3

I have gitosis setup on my server and I'm trying to create a post-receive hook that will checkout changes to a working directory on the remote machine.

Initially I got an error saying cannot open /home/user/source/testing-local/.git/FETCH_HEAD: Permission denied so I changed the group ownership of the working directory's .git folder to the git user.

Following this I got the error Host key verification failed which led me to check which user was running the hook, git of course (silly me!), so I setup a key in gitosis for the git user that gitosis is running under and enabled that in gitosis.conf. Now I'm getting the old Permission denied (publickey).

My post-receive hook looks like this:

#!/bin/bash
while read oldrev newrev refname
do
  if [ "$refname" == "refs/heads/master" ]; then
    WORKDIR=/home/user/source/testing-local
    export GIT_DIR=$WORKDIR/.git
    pushd $WORKDIR >/dev/null
    id
    git pull --quiet >/dev/null
  fi
done

The id call is just to check which user I'm running as.

Is there an easier way to achieve this?! Have I missed something key in my setup?

ghickman
  • 5,893
  • 9
  • 42
  • 51

1 Answers1

2

You need to make sure of the value of the $HOME environment variable for the git user executing that hook.

$HOME/.ssh is where ssh will look for the private key during the handshake.
Also, make sure the ssh directory on the gitosis end has the right permissions.

server$ chmod go-w ~/
server$ chmod 700 ~/.ssh
server$ chmod 600 ~/.ssh/authorized_keys

Finally see the "Permission denied (publickey)" section on GitHub, which repeat what I mentioned above about the HOME:

This is usually caused when ssh cannot find your keys.
Make sure your key is in the default location, ~/.ssh.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • +1 There's a typo in the second line, BTW - `$HOME/ssh` should be `$HOME/.ssh` – Mark Longair Mar 29 '11 at 10:45
  • @VonC I've checked all the permissions as you suggested and been through the github help. I've now specified all the necessary options in the .ssh/config file just to be certain. If I mess with the git user's authorized_keys so I can log in as it (then put it back to the way it was) I can successfully do a pull in the correct directory, however the post-receive script still gets Permission Denied. Any thoughts on how I can do further debugging? – ghickman Mar 29 '11 at 14:29
  • @ghickman: try to display the `user` and the `$HOME` when the `post-receive` runs: a permission denied means a/ the public key isn't there in `authorized_keys` (or it is, but with a typo), or b/ the private key isn't accessible. That is, the private key for the user actually executing the `post-receive` hook. – VonC Mar 29 '11 at 14:38
  • @VonC The user is git and $HOME is /home/git. I've checked the authorized_keys file just to be safe but it's handled by the gitosis-admin config. The private key has the following permissions: -rw------- 1 git git – ghickman Mar 29 '11 at 14:48
  • @ghickman: no funny business in the naming of those keys? No passphrase? try a `ssh -vvv hostname` from within the hook, just to see more debug info about a ssh session. – VonC Mar 29 '11 at 15:39