirutka)
- Fix resolving of relative links to repository files in AsciiDoc documents. (Jakub Jirutka) - Fix resolving of relative links to repository files in AsciiDoc documents. (Jakub Jirutka)
- Allow to configure location of the `.gitlab_shell_secret` file. (Jakub Jirutka)
v 7.10.2 v 7.10.2
- Fix CI links on MR page - Fix CI links on MR page
......
...@@ -245,6 +245,10 @@ production: &base ...@@ -245,6 +245,10 @@ production: &base
repos_path: /home/git/repositories/ repos_path: /home/git/repositories/
hooks_path: /home/git/gitlab-shell/hooks/ hooks_path: /home/git/gitlab-shell/hooks/
# File that contains the secret key for verifying access for gitlab-shell.
# Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
# secret_file: /home/git/gitlab/.gitlab_shell_secret
# Git over HTTP # Git over HTTP
upload_pack: true upload_pack: true
receive_pack: true receive_pack: true
......
...@@ -148,6 +148,7 @@ Settings.gravatar['ssl_url'] ||= 'https://secure.gravatar.com/avatar/%{hash}? ...@@ -148,6 +148,7 @@ Settings.gravatar['ssl_url'] ||= 'https://secure.gravatar.com/avatar/%{hash}?
Settings['gitlab_shell'] ||= Settingslogic.new({}) Settings['gitlab_shell'] ||= Settingslogic.new({})
Settings.gitlab_shell['path'] ||= Settings.gitlab['user_home'] + '/gitlab-shell/' Settings.gitlab_shell['path'] ||= Settings.gitlab['user_home'] + '/gitlab-shell/'
Settings.gitlab_shell['hooks_path'] ||= Settings.gitlab['user_home'] + '/gitlab-shell/hooks/' Settings.gitlab_shell['hooks_path'] ||= Settings.gitlab['user_home'] + '/gitlab-shell/hooks/'
Settings.gitlab_shell['secret_file'] ||= Rails.root.join('.gitlab_shell_secret')
Settings.gitlab_shell['receive_pack'] = true if Settings.gitlab_shell['receive_pack'].nil? Settings.gitlab_shell['receive_pack'] = true if Settings.gitlab_shell['receive_pack'].nil?
Settings.gitlab_shell['upload_pack'] = true if Settings.gitlab_shell['upload_pack'].nil? Settings.gitlab_shell['upload_pack'] = true if Settings.gitlab_shell['upload_pack'].nil?
Settings.gitlab_shell['repos_path'] ||= Settings.gitlab['user_home'] + '/repositories/' Settings.gitlab_shell['repos_path'] ||= Settings.gitlab['user_home'] + '/repositories/'
......
...@@ -5,8 +5,7 @@ require 'securerandom' ...@@ -5,8 +5,7 @@ require 'securerandom'
# Your secret key for verifying the gitlab_shell. # Your secret key for verifying the gitlab_shell.
secret_file = Rails.root.join('.gitlab_shell_secret') secret_file = Gitlab.config.gitlab_shell.secret_file
gitlab_shell_symlink = File.join(Gitlab.config.gitlab_shell.path, '.gitlab_shell_secret')
unless File.exist? secret_file unless File.exist? secret_file
# Generate a new token of 16 random hexadecimal characters and store it in secret_file. # Generate a new token of 16 random hexadecimal characters and store it in secret_file.
...@@ -14,6 +13,7 @@ unless File.exist? secret_file ...@@ -14,6 +13,7 @@ unless File.exist? secret_file
File.write(secret_file, token) File.write(secret_file, token)
end end
if File.exist?(Gitlab.config.gitlab_shell.path) && !File.exist?(gitlab_shell_symlink) link_path = File.join(Gitlab.config.gitlab_shell.path, '.gitlab_shell_secret')
FileUtils.symlink(secret_file, gitlab_shell_symlink) if File.exist?(Gitlab.config.gitlab_shell.path) && !File.exist?(link_path)
FileUtils.symlink(secret_file, link_path)
end end
...@@ -243,7 +243,7 @@ module API ...@@ -243,7 +243,7 @@ module API
end end
def secret_token def secret_token
File.read(Rails.root.join('.gitlab_shell_secret')).chomp File.read(Gitlab.config.gitlab_shell.secret_file).chomp
end end
def handle_member_errors(errors) def handle_member_errors(errors)
......
...@@ -5,7 +5,7 @@ describe API::API, api: true do ...@@ -5,7 +5,7 @@ describe API::API, api: true do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:key) { create(:key, user: user) } let(:key) { create(:key, user: user) }
let(:project) { create(:project) } let(:project) { create(:project) }
let(:secret_token) { File.read Rails.root.join('.gitlab_shell_secret') } let(:secret_token) { File.read Gitlab.config.gitlab_shell.secret_file }
describe "GET /internal/check", no_db: true do describe "GET /internal/check", no_db: true do
it do it do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment