Skip to content

cryptosweden/gitlab-shell

BranchesTags
 
 

Repository files navigation

stage group info
Create
Source Code
To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments

GitLab Shell

GitLab Shell handles git SSH sessions for GitLab

GitLab Shell handles git SSH sessions for GitLab and modifies the list of authorized keys. GitLab Shell is not a Unix shell nor a replacement for Bash or Zsh.

When you access the GitLab server over SSH then GitLab Shell will:

  1. Limit you to predefined git commands (git push, git pull).
  2. Call the GitLab Rails API to check if you are authorized, and what Gitaly server your repository is on
  3. Copy data back and forth between the SSH client and the Gitaly server

If you access a GitLab server over HTTP(S) you end up in gitlab-workhorse.

An overview of the four cases described above:

  1. git pull over SSH -> gitlab-shell -> API call to gitlab-rails (Authorization) -> accept or decline -> establish Gitaly session
  2. git push over SSH -> gitlab-shell (git command is not executed yet) -> establish Gitaly session -> (in Gitaly) gitlab-shell pre-receive hook -> API call to gitlab-rails (authorization) -> accept or decline push

Full feature list

Code status

pipeline status coverage report Code Climate

Requirements

GitLab Shell is written in Go, and needs a Go compiler to build. It still requires Ruby to build and test, but not to run.

Download and install the current version of Go from https://golang.org/dl/

We follow the Golang Release Policy of supporting the current stable version and the previous two major versions.

Rate Limiting

GitLab Shell performs rate-limiting by user account and project for git operations. GitLab Shell accepts git operation requests and then makes a call to the Rails rate-limiter (backed by Redis). If the user + project exceeds the rate limit then GitLab Shell will then drop further connection requests for that user + project.

The rate-limiter is applied at the git command (plumbing) level. Each command has a rate limit of 600/minute. For example, git push has 600/minute and git pull has another 600/minute.

Because they are using the same plumbing command git-upload-pack, git pull and git clone are in effect the same command for the purposes of rate-limiting.

There is also a rate-limiter in place in Gitaly, but the calls will never be made to Gitaly if the rate limit is exceeded in Gitlab Shell (Rails).

Releasing

See PROCESS.md

Contributing

License

See LICENSE.

About

Replacement for gitolite. This repo is a mirror of https://gitlab.com/gitlab-org/gitlab-shell/

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

201 tags

Packages

No packages published

Languages

  • Go 89.1%
  • Ruby 10.1%
  • Other 0.8%