github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-11 17:46:29 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Clone new project works, pushing commits fails with internal error #6440

New Issue
Closed
opened 2025-11-02 06:56:01 -06:00 by GiteaMirror · 20 comments
GiteaMirror commented 2025-11-02 06:56:01 -06:00
Owner
Copy Link

Originally created by @LordOfDragons on GitHub (Dec 3, 2020).

  • Gitea version: 1.12.6
  • Git version: 2.26.2
  • Operating system: GenToo (client and server). Apache 2.4.46 .

Gitea runs behind reverse proxy as outlined in https://docs.gitea.io/en-us/reverse-proxies/ .

  • Database: [X] PostgreSQL
  • Can you reproduce the bug at https://try.gitea.io: [X] No
  • Log gist:
    Apache ssl_access.log
192.168.1.20 - - [03/Dec/2020:11:06:47 +0100] "GET /git/dragondreams/lfstest.git/info/refs?service=git-receive-pack HTTP/1.1" 401 -
192.168.1.20 - - [03/Dec/2020:11:06:47 +0100] "GET /git/dragondreams/lfstest.git/info/refs?service=git-receive-pack HTTP/1.1" 200 180
192.168.1.20 - - [03/Dec/2020:11:06:47 +0100] "POST /git/dragondreams/lfstest.git/git-receive-pack HTTP/1.1" 200 130

Gitea.log

2020/12/03 11:08:44 ...dules/setting/log.go:279:newLogService() [I] Gitea Log Mode: File(File:info)
2020/12/03 11:08:44 ...les/setting/cache.go:70:newCacheService() [I] Cache Service Enabled
2020/12/03 11:08:44 ...les/setting/cache.go:81:newCacheService() [I] Last Commit Cache Service Enabled
2020/12/03 11:08:44 ...s/setting/session.go:63:newSessionService() [I] Session Service Enabled
2020/12/03 11:08:44 routers/init.go:63:initDBEngine() [I] Beginning ORM engine initialization.
2020/12/03 11:08:44 routers/init.go:70:initDBEngine() [I] ORM engine initialization attempt #1/10...
2020/12/03 11:08:44 ...rm/session_schema.go:25:Ping() [I] PING DATABASE postgres
2020/12/03 11:08:44 ...rm/session_schema.go:360:Sync2() [W] Table user Column max_repo_creation db default is '-1', struct default is -1
2020/12/03 11:08:44 ...rm/session_schema.go:339:Sync2() [W] Table gpg_key column key_id db type is VARCHAR(16), struct type is CHAR(16)
2020/12/03 11:08:44 ...rm/session_schema.go:339:Sync2() [W] Table gpg_key column primary_key_id db type is VARCHAR(16), struct type is CHAR(16)
2020/12/03 11:08:44 ...rm/session_schema.go:339:Sync2() [W] Table gpg_key_import column key_id db type is VARCHAR(16), struct type is CHAR(16)
2020/12/03 11:08:44 ...rm/session_schema.go:339:Sync2() [W] Table commit_status column context_hash db type is VARCHAR(40), struct type is CHAR(40)
2020/12/03 11:08:44 routers/init.go:133:GlobalInit() [I] ORM engine initialization successful!
2020/12/03 11:08:44 ...er/issues/indexer.go:142:func2() [I] PID 7712: Initializing Issue Indexer: bleve
2020/12/03 11:08:45 ...er/issues/indexer.go:221:func3() [I] Issue Indexer Initialization took 26.767317ms
2020/12/03 11:08:45 ...xer/stats/indexer.go:38:populateRepoIndexer() [I] Populating the repo stats indexer with existing repositories
2020/12/03 11:08:45 ...xer/stats/indexer.go:84:populateRepoIndexer() [I] Done (re)populating the repo stats indexer with existing repositories
2020/12/03 11:08:45 routers/init.go:50:checkRunMode() [I] Run Mode: Development
2020/12/03 11:08:45 cmd/web.go:161:runWeb() [I] Listen: http://127.0.0.1:3000/git
2020/12/03 11:08:45 cmd/web.go:164:runWeb() [I] LFS server enabled
2020/12/03 11:08:45 ...s/graceful/server.go:55:NewServer() [I] Starting new server: tcp:127.0.0.1:3000 on PID: 7712

Gitea.err => empty file

Apache configuration (relevant part):

<VirtualHost *:443>
<Proxy *>
        Require all granted
</Proxy>
AllowEncodedSlashes NoDecode
# Note: no trailing slash after either /git or port
ProxyPass /git http://localhost:3000 nocanon
ProxyPassReverse /git http://localhost:3000
</VirtualHost>

Description

Installed Gitea behind Apache reverse proxy as sub-path on domain. Web interface is running correctly. Created test repository with LFS support. On client checked out repository which is working correctly (using https:// URL). Added two test files and commit. Push is not working. Produces this error:

GIT_TRACE=1 git push
11:08:48.400712 git.c:439               trace: built-in: git push --set-upstream origin master
11:08:48.400908 run-command.c:663       trace: run_command: GIT_DIR=.git git-remote-https origin https://git.rptd.ch/git/dragondreams/lfstest.git
11:08:48.421931 run-command.c:663       trace: run_command: 'git credential-cache --timeout=86400 get'
11:08:48.424046 git.c:703               trace: exec: git-credential-cache --timeout=86400 get
11:08:48.424072 run-command.c:663       trace: run_command: git-credential-cache --timeout=86400 get
11:08:48.478219 run-command.c:663       trace: run_command: 'git credential-cache --timeout=86400 store'
11:08:48.480292 git.c:703               trace: exec: git-credential-cache --timeout=86400 store
11:08:48.480319 run-command.c:663       trace: run_command: git-credential-cache --timeout=86400 store
11:08:48.481597 run-command.c:663       trace: run_command: git send-pack --stateless-rpc --helper-status --thin --progress https://git.rptd.ch/git/dragondreams/lfstest.git/ --stdin
11:08:48.482716 git.c:439               trace: built-in: git send-pack --stateless-rpc --helper-status --thin --progress https://git.rptd.ch/git/dragondreams/lfstest.git/ --stdin
11:08:48.482968 run-command.c:663       trace: run_command: git pack-objects --all-progress-implied --revs --stdout --thin --delta-base-offset --progress
11:08:48.483925 git.c:439               trace: built-in: git pack-objects --all-progress-implied --revs --stdout --thin --delta-base-offset --progress
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Delta compression using up to 8 threads
Compressing objects: 100% (4/4), done.
Writing objects: 100% (4/4), 9.77 KiB | 4.89 MiB/s, done.
Total 4 (delta 0), reused 0 (delta 0), pack-reused 0
remote: fatal: Kein Git-Repository: '.'
error: remote unpack failed: unpack-objects abnormal exit
To https://git.rptd.ch/git/dragondreams/lfstest.git
 ! [remote rejected] master -> master (unpacker error)
error: failed to push some refs to 'https://git.rptd.ch/git/dragondreams/lfstest.git'

Repository is correctly created on server. Apache also correctly forwards the request but Gitea fails to answer it. As mentioned, Web-Access works (so HTTPS forwarding does work) but GIT push does not.

Originally created by @LordOfDragons on GitHub (Dec 3, 2020). - Gitea version: 1.12.6 - Git version: 2.26.2 - Operating system: GenToo (client and server). Apache 2.4.46 . Gitea runs behind reverse proxy as outlined in https://docs.gitea.io/en-us/reverse-proxies/ . - Database: [X] PostgreSQL - Can you reproduce the bug at https://try.gitea.io: [X] No - Log gist: Apache ssl_access.log ``` 192.168.1.20 - - [03/Dec/2020:11:06:47 +0100] "GET /git/dragondreams/lfstest.git/info/refs?service=git-receive-pack HTTP/1.1" 401 - 192.168.1.20 - - [03/Dec/2020:11:06:47 +0100] "GET /git/dragondreams/lfstest.git/info/refs?service=git-receive-pack HTTP/1.1" 200 180 192.168.1.20 - - [03/Dec/2020:11:06:47 +0100] "POST /git/dragondreams/lfstest.git/git-receive-pack HTTP/1.1" 200 130 ``` Gitea.log ``` 2020/12/03 11:08:44 ...dules/setting/log.go:279:newLogService() [I] Gitea Log Mode: File(File:info) 2020/12/03 11:08:44 ...les/setting/cache.go:70:newCacheService() [I] Cache Service Enabled 2020/12/03 11:08:44 ...les/setting/cache.go:81:newCacheService() [I] Last Commit Cache Service Enabled 2020/12/03 11:08:44 ...s/setting/session.go:63:newSessionService() [I] Session Service Enabled 2020/12/03 11:08:44 routers/init.go:63:initDBEngine() [I] Beginning ORM engine initialization. 2020/12/03 11:08:44 routers/init.go:70:initDBEngine() [I] ORM engine initialization attempt #1/10... 2020/12/03 11:08:44 ...rm/session_schema.go:25:Ping() [I] PING DATABASE postgres 2020/12/03 11:08:44 ...rm/session_schema.go:360:Sync2() [W] Table user Column max_repo_creation db default is '-1', struct default is -1 2020/12/03 11:08:44 ...rm/session_schema.go:339:Sync2() [W] Table gpg_key column key_id db type is VARCHAR(16), struct type is CHAR(16) 2020/12/03 11:08:44 ...rm/session_schema.go:339:Sync2() [W] Table gpg_key column primary_key_id db type is VARCHAR(16), struct type is CHAR(16) 2020/12/03 11:08:44 ...rm/session_schema.go:339:Sync2() [W] Table gpg_key_import column key_id db type is VARCHAR(16), struct type is CHAR(16) 2020/12/03 11:08:44 ...rm/session_schema.go:339:Sync2() [W] Table commit_status column context_hash db type is VARCHAR(40), struct type is CHAR(40) 2020/12/03 11:08:44 routers/init.go:133:GlobalInit() [I] ORM engine initialization successful! 2020/12/03 11:08:44 ...er/issues/indexer.go:142:func2() [I] PID 7712: Initializing Issue Indexer: bleve 2020/12/03 11:08:45 ...er/issues/indexer.go:221:func3() [I] Issue Indexer Initialization took 26.767317ms 2020/12/03 11:08:45 ...xer/stats/indexer.go:38:populateRepoIndexer() [I] Populating the repo stats indexer with existing repositories 2020/12/03 11:08:45 ...xer/stats/indexer.go:84:populateRepoIndexer() [I] Done (re)populating the repo stats indexer with existing repositories 2020/12/03 11:08:45 routers/init.go:50:checkRunMode() [I] Run Mode: Development 2020/12/03 11:08:45 cmd/web.go:161:runWeb() [I] Listen: http://127.0.0.1:3000/git 2020/12/03 11:08:45 cmd/web.go:164:runWeb() [I] LFS server enabled 2020/12/03 11:08:45 ...s/graceful/server.go:55:NewServer() [I] Starting new server: tcp:127.0.0.1:3000 on PID: 7712 ``` Gitea.err => empty file Apache configuration (relevant part): ``` <VirtualHost *:443> <Proxy *> Require all granted </Proxy> AllowEncodedSlashes NoDecode # Note: no trailing slash after either /git or port ProxyPass /git http://localhost:3000 nocanon ProxyPassReverse /git http://localhost:3000 </VirtualHost> ``` ## Description Installed Gitea behind Apache reverse proxy as sub-path on domain. Web interface is running correctly. Created test repository with LFS support. On client checked out repository which is working correctly (using https:// URL). Added two test files and commit. Push is not working. Produces this error: ``` GIT_TRACE=1 git push 11:08:48.400712 git.c:439 trace: built-in: git push --set-upstream origin master 11:08:48.400908 run-command.c:663 trace: run_command: GIT_DIR=.git git-remote-https origin https://git.rptd.ch/git/dragondreams/lfstest.git 11:08:48.421931 run-command.c:663 trace: run_command: 'git credential-cache --timeout=86400 get' 11:08:48.424046 git.c:703 trace: exec: git-credential-cache --timeout=86400 get 11:08:48.424072 run-command.c:663 trace: run_command: git-credential-cache --timeout=86400 get 11:08:48.478219 run-command.c:663 trace: run_command: 'git credential-cache --timeout=86400 store' 11:08:48.480292 git.c:703 trace: exec: git-credential-cache --timeout=86400 store 11:08:48.480319 run-command.c:663 trace: run_command: git-credential-cache --timeout=86400 store 11:08:48.481597 run-command.c:663 trace: run_command: git send-pack --stateless-rpc --helper-status --thin --progress https://git.rptd.ch/git/dragondreams/lfstest.git/ --stdin 11:08:48.482716 git.c:439 trace: built-in: git send-pack --stateless-rpc --helper-status --thin --progress https://git.rptd.ch/git/dragondreams/lfstest.git/ --stdin 11:08:48.482968 run-command.c:663 trace: run_command: git pack-objects --all-progress-implied --revs --stdout --thin --delta-base-offset --progress 11:08:48.483925 git.c:439 trace: built-in: git pack-objects --all-progress-implied --revs --stdout --thin --delta-base-offset --progress Enumerating objects: 4, done. Counting objects: 100% (4/4), done. Delta compression using up to 8 threads Compressing objects: 100% (4/4), done. Writing objects: 100% (4/4), 9.77 KiB | 4.89 MiB/s, done. Total 4 (delta 0), reused 0 (delta 0), pack-reused 0 remote: fatal: Kein Git-Repository: '.' error: remote unpack failed: unpack-objects abnormal exit To https://git.rptd.ch/git/dragondreams/lfstest.git ! [remote rejected] master -> master (unpacker error) error: failed to push some refs to 'https://git.rptd.ch/git/dragondreams/lfstest.git' ``` Repository is correctly created on server. Apache also correctly forwards the request but Gitea fails to answer it. As mentioned, Web-Access works (so HTTPS forwarding does work) but GIT push does not.
GiteaMirror added the issue/needs-feedback label 2025-11-02 06:56:01 -06:00
GiteaMirror commented 2025-11-02 06:56:02 -06:00
Author
Owner
Copy Link

@LordOfDragons commented on GitHub (Dec 8, 2020):

Also here the directory listing of the repository created by Gitea:

root@server:/var/lib/gitea/gitea-repositories/dragondreams/lfstest.git> dir -l
insgesamt 32
-rw-r--r-- 1 root git   66  3. Dec 02:33 config
-rw-r--r-- 1 root git   73  3. Dec 02:33 description
-rw-r--r-- 1 root git   23  3. Dec 02:33 HEAD
drwxr-xr-x 5 root git 4096  6. Dec 11:08 hooks
drwxr-xr-x 2 root git 4096  6. Dec 11:08 info
drwxr-xr-x 4 root git 4096  8. Dec 13:34 objects
-rw-r--r-- 1 root git   46  6. Dec 11:08 packed-refs
drwxr-xr-x 4 root git 4096  3. Dec 02:33 refs

As you can see "git-receive-pack" as requested by the git client is not present in this directory. Does Gitea fail to create this file?

@LordOfDragons commented on GitHub (Dec 8, 2020): Also here the directory listing of the repository created by Gitea: ``` root@server:/var/lib/gitea/gitea-repositories/dragondreams/lfstest.git> dir -l insgesamt 32 -rw-r--r-- 1 root git 66 3. Dec 02:33 config -rw-r--r-- 1 root git 73 3. Dec 02:33 description -rw-r--r-- 1 root git 23 3. Dec 02:33 HEAD drwxr-xr-x 5 root git 4096 6. Dec 11:08 hooks drwxr-xr-x 2 root git 4096 6. Dec 11:08 info drwxr-xr-x 4 root git 4096 8. Dec 13:34 objects -rw-r--r-- 1 root git 46 6. Dec 11:08 packed-refs drwxr-xr-x 4 root git 4096 3. Dec 02:33 refs ``` As you can see "git-receive-pack" as requested by the git client is not present in this directory. Does Gitea fail to create this file?
GiteaMirror commented 2025-11-02 06:56:02 -06:00
Author
Owner
Copy Link

@LordOfDragons commented on GitHub (Dec 8, 2020):

I also tried using the SSH protocol instead of HTTPS and the result is the same. Something is not working on the Gitea side but I'm out of ideas what.

@LordOfDragons commented on GitHub (Dec 8, 2020): I also tried using the SSH protocol instead of HTTPS and the result is the same. Something is not working on the Gitea side but I'm out of ideas what.
GiteaMirror commented 2025-11-02 06:56:03 -06:00
Author
Owner
Copy Link

@LordOfDragons commented on GitHub (Dec 9, 2020):

I've tried now to clone the repository directly on the server using direct access to Gitea without going through Apache reverse proxy. The result is the same:

01:21:44.954733 git.c:439               trace: built-in: git push
01:21:44.954908 run-command.c:663       trace: run_command: GIT_DIR=.git git-remote-http origin http://localhost:3000/dragondreams/lfstest.git
Username for 'http://localhost:3000': XXX
Password for 'http://XXX@localhost:3000': XXX
01:21:51.279304 run-command.c:663       trace: run_command: git send-pack --stateless-rpc --helper-status --thin --progress http://localhost:3000/dragondreams/lfstest.git/ --stdin
01:21:51.280148 git.c:439               trace: built-in: git send-pack --stateless-rpc --helper-status --thin --progress http://localhost:3000/dragondreams/lfstest.git/ --stdin
01:21:51.280328 run-command.c:663       trace: run_command: git pack-objects --all-progress-implied --revs --stdout --thin --delta-base-offset --progress
01:21:51.280958 git.c:439               trace: built-in: git pack-objects --all-progress-implied --revs --stdout --thin --delta-base-offset --progress
Objekte aufzählen: 3, Fertig.
Zähle Objekte: 100% (3/3), Fertig.
Schreibe Objekte: 100% (3/3), 206 Bytes | 206.00 KiB/s, Fertig.
Gesamt 3 (Delta 0), Wiederverwendet 0 (Delta 0), Pack wiederverwendet 0
remote: fatal: Kein Git-Repository: '.'
error: Entpacken auf der Gegenseite fehlgeschlagen: unpack-objects abnormal exit
To http://localhost:3000/dragondreams/lfstest.git
 ! [remote rejected] master -> master (unpacker error)
error: Fehler beim Versenden einiger Referenzen nach 'http://localhost:3000/dragondreams/lfstest.git'

The gitea.log file contains nothing. Something inside Gite is going horribly wrong. Especially without any logs I get nowhere.

@LordOfDragons commented on GitHub (Dec 9, 2020): I've tried now to clone the repository directly on the server using direct access to Gitea without going through Apache reverse proxy. The result is the same: ``` 01:21:44.954733 git.c:439 trace: built-in: git push 01:21:44.954908 run-command.c:663 trace: run_command: GIT_DIR=.git git-remote-http origin http://localhost:3000/dragondreams/lfstest.git Username for 'http://localhost:3000': XXX Password for 'http://XXX@localhost:3000': XXX 01:21:51.279304 run-command.c:663 trace: run_command: git send-pack --stateless-rpc --helper-status --thin --progress http://localhost:3000/dragondreams/lfstest.git/ --stdin 01:21:51.280148 git.c:439 trace: built-in: git send-pack --stateless-rpc --helper-status --thin --progress http://localhost:3000/dragondreams/lfstest.git/ --stdin 01:21:51.280328 run-command.c:663 trace: run_command: git pack-objects --all-progress-implied --revs --stdout --thin --delta-base-offset --progress 01:21:51.280958 git.c:439 trace: built-in: git pack-objects --all-progress-implied --revs --stdout --thin --delta-base-offset --progress Objekte aufzählen: 3, Fertig. Zähle Objekte: 100% (3/3), Fertig. Schreibe Objekte: 100% (3/3), 206 Bytes | 206.00 KiB/s, Fertig. Gesamt 3 (Delta 0), Wiederverwendet 0 (Delta 0), Pack wiederverwendet 0 remote: fatal: Kein Git-Repository: '.' error: Entpacken auf der Gegenseite fehlgeschlagen: unpack-objects abnormal exit To http://localhost:3000/dragondreams/lfstest.git ! [remote rejected] master -> master (unpacker error) error: Fehler beim Versenden einiger Referenzen nach 'http://localhost:3000/dragondreams/lfstest.git' ``` The gitea.log file contains nothing. Something inside Gite is going horribly wrong. Especially without any logs I get nowhere.
GiteaMirror commented 2025-11-02 06:56:03 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Dec 9, 2020):

I see that the repo name is lfstest are you pushing any LFS files as well?
Are you able to upgrade to latest stable version of Gitea (1.13.0)?
Did you initialize the repo via Gitea web interface, or is the repo initialized via your local computer?
Can you create another test repo to see if you can replicate there (as it could be that there is an issue with git hooks with your first repo)?

@techknowlogick commented on GitHub (Dec 9, 2020): I see that the repo name is `lfstest` are you pushing any LFS files as well? Are you able to upgrade to latest stable version of Gitea (1.13.0)? Did you initialize the repo via Gitea web interface, or is the repo initialized via your local computer? Can you create another test repo to see if you can replicate there (as it could be that there is an issue with git hooks with your first repo)?
GiteaMirror commented 2025-11-02 06:56:03 -06:00
Author
Owner
Copy Link

@LordOfDragons commented on GitHub (Dec 9, 2020):

  1. I plan to test pushing LFS files but the initial test has been about getting GIT repository working using a regular file commit
  2. About upgrading I don't know: https://packages.gentoo.org/packages/www-apps/gitea . Version is 1.12.6 . 9999 gives GIT master.
  3. Init using the web interface is not working. See below
    3b) I tried now cloning the repo, calling "git init", commit a file and pushing. Still failing with the same error.
  4. Yes, it happens with any repository I tried creating.

Web Interface Git Init Problem

Results in the following error:

An error has occurred:

initRepository: prepareRepoCommit: git clone: exit status 128 - Cloning into '/tmp/gitea-testrepo981834641'...
fatal: unable to access '/tmp/gitea-testrepo981834641/.git/config': Permission denied

Gitea Version: 1.12.6

A directory "gitea-testrepo981834641" does not exist in /tmp . /tmp is owned root:root with permission drwxrwxrwt. Maybe Gitea does not use a correct way to access tmp-files? Can this path be specified to avoid problems?

EDIT: gitea.log contains something for the first time

2020/12/09 10:05:02 ...s/repository/init.go:43:prepareRepoCommit() [E] Failed to clone from &{5 1 dragonlord 0xc000374280 testrepo testrepo   0   0 0 0 0 0 0 0 0 0 0 0 0 true false false false <nil> 0 map[] map[] [] <nil> false 0 <nil> false 0 <nil> 0 <nil> <nil> true false []  0 0} into /tmp/gitea-testrepo981834641: stdout: 
        Error: exit status 128 - Cloning into '/tmp/gitea-testrepo981834641'...
        fatal: unable to access '/tmp/gitea-testrepo981834641/.git/config': Permission denied
        
2020/12/09 10:05:02 ...sitory/repository.go:23:CreateRepository() [E] Rollback deleteRepository: repository does not exist [id: 5, uid: 1, owner_name: , name: ]
2020/12/09 10:05:02 routers/repo/repo.go:176:handleCreateError() [E] CreatePost: initRepository: prepareRepoCommit: git clone: exit status 128 - Cloning into '/tmp/gitea-testrepo981834641'...
        fatal: unable to access '/tmp/gitea-testrepo981834641/.git/config': Permission denied

EDIT EDIT: I don't know if this has an influence on /tmp but I'm running a hardened kernel on the server.

EDIT EDIT EDIT: I cloned the git repo as regular user into /tmp which is working. Gitea has to do something wrong to get permission denied where I as regular user do not get it.

EDIT EDIT EDIT EDIT: I sudo-ed into the "git" user, which is what Gitea is running as and did the same cloing into /tmp as in the editor above. This is working so it is not a user permission problem but has to be a coding problem somehow.

@LordOfDragons commented on GitHub (Dec 9, 2020): 1) I plan to test pushing LFS files but the initial test has been about getting GIT repository working using a regular file commit 2) About upgrading I don't know: https://packages.gentoo.org/packages/www-apps/gitea . Version is 1.12.6 . 9999 gives GIT master. 3) Init using the web interface is not working. See below 3b) I tried now cloning the repo, calling "git init", commit a file and pushing. Still failing with the same error. 4) Yes, it happens with any repository I tried creating. ### Web Interface Git Init Problem Results in the following error: ``` An error has occurred: initRepository: prepareRepoCommit: git clone: exit status 128 - Cloning into '/tmp/gitea-testrepo981834641'... fatal: unable to access '/tmp/gitea-testrepo981834641/.git/config': Permission denied Gitea Version: 1.12.6 ``` A directory "gitea-testrepo981834641" does not exist in /tmp . /tmp is owned root:root with permission drwxrwxrwt. Maybe Gitea does not use a correct way to access tmp-files? Can this path be specified to avoid problems? EDIT: gitea.log contains something for the first time ``` 2020/12/09 10:05:02 ...s/repository/init.go:43:prepareRepoCommit() [E] Failed to clone from &{5 1 dragonlord 0xc000374280 testrepo testrepo 0 0 0 0 0 0 0 0 0 0 0 0 0 true false false false <nil> 0 map[] map[] [] <nil> false 0 <nil> false 0 <nil> 0 <nil> <nil> true false [] 0 0} into /tmp/gitea-testrepo981834641: stdout: Error: exit status 128 - Cloning into '/tmp/gitea-testrepo981834641'... fatal: unable to access '/tmp/gitea-testrepo981834641/.git/config': Permission denied 2020/12/09 10:05:02 ...sitory/repository.go:23:CreateRepository() [E] Rollback deleteRepository: repository does not exist [id: 5, uid: 1, owner_name: , name: ] 2020/12/09 10:05:02 routers/repo/repo.go:176:handleCreateError() [E] CreatePost: initRepository: prepareRepoCommit: git clone: exit status 128 - Cloning into '/tmp/gitea-testrepo981834641'... fatal: unable to access '/tmp/gitea-testrepo981834641/.git/config': Permission denied ``` EDIT EDIT: I don't know if this has an influence on /tmp but I'm running a hardened kernel on the server. EDIT EDIT EDIT: I cloned the git repo as regular user into /tmp which is working. Gitea has to do something wrong to get permission denied where I as regular user do not get it. EDIT EDIT EDIT EDIT: I sudo-ed into the "git" user, which is what Gitea is running as and did the same cloing into /tmp as in the editor above. This is working so it is not a user permission problem but has to be a coding problem somehow.
GiteaMirror commented 2025-11-02 06:56:03 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Dec 9, 2020):

@LordOfDragons Is it work to just push to Gitea server but not with Apache so that we can know if it's a problem related apache configuration or Gitea itself.

Gitea should be run in user git so if it visit a path root owned, it may return permission denied.

@lunny commented on GitHub (Dec 9, 2020): @LordOfDragons Is it work to just push to Gitea server but not with Apache so that we can know if it's a problem related apache configuration or Gitea itself. Gitea should be run in user git so if it visit a path root owned, it may return permission denied.
GiteaMirror commented 2025-11-02 06:56:03 -06:00
Author
Owner
Copy Link

@LordOfDragons commented on GitHub (Dec 9, 2020):

@lunny As mentioned above I also tried on the server itself going directly to localhost:3000 but the result is the same. Under Gentoo Gitea runs as user git as far as I can see. I tried accessing /tmp using the git user and this works so it should not be a permission problem pertinent to the user.

To be on the safe side I tried right now cloning from localhost:3000 using git user into /tmp . This works. when I go into "lfstest" directory and call "git init" it tells me it "re-initialized" the repository.

@LordOfDragons commented on GitHub (Dec 9, 2020): @lunny As mentioned above I also tried on the server itself going directly to localhost:3000 but the result is the same. Under Gentoo Gitea runs as user git as far as I can see. I tried accessing /tmp using the git user and this works so it should not be a permission problem pertinent to the user. To be on the safe side I tried right now cloning from localhost:3000 using git user into /tmp . This works. when I go into "lfstest" directory and call "git init" it tells me it "re-initialized" the repository.
GiteaMirror commented 2025-11-02 06:56:04 -06:00
Author
Owner
Copy Link

@LordOfDragons commented on GitHub (Dec 16, 2020):

Any news on the issue? This issues is a hard road block to use Gitea.

@LordOfDragons commented on GitHub (Dec 16, 2020): Any news on the issue? This issues is a hard road block to use Gitea.
GiteaMirror commented 2025-11-02 06:56:04 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Dec 16, 2020):

From the log it's obvious that it's a folder permission problem about /tmp. what's the file mode of /tmp ?

@lunny commented on GitHub (Dec 16, 2020): From the log it's obvious that it's a folder permission problem about /tmp. what's the file mode of /tmp ?
GiteaMirror commented 2025-11-02 06:56:04 -06:00
Author
Owner
Copy Link

@LordOfDragons commented on GitHub (Dec 16, 2020):

Output from "ls -a /tmp".

drwxrwxrwt 71 root    root     458752 16. Dec 18:19 .

As mentioned above if I su into "git" user I can clone git into "/tmp" and call "git init" without problem. So it can not be a permission problem on "/tmp".

@LordOfDragons commented on GitHub (Dec 16, 2020): Output from "ls -a /tmp". ``` drwxrwxrwt 71 root root 458752 16. Dec 18:19 . ``` As mentioned above if I su into "git" user I can clone git into "/tmp" and call "git init" without problem. So it can not be a permission problem on "/tmp".
GiteaMirror commented 2025-11-02 06:56:04 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Dec 17, 2020):

@LordOfDragons Could you try to open /tmp/gitea-testrepo981834641/.git/config and check the file/dir mode when the error is reproducing?

@lunny commented on GitHub (Dec 17, 2020): @LordOfDragons Could you try to open `/tmp/gitea-testrepo981834641/.git/config` and check the file/dir mode when the error is reproducing?
GiteaMirror commented 2025-11-02 06:56:05 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Dec 17, 2020):

As mentioned above if I su into "git" user I can clone git into "/tmp" and call "git init" without problem. So it can not be a permission problem on "/tmp".

That's not true.

Just because an interactive user can sudo as another user from a shell and run things from that sudo'd shell fine does not mean that the gitea process is able to.

You do not say how you are running gitea - but from what you are saying I do not believe that you are running it from an interactive user's shell, (and you shouldn't have to.)

Check your privileges.

I cannot be more explicit as to how to go about that because privilege granting and mapping is somewhat black magic and I find them poorly documented in general, but I would not be surprised if you setup was such that child processes might not be allowed access to tmp from other processes or something like that.

Consider running Gitea with a different environment set TMPDIR which may not have the same permissions/privilege protection.

@zeripath commented on GitHub (Dec 17, 2020): > As mentioned above if I su into "git" user I can clone git into "/tmp" and call "git init" without problem. So it can not be a permission problem on "/tmp". That's not true. Just because an interactive user can sudo as another user from a shell and run things from that sudo'd shell fine does not mean that the gitea process is able to. You do not say how you are running gitea - but from what you are saying I do not believe that you are running it from an interactive user's shell, (and you shouldn't have to.) Check your privileges. I cannot be more explicit as to how to go about that because privilege granting and mapping is somewhat black magic and I find them poorly documented in general, but I would not be surprised if you setup was such that child processes might not be allowed access to tmp from other processes or something like that. Consider running Gitea with a different environment set TMPDIR which may not have the same permissions/privilege protection.
GiteaMirror commented 2025-11-02 06:56:05 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Dec 17, 2020):

For an example of another unique situation that was caused by a hardened system see #9792

In that case the systemd capabilities and privileges were set up in such a way that if a service or process asked to do something they were not allowed to, instead of receiving an EPERM - they would simply die.

Let me just demonstrate how appalling and impossible to debug that could be - a process that just wants to check if stdin is a tty in order to see if they're running in an interactive manner, would, if they didn't have permission to read the tty just die. That means that calls to cat just died - immediately and without any information being returned.

No-one could figure out what was happening - it was like files just didn't exist. Who would ever consider that cat would fail.

@zeripath commented on GitHub (Dec 17, 2020): For an example of another unique situation that was caused by a hardened system see #9792 In that case the systemd capabilities and privileges were set up in such a way that if a service or process asked to do something they were not allowed to, instead of receiving an EPERM - they would simply die. Let me just demonstrate how appalling and impossible to debug that could be - a process that just wants to check if stdin is a tty in order to see if they're running in an interactive manner, would, if they didn't have permission to read the tty just die. That means that calls to `cat` just died - immediately and without any information being returned. No-one could figure out what was happening - it was like files just didn't exist. Who would ever consider that `cat` would fail.
GiteaMirror commented 2025-11-02 06:56:05 -06:00
Author
Owner
Copy Link

@LordOfDragons commented on GitHub (Dec 17, 2020):

@LordOfDragons Could you try to open /tmp/gitea-testrepo981834641/.git/config and check the file/dir mode when the error is reproducing?

I tried it and the directory named in the 500 error page ( /tmp/gitea-testrepo981834641/.git/config ) does not exist. Hence the directory itself can not be created.

@LordOfDragons commented on GitHub (Dec 17, 2020): > @LordOfDragons Could you try to open `/tmp/gitea-testrepo981834641/.git/config` and check the file/dir mode when the error is reproducing? I tried it and the directory named in the 500 error page ( /tmp/gitea-testrepo981834641/.git/config ) does not exist. Hence the directory itself can not be created.
GiteaMirror commented 2025-11-02 06:56:05 -06:00
Author
Owner
Copy Link

@LordOfDragons commented on GitHub (Dec 17, 2020):

As mentioned above if I su into "git" user I can clone git into "/tmp" and call "git init" without problem. So it can not be a permission problem on "/tmp".

That's not true.

Just because an interactive user can sudo as another user from a shell and run things from that sudo'd shell fine does not mean that the gitea process is able to.

You do not say how you are running gitea - but from what you are saying I do not believe that you are running it from an interactive user's shell, (and you shouldn't have to.)

Check your privileges.

I cannot be more explicit as to how to go about that because privilege granting and mapping is somewhat black magic and I find them poorly documented in general, but I would not be surprised if you setup was such that child processes might not be allowed access to tmp from other processes or something like that.

Consider running Gitea with a different environment set TMPDIR which may not have the same permissions/privilege protection.

I said "su" not "sudo". Not quite the same but I get your concern there. Personally I have no objection against making gittea use a different tmp directory but this init problem here is not the initial problem why I created the issue in the first place. The initial problem is that gittea did allow clone but not push to a directory owned by the same user gittea is running as.

That said I did another check to verify something. The running process is listed like this:

/usr/bin/gitea web --config /etc/gitea/app.ini

The app.ini states to use RUN_USER=git . So far this is fine. I have though noticed something which I missed so far. This is the permission listing of the git repository directory:

dir -l /var/lib/gitea/gitea-repositories
drwxr-xr-x 3 root git 4096  3. Dec 02:33 dragondreams

This is actually quite interesting. This combination of user/group/permission is strange. It means Gittea web interface somehow managed to create a repository directory with permission 755 with root:git . Actually the entire directories and files underneath do not have group write permission.

What exactly is going wrong here? Does Gittea assign the wrong permissions (maybe wrong umask)? Did Gitea not properly drop priviledges to access the file system?

Knowing a bit more on how Gittea creates repositories could help figure out the appropriate cure for this. I don't want to just chown around in the repositories just to have Gitea ending up the wrong way the next time something is commited.

