How to track who pushed into a Gitosis repository?_问答_开发者

How to track who pushed into a Gitosis repository?

开发者 https://www.devze.com 2023-01-08 20:48 出处：网络

I\'m using Gitosis to manage a set of repositories.The problem I have is that Gitosis doesn\'t maintain a record of which user pushed a particular commit.The only information I have are the \"Author\"

相关专题：git gitosis

I'm using Gitosis to manage a set of repositories. The problem I have is that Gitosis doesn't maintain a record of which user pushed a particular commit. The only information I have are the "Author" and "Committer" fields in the commit itself, and these could be set to anything at all by the "pusher".

Now I realise that a single "push" can send many, many commits to the Gitosis server, and each of them would have been created by the individual developer, so I should restrict myself by saying I'm only interested in the head commit on the branch that's been pushed. This commit will (开发者_JS百科should!) have been created by the person creating the release, so I want to know who that is so I can go beat them up if there are problems.

The idea I have is to use a hook on the server to compare the head commit's Committer to the gitosis user name. If they're both "john.doe@example.com" then the pusher is the committer and the push is allowed, otherwise it is rejected. Is that feasible? Which hook should I use - I think "update" is the one, though pre-receive and post-receive are possibles too.

I also thought about using the post-receive hook to tag the head commit, getting it to put the pusher's user name in the annotated tag message. The problem with this is that someone looking at the commit won't necessarily be aware of the tag.

I'm open to other suggestions on how to do this. The basic idea is that I want to know which Gitosis user pushed to a particular branch.

If I could find out who pushed a tag (or restrict the pusher to be the tagger) then that would be even better!

Kevin

AFAIK gitosis leaves it entirely up to SSH to determine (via public key authentication) who is allowed access to the repo and who isn't. From there, to the git-serve instance all users are identified by the 'author' and 'commiter' fields only.

What's wrong with just using the 'author' and 'commiter' fields anyway? If you're worried about people spoofing them, use two repositories: 'development' and 'release', and use a more fine-grained access control scheme in your gitosis.conf to only allow write access to 'release' for particular keys.