当没有配置推送器的用户名时,防止针对远程存储库的git推送 [英] Prevent git push against remote repository when username of pusher is not configured
问题描述
我想阻止用户在用户名设置不正确时推送到我的存储库。在实践中,我想这样:
foreach提交push_stuff:
如果在some_list中没有commit.username:
拒绝推送
钩子预先接收似乎是合适的,但我如何从每个接收到的提交对象中提取用户名? update 似乎可以获得对象名称,但是根据我的理解,它已经存在于我的存储库中(就在ref移动之前)。
编辑:这并不意味着一些安全机制只允许某些人推送给我。我相信每个人,但有时候人们会搞砸,忘记配置 .gitconfig 。
更新:我有一个VonC的建议存在问题。当使用预先接收时,如果有人推新分支,< old-value> 为000000000。所以,如果他已经对这个新分支进行了多次提交,并且他试图推动它,那么执行git rev-list ... $ new只会给我一个提交。但也许其他提交之前,它有一个坏的用户名,我想拒绝。我找不到一种方式告诉git给我所有新的提交。当分支已经存在做git rev-list ... $ old .. $ new做这项工作。
我相信这个问题在 Git / gitosis:如何检查用户名和邮件的有效性?。
现在,引用的SO问题是关于一个安全机制(你不想要的),但是:
git log -1 --pretty = format:%ae $ new
可以提供帮助在 pre-receive hook ,如
%an 或%aN 可能会更适合您的情况。
该钩子为接收操作执行一次上。它不需要任何参数,但是对于每一个ref的更新,它都会在标准输入中接收一行格式:
<旧值与GT; SP<新值> SP< ref-name> LF
其中:
<旧值>是存储在ref中的旧对象名称,
< new-value>是要存储在ref中的新对象名称和
< ; ref-name>是ref的全名。
当创建一个新的ref时,
< old-value>是40 0。
I want to prevent users from pushing to my repository when their usernames aren't set correctly. In practice I'd like this:
foreach commit in pushed_stuff:
if not commit.username in some_list:
reject push
The hook pre-receive seems appropriate but how do I extract the username from each commit object that is received? update seems to get the object names but from my understanding that happens when it's already in my repository (just before the ref has moved).
EDIT: This isn't meant to be some security mechanism to only allow certain people to push to me. I trust everyone, but sometimes people mess up and forget to configure their .gitconfig.
UPDATE: I had a problem with VonC's suggestion. When using pre-receive, if someone pushes a new branch the <old-value> is "000000000". So if he had made several commits to that new branch and he tries to push it, doing git rev-list ... $new only gives me one commit. But maybe other commits before it have had a bad username that I want to reject. I couldn't find a way to tell git to give me all the new commits. When the branch already exists doing git rev-list ... $old..$new does the job.
I believe this is addressed a bit in "Git/gitosis: How to check validity of user name and email?".
Now, the referenced SO question is about a security mechanism (which you don't want), but :
git log -1 --pretty=format:%ae $new
can help in a pre-receive hook, as suggested by Bombe in his answer.
%an or %aN might be more adapted to your case here.
This hook executes once for the receive operation. It takes no arguments, but for each ref to be updated it receives on standard input a line of the format:
<old-value> SP <new-value> SP <ref-name> LF
where:
<old-value>is the old object name stored in the ref,<new-value>is the new object name to be stored in the ref and<ref-name>is the full name of the ref.When creating a new ref,
<old-value>is 40 0.
这篇关于当没有配置推送器的用户名时,防止针对远程存储库的git推送的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
