use git verify-commit

Use git verify-commit to verify gpg signatures, rather than the old method
of parsing git log output.

These two methods should always have the same result. Note that
git verify-commit allows signatures with unknown validity, the same as
git log's "U" output which was accepted. So any key in the gpg keyring
is allowed to sign the commit. Propellor provides gpg with a keyring
containing only the allowed keys.

Needs git 2.0, which is in even debian oldstable.

This commit was sponsored by Ewen McNeill on Patreon.

2 files changed, 4 insertions, 2 deletions

diff --git a/debian/changelog b/debian/changelog
index bf4df720..c4707e71 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ propellor (5.4.1) UNRELEASED; urgency=medium
 
   * Modernized and simplified the MetaTypes implementation now that
     compatability with ghc 7 is no longer needed.
+  * Use git verify-commit to verify gpg signatures, rather than the old
+    method of parsing git log output. Needs git 2.0.
 
  -- Joey Hess <id@joeyh.name>  Fri, 18 May 2018 10:25:05 -0400
 
diff --git a/debian/control b/debian/control
index 5a041c90..0a8701a0 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: admin
 Priority: optional
 Build-Depends: 
 	debhelper (>= 9),
-	git,
+	git (>= 2.0),
 	ghc (>= 7.6),
 	cabal-install,
 	libghc-async-dev,
@@ -43,7 +43,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends},
 	libghc-stm-dev,
 	libghc-text-dev,
 	libghc-hashable-dev,
-	git,
+	git (>= 2.0),
 Description: property-based host configuration management in haskell
  Propellor ensures that the system it's run in satisfies a list of
  properties, taking action as necessary when a property is not yet met.