On Wed, Dec 2, 2015 at 9:50 PM, Nico Kadel-Garcia <nkadel_at_gmail.com> wrote:
> On Wed, Dec 2, 2015 at 2:12 PM, foven <effoven_at_gmail.com> wrote:
>
> > I looked at the output of "journalctl -n 50", which seems to be enough
> > to see all that is logged for a commit attempt. I also checked
> > /var/log/secure. I didn't see anything that seemed obviously wrong to
> > me either way, although it is possible that I missed something. Are
> > there any other logs that I should check?
> >
> > Also, just to be clear, when I say that svn+ssh is not working, it is
> > working for checkouts and if I remove the pre-commit hook, it works for
> > commits as well. Does it still seem likely that this is a ssh issue?
> >
> > Is there any more information I can provide that might help?
>
> Start at the beginning: As whom is the "svn+ssh" connection being
> made? I assume it's the "phd" user, and that the SSH keys have been
> correctly configured?
>
Well, this repository is hosted by Phabricator.
In following the Phabricator documentation
(https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/)
I now have the following users:
vcs:
The user that users will connect over SSH as.
phd:
This user is the only user which will interact with the
repositories directly. Other accounts will sudo to this account in
order to perform VCS operations.
foven:
Just a normal user.
Users are supposed to connect to the repository as vcs. SSH is set to
use an AuthorizedKeysCommand script and it seems that this enables it to
determine which user is actually connecting, based on the SSH key in
use. This seems to be working, since users can checkout code and commit
code as well, so long as the pre-commit hook does not exist.
From what I can see, when a user uses a subversion command via svn+ssh,
it is basically working like this:
user (foven):
svn mkdir svn+ssh://vcs@phabricator.example.com/diffusion/SVN/TestFolder
-m "Test commit hooks"
This causes vcs to sudo to the phd user and run this command:
svnserve -t --tunnel-user=foven
So phd is running svnserve, but it is tunneling the user through. I'm
not sure how/if that affects anything. Again, commits work fine this
way if the pre-commit script is not present. Otherwise the client gets
this error message:
svn: E165001: Commit blocked by pre-commit hook (exit code 255) with no
output.
Based on what I've read, it seems that this error message likely
indicates that the script itself is somehow unable to run or it is
encountering an error, causing it to exit with an exit code that doesn't
actually exist within the script itself.
The script that I am testing with looks like this:
#!/bin/sh
echo "testing" >&2
exit 1
I want the script to fail, but with exit code 1 and "testing" for the
error message, not with the error message mentioned earlier.
I thought it could be a permissions issue or the fact that hooks run in
an empty environment, but every user I've mentioned can run the script
using the following commands:
env -i /var/repo/SVN/hooks/pre-commit
env - /var/repo/SVN/hooks/pre-commit
I hope this helps. Please let me know if you need more information.
Received on 2015-12-03 17:40:50 CET