我已经安装了git和gitosis,我需要添加一个检查,当某些东西被推入存储库时,用户名是有效的。
我认为pre-receive hook是正确的钩子,但是我无法找到gitosis进入存储库的真实用户名和电子邮件地址(由git config user.name和git设置的那些) config user.email)来自环境变量。 LOGNAME和USER都是'git'。 gitosis如何检测此信息,我是否也可以在预接收挂钩中找到它?
答案 0 :(得分:9)
嗯,根据我从githooks(5)收集的内容,pre-receive钩子会在stdin上获取更新后的参考号。
#!/bin/sh
while read old new name; do
email=$(git log -1 --pretty=format:%ae $new)
# check email
done
您需要检查电子邮件地址(可能有多行数据)并相应地退出脚本,即exit 0以获得成功,例如exit 1失败。
答案 1 :(得分:5)
好的,我们设法完成了工作,Bombe上面的答复帮了很多忙。这就是它的完成方式:
hooks/pre-receive
#!/usr/bin/perl
my $user = $ENV{'GITOSIS_USER'};
if ($user !~ m/^[^@]+@[^@]+$/ ) {
print STDERR "Unknown user. Not running under Gitosis?\n";
exit 1;
}
my $fail = 0;
while(<STDIN>) {
if (m/^([0-9a-f]+)\s+([0-9a-f]+)\s+(\S+)$/) {
my $oldver = $1;
my $curver = $2;
my $ref = $3;
my $ret = open (FH, "-|", "git", "rev-list", '--pretty=format:%H:%ae:%ce',$
if ($ret) {
# great and less brakets hidden in HTML: >FH<
while (<FH>) {
chomp;
my $line = $_;
if ($_ !~ m/commit /) {
my ($rev, $author, $committer) = split(":", $line);
if ( $author ne $user && $committer ne $user ) {
print STDERR "Unauthorized commit: $rev\n";
$fail++;
}
}
}
}
}
}
if ($fail) {
exit 1;
}
exit 0;
#!/usr/bin/perl
my $user = $ENV{'GITOSIS_USER'};
if ($user !~ m/^[^@]+@[^@]+$/ ) {
print STDERR "Unknown user. Not running under Gitosis?\n";
exit 1;
}
my $fail = 0;
while(<STDIN>) {
if (m/^([0-9a-f]+)\s+([0-9a-f]+)\s+(\S+)$/) {
my $oldver = $1;
my $curver = $2;
my $ref = $3;
my $ret = open (FH, "-|", "git", "rev-list", '--pretty=format:%H:%ae:%ce',$
if ($ret) {
# great and less brakets hidden in HTML: >FH<
while (<FH>) {
chomp;
my $line = $_;
if ($_ !~ m/commit /) {
my ($rev, $author, $committer) = split(":", $line);
if ( $author ne $user && $committer ne $user ) {
print STDERR "Unauthorized commit: $rev\n";
$fail++;
}
}
}
}
}
}
if ($fail) {
exit 1;
}
exit 0;
这意味着用户名必须与用于为gitosis密钥环创建ssh密钥的用户名相同。
答案 2 :(得分:2)
该脚本在几个方面被打破。首先,open()线被切断。在我修复之后,脚本在第一个while()上进入无限循环,甚至没有尝试调用git-rev-list。
在朋友们的帮助下,我设法将其整理了一下:
hooks/pre-receive
#!/usr/bin/perl
my $user = $ENV{'GITOSIS_USER'};
if ($user !~ m/^[^@]+@[^@]+$/ ) {
print STDERR "Unknown user. Not running under Gitosis?\n";
exit 1;
}
my $fail = 0;
while(<STDIN>) {
if (m/^([0-9a-f]+)\s+([0-9a-f]+)\s+(\S+)$/) {
my $oldver = $1;
my $curver = $2;
my $ref = $3;
my $ret = open (FH, "-|", "git", "rev-list", '-- pretty=format:%H:%ae:%ce',"$oldver..$curver");
if ($ret) {
while (<FH>) {
chomp;
my $line = $_;
if ($_ !~ m/commit /) {
my ($rev, $author, $committer) = split(":", $line);
if ( $author ne $user && $committer ne $user ) {
print STDERR "Unauthorized commit: $rev\n";
print STDERR "You must specify Author and Committer.\n";
print STDERR "Specified a/c: $author / $committer\n";
print STDERR "Expected user: $user\n";
$fail++;
}
}
}
}
}
}
if ($fail) {
exit 1;
}
exit 0;
#!/usr/bin/perl
my $user = $ENV{'GITOSIS_USER'};
if ($user !~ m/^[^@]+@[^@]+$/ ) {
print STDERR "Unknown user. Not running under Gitosis?\n";
exit 1;
}
my $fail = 0;
while(<STDIN>) {
if (m/^([0-9a-f]+)\s+([0-9a-f]+)\s+(\S+)$/) {
my $oldver = $1;
my $curver = $2;
my $ref = $3;
my $ret = open (FH, "-|", "git", "rev-list", '-- pretty=format:%H:%ae:%ce',"$oldver..$curver");
if ($ret) {
while (<FH>) {
chomp;
my $line = $_;
if ($_ !~ m/commit /) {
my ($rev, $author, $committer) = split(":", $line);
if ( $author ne $user && $committer ne $user ) {
print STDERR "Unauthorized commit: $rev\n";
print STDERR "You must specify Author and Committer.\n";
print STDERR "Specified a/c: $author / $committer\n";
print STDERR "Expected user: $user\n";
$fail++;
}
}
}
}
}
}
if ($fail) {
exit 1;
}
exit 0;
答案 3 :(得分:1)
在serve.py的第202行添加os.environ ['WHATVER_USER'] = user应该可以解决问题...
答案 4 :(得分:0)
您可以查看<gitosis-path>/.ssh/authorized_keys并查看:
command="gitosis-serve name@server",...
读取sshd的人员,发现:在command="command"之后,您可以添加environment="NAME=value"选项,为您的公共ssh密钥设置所需的用户名。并且不需要Gitosis/Serve.py编辑。
默认情况下禁用环境处理,并通过PermitUserEnvironment选项控制:
sudo echo "PermitUserEnvironment yes" >> /etc/ssh/sshd_config