This commit is contained in:
Joey Hess 2021-08-24 12:38:08 -04:00
parent f2474e4850
commit 0c3c49e003
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38

View file

@ -0,0 +1,31 @@
[[!comment format=mdwn
username="joey"
subject="""comment 1"""
date="2021-08-24T16:28:40Z"
content="""
git-annex-shell is not supposed to run true. That would be a security hole
if it did.
However, what's actually being done here is that git-annex is probing
to see if it can ssh without a password prompt. It needs to run some
command in the probe, without doing anything, so it uses true.
This code was written with the knowledge that a restricted shell might not
allow true to be run. It doesn't care if ssh exits 1 in such a situation.
The only exit status it cares about is 255, which is what ssh uses if it
was unable to ssh to the host due to needing a password.
So, your smoking gun is actually a red herring.
Your actual failure may be here:
["--git-dir=.git","--work-tree=.","--literal-pathspecs","fetch","offsite-git"]
git-annex-shell: git-shell failed
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: error in rsync protocol data stream (code 12) at io.c(228) [Receiver=3.2.3]
gcrypt: Repository not found: rsync://anarcat@remote-annex:/home/anarcat/offsite/Videos.git/
gcrypt: ..but repository ID is set. Aborting.
That looks like something is set up incorrectly, but I don't really know what.
It seems to prevent `git fetch` from working though, so currently it does not look
like a git-annex problem.
"""]]