Skip to content

ssh: Fix silent errors when SSHReceivePack fails

Patrick Steinhardt requested to merge pks-ssh-receive-pack-missing-error into master

When git-receive-pack(1) returns an error, then we send that error code to the client via an SSHUploadPackResponse. So while the client will be notified of the actual error condition if they know to be on the lookout for the error code, we will not make that error visible outside of that particular exchange. This has two important consequences:

1. We are effectively blind to errors in SSHUploadPack given that
   they also won't be visible in Prometheus. It's thus not possible
   to put SLOs on pushes.

2. Praefect will not see any errors either and assume that the
   request was indeed successful. When the request has failed under
   the hood though it notices that there aren't any transactional
   votes and thus it will schedule a replication job as a safety
   guard.

This is in fact the same error as we have fixed in 9deaf47f (ssh: Log error on git command failure, 2021-12-03), only that back then we fixed it for SSHUploadPack.

Fix this by both sending the error code to the client and returning an error from the RPC call is case git-receive-pack(1) fails.

Fixes #4136 (closed).

Merge request reports