brew/Library/Homebrew/extend/os/mac/keg.rb

# typed: true # rubocop:disable Sorbet/StrictSigil
# frozen_string_literal: true

require "system_command"

module OS
  module Mac
    module Keg
      include SystemCommand::Mixin

      module ClassMethods
        def keg_link_directories
          @keg_link_directories ||= (super + ["Frameworks"]).freeze
        end

        def must_exist_subdirectories
          @must_exist_subdirectories ||= (
            super +
            [HOMEBREW_PREFIX/"Frameworks"]
          ).sort.uniq.freeze
        end

        def must_exist_directories
          @must_exist_directories = (
            super +
            [HOMEBREW_PREFIX/"Frameworks"]
          ).sort.uniq.freeze
        end

        def must_be_writable_directories
          @must_be_writable_directories ||= (
            super +
            [HOMEBREW_PREFIX/"Frameworks"]
          ).sort.uniq.freeze
        end
      end

      def binary_executable_or_library_files = mach_o_files

      def codesign_patched_binary(file)
        return if MacOS.version < :big_sur

        unless ::Hardware::CPU.arm?
          result = system_command("codesign", args: ["--verify", file], print_stderr: false)
          return unless result.stderr.match?(/invalid signature/i)
        end

        odebug "Codesigning #{file}"
        prepare_codesign_writable_files(file) do
          # Use quiet_system to squash notifications about resigning binaries
          # which already have valid signatures.
          return if quiet_system("codesign", "--sign", "-", "--force",
                                 "--preserve-metadata=entitlements,requirements,flags,runtime",
                                 file)

          # If the codesigning fails, it may be a bug in Apple's codesign utility
          # A known workaround is to copy the file to another inode, then move it back
          # erasing the previous file. Then sign again.
          #
          # TODO: remove this once the bug in Apple's codesign utility is fixed
          Dir::Tmpname.create("workaround") do |tmppath|
            FileUtils.cp file, tmppath
            FileUtils.mv tmppath, file, force: true
          end

          # Try signing again
          odebug "Codesigning (2nd try) #{file}"
          result = system_command("codesign", args: [
            "--sign", "-", "--force",
            "--preserve-metadata=entitlements,requirements,flags,runtime",
            file
          ], print_stderr: false)
          return if result.success?

          # If it fails again, error out
          onoe <<~EOS
            Failed applying an ad-hoc signature to #{file}:
            #{result.stderr}
          EOS
        end
      end

      def prepare_codesign_writable_files(file)
        result = system_command("codesign", args: [
          "--display", "--file-list", "-", file
        ], print_stderr: false)
        return unless result.success?

        files = result.stdout.lines.map { |f| Pathname(f.chomp) }
        saved_perms = {}
        files.each do |f|
          unless f.writable?
            saved_perms[f] = f.stat.mode
            FileUtils.chmod "u+rw", f.to_path
          end
        end
        yield
      ensure
        saved_perms&.each do |f, p|
          f.chmod p if p
        end
      end

      def prepare_debug_symbols
        binary_executable_or_library_files.each do |file|
          odebug "Extracting symbols #{file}"

          result = system_command("dsymutil", args: [file], print_stderr: false)
          next if result.success?

          # If it fails again, error out
          ofail <<~EOS
            Failed to extract symbols from #{file}:
            #{result.stderr}
          EOS
        end
      end

      # Needed to make symlink permissions consistent on macOS and Linux for
      # reproducible bottles.
      def consistent_reproducible_symlink_permissions!
        path.find do |file|
          File.lchmod 0777, file if file.symlink?
        end
      end
    end
  end
end

