mirrors/brew
1
0
Fork 0
mirror of https://github.com/Homebrew/brew.git synced 2025-07-14 16:09:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add env to disable finding packages from paths

Browse Source
This commit is contained in:
Bo Anderson 2024-07-24 05:39:06 +01:00 committed by Mike McQuaid
parent 5edcaf3f06
commit 10cbf191dc
No known key found for this signature in database
12 changed files with 61 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Library/Homebrew/api/formula.rb
View File

@ -32,11 +32,14 @@ module Homebrew
cache: HOMEBREW_CACHE_API_SOURCE/"#{tap}/#{git_head}/Formula", cache: HOMEBREW_CACHE_API_SOURCE/"#{tap}/#{git_head}/Formula",
) )
download.fetch download.fetch
with_env(HOMEBREW_FORBID_PACKAGES_FROM_PATHS: nil) do
Formulary.factory(download.symlink_location, Formulary.factory(download.symlink_location,
formula.active_spec_sym, formula.active_spec_sym,
alias_path: formula.alias_path, alias_path: formula.alias_path,
flags: formula.class.build_flags) flags: formula.class.build_flags)
end end
end
def self.cached_json_file_path def self.cached_json_file_path
if Homebrew::API.internal_json_v3? if Homebrew::API.internal_json_v3?

1
Library/Homebrew/build.rb
View File

@ -216,6 +216,7 @@ class Build
end end
begin begin
ENV.delete("HOMEBREW_FORBID_PACKAGES_FROM_PATHS")
args = Homebrew::Cmd::InstallCmd.new.args args = Homebrew::Cmd::InstallCmd.new.args
Context.current = args.context Context.current = args.context

5
Library/Homebrew/cask/cask_loader.rb
View File

@ -103,6 +103,9 @@ module Cask
return if %w[.rb .json].exclude?(path.extname) return if %w[.rb .json].exclude?(path.extname)
return unless path.expand_path.exist? return unless path.expand_path.exist?
return if Homebrew::EnvConfig.forbid_packages_from_paths? &&
!path.realpath.to_s.start_with?("#{Caskroom.path}/", "#{HOMEBREW_LIBRARY}/Taps/")
new(path) new(path)
end end
@ -159,6 +162,8 @@ module Cask
.returns(T.nilable(T.attached_class)) .returns(T.nilable(T.attached_class))
} }
def self.try_new(ref, warn: false) def self.try_new(ref, warn: false)
return if Homebrew::EnvConfig.forbid_packages_from_paths?
# Cache compiled regex # Cache compiled regex
@uri_regex ||= begin @uri_regex ||= begin
uri_regex = ::URI::DEFAULT_PARSER.make_regexp uri_regex = ::URI::DEFAULT_PARSER.make_regexp

5
Library/Homebrew/env_config.rb
View File

@ -218,6 +218,11 @@ module Homebrew
description: "A space-separated list of taps. Homebrew will refuse to install a " \ description: "A space-separated list of taps. Homebrew will refuse to install a " \
"formula if it or any of its dependencies is in a tap on this list.", "formula if it or any of its dependencies is in a tap on this list.",
}, },
HOMEBREW_FORBID_PACKAGES_FROM_PATHS: {
description: "If set, Homebrew will refuse to read formulae or casks provided from file paths, " \
"e.g. `brew install ./package.rb`.",
boolean: true,
},
HOMEBREW_FORCE_BREWED_CA_CERTIFICATES: { HOMEBREW_FORCE_BREWED_CA_CERTIFICATES: {
description: "If set, always use a Homebrew-installed `ca-certificates` rather than the system version. " \ description: "If set, always use a Homebrew-installed `ca-certificates` rather than the system version. " \
"Automatically set if the system version is too old.", "Automatically set if the system version is too old.",

7
Library/Homebrew/formulary.rb
View File

@ -592,6 +592,8 @@ module Formulary
.returns(T.nilable(T.attached_class)) .returns(T.nilable(T.attached_class))
} }
def self.try_new(ref, from: T.unsafe(nil), warn: false) def self.try_new(ref, from: T.unsafe(nil), warn: false)
return if Homebrew::EnvConfig.forbid_packages_from_paths?
ref = ref.to_s ref = ref.to_s
new(ref) if HOMEBREW_BOTTLES_EXTNAME_REGEX.match?(ref) && File.exist?(ref) new(ref) if HOMEBREW_BOTTLES_EXTNAME_REGEX.match?(ref) && File.exist?(ref)
@ -644,6 +646,9 @@ module Formulary
return unless path.expand_path.exist? return unless path.expand_path.exist?
return if Homebrew::EnvConfig.forbid_packages_from_paths? &&
!path.realpath.to_s.start_with?("#{HOMEBREW_CELLAR}/", "#{HOMEBREW_LIBRARY}/Taps/")
options = if (tap = Tap.from_path(path)) options = if (tap = Tap.from_path(path))
# Only treat symlinks in taps as aliases. # Only treat symlinks in taps as aliases.
if path.symlink? if path.symlink?
@ -696,6 +701,8 @@ module Formulary
.returns(T.nilable(T.attached_class)) .returns(T.nilable(T.attached_class))
} }
def self.try_new(ref, from: T.unsafe(nil), warn: false) def self.try_new(ref, from: T.unsafe(nil), warn: false)
return if Homebrew::EnvConfig.forbid_packages_from_paths?
# Cache compiled regex # Cache compiled regex
@uri_regex ||= begin @uri_regex ||= begin
uri_regex = ::URI::DEFAULT_PARSER.make_regexp uri_regex = ::URI::DEFAULT_PARSER.make_regexp

1
Library/Homebrew/postinstall.rb
View File

@ -14,6 +14,7 @@ require "cmd/postinstall"
require "json/add/exception" require "json/add/exception"
begin begin
ENV.delete("HOMEBREW_FORBID_PACKAGES_FROM_PATHS")
args = Homebrew::Cmd::Postinstall.new.args args = Homebrew::Cmd::Postinstall.new.args
error_pipe = UNIXSocket.open(ENV.fetch("HOMEBREW_ERROR_PIPE"), &:recv_io) error_pipe = UNIXSocket.open(ENV.fetch("HOMEBREW_ERROR_PIPE"), &:recv_io)
error_pipe.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) error_pipe.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)

3
Library/Homebrew/sorbet/rbi/dsl/homebrew/env_config.rbi
View File

@ -115,6 +115,9 @@ module Homebrew::EnvConfig
sig { returns(Integer) } sig { returns(Integer) }
def fail_log_lines; end def fail_log_lines; end
sig { returns(T::Boolean) }
def forbid_packages_from_paths?; end
sig { returns(T.nilable(::String)) } sig { returns(T.nilable(::String)) }
def forbidden_casks; end def forbidden_casks; end

1
Library/Homebrew/test.rb
View File

@ -19,6 +19,7 @@ require "json/add/exception"
TEST_TIMEOUT_SECONDS = 5 * 60 TEST_TIMEOUT_SECONDS = 5 * 60
begin begin
ENV.delete("HOMEBREW_FORBID_PACKAGES_FROM_PATHS")
args = Homebrew::DevCmd::Test.new.args args = Homebrew::DevCmd::Test.new.args
Context.current = args.context Context.current = args.context

5
Library/Homebrew/test/cask/cask_loader/from_uri_loader_spec.rb
View File

@ -10,6 +10,11 @@ RSpec.describe Cask::CaskLoader::FromURILoader do
expect(described_class.try_new("https://brew.sh/")).not_to be_nil expect(described_class.try_new("https://brew.sh/")).not_to be_nil
end end
it "returns nil when path loading is disabled" do
ENV["HOMEBREW_FORBID_PACKAGES_FROM_PATHS"] = "1"
expect(described_class.try_new(URI("file://#{TEST_FIXTURE_DIR}/cask/Casks/local-caffeine.rb"))).to be_nil
end
it "returns nil when given a string with Cask contents containing a URL" do it "returns nil when given a string with Cask contents containing a URL" do
expect(described_class.try_new(<<~RUBY)).to be_nil expect(described_class.try_new(<<~RUBY)).to be_nil
cask 'token' do cask 'token' do

