In a gotwebd core file on got.gameoftrees.org this loop crashed with a pe pointer which had already been freed. The retries counter was still zero, which means we passed the timestamp check when the loop iteration began. Then after a call to got_object_get_type() the pack index list had been recreated, rendering the pe pointer invalid. The code crashed when RB_FOREACH tried to run the next iteration using this bad pointer. The avoid this issue, move the timestamp check right below the call to got_object_get_type(). This way, the 'goto retry' should take effect earlier and restart the entire loop with a fresh 'pe' instead of crashing.

For now this check is quite strict. Any commit which does not make a change to gotsys.conf will be rejected. If users want to keep other files in the gotsys.git repo we'll need to relax these checks a little.

Reading the config from stdin will be used by upcoming changes to gotd. 'gotsys check' usage changes, a -f option is now required for passing a filename. And -f was already in the getopt string, left over from an earlier draft of this code.

When Git servers run in a non-English locale they might emit non-ASCII progress messages such as "Objekte aufzählen: 35, fertig." Stop treating such messages as fatal errors. Just ignore them to allow cloning and fetching from such servers to work. Problem reported by Lucas de Sena, thanks!

for consistency with gotsys_conf_new_user()

No functional change. Needed for future handling of the special "anonymous" account.

A gotsysd-managed system relies on sshd for network transport. We need to let gotsysd take over the configuration of sshd to tweak a few settings: Enable password-less login for the anonymous user, Disable all forwarding. Restrict pty allocation to users in the wheel group since we expect nobody else to be logging in via ssh for remote access.

No functional change. This just makes the code a bit easier to follow.

We only write to already open files in /var/db/gotsysd after startup.