Merge branch 'main' into codespace-crispy-orbit-g4r5gv5gxjj4fw7p7

.github/workflows/codeql-analysis.yml

@@ -25,7 +25,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Setup .NET
-      uses: actions/setup-dotnet@v4.0.1
+      uses: actions/setup-dotnet@v4.2.0
       with:
         dotnet-version: 8.0.x
 

.github/workflows/continuous-integration.yml

@@ -19,7 +19,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Setup .NET
-      uses: actions/setup-dotnet@v4.0.1
+      uses: actions/setup-dotnet@v4.2.0
       with:
         dotnet-version: 8.0.x
 
@@ -54,20 +54,26 @@ jobs:
   linux:
     name: Linux
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        runtime: [ linux-x64, linux-arm64, linux-arm ]
 
     steps:
     - uses: actions/checkout@v4
 
     - name: Setup .NET
-      uses: actions/setup-dotnet@v4.0.1
+      uses: actions/setup-dotnet@v4.2.0
       with:
         dotnet-version: 8.0.x
 
     - name: Install dependencies
       run: dotnet restore
 
     - name: Build
-      run: dotnet build --configuration LinuxRelease
+      run: |
+        dotnet build src/linux/Packaging.Linux/*.csproj \
+         --configuration=Release --no-self-contained \
+         --runtime=${{ matrix.runtime }}
 
     - name: Test
       run: |
@@ -82,7 +88,7 @@ jobs:
     - name: Upload artifacts
       uses: actions/upload-artifact@v4
       with:
-        name: linux-x64
+        name: ${{ matrix.runtime }}
         path: |
           artifacts
 
@@ -100,7 +106,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Setup .NET
-      uses: actions/setup-dotnet@v4.0.1
+      uses: actions/setup-dotnet@v4.2.0
       with:
         dotnet-version: 8.0.x
 

.github/workflows/lint-docs.yml

@@ -1,17 +1,12 @@
-name: "Lint documentation"
 
-on:
-  workflow_dispatch:
-  push:
-    branches: [ main, linux ]
-    paths:
-      - '**.md'
-      - '.github/workflows/lint-docs.yml'
-  pull_request:
-    branches: [ main, linux ]
+
+
+
+
     paths:
-      - '**.md'
-      - '.github/workflows/lint-docs.yml'
+
+
+  pull
 
 jobs:
   lint-markdown:
@@ -20,7 +15,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: DavidAnson/markdownlint-cli2-action@b4c9feab76d8025d1e83c653fa3990936df0e6c8
+      - uses: DavidAnson/markdownlint-cli2-action@eb5ca3ab411449c66620fe7f1b3c9e10547144b0
         with:
           globs: |
             "**/*.md"
@@ -35,7 +30,7 @@ jobs:
       - name: Run link checker
         # For any troubleshooting, see:
         # https://github.com/lycheeverse/lychee/blob/master/docs/TROUBLESHOOTING.md
-        uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621
+
 
         with:
           # user-agent: if a user agent is not specified, some websites (e.g.
@@ -54,3 +49,4 @@ jobs:
           # no extra permissions is enough to be able to check public repos
           # See: https://github.com/lycheeverse/lychee#github-token
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+.github/workflows/lint-docs.yml  

.github/workflows/release.yml

@@ -35,7 +35,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Set up .NET
-      uses: actions/setup-dotnet@v4.0.1
+      uses: actions/setup-dotnet@v4.2.0
       with:
         dotnet-version: 8.0.x
 
@@ -57,8 +57,8 @@ jobs:
 
     - name: Set up signing/notarization infrastructure
       env:
-        A1: ${{ secrets.APPLICATION_CERTIFICATE_BASE64 }}
-        A2: ${{ secrets.APPLICATION_CERTIFICATE_PASSWORD }}
+        A1: ${{ secrets.GATEWATCHER_DEVELOPER_ID_CERT }}
+        A2: ${{ secrets.GATEWATCHER_DEVELOPER_ID_PASSWORD }}
         I1: ${{ secrets.INSTALLER_CERTIFICATE_BASE64 }}
         I2: ${{ secrets.INSTALLER_CERTIFICATE_PASSWORD }}
         N1: ${{ secrets.APPLE_TEAM_ID }}
@@ -150,7 +150,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Set up .NET
-      uses: actions/setup-dotnet@v4.0.1
+      uses: actions/setup-dotnet@v4.2.0
       with:
         dotnet-version: 8.0.x
 
@@ -177,7 +177,7 @@ jobs:
         subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
     - name: Sign payload files with Azure Code Signing
-      uses: azure/trusted-signing-action@v0.4.0
+      uses: azure/trusted-signing-action@v0.5.0
       with:
         endpoint: https://wus2.codesigning.azure.net/
         trusted-signing-account-name: git-fundamentals-signing
@@ -190,7 +190,7 @@ jobs:
 
     # The Azure Code Signing action overrides the .NET version, so we reset it.
     - name: Set up .NET
-      uses: actions/setup-dotnet@v4.0.1
+      uses: actions/setup-dotnet@v4.2.0
       with:
         dotnet-version: 8.0.x
 
@@ -204,7 +204,7 @@ jobs:
          -Destination $env:GITHUB_WORKSPACE\installers
 
     - name: Sign installers with Azure Code Signing
-      uses: azure/trusted-signing-action@v0.4.0
+      uses: azure/trusted-signing-action@v0.5.0
       with:
         endpoint: https://wus2.codesigning.azure.net/
         trusted-signing-account-name: git-fundamentals-signing
@@ -232,16 +232,22 @@ jobs:
     runs-on: ubuntu-latest
     environment: release
     needs: prereqs
+    strategy:
+      matrix:
+        runtime: [ linux-x64, linux-arm64, linux-arm ]
     steps:
     - uses: actions/checkout@v4
 
     - name: Set up .NET
-      uses: actions/setup-dotnet@v4.0.1
+      uses: actions/setup-dotnet@v4.2.0
       with:
         dotnet-version: 8.0.x
 
     - name: Build
-      run: dotnet build --configuration=LinuxRelease
+      run: |
+        dotnet build src/linux/Packaging.Linux/*.csproj \
+        --configuration=LinuxRelease --no-self-contained \
+        --runtime=${{ matrix.runtime }}
 
     - name: Run Linux unit tests
       run: |
@@ -286,18 +292,18 @@ jobs:
       run: |
         # Sign Debian package
         version=${{ needs.prereqs.outputs.version }}
-        mv out/linux/Packaging.Linux/Release/deb/gcm-linux_amd64.$version.deb .
-        debsigs --sign=origin --verify --check gcm-linux_amd64.$version.deb
+        mv out/linux/Packaging.Linux/Release/deb/gcm-${{ matrix.runtime }}.$version.deb .
+        debsigs --sign=origin --verify --check gcm-${{ matrix.runtime }}.$version.deb
 
         # Generate tarball signature file
         mv -v out/linux/Packaging.Linux/Release/tar/* .
-        gpg --batch --yes --armor --output gcm-linux_amd64.$version.tar.gz.asc \
-          --detach-sig gcm-linux_amd64.$version.tar.gz
+        gpg --batch --yes --armor --output gcm-${{ matrix.runtime }}.$version.tar.gz.asc \
+          --detach-sig gcm-${{ matrix.runtime }}.$version.tar.gz
 
     - name: Upload artifacts
       uses: actions/upload-artifact@v4
       with:
-        name: linux-artifacts
+        name: ${{ matrix.runtime }}-artifacts
         path: |
           ./*.deb
           ./*.asc
@@ -314,7 +320,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Set up .NET
-      uses: actions/setup-dotnet@v4.0.1
+      uses: actions/setup-dotnet@v4.2.0
       with:
         dotnet-version: 8.0.x
 
@@ -387,7 +393,7 @@ jobs:
         path: signed
 
     - name: Set up .NET
-      uses: actions/setup-dotnet@v4.0.1
+      uses: actions/setup-dotnet@v4.2.0
       with:
         dotnet-version: 8.0.x
 
@@ -466,9 +472,9 @@ jobs:
       matrix:
         component:
           - os: ubuntu-latest
-            artifact: linux-artifacts
+            artifact: linux-x64-artifacts
             command: git-credential-manager
-            description: linux
+            description: linux-x64
           - os: macos-latest
             artifact: macos-osx-x64-artifacts
             command: git-credential-manager
@@ -491,7 +497,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up .NET
-        uses: actions/setup-dotnet@v4.0.1
+        uses: actions/setup-dotnet@v4.2.0
         with:
           dotnet-version: 8.0.x
 
@@ -510,15 +516,15 @@ jobs:
             Start-Process -Wait -FilePath "$exePath" -ArgumentList "/SILENT /VERYSILENT /NORESTART"
           }
 
-      - name: Install Linux (Debian package)
-        if: contains(matrix.component.description, 'linux')
+      - name: Install Linux x64 (Debian package)
+        if: contains(matrix.component.description, 'linux-x64')
         run: |
           debpath=$(find ./*.deb)
           sudo apt install $debpath
           "${{ matrix.component.command }}" configure
 
-      - name: Install Linux (tarball)
-        if: contains(matrix.component.description, 'linux')
+      - name: Install Linux x64 (tarball)
+        if: contains(matrix.component.description, 'linux-x64')
         run: |
           # Ensure we find only the source tarball, not the symbols
           tarpath=$(find . -name '*[[:digit:]].tar.gz')
@@ -561,7 +567,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up .NET
-        uses: actions/setup-dotnet@v4.0.1
+        uses: actions/setup-dotnet@v4.2.0
         with:
           dotnet-version: 8.0.x
 
@@ -598,7 +604,9 @@ jobs:
           az keyvault secret show --name "$GPG_PUBLIC_KEY_SECRET_NAME" \
             --vault-name "$AZURE_VAULT" --query "value" \
             | sed -e 's/^"//' -e 's/"$//' | base64 -d >gcm-public.asc
-          mv gcm-public.asc linux-artifacts
+          cp gcm-public.asc linux-x64-artifacts/
+          cp gcm-public.asc linux-arm64-artifacts/
+          mv gcm-public.asc linux-arm-artifacts
 
