On Wed, Dec 2, 2015 at 9:50 PM, Nico Kadel-Garcia <nka...@gmail.com> wrote:
> On Wed, Dec 2, 2015 at 2:12 PM, foven <effo...@gmail.com> wrote: > > > I looked at the output of "journalctl -n 50", which seems to be enough > > to see all that is logged for a commit attempt. I also checked > > /var/log/secure. I didn't see anything that seemed obviously wrong to > > me either way, although it is possible that I missed something. Are > > there any other logs that I should check? > > > > Also, just to be clear, when I say that svn+ssh is not working, it is > > working for checkouts and if I remove the pre-commit hook, it works for > > commits as well. Does it still seem likely that this is a ssh issue? > > > > Is there any more information I can provide that might help? > > Start at the beginning: As whom is the "svn+ssh" connection being > made? I assume it's the "phd" user, and that the SSH keys have been > correctly configured? > Well, this repository is hosted by Phabricator. In following the Phabricator documentation (https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/) I now have the following users: vcs: The user that users will connect over SSH as. phd: This user is the only user which will interact with the repositories directly. Other accounts will sudo to this account in order to perform VCS operations. foven: Just a normal user. Users are supposed to connect to the repository as vcs. SSH is set to use an AuthorizedKeysCommand script and it seems that this enables it to determine which user is actually connecting, based on the SSH key in use. This seems to be working, since users can checkout code and commit code as well, so long as the pre-commit hook does not exist. >From what I can see, when a user uses a subversion command via svn+ssh, it is basically working like this: user (foven): svn mkdir svn+ssh://v...@phabricator.example.com/diffusion/SVN/TestFolder -m "Test commit hooks" This causes vcs to sudo to the phd user and run this command: svnserve -t --tunnel-user=foven So phd is running svnserve, but it is tunneling the user through. I'm not sure how/if that affects anything. Again, commits work fine this way if the pre-commit script is not present. Otherwise the client gets this error message: svn: E165001: Commit blocked by pre-commit hook (exit code 255) with no output. Based on what I've read, it seems that this error message likely indicates that the script itself is somehow unable to run or it is encountering an error, causing it to exit with an exit code that doesn't actually exist within the script itself. The script that I am testing with looks like this: #!/bin/sh echo "testing" >&2 exit 1 I want the script to fail, but with exit code 1 and "testing" for the error message, not with the error message mentioned earlier. I thought it could be a permissions issue or the fact that hooks run in an empty environment, but every user I've mentioned can run the script using the following commands: env -i /var/repo/SVN/hooks/pre-commit env - /var/repo/SVN/hooks/pre-commit I hope this helps. Please let me know if you need more information.
