I'm currently trying to write an internal application to be able to deploy our projects to acceptance and production servers with a single click.
We are using phing to accomplish this.
At the moment I'm having difficulty checking out (or doing an svn export) the project. I use the following command:
<exec command="svn checkout ${svn.host} ${svn.exportdir} --force --username server --password <password>" />
on a normal command line this works perfectly, however i get prompted to accept a certificate because the host uses https. Problem is there seems to be no parameter to automatically accept a certificate.
the --trust-server-cert doesn't help either, becase the certificate is rejected due to a hostname mismatch, where the parameter only bypasses a "CA is unknown"-error.
Any ideas on how I can check out (or export, update, ...) the project?
Do a wget on the svn servers HTTPS adress and accept the certificate permanently.
$ wget https://svn.mydomain.com/repos
And then press p to accept the cert.
I also added some hints to the PHP documentation about the problems with certificates:
Simply call
svn checkout https://svn.mydomain.com/repos --force --username server --password iMPs+nana0kIF
on your command line and accept the cert.
There could be still a problem when the user which executes the Phing command is not root, then you have to execute this command as the user which runs the Phing command:
su wwwrun wget https://...
su wwwrun svn checkout https://...
Just do one manual checkout as the user that will be running phing. You can checkout to /dev/null if you want to. Once you have accepted the certificate, it will stay accepted (if that user has a .subversion directory to store it).
By the way, any specific reason why you are using the svn commandline interface through and ExecTask instead of just using the SvnCheckoutTask directly?
Related
I am using a VM (homestead/laravel) to try to create a templated repository.
However although it all seemingly works fine but when it gets to pushing it never seems to recognize the remote.
fatal: No such remote 'origin'
fatal: 'origin' does not appear to be a git repository
fatal: Could not read from remote repository.
The above are the 2 errors I typically get.
I have tried a few commands to set the remote.
git remote add origin https:://url.git - does not add the remote (checked git config)
git remote set-url origin https:://url.git - does not add the remote (checked git config)
git config remote.origin.url https:://url.git - sets url, but still does not work.
These are private repos, and I am using https with the user:pass to handle it since I cannot easily manage ssh keys with this setup (in other words I am forced to use HTTPS in this way).
After trying the commands through php I navigate to the directory in ssh and run the push. Works fine (if I use the third option above). I have used exec and https://github.com/kbjr/Git.php but both end up having the same issue.
Git version is: 2.7.2
PHP version is: 7.1.0
The only thought I have is that technically there is a git repo above the one generated. I am creating the repo in a temp folder in laravel and then generating the "template" before pushing it to a repo I create during the process (github api). Once its all done I delete it locally. However I don't see any errors that could be related to problems caused by "a repo under a repo"
Figured it out.
Ends up if you create a repo using the github API it does not actually create the repository before giving back the success response. So you need to force the script to wait before the push. In this case forcing it to wait 5 seconds (sleep(5);) seems to have resolved it.
My company have a cloud dedicated server, hosted in google cloud, running centos 7 with apache2, php5.5 and mariadb running.
The webserver is running a private application for business clients and companys. Every client has his own database and subdomain, so they, and their own clients can access his applicacion going to http://theirname.example.net/
I've created an interactive command line script for client creation. It creates user and secure password, ftp custom folder, create mysqldatabase and populate it with a sql file, create subdomains and other thing. Also i've made another version of this script with no user interaction, receiving parameters as the client name via command line arguments ( /path-to/script.sh usertocreate mysqluser mysql pass).
So, here is the deal, i want to create a web interface, password protected, just available for my company IP address, this interface should be able to run these SH scripts (not the interactive ones) with sudo permissions.
I was thinking on create a subserver in other port (like http://example.org:2501) using another instance of apache (or other webserver) which runs with a specified user with sudo permissions enables only in the neccesary folders.
Before doing anything, i've created a PHP script which runs commands to console, and tried to run SUDO commands with that. Allowing apache user to sudoers list (just to make it work during develop). I could run these scripts from my web app without SUDO permissions, but they where not working at 100% (since some commands require SUDO). When i try with sudo i receive a code 127 error responde (permission problem).
I stopped there and decided to investigate the best way to do this.
I have full control of the server machine. Apache2 and everything normal is running well. (mariadb, proftpd with passive mode active -100 ports added- )
SELINUX is DISABLED. Firewalld Running
SSH is available for use
I can install another webserver in another port to accomplish this. If a lot of HTTPD configurations should be changed to accomplish this, i will preffer to install another webserver
I can also install any 3rd party software.
I'm a PHP Developer with low experience in other programming languages, if it's necesary to invoke any other programming language to do this (maybe like Python) i would love some docummentation links
Access to this web application would be limited only to my company's static ip address and will be protected
Any thoughts/ideas ? Thanks in advance
PS: If someone want to edit my text and add some colours and format, edition will be aprovved
EDIT TLDR: I want to run another httpd in another with a webapi. This webapi should can run console commands as SUDO. Access to this webserver will be limited to my company's IP. I'm not sure if this is the best way to do it and i want opinions. Also, i'm not pretty sure if its possible to run sudo commands from php without any trouble.
Is it possible to checkout specific branches from a Git version control system using a PHP website? All I need is a single webpage that lets me select any of the available branches and do a checkout after pressing a button (after authentication ofcourse).
Making a script to list all the available branches and display the page is easy, but the PHP script does not have sufficient rights to run a Git checkout. I can run the webserver (either Apache or Nginx) as root, but obviously that would be far too big a security risk.
How can I initiate a Git checkout from a PHP web script with min
I had the same problem and my solution was to just chown the whole site to the apache user. Now your PHP script can run the git checkout.
This solution is not 100% ideal for security, because now buggy scripts can change scripts in your webfolder. The proper solution for this would be to write a daemon than runs as a privileged user and runs only very specific commands for the apache user on request. I only needed a solution for our dev webserver, so the daemon would have been overkill.
Better set up a git server, using e.g. gitolite (search in Google). It even handles key setup and such for you.
I have a github account set up to my EC2 server with no issues. When i try to run a bash script to 'git pull' it wont do it. I will do a 'git status' and many other commands. Here is my sh file
cd /var/www/html/TDS/;
ls -la;
type git;
git status;
git remote -v;
git pull origin master;
echo "hello world";
All lines work except the git pull. I have tried git pull, git pull origin master, git fetch, git fetch origin master. I have ruled out all possibilities like permission issues and privileges.
This sh file is executed by hitting a PHP page, the PHP page looks like this
<?php
$output = shell_exec('/bin/sh /var/www/html/TDS/git.sh');
print_r("<pre>$output</pre>");
?>
Very simple and it works minus the Pull request. Any help would be amazing, I'm so close to getting this to work.
For a git pull to work, the user running it must have write permissions to the git repo's index (under .git/). Make sure the user under which the script is run (Apache?) has those rights.
...does PHP (www-data) have permissions? Is it the owner of the file?
Is this an ssh URL to the origin repository? Do you have ssh-agent running when you do it manually? Have you provided ssh agent access to the shell script (hint, the answers are Yes, Yes, No. Probably.)
So we have determined it is ssh access that is the problem. You then have two choices: getting ssh-agent credentials into the php process and allowing the php script access to ssh credentials without requiring a password. Both are problematic one way or another.
To get assh-agent credentials into the php process, copy the $SSH_AUTH_SOCK environmental variable from a shell into your php/shell script SSH_AUTH_SOCK=/tmp/ssh-wScioBA10361/agent.10361 git pull. Then assuming the php script has sufficient privs to access that file, git pull will work. This is problematic because you need to ssh into the system to get the auth sock, change the program to use the new socket (or write a program to find the current socket), and leave everything running. Log out, reboot, etc and you will lose git pull functionality.
The other option is to create ssh credentials for the php/shell user who is running git pull. Find the home directory, create .ssh, and ssh-keygen new keys for that user. You can set up the private key to not have a password so that anyone who can access this file (security risk!!) can ssh using those credentials. Add the public key to the authorized keys of the account who has access to the git repo (gitolite would allow you to restrict what privileges that account might have).
i can't figure out how i should access the repository from a CakePHP project called fredistrano (you can do CakePHP deploys with a web 2.0 interface). i have fredistrano in my web broadcasting directory on a shared unix web server. when i use tortoisesvn from my laptop, i have to use svn+ssh://username#domain.com/svnpath/trunk/. i tried using the same thing in fredistrano, but i keep getting the svn command error "svn: Network connection closed unexpectedly". i copied and pasted the command: svn export --non-interactive --username myusername --password mypwd svn+ssh://myusername#mydomain.com/home/myusername/svn/mydomain.com/trunk tmpDir 2>&1 into my SSH terminal connected to the shared server and i get a prompt for a password, which i believe is actual a prompt for the SSH password and not the SVN password (see this post). fredistrano is failing because it can't deal w/ the SSH password prompt. i noticed in the fredistrano documentation that the example uses http://ipaddress/svn/test for the SVN URL. i copied my svn to my web broadcasting direrctory and tried this but get a connection refused error. my shared hosting provider is pretty strict and i doubt that i can use that. is there a way i can get svn+ssh to work w/ a PHP script like this (fredistrano is just using shell_exec() to execute svn commands)? is there a way i can get just get svn, http, or https working (or any other method that i don't know about)?
I am interested in this problem, too, and I hope that I'm close to the solution.
I haven't tried to put it into work in my application due to the lack of time and other high-priority tasks, but I guess that it should look something like this:
shell_exec(svn something svn+ssh://...)
$response = trim(fgets(STDIN))
[then check if the response contains password prompt text]
fwrite(STDOUT, 'yourpassword');
[analyze the next response and see if SVN has returned the requested information - log, info, whatever]
"svn: Network connection closed unexpectedly" most probably means that your host has restricted/forbidden access to other hosts. This might imply using sockets at all (SVN, HTTP, etc.) or maybe only non-HTTP. In this case you should try setting up your SVN server to allow HTTP requests (e.g. using mod_dav_svn for Apache).
This is only a guess - see my comment to your question.
How do you authenticate from your dev machine to the svn-server? You might be using a key to authenticate (Do you have putty pageant running?)
maybe check out the Subversion PHP Module (1.0.3) instead of wrapping shell_exec; it requires building from source, with phpize, ./configure and make (just built it against PHP 5.6 and Subversion 1.9.5)... while the Apache Module mod_dav (Subversion via HTTP/HTTPS) is not required for version control, rather an optional method of accessing the repository.