-
-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pushing to empty repository is not reflected in web UI #9792
Comments
I can't see any calls to pre-receive or post-receive so they're clearly not running. My suspicion is that your Gitea repositories hooks have lost their executable bit. That means for example not just the files inside pre-receive.d but pre-receive itself The other possibility is that they're out of date. What do you mean by saying that they run find when executed from the terminal? Have you managed to properly spoof a pre-receive command? After a very long time and plenty of scratching of heads it appears the likely solution is: |
This is the output of
How could I check that/update them?
In the other issue, the ability of the server's user to execute the hooks was disabled, so I logged in as the |
OK so those are all appropriately executable, next could you check the contents and mode of To update/correct these you need to use the administrator task "Update and resynchronize hooks" |
Contents and mode:
After running the corresponding administrator task, the only thing that changes is the time attribute of the file. The
|
This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions. |
This issue is still valid. |
This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions. |
This issue is still valid. @zeripath, what additional info can I provide to help debug this? |
Hmm... I'm a bit stumped but, one thing I've noticed elsewhere: make sure your |
It was a relative path. I've changed it to an absolute path, restarted gitea and tried again, but the problem's still there. |
What version of gitea are you using? - Would it be possible to update to master (preferably) or 1.11.5? |
I'm using 1.11.5, but I'll try to get the |
I have tried executing v1.11.5 in a x86_64 PC. Then I tried in the same ARM machine where it fails, running a separate instance under a different user with a blank db and the existing db. I could not reproduce the issue in either case. While checking the logs, I've found the following:
This message is repeated periodically, every 90 seconds approx. Another message that I'm not sure whether or not is related is the following line when pushing the repo:
a similar line appeard in the cases when it worked properly, but instead of 0 references, it was 1 reference, or it didn't appear at all. |
OK so that's a problem with the queues - they have been corrupted due to a crash or a kill -9 at some point. You will need to remove them. |
So do I need to delete the two folders called I did so, and the log message stopped appearing, but the issue still occurs. |
I have walked through this issue and I'm in the exact same boat (and have been for months), except for the queue issue of #9792 (comment). I'm giving some extra info, may not be relevant, but perhaps something pops up.
(where /srv is not a directory but a mounted partition)
|
This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions. |
This issue still hasn't been addressed and basically means I have to do a manual SQL queryy every time I create a new repo. |
This problem is always due to users not pushing with a key managed by Gitea. The only way Gitea knows about commits is if it is told about them during post-receive - to do that there is a post receive hook in the repository and that requires an environment which is set up by Gitea serv or the web server. I will not go in to how to set the environment correctly because that is unsupported - but it is not difficult to find what the environment should be. Only push to Gitea's repositories using a Gitea managed key or over http. |
@ltguillaume Ok, let's look at your case. You're definitely pushing to gitea's http url? Are you post-receive hooks present and executable? Are they up-to-date? |
I'm always using
|
In your app.ini there is a Your repositories are stored in directories under that ROOT called In each, there is a These need to be executable and run each time a push is made. Gitea will create these "delegate" hooks for you. There is a function on the It is worth checking the values of these files. |
The partition containing my repos is mounted using The pre- and post-receive.d hook folders and the gitea files within them are present and have the permissions (d)rwxr-xr-x. I just created a new repo via the web interface without initializing it and went into its
The files
|
Sorry I haven't replied today. Your findings above definitely indicate that the messages git should be sending are not getting through to the bash hooks. Now that is weird. So the question is what is to blame. Well one thing you could do - just to rule out one last way Gitea could be to blame - is to simplify and remove most of the restrictions on the authorized key line in .authorized_keys but I don't think that will fix things. My suspicion is that it is bash on the server or it is a the version of git that is on the server. But how do you figure out? One option is to try to upgrade these to see if that fixes it. Another is to seek help on arch. Explain that hooks are receiving no content on stdin on pushing. They might know what the problem is. |
I'm using HTTP to push my commits, so will authorized_keys even have any influence?
