policy-client-query: dgit: use tainted-objects query

Add the config for controlling policy-client-query calls.  For now we
default to "unknown" everywhere.

If supported, check if tainted objects are reachable from $dgithead,
and report them.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

1 files changed, 12 insertions, 0 deletions

diff --git a/dgit.1 b/dgit.1
index 5a0eb82..4bad5aa 100644
--- a/dgit.1
+++ b/dgit.1
@@ -1431,6 +1431,16 @@ when running gbp pq import
 when importing a package from a .dsc.
 See Debian bug #841867.
 .TP
+.BR \-\-force-push-tainted
+Go ahead and try to push even tainted git objects
+hat the server says it is going to reject,
+but without declaring any --deliberately.
+This option is provided for testing or strange situations,
+and is not the way to override the taint check:
+using it will probably just fail later,
+burning the version number you are using.
+Use the appropriate --deliberately option instead.
+.TP
 .BR \-\-for\-push
 Override the dgit-distro.distro.readonly configuration setting,
 to specify that we have read/write access
@@ -1580,6 +1590,8 @@ or when pushing and
 .TP
 .BI dgit-distro. distro .git-check-suffix
 .TP
+.BI dgit-distro. distro .policy-query-supported-ssh " " false | unknown | true
+.TP
 .BR dgit-distro. \fIdistro\fR .diverts.divert " " new-distro | / \fIdistro-suffix\fR
 .TP
 .BI dgit-distro. distro .git-create " " ssh-cmd | true