On Wed, Mar 03, 2010 at 04:06:08PM +0100, Janus Weil wrote:
> Dear subversion team,
>
> I noticed that recent svn releases fail to display many error messages.
>
> Example: Doing "svn co svn+ssh://some...@gcc.gnu.org/svn/gcc/trunk
> trunk" without having the proper ssh keys for user 'someone'. The svn
> versions I tried were 1.6.3, 1.6.5 and 1.6.9. With 1.6.3 I get:
>
> Permission denied (publickey,gssapi-with-mic).
> svn: Network connection closed unexpectedly
>
> But if I do the same with 1.6.5 or 1.6.9, the first line is missing
> and I only get the rather nebulous message about the unexpected
> closing of the network connection, without seeing the reason for that.
>
> It's even worse if e.g. my private key has the wrong permissions for
> some reason. In this case svn 1.6.3 displays a very bold warning:
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0755 for '~/.ssh/id_dsa' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> bad permissions: ignore key: ~/.ssh/id_dsa
> Permission denied (publickey,gssapi-with-mic).
> svn: Network connection closed unexpectedly
>
> Again, with newer releases one only gets the last line, without any
> chance of finding out what the problem is.
>
> Is this a known bug?
This is probably a side-effect of the fix for issue #2580 done in
Subversion 1.6.5. Since then, Subversion passes '-q' to ssh to avoid
the message 'Terminated by signal 15' being printed whenever ssh exists
upon being terminated by Subversion in a friendly manner.
This particular output from ssh would confuse users assuming the output
came from svn, and make them believe svn had crashed. Of course, '-q'
might also suppress some other messages printed by ssh, such as the
"unprotected key file" warning.
I guess we should make the error message for svn+ssh connection failures
advise people to remove the '-q' flag from the ssh invocation in
~/.subversion/config to debug SSH connection problems.
The patch below does this:
$ svn ls svn+ssh://svntest/
svn: Unable to connect to a repository at URL 'svn+ssh://svntest'
svn: To better debug SSH connection problems, remove the -q option from 'ssh'
in the [tunnels] section of your Subversion configuration file.
svn: Network connection closed unexpectedly
(Above, 'svntest' is an SSH host alias to localhost with a port where nothing
is listening.)
Do you think this would help?
Stefan
Index: subversion/libsvn_ra_svn/client.c
===================================================================
--- subversion/libsvn_ra_svn/client.c (revision 918491)
+++ subversion/libsvn_ra_svn/client.c (working copy)
@@ -463,6 +463,7 @@ static svn_error_t *make_tunnel(const char **args,
apr_status_t status;
apr_proc_t *proc;
apr_procattr_t *attr;
+ svn_error_t *err;
status = apr_procattr_create(&attr, pool);
if (status == APR_SUCCESS)
@@ -516,7 +517,15 @@ static svn_error_t *make_tunnel(const char **args,
/* Guard against dotfile output to stdout on the server. */
*conn = svn_ra_svn_create_conn(NULL, proc->out, proc->in, pool);
- SVN_ERR(svn_ra_svn_skip_leading_garbage(*conn, pool));
+ err = svn_ra_svn_skip_leading_garbage(*conn, pool);
+
+ if (err)
+ return svn_error_quick_wrap(
+ err,
+ _("To better debug SSH connection problems, remove the -q "
+ "option from 'ssh' in the [tunnels] section of your "
+ "Subversion configuration file."));
+
return SVN_NO_ERROR;
}