18
Library/Homebrew/test/formulary_spec.rb
View File

@ -118,11 +118,29 @@ RSpec.describe Formulary do
expect(described_class.factory(formula_path)).to be_a(Formula) expect(described_class.factory(formula_path)).to be_a(Formula)
end end
it "errors when given a path but paths are disabled" do
ENV["HOMEBREW_FORBID_PACKAGES_FROM_PATHS"] = "1"
FileUtils.cp formula_path, HOMEBREW_TEMP
temp_formula_path = HOMEBREW_TEMP/formula_path.basename
expect do
described_class.factory(temp_formula_path)
ensure
temp_formula_path.unlink
end.to raise_error(FormulaUnavailableError)
end
it "returns a Formula when given a URL", :needs_utils_curl, :no_api do it "returns a Formula when given a URL", :needs_utils_curl, :no_api do
formula = described_class.factory("file://#{formula_path}") formula = described_class.factory("file://#{formula_path}")
expect(formula).to be_a(Formula) expect(formula).to be_a(Formula)
end end
it "errors when given a URL but paths are disabled" do
ENV["HOMEBREW_FORBID_PACKAGES_FROM_PATHS"] = "1"
expect do
described_class.factory("file://#{formula_path}")
end.to raise_error(FormulaUnavailableError)
end
context "when given a bottle" do context "when given a bottle" do
subject(:formula) { described_class.factory(bottle) } subject(:formula) { described_class.factory(bottle) }

5
docs/Manpage.md
View File

@ -3776,6 +3776,11 @@ command execution e.g. `$(cat file)`.
: A space-separated list of taps. Homebrew will refuse to install a formula if : A space-separated list of taps. Homebrew will refuse to install a formula if
it or any of its dependencies is in a tap on this list. it or any of its dependencies is in a tap on this list.
`HOMEBREW_FORBID_PACKAGES_FROM_PATHS`
: If set, Homebrew will refuse to read formulae or casks provided from file
paths, e.g. `brew install ./package.rb`.
`HOMEBREW_FORCE_BREWED_CA_CERTIFICATES` `HOMEBREW_FORCE_BREWED_CA_CERTIFICATES`
: If set, always use a Homebrew-installed `ca-certificates` rather than the : If set, always use a Homebrew-installed `ca-certificates` rather than the

3
manpages/brew.1
View File

@ -2458,6 +2458,9 @@ How to contact the \fBHOMEBREW_FORBIDDEN_OWNER\fP, if set and necessary\.
\fBHOMEBREW_FORBIDDEN_TAPS\fP \fBHOMEBREW_FORBIDDEN_TAPS\fP
A space\-separated list of taps\. Homebrew will refuse to install a formula if it or any of its dependencies is in a tap on this list\. A space\-separated list of taps\. Homebrew will refuse to install a formula if it or any of its dependencies is in a tap on this list\.
.TP .TP
\fBHOMEBREW_FORBID_PACKAGES_FROM_PATHS\fP
If set, Homebrew will refuse to read formulae or casks provided from file paths, e\.g\. \fBbrew install \./package\.rb\fP\&\.
.TP
\fBHOMEBREW_FORCE_BREWED_CA_CERTIFICATES\fP \fBHOMEBREW_FORCE_BREWED_CA_CERTIFICATES\fP
If set, always use a Homebrew\-installed \fBca\-certificates\fP rather than the system version\. Automatically set if the system version is too old\. If set, always use a Homebrew\-installed \fBca\-certificates\fP rather than the system version\. Automatically set if the system version is too old\.
.TP .TP