Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F15513538
D15879.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
D15879.diff
View Options
diff --git a/src/applications/diffusion/protocol/DiffusionGitCommandEngine.php b/src/applications/diffusion/protocol/DiffusionGitCommandEngine.php
--- a/src/applications/diffusion/protocol/DiffusionGitCommandEngine.php
+++ b/src/applications/diffusion/protocol/DiffusionGitCommandEngine.php
@@ -24,8 +24,7 @@
// really silly, but seems like the least damaging approach to
// mitigating the issue.
- $root = dirname(phutil_get_library_root('phabricator'));
- $env['HOME'] = $root.'/support/empty/';
+ $env['HOME'] = PhabricatorEnv::getEmptyCWD();
if ($this->isAnySSHProtocol()) {
$env['GIT_SSH'] = $this->getSSHWrapper();
diff --git a/src/applications/diffusion/ssh/DiffusionSubversionServeSSHWorkflow.php b/src/applications/diffusion/ssh/DiffusionSubversionServeSSHWorkflow.php
--- a/src/applications/diffusion/ssh/DiffusionSubversionServeSSHWorkflow.php
+++ b/src/applications/diffusion/ssh/DiffusionSubversionServeSSHWorkflow.php
@@ -148,15 +148,25 @@
if ($this->shouldProxy()) {
$command = $this->getProxyCommand();
$this->isProxying = true;
+ $cwd = null;
} else {
$command = csprintf(
'svnserve -t --tunnel-user=%s',
$this->getUser()->getUsername());
+ $cwd = PhabricatorEnv::getEmptyCWD();
}
$command = PhabricatorDaemon::sudoCommandAsDaemonUser($command);
$future = new ExecFuture('%C', $command);
+ // If we're receiving a commit, svnserve will fail to execute the commit
+ // hook with an unhelpful error if the CWD isn't readable by the user we
+ // are sudoing to. Switch to a readable, empty CWD before running
+ // svnserve. See T10941.
+ if ($cwd !== null) {
+ $future->setCWD($cwd);
+ }
+
$this->inProtocol = new DiffusionSubversionWireProtocol();
$this->outProtocol = new DiffusionSubversionWireProtocol();
diff --git a/src/infrastructure/env/PhabricatorEnv.php b/src/infrastructure/env/PhabricatorEnv.php
--- a/src/infrastructure/env/PhabricatorEnv.php
+++ b/src/infrastructure/env/PhabricatorEnv.php
@@ -877,4 +877,21 @@
umask(022);
}
+
+ /**
+ * Get the path to an empty directory which is readable by all of the system
+ * user accounts that Phabricator acts as.
+ *
+ * In some cases, a binary needs some valid HOME or CWD to continue, but not
+ * all user accounts have valid home directories and even if they do they
+ * may not be readable after a `sudo` operation.
+ *
+ * @return string Path to an empty directory suitable for use as a CWD.
+ */
+ public static function getEmptyCWD() {
+ $root = dirname(phutil_get_library_root('phabricator'));
+ return $root.'/support/empty/';
+ }
+
+
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Fri, Apr 18, 7:37 PM (4 d, 7 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7708460
Default Alt Text
D15879.diff (2 KB)
Attached To
Mode
D15879: Before executing svnserve, change the CWD to a readable directory
Attached
Detach File
Event Timeline
Log In to Comment