docs: updates from Homebrew/brew

docs/Homebrew/Attestation.html

@@ -140,25 +140,6 @@ <h2>
  </dt>
  <dd><pre class="code"><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Homebrew/homebrew-core</span><span class='tstring_end'>&quot;</span></span></pre></dd>
 
- <dt id="HOMEBREW_CORE_CI_URI-constant" class="">HOMEBREW_CORE_CI_URI =
- <div class="docstring">
- <div class="discussion">
- <p class="note private">
- <strong>This constant is part of a private API.</strong>
- This constant may only be used in the <a href="https://github.com/Homebrew/brew">Homebrew/brew</a> repository.
- Third parties should avoid using this constant if possible, as it may be removed or changed without warning.
-</p>
-
-
- </div>
-</div>
-<div class="tags">
-
-
-</div>
- </dt>
- <dd><pre class="code"><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>https://github.com/Homebrew/homebrew-core/.github/workflows/publish-commit-bottles.yml@refs/heads/master</span><span class='tstring_end'>&quot;</span></span></pre></dd>
-
  <dt id="BACKFILL_REPO-constant" class="">BACKFILL_REPO =
  <div class="docstring">
  <div class="discussion">
@@ -444,6 +425,8 @@ <h3 class="signature first" id="check_attestation-class_method">
  <pre class="lines">
 
 
+74
+75
 76
 77
 78
@@ -481,12 +464,10 @@ <h3 class="signature first" id="check_attestation-class_method">
 110
 111
 112
-113
-114
-115</pre>
+113</pre>
  </td>
  <td>
- <pre class="code"><span class="info file"># File 'attestation.rb', line 76</span>
+ <pre class="code"><span class="info file"># File 'attestation.rb', line 74</span>
 
 <span class='kw'>def</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_check_attestation'>check_attestation</span><span class='lparen'>(</span><span class='id identifier rubyid_bottle'>bottle</span><span class='comma'>,</span> <span class='id identifier rubyid_signing_repo'>signing_repo</span><span class='comma'>,</span> <span class='id identifier rubyid_signing_workflow'>signing_workflow</span> <span class='op'>=</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='id identifier rubyid_subject'>subject</span> <span class='op'>=</span> <span class='kw'>nil</span><span class='rparen'>)</span>
  <span class='id identifier rubyid_cmd'>cmd</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>attestation</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>verify</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_bottle'>bottle</span><span class='period'>.</span><span class='id identifier rubyid_cached_download'>cached_download</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>--repo</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_signing_repo'>signing_repo</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>--format</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
@@ -628,6 +609,8 @@ <h3 class="signature " id="check_core_attestation-class_method">
  <pre class="lines">
 
 
+126
+127
 128
 129
 130
@@ -663,14 +646,34 @@ <h3 class="signature " id="check_core_attestation-class_method">
 160
 161
 162
-163</pre>
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172</pre>
  </td>
  <td>
- <pre class="code"><span class="info file"># File 'attestation.rb', line 128</span>
+ <pre class="code"><span class="info file"># File 'attestation.rb', line 126</span>
 
 <span class='kw'>def</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_check_core_attestation'>check_core_attestation</span><span class='lparen'>(</span><span class='id identifier rubyid_bottle'>bottle</span><span class='rparen'>)</span>
  <span class='kw'>begin</span>
- <span class='id identifier rubyid_attestation'>attestation</span> <span class='op'>=</span> <span class='id identifier rubyid_check_attestation'>check_attestation</span> <span class='id identifier rubyid_bottle'>bottle</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="#HOMEBREW_CORE_REPO-constant" title="Homebrew::Attestation::HOMEBREW_CORE_REPO (constant)">HOMEBREW_CORE_REPO</a></span></span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="#HOMEBREW_CORE_CI_URI-constant" title="Homebrew::Attestation::HOMEBREW_CORE_CI_URI (constant)">HOMEBREW_CORE_CI_URI</a></span></span>
+ <span class='comment'># Ideally, we would also constrain the signing workflow here, but homebrew-core
+</span> <span class='comment'># currently uses multiple signing workflows to produce bottles
+</span> <span class='comment'># (e.g. `dispatch-build-bottle.yml`, `dispatch-rebottle.yml`, etc.).
+</span> <span class='comment'>#
+</span> <span class='comment'># We could check each of these (1) explicitly (slow), (2) by generating a pattern
+</span> <span class='comment'># to pass into `--cert-identity-regex` (requires us to build up a Go-style regex),
+</span> <span class='comment'># or (3) by checking the resulting JSON for the expected signing workflow.
+</span> <span class='comment'>#
+</span> <span class='comment'># Long term, we should probably either do (3) *or* switch to a single reusable
+</span> <span class='comment'># workflow, which would then be our sole identity. However, GitHub&#39;s
+</span> <span class='comment'># attestations currently do not include reusable workflow state by default.
+</span> <span class='id identifier rubyid_attestation'>attestation</span> <span class='op'>=</span> <span class='id identifier rubyid_check_attestation'>check_attestation</span> <span class='id identifier rubyid_bottle'>bottle</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="#HOMEBREW_CORE_REPO-constant" title="Homebrew::Attestation::HOMEBREW_CORE_REPO (constant)">HOMEBREW_CORE_REPO</a></span></span>
  <span class='kw'>return</span> <span class='id identifier rubyid_attestation'>attestation</span>
  <span class='kw'>rescue</span> <span class='const'><span class='object_link'><a href="Attestation/InvalidAttestationError.html" title="Homebrew::Attestation::InvalidAttestationError (class)">InvalidAttestationError</a></span></span>
  <span class='id identifier rubyid_odebug'>odebug</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>falling back on backfilled attestation for </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_bottle'>bottle</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
@@ -752,17 +755,17 @@ <h3 class="signature " id="gh_executable-class_method">
  <pre class="lines">
 
 
+47
+48
 49
 50
 51
 52
 53
-54
-55
-56</pre>
+54</pre>
  </td>
  <td>
- <pre class="code"><span class="info file"># File 'attestation.rb', line 49</span>
+ <pre class="code"><span class="info file"># File 'attestation.rb', line 47</span>
 
 <span class='kw'>def</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_gh_executable'>gh_executable</span>
  <span class='comment'># NOTE: We disable HOMEBREW_VERIFY_ATTESTATIONS when installing `gh` itself,

docs/Utils/Shell.html

@@ -164,7 +164,7 @@ <h2>
 
 </div>
  </dt>
- <dd><pre class="code"><span class='tstring'><span class='regexp_beg'>%r{</span><span class='tstring_content'>([^A-Za-z0-9_\-.,:/@~\n])</span><span class='regexp_end'>}</span></span></pre></dd>
+ <dd><pre class="code"><span class='tstring'><span class='regexp_beg'>%r{</span><span class='tstring_content'>([^A-Za-z0-9_\-.,:/@~+\n])</span><span class='regexp_end'>}</span></span></pre></dd>
 
  </dl>