I want to block fake users in git commit
. That means one user must not be able to change his/her email with someone else. I use gitolite. How can I implement this feature? As I have users' public keys, can I bind their email/name to that public key?
相关问题
- “Zero out” sensitive String data in Swift
- High cost encryption but less cost decryption
- Why does recursive submodule update from github fa
- Extended message for commit via Visual Studio Code
- Emacs shell: save commit message
相关文章
- 请教Git如何克隆本地库?
- Warning : HTML 1300 Navigation occured?
- GitHub:Enterprise post-receive hook
- Git Clone Fails: Server Certificate Verification F
- SSIS solution on GIT?
- Is there a version control system abstraction for
- ssh: Could not resolve hostname git: Name or servi
- Cannot commit changes with gitextensions
I wrote a hook that takes a slightly different approach than the previous answer. You put in an EMAILDOMAIN at the top, and it makes sure that the email address on the commit log equals [the committing user's SSH key file name]@[EMAILDOMAIN].
I tossed this into gitolite-admin/common-hooks so it runs server side on pushes.
Not natively: Gitolite only works with the user id (as extracted from the http or ssh session and set in a variable
GL_USER
)So you need to have that information elsewhere.
What I use is the public keys which are given by the users and stored in the
gitolite/keys
dir of thegitolite-admin
repo.A public ssh key is composed of 3 parts:
The last part, after the public key, is a string which can represent what you want.
I demand from the user a key with their email address in it (at the end).
I then setup a
VREF
(an update hook in gitolite) for all repo, which will validate theuser.email
seen in the commits with the email extracted from the~gitolite/.ssh/authorized_keys
file.That file is managed by gitolite, and contains both the
user.name
and its email (because of the way I expect the users to give me their public key)If any of the email doesn't match the right user name, the VREF hook will reject the push.
My own VREF
CHECKID
(for a slightly different) purpose, is declare in thegitolite.conf
as: