search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
44.95k stars 5.48k forks source link

linux: [remote rejected] main -> main (pre-receive hook declined) with 1.18 #22484

Closed peternormann closed 1 year ago

peternormann commented 1 year ago

Description

Since updating to gitea 1.18.0 I have been unable to push to gitea via ssh.

I am running gitea as a systemd service on a debian 11 behind a nginx reverse proxy.

Whenever I push I get 

remote: Gitea: Rejecting changes as Gitea environment not set.
remote: If you are pushing over SSH you must push with a key managed by
remote: Gitea or set your environment appropriately.
[remote rejected] main -> main (pre-receive hook declined)
error: failed to push some refs to '<hostname>:<reponame>'

At first I thought my ssh config was off, so I pruned and double checked it. I also tried a ton of settings, with no luck, but reverted back to the old ones that used to work. After every setting change I ran the hook maintenance operations. I tried pulling, rebasing, etc.

Basically what happens is when I try to push to gitea my ssh session immediately gets disconnected by the (remote) client.

I am not sure why gitea will report the gitea environment is not being set. I have not disabled ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET due to the warnings.

To debug the environment issue I added "env" to a pre-receive hook to learn what environment variables exist:

Enumerating objects: 80, done.
Counting objects: 100% (80/80), done.
Delta compression using up to 8 threads
Compressing objects: 100% (77/77), done.
Writing objects: 100% (80/80), 25.90 KiB | 4.32 MiB/s, done.
Total 80 (delta 30), reused 0 (delta 0), pack-reused 0
remote: 
remote: Gitea: Rejecting changes as Gitea environment not set.
remote: If you are pushing over SSH you must push with a key managed by
remote: Gitea or set your environment appropriately.
remote: GIT_ALTERNATE_OBJECT_DIRECTORIES=<repo_path>/./objects
remote: GIT_QUARANTINE_PATH=<repo_path>/./objects/incoming-Q5RbuS
remote: USER=git
remote: SSH_CLIENT=<myip> 49532 <host port>
remote: GIT_EXEC_PATH=/usr/lib/git-core
remote: XDG_SESSION_TYPE=tty
remote: GIT_DIR=.
remote: SHLVL=0
remote: GOOS=linux
remote: MOTD_SHOWN=pam
remote: HOME=/srv/repo
remote: GITEA_WORK_DIR=/var/lib/gitea
remote: DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/5001/bus
remote: GOARCH=amd64
remote: LOGNAME=git
remote: _=./hooks/pre-receive.d/pre-receive
remote: XDG_SESSION_CLASS=user
remote: XDG_SESSION_ID=55010
remote: PATH=/usr/lib/git-core:/usr/local/bin:/usr/bin:/bin:/usr/games
remote: XDG_RUNTIME_DIR=/run/user/5001
remote: LANG=en_US.UTF-8
remote: SHELL=/bin/bash
remote: GIT_PUSH_OPTION_COUNT=0
remote: GOPATH=/usr/bin/go
remote: PWD=/srv/repo/code/domain.git
remote: GIT_OBJECT_DIRECTORY=<repo_path>/./objects/incoming-Q5RbuS
remote: SSH_CONNECTION=<my_ip> 49532 <host_ip> <host_port>
To <host_name>:<repo>.git
 ! [remote rejected] main -> main (pre-receive hook declined)

I am stumped and can't figure out what environment variable that seems to be missing here. The gitea environment variables are set in .profile, .bashrc, ~/.ssh/environment for the git user.

I have posted a gist of the logs and set it up according to the docs for debugging. However, the gitea logs are silent when I try to push. I only get something from the debug ssh logs.

I love gitea and really appreciate the work you put into it. If there's anything I can do to help or information you need, please let me know.

Gitea Version

1.18.0

Can you reproduce the bug on the Gitea demo site?

No

Screenshots

No response

Git Version

2.34.1

Operating System

Debian 11 bullseye

How are you running Gitea?

I am running gitea as a systemd service on a debian 11 server. The binary was downloaded from the release page.

Database

MySQL

zeripath commented 1 year ago

Sorry just deleted two other irrelevant messages by me. You have been told what is the problem:

remote: Gitea: Rejecting changes as Gitea environment not set.
remote: If you are pushing over SSH you must push with a key managed by
remote: Gitea or set your environment appropriately.
[remote rejected] main -> main (pre-receive hook declined)
error: failed to push some refs to '<hostname>:<reponame>'

You are pushing using a key associated with a real user account - possibly even the git account and if you run ssh <user>@<gitea> I suspect you will get a shell.

Therefore this key is not managed by Gitea - therefore the gitea serv command does not run and the environment is not correctly.

See: https://docs.gitea.io/en-us/faq/#ssh-issues

You should use a different ssh-key. If you are able to work out what the correct environment is you are welcome to set the appropriate environment variables in your user's bash - but that is unsupported. (https://github.com/go-gitea/gitea/blob/51951d4503bdec88a1dd026cea369c0dde645b9e/modules/repository/env.go L47-L178 shows the required environment variables but if you could not work that out yourself - you should NOT do this.)

peternormann commented 1 year ago

@zeripath Thank you very, very much for your assistance.

You are pushing using a key associated with a real user account.

  • possibly even the git account and if you run ssh <user>@<gitea> I suspect you will get a shell.

Yup. I have a git user account that is running gitea and that have my local ssh key associated to my gitea user.

Therefore this key is not managed by Gitea - therefore the gitea serv command does not run and the environment is not correctly.

Aha. This made it clear to me it had to be a configuration issue, either sshd, shell account or gitea that I have bodged somehow. All the recent issues with the windows version was a red herring.

It is working now. For the benefit of others, I will outline the process that solved it.

Updated to 1.18.1 which didn't help this particular issue as I suspected.

I also removed all ssh-keys, then re-added and verified only the ones currently used.

I removed any hail mary settings previously applied trying to get it to work for ssh, sshd etc.

I combed through the docs again checking my installation against relevant parts, specifically the server section in the config cheat sheet, installation instructions and all ssh(d) parts of faqs etc. and added one configuration parameter (SSH_USER = git) to app.ini.

Restarted sshd, gitea.

If it was the missing configuration parameter or the clean-up that worked I am not sure.

All I know is it works now and I am happy and grateful for all the effort you guys put into this awesome software.