Just like "git commit" does.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

We have kept the original "git commit-tree <tree> -p <parent> ..." syntax
forever, but "git commit-tree -p <parent> -p <parent> ... <tree>" would be
more intuitive way to spell it. Dashed flags along with their arguments
come first and then the "thing" argument after the flags.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

After running "git pull $there for-linus" to merge a signed tag, the
integrator may need to amend the resulting merge commit to fix typoes
in it. Teach --amend option to read the existing extra headers, and
carry them forward.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

Now that we allow pulling a tag from the remote site to validate the
authenticity, we should give the user the final chance to verify and edit
the merge message. The integrator is expected to leave a meaningful merge
commit log in the history. Disallow fast-forwarding in such a case to
ensure that a merge commit is always recorded.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

Now MERGE_HEAD records the tag objects without peeling, we could record
the result of manual conflict resolution via "git commit" without losing
the tag information. Introduce a new "mergetag" multi-line header field to
the commit object, and use it to store the entire contents of each signed
tag merged.

A commit header that has a multi-line payload begins with the header tag
(e.g. "mergetag" in this case), SP, the first line of payload, LF, and all
the remaining lines have a SP inserted at the beginning.

In hindsight, it would have been better to make "merge --continue" as the
way to continue from such an interrupted merge, not "commit", but this is
a backward compatibility baggage we would need to carry around for now.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

Otherwise, "git commit" wouldn't have a way to tell that we were in the
middle of merging an annotated or signed tag, not a plain commit, after
"git merge" stops to ask the user to resolve conflicts.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

The merge-recursive code uses the commit->util field directly to annotate
the commit objects given from the command line, i.e. the remote heads to
be merged, with a single string to be used to describe it in its trace
messages and conflict markers.

Correct this short-signtedness by redefining the field to be a pointer to
a structure "struct merge_remote_desc" that later enhancements can add
more information. Store the original objects we were told to merge in a
field "obj" in this struct, so that we can recover the tag we were told to
merge.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

When a contributor asks the integrator to merge her history, a signed tag
can be a good vehicle to communicate the authenticity of the request while
conveying other information such as the purpose of the topic.

E.g. a signed tag "for-linus" can be created, and the integrator can run:

   $ git pull git://example.com/work.git/ for-linus

This would allow the integrator to run "git verify-tag FETCH_HEAD" to
validate the signed tag.

Update fmt-merge-msg so that it pre-fills the merge message template with
the body (but not signature) of the tag object to help the integrator write
a better merge message, in the same spirit as the existing merge.log summary
lines.

The message that comes from GPG signature validation is also included in
the merge message template to help the integrator verify it, but they are
prefixed with "#" to make them comments.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

This way new features can be added more easily
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

In various places in the codepath, the program tries to return early
assuming there is no more work needed. That is generally untrue when
over time new features are added.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

"git log frotz" can DWIM to "refs/remotes/frotz/HEAD", but in the remote
access context, "git fetch frotz" to fetch what the other side happened to
have fetched from what it calls 'frotz' (which may not have any relation
to what we consider is 'frotz') the last time would not make much sense,
so the fetch rules table did not include "refs/remotes/%.*s/HEAD".

When the user really wants to, "git fetch $there remotes/frotz/HEAD" would
let her do so anyway, so this is not about safety or security; it merely
is about confusion avoidance and discouraging meaningless usage.

Specifically, it is _not_ about ambiguity avoidance. A name that would
become ambiguous if we use the same rules table for both fetch and local
rev-parse would be ambiguous locally at the remote side.

So for the same reason as we added rule to allow "git fetch $there v1.0"
instead of "git fetch $there tags/v1.0" in the previous commit, here is a
bit longer rope for the users, which incidentally simplifies our code.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

You can already do so with "git fetch $there tags/v1.0" but if it is not
ambiguous there is no reason to force users to type more.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

This also updates the autogenerated merge title message from "merge commit X"
to "merge tag X", and its effect can be seen in the changes to the test suite.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

We do not want to record tags as parents of a merge when the user does
"git pull $there tag v1.0" to merge tagged commit, but that is not a good
enough excuse to peel the tag down to commit when storing in FETCH_HEAD.
The caller of underlying "git fetch $there tag v1.0" may have other uses
of information contained in v1.0 tag in mind.

[jc: the test adjustment is to update for the new expectation]
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

This mostly moves existing code from builtin/tag.c (for signing)
and builtin/verify-tag.c (for verifying) to a new gpg-interface.c
file to provide a more generic library interface.

 - sign_buffer() takes a payload strbuf, a signature strbuf, and a signing
   key, runs "gpg" to produce a detached signature for the payload, and
   appends it to the signature strbuf. The contents of a signed tag that
   concatenates the payload and the detached signature can be produced by
   giving the same strbuf as payload and signature strbuf.

 - verify_signed_buffer() takes a payload and a detached signature as
   <ptr, len> pairs, and runs "gpg --verify" to see if the payload matches
   the signature. It can optionally capture the output from GPG to allow
   the callers to pretty-print it in a way more suitable for their
   contexts.

