webhook snap can't execute command

[bakwc]

I have a script with following content:

#!/bin/bash

git pull

Script doesn't work, and there is an error in logs:

line 3: git: command not found

Webhook is running under the same user, standalone script launch is 100% working, git command present in bash.

Why opensource usage is such a pain?

[fbartels]

It appears you are running webhook in an environment where it does not inherit the environment variables from your user/process and therefore $PATH is undefined. So you either need to define it, or give the full path to the binary.

Why opensource usage is such a pain?

There is a saying that goes "What goes around, comes around". Maybe you are just the one that is painful to work with? ;-)

[bakwc]

$PATH is defined, I made "echo $PATH > log.txt" and everything exists in path.

[moorereason]

If you use the full path to the git binary, does it work?

[bakwc]

No, it gives:

/usr/bin/git: No such file or directory

I already tried with passing working directory and without passing anything, nothing works.

[moorereason]

What version of webhook and how did you install it?

Check your file permissions. Does the user running the webhook service have access to execute the git binary? Are you using selinux or anything would prevent the webhook service from execution git?

[bakwc]

Version: 2.8.0
Installed and run via snap:

fippo@mainserver:~/koding/myapp/server$ snap run webhook -port 1111 -hooks /home/fippo/webhooks/hooks.json -verbose
[webhook] 2021/04/29 22:30:17 version 2.8.0 starting
[webhook] 2021/04/29 22:30:17 setting up os signal watcher
[webhook] 2021/04/29 22:30:17 attempting to load hooks from /home/fippo/webhooks/hooks.json
[webhook] 2021/04/29 22:30:17 found 1 hook(s) in file
[webhook] 2021/04/29 22:30:17 	loaded: myapp
[webhook] 2021/04/29 22:30:17 serving hooks on http://0.0.0.0:1111/hooks/{id}
[webhook] 2021/04/29 22:30:17 os signal watcher ready
[webhook] 2021/04/29 22:30:50 [7e2a2d] incoming HTTP GET request from 172.28.0.1:61274
[webhook] 2021/04/29 22:30:50 [7e2a2d] myapp got matched
[webhook] 2021/04/29 22:30:50 [7e2a2d] error parsing body payload due to unsupported content type header:
[webhook] 2021/04/29 22:30:50 [7e2a2d] myapp hook triggered successfully
[webhook] 2021/04/29 22:30:50 [7e2a2d] 200 | 8 B | 428.822µs | 123.1.1.1:1111 | GET /hooks/myapp
[webhook] 2021/04/29 22:30:50 [7e2a2d] executing /home/fippo/koding/myapp/server/deploy.sh (/home/fippo/koding/myapp/server/deploy.sh) with arguments ["/home/fippo/koding/myapp/server/deploy.sh"] and environment [] using  as cwd
[webhook] 2021/04/29 22:30:50 [7e2a2d] command output: /bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
/home/fippo/koding/myapp/server/deploy.sh: line 3: /usr/bin/git: No such file or directory
/home/fippo/koding/myapp/server/deploy.sh: line 5: docker: command not found
/home/fippo/koding/myapp/server/deploy.sh: line 6: docker: command not found
/home/fippo/koding/myapp/server/deploy.sh: line 7: docker: command not found
/home/fippo/koding/myapp/server/deploy.sh: line 8: docker: command not found

Does the user running the webhook service have access to execute the git binary

Sure

Are you using selinux or anything would prevent the webhook service from execution git?

Nothing, just regular ubuntu (slightly old, 16.04).

[moorereason]

I don't use snaps, but I'm assuming that's the problem.

Cc: @adnanh

[slntopp]

there are no configuration hooks and vars in snap, so I'd assume it won't work from snap

[bakwc]

May be it is a good idea at least to mention in README.md that snap version have some limitations?

[slntopp]

Pretty much indeed🤷‍♂️

[atika]

I don't know how snap works and I wanted to give it a try by installing the latest version of webhook. I did not find any information for the configuration, how to edit the service or where I have to put the configuration file.
I think the app is sandboxed like apps on macOS. Webhook is installed in strict mode. I think you can't execute /usr/bin/git because you are not allowed to do that, but you can run deploy.sh because it's in your home directory.
With snap interfaces we see that webhook have :network :network-bind and home.
Confinement could be great for this app, but as Webhook executes shell scripts that probably use a lot of binaries and directories outside the home folder, maybe it's not suitable for snapd...

[vallemar]

+1, I have the same behavior in centos

[nsg]

I have some knowledge about snaps. There are various interfaces and tools to poke holes in the sandbox, but I agree that with a tool like this the sandbox make little sense. My suggestion it make it a "classic snap" with is a snap package without a sandbox. A classic snap needs to be manually approved by Canonical, I think this tool have a good case why it should be approved.

It can still be useful to use the snap store for discoverability and ease of installation for users. If not, I suggest that you merge #566 and unpublish the snap from the store.

Let me know if you need any help.