Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • 12-9-stable
  • 12-7-stable
  • 12-6-stable
  • 12-8-stable
  • github/fork/Kloppi313/patch-1
  • 12-5-stable
  • 12-4-stable
  • github/fork/ramalokesh8477/master
  • 12-1-stable
  • 12-2-stable
  • 12-0-stable
  • 12-3-stable
  • 42-42-stable
  • github/fork/hussamgit398/patch-2
  • 12-3-auto-deploy-20190911
  • 12-3-auto-deploy-20190916
  • 12-3-auto-deploy-20190908
  • 12-3-auto-deploy-20190901
  • 12-3-auto-deploy-20190901-32664
  • v12.10.0.pre
  • v12.9.0
  • v12.9.0-rc42
  • v12.8.7
  • v12.8.6
  • v12.8.5
  • v12.8.4
  • v12.8.3
  • v12.6.8
  • v12.7.7
  • v12.8.2
  • v12.8.1
  • v12.9.0.pre
  • v12.8.0
  • v12.8.0-rc42
  • v12.5.10
  • v12.7.6
  • v12.6.7
  • v12.7.5
  • v12.5.9
40 results
Search by author
  • Any Author
  • Grant Young Grant Young grantyoung
  • Nailia Iskhakova Nailia Iskhakova niskhakova
  • gitlab-qa-bot gitlab-qa-bot gitlab-qa-bot
3 authors
  1. Mar 27, 2018
  3. Mar 26, 2018
  5. Mar 21, 2018
  7. Mar 07, 2018
  9. Mar 02, 2018
  11. Feb 28, 2018
  13. Feb 23, 2018
  15. Feb 21, 2018
  17. Jan 31, 2018
  19. Jan 30, 2018
  21. Jan 22, 2018
  23. Jan 08, 2018
    • Michael Kozono's avatar
      Backport option to disable writing to `authorized_keys` file · 255a0f85
      Michael Kozono authored 
      Originally branch 'mk-toggle-writing-to-auth-keys-1631'

See merge request !2004

Squashed commits:
Add authorized_keys_enabled to Application Settings
Ensure default settings are exposed in UI
Without this change, `authorized_keys_enabled` is unchecked when it is nil, even if it should be checked by default.
Add “Speed up SSH operations” documentation
Clarify the reasons for disabling writes
Add "How to go back" section
Tweak copy
Update Application Setting screenshot
      255a0f85
  25. Dec 08, 2017
    • Bob Van Landuyt's avatar
      Move the circuitbreaker check out in a separate process · f1ae1e39
      Bob Van Landuyt authored 
      Moving the check out of the general requests, makes sure we don't have
any slowdown in the regular requests.

To keep the process performing this checks small, the check is still
performed inside a unicorn. But that is called from a process running
on the same server.

Because the checks are now done outside normal request, we can have a
simpler failure strategy:

The check is now performed in the background every
`circuitbreaker_check_interval`. Failures are logged in redis. The
failures are reset when the check succeeds. Per check we will try
`circuitbreaker_access_retries` times within
`circuitbreaker_storage_timeout` seconds.

When the number of failures exceeds
`circuitbreaker_failure_count_threshold`, we will block access to the
storage.

After `failure_reset_time` of no checks, we will clear the stored
failures. This could happen when the process that performs the checks
is not running.
      f1ae1e39
  27. Nov 29, 2017
  29. Nov 23, 2017
  31. Nov 17, 2017
  33. Oct 23, 2017
  35. Oct 17, 2017
  37. Sep 04, 2017
  39. Sep 01, 2017
  41. Aug 31, 2017
  43. Aug 30, 2017
    • Nick Thomas's avatar
      Rework the permissions model for SSH key restrictions · 68470602
      Nick Thomas authored 
      `allowed_key_types` is removed and the `minimum_<type>_bits` fields are
renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies
that the key type is disabled.

This also feeds through to the UI - checkboxes per key type are out, inline
selection of "forbidden" and "allowed" (i.e., no restrictions) are in.

As with the previous model, unknown key types are disallowed, even if the
underlying ssh daemon happens to support them. The defaults have also been
changed from the lowest known bit size to "no restriction". So if someone
does happen to have a 768-bit RSA key, it will continue to work on upgrade, at
least until the administrator restricts them.
      68470602
    • Nick Thomas's avatar
      Add settings for minimum key strength and allowed key type · b0f982fb
      Nick Thomas authored 
      This is an amalgamation of:

* Cory Hinshaw: Initial implementation !5552
* Rémy Coutable: Updates !9350
* Nick Thomas: Resolve conflicts and add ED25519 support !13712
      b0f982fb
  45. Aug 26, 2017
  47. Aug 22, 2017
  49. Aug 21, 2017
    • Sean McGivern's avatar
      Only require sidekiq-limit_fetch when enabled in settings · 0db5f576
      Sean McGivern authored 
      This gem allows Sidekiq jobs to be throttled. Unfortunately, it has a
side-effect: when we haven't enabled job throttling, it will still hit Redis a
lot (and miss, because nothing is configured).

As this setting already required a restart, ensure that the library is only
required when it's enabled.
      0db5f576
  51. Aug 11, 2017
  53. Aug 02, 2017
  55. Jul 20, 2017
  57. Jul 13, 2017
    • Robin Bobbitt's avatar
      Fixes needed when GitLab sign-in is not enabled · 672a68d3
      Robin Bobbitt authored 
      When sign-in is disabled:
 - skip password expiration checks
 - prevent password reset requests
 - don’t show Password tab in User Settings
 - don’t allow login with username/password for Git over HTTP requests
 - render 404 on requests to Profiles::PasswordsController
      672a68d3
  59. Jul 12, 2017