Re: KALLITHEA_EXTRAS environment variable missing
On 12/25/19 2:52 AM, Edmund Wong wrote: Mads Kiilerich wrote: On 12/24/19 7:49 AM, Ed Wong wrote: Hi, Just managed to work around the database unicode issue and could both clone and push via the ssh:// url; however, pushing to a git repository gave me the following 'error': Total 3 (delta 1), reused 0 (delta 0) remote: Traceback (most recent call last): remote: File "hooks/post-receive", line 38, in remote: main() remote: File "hooks/post-receive", line 34, in main remote: sys.exit(kallithea.lib.hooks.handle_git_post_receive(repo_path, git_stdin_lines)) remote: File "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/hooks.py", line 343, in handle_git_post_receive remote: baseui, repo = _hook_environment(repo_path) remote: File "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/hooks.py", line 310, in _hook_environment remote: extras = get_hook_environment() remote: File "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/utils2.py", line 538, in get_hook_environment remote: raise Exception("Environment variable KALLITHEA_EXTRAS not found") remote: Exception: Environment variable KALLITHEA_EXTRAS not found To seavcs:repos/infrastructure/testgit2 887eb3c..19b77cd master -> master Apparently, it did save the push. I've looked at the documentation; but haven't yet seen the mention of the KALLITHEA_EXTRAS requirement. Looking at the code, I'm not exactly sure what fields are required in the json structure. We have improved this on on the stable branch with https://kallithea-scm.org/repos/kallithea/changeset/ba6418fde72f286a95f207fb14e2ac788a55 I think I know what is wrong. The problem is I also added the old ssh-rsa entries to the authorized_keys file in the .ssh so that I could also ssh into the system as the Kallithea user. Apparently, that throws off the system. My bad. For now, with https://kallithea-scm.org/repos/kallithea/changeset/74b7aa45c1e15e239d1999b206f003f74033f750 on the stable branch, we will add a comment to authorized_keys warning against manual modification. /Mads ___ kallithea-general mailing list kallithea-general@sfconservancy.org https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: KALLITHEA_EXTRAS environment variable missing
On 12/25/19 2:52 AM, Edmund Wong wrote: Mads Kiilerich wrote: On 12/24/19 7:49 AM, Ed Wong wrote: Hi, Just managed to work around the database unicode issue and could both clone and push via the ssh:// url; however, pushing to a git repository gave me the following 'error': Total 3 (delta 1), reused 0 (delta 0) remote: Traceback (most recent call last): remote: File "hooks/post-receive", line 38, in remote: main() remote: File "hooks/post-receive", line 34, in main ... line 538, in get_hook_environment remote: raise Exception("Environment variable KALLITHEA_EXTRAS not found") remote: Exception: Environment variable KALLITHEA_EXTRAS not found To seavcs:repos/infrastructure/testgit2 887eb3c..19b77cd master -> master Apparently, it did save the push. I've looked at the documentation; but haven't yet seen the mention of the KALLITHEA_EXTRAS requirement. Looking at the code, I'm not exactly sure what fields are required in the json structure. KALLITHEA_EXTRAS is used internally. The user invokes "kallithea-cli ssh-serve" when connecting through ssh, and that sets this environment variable before calling out to the git executable ... and when git invoke the hooks and call back into Kallithea code in a grand-child process, it can read the environment variable and report correctly who is doing what. It seems like you somehow end up invoking git directly when you ssh, instead of hitting the kallithea-cli that should have been installed in your ~/.ssh/authorized_keys ? I guess we should make the hooks handle a missing KALLITHEA_EXTRAS in a more elegant way ... I think we should change Kallithea so you in this situation, instead of the backtrace, should have seen something like: [...]$ git push Enumerating objects: 3, done. Counting objects: 100% (3/3), done. Writing objects: 100% (3/3), 204 bytes | 204.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0) remote: Skipping Kallithea Git post-recieve hook 'hooks/post-receive'. remote: Git was apparently not invoked by Kallithea: Environment variable KALLITHEA_EXTRAS not found To /tmp/kallithea-test-CQ8GMW/gg/ * [new branch] master -> master [...]$ I think I know what is wrong. The problem is I also added the old ssh-rsa entries to the authorized_keys file in the .ssh so that I could also ssh into the system as the Kallithea user. Apparently, that throws off the system. My bad. Given how it works now, I guess we could improve by adding a first line with a comment with a big fat warning as first line: # This authorized_keys file is managed by Kallithea. Manual editing or adding new entries will make Kallithea back off. The problem you describe must be caused by a ssh:// url hitting a line that *wasn't* added by Kallithea. Kallithea can't do anything about that, other than telling people to not modify the file manually. It would be bad if Kallithea removed or changed your line. Or added an alternative entry for the same key. This example thus demonstrate the challenge of having multiple owners of a single file ... and thus also why Kallithea does