Closed
Bug 769148
Opened 12 years ago
Closed 12 years ago
can't push mozilla-beta to gitolite
Categories
(Developer Services :: General, task)
Developer Services
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: hwine, Assigned: Atoll)
References
Details
Attachments
(1 file)
|
81.43 KB,
text/plain
|
Details |
tried production upload of mozilla-beta to gitolite server releases/mozilla-beat.git (bug 768639 made these available). Fails with "remote: invalid characters in ref or filename: refs/tags/<rail@mozilla.com>", although git fsck does not object. repeated same upload to releases/mozilla-central.git in order to capture error messages. No stdout output, stderr attached. Upload was from github-sync1-dev.dmz.scl3, and took 140 seconds wall clock
|
||
Comment 1•12 years ago
|
||
atoll dug around a bit and came up with : <atoll> | 2012-06-27.22:37:00 github-sync-test@mozilla.com 10.22.74.67 Die generated at line 226 in /usr/share/perl5/vendor_perl/gitolite.pm : invalid characters in ref or filename: refs/tags/<rail@mozilla.com><<newline>> <<newline>> Seems like this is something on gitolite, poking further with atoll and hwine on IRC.
Advise deleting the tag '<rail@mozilla.com>': -rwxr-x--- 1 hwine hwine 41 Jun 27 20:07 <rail@mozilla.com> Since gitorious is probably refusing due to < or @: 2012-06-27.19:47:44 github-sync-test@mozilla.com 10.22.74.67 Die generated at line 226 in /usr/share/perl5/vendor_perl/gitolite.pm : invalid characters in ref or filename: refs/tags/<rail@mozilla.com><<newline>> <<newline>> $GL_REF_OR_FILENAME_PATT=qr(^[0-9a-zA-Z][0-9a-zA-Z._\@/+ :,-]*$); confirmed at http://gitolite.googlecode.com/git-history/89e59ae7725d662919ef7dc8f759d48c173181fd/src/gitolite_rc.pm that < and > are not permitted
And I guessed it was a tag because in the attachment: * [new tag] chromium-import-latest -> chromium-import-latest * [new tag] chromium-import-r15462 -> chromium-import-r15462 * [new tag] last-mozilla-central -> last-mozilla-central ! [remote rejected] <rail@mozilla.com> -> <rail@mozilla.com> (hook declined) It's listed just like all the other tags, but it's got an error (!) instead of an OK (*).
< and > are rumored to be safe to add, based on: http://sitaramc.github.com/gitolite/g2/rc.html#rcsecurity by ediing the above-listed _PATT in the gitolite rc file under /repo/whatever
added to the SECURITY RISK section of .gitolite.rc: # 20120627 - permit < and > anywhere in a refs filename, e.g. refs/tags/<rail@mozilla.com> # $GL_REF_OR_FILENAME_PATT=qr(^[0-9a-zA-Z][0-9a-zA-Z._\@/+ :,-]*$); $GL_REF_OR_FILENAME_PATT=qr(^[0-9a-zA-Z<>][0-9a-zA-Z._\@/+ :,-<>]*$);
|
|
||
Comment 6•12 years ago
|
||
Richard tracked this down like a champ. woo! shyam@spike ~/mozilla/repos/svn/sysadmins/puppet/trunk/modules/gitolite/templates % svn commit -m "Fix for bug 769148, thanks to atoll" Sending templates/gitolite.rc.erb Transmitting file data . Committed revision 42002.
|
|
||
Comment 7•12 years ago
|
||
joes/kang : Please see comments above. Need an r+ from infrasec before this is taken to production. Thanks!
Assignee: server-ops-devservices → rsoderberg
|
||
Comment 8•12 years ago
|
||
This should be harmless. As long as we don't add back quotes or dollar signs, I don't see a problem.
|
Reporter | |
Comment 9•12 years ago
|
||
There may be another path that needs tweaking. The above prevents the issue when importing the repository. However, it doesn't allow repositories to be emptied Pushing an empty repo atop the existing one, repeatedly yields the following: [hwine@github-sync1-dev.dmz.scl3 hwine]$ git --git-dir empty_repo/.git push --mirror --force git+ssh://mirror_writer/releases/mozilla-beta.git remote: invalid characters in ref or filename: refs/tags/<rail@mozilla.com> remote: error: hook declined to update refs/tags/<rail@mozilla.com> To git+ssh://mirror_writer/releases/mozilla-beta.git ! [remote rejected] <rail@mozilla.com> (hook declined) error: failed to push some refs to 'git+ssh://mirror_writer/releases/mozilla-beta.git' [hwine@github-sync1-dev.dmz.scl3 hwine]$ The browse view also shows the tag from the old repo: <http://git1.dmz.scl3.mozilla.com/?p=releases/mozilla-beta.git;a=summary> Since tag deletion is neither a Q2 requirement, nor needed here (since the repos will be fully reset), I'm fine with splitting this out to a separate bug.
|
|
Reporter | |
Comment 10•12 years ago
|
||
Ah, the applied fix only affects the one repository. And (per comment #9) only additions. (I just pushed m-b to releases/mozilla-release.git, and received the same illegal tag name error.) Since these tags are legal-in-git, we may want to consider a server wide deployment.
|
|
||
Comment 11•12 years ago
|
||
Hal, This was my mistake. When I put it into puppet, vim added a # before the line automatically (because the previous line was a comment) and I made the commit. And therefore this was again disabled until now (thanks to bkero for catching that). Should be alright now. Let me know if you run into this again.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Updated•10 years ago
|
Component: Server Operations: Developer Services → General
Product: mozilla.org → Developer Services
You need to log in
before you can comment on or make changes to this bug.
Description
•