I am trying to understand what a git repo itself without a server hosting it is able to do. My goal is a bare git repo somewhere on our network drive that people can pull and push to.
I was able to create a bare git repo, clone it, commit and push to it. Using git config user.name
I can even see who made which commit. That is almost ideal.
What I wonder is, if while having only a simple bare git repo I can somehow make sure that specific person actually made the commit, since git config user.name
can be changed any time by a committer.
I guess account based authentication is out of consideration when not using an actual server. What I think might be possible is somehow setting allowed ssh public keys on the repo itself for people that should have access to specific branches and ideally even link a key to a specific user.name
. The git command itself would then validate that the pushing user has a private key that has its corresponding public part in the repo.
Is this possible or is this the point at which an actual server needs to be running? What about PGP?