Merge branch 'main' into dependabot/github_actions/actions/setup-go-5

Makefile

@@ -220,6 +220,7 @@ BUILD_TARGETS = \
 	bin/git-lfs-linux-ppc64le \
 	bin/git-lfs-linux-riscv64 \
 	bin/git-lfs-linux-s390x \
+	bin/git-lfs-linux-loong64 \
 	bin/git-lfs-linux-386 \
 	bin/git-lfs-freebsd-amd64 \
 	bin/git-lfs-freebsd-386 \
@@ -299,6 +300,8 @@ bin/git-lfs-linux-ppc64le : $(SOURCES) mangen trgen
 	$(call BUILD,linux,ppc64le,-linux-ppc64le)
 bin/git-lfs-linux-riscv64 : $(SOURCES) mangen trgen
 	$(call BUILD,linux,riscv64,-linux-riscv64)
+bin/git-lfs-linux-loong64 : $(SOURCES) mangen trgen
+	$(call BUILD,linux,loong64,-linux-loong64)
 bin/git-lfs-linux-s390x : $(SOURCES) mangen trgen
 	$(call BUILD,linux,s390x,-linux-s390x)
 bin/git-lfs-linux-386 : $(SOURCES) mangen trgen
@@ -364,6 +367,7 @@ RELEASE_TARGETS = \
 	bin/releases/git-lfs-linux-ppc64le-$(VERSION).tar.gz \
 	bin/releases/git-lfs-linux-riscv64-$(VERSION).tar.gz \
 	bin/releases/git-lfs-linux-s390x-$(VERSION).tar.gz \
+	bin/releases/git-lfs-linux-loong64-$(VERSION).tar.gz \
 	bin/releases/git-lfs-linux-386-$(VERSION).tar.gz \
 	bin/releases/git-lfs-freebsd-amd64-$(VERSION).tar.gz \
 	bin/releases/git-lfs-freebsd-386-$(VERSION).tar.gz \

docs/howto/release-git-lfs.md

@@ -38,6 +38,7 @@ We package several artifacts for each tagged release. They are:
       | git-lfs-linux-arm64-v@{version}.tar.gz | linux (generic) | arm64 |
       | git-lfs-linux-ppc64le-v@{version}.tar.gz | linux (generic) | ppc64le |
       | git-lfs-linux-s390x-v@{version}.tar.gz | linux (generic) | s390x |
+      | git-lfs-linux-loong64-v@{version}.tar.gz | linux (generic) | loong64 |
 
   2. `git-lfs-windows-v@{release}-@{arch}.zip` for the following values:
 

script/upload

@@ -54,6 +54,9 @@ categorize_arch () {
   elif [ "$arch" = "riscv64" ]
   then
     echo "64-bit RISC-V"
+  elif [ "$arch" = "loong64" ]
+  then
+    echo "64-bit LoongArch"
   else
     echo "$arch" | tr a-z A-Z
   fi

t/t-path.sh

@@ -52,8 +52,35 @@ begin_test "does not look in current directory for git with credential helper"
   # below when we are populating LFS objects into a clone of this repo
   # (which contains the malicious Git), so for now we remove the malicious
   # Git as soon as possible.
+  #
+  # As of Go 1.19 we also need to specify the GODEBUG environment variable
+  # with a value of "execerrdot=0" in order to avoid occasional failures
+  # our "git add" command below.  These failures occur due to a specific
+  # set of conditions.  First, if the last-modified time of the .git/index
+  # file is within a second of that of z.dat, the "git add" command will
+  # refresh the Git index (assuming Git was compiled with USE_NSEC=0, as
+  # appears to be the case for Git for Windows), and Git LFS will be invoked
+  # to "clean" the z.dat file again.
+  #
+  # If that occurs, then when Git LFS runs it looks for Git, and until we
+  # revise Git LFS to rely on Go's os/exec package to not execute programs
+  # found in the current working directory (as described in
+  # https://go.dev/blog/path-security), the os/exec package will detect our
+  # malicious Git program in the current working directory and report an
+  # error.  This occurs when Git LFS first initializes a new exec.Cmd
+  # structure, even though Git LFS would then locate the true Git executable
+  # from our custom PATH and reset the Path member of the Cmd structure
+  # before trying to execute the program.
+  #
+  # Since we explicitly test Git LFS's avoidance of programs in the current
+  # working directory using the "git-lfs pull" command further below, here
+  # we just want "git add" to succeed, and so for the time being we disable
+  # Go's new security checks for this command only.  We will revisit this
+  # when we address the larger issue of re-adopting Go's own logic for
+  # locating executable programs.
   cp "$BINPATH/lfstest-badpathcheck$X" "git$X"
-  PATH="$BINPATH:$GITPATH:$SHELLPATH" "$GITPATH/git$X" add "git$X"
+  GODEBUG=execerrdot=0 \
+    PATH="$BINPATH:$GITPATH:$SHELLPATH" "$GITPATH/git$X" add "git$X"
   rm "git$X"
 
   git commit -m "Add files"