spotted using -portable on a system without openssh installed. Showing the program we've failed to exec can be handy. ok stsp@

Rather than assume all dependencies are required for all programs, split them out. This will make packaging easier, as well as splitting the code to use subprojects. Note that due to the use of config.h semantics, in most cases the got_compat.h header file is now at the top of the .c file it is included in, so that it can handle the system header inclusion properly.

Simply the SHA detection by not predicating on libcrypto, but instead checking individual header files.

Remove sha1.h as this is found portably across systems.

In preparation for wide sha256 support; stsp@ agrees. Change done mechanically with find . -iname \*.[cy] -exec sam {} + X ,x/<sha1\.h>/i/\n#include <sha2.h>

Allows 'got commit' to use a ".diff" suffix for temporary diff files. ok op@

Now that the handling of including sys/queue.h is better, there's no need to remove those lines from the source. Copy the location of those original sys/queue.h lines from upstream at the same line number, so as to avoid any conflicts in the future.

This uses the correct read and write ends of the fds returned by pipe(2) on linux. It also moves away from creating FILE* streams with fdopen and reading the stream with buf_load (which performs a fstat, and breaks due to a zero length file size on linux) by instead reading from the fd itself. Reported by abieber@, with assistance from stsp@ ok stsp@

Cast printf argument of type time_t to long long to match the %lld format specifier on platforms where this might not be the case.

Add support for upstream's tag signing commits, but adding the relevant files to autotools, and making those portable-compatible.

exist on MacOS, for instance. Since we we're passing in 0 to pipe2(), this mean no fcntl() flags were being sent. As such, it's the same syscall as pipe() which also has the added benefit that it's more portable. committing on behalf of thomas with my ok

This adds a new -s flag to 'got tag' that specifies the signer identity (for example, a key file) of the tagger. The tag object will include a signature that validates each of the tag object headers and the tag message. Verifying these signed tags requires maintaining an allowed signers file which maps signer identities (i.e. the email address of the tagger) to SSH public keys. See ssh-keygen(1) for more details of the allowed signers file. After creating this file and providing the path to it in got.conf(5) using the allowed_signers option, tags may be verified using with 'got tag -V tag_name'. The return code will be non-zero if a signature fails to verify. ok stsp@