通过 SSH git push 设置环境变量

Setting environment variable through SSH git push

我正在阅读 Scott Chacon 的 Git 书,只是想确认一些事情。这部分:

You also have access to the user doing the pushing if the push is being run over SSH. If you’ve allowed everyone to connect with a single user (like “git”) via public-key authentication, you may have to give that user a shell wrapper that determines which user is connecting based on the public key, and set an environment variable accordingly. Here we’ll assume the connecting user is in the $USER environment variable, so your update script begins by gathering all the information you need:

#!/usr/bin/env ruby

$refname = ARGV[0]
$oldrev  = ARGV[1]
$newrev  = ARGV[2]
$user    = ENV['USER']

puts "Enforcing Policies..."
puts "(#{$refname}) (#{$oldrev[0,6]}) (#{$newrev[0,6]})"

我认为推送器需要安装一个围绕 ssh 命令的脚本。例如,该脚本可能会将 GIT_SSH 或 GIT_SSH_COMMAND 环境变量设置为指向一个 shell 脚本,该脚本可能具有类似

#!/bin/bash

HOST=
shift
ssh -i ~/.ssh/id_rsa $HOST USER=foo $@

现在只要 git 推送完成并且远程包含 ssh url,它将调用该脚本并在传递 USER 环境变量时更新 refs。

另一种方法是在本地计算机上使用 ~/.ssh/config 中的“SendEnv USER”,在远程 git 服务器上使用 /etc/ssh/sshd_config 中的“AcceptEnv USER”。

想到的任何其他扩展粗体部分的方法?我特别在寻找一种不需要推动者在配置环境方面做很多工作的方法。假设每个人的 运行 某种形式的 Windows 并且需要通过一些 Unix 模拟器(如 Cygwin)设置 ssh。

此示例与 shell 或 ssh 命令无关。

取自"Server-Side Hook" section, and describe how to tailored the update hook基于用户(通过ssh认证)

Here we’ll assume the connecting user is in the $USER environment variable

没有说明这是如何完成的,但是 gitolite (a perl-based authorization layer, which very much needs the user authenticated id) is using ssh forced command~git/.ssh/authorized_keys 中的每个 public 键都包含对一个包装脚本,它接收用户 ID 参数。
该脚本将:

  • 执行git命令
  • 如果此命令不是 git 命令,则失败

~git/.ssh/authorized_keys中,你没有只有public键,而是以用户id作为参数调用wrapper :

command="/wrapper/script userid",no-port-forwarding,no-X11-for        warding,no-agent-forwarding,no-pty ssh-rsa AAAAB3N...
         ^^^^^^^^^^^^^^^
         (forced command)

您可以在 src/gitolite-shell#L102-L108.

中看到(git此处为 olite)包装器脚本设置的环境变量