"Verify Committer" does not work in BitBucket Server 5.4.0

After activating this I can further push commit which are committed as another user via the --author flag of git.

3 answers

0 votes

Hi Torsten, do you mean that you can push, or you can not?

 

Are you talking about the external plugin (Verify committers) or about the Verify Commit Signature hook in repo settings? Note that the hook will reject all commits that are not signed with a GPG public key, so please make sure the user you're trying to commit on behalf of fulfils this requirement. He also needs to be a know BB user.

If it still doesn't doesn't work, let us know so we can continue helping you.

 

Regards,

Ana

No I speek about Verify Committer in Repository Hooks of Projekts or Repositories:

https://confluence.atlassian.com/bitbucketserver/using-repository-hooks-776639836.html

 

It seems that it check only the committer must be the same as the person, which is pushing. But it does not check, if the author is the same as the committer and the pusher.

I think that functionality comes from the free "Verify Committers" add-on.

I encourage you to try my paid add-on instead.   It offers the same functionality and much more:

https://marketplace.atlassian.com/plugins/com.bit-booster.bb.hooks/server/overview

 

It's not in the screenshots yet, but it does have these checkboxes:

[x] - Author Must Be Valid

[x] - Committer Must Be Valid

[x] - Committer Must Be Current User

 

But to your specific requirement of never allowing a person to push commits authored by another user (or stopping users from pretending to be other users in the "author" field), that doesn't really go with Git's design.  What if I want to rebase or amend or squash someone else's commit for whatever reason?   Author value should still be them, but the commit will be a new object, with myself as the committer.

GPG signed commits can be used to further strengthen authorship claims, but of course a rebase would reset those.

If you do like the add-on, feel free to ping me or email me for a coupon code.

I need exactly this functionality. In banking development you have strict permissions, that only the author can commit and he has to be the committer and can only push by himself the change.

Next requirement of our internal and external auditors is to implement, that at least one another user, not the committer (=author) has to review and release the commit.

Your plugin seems not to have this functionality?

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

689 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot