debian-mirror-gitlab/lib/gitlab/shell.rb

459 lines
15 KiB
Ruby
Raw Normal View History

2018-12-13 13:39:08 +05:30
# frozen_string_literal: true
2018-11-08 19:23:39 +05:30
# Gitaly note: SSH key operations are not part of Gitaly so will never be migrated.
2017-09-10 17:25:29 +05:30
2016-08-24 12:49:21 +05:30
require 'securerandom'
2014-09-02 18:07:02 +05:30
module Gitlab
class Shell
2017-09-10 17:25:29 +05:30
GITLAB_SHELL_ENV_VARS = %w(GIT_TERMINAL_PROMPT).freeze
2017-08-17 22:00:37 +05:30
Error = Class.new(StandardError)
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
class << self
2020-03-09 13:42:32 +05:30
# Retrieve GitLab Shell secret token
#
# @return [String] secret token
2016-11-03 12:29:30 +05:30
def secret_token
@secret_token ||= begin
File.read(Gitlab.config.gitlab_shell.secret_file).chomp
end
end
2020-03-09 13:42:32 +05:30
# Ensure gitlab shell has a secret token stored in the secret_file
# if that was never generated, generate a new one
2016-11-03 12:29:30 +05:30
def ensure_secret_token!
return if File.exist?(File.join(Gitlab.config.gitlab_shell.path, '.gitlab_shell_secret'))
generate_and_link_secret_token
end
2020-03-09 13:42:32 +05:30
# Returns required GitLab shell version
#
# @return [String] version from the manifest file
2015-04-26 12:48:37 +05:30
def version_required
2017-09-10 17:25:29 +05:30
@version_required ||= File.read(Rails.root
.join('GITLAB_SHELL_VERSION')).strip
2015-04-26 12:48:37 +05:30
end
2016-09-29 09:46:39 +05:30
2016-11-03 12:29:30 +05:30
private
# Create (if necessary) and link the secret token file
def generate_and_link_secret_token
secret_file = Gitlab.config.gitlab_shell.secret_file
shell_path = Gitlab.config.gitlab_shell.path
unless File.size?(secret_file)
# Generate a new token of 16 random hexadecimal characters and store it in secret_file.
@secret_token = SecureRandom.hex(16)
File.write(secret_file, @secret_token)
end
link_path = File.join(shell_path, '.gitlab_shell_secret')
if File.exist?(shell_path) && !File.exist?(link_path)
FileUtils.symlink(secret_file, link_path)
end
end
2015-04-26 12:48:37 +05:30
end
2020-03-09 13:42:32 +05:30
# Initialize a new project repository using a Project model
#
# @param [Project] project
# @return [Boolean] whether repository could be created
2019-03-02 22:35:43 +05:30
def create_project_repository(project)
create_repository(project.repository_storage, project.disk_path, project.full_path)
end
2020-03-09 13:42:32 +05:30
# Initialize a new wiki repository using a Project model
#
# @param [Project] project
# @return [Boolean] whether repository could be created
2019-03-02 22:35:43 +05:30
def create_wiki_repository(project)
create_repository(project.repository_storage, project.wiki.disk_path, project.wiki.full_path)
end
2014-09-02 18:07:02 +05:30
# Init new repository
#
2020-03-09 13:42:32 +05:30
# @example Create a repository
2019-03-02 22:35:43 +05:30
# create_repository("default", "path/to/gitlab-ci", "gitlab/gitlab-ci")
2014-09-02 18:07:02 +05:30
#
2020-03-09 13:42:32 +05:30
# @param [String] storage the shard key
# @param [String] disk_path project path on disk
# @param [String] gl_project_path project name
# @return [Boolean] whether repository could be created
2019-03-02 22:35:43 +05:30
def create_repository(storage, disk_path, gl_project_path)
relative_path = disk_path.dup
2018-03-17 18:26:18 +05:30
relative_path << '.git' unless relative_path.end_with?('.git')
2019-03-02 22:35:43 +05:30
# During creation of a repository, gl_repository may not be known
# because that depends on a yet-to-be assigned project ID in the
# database (e.g. project-1234), so for now it is blank.
repository = Gitlab::Git::Repository.new(storage, relative_path, '', gl_project_path)
2018-11-18 11:00:15 +05:30
wrapped_gitaly_errors { repository.gitaly_repository_client.create_repository }
true
2018-05-09 12:01:36 +05:30
rescue => err # Once the Rugged codes gets removes this can be improved
2019-09-30 21:07:59 +05:30
Rails.logger.error("Failed to add repository #{storage}/#{disk_path}: #{err}") # rubocop:disable Gitlab/RailsLogger
2018-03-17 18:26:18 +05:30
false
2014-09-02 18:07:02 +05:30
end
2020-03-09 13:42:32 +05:30
# Import wiki repository from external service
#
# @param [Project] project
# @param [Gitlab::LegacyGithubImport::WikiFormatter, Gitlab::BitbucketImport::WikiFormatter] wiki_formatter
# @return [Boolean] whether repository could be imported
2019-03-02 22:35:43 +05:30
def import_wiki_repository(project, wiki_formatter)
import_repository(project.repository_storage, wiki_formatter.disk_path, wiki_formatter.import_url, project.wiki.full_path)
end
2020-03-09 13:42:32 +05:30
# Import project repository from external service
#
# @param [Project] project
# @return [Boolean] whether repository could be imported
2019-03-02 22:35:43 +05:30
def import_project_repository(project)
import_repository(project.repository_storage, project.disk_path, project.import_url, project.full_path)
end
2014-09-02 18:07:02 +05:30
# Import repository
#
2020-03-09 13:42:32 +05:30
# @example Import a repository
# import_repository("nfs-file06", "gitlab/gitlab-ci", "https://gitlab.com/gitlab-org/gitlab-test.git", "gitlab/gitlab-ci")
2014-09-02 18:07:02 +05:30
#
2020-03-09 13:42:32 +05:30
# @param [String] storage project's storage name
# @param [String] disk_path project path on disk
# @param [String] url from external resource to import from
# @param [String] gl_project_path project name
# @return [Boolean] whether repository could be imported
def import_repository(storage, disk_path, url, gl_project_path)
2018-03-17 18:26:18 +05:30
if url.start_with?('.', '/')
raise Error.new("don't use disk paths with import_repository: #{url.inspect}")
end
2020-03-09 13:42:32 +05:30
relative_path = "#{disk_path}.git"
2019-03-02 22:35:43 +05:30
cmd = GitalyGitlabProjects.new(storage, relative_path, gl_project_path)
2018-03-17 18:26:18 +05:30
2018-11-08 19:23:39 +05:30
success = cmd.import_project(url, git_timeout)
2018-03-17 18:26:18 +05:30
raise Error, cmd.output unless success
success
2017-08-17 22:00:37 +05:30
end
2020-03-09 13:42:32 +05:30
# Move or rename a repository
2014-09-02 18:07:02 +05:30
#
2020-03-09 13:42:32 +05:30
# @example Move/rename a repository
2016-08-24 12:49:21 +05:30
# mv_repository("/path/to/storage", "gitlab/gitlab-ci", "randx/gitlab-ci-new")
2020-03-09 13:42:32 +05:30
#
# @param [String] storage project's storage path
# @param [String] disk_path current project path on disk
# @param [String] new_disk_path new project path on disk
# @return [Boolean] whether repository could be moved/renamed on disk
def mv_repository(storage, disk_path, new_disk_path)
return false if disk_path.empty? || new_disk_path.empty?
2018-03-17 18:26:18 +05:30
2020-03-09 13:42:32 +05:30
Gitlab::Git::Repository.new(storage, "#{disk_path}.git", nil, nil).rename("#{new_disk_path}.git")
2019-12-21 20:55:43 +05:30
true
rescue => e
2020-03-09 13:42:32 +05:30
Gitlab::ErrorTracking.track_exception(e, path: disk_path, new_path: new_disk_path, storage: storage)
2019-12-21 20:55:43 +05:30
false
2014-09-02 18:07:02 +05:30
end
2018-03-17 18:26:18 +05:30
# Fork repository to new path
2020-03-09 13:42:32 +05:30
#
# @param [Project] source_project forked-from Project
# @param [Project] target_project forked-to Project
2019-03-02 22:35:43 +05:30
def fork_repository(source_project, target_project)
forked_from_relative_path = "#{source_project.disk_path}.git"
fork_args = [target_project.repository_storage, "#{target_project.disk_path}.git", target_project.full_path]
2018-11-08 19:23:39 +05:30
2019-03-02 22:35:43 +05:30
GitalyGitlabProjects.new(source_project.repository_storage, forked_from_relative_path, source_project.full_path).fork_repository(*fork_args)
2014-09-02 18:07:02 +05:30
end
2018-03-17 18:26:18 +05:30
# Removes a repository from file system, using rm_diretory which is an alias
# for rm_namespace. Given the underlying implementation removes the name
# passed as second argument on the passed storage.
2014-09-02 18:07:02 +05:30
#
2020-03-09 13:42:32 +05:30
# @example Remove a repository
2016-08-24 12:49:21 +05:30
# remove_repository("/path/to/storage", "gitlab/gitlab-ci")
2020-03-09 13:42:32 +05:30
#
# @param [String] storage project's storage path
# @param [String] disk_path current project path on disk
def remove_repository(storage, disk_path)
return false if disk_path.empty?
2018-03-17 18:26:18 +05:30
2020-03-09 13:42:32 +05:30
Gitlab::Git::Repository.new(storage, "#{disk_path}.git", nil, nil).remove
2019-12-21 20:55:43 +05:30
true
rescue => e
2020-03-09 13:42:32 +05:30
Rails.logger.warn("Repository does not exist: #{e} at: #{disk_path}.git") # rubocop:disable Gitlab/RailsLogger
Gitlab::ErrorTracking.track_exception(e, path: disk_path, storage: storage)
2019-12-21 20:55:43 +05:30
2018-03-17 18:26:18 +05:30
false
2014-09-02 18:07:02 +05:30
end
2019-07-07 11:18:12 +05:30
# Add new key to authorized_keys
2014-09-02 18:07:02 +05:30
#
2020-03-09 13:42:32 +05:30
# @example Add new key
2014-09-02 18:07:02 +05:30
# add_key("key-42", "sha-rsa ...")
#
2020-03-09 13:42:32 +05:30
# @param [String] key_id identifier of the key
# @param [String] key_content key content (public certificate)
# @return [Boolean] whether key could be added
2014-09-02 18:07:02 +05:30
def add_key(key_id, key_content)
2018-03-17 18:26:18 +05:30
return unless self.authorized_keys_enabled?
2019-12-04 20:38:33 +05:30
gitlab_authorized_keys.add_key(key_id, key_content)
2014-09-02 18:07:02 +05:30
end
# Batch-add keys to authorized_keys
#
2020-03-09 13:42:32 +05:30
# @example
2019-07-07 11:18:12 +05:30
# batch_add_keys(Key.all)
2020-03-09 13:42:32 +05:30
#
# @param [Array<Key>] keys
# @return [Boolean] whether keys could be added
2019-07-07 11:18:12 +05:30
def batch_add_keys(keys)
2018-03-17 18:26:18 +05:30
return unless self.authorized_keys_enabled?
2019-12-04 20:38:33 +05:30
gitlab_authorized_keys.batch_add_keys(keys)
2014-09-02 18:07:02 +05:30
end
2020-03-09 13:42:32 +05:30
# Remove SSH key from authorized_keys
2014-09-02 18:07:02 +05:30
#
2020-03-09 13:42:32 +05:30
# @example Remove a key
2019-07-07 11:18:12 +05:30
# remove_key("key-342")
2014-09-02 18:07:02 +05:30
#
2020-03-09 13:42:32 +05:30
# @param [String] key_id
# @return [Boolean] whether key could be removed or not
def remove_key(key_id, _ = nil)
2018-03-17 18:26:18 +05:30
return unless self.authorized_keys_enabled?
2020-03-09 13:42:32 +05:30
gitlab_authorized_keys.rm_key(key_id)
2014-09-02 18:07:02 +05:30
end
2020-03-09 13:42:32 +05:30
# Remove all SSH keys from gitlab shell
2014-09-02 18:07:02 +05:30
#
2020-03-09 13:42:32 +05:30
# @example Remove all keys
2014-09-02 18:07:02 +05:30
# remove_all_keys
#
2020-03-09 13:42:32 +05:30
# @return [Boolean] whether keys could be removed or not
2014-09-02 18:07:02 +05:30
def remove_all_keys
2018-03-17 18:26:18 +05:30
return unless self.authorized_keys_enabled?
2019-12-04 20:38:33 +05:30
gitlab_authorized_keys.clear
2014-09-02 18:07:02 +05:30
end
2020-03-09 13:42:32 +05:30
# Remove SSH keys from gitlab shell that are not in the DB
2018-03-17 18:26:18 +05:30
#
2020-03-09 13:42:32 +05:30
# @example Remove keys not on the database
2018-03-17 18:26:18 +05:30
# remove_keys_not_found_in_db
#
2018-12-05 23:21:45 +05:30
# rubocop: disable CodeReuse/ActiveRecord
2018-03-17 18:26:18 +05:30
def remove_keys_not_found_in_db
return unless self.authorized_keys_enabled?
