phabricator/scripts/repository/test_connection.php

#!/usr/bin/env php
<?php

$root = dirname(dirname(dirname(__FILE__)));
require_once $root.'/scripts/__init_script__.php';

if (empty($argv[1])) {
  echo "usage: test_connection.php <repository_callsign>\n";
  exit(1);
}

echo phutil_console_wrap(
  phutil_console_format(
    'This script will test that you have configured valid credentials for '.
    'access to a repository, so the Phabricator daemons can pull from it. '.
    'You should run this as the **same user you will run the daemons as**, '.
    'from the **same machine they will run from**. Doing this will help '.
    'detect various problems with your configuration, such as SSH issues.'));

list($whoami) = execx('whoami');
$whoami = trim($whoami);

$ok = phutil_console_confirm("Do you want to continue as '{$whoami}'?");
if (!$ok) {
  die(1);
}

$callsign = $argv[1];
echo "Loading '{$callsign}' repository...\n";
$repository = id(new PhabricatorRepository())->loadOneWhere(
  'callsign = %s',
  $argv[1]);
if (!$repository) {
  throw new Exception("No such repository exists!");
}

$vcs = $repository->getVersionControlSystem();

PhutilServiceProfiler::installEchoListener();

echo phutil_console_format(
  "\n".
  "**NOTE:** If you are prompted for an SSH password in the next step, the\n".
  "daemon won't work because it doesn't have the password and can't respond\n".
  "to an interactive prompt. Instead of typing the password, it will hang\n".
  "forever when prompted. There are several ways to resolve this:\n\n".
  "  - Run the daemon inside an ssh-agent session where you have unlocked\n".
  "    the key (most secure, but most complicated).\n".
  "  - Generate a new, passwordless certificate for the daemon to use\n".
  "    (usually quite easy).\n".
  "  - Remove the passphrase from the key with `ssh-keygen -p`\n".
  "    (easy, but questionable).");

phutil_console_confirm('Did you read all that?', $default_no = false);

echo "Trying to connect to the remote...\n";
switch ($vcs) {
  case PhabricatorRepositoryType::REPOSITORY_TYPE_SVN:
    $err = $repository->passthruRemoteCommand(
      '--limit 1 log %s',
      $repository->getRemoteURI());
    break;
  case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT:
    // Do an ls-remote on a nonexistent ref, which we expect to just return
    // nothing.
    $err = $repository->passthruRemoteCommand(
      'ls-remote %s %s',
      $repository->getRemoteURI(),
      'just-testing');
    break;
  case PhabricatorRepositoryType::REPOSITORY_TYPE_MERCURIAL:
    // TODO: 'hg id' doesn't support --insecure so we can't tell it not to
    // spew. If 'hg id' eventually supports --insecure, consider using it.
    echo "(It is safe to ignore any 'certificate with fingerprint ... not ".
         "verified' warnings, although you may want to configure Mercurial ".
         "to recognize the server's fingerprint/certificate.)\n";
    $err = $repository->passthruRemoteCommand(
      'id --rev tip %s',
      $repository->getRemoteURI());
    break;
  default:
    throw new Exception("Unsupported repository type.");
}

