Why and how to enable this is covered in the docs being changed
here. This requires gitlab-org/gitlab-shell@2e8b670 ("Add support for
SSH certificate authentication", 2018-06-14) which has been merged in
and tagged as 8.0.0, so GITLAB_SHELL_VERSION needs to be bumped.
Merging this closesgitlab-org/gitlab-ce#34572 see
gitlab-org/gitlab-shell!207 for the gitlab-shell MR.
Implementation notes:
- The APIs being changed here are all internal, and their sole
consumer is gitlab-shell.
- Most of the changed code is a MR to gitlab-shell, see the
gitlab-org/gitlab-shell!207 MR. That change covers why only some of
the internal methods get a new "username" parameter, and why some
others only get a "user_id".
Add find key by base64 key or fingerprint to the internal API
See merge request !250
Squashed changes:
Add unique index to fingerprint
Add new index to schema
Add internal api to get ssh key by fingerprint
Change API endpoint to authorized_keys
Add InsecureKeyFingerprint that calculates the fingerprint without shelling out
Add require for gitlab key fingerprint
Remove uniqueness of fingerprint index
Remove unique option from migration
Fix spec style in fingerprint test
Fix rubocop complain
Extract insecure key fingerprint to separate file
Change migration to support building index concurrently
Remove those hideous tabs
On GitLab.com, there are write deploy keys with no associated users.
Pushes with these deploy keys end with an Error 500 since we attempt
to look up redirect message. If there is no user, don't attempt
to display a redirect message.
Closes#41466
No external behavior change.
This allows `GitHttpController` to set the HTTP status based on the type of error. Alternatively, we could have added an attribute to GitAccessStatus, but this pattern seemed appropriate.
This new param allows us to share project information between components
that don't share or don't have access to the same filesystem
mountpoints, for example between Gitaly and Rails or between Rails and
Gitlab-Shell hooks. The previous parameters are still supported, but if
found, gl_repository is prefered. The old parameters should be deprecated
once all components support the new format.