Please describe the problem.
I have what I speculate is an interoperability problem with two git-annex versions: on one end, it's trying to run true over SSH and on the other end git-annex-shell is saying that's not a valid command.
I have a rather gnarly git-remote-gcrypt setup (is there one that isn't?) with a gcrypt remote for the git history and annex content. I honestly barely remember how I set this up, and I'm constantly battling to remember how it works (not great, I know), but here are the notes I have so far:
https://anarc.at/services/backup/#encrypted-remotes
Obviously, I have tried to follow the fully encrypted git repositories with gcrypt tutorial, but I might have drifted off at some point. I often get confused between the builtin encryption features and the gcrypt special remote.
What steps will reproduce the problem?
I think the trick is to setup a remote gcrypt repo with a hardcoded command="GIT_ANNEX_SHELL_APPENDONLY=true git-annex-shell -c \"$SSH_ORIGINAL_COMMAND\"" entry in authorized_keys. If I drop the command parameter from the line, the command goes through fine.
What version of git-annex are you using? On what operating system?
The "client" end is 8.20210223-2 on Debian bullseye, the remote is 7.20190129-3 on Debian buster.
Please provide any additional information below.
I suspect that something was introduced after the buster release that runs this extra command on start:
ssh remote true
Which SSH turns into:
ssh remote git-annex-shell -c true
Even with a non-restricted SSH key, the above fails with:
fatal: unrecognized command 'true'
git-annex-shell: git-shell failed
... which is, for me, the smoking gun here.
# If you can, paste a complete transcript of the problem occurring here.
# If the problem is with the git-annex assistant, paste in .git/annex/daemon.log
anarcat@curie:maison(master)$ LANG=C.UTF-8 git annex sync --content -J2 --debug
[2021-08-19 10:39:04.710287879] process [2036863] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","git-annex"]
[2021-08-19 10:39:04.71270528] process [2036863] done ExitSuccess
[2021-08-19 10:39:04.713060458] process [2036864] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","--hash","refs/heads/git-annex"]
[2021-08-19 10:39:04.715240868] process [2036864] done ExitSuccess
[2021-08-19 10:39:04.71580494] process [2036865] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","log","refs/heads/git-annex..0134b426eaca4932d9bcc381bcb2c62609563651","--pretty=%H","-n1"]
[2021-08-19 10:39:04.71856682] process [2036865] done ExitSuccess
[2021-08-19 10:39:04.719607238] process [2036868] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch"]
[2021-08-19 10:39:04.720334517] process [2036869] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch-check=%(objectname) %(objecttype) %(objectsize)"]
[2021-08-19 10:39:04.738790271] process [2036872] call: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","commit","-a","-m","git-annex in anarcat@curie:/srv/video/maison"]
On branch master
nothing to commit, working tree clean
[2021-08-19 10:39:04.770958097] process [2036872] done ExitFailure 1
[2021-08-19 10:39:04.771335463] process [2036893] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","symbolic-ref","-q","HEAD"]
commit ok
[2021-08-19 10:39:04.773190824] process [2036893] done ExitSuccess
[2021-08-19 10:39:04.773504032] process [2036895] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","refs/heads/master"]
[2021-08-19 10:39:04.775743665] process [2036895] done ExitSuccess
[2021-08-19 10:39:04.776052102] process [2036896] call: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","--verify","-q","refs/heads/synced/master"]
[2021-08-19 10:39:04.777934271] process [2036896] done ExitSuccess
[2021-08-19 10:39:04.778257724] process [2036897] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","log","refs/heads/master..refs/heads/synced/master","--pretty=%H","-n1"]
[2021-08-19 10:39:04.781046264] process [2036897] done ExitSuccess
[2021-08-19 10:39:04.781665586] process [2036898] read: ssh ["-o","BatchMode=true","-S",".git/annex/ssh/anarc.at","-o","ControlMaster=auto","-o","ControlPersist=yes","-n","-T","anarc.at","true"]
