我要求用户输入一个密钥与他们的电子邮件地址（在最后）。
然后我设置一个，这将验证在提交的电子邮件提交中看到的 user.email 〜gitolite / .ssh / authorized_keys 文件。

该文件由gitolite管理，并包含 user.name 及其电子邮件（因为我期望用户给我他们的公钥）

 命令==.... / gitolite-shell user-idxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx无论如何
  

如果任何电子邮件与正确的用户名不匹配，VREF钩子将拒绝推送。

我自己的 VREF CHECKID （略有不同）的目的是声明在 gitolite.conf 中：

  repo @all 
 RW + = gitoliteadm 
  -  VREF / CHECKID = @all 
  

I want to block fake users in git commit. That means one user must not be able to change his/her email with someone else. I use gitolite. How can I implement this feature? As I have users' public keys, can I bind their email/name to that public key?

Not natively: Gitolite only works with the user id (as extracted from the http or ssh session and set in a variable GL_USER)

So you need to have that information elsewhere.

What I use is the public keys which are given by the users and stored in the gitolite/keys dir of the gitolite-admin repo.

A public ssh key is composed of 3 parts:

 ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx WhateverYouWant

The last part, after the public key, is a string which can represent what you want.

I demand from the user a key with their email address in it (at the end).
I then setup a VREF (an update hook in gitolite) for all repo, which will validate the user.email seen in the commits with the email extracted from the ~gitolite/.ssh/authorized_keys file.
That file is managed by gitolite, and contains both the user.name and its email (because of the way I expect the users to give me their public key)

 command=="..../gitolite-shell user-id" xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx WhateverYouWant

If any of the email doesn't match the right user name, the VREF hook will reject the push.

My own VREF CHECKID (for a slightly different) purpose, is declare in the gitolite.conf as:

repo    @all
  RW+                            = gitoliteadm
  -     VREF/CHECKID             = @all

这篇关于阻止和/或识别GIT中的伪造作者姓名/电子邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！