diff --git a/docs/Homebrew/Attestation.html b/docs/Homebrew/Attestation.html index 6006e0df3..49fad1b4b 100644 --- a/docs/Homebrew/Attestation.html +++ b/docs/Homebrew/Attestation.html @@ -140,25 +140,6 @@
"Homebrew/homebrew-core"
- This constant is part of a private API. - This constant may only be used in the Homebrew/brew repository. - Third parties should avoid using this constant if possible, as it may be removed or changed without warning. -
- - -"https://github.com/Homebrew/homebrew-core/.github/workflows/publish-commit-bottles.yml@refs/heads/master"
+74 +75 76 77 78 @@ -481,12 +464,10 @@+113110 111 112 -113 -114 -115
# File 'attestation.rb', line 76 +# File 'attestation.rb', line 74 def self.check_attestation(bottle, signing_repo, signing_workflow = nil, subject = nil) cmd = ["attestation", "verify", bottle.cached_download, "--repo", signing_repo, "--format", @@ -628,6 +609,8 @@
+126 +127 128 129 130 @@ -663,14 +646,34 @@+163 +164 +165 +166 +167 +168 +169 +170 +171 +172160 161 162 -163
# File 'attestation.rb', line 128 +# File 'attestation.rb', line 126 def self.check_core_attestation(bottle) begin - attestation = check_attestation bottle, HOMEBREW_CORE_REPO, HOMEBREW_CORE_CI_URI + # Ideally, we would also constrain the signing workflow here, but homebrew-core + # currently uses multiple signing workflows to produce bottles + # (e.g. `dispatch-build-bottle.yml`, `dispatch-rebottle.yml`, etc.). + # + # We could check each of these (1) explicitly (slow), (2) by generating a pattern + # to pass into `--cert-identity-regex` (requires us to build up a Go-style regex), + # or (3) by checking the resulting JSON for the expected signing workflow. + # + # Long term, we should probably either do (3) *or* switch to a single reusable + # workflow, which would then be our sole identity. However, GitHub's + # attestations currently do not include reusable workflow state by default. + attestation = check_attestation bottle, HOMEBREW_CORE_REPO return attestation rescue InvalidAttestationError odebug "falling back on backfilled attestation for #{bottle}" @@ -752,17 +755,17 @@
+47 +48 49 50 51 52 53 -54 -55 -56+54
# File 'attestation.rb', line 49 +# File 'attestation.rb', line 47 def self.gh_executable # NOTE: We disable HOMEBREW_VERIFY_ATTESTATIONS when installing `gh` itself, diff --git a/docs/Utils/Shell.html b/docs/Utils/Shell.html index cd4742721..18ed4460f 100644 --- a/docs/Utils/Shell.html +++ b/docs/Utils/Shell.html @@ -164,7 +164,7 @@-
+ %r{([^A-Za-z0-9_\-.,:/@~\n])}
%r{([^A-Za-z0-9_\-.,:/@~+\n])}