The gitolite server reviews the submitted author information of git push.

1. Environment

Gitolite version: v3.5.1

2. Problems that upset me

Git is a distributed version control system that allows you to set the user name and email address of the submitter as you like (for example, use the following command ). This is too insecure for team collaboration. If a team member impersonates another person to push a new submission to the server version library, it cannot be found.

Git config user. Name Git config user. Email

Currently, git servers are commonly used, including gitolite, gitosis, and Gerrit. The Gerrit review server developed by Google reviews the submitted email addresses (but the user. Name is not reviewed ). Gitolit and gitosis are not reviewed at all.

I recently set up gitolite + SSH as a git server, and used redmine as a requirement management and defect tracking to achieve integration with git. Users in redmine are identified by an ID. The GIT commit author contains the user name and email address, which can associate the redmine user ID with the GIT commit author.

Obviously, if you change the name and email address of the submitter at will during git submission, the user correspondence set in the remine software will be damaged.

 

3. Implement gitolite server to review submitted author information

First, gitolite itself does not have such a function. How can the gitolite server review the submitted author information? The idea that flashed my head immediately was git's hooks, which found the answer in the gitolite official document.

 

Gitolite documentation Website: http://gitolite.com/gitolite/master-toc.html

 

Use the pre-receive hook. The content of the pre-receive file is as follows:

#!/bin/sh#mismatch=0while read old new ref; do  author=`git show --pretty=format:%an $new | head -1`  email=`git show --pretty=format:%ae $new | head -1`  #  echo "     email = \"$email\", author = \"$author\", GL_USER = \"$GL_USER\""    if test "$GL_USER" != "$author"; then    echo    echo "ERROR: Invalid user name on object $new:"    echo "       Expecting \"$GL_USER\", got \"$author\""    mismatch=1  fi    if test "$GL_USER@yaxon.com" != "$email"; then    echo    echo "ERROR: Invalid user email on object $new:"    echo "       Expecting \"$GL_USER@yaxon.com\", got \"$email\""    mismatch=1  fidoneif test $mismatch -eq 1; then  echo  echo "Please run the following commands and try again:"  echo "> git config user.name \"$GL_USER\""  echo "> git config user.email \"$GL_USER@yaxon.com\""  echo "> git commit --amend --author=\"$GL_USER <$GL_USER@yaxon.com>\""  echo  exit 1;fiexit 0;

With a little explanation, you should be able to understand how to implement it:

◆ Use git show to parse the commit author (author) and email address (email ).

◆ Use the environment variable $ gl_user that comes with gitolite to obtain the SSH user information used for git push. This $ gl_user is actually the shh public key file name under the installation directory \. gitolite \ keydir on the gitolit server (corresponding to an SSH connection user, usually named as the name of a team member ).

 

4. Where can I put the pre-receive hook?

There are two options:

◆ If you want to review a version library, you only need to put the pre-receive file under the hooks directory of the specified version library on the gitolite server.

◆ If you want to review all version libraries on the gitolite server. Follow these steps:

1. log on to the gitolite server as a user (such as GIT) who has installed gitolite. (You can log on via SSH );

② Copy pre-receive to the/home/git/. gitolite/hooks/common/directory of gitlolite/

③ Execute./bin/gitolite setup -- hooks-only

Once the installation is complete and git push always prompts me "error: cannot run hooks/pre-receive: no such file or directory ", at last, we found that the pre-receive file line break is a ghost of WINDOWS \ r \ n and can be changed to \ n.

How to install gitolite hooks, you can also refer to the official website: http://gitolite.com/gitolite/cust.html#hooks