To prevent people committing using "random weird accounts", you could set up a git pre-receive
hook to validate the commiter/author names on incoming commits against a list of valid names. But this doesn't provide the authentication component.
To prevent impersonation, you could simply required that all commmits are gpg-signed (git commit -S ...
), and have you pre-receive
hook validate the signatures against a gpg keyring on the server.
Depending on how people are connecting to your remote server, you could also explicitly match the commiter/author name against the username used for the connection, if you have access to that.
Update 1
If your committers are pushing to your server over ssh, then the third option above is probably the easiest. In your .ssh/authorized_keys
file, set an environment variable for each key that identifies the user:
environment="SSH_USER=lars" ssh-rsa ...
And then in your pre-receive
hook, you can use that environment variable to look up valid committer names/emails against some table. You can read about pre-receive
hooks in the githooks(5)
man page, they receive on stdin a lines of the form:
<oldrev> <newrev> <refname>
You can get the commit name from <newrev>
like this:
commiter_name=$(git show -s --format='format:%cn' <newrev>)
And the mail using %ce
instead of %cn
.
Update 2
Or heck, just forget table lookups. In your .ssh/authorized_keys
file:
environment="ALLOWED_NAME=Bob Jones",environment="ALLOWED_EMAIL=bob@example.com" ssh-rsa ...
And then in your pre-receive hook:
#!/bin/sh
while read oldrev newrev refname; do
cn=$(git show -s --format='format:%cn' $newrev)
ce=$(git show -s --format='format:%ce' $newrev)
[ "$cn" = "$ALLOWED_NAME" ] || {
echo "*** Inalid committer name"
exit 1
}
[ "$ce" = "$ALLOWED_EMAIL" ] || {
echo "*** Inalid committer email"
exit 1
}
done
And I think you have what you want.
Update 3
You could probably accomplish something similar using http
authentication, because within your pre-receive
script you would
have access to the REMOTE_USER
environment variable, which contains
the name of the authenticated remote user. You would probably need to
go with some sort of table lookup to get value of approved names and
email addresses.