Stop users committing to git as wrong user

Question

I\'m using git and Codebase for a project.

I just did a test and I\'m able to commit to the git repository with a different email address and name set which causes i

Answer 1

Ooops: While this is a valid technique, it assumes you have effectively full control over the server. If you're using a hosted solution all bets are off.

You can validate the author name and email in the repository's update hook. You can get both values like this:

#!/bin/sh
set -- refname sha1_old sha1_new
author_name=$(git log --pretty=format:%an $sha1_new)
author_email=$(git log --pretty=format:%ae $sha1_new)

The trick, of course, is figuring out whether or not these are valid. Here's one trick:

You can use the command="" option in your ssh configuration to make a wrapper around git-receive-pack that maps ssh keys to author information. For example, something like this:

#!/bin/sh

GV_AUTHOR_NAME="$1"
GV_AUTHOR_EMAIL="$2"

export GV_AUTHOR_EMAIL GV_AUTHOR_NAME
eval exec $SSH_ORIGINAL_COMMAND

And you would use an authorized_keys line something like this:

command="~/bin/gitvalidator 'Lars Kellogg-Stedman' 'lars@seas.harvard.edu'" ssh-rsa ...

The result of all this is that your update script would have the environment variables GV_AUTHOR_NAME and GV_AUTHOR_EMAIL available, and could check these against the commit and exit with an error if they didn't match.