Add an API to verify a commit signature explicitly

We have a bunch of APIs to do GPG verification of a commit, but that doesn't generalize to signapi. Further, they require the caller to check the signature status explicitly which seems like a trap. This much higher level API works with both GPG and signapi. The intention is to use this in things that are doing "external pulls" like the ostree-ext tar import support. There we will get the commitmeta from the tarball and we want to verify it at the same time we import the commit.
author: Colin Walters <walters@verbum.org> 2021-04-12 18:42:05 -0400
committer: Colin Walters <walters@verbum.org> 2021-08-30 13:27:38 -0400
commit: 359435de843ce2a1e94941c24ec4ddd7d5a7bccb (patch)
tree: e1d745d1575c30526c7d5074a285703fe720bc45 /tests/.gitignore
parent: 30909a28f2aff54b615837a184f53509cbccc381 (diff)
download: ostree-359435de843ce2a1e94941c24ec4ddd7d5a7bccb.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/tests/.gitignore b/tests/.gitignore
index 938c169f..6355c8df 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -24,3 +24,4 @@ test-repo-finder-mount
 test-rfc2616-dates
 test-rollsum-cli
 test-kargs
+test-commit-sign-sh-ext
author	Colin Walters <walters@verbum.org>	2021-04-12 18:42:05 -0400
committer	Colin Walters <walters@verbum.org>	2021-08-30 13:27:38 -0400
commit	359435de843ce2a1e94941c24ec4ddd7d5a7bccb (patch)
tree	e1d745d1575c30526c7d5074a285703fe720bc45 /tests/.gitignore
parent	30909a28f2aff54b615837a184f53509cbccc381 (diff)
download	ostree-359435de843ce2a1e94941c24ec4ddd7d5a7bccb.tar.gz