Git/gitosis:如何检查用户名和电子邮件的有效性?
我已经安装了git和gitosis,我需要添加一个检查,以确保在将某些内容推入存储库时用户名有效Git/gitosis:如何检查用户名和电子邮件的有效性?,git,gitosis,Git,Gitosis,我已经安装了git和gitosis,我需要添加一个检查,以确保在将某些内容推入存储库时用户名有效 我认为pre-receive钩子是放置这个的正确钩子,但是我无法从环境变量中找到gitosis进入存储库的真实用户名和电子邮件地址(由git-config-user.name和git-config-user.email设置)。LOGNAME和USER都是“git”。gitosis如何检测此信息,以及我如何在预接收挂钩中找到它?Hmm,从我从预接收挂钩收集的信息中,我获得了stdin上更新的参考信息
我认为pre-receive钩子是放置这个的正确钩子,但是我无法从环境变量中找到gitosis进入存储库的真实用户名和电子邮件地址(由git-config-user.name和git-config-user.email设置)。LOGNAME和USER都是“git”。gitosis如何检测此信息,以及我如何在预接收挂钩中找到它?Hmm,从我从
预接收挂钩收集的信息中,我获得了stdin
上更新的参考信息
#!/bin/sh
while read old new name; do
email=$(git log -1 --pretty=format:%ae $new)
# check email
done
您需要检查电子邮件地址(可能有多行数据)并相应地退出脚本,即退出0
是否成功,例如退出1
是否失败。添加os.environ['WHATVER_USER']=serve.py中第202行的用户应该完成此操作…好的,我们成功完成了任务,Bombe上面的回答帮助很大。这是如何做到的:
- 我将os.environ['GITOSIS\u USER']=USER添加到GITOSIS/service.py,函数Main()并重新安装了它
- 然后,我创建了以下预接收脚本:
挂钩/预接收
#!/usr/bin/perl
my $user = $ENV{'GITOSIS_USER'};
if ($user !~ m/^[^@]+@[^@]+$/ ) {
print STDERR "Unknown user. Not running under Gitosis?\n";
exit 1;
}
my $fail = 0;
while(<STDIN>) {
if (m/^([0-9a-f]+)\s+([0-9a-f]+)\s+(\S+)$/) {
my $oldver = $1;
my $curver = $2;
my $ref = $3;
my $ret = open (FH, "-|", "git", "rev-list", '--pretty=format:%H:%ae:%ce',$
if ($ret) {
# great and less brakets hidden in HTML: >FH<
while (<FH>) {
chomp;
my $line = $_;
if ($_ !~ m/commit /) {
my ($rev, $author, $committer) = split(":", $line);
if ( $author ne $user && $committer ne $user ) {
print STDERR "Unauthorized commit: $rev\n";
$fail++;
}
}
}
}
}
}
if ($fail) {
exit 1;
}
exit 0;
#!/usr/bin/perl
my $user = $ENV{'GITOSIS_USER'};
if ($user !~ m/^[^@]+@[^@]+$/ ) {
print STDERR "Unknown user. Not running under Gitosis?\n";
exit 1;
}
my $fail = 0;
while(<STDIN>) {
if (m/^([0-9a-f]+)\s+([0-9a-f]+)\s+(\S+)$/) {
my $oldver = $1;
my $curver = $2;
my $ref = $3;
my $ret = open (FH, "-|", "git", "rev-list", '-- pretty=format:%H:%ae:%ce',"$oldver..$curver");
if ($ret) {
while (<FH>) {
chomp;
my $line = $_;
if ($_ !~ m/commit /) {
my ($rev, $author, $committer) = split(":", $line);
if ( $author ne $user && $committer ne $user ) {
print STDERR "Unauthorized commit: $rev\n";
print STDERR "You must specify Author and Committer.\n";
print STDERR "Specified a/c: $author / $committer\n";
print STDERR "Expected user: $user\n";
$fail++;
}
}
}
}
}
}
if ($fail) {
exit 1;
}
exit 0;
#/usr/bin/perl
my$user=$ENV{'GITOSIS_user'};
如果($user!~m/^[^@]+@[^@]+$/){
打印STDERR“未知用户。未在Gitosis下运行?\n”;
出口1;
}
我的$fail=0;
while(){
如果(m/^([0-9a-f]+)\s+([0-9a-f]+)\s+(\s+$/){
my$oldver=$1;
my$curver=$2;
my$ref=$3;
my$ret=open(FH、-|“、“git”、“rev list”、“--pretty=格式:%H:%ae:%ce”$
如果($ret){
#HTML:FH中隐藏的大量和较少的brakets
而(){
咀嚼;
我的$line=$\ux;
如果($\uq!~m/commit/){
我的($rev,$author,$committer)=拆分(“:”,$line);
if($author ne$user&$committer ne$user){
打印STDERR“未经授权的提交:$rev\n”;
