Commit Briefs
add signer_id option to got.conf(5)
Setting this option will cause 'got tag' to sign all created tags using the SSH key, unless overridden by the -s flag. ok stsp@
regress test SSH key revocations
ok stsp@
remove duplicate test_parseargs call
spotted by op@
fix tag signing when the key file does not exist
This should fail without creating any tag. Before, ssh-keygen(1) would print an error to stderr, but got would create an unsigned tag. ok op@
create and verify tags signed by SSH keys
This adds a new -s flag to 'got tag' that specifies the signer identity (for example, a key file) of the tagger. The tag object will include a signature that validates each of the tag object headers and the tag message. Verifying these signed tags requires maintaining an allowed signers file which maps signer identities (i.e. the email address of the tagger) to SSH public keys. See ssh-keygen(1) for more details of the allowed signers file. After creating this file and providing the path to it in got.conf(5) using the allowed_signers option, tags may be verified using with 'got tag -V tag_name'. The return code will be non-zero if a signature fails to verify. ok stsp@
make it possible to show just one tag with 'got tag -l'
suggested by jrick ok jrick jamsek
use test(1) -eq and -ne to compare integers, and reduce quoting
This brings the rest of the regression test scripts in line with patch.sh.