feat: Allow omit Authentication header, if HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN is set to none

[jkroepke]

• Have you followed the guidelines in our Contributing document?
• Have you checked to ensure there aren't other open Pull Requests for the same change?
• Have you added an explanation of what your changes do and why you'd like us to include them?
• Have you written new tests for your changes? Here's an example.
• Have you successfully run brew lgtm (style, typechecking and tests) with your changes locally?

---

See #21275

Alternative proposal, a new environment variable. But this feels harder to implement. I read that homebrew filters environment variables and I may need more guidance.

[Copilot]

Pull request overview

This PR adds support for disabling authentication headers when HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN is set to the sentinel value -. This allows Homebrew to work with custom bottle domains that don't support authentication headers.

Key changes:

• Introduced sentinel value - for HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN to disable authentication
• Modified authorization header logic to conditionally add headers only when authentication is configured
• Updated documentation across all relevant files to describe the new behavior

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
Library/Homebrew/brew.sh	Adds logic to detect the sentinel value - and set HOMEBREW_GITHUB_PACKAGES_AUTH to empty string instead of constructing a Basic auth header
Library/Homebrew/download_strategy.rb	Updates condition to check if HOMEBREW_GITHUB_PACKAGES_AUTH has presence before adding the Authorization header
Library/Homebrew/cmd/vendor-install.sh	Modifies curl command to conditionally add Authorization header only when HOMEBREW_GITHUB_PACKAGES_AUTH is non-empty
Library/Homebrew/env_config.rb	Updates environment variable description to document the sentinel value behavior
docs/Manpage.md	Updates documentation to explain the sentinel value - and its use case
manpages/brew.1	Updates man page to explain the sentinel value - and its use case

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[MikeMcQuaid]

This seems like a solid approach here, great work so far. I'm not in love with - as the magic value but struggle to think of better; unset, blank, empty, I dunno? Any more ideas you have here?

[jkroepke]

Any more ideas you have here?

What about the case where HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN is explicitly set to an empty value? This may require additional Bash logic to check whether the variable is unset or set but empty. Alternatively, using the value omit would be more self describing.

[MikeMcQuaid]

@jkroepke That would be ideal but both Bash and Ruby handle that weirdly enough that it'll end up being a massive pain unfortunately.

[jkroepke]

If you would agree, it take the term omit instead -, since it omits the header.

[gromgit]

How about none?

[jkroepke]

I'm generally open for any value. I guess in any case, the value needs to be documented as well.

[MikeMcQuaid]

omit or none both work for me (with mild preference for none). Yes, needs documented. Can you pick one, update the PR and shout @jkroepke and I'll get this merged.

[MikeMcQuaid]

Great work here, thanks a lot @jkroepke, you rock!