本文介绍了阻止和/或识别GIT中的伪造作者姓名/电子邮件的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想阻止 git commit 中的假用户。这意味着一个用户不得与其他人更改他/她的电子邮件。我使用gitolite。我怎样才能实现这个功能?因为我有用户的公共密钥,我可以将他们的电子邮件/名称绑定到该公共密钥吗?

解决方案

非本地:Gitolite只能工作与用户ID(从http或ssh会话提取并设置在一个变量 GL_USER 中)

需要在其他地方提供这些信息。



我使用的是由用户给出并存储在 gitolite / keys dir gitolite-admin repo。



一个公共ssh密钥由3部分组成:

  ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx无论您想要什么

最后一部分是公钥后面的字符串,它可以代表您想要的内容。



我要求用户输入一个密钥与他们的电子邮件地址(在最后)。
然后我设置一个,这将验证在提交的电子邮件提交中看到的 user.email 〜gitolite / .ssh / authorized_keys 文件。

该文件由gitolite管理,并包含 user.name 及其电子邮件(因为我期望用户给我他们的公钥)

 命令==.... / gitolite-shell user-idxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx无论如何

如果任何电子邮件与正确的用户名不匹配,VREF钩子将拒绝推送。






我自己的 VREF CHECKID (略有不同)的目的是声明在 gitolite.conf 中:

  repo @all 
RW + = gitoliteadm
- VREF / CHECKID = @all


I want to block fake users in git commit. That means one user must not be able to change his/her email with someone else. I use gitolite. How can I implement this feature? As I have users' public keys, can I bind their email/name to that public key?

解决方案

Not natively: Gitolite only works with the user id (as extracted from the http or ssh session and set in a variable GL_USER)

So you need to have that information elsewhere.

What I use is the public keys which are given by the users and stored in the gitolite/keys dir of the gitolite-admin repo.

A public ssh key is composed of 3 parts:

 ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx WhateverYouWant

The last part, after the public key, is a string which can represent what you want.

I demand from the user a key with their email address in it (at the end).
I then setup a VREF (an update hook in gitolite) for all repo, which will validate the user.email seen in the commits with the email extracted from the ~gitolite/.ssh/authorized_keys file.
That file is managed by gitolite, and contains both the user.name and its email (because of the way I expect the users to give me their public key)

 command=="..../gitolite-shell user-id" xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx WhateverYouWant

If any of the email doesn't match the right user name, the VREF hook will reject the push.


My own VREF CHECKID (for a slightly different) purpose, is declare in the gitolite.conf as:

repo    @all
  RW+                            = gitoliteadm
  -     VREF/CHECKID             = @all

这篇关于阻止和/或识别GIT中的伪造作者姓名/电子邮件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-04 20:28