aboutsummaryrefslogtreecommitdiffstats
path: root/go.mod
diff options
context:
space:
mode:
authorHidde Beydals <hidde@hhh.computer>2023-02-27 21:42:45 +0100
committerHidde Beydals <hidde@hhh.computer>2023-02-27 22:08:42 +0100
commitf1dc529fac28e6c45882292184270f94b5d30b7f (patch)
treec0ea214143dc9746dda0615422d7c7437aef395c /go.mod
parent7ab4957732a817bada223e5c361f0c9753d9e40c (diff)
downloadgo-git-f1dc529fac28e6c45882292184270f94b5d30b7f.tar.gz
plumbing: support SSH/X509 signed tags
This commit enables support for extracting the SSH and X509 signatures from (annotated) Git tags, as an initial step to support the verification of more signatures than just PGP in go-git. The ported logic from Git further ensures that we look for a signature at the tail of an annotation, instead of the first signature we find in the annotation, as this could theoretically result in a faulty signature getting detected if part of a an annotation itself (e.g. by being placed in the middle as part of an inherited message). For commits, no further change is required as the current extraction of any signature (format) from `gpgsig` in the commit header is sufficient for manual verification. In a future iteration, we could add `signature/ssh` and `signature/x509` packages to further enable people to deal with verifying other signatures than PGP. As well as adding additional methods to `Commit` and `Tag` to provide glue between the packages and the most prominent user-facing APIs. Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Diffstat (limited to 'go.mod')
0 files changed, 0 insertions, 0 deletions