[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Commit blocked by pre-commit hook (exit code 255) with no output.

From: foven <effoven_at_gmail.com>
Date: Thu, 3 Dec 2015 15:55:44 -0500

On Thu, Dec 3, 2015 at 2:54 PM, <jblist_at_icloud.com> wrote:

>
> On Dec 3, 2015, at 9:40 AM, foven <effoven_at_gmail.com> wrote:
>
> On Wed, Dec 2, 2015 at 9:50 PM, Nico Kadel-Garcia <nkadel_at_gmail.com>
> wrote:
>
>> On Wed, Dec 2, 2015 at 2:12 PM, foven <effoven_at_gmail.com> wrote:
>>
>> > I looked at the output of "journalctl -n 50", which seems to be enough
>> > to see all that is logged for a commit attempt. I also checked
>> > /var/log/secure. I didn't see anything that seemed obviously wrong to
>> > me either way, although it is possible that I missed something. Are
>> > there any other logs that I should check?
>> >
>> > Also, just to be clear, when I say that svn+ssh is not working, it is
>> > working for checkouts and if I remove the pre-commit hook, it works for
>> > commits as well. Does it still seem likely that this is a ssh issue?
>> >
>> > Is there any more information I can provide that might help?
>>
>> Start at the beginning: As whom is the "svn+ssh" connection being
>> made? I assume it's the "phd" user, and that the SSH keys have been
>> correctly configured?
>>
>
> Well, this repository is hosted by Phabricator.
>
>
> <…snip…>
>
> I hope this helps. Please let me know if you need more information.
>
>
>
> This almost feels to me as if the path "/bin/sh" is not what it seems. Do
> you know if Phabricator is using a chroot'd sshd implementation? They are
> usually rare since sshd does not provide that by default, but I have seen
> some attempts.
>
> -Joseph
>
>
>
>
I'm not totally sure, but I don't think it is. I'm basing this off the
fact that the sshd_config file for Phabricator's sshd instance doesn't
seem to use ChrootDirectory. I don't know much about using chroot with
sshd, but it seems like that is how the chroot directory is specified.
So if it isn't present, that would probably imply that chroot is not
being used.

Of course, I could be wrong. Not sure what else to look for though.
Phabricator does set some limitations in the sshd_config file.
Here is what the file looks like, in case it is of interest:

# NOTE: You must have OpenSSHD 6.2 or newer; support for
AuthorizedKeysCommand
# was added in this version.

# NOTE: Edit these to the correct values for your setup.

AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
AuthorizedKeysCommandUser vcs
AllowUsers vcs

# You may need to tweak these options, but mostly they just turn off
everything
# dangerous.

Port 22
Protocol 2
PermitRootLogin no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no
PrintLastLog no
PasswordAuthentication no
AuthorizedKeysFile none

PidFile /var/run/sshd-phabricator.pid
Received on 2015-12-03 21:56:02 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.