@LordOfDragons commented on GitHub (Dec 17, 2020): > > As mentioned above if I su into "git" user I can clone git into "/tmp" and call "git init" without problem. So it can not be a permission problem on "/tmp". > > That's not true. > > Just because an interactive user can sudo as another user from a shell and run things from that sudo'd shell fine does not mean that the gitea process is able to. > > You do not say how you are running gitea - but from what you are saying I do not believe that you are running it from an interactive user's shell, (and you shouldn't have to.) > > Check your privileges. > > I cannot be more explicit as to how to go about that because privilege granting and mapping is somewhat black magic and I find them poorly documented in general, but I would not be surprised if you setup was such that child processes might not be allowed access to tmp from other processes or something like that. > > Consider running Gitea with a different environment set TMPDIR which may not have the same permissions/privilege protection. I said "su" not "sudo". Not quite the same but I get your concern there. Personally I have no objection against making gittea use a different tmp directory but this init problem here is not the initial problem why I created the issue in the first place. The initial problem is that gittea did allow clone but not push to a directory owned by the same user gittea is running as. That said I did another check to verify something. The running process is listed like this: ``` /usr/bin/gitea web --config /etc/gitea/app.ini ``` The app.ini states to use RUN_USER=git . So far this is fine. I have though noticed something which I missed so far. This is the permission listing of the git repository directory: ``` dir -l /var/lib/gitea/gitea-repositories drwxr-xr-x 3 root git 4096 3. Dec 02:33 dragondreams ``` This is actually quite interesting. This combination of user/group/permission is strange. It means Gittea web interface somehow managed to create a repository directory with permission 755 with root:git . Actually the entire directories and files underneath do not have group write permission. What exactly is going wrong here? Does Gittea assign the wrong permissions (maybe wrong umask)? Did Gitea not properly drop priviledges to access the file system? Knowing a bit more on how Gittea creates repositories could help figure out the appropriate cure for this. I don't want to just chown around in the repositories just to have Gitea ending up the wrong way the next time something is commited.
GiteaMirror commented 2025-11-02 06:56:06 -06:00
Author
Owner
Copy Link

@LordOfDragons commented on GitHub (Dec 17, 2020):

This is the init script running gitea. I see nothing wrong here:

#!/sbin/openrc-run
# Copyright 2016-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

description="Gitea, a self-hosted Git service"

: ${GITEA_CONF:=/etc/gitea/app.ini}
: ${GITEA_USER:=git}
: ${GITEA_GROUP:=git}
: ${GITEA_WORK_DIR:=/var/lib/gitea}
: ${GITEA_CUSTOM:=${GITEA_WORK_DIR}/custom}

command="/usr/bin/gitea web"
command_args="--config ${GITEA_CONF}"
command_background="true"
command_user="${GITEA_USER}:${GITEA_GROUP}"
error_log="/var/log/${RC_SVCNAME}/${RC_SVCNAME}.err"
pidfile="/run/${RC_SVCNAME}.pid"
required_files="${GITEA_CONF}"
start_stop_daemon_args="-d ${GITEA_WORK_DIR}"
start_stop_daemon_args="${start_stop_daemon_args} -e GITEA_WORK_DIR=${GITEA_WORK_DIR}"
start_stop_daemon_args="${start_stop_daemon_args} -e GITEA_CUSTOM=${GITEA_CUSTOM}"
@LordOfDragons commented on GitHub (Dec 17, 2020): This is the init script running gitea. I see nothing wrong here: ``` #!/sbin/openrc-run # Copyright 2016-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 description="Gitea, a self-hosted Git service" : ${GITEA_CONF:=/etc/gitea/app.ini} : ${GITEA_USER:=git} : ${GITEA_GROUP:=git} : ${GITEA_WORK_DIR:=/var/lib/gitea} : ${GITEA_CUSTOM:=${GITEA_WORK_DIR}/custom} command="/usr/bin/gitea web" command_args="--config ${GITEA_CONF}" command_background="true" command_user="${GITEA_USER}:${GITEA_GROUP}" error_log="/var/log/${RC_SVCNAME}/${RC_SVCNAME}.err" pidfile="/run/${RC_SVCNAME}.pid" required_files="${GITEA_CONF}" start_stop_daemon_args="-d ${GITEA_WORK_DIR}" start_stop_daemon_args="${start_stop_daemon_args} -e GITEA_WORK_DIR=${GITEA_WORK_DIR}" start_stop_daemon_args="${start_stop_daemon_args} -e GITEA_CUSTOM=${GITEA_CUSTOM}" ```
GiteaMirror commented 2025-11-02 06:56:06 -06:00
Author
Owner
Copy Link

@LordOfDragons commented on GitHub (Dec 17, 2020):

I've found the following bug report: https://bugs.gentoo.org/750218

The finding in this bug report is that Gitea is installed owned by "root" with the suid flag set. It is questioned why this is the case and if it is intended or not. I'll try the mentioned fix to see if I get past my problems.

@LordOfDragons commented on GitHub (Dec 17, 2020): I've found the following bug report: https://bugs.gentoo.org/750218 The finding in this bug report is that Gitea is installed owned by "root" with the suid flag set. It is questioned why this is the case and if it is intended or not. I'll try the mentioned fix to see if I get past my problems.
GiteaMirror commented 2025-11-02 06:56:06 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Dec 17, 2020):

ugh. Gitea should not need SUID.

@zeripath commented on GitHub (Dec 17, 2020): ugh. Gitea should not need SUID.
GiteaMirror commented 2025-11-02 06:56:06 -06:00
Author
Owner
Copy Link

@LordOfDragons commented on GitHub (Dec 17, 2020):

The fix from the bug report helps with both issues. Pushing is now working and creating a new repository with initial init is also working now.

So the problem is the wrong user and suid on installing gitea.

@LordOfDragons commented on GitHub (Dec 17, 2020): The fix from the bug report helps with both issues. Pushing is now working and creating a new repository with initial init is also working now. So the problem is the wrong user and suid on installing gitea.
GiteaMirror commented 2025-11-02 06:56:07 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Dec 17, 2020):

OK looks like we can close this issue.

@zeripath commented on GitHub (Dec 17, 2020): OK looks like we can close this issue.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/needs-feedback
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#6440
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?