Project

General

Profile

Bug #18838

gitCheckout.sh incorrectly thinks user is not authenticated for read-write access if no xauth data

Added by Thomas Junk almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
-
Start date:
01/30/2018
Due date:
% Done:

100%

Estimated time:
Spent time:
Duration:

Description

This is seen from CERN -- Jingbo ran into the problem and I see it this evening too from the CERN hostel. Looks easy to fix however.

In gitCheckout.sh, there are these lines:

larret=`ssh p-${rbase}@cdcvs.fnal.gov "echo Hi" 2>&1`
is_bad=`echo $larret | egrep "Permission|authentication" | wc -l`
if [ $is_bad -gt 0 ]
then
echo ""
echo "NOTICE: You do not have read-write permissions for this repository"
myGitCommand="$gitCommandRO"
fi

If I try the bad test command from my mac at CERN (with VPN!) I get this:

Mac-124243:forjingbo trj$ ssh "echo Hi"
Warning: No xauth data; using fake authentication data for X11 forwarding.
X11 forwarding request failed on channel 0
Hi
Mac-124243:forjingbo trj$

If I do the same thing on a dunegpvm machine:

<dunegpvm08.fnal.gov> ssh "echo Hi"
Hi
<dunegpvm08.fnal.gov>

It looks like the presence of the word "authentication" in the message about
X11 is distracting the error checker into thinking the test failed when it
succeeded.

Associated revisions

Revision 207fe6fa (diff)
Added by Lynn Garren almost 3 years ago

possible fix for #18838

Revision 060dbce6
Added by Lynn Garren almost 3 years ago

Merge tag 'v1_13_03' into develop

possible fix for #18838 v1_13_03

History

#1 Updated by Lynn Garren almost 3 years ago

  • Status changed from New to Accepted

We will have a look, but I also suggest adding the following to your .ssh/config file. The GSSAPI lines may not be necessary, but "ForwardX11 = no" is strongly recommended when connecting to our git repository.

host cdcvs.fnal.gov
 ForwardX11 = no
 GSSAPIAuthentication yes
 GSSAPIDelegateCredentials yes

#2 Updated by Thomas Junk almost 3 years ago

You could use the -x flag for ssh which disables X11 forwarding on that test line. Saves having to update everyone's .ssh/config

#3 Updated by Lynn Garren almost 3 years ago

  • Status changed from Accepted to Feedback
  • % Done changed from 0 to 90

I am reluctant to use "ssh -x" since we have seen instances where ssh options were not consistent across platforms. I have updated mrb, but cannot test it. Please download and test mrb v1_13_03. If it works for you, we will add v1_13_03 to the larsoft distribution.

http://scisoft.fnal.gov/scisoft/packages/mrb/v1_13_03/mrb-1.13.03-noarch.tar.bz2

Also, the recommendation for .ssh/config is not limited to using git from mrb.

#4 Updated by Lynn Garren almost 3 years ago

  • Assignee set to Lynn Garren

#5 Updated by Gianluca Petrillo almost 3 years ago

For what it's worth, I have successfully tested mrb gitCheckout with v1_13_03 at Fermilab. The real test is from CERN foyer, however.

#6 Updated by Thomas Junk almost 3 years ago

The gitCheckout.sh in mrb v1_13_03 works from the CERN auditorum and gives a read/write checkout, while the one in mrb v1_13_02 fails in the auditorium the same way it does at the hostel. Seems good.

#7 Updated by Lynn Garren almost 3 years ago

  • Status changed from Feedback to Resolved
  • % Done changed from 90 to 100

Excellent. I'll add mrb v1_14_00 to the larsoft distribution. (There is a new changeQual option.)

#8 Updated by Lynn Garren almost 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF