bzr_ssh_path_limiter error

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Garth Wells wrote:
> New question #98083 on Bazaar:
> https://answers.launchpad.net/bzr/+question/98083
>
> Hi,
>
> I've tried using 'bzr_ssh_path_limiter' in an ssh authorized keys file to control access, but without luck. I've been using hg-ssh, on which bzr_ssh_path_limiter is based, for several years without problems.
>
> I have
>
> command="/home/bzr/bin/bzr_ssh_path_limiter /home/bzr/my_code" ssh-rsa . . . ..
>
> in ~/.ssh/authorized_keys2, and I know that the script is being called because I can print from it to std output. When I try to branch over ssh, I get
>
> bzr: ERROR: Not a branch: "bzr+ssh://<email address hidden>/home/bzr/my_code/".
>
> The problem seems to be with the line
>
> os.execlp('bzr', 'bzr', '--no-plugins', 'serve', '--inet', '--directory=' + sys.argv[1], '--allow-writes')
>
> Am I using the script incorrectly or is there something wrong in this line of the script? I'm using bzr version 2.0.0.
>

I believe once you've set up path limiting, then the 'root' of the
bzr+ssh:// line changes. Specifically with the above command, then

/home/bzr/my_code/foo
is accessed as
bzr+ssh://<email address hidden>/foo

And not
bzr+ssh://<email address hidden>/home/bzr/my_code/foo

John
=:->

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktXHBAACgkQJdeBCYSNAAOV4QCfayx/NuJBS+3alobe27i5ydO+
3ocAoKCnkN5m4nu6KKguDOqqOSQTeKaQ
=UkRA
-----END PGP SIGNATURE-----

John A Meinel wrote:
> Your question #98083 on Bazaar changed:
> https://answers.launchpad.net/bzr/+question/98083
>
> Status: Open => Answered
>
> John A Meinel proposed the following answer:
> Garth Wells wrote:
>> New question #98083 on Bazaar:
>> https://answers.launchpad.net/bzr/+question/98083
>
>> Hi,
>
>> I've tried using 'bzr_ssh_path_limiter' in an ssh authorized keys file to control access, but without luck. I've been using hg-ssh, on which bzr_ssh_path_limiter is based, for several years without problems.
>
>> I have
>
>> command="/home/bzr/bin/bzr_ssh_path_limiter /home/bzr/my_code" ssh-rsa . . . ..
>
>> in ~/.ssh/authorized_keys2, and I know that the script is being called because I can print from it to std output. When I try to branch over ssh, I get
>
>> bzr: ERROR: Not a branch: "bzr+ssh://<email address hidden>/home/bzr/my_code/".
>
>> The problem seems to be with the line
>
>> os.execlp('bzr', 'bzr', '--no-plugins', 'serve', '--inet', '--directory=' + sys.argv[1], '--allow-writes')
>
>> Am I using the script incorrectly or is there something wrong in this line of the script? I'm using bzr version 2.0.0.
>
>
> I believe once you've set up path limiting, then the 'root' of the
> bzr+ssh:// line changes. Specifically with the above command, then
>
> /home/bzr/my_code/foo
> is accessed as
> bzr+ssh://<email address hidden>/foo
>
> And not
> bzr+ssh://<email address hidden>/home/bzr/my_code/foo
>

Unfortunately this didn't help.

The path seems to be ok. Doing

  bzr branch bzr+ssh://<email address hidden>/home/bzr/my_code/foo

and printing

  '--directory=' + sys.argv[1]

from inside bzr_ssh_path_limiter, I see

  '--directory=/home/bzr/my_code/foo'

which is teh correct path.

Garth

> John
> =:->
>

Garth, John's answer is correct I think.

What happens if you try this command:

bzr branch bzr+ssh://<email address hidden>/foo

?

i.e. without the /home/bzr/my_code in the URL?