a good thing by refusing to take part in shared ownership. Would it be more appropriate to scan the actual authorized_keys to ensure it is in the proper formatting? i.e. ssh-rsa no-pty,no-port-forwarding... ssh-rsa to no-pty,no-port-forwarding... ssh-rsa no-pty,no-port-forwarding... ssh-rsa or add a flag at the beginning to tell kallithea to ignore the said line? Kallithea kind of already scans the file. And says no. The system was deliberately designed to be very obnoxious. And reliable. And secure. It *is* a system where less trusted users from their browser can "modify" a file that by design can grant shell and access to everything. We want to control that very tightly. The less input and variables we have, the more obvious that there are no attack vectors. Right now, we can guarantee that if you put any entries in the file, then Kallithea won't remove them. It won't touch the file at all. The model is very simple: Either you own the file, or Kallithea does. We *could* make a more fancy system for categorization of entries and merging/editing. But it would have to be 100% reliable. And it must be very obvious to the system admin what it is doing so he can provide exactly the access he want. We can perhaps consider the current functionality a secure starting point. From there, we could make it less paranoid if we really find a good way to do it. But before modifying anything, please help improve the documentation and UI so it makes it more clear how things work currently, so problems and misunderstandings can be avoided. /Mads ___ kallithea-general mailing list kallithea-general@sfconservancy.org https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: KALLITHEA_EXTRAS environment variable missing
Hi Edmund, On Wed, Dec 25, 2019, 02:56 Edmund Wong wrote: > Mads Kiilerich wrote: > > On 12/24/19 7:49 AM, Ed Wong wrote: > >> Hi, > >> > >> Just managed to work around the database unicode issue and > >> could both clone and push via the ssh:// url; however, > >> pushing to a git repository gave me the following 'error': > >> > >> Total 3 (delta 1), reused 0 (delta 0) > >> remote: Traceback (most recent call last): > >> remote: File "hooks/post-receive", line 38, in > >> remote: main() > >> remote: File "hooks/post-receive", line 34, in main > >> remote: > >> sys.exit(kallithea.lib.hooks.handle_git_post_receive(repo_path, > >> git_stdin_lines)) > >> remote: File > >> > "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/hooks.py", > >> > >> line 343, in handle_git_post_receive > >> remote: baseui, repo = _hook_environment(repo_path) > >> remote: File > >> > "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/hooks.py", > >> > >> line 310, in _hook_environment > >> remote: extras = get_hook_environment() > >> remote: File > >> > "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/utils2.py", > >> > >> line 538, in get_hook_environment > >> remote: raise Exception("Environment variable KALLITHEA_EXTRAS not > >> found") > >> remote: Exception: Environment variable KALLITHEA_EXTRAS not found > >> To seavcs:repos/infrastructure/testgit2 > >> 887eb3c..19b77cd master -> master > >> > >> Apparently, it did save the push. > >> > >> I've looked at the documentation; but haven't yet seen the mention > >> of the KALLITHEA_EXTRAS requirement. Looking at the code, > >> I'm not exactly sure what fields are required in the json > >> structure. > > > > KALLITHEA_EXTRAS is used internally. The user invokes "kallithea-cli > > ssh-serve" when connecting through ssh, and that sets this environment > > variable before calling out to the git executable ... and when git > > invoke the hooks and call back into Kallithea code in a grand-child > > process, it can read the environment variable and report correctly who > > is doing what. > > > > It seems like you somehow end up invoking git directly when you ssh, > > instead of hitting the kallithea-cli that should have been installed in > > your ~/.ssh/authorized_keys ? > > I think I know what is wrong. The problem is I also added the old > ssh-rsa entries to the authorized_keys file in the .ssh so that > I could also ssh into the system as the Kallithea user. Apparently, > that throws off the system. My bad. > > Note that the documentation explicitly mentions this is not possible: https://kallithea.readthedocs.io/en/stable/setup.html#using-kallithea-with-ssh "Note: The authorized_keys file will be rewritten from scratch on each update. If it already exists with other data, Kallithea will not overwrite the existing authorized_keys, and the server process will instead throw an exception. The system administrator thus cannot ssh directly to the Kallithea user but must use su/sudo from another account." > > > > I guess we should make the hooks handle a missing KALLITHEA_EXTRAS in a > > more elegant way ... > > Would it be more appropriate to scan the actual authorized_keys to > ensure it is in the proper formatting? > > i.e. > ssh-rsa > no-pty,no-port-forwarding... ssh-rsa > > to > > no-pty,no-port-forwarding... ssh-rsa > no-pty,no-port-forwarding... ssh-rsa > > or add a flag at the beginning to tell kallithea to ignore the said > line? > > Thanks > > Edmund > > ___ > kallithea-general mailing list > kallithea-general@sfconservancy.org > https://lists.sfconservancy.org/mailman/listinfo/kallithea-general > ___ kallithea-general mailing list kallithea-general@sfconservancy.org https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: KALLITHEA_EXTRAS environment variable missing
