Webhook not delivering after push


I have a new gitea installation, and everything seems fine excepts that webhooks don’t seem to work.
For context it’s a Docker installation on arm64, something like a raspberry pi. Also, the webhook in question is from Drone CI.

The webhook is definitely correct, since the test deliveries are all successful:

And even with all events enabled in the webook settings.

But nothing happens when I push or create a tag. And there’s nothing useful in the debug log either, it just shows that the push happened and nothing else.

Accepted publickey for git from port 56207 ssh2: RSA SHA256:xxxxx
2022/11/03 15:46:28 ...ters/private/serv.go:412:ServCommand() [D] [6363d444] Serv Results:
        IsWiki: false
        DeployKeyID: 0
        KeyID: 1        KeyName: desktop
        UserName: haath
        UserID: 1
        OwnerName: haath
        RepoName: ci-test
        RepoID: 5
2022/11/03 15:46:28 [6363d444] router: completed GET /api/internal/serv/command/1/haath/ci-test?mode=2&verb=git-receive-pack for, 200 OK in 18.7ms @ private/serv.go:81(private.ServCommand)       
2022/11/03 15:46:28 [6363d444-2] router: completed POST /api/internal/ssh/1/update/5 for, 200 OK in 18.0ms @ private/key.go:18(private.UpdatePublicKeyInRepo)
Received disconnect from port 56207:11: disconnected by user
Disconnected from user git port 56207

And in my configuration I have all the following:

DISABLE_SSH      = false
OFFLINE_MODE     = false

DISABLE_GIT_HOOKS             = false
DISABLE_WEBHOOKS              = false


Everything else I’ve tried:

  • Pushing on HTTPS instead of ssh
  • Creating a new repository
  • Checking for noexec flags

After some more testing I found also this: webhooks are triggered when creating a pull request.

However still nothing when pushing commits, or tags, or even updating pull requests.

I narrowed it down to the post-receive.d/gitea hook.

The file appears to always fail test -x inside the container, event though it has 777 permissions.

And it’s definitely executable, I can run it inside the container as any user.

Any suggestions would be very welcome…

FAQ Push Hook / Webhook aren’t running

So I’m also having the same issue and have made same observations as @haath’s comment above.
(‘test -x’ always failling)

Look like this might be the cause: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1916485

A really hacky and temporary workaround I’ve done for a couple of my repos is to replace ‘test -x’ with ‘/usr/bin/test -x’ in the hook scripts. This works for some reason according to that bug report and in my container.

A more permanent solution might be rebasing the docker image to one with the fixed bash/libseccomp/glibc?

It doesn’t seem like it’s the libseccomp issue.

The built-in test from bash fails with EACCES when trying to test for execute permissions for a file on a network share (NFS for me). However, the mount is mounted with exec option and I can execute the file.

It seems like using stat(2) works ok on a local docker with NFS mounts, access(2) also works ok on my deployed docker with NFS, but the bash built-in uses faccessat2(2), which returns EPERM.

It does say in the man page for faccessat2(2) that these calls may not work correctly on NFSv2 or FUSE mounts. However, I am using NFSv3, so it might be the docker fuse mounts.