$fail++;
}
}
}
}
}
}
如果($失败){
出口1;
}
出口0;
这意味着用户名必须与用于为gitosis key ring创建ssh密钥的用户名相同。该脚本以几种方式被破坏。首先,open()行被切断。在我修复该问题后,该脚本在第一个while()上进入无限循环,甚至没有尝试调用git rev list
在朋友们的一点帮助下,我总算把它打扮了一番:
挂钩/预接收
#!/usr/bin/perl
my $user = $ENV{'GITOSIS_USER'};
if ($user !~ m/^[^@]+@[^@]+$/ ) {
print STDERR "Unknown user. Not running under Gitosis?\n";
exit 1;
}
my $fail = 0;
while(<STDIN>) {
if (m/^([0-9a-f]+)\s+([0-9a-f]+)\s+(\S+)$/) {
my $oldver = $1;
my $curver = $2;
my $ref = $3;
my $ret = open (FH, "-|", "git", "rev-list", '--pretty=format:%H:%ae:%ce',$
if ($ret) {
# great and less brakets hidden in HTML: >FH<
while (<FH>) {
chomp;
my $line = $_;
if ($_ !~ m/commit /) {
my ($rev, $author, $committer) = split(":", $line);
if ( $author ne $user && $committer ne $user ) {
print STDERR "Unauthorized commit: $rev\n";
$fail++;
}
}
}
}
}
}
if ($fail) {
exit 1;
}
exit 0;
#!/usr/bin/perl
my $user = $ENV{'GITOSIS_USER'};
if ($user !~ m/^[^@]+@[^@]+$/ ) {
print STDERR "Unknown user. Not running under Gitosis?\n";
exit 1;
}
my $fail = 0;
while(<STDIN>) {
if (m/^([0-9a-f]+)\s+([0-9a-f]+)\s+(\S+)$/) {
my $oldver = $1;
my $curver = $2;
my $ref = $3;
my $ret = open (FH, "-|", "git", "rev-list", '-- pretty=format:%H:%ae:%ce',"$oldver..$curver");
if ($ret) {
while (<FH>) {
chomp;
my $line = $_;
if ($_ !~ m/commit /) {
my ($rev, $author, $committer) = split(":", $line);
if ( $author ne $user && $committer ne $user ) {
print STDERR "Unauthorized commit: $rev\n";
print STDERR "You must specify Author and Committer.\n";
print STDERR "Specified a/c: $author / $committer\n";
print STDERR "Expected user: $user\n";
$fail++;
}
}
}
}
}
}
if ($fail) {
exit 1;
}
exit 0;
!/usr/bin/perl
my$user=$ENV{'GITOSIS_user'};
如果($user!~m/^[^@]+@[^@]+$/){
打印STDERR“未知用户。未在Gitosis下运行?\n”;
出口1;
}
我的$fail=0;
while(){
如果(m/^([0-9a-f]+)\s+([0-9a-f]+)\s+(\s+$/){
my$oldver=$1;
my$curver=$2;
my$ref=$3;
我的$ret=open(FH、-|“、“git”、“版本列表”、“--pretty=格式:%H:%ae:%ce”、“$oldver..$curver”);
如果($ret){
而(){
咀嚼;
我的$line=$\ux;
如果($\uq!~m/commit/){
我的($rev,$author,$committer)=拆分(“:”,$line);
if($author ne$user&$committer ne$user){
打印STDERR“未经授权的提交:$rev\n”;
print STDERR“您必须指定作者和提交人。\n”;
打印标准“指定账款:$author/$committer\n”;
打印STDERR“预期用户:$user\n”;
$fail++;
}
}
}
}
}
}
如果($失败){
出口1;
}
出口0;
您可以检查/.ssh/authorized_key
并查看:
command="gitosis-serve name@server",...
阅读sshd的man
并发现:在command=“command”
之后,您可以添加environment=“NAME=value”
选项为您的公共ssh密钥设置所需的用户名。并且不需要任何Gitosis/service.py
编辑
默认情况下禁用环境处理,并通过PermitUserEnvironment
选项进行控制:
sudo echo "PermitUserEnvironment yes" >> /etc/ssh/sshd_config
好的,这实际上回答了我的问题,但事实上我的问题不是正确的:(我真正需要看到的是gitosis用于匹配ssh密钥的电子邮件地址。原因:我们有一个autobuild系统,它具有有限的访问权限。每个人都可以写入存储库(因此gitosis access没有帮助),但只允许部分用户生成。假设我有生成权限。其他人只需要更改电子邮件地址(git config user.email)我需要检查gitosis使用的电子邮件地址,以检查ssh密钥以防止出现这种情况。我从未使用过gitosis,因此在这方面我无法帮助您,抱歉。抱歉,我已测试过,据我所知,这在pre-receive中不起作用,因为日志仅包含提交的事件。