if ($err) {
  echo phutil_console_format(
    "<bg:red>** FAIL **</bg> Connection failed. The credentials for this ".
    "repository appear to be incorrectly configured.\n");
  exit(1);
} else {
  echo phutil_console_format(
    "<bg:green>** OKAY **</bg> Connection successful. The credentials for ".
    "this repository appear to be correctly configured.\n");
}
Store repository credentials with repositories Summary: Move toward storing credentials in configuration so it's easier to get the daemons working. This should eventually solve all the key juggling junk you have to do right now. This only gets us part of the way to actually using these credentials in the daemons since I have to go swap everything for $repository->execBlah(). I tried to write a web "Test Connection" button but it was too much of a mess to get git to work since git doesn't give you access to its SSH command and SSH has a bunch of interactive prompts which you can't really do anything about without it or a bunch of ~/.ssh/config editing. This is what Git recommends: https://git.wiki.kernel.org/index.php/GitFaq#How_do_I_specify_what_ssh_key_git_should_use.3F ..but it's not a great match for this use case. Test Plan: - Only partial. - Ran "test_connection.php" on a Git repo with and without SSH, and with and without valid credentials. This part works properly. - Ran "test_connection.php" on a public SVN repo, but I don't have private or WEBDAV repos set up at the moment. - Mercurial doesn't work yet. - Daemons haven't been converted yet. Reviewers: jungejason, tuomaspelkonen, aran Reviewed By: jungejason CC: aran, abdul, nmalcolm, epriestley, jungejason Differential Revision: 888 2011-09-02 17:20:14 -07:00			`#!/usr/bin/env php`
			`<?php`

			`$root = dirname(dirname(dirname(__FILE__)));`
			`require_once $root.'/scripts/__init_script__.php';`

			`if (empty($argv[1])) {`
			`echo "usage: test_connection.php <repository_callsign>\n";`
			`exit(1);`
			`}`

			`echo phutil_console_wrap(`
			`phutil_console_format(`
			`'This script will test that you have configured valid credentials for '.`
			`'access to a repository, so the Phabricator daemons can pull from it. '.`
			`'You should run this as the same user you will run the daemons as, '.`
			`'from the same machine they will run from. Doing this will help '.`
			`'detect various problems with your configuration, such as SSH issues.'));`

			`list($whoami) = execx('whoami');`
			`$whoami = trim($whoami);`

			`$ok = phutil_console_confirm("Do you want to continue as '{$whoami}'?");`
			`if (!$ok) {`
			`die(1);`
			`}`

			`$callsign = $argv[1];`
			`echo "Loading '{$callsign}' repository...\n";`
			`$repository = id(new PhabricatorRepository())->loadOneWhere(`
			`'callsign = %s',`
			`$argv[1]);`
			`if (!$repository) {`
			`throw new Exception("No such repository exists!");`
			`}`

			`$vcs = $repository->getVersionControlSystem();`

			`PhutilServiceProfiler::installEchoListener();`

Improve messaging around passworded SSH keys Summary: It would be better to test if a key is passworded, but I couldn't figure out how to do that. Test Plan: Ran "test_connection.php" Reviewers: btrahan Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T924 Differential Revision: https://secure.phabricator.com/D1856 2012-03-12 10:34:27 -07:00			`echo phutil_console_format(`
			`"\n".`
			`"NOTE: If you are prompted for an SSH password in the next step, the\n".`
			`"daemon won't work because it doesn't have the password and can't respond\n".`
			`"to an interactive prompt. Instead of typing the password, it will hang\n".`
			`"forever when prompted. There are several ways to resolve this:\n\n".`
			`" - Run the daemon inside an ssh-agent session where you have unlocked\n".`
			`" the key (most secure, but most complicated).\n".`
			`" - Generate a new, passwordless certificate for the daemon to use\n".`
			`" (usually quite easy).\n".`
			" - Remove the passphrase from the key with `ssh-keygen -p`\n".
			`" (easy, but questionable).");`

