use apache basic auth user as git author

Question

I have set up gitlist + apache + basic auth + git-http-backend, and both web display and git clone of git repository are working fine.

However, for the committed code, I want to use the username during apache authentication for the author name (or committer name).

The reason is, sometimes the engineers would do ad-hoc patching on the testing servers directly, and push the code back to git after the patch is finalized. Hence, now all patches shared the same author name, which is difficult for checking (or blame).

Any advice about this please? thanks a lot.

Answer 1

When I do modifications on the server directly, I wrap git in a custom script (wgit) which forces the user to choose an alias like:

alias agitVoncGitHub='alias git="${H}/sbin/wgit u VonC,[email protected],github.com"'

That mean a git xxx will actually call:

sbin/wgit u VonC,[email protected],github.com xxx

If wgit (default alias for git) is used alone, an error message is displayed:

echo type alias and choose the right agitxx to activate in order for your git to identify yourself
exit 1

The two first parameters defines a username and email which will be reused to modify the Git environment variables:

# if parent shell had already set authentication variables, nothing to do: commit will be correctly signed-off
if [[ ! ( $GIT_AUTHOR_NAME && $GIT_AUTHOR_EMAIL && $GIT_COMMITTER_NAME && $GIT_COMMITTER_EMAIL ) ]]
then
  export GIT_AUTHOR_NAME=$username
  export GIT_COMMITTER_NAME=$username
  export GIT_AUTHOR_EMAIL=$email
  export GIT_COMMITTER_EMAIL=$email
fi

That allows me to add to the prompt a message displaying at all time (for any for any git command) who you are:

echo -e "[ \E[34;47m$GIT_AUTHOR_NAME,$GIT_AUTHOR_EMAIL for $machine\033[0m ]"
nextcmd=${gitcmd[0]}

If you really need to bypass that authentication part, you can add an xxgit variable in front of your git command:

xxgit=1 git ...

That git ... command will work even if you didn't pick an alias to identify yourself.

Answer 2

So after some further research, here is what I got so far.

1. as a matter of fact, the hooks of git (e.g. pre-receive and post-receive) did collect the username of apache authentication, as a shell variable ${REMOTE_USER} or ${GIT_COMMITTER_NAME}.

2. However it did not help much, as it seems very difficult to change the author name of a commit inside hooks (which seems reasonable). Using some hacks, I could make sure my ticket system (Trac) uses the apache user instead, but that would probably cause more confusion.

3. For now, I would just add some checking inside the pre-receive hook, so that the author of each commit should match the user list inside the git system. If not, the push is rejected, and the user need to modify back the author using rebase.

4. So unless the engineer explicitly uses legitimate author name of others, he should always try to commit the change using his own name of login.

5. In the long run, I believe each engineer should indeed have his own account, as described by Vonc, that would make things much more clear.