kubitron
commented
11 years ago Can you tell me more? The code assumes only 1 key in the config file, so trying to have multiple of them will cause problems. Does this always happen?
Closed tomka closed 11 years ago
kubitron
commented
11 years ago Can you tell me more? The code assumes only 1 key in the config file, so trying to have multiple of them will cause problems. Does this always happen?
kubitron
commented
11 years ago What is a bit weird, is that I just tried this on my system and it worked.
Is your web server running as the same user as the git user? Also, which version of sudo are run running? Finally, can you show me the contents of the script:
/usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/bin/run_as_git_userThanks.
tomka
commented
11 years ago Indeed, I assumed that I can have multiple admin keys. I looked in the code and it seems that there is basically one place that would require a change to handle multiple admin keys. Are there plans to add support for multiple admin keys? I could look into this, too. The reason for me to want this is that I'd like to administer gitolite without Redmine, too, and for that I want to use a different key (with password).
My webserver is running as user www-data while giolite is the gitolite user. All the sudo magic works fine when I have only one admin key. After all, there is no emergency repair required in the first place. Therefore it doesn't come to thos situation at all.
I'll tell you my sudo version and the script output later, in another comment.
kubitron
commented
11 years ago Ok. The reason that code is there is because the plugin occasionally loses all access because the keys are lost.
There should be no reason that normal mode doesn't work with multiple keys -- without invoking the repair code. Thus, we have two mysteries here. Perhaps we can debug them both. Does the repair code get invoked any time you have two administrative keys? Did you set them both up in the same way, or did you leave the redmine key for the plugin to install itself?
Sorry, incidentally, for the delay in getting back to you...
kubitron
commented
11 years ago Note, by the way that I want you to show me the actual script, not the output from the script (there is a custom script that is constructed for your installation).
kubitron
commented
11 years ago Are you still here? I am guessing that you have an old version of sudo. There was a remaining bug in the code that tries to deal with this. Please pull from my "testing" branch and see if the weird exception still happens. What should happen if that code is invoked is that it should set up the keys so that the plugin can at least work properly (i.e. you will lose the ability to use your other key; we can talk about this separately).
Please check this so that I can export to the master branch.
tomka
commented
11 years ago Sorry, I won't be able to test before the day after tomorrow (30.12.) as I'm currently on the road. Anyway, thanks for providing hints and code to test. I'll report back.
kubitron
commented
11 years ago Ok. I have put up two patches on the 'testing' branch. The first one should fix the quoting error. The second one should allow multiple administrative keys to work properly.
Since the second patch will probably prevent the first one from being invoked, I would like you to invoke the repair code manually. You can do this simply by using your separate admin key to remove the redmine_git_hosting key from the gitolite config file. Then, do any redmine that will force a change in the config file (simplest is to do a "fetch_changesets" operation, but adding or removing projects or users will work as well.
You should see the repair code work correctly and reestablish the redmine key. It should also leave any other keys alone. If the redmine key is removed from both the gitolite configuration file and from the keydir, then the repair code will default to using a name of "redmine_git_hosting_admin_key".
Let me know your results so that I can push this to the master branch. Also, close out the bug if you think that it is fixed.
tomka
commented
11 years ago Your changes in the testing branch have just been tested by me: Thanks a lot! There is no more exception in the log when creating a new project (when having the admin key already added).
Like you said, the repair code had to be invoked separately. I did as suggested and removed the admin key by hand. After that I cloned the project's repo, added a file and the thereby called hook initiated a fetch of the change sets by the redmine_git_hosting. The restoring code got not invoked by this. However the restoring code got called by opening the repository settings of the redmine project. This brought again the quoting error:
Processing ProjectsController#settings (for 88.73.209.145 at 2012-12-30 22:03:15) [GET]
Parameters: {"action"=>"settings", "controller"=>"projects", "id"=>"test-website"}
Cloning gitolite-admin repository to /tmp/redmine_git_hosting/gitolite/gitolite-admin
***> Command failed (return 128): env GIT_SSH=/usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/bin/gitolite_admin_ssh git clone ssh://gitolite@********/gitolite-admin.git /tmp/redmine_git_hosting/gitolite/gitolite-admin