2019-09-30 21:07:59 +05:30
Rails.logger.info("Removing keys not found in DB") # rubocop:disable Gitlab/RailsLogger
2018-03-17 18:26:18 +05:30
batch_read_key_ids do |ids_in_file|
ids_in_file.uniq!
keys_in_db = Key.where(id: ids_in_file)
next unless ids_in_file.size > keys_in_db.count # optimization
ids_to_remove = ids_in_file - keys_in_db.pluck(:id)
ids_to_remove.each do |id|
2019-09-30 21:07:59 +05:30
Rails.logger.info("Removing key-#{id} not found in DB") # rubocop:disable Gitlab/RailsLogger
2018-03-17 18:26:18 +05:30
remove_key("key-#{id}")
end
end
end
2018-12-05 23:21:45 +05:30
# rubocop: enable CodeReuse/ActiveRecord
2018-03-17 18:26:18 +05:30
2014-09-02 18:07:02 +05:30
# Add empty directory for storing repositories
#
2020-03-09 13:42:32 +05:30
# @example Add new namespace directory
2018-10-15 14:42:47 +05:30
# add_namespace("default", "gitlab")
2014-09-02 18:07:02 +05:30
#
2020-03-09 13:42:32 +05:30
# @param [String] storage project's storage path
# @param [String] name namespace name
2016-08-24 12:49:21 +05:30
def add_namespace(storage, name)
2019-07-07 11:18:12 +05:30
Gitlab::GitalyClient.allow_n_plus_1_calls do
Gitlab::GitalyClient::NamespaceService.new(storage).add(name)
end
2018-03-17 18:26:18 +05:30
rescue GRPC::InvalidArgument => e
raise ArgumentError, e.message
2014-09-02 18:07:02 +05:30
end
# Remove directory from repositories storage
# Every repository inside this directory will be removed too
#
2020-03-09 13:42:32 +05:30
# @example Remove namespace directory
2018-10-15 14:42:47 +05:30
# rm_namespace("default", "gitlab")
2014-09-02 18:07:02 +05:30
#
2020-03-09 13:42:32 +05:30
# @param [String] storage project's storage path
# @param [String] name namespace name
2016-08-24 12:49:21 +05:30
def rm_namespace(storage, name)
2018-10-15 14:42:47 +05:30
Gitlab::GitalyClient::NamespaceService.new(storage).remove(name)
2018-03-17 18:26:18 +05:30
rescue GRPC::InvalidArgument => e
raise ArgumentError, e.message
2014-09-02 18:07:02 +05:30
end
2018-03-17 18:26:18 +05:30
alias_method :rm_directory, :rm_namespace
2014-09-02 18:07:02 +05:30
# Move namespace directory inside repositories storage
#
2020-03-09 13:42:32 +05:30
# @example Move/rename a namespace directory
2016-08-24 12:49:21 +05:30
# mv_namespace("/path/to/storage", "gitlab", "gitlabhq")
2014-09-02 18:07:02 +05:30
#
2020-03-09 13:42:32 +05:30
# @param [String] storage project's storage path
# @param [String] old_name current namespace name
# @param [String] new_name new namespace name
2016-08-24 12:49:21 +05:30
def mv_namespace(storage, old_name, new_name)
2018-10-15 14:42:47 +05:30
Gitlab::GitalyClient::NamespaceService.new(storage).rename(old_name, new_name)
2019-02-15 15:39:39 +05:30
rescue GRPC::InvalidArgument => e
2020-01-01 13:55:28 +05:30
Gitlab::ErrorTracking.track_exception(e, old_name: old_name, new_name: new_name, storage: storage)
2019-02-15 15:39:39 +05:30
2018-03-17 18:26:18 +05:30
false
2014-09-02 18:07:02 +05:30
end
2020-03-09 13:42:32 +05:30
# Return a SSH url for a given project path
#
# @param [String] full_path project path (URL)
# @return [String] SSH URL
def url_to_repo(full_path)
Gitlab.config.gitlab_shell.ssh_path_prefix + "#{full_path}.git"
2014-09-02 18:07:02 +05:30
end
# Return GitLab shell version
2020-03-09 13:42:32 +05:30
#
# @return [String] version
2014-09-02 18:07:02 +05:30
def version
gitlab_shell_version_file = "#{gitlab_shell_path}/VERSION"
if File.readable?(gitlab_shell_version_file)
2015-04-26 12:48:37 +05:30
File.read(gitlab_shell_version_file).chomp
2014-09-02 18:07:02 +05:30
end
end
2020-03-09 13:42:32 +05:30
# Check if repository exists on disk
#
# @example Check if repository exists
# repository_exists?('default', 'gitlab-org/gitlab.git')
#
# @return [Boolean] whether repository exists or not
# @param [String] storage project's storage path
# @param [Object] dir_name repository dir name
2019-12-21 20:55:43 +05:30
def repository_exists?(storage, dir_name)
Gitlab::Git::Repository.new(storage, dir_name, nil, nil).exists?
rescue GRPC::Internal
false
end
2020-03-09 13:42:32 +05:30
# Return hooks folder path used by projects
#
# @return [String] path
2019-07-07 11:18:12 +05:30
def hooks_path
File.join(gitlab_shell_path, 'hooks')
end
2014-09-02 18:07:02 +05:30
protected
def gitlab_shell_path
2018-03-17 18:26:18 +05:30
File.expand_path(Gitlab.config.gitlab_shell.path)
end
2014-09-02 18:07:02 +05:30
def gitlab_shell_user_home
File.expand_path("~#{Gitlab.config.gitlab_shell.ssh_user}")
end
2016-08-24 12:49:21 +05:30
def full_path(storage, dir_name)
2014-09-02 18:07:02 +05:30
raise ArgumentError.new("Directory name can't be blank") if dir_name.blank?
2018-10-15 14:42:47 +05:30
File.join(Gitlab.config.repositories.storages[storage].legacy_disk_path, dir_name)
2014-09-02 18:07:02 +05:30
end
2018-03-17 18:26:18 +05:30
def authorized_keys_enabled?
# Return true if nil to ensure the authorized_keys methods work while
# fixing the authorized_keys file during migration.
return true if Gitlab::CurrentSettings.current_application_settings.authorized_keys_enabled.nil?
Gitlab::CurrentSettings.current_application_settings.authorized_keys_enabled
end
2017-09-10 17:25:29 +05:30
private
2018-03-17 18:26:18 +05:30
def git_timeout
Gitlab.config.gitlab_shell.git_timeout
end
2018-11-18 11:00:15 +05:30
def wrapped_gitaly_errors
yield
2018-03-17 18:26:18 +05:30
rescue GRPC::NotFound, GRPC::BadStatus => e
# Old Popen code returns [Error, output] to the caller, so we
# need to do the same here...
raise Error, e
end
2018-11-08 19:23:39 +05:30
2019-07-07 11:18:12 +05:30
def gitlab_authorized_keys
@gitlab_authorized_keys ||= Gitlab::AuthorizedKeys.new
end
def batch_read_key_ids(batch_size: 100, &block)
return unless self.authorized_keys_enabled?
2019-12-04 20:38:33 +05:30
gitlab_authorized_keys.list_key_ids.lazy.each_slice(batch_size) do |key_ids|
yield(key_ids)
2019-07-07 11:18:12 +05:30
end
end
def strip_key(key)
key.split(/[ ]+/)[0, 2].join(' ')
end
def add_keys_to_io(keys, io)
keys.each do |k|
key = strip_key(k.key)
raise Error.new("Invalid key: #{key.inspect}") if key.include?("\t") || key.include?("\n")
io.puts("#{k.shell_id}\t#{key}")
end
end
2018-11-08 19:23:39 +05:30
class GitalyGitlabProjects
2019-03-02 22:35:43 +05:30
attr_reader :shard_name, :repository_relative_path, :output, :gl_project_path
2018-11-08 19:23:39 +05:30
2019-03-02 22:35:43 +05:30
def initialize(shard_name, repository_relative_path, gl_project_path)
2018-11-08 19:23:39 +05:30
@shard_name = shard_name
@repository_relative_path = repository_relative_path
@output = ''
2019-03-02 22:35:43 +05:30
@gl_project_path = gl_project_path
2018-11-08 19:23:39 +05:30
end
def import_project(source, _timeout)
2019-03-02 22:35:43 +05:30
raw_repository = Gitlab::Git::Repository.new(shard_name, repository_relative_path, nil, gl_project_path)
2018-11-08 19:23:39 +05:30
Gitlab::GitalyClient::RepositoryService.new(raw_repository).import_repository(source)
true
rescue GRPC::BadStatus => e
@output = e.message
false
end
2019-03-02 22:35:43 +05:30
def fork_repository(new_shard_name, new_repository_relative_path, new_project_name)
target_repository = Gitlab::Git::Repository.new(new_shard_name, new_repository_relative_path, nil, new_project_name)
raw_repository = Gitlab::Git::Repository.new(shard_name, repository_relative_path, nil, gl_project_path)
2018-11-08 19:23:39 +05:30
Gitlab::GitalyClient::RepositoryService.new(target_repository).fork_repository(raw_repository)
rescue GRPC::BadStatus => e
logger.error "fork-repository failed: #{e.message}"
false
end
def logger
2019-09-30 21:07:59 +05:30
Rails.logger # rubocop:disable Gitlab/RailsLogger
2018-11-08 19:23:39 +05:30
end
end
2014-09-02 18:07:02 +05:30
end
end