Everything is up-to-date, and I'm using a rolling release distro (Arch), so it's more up-to-date than most other distros already. I just tried cloning, then committing some changes to an affected repo by using Git on the server itself. Result's the same:
I'll create a topic on https://archlinuxarm.org/forum/ and I'll try Gitea on my Manjaro virtual machine, just to be sure it's not a cross-platform Arch issue (I highly doubt it). Edit: Ok, in Manjaro, the correct behavior with the script from #9792 (comment) resulted in
|
I wonder what's happening on Arch then. How weird. |
FWIW I'm using manjaro on a pinebook pro (aarch64) and I'm unable to replicate. |
I guess I got 1 step closer with the following (this must be a recent addition, I've checked the Wiki multiple times, obviously). Edit: user Simplefied has added this workaround to the Arch Wiki on June 6th (https://wiki.archlinux.org/index.php?title=Gitea&type=revision&diff=618524&oldid=615095).
This has changed the push output from:
to
It looks like this mean there are no issues with hook not getting the stdin contents anymore, but there are still no references processed. |
After recreating the repo (and thus removing the scripts), I finally got
Every test since has consistently produced a working, fully initialized repo. Thanks @zeripath for all your help. Sorry I didn't find the core dump myself. As you can see the dump is linked to |
Sorry it took so long. Maybe we need to drop the bash scripts and write some go to do it. |
I don't know. Now I found the solution, I'm seeing: #6620 (comment) Definitely related, not officially resolved (closed by stalebot). #11231 Seems like it's not yet resolved (closed by stalebot) and may have the same solution. |
OK so if you can write a clear solution in a comment here we can close this issue and add links to it on those issues. |
The following addition to the Arch Wiki has solved the following issues for me:
User Simplefied has added this workaround on June 6th (https://wiki.archlinux.org/index.php?title=Gitea&type=revision&diff=618524&oldid=615095).
|
Thanks @ItGuillaume really sorry this took so long |
@ArchangeGabriel would you be able to add:
to the systemd service file? |
@zeripath I would prefer not, this is a security feature. First of all, it seems to only fail under ArchLinux ARM, so this should rather be changed there than in the standard Arch (ARM variant is a separate distro that sync most of our PKGBUILD but carry specfic changes). Then, it would be better to determine what should be allowed (see https://www.freedesktop.org/software/systemd/man/systemd.exec.html#System Call Filtering for documentation) rather than allowing everything. |
Fair enough. Presumably the arch arm systemd has some default set for these values which is relatively restrictive - I guess we would need an arch user to play the whack-a-mole game to figure out what calls are actually needed. I'll have a think about whether we can actually avoid these bash calls - I think if we restructure things slightly we should be able to do that. I'm not sure that would necessarily reduce the syscall problem - it might do and getting rid of the bash would likely be helpful anyway |
where ARM showed an extra call |
Is it possible that the cat binary is a different arm architecture binary so the issue is that systemd is preventing the call? |
I would think that in that case I copied over cat, here it is. It says |
Here's a very similar issue with havegd: https://archlinuxarm.org/forum/viewtopic.php?f=15&t=14549 |
If I only add the following line (discarding
@ArchangeGabriel I suppose this would be preferable, right? Or does this imply the otherwise explicitly added ------- Edit ------- This is what's in
So, no I added So it seems we just need to get |
@ltguillaume good thinking. I think that could be added to our documentation too. |
I'm hoping this will get picked up https://bugs.archlinux.org/task/60669#comment192661 (it's assigned to @ArchangeGabriel) @ArchangeGabriel Also, this bug indeed mentions that the current hardening isn't very restrictive at all: it uses the set My thinking is, though, that on Arch ARM currently something is already not permitted around |
git-svn-id: file:///srv/repos/svn-community/svn@705150 9fca08f4-af9d-4005-b8df-a31f2cc04f65
git-svn-id: file:///srv/repos/svn-community/svn@705150 9fca08f4-af9d-4005-b8df-a31f2cc04f65
Great, looks like everything's implemented. The Wiki's been updated, too 👍 |
[x]
):Description
Exactly the same as in #9365, but the filesystem is mounted with
exec
. I think the localhost API calls are the hooks, but I'm not sure. The hooks in the repo run properly when executed manually through the terminal.(description copied from the previously mentioned issue)
The text was updated successfully, but these errors were encountered: