Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

"Verify Committer" does not work in BitBucket Server 5.4.0

Torsten Kleiber
Torsten Kleiber October 17, 2017

After activating this I can further push commit which are committed as another user via the --author flag of git.

Answer
Watch
Like Be the first to like this
1633 views

3 answers

0 votes
Julius Davies _bit-booster_com_
Julius Davies _bit-booster_com_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 18, 2017

I think that functionality comes from the free "Verify Committers" add-on.

I encourage you to try my paid add-on instead.   It offers the same functionality and much more:

https://marketplace.atlassian.com/plugins/com.bit-booster.bb.hooks/server/overview

 

It's not in the screenshots yet, but it does have these checkboxes:

[x] - Author Must Be Valid

[x] - Committer Must Be Valid

[x] - Committer Must Be Current User

 

But to your specific requirement of never allowing a person to push commits authored by another user (or stopping users from pretending to be other users in the "author" field), that doesn't really go with Git's design.  What if I want to rebase or amend or squash someone else's commit for whatever reason?   Author value should still be them, but the commit will be a new object, with myself as the committer.

GPG signed commits can be used to further strengthen authorship claims, but of course a rebase would reset those.

If you do like the add-on, feel free to ping me or email me for a coupon code.

View More Comments
Torsten Kleiber
Torsten Kleiber October 18, 2017

I need exactly this functionality. In banking development you have strict permissions, that only the author can commit and he has to be the committer and can only push by himself the change.

Next requirement of our internal and external auditors is to implement, that at least one another user, not the committer (=author) has to review and release the commit.

Your plugin seems not to have this functionality?

Like
Reply
0 votes
Ana Retamal
Ana Retamal
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 17, 2017

Hi Torsten, do you mean that you can push, or you can not?

 

Are you talking about the external plugin (Verify committers) or about the Verify Commit Signature hook in repo settings? Note that the hook will reject all commits that are not signed with a GPG public key, so please make sure the user you're trying to commit on behalf of fulfils this requirement. He also needs to be a know BB user.

If it still doesn't doesn't work, let us know so we can continue helping you.

 

Regards,

Ana

View More Comments
Torsten Kleiber
Torsten Kleiber October 17, 2017

No I speek about Verify Committer in Repository Hooks of Projekts or Repositories:

https://confluence.atlassian.com/bitbucketserver/using-repository-hooks-776639836.html

 

It seems that it check only the committer must be the same as the person, which is pushing. But it does not check, if the author is the same as the committer and the pusher.

Like
Bryan Turner
Bryan Turner
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 23, 2019

@Torsten Kleiber

In order to allow for rebase workflows and cherry-picking, the author is intentionally not verified (for exactly the reasons @Julius Davies _bit-booster_com_ mentioned below). At the moment, the system doesn't offer a built-in way to configure that check to verify both author and committer.

If this is still something you need, you may want to create a suggestion in the BSERV project at jira.atlassian.com. Be sure to describe your use case!

Best regards,
Bryan Turner
Atlassian Bitbucket

Like
Torsten Kleiber
Torsten Kleiber April 28, 2019

As we dont need and for auditing reasons not allowed to do do rebase and cherry picking in the meantime I have written and activated my own add on, which prevent this on pull.

Kind regards

Torsten Kleiber

Like
Reply
0 votes
Ana Retamal
Ana Retamal
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 17, 2017

.

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events