include sha2.h too where sha1.h is included In preparation for wide sha256 support; stsp@ agrees. Change done mechanically with find . -iname \*.[cy] -exec sam {} + X ,x/<sha1\.h>/i/\n#include <sha2.h>

move got_gotconfig_read() into new file read_gotconfig_privsep.c

add signer_id option to got.conf(5) Setting this option will cause 'got tag' to sign all created tags using the SSH key, unless overridden by the -s flag. ok stsp@

create and verify tags signed by SSH keys This adds a new -s flag to 'got tag' that specifies the signer identity (for example, a key file) of the tagger. The tag object will include a signature that validates each of the tag object headers and the tag message. Verifying these signed tags requires maintaining an allowed signers file which maps signer identities (i.e. the email address of the tagger) to SSH public keys. See ssh-keygen(1) for more details of the allowed signers file. After creating this file and providing the path to it in got.conf(5) using the allowed_signers option, tags may be verified using with 'got tag -V tag_name'. The return code will be non-zero if a signature fails to verify. ok stsp@

build with -Wmissing-prototypes ok stsp@

factorize imsg_clear calls after imsg_flush failures imsg_clear frees and closes resources allocated as part of enqueueing imsgs so it's a no-op after reads. discussed with and ok stsp@

add O_CLOEXEC (close-on-exec) flag to open(2) calls suggested by millert ok thomas_adam

add "branch" keyword to got.conf which specifies a list of branches to fetch ok tracey

allow NULL pointer argument for got_free_gotconfig()

add per-worktree got.conf(5) file in the .got directory; ok millert