阻止和/或识别GIT中的伪造作者姓名/电子邮件 [英] Block and/or Identify Fake author name/email in GIT
问题描述
我想阻止 git commit 中的假用户。这意味着一个用户不得与其他人更改他/她的电子邮件。我使用gitolite。我怎样才能实现这个功能?因为我有用户的公共密钥,我可以将他们的电子邮件/名称绑定到该公共密钥吗?
由于我有用户的公钥,我可以使用该公钥绑定电子邮件/名称吗?
非本地:Gitolite只能工作与用户ID(从http或ssh会话提取并设置在一个变量 GL_USER 中)
需要在其他地方提供这些信息。
我使用的是由用户给出并存储在 gitolite / keys dir gitolite-admin repo。
一个公共ssh密钥由3部分组成:
ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx无论您想要什么
最后一部分是公钥后面的字符串,它可以代表您想要的内容。
我要求用户输入一个密钥与他们的电子邮件地址(在最后)。
然后我设置一个 VREF (在gitolite中有一个更新钩子),这将验证在提交的电子邮件提交中看到的 user.email 〜gitolite / .ssh / authorized_keys 文件。
该文件由gitolite管理,并包含 user.name 及其电子邮件(因为我期望用户给我他们的公钥)
命令==.... / gitolite-shell user-idxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx无论如何
如果任何电子邮件与正确的用户名不匹配,VREF钩子将拒绝推送。
我自己的 VREF CHECKID (略有不同)的目的是声明在 gitolite.conf 中:
repo @all
RW + = gitoliteadm
- VREF / CHECKID = @all
I want to block fake users in git commit. That means one user must not be able to change his/her email with someone else. I use gitolite. How can I implement this feature? As I have users' public keys, can I bind their email/name to that public key?
As I have users' public key, can I bind email/name with that public key?
Not natively: Gitolite only works with the user id (as extracted from the http or ssh session and set in a variable GL_USER)
So you need to have that information elsewhere.
What I use is the public keys which are given by the users and stored in the gitolite/keys dir of the gitolite-admin repo.
A public ssh key is composed of 3 parts:
ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx WhateverYouWant
The last part, after the public key, is a string which can represent what you want.
I demand from the user a key with their email address in it (at the end).
I then setup a VREF (an update hook in gitolite) for all repo, which will validate the user.email seen in the commits with the email extracted from the ~gitolite/.ssh/authorized_keys file.
That file is managed by gitolite, and contains both the user.name and its email (because of the way I expect the users to give me their public key)
command=="..../gitolite-shell user-id" xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx WhateverYouWant
If any of the email doesn't match the right user name, the VREF hook will reject the push.
My own VREF CHECKID (for a slightly different) purpose, is declare in the gitolite.conf as:
repo @all
RW+ = gitoliteadm
- VREF/CHECKID = @all
这篇关于阻止和/或识别GIT中的伪造作者姓名/电子邮件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
