go-git - A highly extensible Git implementation in pure Go.

	Commit message (Collapse)	Author	Age	Files	Lines
*	plumbing: signature, support the same x509 signature formats as git	Yoav Amit	2024-08-20	1	-1/+14
\| \| \| \| \|	Commits and tags signed with x509 certificates may be encoded with the `SIGNED MESSAGE` PEM label. This behavior is consistent in [git](https://github.com/git/git/blob/master/gpg-interface.c\#L63) and [gpgsm](https://github.com/gpg/gnupg/blob/master/sm/sign.c\#L650) which is commonly used to produce these types of signatures.
*	fuzzing : fuzz testing support for oss-fuzz integration	Arjun Singh	2023-10-02	1	-0/+7
\| \| \| \|	Signed-off-by: Arjun Singh <ajsinghyadav00@gmail.com>
*	plumbing: support SSH/X509 signed tags	Hidde Beydals	2023-02-27	1	-0/+180
	This commit enables support for extracting the SSH and X509 signatures from (annotated) Git tags, as an initial step to support the verification of more signatures than just PGP in go-git. The ported logic from Git further ensures that we look for a signature at the tail of an annotation, instead of the first signature we find in the annotation, as this could theoretically result in a faulty signature getting detected if part of a an annotation itself (e.g. by being placed in the middle as part of an inherited message). For commits, no further change is required as the current extraction of any signature (format) from `gpgsig` in the commit header is sufficient for manual verification. In a future iteration, we could add `signature/ssh` and `signature/x509` packages to further enable people to deal with verifying other signatures than PGP. As well as adding additional methods to `Commit` and `Tag` to provide glue between the packages and the most prominent user-facing APIs. Signed-off-by: Hidde Beydals <hidde@hhh.computer>