<div dir="ltr"><div>Hi Edmund,<br></div><div dir="auto"><div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Dec 25, 2019, 02:56 Edmund Wong <<a href="mailto:ewong@crazy-cat.org" target="_blank">ewong@crazy-cat.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Mads Kiilerich wrote:<br>
> On 12/24/19 7:49 AM, Ed Wong wrote:<br>
>> Hi,<br>
>><br>
>> Just managed to work around the database unicode issue and<br>
>> could both clone and push via the ssh:// url; however,<br>
>> pushing to a git repository gave me the following 'error':<br>
>><br>
>> Total 3 (delta 1), reused 0 (delta 0)<br>
>> remote: Traceback (most recent call last):<br>
>> remote: File "hooks/post-receive", line 38, in <module><br>
>> remote: main()<br>
>> remote: File "hooks/post-receive", line 34, in main<br>
>> remote:<br>
>> sys.exit(kallithea.lib.hooks.handle_git_post_receive(repo_path,<br>
>> git_stdin_lines))<br>
>> remote: File<br>
>> "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/hooks.py",<br>
>><br>
>> line 343, in handle_git_post_receive<br>
>> remote: baseui, repo = _hook_environment(repo_path)<br>
>> remote: File<br>
>> "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/hooks.py",<br>
>><br>
>> line 310, in _hook_environment<br>
>> remote: extras = get_hook_environment()<br>
>> remote: File<br>
>> "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/utils2.py",<br>
>><br>
>> line 538, in get_hook_environment<br>
>> remote: raise Exception("Environment variable KALLITHEA_EXTRAS not<br>
>> found")<br>
>> remote: Exception: Environment variable KALLITHEA_EXTRAS not found<br>
>> To seavcs:repos/infrastructure/testgit2<br>
>> 887eb3c..19b77cd master -> master<br>
>><br>
>> Apparently, it did save the push.<br>
>><br>
>> I've looked at the documentation; but haven't yet seen the mention<br>
>> of the KALLITHEA_EXTRAS requirement. Looking at the code,<br>
>> I'm not exactly sure what fields are required in the json<br>
>> structure.<br>
> <br>
> KALLITHEA_EXTRAS is used internally. The user invokes "kallithea-cli<br>
> ssh-serve" when connecting through ssh, and that sets this environment<br>
> variable before calling out to the git executable ... and when git<br>
> invoke the hooks and call back into Kallithea code in a grand-child<br>
> process, it can read the environment variable and report correctly who<br>
> is doing what.<br>
> <br>
> It seems like you somehow end up invoking git directly when you ssh,<br>
> instead of hitting the kallithea-cli that should have been installed in<br>
> your ~/.ssh/authorized_keys ?<br>
<br>
I think I know what is wrong. The problem is I also added the old<br>
ssh-rsa entries to the authorized_keys file in the .ssh so that<br>
I could also ssh into the system as the Kallithea user. Apparently,<br>
that throws off the system. My bad.<br>
<br></blockquote><div><br></div><div>Note that the documentation explicitly mentions this is not possible:</div><div><a href="https://kallithea.readthedocs.io/en/stable/setup.html#using-kallithea-with-ssh">https://kallithea.readthedocs.io/en/stable/setup.html#using-kallithea-with-ssh</a></div><div><br></div><div>"Note: The <code class="gmail-docutils gmail-literal gmail-notranslate"><span class="gmail-pre">authorized_keys</span></code> file will be rewritten from scratch on
each update. If it already exists with other data, Kallithea will not
overwrite the existing <code class="gmail-docutils gmail-literal gmail-notranslate"><span class="gmail-pre">authorized_keys</span></code>, and the server process will
instead throw an exception. The system administrator thus cannot ssh
directly to the Kallithea user but must use su/sudo from another account."</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
> <br>
> I guess we should make the hooks handle a missing KALLITHEA_EXTRAS in a<br>
> more elegant way ...<br>
<br>
Would it be more appropriate to scan the actual authorized_keys to<br>
ensure it is in the proper formatting?<br>
<br>
i.e.<br>
ssh-rsa <key 1 blah...><br>
no-pty,no-port-forwarding... ssh-rsa <key 2 blah><br>
<br>
to<br>
<br>
no-pty,no-port-forwarding... ssh-rsa <key 1 blah><br>
no-pty,no-port-forwarding... ssh-rsa <key 2 blah><br>
<br>
or add a flag at the beginning to tell kallithea to ignore the said<br>
line?<br>
<br>
Thanks<br>
<br>
Edmund<br>
<br>
_______________________________________________<br>
kallithea-general mailing list<br>
<a href="mailto:kallithea-general@sfconservancy.org" rel="noreferrer" target="_blank">kallithea-general@sfconservancy.org</a><br>
<a href="https://lists.sfconservancy.org/mailman/listinfo/kallithea-general" rel="noreferrer noreferrer" target="_blank">https://lists.sfconservancy.org/mailman/listinfo/kallithea-general</a><br>
</blockquote></div></div></div>
</div>