"verify-tag" (aka "tag -v") used to save the whole tag contents as if it
is a detached signature, and fed gpg the payload part of the tag. It
relied on gpg to fail when the given tag is not signed but just is
annotated.  The updated run_gpg_verify() function detects the lack of
detached signature in the input, and errors out without bothering "gpg".
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

* js/merge-edit-option:
  Teach merge the '[-e|--edit]' option

Conflicts:
	builtin/merge.c

* rs/diff-whole-function:
  diff: add option to show whole functions as context
  xdiff: factor out get_func_line()

* rs/pickaxe:
  pickaxe: factor out pickaxe
  pickaxe: give diff_grep the same signature as has_changes
  pickaxe: pass diff_options to contains and has_changes
  pickaxe: factor out has_changes
  pickaxe: plug regex/kws leak
  pickaxe: plug regex leak
  pickaxe: plug diff filespec leak with empty needle

* js/no-cherry-pick-head-after-punted:
  cherry-pick: do not give irrelevant advice when cherry-pick punted
  revert.c: defer writing CHERRY_PICK_HEAD till it is safe to do so

* bk/submodule-in-recursive-merge:
  submodule: Search for merges only at end of recursive merge
  submodule: Demonstrate known breakage during recursive merge

* jm/maint-apply-detects-corrupt-patch-header:
  fix "git apply --index ..." not to deref NULL

* jk/config-test-cleanup:
  t1300: attempting to remove a non-existent .git/config is not an error

Since some tests before test number 79 ("quoting") are skipped, .git/config
does not exist and 'rm .git/config' fails. Fix this particular case.

While at it, move other instance of 'rm .git/config' that occur in this
file inside the test function to document that the test cases want to
protect themselves from remnants of earlier tests.
Signed-off-by: NJohannes Sixt <j6t@kdbg.org>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

* js/log-show-children:
  log --children

* cb/httpd-test-fix-port:
  use test number as port number

* jn/gitweb-manpages:
  gitweb: Add gitweb manpages to 'gitweb' package in git.spec
  Documentation: Add gitweb config variables to git-config(1)
  Documentation: Link to gitweb(1) and gitweb.conf(5) in other manpages
  gitweb: Add gitweb(1) manpage for gitweb itself
  gitweb: Add gitweb.conf(5) manpage for gitweb configuration files

* pt/mingw-misc-fixes:
  t9901: fix line-ending dependency on windows
  mingw: ensure sockets are initialized before calling gethostname
  mergetools: use the correct tool for Beyond Compare 3 on Windows
  t9300: do not run --cat-blob-fd related tests on MinGW
  git-svn: On MSYS, escape and quote SVN_SSH also if set by the user
  t9001: do not fail only due to CR/LF issues
  t1020: disable the pwd test on MinGW

* md/smtp-tls-hello-again:
  send-email: Honour SMTP domain when using TLS

* maint:
  strbuf.c: remove unnecessary strbuf_grow() from strbuf_getwholeline()

This use of strbuf_grow() is a historical artifact that was once used to
ensure that strbuf.buf was allocated and properly nul-terminated.  This
was added before the introduction of the slopbuf in b315c5c0, which
guarantees that strbuf.buf always points to a usable nul-terminated string.
So let's remove it.
Signed-off-by: NBrandon Casey <drafnel@gmail.com>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

Signed-off-by: NJunio C Hamano <gitster@pobox.com>

* jk/http-auth:
  http_init: accept separate URL parameter
  http: use hostname in credential description
  http: retry authentication failures for all http requests
  remote-curl: don't retry auth failures with dumb protocol
  improve httpd auth tests
  url: decode buffers that are not NUL-terminated

* js/check-ref-format-test-mingw:
  t1402-check-ref-format: skip tests of refs beginning with slash on Windows

* jk/pull-rebase-with-work-tree:
  pull,rebase: handle GIT_WORK_TREE better

Conflicts:
	git-pull.sh

* jk/config-test-cleanup:
  t1300: test mixed-case variable retrieval
  t1300: put git invocations inside test function

* bc/attr-ignore-case:
  attr.c: respect core.ignorecase when matching attribute patterns
  attr: read core.attributesfile from git_default_core_config
  builtin/mv.c: plug miniscule memory leak
  cleanup: use internal memory allocation wrapper functions everywhere
  attr.c: avoid inappropriate access to strbuf "buf" member

Conflicts:
	transport-helper.c

* sg/completion:
  completion: unite --format and --pretty for 'log' and 'show'
  completion: unite --reuse-message and --reedit-message for 'notes'

* mm/maint-config-explicit-bool-display:
  config: display key_delim for config --bool --get-regexp

* tc/fetch-leak:
  fetch: plug two leaks on error exit in store_updated_refs

Conflicts:
	builtin/fetch.c

* jk/name-hash-dirent:
  fix phantom untracked files when core.ignorecase is set