mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-21 13:00:56 +01:00
Before executing svnserve, change the CWD to a readable directory
Summary: Fixes T10941. This avoids a confusing dead end when configuring Subversion hosting, where `svnserve` will fail to execute hooks if the CWD isn't readable by the vcs-user. Test Plan: - Updated and committed in a hosted SVN repository. - Ran some git operations, too. - @dpotter confirmed this locally in T10941. Reviewers: chad Reviewed By: chad Subscribers: dpotter Maniphest Tasks: T10941 Differential Revision: https://secure.phabricator.com/D15879
This commit is contained in:
parent
cd86bf0174
commit
de4312bcde
3 changed files with 28 additions and 2 deletions
|
@ -24,8 +24,7 @@ final class DiffusionGitCommandEngine
|
|||
// really silly, but seems like the least damaging approach to
|
||||
// mitigating the issue.
|
||||
|
||||
$root = dirname(phutil_get_library_root('phabricator'));
|
||||
$env['HOME'] = $root.'/support/empty/';
|
||||
$env['HOME'] = PhabricatorEnv::getEmptyCWD();
|
||||
|
||||
if ($this->isAnySSHProtocol()) {
|
||||
$env['GIT_SSH'] = $this->getSSHWrapper();
|
||||
|
|
|
@ -148,15 +148,25 @@ final class DiffusionSubversionServeSSHWorkflow
|
|||
if ($this->shouldProxy()) {
|
||||
$command = $this->getProxyCommand();
|
||||
$this->isProxying = true;
|
||||
$cwd = null;
|
||||
} else {
|
||||
$command = csprintf(
|
||||
'svnserve -t --tunnel-user=%s',
|
||||
$this->getUser()->getUsername());
|
||||
$cwd = PhabricatorEnv::getEmptyCWD();
|
||||
}
|
||||
|
||||
$command = PhabricatorDaemon::sudoCommandAsDaemonUser($command);
|
||||
$future = new ExecFuture('%C', $command);
|
||||
|
||||
// If we're receiving a commit, svnserve will fail to execute the commit
|
||||
// hook with an unhelpful error if the CWD isn't readable by the user we
|
||||
// are sudoing to. Switch to a readable, empty CWD before running
|
||||
// svnserve. See T10941.
|
||||
if ($cwd !== null) {
|
||||
$future->setCWD($cwd);
|
||||
}
|
||||
|
||||
$this->inProtocol = new DiffusionSubversionWireProtocol();
|
||||
$this->outProtocol = new DiffusionSubversionWireProtocol();
|
||||
|
||||
|
|
17
src/infrastructure/env/PhabricatorEnv.php
vendored
17
src/infrastructure/env/PhabricatorEnv.php
vendored
|
@ -877,4 +877,21 @@ final class PhabricatorEnv extends Phobject {
|
|||
umask(022);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get the path to an empty directory which is readable by all of the system
|
||||
* user accounts that Phabricator acts as.
|
||||
*
|
||||
* In some cases, a binary needs some valid HOME or CWD to continue, but not
|
||||
* all user accounts have valid home directories and even if they do they
|
||||
* may not be readable after a `sudo` operation.
|
||||
*
|
||||
* @return string Path to an empty directory suitable for use as a CWD.
|
||||
*/
|
||||
public static function getEmptyCWD() {
|
||||
$root = dirname(phutil_get_library_root('phabricator'));
|
||||
return $root.'/support/empty/';
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue