使用apache基本身份验证用户作为git作者
[英]use apache basic auth user as git author
问题描述
I have set up gitlist + apache + basic auth + git-http-backend, and both web display and git clone of git repository are working fine. 
我已经设置了gitlist + apache + basic auth + git-http-backend,并且Web显示和git存储库的git clone都工作正常。
However, for the committed code, I want to use the username during apache authentication for the author name (or committer name). 但是,对于提交的代码,我想在apache身份验证期间使用用户名作为作者名(或提交者名)。
The reason is, sometimes the engineers would do ad-hoc patching on the testing servers directly, and push the code back to git after the patch is finalized. 原因是,有时工程师会直接在测试服务器上进行临时补丁,并在补丁最终确定后将代码推回git。 Hence, now all patches shared the same author name, which is difficult for checking (or blame). 因此,现在所有补丁共享相同的作者姓名,这很难检查(或怪罪)。
Any advice about this please? 有什么建议吗? thanks a lot. 非常感谢。
2 个解决方案
解决方案1
0 2014-07-23 06:35:51
When I do modifications on the server directly, I wrap git in a custom script ( wgit ) which forces the user to choose an alias like: 当我直接在服务器上进行修改时,我将git包装在自定义脚本( wgit )中 ,该脚本强制用户选择一个别名,例如:
alias agitVoncGitHub='alias git="${H}/sbin/wgit u VonC,vonc@laposte.net,github.com"'
That mean a git xxx will actually call: 这意味着一个git xxx实际上会调用:
sbin/wgit u VonC,vonc@laposte.net,github.com xxx
If wgit (default alias for git ) is used alone, an error message is displayed : 如果wgit ( git默认别名), 则会显示错误消息 :
echo type alias and choose the right agitxx to activate in order for your git to identify yourself
exit 1
The two first parameters defines a username and email which will be reused to modify the Git environment variables : 前两个参数定义了用户名和电子邮件,可将其重用于修改Git环境变量 :
# if parent shell had already set authentication variables, nothing to do: commit will be correctly signed-off
if [[ ! ( $GIT_AUTHOR_NAME && $GIT_AUTHOR_EMAIL && $GIT_COMMITTER_NAME && $GIT_COMMITTER_EMAIL ) ]]
then
export GIT_AUTHOR_NAME=$username
export GIT_COMMITTER_NAME=$username
export GIT_AUTHOR_EMAIL=$email
export GIT_COMMITTER_EMAIL=$email
fi
That allows me to add to the prompt a message displaying at all time (for any for any git command) who you are: 这使我可以在提示符下随时显示一条消息 (对于任何git命令而言):
echo -e "[ \E[34;47m$GIT_AUTHOR_NAME,$GIT_AUTHOR_EMAIL for $machine\033[0m ]"
nextcmd=${gitcmd[0]}
If you really need to bypass that authentication part, you can add an xxgit variable in front of your git command : 如果您确实需要绕过该身份验证部分,则可以在git命令前面添加一个xxgit变量 :
xxgit=1 git ...
That git ... command will work even if you didn't pick an alias to identify yourself. 即使您没有选择别名来标识自己,该git ...命令也将起作用。
解决方案2
0 2014-07-24 06:46:05
So after some further research, here is what I got so far. 因此,经过进一步研究,这是我到目前为止所得到的。
as a matter of fact, the hooks of git (eg pre-receive and post-receive) did collect the username of apache authentication, as a shell variable
${REMOTE_USER}or${GIT_COMMITTER_NAME}.实际上,git的钩子(例如,接收前和接收后)确实收集了Apache身份验证的用户名,作为外壳变量${REMOTE_USER}或${GIT_COMMITTER_NAME}。However it did not help much, as it seems very difficult to change the author name of a commit inside hooks (which seems reasonable).
但是,它并没有太大帮助,因为在钩子中更改提交的作者名称似乎非常困难(这似乎很合理)。 Using some hacks, I could make sure my ticket system (Trac) uses the apache user instead, but that would probably cause more confusion. 使用一些技巧,我可以确保票务系统(Trac)改用apache用户,但这可能会引起更多混乱。 For now, I would just add some checking inside the pre-receive hook , so that the author of each commit should match the user list inside the git system.
现在,我将在pre-receive hook内添加一些检查 ,以便每个提交的作者都应与git系统内的用户列表匹配。 If not, the push is rejected, and the user need to modify back the author using rebase. 如果不是,则推送被拒绝,用户需要使用rebase修改回作者。 So unless the engineer explicitly uses legitimate author name of others, he should always try to commit the change using his own name of login.
因此,除非工程师明确使用他人的合法作者名,否则他应始终尝试使用自己的登录名来提交更改。 In the long run, I believe each engineer should indeed have his own account, as described by Vonc, that would make things much more clear.
从长远来看,我相信每个工程师的确应该有自己的帐户(如Vonc所述),这将使事情变得更加清晰。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.