Keg.singleton_class.prepend(OS::Mac::Keg::ClassMethods)
Keg.prepend(OS::Mac::Keg)
rubocop: Use `Sorbet/StrictSigil` as it's better than comments - Previously I thought that comments were fine to discourage people from wasting their time trying to bump things that used `undef` that Sorbet didn't support. But RuboCop is better at this since it'll complain if the comments are unnecessary. - Suggested in https://github.com/Homebrew/brew/pull/18018#issuecomment-2283369501. - I've gone for a mixture of `rubocop:disable` for the files that can't be `typed: strict` (use of undef, required before everything else, etc) and `rubocop:todo` for everything else that should be tried to make strictly typed. There's no functional difference between the two as `rubocop:todo` is `rubocop:disable` with a different name. - And I entirely disabled the cop for the docs/ directory since `typed: strict` isn't going to gain us anything for some Markdown linting config files. - This means that now it's easier to track what needs to be done rather than relying on checklists of files in our big Sorbet issue: ```shell $ git grep 'typed: true # rubocop:todo Sorbet/StrictSigil' \| wc -l 268 ``` - And this is confirmed working for new files: ```shell $ git status On branch use-rubocop-for-sorbet-strict-sigils Untracked files: (use "git add <file>..." to include in what will be committed) Library/Homebrew/bad.rb Library/Homebrew/good.rb nothing added to commit but untracked files present (use "git add" to track) $ brew style Offenses: bad.rb:1:1: C: Sorbet/StrictSigil: Sorbet sigil should be at least strict got true. ^^^^^^^^^^^^^ 1340 files inspected, 1 offense detected ``` 2024-08-12 10:30:59 +01:00			`# typed: true # rubocop:disable Sorbet/StrictSigil`
Add frozen_string_literal to all files. 2019-04-19 15:38:03 +09:00			`# frozen_string_literal: true`

Require SystemInclude only where needed 2024-01-26 17:33:55 -08:00			`require "system_command"`

Move remaining OS extensions to prepend 2024-09-21 12:24:21 -07:00			`module OS`
			`module Mac`
			`module Keg`
Replace removable constants with overridable methods 2024-10-05 13:46:24 -07:00			`include SystemCommand::Mixin`

			`module ClassMethods`
			`def keg_link_directories`
			`@keg_link_directories \|\|= (super + ["Frameworks"]).freeze`
			`end`

			`def must_exist_subdirectories`
			`@must_exist_subdirectories \|\|= (`
			`super +`
			`[HOMEBREW_PREFIX/"Frameworks"]`
			`).sort.uniq.freeze`
			`end`

			`def must_exist_directories`
			`@must_exist_directories = (`
			`super +`
			`[HOMEBREW_PREFIX/"Frameworks"]`
			`).sort.uniq.freeze`
			`end`

			`def must_be_writable_directories`
			`@must_be_writable_directories \|\|= (`
			`super +`
			`[HOMEBREW_PREFIX/"Frameworks"]`
			`).sort.uniq.freeze`
			`end`
			`end`

Move remaining OS extensions to prepend 2024-09-21 12:24:21 -07:00			`def binary_executable_or_library_files = mach_o_files`

			`def codesign_patched_binary(file)`
			`return if MacOS.version < :big_sur`

			`unless ::Hardware::CPU.arm?`
			`result = system_command("codesign", args: ["--verify", file], print_stderr: false)`
			`return unless result.stderr.match?(/invalid signature/i)`
			`end`

			`odebug "Codesigning #{file}"`
			`prepare_codesign_writable_files(file) do`
			`# Use quiet_system to squash notifications about resigning binaries`
			`# which already have valid signatures.`
			`return if quiet_system("codesign", "--sign", "-", "--force",`
			`"--preserve-metadata=entitlements,requirements,flags,runtime",`
			`file)`

			`# If the codesigning fails, it may be a bug in Apple's codesign utility`
			`# A known workaround is to copy the file to another inode, then move it back`
			`# erasing the previous file. Then sign again.`
			`#`
			`# TODO: remove this once the bug in Apple's codesign utility is fixed`
			`Dir::Tmpname.create("workaround") do \|tmppath\|`
			`FileUtils.cp file, tmppath`
			`FileUtils.mv tmppath, file, force: true`
			`end`

			`# Try signing again`
			`odebug "Codesigning (2nd try) #{file}"`
			`result = system_command("codesign", args: [`
			`"--sign", "-", "--force",`
			`"--preserve-metadata=entitlements,requirements,flags,runtime",`
			`file`
			`], print_stderr: false)`
			`return if result.success?`

			`# If it fails again, error out`
			`onoe <<~EOS`
			`Failed applying an ad-hoc signature to #{file}:`
			`#{result.stderr}`
			`EOS`
			`end`
extend/os/mac: ensure writable file for codesign 2022-10-03 22:55:26 -04:00			`end`

Move remaining OS extensions to prepend 2024-09-21 12:24:21 -07:00			`def prepare_codesign_writable_files(file)`
			`result = system_command("codesign", args: [`
			`"--display", "--file-list", "-", file`
			`], print_stderr: false)`
			`return unless result.success?`

			`files = result.stdout.lines.map { \|f\| Pathname(f.chomp) }`
			`saved_perms = {}`
			`files.each do \|f\|`
			`unless f.writable?`
			`saved_perms[f] = f.stat.mode`
			`FileUtils.chmod "u+rw", f.to_path`
			`end`
			`end`
			`yield`
			`ensure`
			`saved_perms&.each do \|f, p\|`
			`f.chmod p if p`
			`end`
extend/os/mac: ensure writable file for codesign 2022-10-03 22:55:26 -04:00			`end`
Conceptual draft of dsym support for macos 2022-07-26 00:00:45 +01:00
Move remaining OS extensions to prepend 2024-09-21 12:24:21 -07:00			`def prepare_debug_symbols`
			`binary_executable_or_library_files.each do \|file\|`
			`odebug "Extracting symbols #{file}"`
Conceptual draft of dsym support for macos 2022-07-26 00:00:45 +01:00
Move remaining OS extensions to prepend 2024-09-21 12:24:21 -07:00			`result = system_command("dsymutil", args: [file], print_stderr: false)`
			`next if result.success?`
dev-cmd/bottle: use `gnu-tar`'s `--mtime`. This allows us to remove all the manual timestamp fiddling and lets `gnu-tar` handle it for us instead (as-per the most recent recommendations on https://reproducible-builds.org/docs/archives/). 2022-12-12 16:47:56 +00:00
Move remaining OS extensions to prepend 2024-09-21 12:24:21 -07:00			`# If it fails again, error out`
			`ofail <<~EOS`
			`Failed to extract symbols from #{file}:`
			`#{result.stderr}`
			`EOS`
			`end`
			`end`
dev-cmd/bottle: use `gnu-tar`'s `--mtime`. This allows us to remove all the manual timestamp fiddling and lets `gnu-tar` handle it for us instead (as-per the most recent recommendations on https://reproducible-builds.org/docs/archives/). 2022-12-12 16:47:56 +00:00
Move remaining OS extensions to prepend 2024-09-21 12:24:21 -07:00			`# Needed to make symlink permissions consistent on macOS and Linux for`
			`# reproducible bottles.`
			`def consistent_reproducible_symlink_permissions!`
			`path.find do \|file\|`
			`File.lchmod 0777, file if file.symlink?`
			`end`
			`end`
dev-cmd/bottle: use `gnu-tar`'s `--mtime`. This allows us to remove all the manual timestamp fiddling and lets `gnu-tar` handle it for us instead (as-per the most recent recommendations on https://reproducible-builds.org/docs/archives/). 2022-12-12 16:47:56 +00:00			`end`
			`end`
Keg::MUST_EXIST_DIRECTORIES: Frameworks is for macOS 2018-10-04 22:55:00 -07:00			`end`
Move remaining OS extensions to prepend 2024-09-21 12:24:21 -07:00
Replace removable constants with overridable methods 2024-10-05 13:46:24 -07:00			`Keg.singleton_class.prepend(OS::Mac::Keg::ClassMethods)`
Move remaining OS extensions to prepend 2024-09-21 12:24:21 -07:00			`Keg.prepend(OS::Mac::Keg)`