subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Phippard <markp...@gmail.com>
Subject Re: Commit blocked by pre-commit hook (exit code 255) with no output.
Date Thu, 03 Dec 2015 21:02:59 GMT
Given that you are using Phabricator, have you tried this?

https://secure.phabricator.com/book/phabricator/article/diffusion_hooks/



On Thu, Dec 3, 2015 at 3:55 PM, foven <effoven@gmail.com> wrote:

> On Thu, Dec 3, 2015 at 2:54 PM, <jblist@icloud.com> wrote:
>
>>
>> On Dec 3, 2015, at 9:40 AM, foven <effoven@gmail.com> wrote:
>>
>> On Wed, Dec 2, 2015 at 9:50 PM, Nico Kadel-Garcia <nkadel@gmail.com>
>> wrote:
>>
>>> On Wed, Dec 2, 2015 at 2:12 PM, foven <effoven@gmail.com> wrote:
>>>
>>> > I looked at the output of "journalctl -n 50", which seems to be enough
>>> > to see all that is logged for a commit attempt.  I also checked
>>> > /var/log/secure.  I didn't see anything that seemed obviously wrong to
>>> > me either way, although it is possible that I missed something.  Are
>>> > there any other logs that I should check?
>>> >
>>> > Also, just to be clear, when I say that svn+ssh is not working, it is
>>> > working for checkouts and if I remove the pre-commit hook, it works for
>>> > commits as well.  Does it still seem likely that this is a ssh issue?
>>> >
>>> > Is there any more information I can provide that might help?
>>>
>>> Start at the beginning: As whom is the "svn+ssh" connection being
>>> made? I assume it's the "phd" user, and that the SSH keys have been
>>> correctly configured?
>>>
>>
>> Well, this repository is hosted by Phabricator.
>>
>>
>> <…snip…>
>>
>> I hope this helps.  Please let me know if you need more information.
>>
>>
>>
>> This almost feels to me as if the path "/bin/sh" is not what it seems. Do
>> you know if Phabricator is using a chroot'd sshd implementation? They are
>> usually rare since sshd does not provide that by default, but I have seen
>> some attempts.
>>
>> -Joseph
>>
>>
>>
>>
> I'm not totally sure, but I don't think it is.  I'm basing this off the
> fact that the sshd_config file for Phabricator's sshd instance doesn't
> seem to use ChrootDirectory.  I don't know much about using chroot with
> sshd, but it seems like that is how the chroot directory is specified.
> So if it isn't present, that would probably imply that chroot is not
> being used.
>
> Of course, I could be wrong.  Not sure what else to look for though.
> Phabricator does set some limitations in the sshd_config file.
> Here is what the file looks like, in case it is of interest:
>
>
> # NOTE: You must have OpenSSHD 6.2 or newer; support for
> AuthorizedKeysCommand
> # was added in this version.
>
> # NOTE: Edit these to the correct values for your setup.
>
> AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
> AuthorizedKeysCommandUser vcs
> AllowUsers vcs
>
> # You may need to tweak these options, but mostly they just turn off
> everything
> # dangerous.
>
> Port 22
> Protocol 2
> PermitRootLogin no
> AllowAgentForwarding no
> AllowTcpForwarding no
> PrintMotd no
> PrintLastLog no
> PasswordAuthentication no
> AuthorizedKeysFile none
>
> PidFile /var/run/sshd-phabricator.pid
>
>


-- 
Thanks

Mark Phippard
http://markphip.blogspot.com/

Mime
View raw message