Closed Bug 806499 Opened 10 years ago Closed 10 years ago

Incorrect permissions on hg repo preventing automated changeset push

Categories

(Developer Services :: General, task)

task
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: jhopkins, Assigned: bkero)

References

Details

I've recloned releases/mozilla-beta to my user repo twice as jhopkins_mozilla.com and still get this error when trying to push as user stage-ffxbld:

------------
$ hg push -e 'ssh -i ~/.ssh/stage_ffxbld_dsa -l stage-ffxbld' user
pushing to ssh://hg.mozilla.org/users/jhopkins_mozilla.com/mozilla-beta
running ssh -i ~/.ssh/stage_ffxbld_dsa -l stage-ffxbld hg.mozilla.org 'hg -R users/jhopkins_mozilla.com/mozilla-beta serve --stdio'
remote: Not trusting file /repo/hg/mozilla/users/jhopkins_mozilla.com/mozilla-beta/.hg/hgrc from untrusted user jhopkins@mozilla.com, group scm_level_1
remote: Not trusting file /repo/hg/mozilla/users/jhopkins_mozilla.com/mozilla-beta/.hg/hgrc from untrusted user jhopkins@mozilla.com, group scm_level_1
searching for changes
2 changesets found
remote: adding changesets
remote: abort: Permission denied: /repo/hg/mozilla/users/jhopkins_mozilla.com/mozilla-beta/.hg/store/00changelog.i
abort: unexpected response: empty string
------------

I will try and work around this problem in the meantime but a quick fix would be appreciated.
John,

I've fixed permissions on your repository. Could you please try your push again?
Assignee: server-ops-devservices → bkero
Hi, Ben.  I re-cloned my user repo and tried pushing a test change as stage-ffxbld but it failed with the same error.
I've worked around the issue by creating a sibling 'mozilla-beta2' repo which so far seems to be working ok.

Ben: I think the simplest course of action for now would be an 'rm -rf users/jhopkins_mozilla.com/mozilla-beta' but it would be nice to find/fix what caused the problem if you have the time to look.
Bah, now that tagging has gotten farther there's another instance of this permissions problem:

-----
command: hg push -e 'ssh -l stage-ffxbld -i /home/mock_mozilla/.ssh/ffxbld_dsa' --new-branch ssh://hg.mozilla.org/users/jhopkins_mozilla.com/buildbot
command: cwd: buildbot
command: output:
pushing to ssh://hg.mozilla.org/users/jhopkins_mozilla.com/buildbot
searching for changes
remote: Not trusting file /repo/hg/mozilla/users/jhopkins_mozilla.com/buildbot/.hg/hgrc from untrusted user jhopkins@mozilla.com, group scm_level_1
remote: Not trusting file /repo/hg/mozilla/users/jhopkins_mozilla.com/buildbot/.hg/hgrc from untrusted user jhopkins@mozilla.com, group scm_level_1
remote: adding changesets
remote: abort: Permission denied: /repo/hg/mozilla/users/jhopkins_mozilla.com/buildbot/.hg/store/00changelog.i
abort: unexpected response: empty string
command: ERROR
Traceback (most recent call last):
  File "/builds/slave/rel-m-beta-firefox-tag/scripts/scripts/release/../../lib/python/util/commands.py", line 42, in run_cmd
    return subprocess.check_call(cmd, **kwargs)
  File "/usr/lib/python2.6/subprocess.py", line 502, in check_call
    raise CalledProcessError(retcode, cmd)
CalledProcessError: Command '['hg', 'push', '-e', 'ssh -l stage-ffxbld -i /home/mock_mozilla/.ssh/ffxbld_dsa', '--new-branch', 'ssh://hg.mozilla.org/users/jhopkins_mozilla.com/buildbot']' returned non-zero exit status 255
command: END (0.66s elapsed)
------
The users/jhopkins_mozilla.com/mozharness repo is also affected.
The problem is that some files in .hg/store were group-owned by scm_level_3. I've corrected the problem on all your repositories.

I've confirmed that the stage-ffxbld user has scm_level_1 permissions.

I can help you debug to fix this issue, but as for finding the underlying root cause I'm afraid that I've been told to preempt all non-emergency requests with a deployment I've been doing that's had it's schedule accelerated from 4 weeks to 1 week.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Component: Server Operations: Developer Services → General
Product: mozilla.org → Developer Services
You need to log in before you can comment on or make changes to this bug.