[2021-08-19 10:39:05.937301502] process [2036898] done ExitSuccess
[2021-08-19 10:39:05.938577543] process [2036926] call: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","fetch","origin"]
[2021-08-19 10:39:06.108005272] process [2036926] done ExitSuccess
[2021-08-19 10:39:06.108743728] process [2036944] call: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","branch","-f","synced/master","refs/heads/master"]
[2021-08-19 10:39:06.113172855] process [2036944] done ExitSuccess
[2021-08-19 10:39:06.113913765] process [2036945] call: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","--verify","-q","refs/remotes/origin/master"]
[2021-08-19 10:39:06.118235086] process [2036945] done ExitSuccess
[2021-08-19 10:39:06.118916295] process [2036946] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","log","refs/heads/master..refs/remotes/origin/master","--pretty=%H","-n1"]
[2021-08-19 10:39:06.124140634] process [2036946] done ExitSuccess
[2021-08-19 10:39:06.124791141] process [2036947] call: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","--verify","-q","refs/remotes/origin/synced/master"]
[2021-08-19 10:39:06.128491407] process [2036947] done ExitSuccess
[2021-08-19 10:39:06.129062268] process [2036948] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","log","refs/heads/synced/master..refs/remotes/origin/synced/master","--pretty=%H","-n1"]
[2021-08-19 10:39:06.134308196] process [2036948] done ExitSuccess
pull origin ok
[2021-08-19 10:39:06.135431262] process [2036949] read: ssh ["-o","BatchMode=true","-S",".git/annex/ssh/anarcat@remote-annex","-o","ControlMaster=auto","-o","ControlPersist=yes","-n","-T","anarcat@remote-annex","true"]
[2021-08-19 10:39:06.5226911] process [2036949] done ExitFailure 1
[2021-08-19 10:39:06.524455991] process [2036956] call: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","fetch","offsite-git"]
git-annex-shell: git-shell failed
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: error in rsync protocol data stream (code 12) at io.c(228) [Receiver=3.2.3]
gcrypt: Repository not found: rsync://anarcat@remote-annex:/home/anarcat/offsite/Videos.git/
gcrypt: ..but repository ID is set. Aborting.
[2021-08-19 10:39:07.057455548] process [2036956] done ExitFailure 128
pull offsite-git ok
[2021-08-19 10:39:07.058197157] process [2037001] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","git-annex"]
[2021-08-19 10:39:07.063254024] process [2037001] done ExitSuccess
[2021-08-19 10:39:07.064018134] process [2037002] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","--hash","refs/heads/git-annex"]
[2021-08-19 10:39:07.069653083] process [2037002] done ExitSuccess
[2021-08-19 10:39:07.07062786] process [2037003] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","log","refs/heads/git-annex..0134b426eaca4932d9bcc381bcb2c62609563651","--pretty=%H","-n1"]
[2021-08-19 10:39:07.076284072] process [2037003] done ExitSuccess
[2021-08-19 10:39:07.077172323] process [2037004] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","ls-files","--stage","-z","--"]
[2021-08-19 10:39:07.078079618] process [2037005] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch-check=%(objectname) %(objecttype) %(objectsize)","--buffer"]
[2021-08-19 10:39:07.078694043] process [2037006] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch=%(objectname) %(objecttype) %(objectsize)","--buffer"]
[2021-08-19 10:39:07.079965189] process [2037007] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch=%(objectname) %(objecttype) %(objectsize)","--buffer"]
[2021-08-19 10:39:07.103420306] process [2037009] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch"]
[2021-08-19 10:39:07.107225054] process [2037010] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch-check=%(objectname) %(objecttype) %(objectsize)"]
[2021-08-19 10:39:07.108049882] process [2037011] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","check-attr","-z","--stdin","annex.backend","annex.largefiles","annex.numcopies","annex.mincopies","--"]
[2021-08-19 10:39:07.110542203] process [2037012] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","check-attr","-z","--stdin","annex.backend","annex.largefiles","annex.numcopies","annex.mincopies","--"]
[2021-08-19 10:39:07.365098056] process [2037013] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch"]
[2021-08-19 10:39:07.365245774] process [2037011] done ExitSuccess
[2021-08-19 10:39:07.365363864] process [2037014] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch"]
[2021-08-19 10:39:07.36572593] process [2037015] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch-check=%(objectname) %(objecttype) %(objectsize)"]
[2021-08-19 10:39:07.36730392] process [2037012] done ExitSuccess
[2021-08-19 10:39:07.367432763] process [2037016] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","check-attr","-z","--stdin","annex.backend","annex.largefiles","annex.numcopies","annex.mincopies","--"]
[2021-08-19 10:39:07.367787144] process [2037007] done ExitSuccess
[2021-08-19 10:39:07.367891318] process [2037017] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch-check=%(objectname) %(objecttype) %(objectsize)"]
[2021-08-19 10:39:07.368118899] process [2037006] done ExitSuccess
[2021-08-19 10:39:07.368213522] process [2037005] done ExitSuccess
[2021-08-19 10:39:07.368287754] process [2037004] done ExitSuccess
[2021-08-19 10:39:07.369558345] process [2037018] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","check-attr","-z","--stdin","annex.backend","annex.largefiles","annex.numcopies","annex.mincopies","--"]
[2021-08-19 10:39:07.370572764] process [2037019] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch"]
[2021-08-19 10:39:07.371432055] process [2037020] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch-check=%(objectname) %(objecttype) %(objectsize)"]
[2021-08-19 10:39:07.374759264] process [2037021] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch"]
[2021-08-19 10:39:07.375304372] process [2037022] chat: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","cat-file","--batch-check=%(objectname) %(objecttype) %(objectsize)"]
[2021-08-19 10:39:07.378100534] process [2037023] call: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","branch","-f","synced/master","refs/heads/master"]
[2021-08-19 10:39:07.380269305] process [2037023] done ExitSuccess
[2021-08-19 10:39:07.380584318] process [2037024] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","symbolic-ref","-q","HEAD"]
[2021-08-19 10:39:07.38084529] process [2037025] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","symbolic-ref","-q","HEAD"]
[2021-08-19 10:39:07.383152906] process [2037025] done ExitSuccess
[2021-08-19 10:39:07.383152909] process [2037024] done ExitSuccess
[2021-08-19 10:39:07.383556344] process [2037026] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","refs/heads/master"]
[2021-08-19 10:39:07.38382986] process [2037027] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","refs/heads/master"]
[2021-08-19 10:39:07.385869655] process [2037026] done ExitSuccess
[2021-08-19 10:39:07.385998224] process [2037027] done ExitSuccess
[2021-08-19 10:39:07.386579545] process [2037028] call: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","--verify","-q","refs/remotes/origin/synced/master"]
[2021-08-19 10:39:07.386748615] process [2037029] call: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","--verify","-q","refs/remotes/offsite-git/synced/master"]
[2021-08-19 10:39:07.388481211] process [2037028] done ExitSuccess
[2021-08-19 10:39:07.388627634] process [2037029] done ExitSuccess
[2021-08-19 10:39:07.389087617] process [2037030] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","log","refs/remotes/origin/synced/master..refs/heads/synced/master","--pretty=%H","-n1"]
[2021-08-19 10:39:07.389447787] process [2037031] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","log","refs/remotes/offsite-git/synced/master..refs/heads/synced/master","--pretty=%H","-n1"]
[2021-08-19 10:39:07.391475061] process [2037030] done ExitSuccess
[2021-08-19 10:39:07.391885609] process [2037032] call: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","--verify","-q","refs/remotes/origin/git-annex"]
[2021-08-19 10:39:07.392072048] process [2037031] done ExitSuccess
