为什么Git需要签名推送? [英] Why does Git need signed pushes?
问题描述
在 Git 2.2.0 的发行说明中,它描述了一个新选项 git push
, - 签名
:
In the release notes for Git 2.2.0, it describes a new option to git push
, --signed
:
"git push" learned "--signed" push, that allows a push (i.e.
request to update the refs on the other side to point at a new
history, together with the transmission of necessary objects) to be
signed, so that it can be verified and audited, using the GPG
signature of the person who pushed, that the tips of branches at a
public repository really point the commits the pusher wanted to,
without having to "trust" the server.
因此,听起来好像在推送过程中发送到服务器的数据是经过签名的,服务器可以验证并记录推送的人员。在 man
页面中,您可以确认这一点:
So it sounds like the data being sent to the server during the push is signed so that the server can verify and log who did the push. In the man
pages you can confirm this:
--signed
GPG-sign the push request to update refs on the receiving side,
to allow it to be checked by the hooks and/or be logged. See
git-receive-pack[1] for the details on the receiving end.
您可以在 man
< post-recieve
钩子以准确查看如何验证签名推送。
You look in the man
pages for git-receive-pack
under pre-receive
and post-recieve
hooks to see exactly how to verify a signed push.
似乎所有这些都有助于服务器 确认谁在进行推送,他们确实是他们自称的人。
It seems like all of that helps the server verify who is doing the push really is who they say they are.
git push --signed
如何帮助你(推者)不必信任服务器?以表明它可以帮助服务器信任你。更重要的是,为什么签名提交和签名标记不足以推送到不受信任的服务器?为什么我们甚至需要签名推送?
How does git push --signed
help you (the pusher) in not having to "trust" the server? Everything I have seen so far seems to indicate that it helps the server trust you. More importantly, Why are signed commits and signed tags not sufficient to push to an untrusted server? Why do we even need signed pushes?
推荐答案
以下是引入的提交消息的摘录签名推送:
Here is an excerpt from the commit message that introduced signed pushes:
While signed tags and commits assert that the objects thusly signed
came from you, who signed these objects, there is not a good way to
assert that you wanted to have a particular object at the tip of a
particular branch. My signing v2.0.1 tag only means I want to call
the version v2.0.1, and it does not mean I want to push it out to my
'master' branch---it is likely that I only want it in 'maint', so
the signature on the object alone is insufficient.
The only assurance to you that 'maint' points at what I wanted to
place there comes from your trust on the hosting site and my
authentication with it, which cannot easily audited later.
因此,即使提交已签名,您也不能确定作者是否打算推送到分支 master
或分支超实验功能
。签名推送允许服务器保存每个推送事件及其签名的记录。然后可以验证此日志,以确定每个提交确实是要在特定分支上。
So even though the commit is signed, you cannot be sure that the author intended that commit to be pushed to the branch master
or to the branch super-experimental-feature
. Signed pushes allow the server to keep a record of every push event and its signature. This log can then be verified to see that each commit was indeed intended to be on a particular branch.
这篇关于为什么Git需要签名推送?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!