stage | group | info |
---|---|---|
Create |
Source Code |
To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments |
GitLab Shell handles git SSH sessions for GitLab and modifies the list of authorized keys. GitLab Shell is not a Unix shell nor a replacement for Bash or Zsh.
When you access the GitLab server over SSH then GitLab Shell will:
- Limit you to predefined git commands (git push, git pull).
- Call the GitLab Rails API to check if you are authorized, and what Gitaly server your repository is on
- Copy data back and forth between the SSH client and the Gitaly server
If you access a GitLab server over HTTP(S) you end up in gitlab-workhorse.
An overview of the four cases described above:
- git pull over SSH -> gitlab-shell -> API call to gitlab-rails (Authorization) -> accept or decline -> establish Gitaly session
- git push over SSH -> gitlab-shell (git command is not executed yet) -> establish Gitaly session -> (in Gitaly) gitlab-shell pre-receive hook -> API call to gitlab-rails (authorization) -> accept or decline push
GitLab Shell is written in Go, and needs a Go compiler to build. It still requires Ruby to build and test, but not to run.
Download and install the current version of Go from https://golang.org/dl/
We follow the Golang Release Policy of supporting the current stable version and the previous two major versions.
GitLab Shell performs rate-limiting by user account and project for git operations. GitLab Shell accepts git operation requests and then makes a call to the Rails rate-limiter (backed by Redis). If the user + project
exceeds the rate limit then GitLab Shell will then drop further connection requests for that user + project
.
The rate-limiter is applied at the git command (plumbing) level. Each command has a rate limit of 600/minute. For example, git push
has 600/minute and git pull
has another 600/minute.
Because they are using the same plumbing command git-upload-pack
, git pull
and git clone
are in effect the same command for the purposes of rate-limiting.
There is also a rate-limiter in place in Gitaly, but the calls will never be made to Gitaly if the rate limit is exceeded in Gitlab Shell (Rails).
See PROCESS.md
- See CONTRIBUTING.md.
- See the beginner's guide.
See LICENSE.