       - uses: actions/github-script@v7
         with:
@@ -655,7 +663,9 @@ jobs:
               uploadDirectoryToRelease('osx-payload-and-symbols'),
 
               // Upload Linux artifacts
-              uploadDirectoryToRelease('linux-artifacts'),
+              uploadDirectoryToRelease('linux-x64-artifacts'),
+              uploadDirectoryToRelease('linux-arm64-artifacts'),
+              uploadDirectoryToRelease('linux-arm-artifacts'),
 
               // Upload .NET tool package
               uploadDirectoryToRelease('dotnet-tool-sign'),

.github/workflows/validate-install-from-source.yml

@@ -21,20 +21,24 @@ jobs:
         # tgagor is a contributor who pushes updated images weekly, which should
         # be sufficient for our validation needs.
         - image: tgagor/centos
-        - image: tgagor/centos-stream
         - image: redhat/ubi8
         - image: alpine
         - image: alpine:3.14.10
         - image: opensuse/leap
         - image: opensuse/tumbleweed
         - image: registry.suse.com/suse/sle15:15.4.27.11.31
+        - image: archlinux
+        - image: mcr.microsoft.com/cbl-mariner/base/core:2.0
     container: ${{matrix.vector.image}}
     steps:
       - run: |
           if [[ ${{matrix.vector.image}} == *"suse"* ]]; then
             zypper -n install tar gzip
           elif [[ ${{matrix.vector.image}} == *"centos"* ]]; then
             dnf install which -y
+          elif [[ ${{matrix.vector.image}} == *"mariner"* ]]; then
+            GNUPGHOME=/root/.gnupg tdnf update -y &&
+            GNUPGHOME=/root/.gnupg tdnf install tar -y # needed for `actions/checkout`
           fi
 
       - uses: actions/checkout@v4

README.md

@@ -47,8 +47,8 @@ Basic HTTP authentication support|✓|✓|✓
 Proxy support|✓|✓|✓
 `amd64` support|✓|✓|✓
 `x86` support|✓|_N/A_|✗
-`arm64` support|best effort|✓|best effort, no packages
-`armhf` support|_N/A_|_N/A_|best effort, no packages
+`arm64` support|best effort|✓|✓
+`armhf` support|_N/A_|_N/A_|✓
 
 (\*) GCM guarantees support only for [the Linux distributions that are officially
 supported by dotnet][dotnet-distributions].

VERSION

@@ -1 +1 @@
-2.6.0.0
+2.6.1.0

docs/configuration.md

@@ -255,6 +255,24 @@ Defaults to false (use hardware acceleration where available).
 
 ---
 
+### credential.allowUnsafeRemotes
+
+Allow transmitting credentials to unsafe remote URLs such as unencrypted HTTP
+URLs. This setting is not recommended for general use and should only be used
+when necessary.
+
+Defaults false (disallow unsafe remote URLs).
+
+#### Example
+
+```shell
+git config --global credential.allowUnsafeRemotes true
+```
+
+**Also see: [GCM_ALLOW_UNSAFE_REMOTES][gcm-allow-unsafe-remotes]**
+
+---
+
 ### credential.autoDetectTimeout
 
 Set the maximum length of time, in milliseconds, that GCM should wait for a
@@ -567,6 +585,7 @@ _(unset)_|Windows: `wincredman`, macOS: `keychain`, Linux: _(none)_|-
 `gpg`|Use GPG to store encrypted files that are compatible with the [pass][pass] (requires GPG and `pass` to initialize the store).|macOS, Linux
 `cache`|Git's built-in [credential cache][credential-cache].|macOS, Linux
 `plaintext`|Store credentials in plaintext files (**UNSECURE**). Customize the plaintext store location with [`credential.plaintextStorePath`][credential-plaintextstorepath].|Windows, macOS, Linux
+`none`|Do not store credentials via GCM.|Windows, macOS, Linux
 
 #### Example
 
@@ -1022,8 +1041,9 @@ Defaults to disabled.
 [devbox]: https://azure.microsoft.com/en-us/products/dev-box
 [enterprise-config]: enterprise-config.md
 [envars]: environment.md
-[freedesktop-ss]: https://specifications.freedesktop.org/secret-service/
+[freedesktop-ss]: https://specifications.freedesktop.org/secret-service-spec/
 [gcm-allow-windowsauth]: environment.md#GCM_ALLOW_WINDOWSAUTH
+[gcm-allow-unsafe-remotes]: environment.md#GCM_ALLOW_UNSAFE_REMOTES
 [gcm-authority]: environment.md#GCM_AUTHORITY-deprecated
 [gcm-autodetect-timeout]: environment.md#GCM_AUTODETECT_TIMEOUT
 [gcm-azrepos-credentialtype]: environment.md#GCM_AZREPOS_CREDENTIALTYPE