***> Initialized empty Git repository in /tmp/redmine_git_hosting/gitolite/gitolite-admin/.git/
***> R access for gitolite-admin DENIED to gitolite_admin_redmine
***> (Or there may be no repository at the given path. Did you spell it correctly?)
***> fatal: The remote end hung up unexpectedly
Attempting to restore repository access key:
Cloning administrative repo directly as gitolite in /tmp/fixrepo/gitolite/gitolite-admin
Establishing 'gitolite_admin_redmine.pub' as the redmine_git_hosting administrative key
Additional administrative key(s): 'gitolite_admin_id_rsa.pub'
***> Command failed (return 1): /usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/bin/run_as_git_user "git --git-dir='/tmp/fixrepo/gitolite/gitolite-admin/.git' --work-tree='/tmp/fixrepo/gitolite/gitolite-admin' commit -m 'Updated by Redmine: Emergency repair of gitolite admin key'"
***> error: pathspec 'by' did not match any file(s) known to git.
***> error: pathspec 'Redmine:' did not match any file(s) known to git.
***> error: pathspec 'Emergency' did not match any file(s) known to git.
***> error: pathspec 'repair' did not match any file(s) known to git.
***> error: pathspec 'of' did not match any file(s) known to git.
***> error: pathspec 'gitolite' did not match any file(s) known to git.
***> error: pathspec 'admin' did not match any file(s) known to git.
***> error: pathspec 'key' did not match any file(s) known to git.
***> Failed to reestablish gitolite admin key.
***> Shell Error
***> /usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/lib/git_hosting.rb:417:in `shell'
***> /usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/lib/git_hosting.rb:605:in `fixup_gitolite_admin'
***> /usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/lib/git_hosting.rb:485:in `clone_or_pull_gitolite_admin'
***> /usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/lib/git_hosting.rb:748:in `update_repositories'
***> /usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/app/models/git_hosting_observer.rb:31:in `set_update_active'
***> /usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/lib/git_hosting/patches/projects_controller_patch.rb:122:in `settings'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/base.rb:1333:in `send'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/base.rb:1333:in `perform_action_without_filters'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/filters.rb:617:in `call_filters'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/filters.rb:610:in `perform_action_without_benchmark'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
***> /usr/lib/ruby/gems/1.8/gems/activesupport-2.3.12/lib/active_support/core_ext/benchmark.rb:17:in `ms'
***> /usr/lib/ruby/1.8/benchmark.rb:308:in `realtime'
***> /usr/lib/ruby/gems/1.8/gems/activesupport-2.3.12/lib/active_support/core_ext/benchmark.rb:17:in `ms'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/rescue.rb:160:in `perform_action_without_flash'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/flash.rb:151:in `perform_action'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/base.rb:532:in `send'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/base.rb:532:in `process_without_filters'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/filters.rb:606:in `process'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/base.rb:391:in `process'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/base.rb:386:in `call'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/routing/route_set.rb:438:in `call'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/dispatcher.rb:87:in `dispatch'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/dispatcher.rb:121:in `_call'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/dispatcher.rb:130
***> /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.12/lib/active_record/query_cache.rb:29:in `call'
***> /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.12/lib/active_record/query_cache.rb:29:in `call'
***> /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.12/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in `cache'
***> /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.12/lib/active_record/query_cache.rb:9:in `cache'
***> /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.12/lib/active_record/query_cache.rb:28:in `call'
***> /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.12/lib/active_record/connection_adapters/abstract/connection_pool.rb:361:in `call'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/string_coercion.rb:25:in `call'
***> /usr/lib/ruby/gems/1.8/gems/rack-1.1.2/lib/rack/head.rb:9:in `call'
***> /usr/lib/ruby/gems/1.8/gems/rack-1.1.2/lib/rack/methodoverride.rb:24:in `call'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/params_parser.rb:15:in `call'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/session/cookie_store.rb:99:in `call'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/failsafe.rb:26:in `call'
***> /usr/lib/ruby/gems/1.8/gems/rack-1.1.2/lib/rack/lock.rb:11:in `call'
***> /usr/lib/ruby/gems/1.8/gems/rack-1.1.2/lib/rack/lock.rb:11:in `synchronize'
***> /usr/lib/ruby/gems/1.8/gems/rack-1.1.2/lib/rack/lock.rb:11:in `call'
***> /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.12/lib/action_controller/dispatcher.rb:106:in `call'
***> /usr/lib/ruby/gems/1.8/gems/rails-2.3.12/lib/rails/rack/static.rb:31:in `call'
***> /usr/lib/ruby/gems/1.8/gems/rack-1.1.2/lib/rack/urlmap.rb:47:in `call'
***> /usr/lib/ruby/gems/1.8/gems/rack-1.1.2/lib/rack/urlmap.rb:41:in `each'
***> /usr/lib/ruby/gems/1.8/gems/rack-1.1.2/lib/rack/urlmap.rb:41:in `call'
***> /usr/lib/ruby/gems/1.8/gems/rack-1.1.2/lib/rack/content_length.rb:13:in `call'
***> /usr/lib/ruby/gems/1.8/gems/rack-1.1.2/lib/rack/chunked.rb:15:in `call'
***> /usr/lib/ruby/gems/1.8/gems/rack-1.1.2/lib/rack/handler/mongrel.rb:67:in `process'
***> /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:159:in `process_client'
***> /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:158:in `each'
***> /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:158:in `process_client'
***> /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:285:in `run'
***> /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:285:in `initialize'
***> /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:285:in `new'
***> /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:285:in `run'
***> /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:268:in `initialize'
***> /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:268:in `new'
***> /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:268:in `run'
***> /usr/lib/ruby/gems/1.8/gems/rack-1.1.2/lib/rack/handler/mongrel.rb:38:in `run'
***> /usr/lib/ruby/gems/1.8/gems/rails-2.3.12/lib/commands/server.rb:111
***> /usr/local/lib/site_ruby/1.8/rubygems/custom_require.rb:36:in `gem_original_require'
***> /usr/local/lib/site_ruby/1.8/rubygems/custom_require.rb:36:in `require'
***> /usr/share/nginx/www/redmine/script/server:3
***> Cannot clone administrative repository. Requires human intervention!!!
***> No such file or directory - /tmp/redmine_git_hosting/gitolite/gitolite-admin/keydir
***> /usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/lib/git_hosting.rb:756:in `open'
***> /usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/lib/git_hosting.rb:756:in `foreach'
***> /usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/lib/git_hosting.rb:756:in `update_repositories'
***> /usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/app/models/git_hosting_observer.rb:31:in `set_update_active'
***> /usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/lib/git_hosting/patches/projects_controller_patch.rb:122:in `settings'
***> git_hosting: update_repositories() failed
Rendering template within layouts/base
Rendering projects/settings
Completed in 2711ms (View: 928, DB: 8) | 200 OK [http://redmine.********/projects/test-website/settings]Anyway, up to the point where the error happens, the log entries look good. The plugin seems to recognize my additional key. At first I found it nice to see the plugin picking up the configured key file and copying it to the gitolite admin repo with the in the source defined name. But I think it might be better to just use the name of the source file. This way it would be possible to e.g. have multiple redmine instances talking to the same gitolite instance. (Which should probably not be done in the first place.)
In case you still need the script file content:
#!/usr/bin/perl
my $command = join(" ", @ARGV);
my $user = `whoami`;
chomp $user;
if ($user eq "gitolite")
{
exec("cd ~ ; $command");
}
else
{
$command =~ s/\\/\\\\/g;
$command =~ s/(\\\\;)/"$1"/g;
$command =~ s/"/\\"/g;
exec("sudo -u gitolite -i eval \"$command\"");
}Also, the sudo version in use is 1.7.2p.
In conclusion: I now can use the plugin with multiple admin keys (it ignores all other keys). Therefore, the key restoring code is not invoked anymore. However, when initiating a recovery, the quoting error still appears. Anyway, I already can use the plugin how I intended it. Thanks!
kubitron
commented
11 years ago Oops. forgot to ask you to regenerate the script files. There should be a new line in that script.
