fix tag signing when the key file does not exist This should fail without creating any tag. Before, ssh-keygen(1) would print an error to stderr, but got would create an unsigned tag. ok op@

create and verify tags signed by SSH keys This adds a new -s flag to 'got tag' that specifies the signer identity (for example, a key file) of the tagger. The tag object will include a signature that validates each of the tag object headers and the tag message. Verifying these signed tags requires maintaining an allowed signers file which maps signer identities (i.e. the email address of the tagger) to SSH public keys. See ssh-keygen(1) for more details of the allowed signers file. After creating this file and providing the path to it in got.conf(5) using the allowed_signers option, tags may be verified using with 'got tag -V tag_name'. The return code will be non-zero if a signature fails to verify. ok stsp@

build with -Wmissing-prototypes ok stsp@

inline struct got_object_id in struct got_object_qid Saves us from doing a malloc/free call for every item on the list. ok op@

compress delta data from delta_cache directly into pack file

add O_CLOEXEC (close-on-exec) flag to open(2) calls suggested by millert ok thomas_adam

remove outdated comment

for portability, handle errno variations upon open(2) failure with O_NOFOLLOW Problem pointed out by naddy for FreeBSD -portable. Discussed with millert, thomas adam, and naddy.

add a 'got merge' command for creating merge commits Additional testing by Thomas Adam. ok tracey

allow lockfiles to be used in cases where we have a dir_fd and a relative path

switch from SIMPLEQ to equivalent STAILQ macros The singly-linked tail queue macros were added to OpenBSD 6.9 and are more widely available on other systems. ok stsp

add checksum support to got_deflate_to_file() This will eventually be used by 'gotadmin pack'. Checksum init and finalization will need to be done by the caller since many objects will be written out in compressed form while we are computing checksums across the entire pack file. ok millert, naddy

make close(2) failure checks consistent; check 'close() == -1' everywhere ok millert, naddy

make fclose(3) failure checks consistent; check 'fclose() == EOF' everywhere ok millert, naddy

convert all remaining instances of chmod(2) to fchmod(2) ok stsp

fix potential type mismatches between format specifiers and arguments Cast printf arguments of type time_t and off_t to long long to match the %lld format specifier on platforms where this might not be the case. In parse.y, switch the number variable to long long because all its interactions are with that type anyway. ok millert stsp

make 'got histedit' collapse folded add+delete operations into a no-op If a merged commit wants to delete a locally added file, and this locally added file matches the content which was deleted in the commit being merged, we can go ahead with the deletion because there is no risk of data loss. fixes the histedit problem reported by jrick on freenode

restore 8k buffer size for hashing file contents in got_object_blob_create()

add symlink support to 'got commit'

allow creation of commits which carry unmodified submodule tree entries along approach suggested by ori@ and matches how git9 behaves ok semarie@ (who can now work with Rust-related Git repos containing submodules)

write directory tree entry mode bits in the same way as Git does

normalize tree entry modes to 0100644 or 0100755 when writing tree objects semarie@ reported an error from go-git used by Cirrus CI: "57243613255d758e15b0f5ae1c960b970f0435f8: malformed mode (0100640)!" 'git fsck' has no problem with mode 0100640. But writing just the two most commonly used file modes should provide the best compatibility.

NAME_MAX does not account for a terminating NUL

convert tree entries from SIMPLEQ to an array

use correct label for author (aka tagger) info when writing tag objects