On Thu, Jun 14, 2012 at 3:06 PM, John Found <[email protected]> wrote: > > On Thu, 14 Jun 2012 14:42:48 -0700 > Brian Smith <[email protected]> wrote: > > > I had success with this line to execute fossil: > > /usr/bin/env -i HOME=$(pwd) /usr/local/bin/fossil ls 2>&1 > > It runs fossil with the same success as the simple "fossil ls --nocgi" -> > "not within an open checkout"
Ah, I missed that --nocgi worked for you. That's nice to hear. If fossil reports it is not in an open checkout, then I'm confident that it isn't. With apache and fossil as a CGI script, update.cgi works just fine for me, both with my prior suggestion and with --nocgi. Stupid question time: - Are you _positive_ that '/home/www/asm32' is an open checkout? i.e., contains a '_FOSSIL_' file? - Is `cd /home/www/asm32` working? (not emitting errors on stderr) - What does `whoami` report? Can that user read/write everything necessary? That is: _FOSSIL_, the checkout directory, all the files in that directory, the directory containing the actual repository (usually named <repo>.fossil, but not necessarily), and the repository itself. On the machine that I'm testing with here are some more details to check that you match up: - The cgi runs as the 'apache' user, which is in the 'fossil' group. (whoami reports 'apache') - pwd reports /srv/site - HOME is set to /srv/site - In my case, I push over ssh, so, write access for the 'fossil' group is not necessary. [linuxfood@nudibranch /srv/site]$ ls -alFh total 520K drwxrwsr-x 5 linuxfood fossil 4.0K Jun 14 15:32 ./ # [snip] -rw-r--r-- 1 apache fossil 3.0K Jun 14 14:32 .fossil # global fossil config for apache -rw-r--r-- 1 linuxfood fossil 67K Jun 14 15:32 _FOSSIL_ # checkout -rw-r--r-- 1 linuxfood fossil 390K Oct 20 2011 fsl # actual repository -rw-r--r-- 1 linuxfood fossil 1.5K Nov 26 2010 index.html -rwxr-xr-x 1 linuxfood fossil 288 Jun 14 15:32 update.cgi* The text of my update.cgi: ----------------------------------------- #!/bin/bash echo "Content-type: text/html" echo "" echo "<html>" echo "<head><title>Update the site from the repository.</title></head>" echo "<body>" echo "<pre>" export HOME=/srv/site pwd /usr/local/bin/fossil ls --nocgi 2>&1 echo "</pre>" echo "</body>" echo "</html>" ------------------------------------ > > > > 4) env -i erases the complete environment, your issues were caused by > > fossil believing that it was executing as a CGI, when really > > you just wanted to happen to call it from a CGI - If I've read this thread > > correctly. > > No, --nocgi option solves this problem. Fossil does not acts as a cgi. For > example "fossil help" outputs the help > to the stdout. Fossil simply can't see the open checkout where it is running. > It maybe is because of environment, > because of access permissions, because of bugs, etc. I can't diagnose the > cause for this behaviour. > Very similar script in Windows (.cmd file) runs OK. > > > > > !!!! 5) This script rings all sorts of alarm bells for me. I hope you plan > > on restricting access via IP and/or at least basic authentication. > > Bash is well tested - but was not really meant to be exposed to the open > > internet, one wrong move and you could give someone > > the keys to your machine without realizing it. > > I know the risks, but if the script is simple enough, the risks are less. > Actually, I plan to implement the same functionality in assembly language > later. > I only try to proof the concept with these bash scripts... unsuccessfuly. > > I'm not going to comment on this. -B _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