			`phutil_console_confirm('Did you read all that?', $default_no = false);`

Store repository credentials with repositories Summary: Move toward storing credentials in configuration so it's easier to get the daemons working. This should eventually solve all the key juggling junk you have to do right now. This only gets us part of the way to actually using these credentials in the daemons since I have to go swap everything for $repository->execBlah(). I tried to write a web "Test Connection" button but it was too much of a mess to get git to work since git doesn't give you access to its SSH command and SSH has a bunch of interactive prompts which you can't really do anything about without it or a bunch of ~/.ssh/config editing. This is what Git recommends: https://git.wiki.kernel.org/index.php/GitFaq#How_do_I_specify_what_ssh_key_git_should_use.3F ..but it's not a great match for this use case. Test Plan: - Only partial. - Ran "test_connection.php" on a Git repo with and without SSH, and with and without valid credentials. This part works properly. - Ran "test_connection.php" on a public SVN repo, but I don't have private or WEBDAV repos set up at the moment. - Mercurial doesn't work yet. - Daemons haven't been converted yet. Reviewers: jungejason, tuomaspelkonen, aran Reviewed By: jungejason CC: aran, abdul, nmalcolm, epriestley, jungejason Differential Revision: 888 2011-09-02 17:20:14 -07:00			`echo "Trying to connect to the remote...\n";`
			`switch ($vcs) {`
			`case PhabricatorRepositoryType::REPOSITORY_TYPE_SVN:`
			`$err = $repository->passthruRemoteCommand(`
			`'--limit 1 log %s',`
			`$repository->getRemoteURI());`
			`break;`
			`case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT:`
			`// Do an ls-remote on a nonexistent ref, which we expect to just return`
			`// nothing.`
			`$err = $repository->passthruRemoteCommand(`
			`'ls-remote %s %s',`
			`$repository->getRemoteURI(),`
			`'just-testing');`
			`break;`
Support Mercurial in test_connection.php Summary: Add Mercurial support to this script. Test Plan: Connected to public and private Bitbucket mercurial repos, successfully (with valid credentials) and unsuccessfully (without valid credentials). Reviewers: Makinde, jungejason, nh, tuomaspelkonen, aran Reviewed By: jungejason CC: aran, jungejason Differential Revision: 938 2011-09-15 14:41:53 -07:00			`case PhabricatorRepositoryType::REPOSITORY_TYPE_MERCURIAL:`
			`// TODO: 'hg id' doesn't support --insecure so we can't tell it not to`
			`// spew. If 'hg id' eventually supports --insecure, consider using it.`
			`echo "(It is safe to ignore any 'certificate with fingerprint ... not ".`
			`"verified' warnings, although you may want to configure Mercurial ".`
			`"to recognize the server's fingerprint/certificate.)\n";`
			`$err = $repository->passthruRemoteCommand(`
			`'id --rev tip %s',`
			`$repository->getRemoteURI());`
			`break;`
Store repository credentials with repositories Summary: Move toward storing credentials in configuration so it's easier to get the daemons working. This should eventually solve all the key juggling junk you have to do right now. This only gets us part of the way to actually using these credentials in the daemons since I have to go swap everything for $repository->execBlah(). I tried to write a web "Test Connection" button but it was too much of a mess to get git to work since git doesn't give you access to its SSH command and SSH has a bunch of interactive prompts which you can't really do anything about without it or a bunch of ~/.ssh/config editing. This is what Git recommends: https://git.wiki.kernel.org/index.php/GitFaq#How_do_I_specify_what_ssh_key_git_should_use.3F ..but it's not a great match for this use case. Test Plan: - Only partial. - Ran "test_connection.php" on a Git repo with and without SSH, and with and without valid credentials. This part works properly. - Ran "test_connection.php" on a public SVN repo, but I don't have private or WEBDAV repos set up at the moment. - Mercurial doesn't work yet. - Daemons haven't been converted yet. Reviewers: jungejason, tuomaspelkonen, aran Reviewed By: jungejason CC: aran, abdul, nmalcolm, epriestley, jungejason Differential Revision: 888 2011-09-02 17:20:14 -07:00			`default:`
			`throw new Exception("Unsupported repository type.");`
			`}`

			`if ($err) {`
			`echo phutil_console_format(`
			`"<bg:red> FAIL </bg> Connection failed. The credentials for this ".`
			`"repository appear to be incorrectly configured.\n");`
			`exit(1);`
			`} else {`
			`echo phutil_console_format(`
			`"<bg:green> OKAY </bg> Connection successful. The credentials for ".`
			`"this repository appear to be correctly configured.\n");`
			`}`