Mads Kiilerich wrote: > On 12/24/19 7:49 AM, Ed Wong wrote: >> Hi, >> >> Just managed to work around the database unicode issue and >> could both clone and push via the ssh:// url; however, >> pushing to a git repository gave me the following 'error': >> >> Total 3 (delta 1), reused 0 (delta 0) >> remote: Traceback (most recent call last): >> remote: File "hooks/post-receive", line 38, in >> remote: main() >> remote: File "hooks/post-receive", line 34, in main >> remote: >> sys.exit(kallithea.lib.hooks.handle_git_post_receive(repo_path, >> git_stdin_lines)) >> remote: File >> "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/hooks.py", >> >> line 343, in handle_git_post_receive >> remote: baseui, repo = _hook_environment(repo_path) >> remote: File >> "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/hooks.py", >> >> line 310, in _hook_environment >> remote: extras = get_hook_environment() >> remote: File >> "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/utils2.py", >> >> line 538, in get_hook_environment >> remote: raise Exception("Environment variable KALLITHEA_EXTRAS not >> found") >> remote: Exception: Environment variable KALLITHEA_EXTRAS not found >> To seavcs:repos/infrastructure/testgit2 >> 887eb3c..19b77cd master -> master >> >> Apparently, it did save the push. >> >> I've looked at the documentation; but haven't yet seen the mention >> of the KALLITHEA_EXTRAS requirement. Looking at the code, >> I'm not exactly sure what fields are required in the json >> structure. > > KALLITHEA_EXTRAS is used internally. The user invokes "kallithea-cli > ssh-serve" when connecting through ssh, and that sets this environment > variable before calling out to the git executable ... and when git > invoke the hooks and call back into Kallithea code in a grand-child > process, it can read the environment variable and report correctly who > is doing what. > > It seems like you somehow end up invoking git directly when you ssh, > instead of hitting the kallithea-cli that should have been installed in > your ~/.ssh/authorized_keys ? I think I know what is wrong. The problem is I also added the old ssh-rsa entries to the authorized_keys file in the .ssh so that I could also ssh into the system as the Kallithea user. Apparently, that throws off the system. My bad. > > I guess we should make the hooks handle a missing KALLITHEA_EXTRAS in a > more elegant way ... Would it be more appropriate to scan the actual authorized_keys to ensure it is in the proper formatting? i.e. ssh-rsa no-pty,no-port-forwarding... ssh-rsa to no-pty,no-port-forwarding... ssh-rsa no-pty,no-port-forwarding... ssh-rsa or add a flag at the beginning to tell kallithea to ignore the said line? Thanks Edmund ___ kallithea-general mailing list kallithea-general@sfconservancy.org https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: KALLITHEA_EXTRAS environment variable missing
On 12/24/19 7:49 AM, Ed Wong wrote: Hi, Just managed to work around the database unicode issue and could both clone and push via the ssh:// url; however, pushing to a git repository gave me the following 'error': Total 3 (delta 1), reused 0 (delta 0) remote: Traceback (most recent call last): remote: File "hooks/post-receive", line 38, in remote: main() remote: File "hooks/post-receive", line 34, in main remote: sys.exit(kallithea.lib.hooks.handle_git_post_receive(repo_path, git_stdin_lines)) remote: File "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/hooks.py", line 343, in handle_git_post_receive remote: baseui, repo = _hook_environment(repo_path) remote: File "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/hooks.py", line 310, in _hook_environment remote: extras = get_hook_environment() remote: File "/var/www/environments/kalivenv/lib/python2.7/site-packages/kallithea/lib/utils2.py", line 538, in get_hook_environment remote: raise Exception("Environment variable KALLITHEA_EXTRAS not found") remote: Exception: Environment variable KALLITHEA_EXTRAS not found To seavcs:repos/infrastructure/testgit2 887eb3c..19b77cd master -> master Apparently, it did save the push. I've looked at the documentation; but haven't yet seen the mention of the KALLITHEA_EXTRAS requirement. Looking at the code, I'm not exactly sure what fields are required in the json structure. KALLITHEA_EXTRAS is used internally. The user invokes "kallithea-cli ssh-serve" when connecting through ssh, and that sets this environment variable before calling out to the git executable ... and when git invoke the hooks and call back into Kallithea code in a grand-child process, it can read the environment variable and report correctly who is doing what. It seems like you somehow end up invoking git directly when you ssh, instead of hitting the kallithea-cli that should have been installed in your ~/.ssh/authorized_keys ? I guess we should make the hooks handle a missing KALLITHEA_EXTRAS in a more elegant way ... /Mads ___ kallithea-general mailing list kallithea-general@sfconservancy.org https://lists.sfconservancy.org/mailman/listinfo/kallithea-general