portable: release 0.73

portable: remove sys/queue.h This is included portably.

document TOG_VIEW_SPLIT_MODE

CHANGES for 0.73

bump version number

sync distfile list

include system headers required for got_date.h directly, not indirectly

document SSH-based signing and verification in got(1) and got.conf(5)

add -V option to 'got tag' usage string, and replace underscore with a hyphen

add option-conflict handling for 'got tag' -s and -V options

add -v option to 'got tag' usage string

remove parts of tag_create_ssh_signed which just duplicate the tag_create test

got tag -V is like tag -l with verification, fix option-conflicts accordingly

in tests, verify that tag -V behaves like tag -l plus signature verification

add -V option to 'got tag' usage string, and replace underscore with a hyphen

check for specific chars instead of using isspace(3) Reminded by naddy and stsp; it was missing a cast to unsigned char to prevent issues on archs with signed chars and was too broad anyway. While here, drop an extra check immediately after. ok stsp@

got_date.h: add explicit #includes Don't rely on implicit/"hidden" includes, but rather add them to the header file so their inclusion doesn't result in missing values. Although not explicitly a functional change, this does help -portable. This ensures size_t/time_t are always present. OK @jrick

remove duplicate test_parseargs call spotted by op@

fix echo/printf order and actually run the test

portable: object_create: remove sys/queue.h This is included portably.

Add time_t

portable: add sigs/buf for signed commits Add support for upstream's tag signing commits, but adding the relevant files to autotools, and making those portable-compatible.

create and verify tags signed by SSH keys This adds a new -s flag to 'got tag' that specifies the signer identity (for example, a key file) of the tagger. The tag object will include a signature that validates each of the tag object headers and the tag message. Verifying these signed tags requires maintaining an allowed signers file which maps signer identities (i.e. the email address of the tagger) to SSH public keys. See ssh-keygen(1) for more details of the allowed signers file. After creating this file and providing the path to it in got.conf(5) using the allowed_signers option, tags may be verified using with 'got tag -V tag_name'. The return code will be non-zero if a signature fails to verify. ok stsp@

Use pipe() which is a more understood syscall than pipe2() which doesn't exist on MacOS, for instance. Since we we're passing in 0 to pipe2(), this mean no fcntl() flags were being sent. As such, it's the same syscall as pipe() which also has the added benefit that it's more portable. committing on behalf of thomas with my ok

whitespace fix