问题
I'm trying to setup a gitolite server. One problem that I find annoying in git is the username is not checked when committing code.
This can lead to a possible "identity phishing" where user1 can commit some bogus code and set user2 as username. Then we'll blame user2.
I'm looking for a way to check or force the username to be consistent with the committer's identity.
回答1:
You can sign your commits using: git commit -S (only available since git 1.7.9)
You can then use a server-side git hook to refuse any unsigned commit.
Source: http://phreaknerd.wordpress.com/2012/02/09/signing-git-commits-with-your-gpg-key/
回答2:
With a git hook, you get the ref which is updated. You can check the whole commits tree being pushed and thus get the commiter name & email (though if it's not signed, you won't ever be sure of it).
Gitolite uses env variables to store various informations, you can take them to get the name of the person being connected, and do your verification.
来源:https://stackoverflow.com/questions/10299966/with-a-git-hook-how-do-i-force-or-check-user-identity