Just delete the script files and see if the repair works properly now (actually -- if you explicitly generated the scripts because they are in a read-only directory, then invoke the rake code to do that -- otherwise, let the plugin rebuild them properly).
tomka
commented
11 years ago Ah, I see. Thanks---this fixed it and the key is no properly restored. The output now is:
Processing ProjectsController#settings (for 88.73.209.145 at 2012-12-31 00:57:46) [GET]
Parameters: {"controller"=>"projects", "action"=>"settings", "id"=>"timbernet-website"}
Fetching changes from gitolite-admin repository to /tmp/redmine_git_hosting/gitolite/gitolite-admin
***> Command failed (return 128): env GIT_SSH=/usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/bin/gitolite_admin_ssh git --git-dir='/tmp/redmine_git_hosting/gitolite/gitolite-admin/.git' --work-tree='/tmp/redmine_git_hosting/gitolite/gitolite-admin' fetch
***> R access for gitolite-admin DENIED to gitolite_admin_redmine
***> (Or there may be no repository at the given path. Did you spell it correctly?)
***> fatal: The remote end hung up unexpectedly
***> Repository fetch and merge failed -- trying to delete and reclone repository.
Cloning gitolite-admin repository to /tmp/redmine_git_hosting/gitolite/gitolite-admin
***> Command failed (return 128): env GIT_SSH=/usr/share/nginx/www/redmine/vendor/plugins/redmine_git_hosting/bin/gitolite_admin_ssh git clone ssh://gitolite@********/gitolite-admin.git /tmp/redmine_git_hosting/gitolite/gitolite-admin
***> Initialized empty Git repository in /tmp/redmine_git_hosting/gitolite/gitolite-admin/.git/
***> R access for gitolite-admin DENIED to gitolite_admin_redmine
***> (Or there may be no repository at the given path. Did you spell it correctly?)
***> fatal: The remote end hung up unexpectedly
Attempting to restore repository access key:
Cloning administrative repo directly as gitolite in /tmp/fixrepo/gitolite/gitolite-admin
Establishing 'gitolite_admin_redmine.pub' as the redmine_git_hosting administrative key
Additional administrative key(s): 'gitolite_admin_id_rsa.pub'
Pushing fixes using gl-admin-push
Successfully reestablished gitolite admin key!
Recloning gitolite-admin repository to /tmp/redmine_git_hosting/gitolite/gitolite-admin
Our hook is already installed
Global "post-receive.d" directory is already present, will not touch it!
Running "gl-setup" on the gitolite install...
Finished installing hook directory in the gitolite install...
Rendering template within layouts/base
Rendering projects/settings
Completed in 6636ms (View: 981, DB: 32) | 200 OK [http://redmine.********/projects/timbernet-website/settings]This looks alright and indeed: the key is recovered as it was before after a manual removal (without removing the other admin keys).
Again, thanks a lot for looking into this and providing a fix!
kubitron
commented
11 years ago Glad to help. I'm going to move these commits over to the master branch and kill off the testing branch (you should pull from master instead).
Back to your other point about naming. Were you suggesting that the repaired key should just take on the same name as the redmine key in the plugin settings page? This certainly makes some sense. Right now, there is a default of "redmine_git_hosting_admin_key" if the plugin cannot otherwise deduce a key name from either the config file or the keydir directory. You could put this up as a separate issue (i'll mark it as a feature request).
My only worry would be if this might ever "do the wrong thing" for people that might want to customize their config files very explicitly. I could keep the current deducing behavior, but use the name in the plugin settings as the default if nothing else makes sense....?
When creating a new project with current master (5fa0e91484) in Redmine 1.2.3. I see the following exception when creating a new project:
It seems to me that quotes get lost when calling
git commit -m "Updated by Redmine: Emergency repair of gitolite admin key. I tried and changed the code to use only one word and it worked.I use Git 1.7.0.4 and Ruby ruby 1.8.7 (2010-01-10 patchlevel 249) [i486-linux].
Also, my admin key for redmine is called
gitolite_admin_redmineand it is removed from gitolite config during this process. Only the admin keygitolite_admin_id_rsa(another redmine independent admin key) remains. Is this intended? The whole exception seems to be there in the first place because of this key gets removed during project creation in Remine. I'm still investigating.