Closed Bug 806499 Opened 10 years ago Closed 10 years ago
Incorrect permissions on hg repo preventing automated changeset push
I've recloned releases/mozilla-beta to my user repo twice as jhopkins_mozilla.com and still get this error when trying to push as user stage-ffxbld: ------------ $ hg push -e 'ssh -i ~/.ssh/stage_ffxbld_dsa -l stage-ffxbld' user pushing to ssh://hg.mozilla.org/users/jhopkins_mozilla.com/mozilla-beta running ssh -i ~/.ssh/stage_ffxbld_dsa -l stage-ffxbld hg.mozilla.org 'hg -R users/jhopkins_mozilla.com/mozilla-beta serve --stdio' remote: Not trusting file /repo/hg/mozilla/users/jhopkins_mozilla.com/mozilla-beta/.hg/hgrc from untrusted user firstname.lastname@example.org, group scm_level_1 remote: Not trusting file /repo/hg/mozilla/users/jhopkins_mozilla.com/mozilla-beta/.hg/hgrc from untrusted user email@example.com, group scm_level_1 searching for changes 2 changesets found remote: adding changesets remote: abort: Permission denied: /repo/hg/mozilla/users/jhopkins_mozilla.com/mozilla-beta/.hg/store/00changelog.i abort: unexpected response: empty string ------------ I will try and work around this problem in the meantime but a quick fix would be appreciated.
John, I've fixed permissions on your repository. Could you please try your push again?
Assignee: server-ops-devservices → bkero
Hi, Ben. I re-cloned my user repo and tried pushing a test change as stage-ffxbld but it failed with the same error.
I've worked around the issue by creating a sibling 'mozilla-beta2' repo which so far seems to be working ok. Ben: I think the simplest course of action for now would be an 'rm -rf users/jhopkins_mozilla.com/mozilla-beta' but it would be nice to find/fix what caused the problem if you have the time to look.
Bah, now that tagging has gotten farther there's another instance of this permissions problem: ----- command: hg push -e 'ssh -l stage-ffxbld -i /home/mock_mozilla/.ssh/ffxbld_dsa' --new-branch ssh://hg.mozilla.org/users/jhopkins_mozilla.com/buildbot command: cwd: buildbot command: output: pushing to ssh://hg.mozilla.org/users/jhopkins_mozilla.com/buildbot searching for changes remote: Not trusting file /repo/hg/mozilla/users/jhopkins_mozilla.com/buildbot/.hg/hgrc from untrusted user firstname.lastname@example.org, group scm_level_1 remote: Not trusting file /repo/hg/mozilla/users/jhopkins_mozilla.com/buildbot/.hg/hgrc from untrusted user email@example.com, group scm_level_1 remote: adding changesets remote: abort: Permission denied: /repo/hg/mozilla/users/jhopkins_mozilla.com/buildbot/.hg/store/00changelog.i abort: unexpected response: empty string command: ERROR Traceback (most recent call last): File "/builds/slave/rel-m-beta-firefox-tag/scripts/scripts/release/../../lib/python/util/commands.py", line 42, in run_cmd return subprocess.check_call(cmd, **kwargs) File "/usr/lib/python2.6/subprocess.py", line 502, in check_call raise CalledProcessError(retcode, cmd) CalledProcessError: Command '['hg', 'push', '-e', 'ssh -l stage-ffxbld -i /home/mock_mozilla/.ssh/ffxbld_dsa', '--new-branch', 'ssh://hg.mozilla.org/users/jhopkins_mozilla.com/buildbot']' returned non-zero exit status 255 command: END (0.66s elapsed) ------
The users/jhopkins_mozilla.com/mozharness repo is also affected.
The problem is that some files in .hg/store were group-owned by scm_level_3. I've corrected the problem on all your repositories. I've confirmed that the stage-ffxbld user has scm_level_1 permissions. I can help you debug to fix this issue, but as for finding the underlying root cause I'm afraid that I've been told to preempt all non-emergency requests with a deployment I've been doing that's had it's schedule accelerated from 4 weeks to 1 week.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Component: Server Operations: Developer Services → General
Product: mozilla.org → Developer Services
You need to log in before you can comment on or make changes to this bug.