These are always output in CI for e.g. `brew fetch google-chrome` and
are completely unactionable by the user.
Ultimately this is not disabling any security checks, it's just changing
when a warning is output and unifying the logic with the other similar
warning.
- don't care about no checksums being defined for official casks
- don't complain about Gatekeeper being disabled on GitHub Actions as
it's been globally disabled for the team
- Previously I thought that comments were fine to discourage people from
wasting their time trying to bump things that used `undef` that Sorbet
didn't support. But RuboCop is better at this since it'll complain if
the comments are unnecessary.
- Suggested in https://github.com/Homebrew/brew/pull/18018#issuecomment-2283369501.
- I've gone for a mixture of `rubocop:disable` for the files that can't
be `typed: strict` (use of undef, required before everything else, etc)
and `rubocop:todo` for everything else that should be tried to make
strictly typed. There's no functional difference between the two as
`rubocop:todo` is `rubocop:disable` with a different name.
- And I entirely disabled the cop for the docs/ directory since
`typed: strict` isn't going to gain us anything for some Markdown
linting config files.
- This means that now it's easier to track what needs to be done rather
than relying on checklists of files in our big Sorbet issue:
```shell
$ git grep 'typed: true # rubocop:todo Sorbet/StrictSigil' | wc -l
268
```
- And this is confirmed working for new files:
```shell
$ git status
On branch use-rubocop-for-sorbet-strict-sigils
Untracked files:
(use "git add <file>..." to include in what will be committed)
Library/Homebrew/bad.rb
Library/Homebrew/good.rb
nothing added to commit but untracked files present (use "git add" to track)
$ brew style
Offenses:
bad.rb:1:1: C: Sorbet/StrictSigil: Sorbet sigil should be at least strict got true.
^^^^^^^^^^^^^
1340 files inspected, 1 offense detected
```
- check for cask.url in audit steps
- check for cask.version in audit steps
- check for cask.sha256 in fetch command
- stop omitting casks based on nil url in audit command
It would be nice to be able to omit casks from the audit
if the os is not supported but there is not easy way to
do that without updating the SimulateSystem code or
refactoring how MacOSRequirement's are defined in the DSL.
These urls can be nil if there is an unsatisfied macos version
requirement. We check for false here because either the macos
requirement can be satisfied and return true or can not be
specified and return nil. If it's not specified, it means it
can run on any macos version.
The change in Cask::Download should provide better error messages
in Downloadable but honestly we're better off just checking for
the missing url higher up the call stack which is why I made
the changes in the fetch command. Either way it seemed like
a good idea while I'm here.
- I originally thought this was short for "function", but upon closer
inspection all its usages are to do with filenames. So, use "filename",
it's clearer.
Gatekeeper's Path Randomization is currently making automated
installation a nightmare. Let's manually toggle the (undocumented) app
translocation bit in the `com.apple.quarantine` extended attribute.
While we're at it, let's also toss in some fixes:
- zip downloads with improper permissions that prevent us from
quarantining
- quarantine/release/skip downloads as requested by the user
