kallithea Changeset - b5b91e854308

Changeset - b5b91e854308

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Thomas De Schampheleire - 6 years ago 2019-07-19 01:12:35
thomas.de_schampheleire@nokia.com

ssh: set a valid locale in the ssh-serve process

In the SSH client configuration, the setting 'SendEnv' could contain variables
like 'LANG', 'LC_ALL', and others. This causes these environment variables
(with their values at the client-side) to be set in the server. However, not
every locale setting valid in the client, is also valid on the server.

This could lead to the error:
'locale.Error: unsupported locale setting'
when 'from mercurial import archival, merge as hg_merge, patch, ui' is
called.

Fix this problem by providing an ini setting 'ssh_locale' that the user can
set correctly, and which will be used to set LC_ALL and LANGUAGE in the
'kallithea-cli ssh-serve' process.

If an environment variable LC_ALL is set, it takes precedence over all other
'LC_xxx' variables, as well as over LANG. So, setting LC_ALL ensures that no
user setting of 'LC_xxx' or 'LANG' could influence ssh-serve badly.

There is one environment variable that might overrule LC_ALL, specifically
for showing messages: 'LANGUAGE'. GNU gettext lets it take precedence over
LC_ALL [1]:
"GNU gettext gives preference to LANGUAGE over LC_ALL and LANG for the
purpose of message handling"

So, also set LANGUAGE to the same value as we set LC_ALL to.

The principle of setting a specific locale in the server process to fix this
error, was first proposed by Dominik Ruf.

[1] https://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html#The-LANGUAGE-variable

3 files changed with 17 insertions and 0 deletions:

development.ini

kallithea/bin/kallithea_cli_ssh.py

kallithea/lib/paster_commands/template.ini.mako

0 comments (0 inline, 0 general)

development.ini

➞

Show inline comments

@@ @@ -229,24 +229,30 @@ allow_custom_hooks_settings = True @@
 ###           SSH CONFIG        ####
 ####################################
 ## SSH is disabled by default, until an Administrator decides to enable it.
 ssh_enabled = false
 ## File where users' SSH keys will be stored *if* ssh_enabled is true.
 #ssh_authorized_keys = /home/kallithea/.ssh/authorized_keys
 ## Path to be used in ssh_authorized_keys file to invoke kallithea-cli with ssh-serve.
 #kallithea_cli_path = /srv/kallithea/venv/bin/kallithea-cli
 ## Locale to be used in the ssh-serve command.
 ## This is needed because an SSH client may try to use its own locale
 ## settings, which may not be available on the server.
 ## See `locale -a` for valid values on this system.
 #ssh_locale = C.UTF-8
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 ## Example: connect to the virtual host 'rabbitmqhost' on localhost as rabbitmq:
 broker.url = amqp://rabbitmq:qewqew@localhost:5672/rabbitmqhost
 celery.imports = kallithea.lib.celerylib.tasks
 celery.accept.content = pickle
 celery.result.backend = amqp

kallithea/bin/kallithea_cli_ssh.py

➞

Show inline comments

@@ @@ -36,24 +36,29 @@ log = logging.getLogger(__name__) @@
 def ssh_serve(user_id, key_id):
     """Serve SSH repository protocol access.
     The trusted command that is invoked from .ssh/authorized_keys to serve SSH
     protocol access. The access will be granted as the specified user ID, and
     logged as using the specified key ID.
     """
     ssh_enabled = kallithea.CONFIG.get('ssh_enabled', False)
     if not str2bool(ssh_enabled):
         sys.stderr.write("SSH access is disabled.\n")
         return sys.exit(1)
     ssh_locale = kallithea.CONFIG.get('ssh_locale')
     if ssh_locale:
         os.environ['LC_ALL'] = ssh_locale # trumps everything, including LANG, except LANGUAGE
         os.environ['LANGUAGE'] = ssh_locale # trumps LC_ALL for GNU gettext message handling
     ssh_original_command = os.environ.get('SSH_ORIGINAL_COMMAND', '')
     connection = re.search('^([\d\.]+)', os.environ.get('SSH_CONNECTION', ''))
     client_ip = connection.group(1) if connection else '0.0.0.0'
     log.debug('ssh-serve was invoked for SSH command %r from %s', ssh_original_command, client_ip)
     if not ssh_original_command:
         if os.environ.get('SSH_CONNECTION'):
             sys.stderr.write("'kallithea-cli ssh-serve' can only provide protocol access over SSH. Interactive SSH login for this user is disabled.\n")
         else:
             sys.stderr.write("'kallithea-cli ssh-serve' cannot be called directly. It must be specified as command in an SSH authorized_keys file.\n")
         return sys.exit(1)

kallithea/lib/paster_commands/template.ini.mako

➞

Show inline comments

@@ @@ -332,24 +332,30 @@ ssh_enabled = false @@
 <%text>## File where users' SSH keys will be stored *if* ssh_enabled is true.</%text>
 #ssh_authorized_keys = /home/kallithea/.ssh/authorized_keys
 %if user_home_path:
 ssh_authorized_keys = ${user_home_path}/.ssh/authorized_keys
 %endif
 <%text>## Path to be used in ssh_authorized_keys file to invoke kallithea-cli with ssh-serve.</%text>
 #kallithea_cli_path = /srv/kallithea/venv/bin/kallithea-cli
 %if kallithea_cli_path:
 kallithea_cli_path = ${kallithea_cli_path}
 %endif
 <%text>## Locale to be used in the ssh-serve command.</%text>
 <%text>## This is needed because an SSH client may try to use its own locale</%text>
 <%text>## settings, which may not be available on the server.</%text>
 <%text>## See `locale -a` for valid values on this system.</%text>
 #ssh_locale = C.UTF-8
 <%text>####################################</%text>
 <%text>###        CELERY CONFIG        ####</%text>
 <%text>####################################</%text>
 use_celery = false
 <%text>## Example: connect to the virtual host 'rabbitmqhost' on localhost as rabbitmq:</%text>
 broker.url = amqp://rabbitmq:qewqew@localhost:5672/rabbitmqhost
 celery.imports = kallithea.lib.celerylib.tasks
 celery.accept.content = pickle
 celery.result.backend = amqp

0 comments (0 inline, 0 general)