diff --git a/Library/Homebrew/brew.sh b/Library/Homebrew/brew.sh index a00510b4002f4..9aa31e29e2f7e 100644 --- a/Library/Homebrew/brew.sh +++ b/Library/Homebrew/brew.sh @@ -958,6 +958,11 @@ then elif [[ -n "${HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN}" ]] then export HOMEBREW_GITHUB_PACKAGES_AUTH="Basic ${HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN}" +elif [[ -n "${HOMEBREW_GITHUB_API_TOKEN}" ]] +then + HOMEBREW_GITHUB_PACKAGES_AUTH="Bearer $(base64 <<<"${HOMEBREW_GITHUB_API_TOKEN}")" + export HOMEBREW_GITHUB_PACKAGES_AUTH + else export HOMEBREW_GITHUB_PACKAGES_AUTH="Bearer QQ==" fi diff --git a/Library/Homebrew/env_config.rb b/Library/Homebrew/env_config.rb index 16d2db6222fdd..47f4931d0f6a5 100644 --- a/Library/Homebrew/env_config.rb +++ b/Library/Homebrew/env_config.rb @@ -165,8 +165,11 @@ module EnvConfig "proxying GitHub Packages. If `HOMEBREW_DOCKER_REGISTRY_TOKEN` is set, it will be used instead.", }, HOMEBREW_DOCKER_REGISTRY_TOKEN: { - description: "Use this bearer token for authenticating with a Docker registry proxying GitHub Packages. " \ - "Preferred over `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN`.", + description: <<~EOS, + Use this bearer token for authenticating with a Docker registry proxying GitHub Packages. + Preferred over `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN`. + EOS + default_text: "`QQ==` unless `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN` is set.", }, HOMEBREW_EDITOR: { description: "Use this editor when editing a single formula, or several formulae in the " \ @@ -239,12 +242,20 @@ module EnvConfig default: "git", }, HOMEBREW_GITHUB_API_TOKEN: { - description: "Use this personal access token for the GitHub API, for features such as " \ - "`brew search`. You can create one at . If set, " \ - "GitHub will allow you a greater number of API requests. For more information, see: " \ - "" \ - "\n\n *Note:* Homebrew doesn't require permissions for any of the scopes, but some " \ - "developer commands may require additional permissions.", + description: <<~EOS, + Use this personal access token for the GitHub API, for features such as `brew search`. + You can create one at . + If set, GitHub will allow you a greater number of API requests. + For more information, see: "" + + *Note:* Homebrew doesn't require permissions for any of the scopes, + but some developer commands may require additional permissions. + + *Note:* If set, this token will also be used to authenticating against `ghcr.io` unless + `HOMEBREW_DOCKER_REGISTRY_TOKEN` or `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN` has been set. + In this case, the token will require the `packages` permission to be set. + `HOMEBREW_GITHUB_PACKAGES_TOKEN` is not used for this permission, but only for uploading packages. + EOS }, HOMEBREW_GITHUB_PACKAGES_TOKEN: { description: "Use this GitHub personal access token when accessing the GitHub Packages Registry " \ diff --git a/docs/Manpage.md b/docs/Manpage.md index 5d94b69e1f566..843db96ec7ad9 100644 --- a/docs/Manpage.md +++ b/docs/Manpage.md @@ -3438,14 +3438,14 @@ command execution e.g. `$(cat file)`. : Use this URL as the download mirror for Homebrew JSON API. If metadata files at that URL are temporarily unavailable, the default API domain will be used as a fallback mirror. - + *Default:* `https://formulae.brew.sh/api`. `HOMEBREW_ARCH` : Linux only: Pass this value to a type name representing the compiler's `-march` option. - + *Default:* `native`. `HOMEBREW_ARTIFACT_DOMAIN` @@ -3464,7 +3464,7 @@ command execution e.g. `$(cat file)`. : Check Homebrew's API for new formulae or cask data every `HOMEBREW_API_AUTO_UPDATE_SECS` seconds. Alternatively, disable API auto-update checks entirely with `HOMEBREW_NO_AUTO_UPDATE`. - + *Default:* `450`. `HOMEBREW_AUTO_UPDATE_SECS` @@ -3472,7 +3472,7 @@ command execution e.g. `$(cat file)`. : Run `brew update` once every `HOMEBREW_AUTO_UPDATE_SECS` seconds before some commands, e.g. `brew install`, `brew upgrade` and `brew tap`. Alternatively, disable auto-update entirely with `HOMEBREW_NO_AUTO_UPDATE`. - + *Default:* `86400` (24 hours), `3600` (1 hour) if a developer command has been run or `300` (5 minutes) if `HOMEBREW_NO_INSTALL_FROM_API` is set. @@ -3489,13 +3489,13 @@ command execution e.g. `$(cat file)`. `HOMEBREW_BAT_CONFIG_PATH` : Use this as the `bat` configuration file. - + *Default:* `$BAT_CONFIG_PATH`. `HOMEBREW_BAT_THEME` : Use this as the `bat` theme for syntax highlighting. - + *Default:* `$BAT_THEME`. `HOMEBREW_BOOTSNAP` @@ -3511,25 +3511,25 @@ command execution e.g. `$(cat file)`. all bottles to download from the prefix `http://localhost:8080/`. If bottles are not available at `HOMEBREW_BOTTLE_DOMAIN` they will be downloaded from the default bottle domain. - + *Default:* `https://ghcr.io/v2/homebrew/core`. `HOMEBREW_BREW_GIT_REMOTE` : Use this URL as the Homebrew/brew `git`(1) remote. - + *Default:* `https://github.com/Homebrew/brew`. `HOMEBREW_BROWSER` : Use this as the browser when opening project homepages. - + *Default:* `$BROWSER` or the OS's default browser. `HOMEBREW_CACHE` : Use this directory as the download cache. - + *Default:* macOS: `$HOME/Library/Caches/Homebrew`, Linux: `$XDG_CACHE_HOME/Homebrew` or `$HOME/.cache/Homebrew`. @@ -3539,20 +3539,20 @@ command execution e.g. `$(cat file)`. `--language`, `--require-sha`, `--no-quarantine` and `--no-binaries` are supported. For example, you might add something like the following to your `~/.profile`, `~/.bash_profile`, or `~/.zshenv`: - + `export HOMEBREW_CASK_OPTS="--appdir=~/Applications --fontdir=/Library/Fonts"` `HOMEBREW_CLEANUP_MAX_AGE_DAYS` : Cleanup all cached files older than this many days. - + *Default:* `120`. `HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS` : If set, `brew install`, `brew upgrade` and `brew reinstall` will cleanup all formulae when this number of days has passed. - + *Default:* `30`. `HOMEBREW_COLOR` @@ -3562,20 +3562,20 @@ command execution e.g. `$(cat file)`. `HOMEBREW_CORE_GIT_REMOTE` : Use this URL as the Homebrew/homebrew-core `git`(1) remote. - + *Default:* `https://github.com/Homebrew/homebrew-core`. `HOMEBREW_CURL_PATH` : Linux only: Set this value to a new enough `curl` executable for Homebrew to use. - + *Default:* `curl`. `HOMEBREW_CURL_RETRIES` : Pass the given retry count to `--retry` when invoking `curl`(1). - + *Default:* `3`. `HOMEBREW_CURL_VERBOSE` @@ -3606,7 +3606,7 @@ command execution e.g. `$(cat file)`. : Use this X11 display when opening a page in a browser, for example with `brew home`. Primarily useful on Linux. - + *Default:* `$DISPLAY`. `HOMEBREW_DISPLAY_INSTALL_TIMES` @@ -3624,6 +3624,8 @@ command execution e.g. `$(cat file)`. : Use this bearer token for authenticating with a Docker registry proxying GitHub Packages. Preferred over `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN`. + *Default:* `QQ==` unless `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN` is set. + `HOMEBREW_EDITOR` : Use this editor when editing a single formula, or several formulae in the same @@ -3632,7 +3634,7 @@ command execution e.g. `$(cat file)`. *Note:* `brew edit` will open all of Homebrew as discontinuous files and directories. Visual Studio Code can handle this correctly in project mode, but many editors will do strange things in this case. - + *Default:* `$EDITOR` or `$VISUAL`. `HOMEBREW_EVAL_ALL` @@ -3644,7 +3646,7 @@ command execution e.g. `$(cat file)`. `HOMEBREW_FAIL_LOG_LINES` : Output this many lines of output on formula `system` failures. - + *Default:* `15`. `HOMEBREW_FORBIDDEN_CASKS` @@ -3709,7 +3711,7 @@ command execution e.g. `$(cat file)`. : Linux only: Set this value to a new enough `git` executable for Homebrew to use. - + *Default:* `git`. `HOMEBREW_GITHUB_API_TOKEN` @@ -3717,11 +3719,18 @@ command execution e.g. `$(cat file)`. : Use this personal access token for the GitHub API, for features such as `brew search`. You can create one at . If set, GitHub will allow you a greater number of API requests. For more information, - see: - + see: "" + *Note:* Homebrew doesn't require permissions for any of the scopes, but some developer commands may require additional permissions. + *Note:* If set, this token will also be used to authenticating against + `ghcr.io` unless `HOMEBREW_DOCKER_REGISTRY_TOKEN` or + `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN` has been set. In this case, the + token will require the `packages` permission to be set. + `HOMEBREW_GITHUB_PACKAGES_TOKEN` is not used for this permission, but only for + uploading packages. + `HOMEBREW_GITHUB_PACKAGES_TOKEN` : Use this GitHub personal access token when accessing the GitHub Packages @@ -3735,14 +3744,14 @@ command execution e.g. `$(cat file)`. `HOMEBREW_INSTALL_BADGE` : Print this text before the installation summary of each successful build. - + *Default:* The "Beer Mug" emoji. `HOMEBREW_LIVECHECK_WATCHLIST` : Consult this file for the list of formulae to check by default when no formula argument is passed to `brew livecheck`. - + *Default:* `$XDG_CONFIG_HOME/homebrew/livecheck_watchlist.txt` if `$XDG_CONFIG_HOME` is set or `$HOME/.homebrew/livecheck_watchlist.txt` otherwise. @@ -3758,7 +3767,7 @@ command execution e.g. `$(cat file)`. : Use this value as the number of parallel jobs to run when building with `make`(1). - + *Default:* The number of available CPU cores. `HOMEBREW_NO_ANALYTICS` @@ -3787,7 +3796,7 @@ command execution e.g. `$(cat file)`. `HOMEBREW_NO_COLOR` : If set, do not print text with colour added. - + *Default:* `$NO_COLOR`. `HOMEBREW_NO_EMOJI` @@ -3807,7 +3816,7 @@ command execution e.g. `$(cat file)`. `HOMEBREW_NO_INSECURE_REDIRECT` : If set, forbid redirects from secure HTTPS to insecure HTTP. - + *Note:* while ensuring your downloads are fully secure, this is likely to cause from-source SourceForge, some GNU & GNOME-hosted formulae to fail to download. @@ -3847,7 +3856,7 @@ command execution e.g. `$(cat file)`. : If set, `brew install` *`formula`* will use this URL to download PyPI package resources. - + *Default:* `https://pypi.org/simple`. `HOMEBREW_PRY` @@ -3877,13 +3886,13 @@ command execution e.g. `$(cat file)`. : If set, Homebrew will use the given config file instead of `~/.ssh/config` when fetching Git repositories over SSH. - + *Default:* `$HOME/.ssh/config` `HOMEBREW_SVN` : Use this as the `svn`(1) binary. - + *Default:* A Homebrew-built Subversion (if installed), or the system-provided binary. @@ -3905,7 +3914,7 @@ command execution e.g. `$(cat file)`. different volumes, as macOS has trouble moving symlinks across volumes when the target does not yet exist. This issue typically occurs when using FileVault or custom SSD configurations. - + *Default:* macOS: `/private/tmp`, Linux: `/tmp`. `HOMEBREW_UPDATE_TO_TAG` @@ -3960,7 +3969,7 @@ environment variables documented above. For example, to use an unauthenticated HTTP or SOCKS5 proxy: export http_proxy=http://$HOST:$PORT - + export all_proxy=socks5://$HOST:$PORT And for an authenticated HTTP proxy: @@ -4015,4 +4024,3 @@ See our issues on GitHub: **Homebrew/homebrew-cask** : - diff --git a/manpages/brew.1 b/manpages/brew.1 index d068198496eb7..ac880b4e62b47 100644 --- a/manpages/brew.1 +++ b/manpages/brew.1 @@ -2348,6 +2348,10 @@ Use this base64 encoded username and password for authenticating with a Docker r .TP \fBHOMEBREW_DOCKER_REGISTRY_TOKEN\fP Use this bearer token for authenticating with a Docker registry proxying GitHub Packages\. Preferred over \fBHOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN\fP\&\. +.RS +.P +\fIDefault:\fP \fBQQ==\fP unless \fBHOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN\fP is set\. +.RE .TP \fBHOMEBREW_EDITOR\fP Use this editor when editing a single formula, or several formulae in the same directory\. @@ -2418,12 +2422,15 @@ Linux only: Set this value to a new enough \fBgit\fP executable for Homebrew to \fBHOMEBREW_GITHUB_API_TOKEN\fP Use this personal access token for the GitHub API, for features such as \fBbrew search\fP\&\. You can create one at .UR https://github\.com/settings/tokens -.UE \&\. If set, GitHub will allow you a greater number of API requests\. For more information, see: +.UE \&\. If set, GitHub will allow you a greater number of API requests\. For more information, see: \[u201c] .UR https://docs\.github\.com/en/rest/overview/rate\-limits\-for\-the\-rest\-api .UE +\[u201d] .RS .P \fINote:\fP Homebrew doesn\[u2019]t require permissions for any of the scopes, but some developer commands may require additional permissions\. +.P +\fINote:\fP If set, this token will also be used to authenticating against \fBghcr\.io\fP unless \fBHOMEBREW_DOCKER_REGISTRY_TOKEN\fP or \fBHOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN\fP has been set\. In this case, the token will require the \fBpackages\fP permission to be set\. \fBHOMEBREW_GITHUB_PACKAGES_TOKEN\fP is not used for this permission, but only for uploading packages\. .RE .TP \fBHOMEBREW_GITHUB_PACKAGES_TOKEN\fP