Page MenuHomePhabricator
Create Task
Maniphest T330740

OpenSSH 9 scp does not work with Gerrit due to lack of sftp subsystem
Closed, ResolvedPublicBUG REPORT
Actions

Description

Steps to replicate the issue (include links if applicable):

What happens?:
Cloning works, but SCP part of command fails with:

debug1: Sending subsystem: sftp
subsystem request failed on channel 0

What should have happened instead?:
Command should be executed without any error.

Software version (skip for WMF-hosted wikis like Wikipedia):

  • Gerrit 3.5.4
  • macOS version: Ventura 13.2.1
  • Version of OpenSSH: OpenSSH_9.0p1
  • Version of LibreSSL library: LibreSSL 3.3.6

Other informations:
@hashar mentions that there is Upstream task about this: https://bugs.chromium.org/p/gerrit/issues/detail?id=15944

Upstream references:

https://groups.google.com/g/repo-discuss/c/5tcDQzRYMeM
Issue 15944: scp command for retrieving commit-sh hook fails with OpenSSH 9.0
Issue 16705: Always use HTTP to download commit-msg hook

And the patch https://gerrit-review.googlesource.com/c/plugins/download-commands/+/359823

Workarounds

  • Use the legacy scp protocol using scp -O
  • Fetch the hook over https

Related Objects
Search...

Event Timeline

Kizule created this task.Feb 28 2023, 10:34 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 28 2023, 10:34 AM
Kizule claimed this task.Feb 28 2023, 10:35 AM
Kizule updated the task description. (Show Details)
Kizule updated Other Assignee, added: hashar.
Restricted Application added a project: User-Kizule. · View Herald TranscriptFeb 28 2023, 10:35 AM
Kizule removed Kizule as the assignee of this task.Feb 28 2023, 10:35 AM
Kizule removed a project: User-Kizule.
Kizule updated Other Assignee, removed: hashar.
Kizule updated the task description. (Show Details)Feb 28 2023, 10:40 AM
hashar added a comment.Feb 28 2023, 10:44 AM

This is due to OpenSSH 9 making scp to use sftp which is not supported by Gerrit. The workaround is to fetch the commit hook over https.

hashar updated the task description. (Show Details)Feb 28 2023, 10:44 AM
hashar moved this task from Backlog to Patch proposed upstream on the Upstream board.
hashar renamed this task from Cloning commit message hooks from Gerrit via SSH/SCP isn't working on MacOS to OpenSSH 9 scp does not work with Gerrit due to lack of sftp subsystem.Mar 2 2023, 12:48 PM
hashar updated the task description. (Show Details)
hashar moved this task from Patch proposed upstream to Patch merged upstream on the Upstream board.Mar 13 2023, 10:30 PM

https://gerrit-review.googlesource.com/c/plugins/download-commands/+/359823 got merged. The plugin is bundled in Gerrit, so I guess that will be included in the next versions of Gerrit 3.5, 3.6 and 3.7.

thcipriani merged a task: T331923: Gerrit commit-msg hook scp: subsystem request failed on channel 0.Mar 13 2023, 11:30 PM
thcipriani added a subscriber: thcipriani.
hashar added a comment.Mar 15 2023, 10:18 AM

Looking at upstream repo https://gerrit.googlesource.com/gerrit and the stable-3.5 branch, the download-commands plugin has been made to always track master and got updated so it does not lag behind. The commit is https://gerrit-review.googlesource.com/c/gerrit/+/361463:

commit 34b4352f73417572ce4b6d02bccfe54bbe98ee64
Author: Sven Selberg <svense@axis.com>
Date:   Thu Mar 2 18:20:06 2023 +0100

    Always track master on download-commands plugin
    
    The download-commands plugin only uses APIs that were extracted
    specifically for the download-commands plugin and very rarely
    changes. It doesn't give much benefit to let older releases use
    an older version since the only effect is that they get an
    outdated plugin.
    
    Also makes the ctor of DownloadConfig public for tests as this was
    the only API breakage from master (f0c9b9e).
    
    Update plugins/download-commands to latest master.
    Changes since v3.5.5:
    * b83ce67 Consistently use `git rev-parse` to find hooks-dir
    * 90b37d2 Always use http to get commit-msg hook          <<<------- fix for this T330740 task
    * f0c9b9e Add test for CloneWithCommitMsgHook
    * a16ebc6 Merge "Annotate methods that return a definitely null value with @Nullable"
    * 107b225 Annotate methods that return a definitely null value with @Nullable
    * a649bdb Prefer ImmutableList to the convenience methods in List
    * 71331e1 Throw IllegalStateException instead of RuntimeException
    * 7f73617 URL encode username in http and ssh schemes
    * 1a30359 Adapt to enabling error level for the UnnecessaryParentheses bug pattern
    * 6f58c1e document the new branch & reset commands
    
    Bug: Issue 15944
    Release-Notes: Update plugins/download-commands to latest master
    Change-Id: Ie41500963d425ade312e5bb4c4a2f4ba7f4f144d
hashar mentioned this in T336339: Upgrade Gerrit from 3.5.5 to 3.5.6.May 10 2023, 7:14 AM
hashar added a subtask: T336339: Upgrade Gerrit from 3.5.5 to 3.5.6.
hashar closed subtask T336339: Upgrade Gerrit from 3.5.5 to 3.5.6 as Resolved.May 10 2023, 9:02 AM
hashar closed this task as Resolved.May 10 2023, 9:08 AM
hashar claimed this task.

I have deployed Gerrit 3.5.6 which comes with download-commands plugin fix which is to always fetch the commit-msg hook over https.

I went to https://gerrit.wikimedia.org/r/admin/repos/mediawiki/extensions/BlockAndNuke,general

Choose DownloadSSH

The resulting command is:

git clone "ssh://hashar@gerrit.wikimedia.org:29418/mediawiki/extensions/BlockAndNuke" \
  && ( \
    cd "BlockAndNuke" \
    && mkdir -p `git rev-parse --git-dir`/hooks/ \
    && curl -Lo `git rev-parse --git-dir`/hooks/commit-msg https://gerrit.wikimedia.org/r/tools/hooks/commit-msg; \
        chmod +x `git rev-parse --git-dir`/hooks/commit-msg
)

It is thus now using curl and https instead of scp which works around the lack of sftp subsystem in Gerrit/JGit (but I guess that will eventually be implemented).

I believe it addresses this task :)

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL