Skip to content

gitlab-shell-authorized-keys-check and gitlab-shell-authorized-principals-check symlinks wont work correctly on other OS

As of this writing, we currently have gitlab-shell-authorized-keys-check and gitlab-shell-authorized-principals-check as symlinks of gitlab-shell binary.

In Executable, we detect the Name and use that name for determining what Command and CommandArgs to build or what ruby fallback executable should be used. We use os.Executable() for that.

os.Executable() doc has a "fine print" saying:

If a symlink was used to start the process, depending on the operating system, the result might be the symlink or the path it pointed to.

So depending on the OS, the Executable's Name can always be gitlab-shell which will result to a bug as the correct command won't be built and fallback will fail as it'll always fallback to gitlab-shell-ruby.

This small test code can also confirm this behavior: https://gitlab.com/patrickbajao/symlink-test. When ran on a golang:alpine Docker image, it'll print out test when symlink is executed.