Page MenuHomePhabricator
Create Task
Maniphest T10941

Subversion fails to execute pre-commit hook if CWD isn't readable
Closed, ResolvedPublic
Actions

Description

Problem description:
On a freshly-created repository, subversion commits fail with the following error: Commit blocked by pre-commit hook (exit code 255) with no output

Steps to reproduce:

  1. Click Diffusion
  2. Click Create Repository
  3. Click Create a new Subversion repository
  4. Enter Test in the name field
  5. click Create Repository
  6. Click Activate Repository
  7. Click Status
  8. verify that all status items have a green checkmark
  9. Note the repository number (17 in my case) #perform the following steps on a client that has been granted access to the repo
[jenkins@jenkins a]$ svn co svn+ssh://git@collaborate.intoto.systems/diffusion/17
Checked out revision 0.
[jenkins@jenkins a]$ cd 17
[jenkins@jenkins 17]$ touch test
[jenkins@jenkins 17]$ svn add test
A         test
[jenkins@jenkins 17]$ svn commit -m "initial commit"
Adding         test
Transmitting file data .svn: E165001: Commit failed (details follow):
svn: E165001: Commit blocked by pre-commit hook (exit code 255) with no output.
[jenkins@jenkins 17]$

I will be happy to gather additional data if desired.

Versions:

Revisions and Commits

rP Phabricator
D15879rPde4312bcdeab Before executing svnserve, change the CWD to a readable directory

Related Objects

Event Timeline

dpotter created this task.May 9 2016, 9:30 PM
epriestley added a subscriber: epriestley.May 9 2016, 11:50 PM

I can't reproduce this:

epriestley@orbital ~/dev/scratch $ svn checkout 'svn+ssh://local@localvault.phacility.com/diffusion/47/' new-svn-repo
Checked out revision 0.
epriestley@orbital ~/dev/scratch $ cd new-svn-repo/
epriestley@orbital ~/dev/scratch/new-svn-repo $ svn st
?       README
epriestley@orbital ~/dev/scratch/new-svn-repo $ svn add README 
A         README
epriestley@orbital ~/dev/scratch/new-svn-repo $ svn commit -m duck
Adding         README
Transmitting file data .
Committed revision 1.

See also previous efforts in T9926.

dpotter added a comment.May 10 2016, 3:45 AM

OK, I found the issue and a fix/workaround:

I suspect this is the same issue that was reported in T9926, T10839 and Q180.

The resolution to this problem is to assure that the home directory for vcs-user provides read and execute permissions for daemon-user.

Without such permissions, the pre-commit hook will fail, as svnserve attempts to "chdir ." prior to executing the hook, and I suspect the working directory is somehow set to the vcs-user homedir.

On my system:

  • vcs-user is git, with home directory /home/git
  • daemon-user is phabricator with home directory /home/phabricator

I can produce this problem like this:

chown git.git /home/git
chmod 700 /home/git

I can resolve this problem like this:

chown git.phabricator /home/git
chmod 750 /home/git

Perhaps you would modify this ticket to either one of the following?

  • Remove the requirement for daemon-user to have read permissions to the vcs-user homedir
  • Update the Diffusion User Guide on Repository Hosting to mention requirements for homedir permissions?
epriestley added a comment.May 10 2016, 12:27 PM

Thanks for hunting that down!

Does this change fix the issue in your environment? Basically, we're executing svnserve with a readable CWD.

diff --git a/src/applications/diffusion/ssh/DiffusionSubversionServeSSHWorkflow.php b/src/applications/diffusion/ssh/DiffusionSubversionServeSSHWorkflow.php
index 820a380..e299841 100644
--- a/src/applications/diffusion/ssh/DiffusionSubversionServeSSHWorkflow.php
+++ b/src/applications/diffusion/ssh/DiffusionSubversionServeSSHWorkflow.php
@@ -157,6 +157,9 @@ final class DiffusionSubversionServeSSHWorkflow
     $command = PhabricatorDaemon::sudoCommandAsDaemonUser($command);
     $future = new ExecFuture('%C', $command);
 
+    $root = dirname(phutil_get_library_root('phabricator'));
+    $future->setCWD($root.'/support/empty/');
+
     $this->inProtocol = new DiffusionSubversionWireProtocol();
     $this->outProtocol = new DiffusionSubversionWireProtocol();
dpotter added a comment.May 10 2016, 2:29 PM

Yes, that corrects the issue!

Thank you!

epriestley added a comment.May 10 2016, 2:30 PM

Awesome! Thanks for doing all the work to figure out what was going on. I'll get a diff out to apply that fix in a slightly nicer way.

epriestley awarded a token.May 10 2016, 2:30 PM
epriestley added a revision: D15879: Before executing svnserve, change the CWD to a readable directory.May 10 2016, 2:32 PM
epriestley renamed this task from Subversion commits fail with "Commit blocked by pre-commit hook (exit code 255) with no output" to Subversion fails to execute pre-commit hook if CWD isn't readable.May 10 2016, 2:33 PM
epriestley claimed this task.
epriestley triaged this task as Normal priority.
epriestley added projects: Subversion, Diffusion.
epriestley closed this task as Resolved by committing rPde4312bcdeab: Before executing svnserve, change the CWD to a readable directory.May 11 2016, 1:48 PM
epriestley added a commit: rPde4312bcdeab: Before executing svnserve, change the CWD to a readable directory.
Phabricator · Built by Phacility