On Wed, Mar 03, 2010 at 04:06:08PM +0100, Janus Weil wrote: > Dear subversion team, > > I noticed that recent svn releases fail to display many error messages. > > Example: Doing "svn co svn+ssh://some...@gcc.gnu.org/svn/gcc/trunk > trunk" without having the proper ssh keys for user 'someone'. The svn > versions I tried were 1.6.3, 1.6.5 and 1.6.9. With 1.6.3 I get: > > Permission denied (publickey,gssapi-with-mic). > svn: Network connection closed unexpectedly > > But if I do the same with 1.6.5 or 1.6.9, the first line is missing > and I only get the rather nebulous message about the unexpected > closing of the network connection, without seeing the reason for that. > > It's even worse if e.g. my private key has the wrong permissions for > some reason. In this case svn 1.6.3 displays a very bold warning: > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Permissions 0755 for '~/.ssh/id_dsa' are too open. > It is recommended that your private key files are NOT accessible by others. > This private key will be ignored. > bad permissions: ignore key: ~/.ssh/id_dsa > Permission denied (publickey,gssapi-with-mic). > svn: Network connection closed unexpectedly > > Again, with newer releases one only gets the last line, without any > chance of finding out what the problem is. > > Is this a known bug?
This is probably a side-effect of the fix for issue #2580 done in Subversion 1.6.5. Since then, Subversion passes '-q' to ssh to avoid the message 'Terminated by signal 15' being printed whenever ssh exists upon being terminated by Subversion in a friendly manner. This particular output from ssh would confuse users assuming the output came from svn, and make them believe svn had crashed. Of course, '-q' might also suppress some other messages printed by ssh, such as the "unprotected key file" warning. I guess we should make the error message for svn+ssh connection failures advise people to remove the '-q' flag from the ssh invocation in ~/.subversion/config to debug SSH connection problems. The patch below does this: $ svn ls svn+ssh://svntest/ svn: Unable to connect to a repository at URL 'svn+ssh://svntest' svn: To better debug SSH connection problems, remove the -q option from 'ssh' in the [tunnels] section of your Subversion configuration file. svn: Network connection closed unexpectedly (Above, 'svntest' is an SSH host alias to localhost with a port where nothing is listening.) Do you think this would help? Stefan Index: subversion/libsvn_ra_svn/client.c =================================================================== --- subversion/libsvn_ra_svn/client.c (revision 918491) +++ subversion/libsvn_ra_svn/client.c (working copy) @@ -463,6 +463,7 @@ static svn_error_t *make_tunnel(const char **args, apr_status_t status; apr_proc_t *proc; apr_procattr_t *attr; + svn_error_t *err; status = apr_procattr_create(&attr, pool); if (status == APR_SUCCESS) @@ -516,7 +517,15 @@ static svn_error_t *make_tunnel(const char **args, /* Guard against dotfile output to stdout on the server. */ *conn = svn_ra_svn_create_conn(NULL, proc->out, proc->in, pool); - SVN_ERR(svn_ra_svn_skip_leading_garbage(*conn, pool)); + err = svn_ra_svn_skip_leading_garbage(*conn, pool); + + if (err) + return svn_error_quick_wrap( + err, + _("To better debug SSH connection problems, remove the -q " + "option from 'ssh' in the [tunnels] section of your " + "Subversion configuration file.")); + return SVN_NO_ERROR; }