plumbing: object, new Commit.Verify method

[darkowlzz]

This change adds Verify function to Commit object.

Verify(armoredKeyRing string) (*openpgp.Entity, error)

Provided an armored key ring, it verifies the signature of the commit.

I've tried it on my local repositories passing an armored key ring and it works as expected. But couldn't write a passing test for it because when I set a custom TreeHash and ParentHashes, the commit hash becomes 0000000000000000000000000000000000000000. Maybe I can use an existing signed commit in the fixtures, provided signing public key? Need help with the test.

Export an armored key ring:

$ gpg --armor --export [email protected]

fixes #605

[darkowlzz]

Alright, I've managed to write a working test to verify signature verification 😊

I don't think the test failures in travis and appveyor are related to my changes.

[mcuadros]

Its failing in TravisCI after merged it: https://travis-ci.org/src-d/go-git/jobs/306660028. Can you fix this @darkowlzz, Thanks!

[darkowlzz]

@mcuadros oh! sorry for that. I've submitted a fix in #656

[blacktop]

How do I use this? It isn't in the gopkg.in and when I try to use go get -u github.com/src-d/go-git/...

I get the error:

package github.com/src-d/go-git: code in directory GOPATH/src/github.com/src-d/go-git expects import "gopkg.in/src-d/go-git.v4"

[ferhatelmas]

@blacktop See #380, please.

[blacktop]

Thank you! with the rise of go dep it seems like gopkg is falling out of favor.

[orirawlings]

@blacktop So far the changes have only been integrated to the master branch. Once another rc or official version is integrated to the v4 branch it will be available via go get -u gopkg.in/src-d/go-git.v4