[2021-08-19 10:39:07.392422194] process [2037033] call: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","show-ref","--verify","-q","refs/remotes/offsite-git/git-annex"]
[2021-08-19 10:39:07.393853689] process [2037032] done ExitSuccess
[2021-08-19 10:39:07.394223125] process [2037034] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","log","refs/remotes/origin/git-annex..git-annex","--pretty=%H","-n1"]
[2021-08-19 10:39:07.394252126] process [2037033] done ExitSuccess
[2021-08-19 10:39:07.394616572] process [2037035] read: git ["--git-dir=.git","--work-tree=.","--literal-pathspecs","log","refs/remotes/offsite-git/git-annex..git-annex","--pretty=%H","-n1"]
[2021-08-19 10:39:07.396719833] process [2037034] done ExitSuccess
[2021-08-19 10:39:07.396989352] process [2037035] done ExitSuccess
[2021-08-19 10:39:07.397288729] process [2037019] done ExitSuccess
[2021-08-19 10:39:07.397649558] process [2037020] done ExitSuccess
[2021-08-19 10:39:07.397943289] process [2037021] done ExitSuccess
[2021-08-19 10:39:07.398193463] process [2037022] done ExitSuccess
[2021-08-19 10:39:07.398430683] process [2037018] done ExitSuccess
[2021-08-19 10:39:07.398671489] process [2037016] done ExitSuccess
[2021-08-19 10:39:07.399335705] process [2037036] read: ssh ["-O","stop","-S","anarcat@remote-annex","-o","ControlMaster=auto","-o","ControlPersist=yes","localhost"]
[2021-08-19 10:39:07.405590596] process [2037036] done ExitSuccess
[2021-08-19 10:39:07.406058089] process [2037037] read: ssh ["-O","stop","-S","anarc.at","-o","ControlMaster=auto","-o","ControlPersist=yes","localhost"]
[2021-08-19 10:39:07.412095481] process [2037037] done ExitSuccess
# End of transcript or log.
Key part above:
[2021-08-19 10:39:06.135431262] process [2036949] read: ssh ["-o","BatchMode=true","-S",".git/annex/ssh/anarcat@remote-annex","-o","ControlMaster=auto","-o","ControlPersist=yes","-n","-T","anarcat@remote-annex","true"]
[2021-08-19 10:39:06.5226911] process [2036949] done ExitFailure 1
Have you had any luck using git-annex before? (Sometimes we get tired of reading bug reports all day and a lil' positive end note does wonders)
I'm a long time git-annex user (early adopter, even?) and git-annex is generally serving my uses very well, both as a backup and archival system. The encryption features, however, are a bit more obscure than my tolerance level right now. Thankfully, there is the borg I'm thinking of using to replace all this complexity in the future...
-- done, problem was with a configuration in the gcrypt remote sandbox. -- anarcat
git-annex-shell is not supposed to run true. That would be a security hole if it did.
However, what's actually being done here is that git-annex is probing to see if it can ssh without a password prompt. It needs to run some command in the probe, without doing anything, so it uses true. This code was written with the knowledge that a restricted shell might not allow true to be run. It doesn't care if ssh exits 1 in such a situation. The only exit status it cares about is 255, which is what ssh uses if it was unable to ssh to the host due to needing a password.
So, your smoking gun is actually a red herring.
Your actual failure may be here:
That looks like something is set up incorrectly, but I don't really know what. It seems to prevent
git fetchfrom working though, so currently it does not look like a git-annex problem.the problem was that i had a
~/git-shell-commands/rsyncoverriding the rsync command to try to restrict that, since i'm using a gcrypt remote... it was clunky and badly designed and, ultimately, insecure. i replaced it withrrsync /home/anarcat/offsite/but even that is not the best either, as the script says it "assumes someone will not subvert the rsync protocol" which hardly seems reassuring.i also had to change my remotes to follow the "chroot" of sorts:
Running
git fetchby hand convinced me the problem wasn't git-annex related... From there I reread the git-annex-shell and git-shell commands and noticed that bit about the obscuregit-shell-commandsdirectory, and found that jem. I even had an error injournalctl -fthat confirm the problem, something i overlooked as well...so this indeed seems like a problem on my end. sorry for the delay and the noise!