Merge pull request #4796 from amyspark/quarantine-swift-clt
Cask: check that the tools for quarantining are available
This commit is contained in:
Mike McQuaid
GitHub
commit
11ac4db05e
@ -22,6 +22,7 @@ module Hbc
|
|||||||
|
|
||||||
def run
|
def run
|
||||||
check_software_versions
|
check_software_versions
|
||||||
|
check_quarantine_support
|
||||||
check_install_location
|
check_install_location
|
||||||
check_staging_location
|
check_staging_location
|
||||||
check_taps
|
check_taps
|
||||||
@ -116,6 +117,23 @@ module Hbc
|
|||||||
(locale_variables + environment_variables).sort.each(&method(:render_env_var))
|
(locale_variables + environment_variables).sort.each(&method(:render_env_var))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def check_quarantine_support
|
||||||
|
ohai "Gatekeeper support"
|
||||||
|
|
||||||
|
status = Quarantine.check_quarantine_support
|
||||||
|
|
||||||
|
case status
|
||||||
|
when :quarantine_available
|
||||||
|
puts "Enabled"
|
||||||
|
when :no_swift
|
||||||
|
add_error "Swift is not available on this system."
|
||||||
|
when :no_quarantine
|
||||||
|
add_error "This feature requires the macOS 10.10 SDK or higher."
|
||||||
|
else
|
||||||
|
onoe "Unknown support status"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def user_tilde(path)
|
def user_tilde(path)
|
||||||
self.class.user_tilde(path)
|
self.class.user_tilde(path)
|
||||||
end
|
end
|
||||||
|
|||||||
@ -186,7 +186,7 @@ module Hbc
|
|||||||
return unless quarantine?
|
return unless quarantine?
|
||||||
return unless Quarantine.available?
|
return unless Quarantine.available?
|
||||||
|
|
||||||
Quarantine.propagate(from: @downloaded_path, to: @cask.staged_path, command: @command)
|
Quarantine.propagate(from: @downloaded_path, to: @cask.staged_path)
|
||||||
end
|
end
|
||||||
|
|
||||||
def install_artifacts
|
def install_artifacts
|
||||||
|
|||||||
@ -12,10 +12,29 @@ module Hbc
|
|||||||
@swift ||= DevelopmentTools.locate("swift")
|
@swift ||= DevelopmentTools.locate("swift")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def check_quarantine_support
|
||||||
|
odebug "Checking quarantine support"
|
||||||
|
|
||||||
|
if swift.nil?
|
||||||
|
odebug "Swift is not available on this system."
|
||||||
|
return :no_swift
|
||||||
|
end
|
||||||
|
|
||||||
|
api_check = system_command(swift, args: [QUARANTINE_SCRIPT])
|
||||||
|
|
||||||
|
if api_check.exit_status == 5
|
||||||
|
odebug "This feature requires the macOS 10.10 SDK or higher."
|
||||||
|
return :no_quarantine
|
||||||
|
end
|
||||||
|
|
||||||
|
odebug "Quarantine is available."
|
||||||
|
:quarantine_available
|
||||||
|
end
|
||||||
|
|
||||||
def available?
|
def available?
|
||||||
status = !swift.nil?
|
@status ||= check_quarantine_support
|
||||||
odebug "Quarantine is #{status ? "available" : "not available"}."
|
|
||||||
status
|
@status == :quarantine_available
|
||||||
end
|
end
|
||||||
|
|
||||||
def detect(file)
|
def detect(file)
|
||||||
@ -30,18 +49,18 @@ module Hbc
|
|||||||
quarantine_status
|
quarantine_status
|
||||||
end
|
end
|
||||||
|
|
||||||
def status(file, command: SystemCommand)
|
def status(file)
|
||||||
command.run("/usr/bin/xattr",
|
system_command("/usr/bin/xattr",
|
||||||
args: ["-p", QUARANTINE_ATTRIBUTE, file],
|
args: ["-p", QUARANTINE_ATTRIBUTE, file],
|
||||||
print_stderr: false).stdout.rstrip
|
print_stderr: false).stdout.rstrip
|
||||||
end
|
end
|
||||||
|
|
||||||
def cask(cask: nil, download_path: nil, command: SystemCommand)
|
def cask(cask: nil, download_path: nil)
|
||||||
return if cask.nil? || download_path.nil?
|
return if cask.nil? || download_path.nil?
|
||||||
|
|
||||||
odebug "Quarantining #{download_path}"
|
odebug "Quarantining #{download_path}"
|
||||||
|
|
||||||
quarantiner = command.run(swift,
|
quarantiner = system_command(swift,
|
||||||
args: [
|
args: [
|
||||||
QUARANTINE_SCRIPT,
|
QUARANTINE_SCRIPT,
|
||||||
download_path,
|
download_path,
|
||||||
@ -59,17 +78,28 @@ module Hbc
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def propagate(from: nil, to: nil, command: SystemCommand)
|
def propagate(from: nil, to: nil)
|
||||||
return if from.nil? || to.nil?
|
return if from.nil? || to.nil?
|
||||||
|
|
||||||
raise CaskError, "#{from} was not quarantined properly." unless detect(from)
|
raise CaskError, "#{from} was not quarantined properly." unless detect(from)
|
||||||
|
|
||||||
odebug "Propagating quarantine from #{from} to #{to}"
|
odebug "Propagating quarantine from #{from} to #{to}"
|
||||||
|
|
||||||
quarantine_status = status(from, command: command)
|
quarantine_status = status(from)
|
||||||
|
|
||||||
quarantiner = command.run("/usr/bin/xattr",
|
resolved_paths = Pathname.glob(to/"**/*", File::FNM_DOTMATCH)
|
||||||
args: ["-w", "-rs", QUARANTINE_ATTRIBUTE, quarantine_status, to],
|
|
||||||
|
quarantiner = system_command("/usr/bin/xargs",
|
||||||
|
args: [
|
||||||
|
"-0",
|
||||||
|
"--",
|
||||||
|
"/usr/bin/xattr",
|
||||||
|
"-w",
|
||||||
|
"-s",
|
||||||
|
QUARANTINE_ATTRIBUTE,
|
||||||
|
quarantine_status,
|
||||||
|
],
|
||||||
|
input: resolved_paths.join("\0"),
|
||||||
print_stderr: false)
|
print_stderr: false)
|
||||||
|
|
||||||
return if quarantiner.success?
|
return if quarantiner.success?
|
||||||
|
|||||||
@ -7,6 +7,7 @@ struct swifterr: TextOutputStream {
|
|||||||
mutating func write(_ string: String) { fputs(string, stderr) }
|
mutating func write(_ string: String) { fputs(string, stderr) }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if #available(macOS 10.10, *) {
|
||||||
if (CommandLine.arguments.count < 4) {
|
if (CommandLine.arguments.count < 4) {
|
||||||
exit(2)
|
exit(2)
|
||||||
}
|
}
|
||||||
@ -40,3 +41,7 @@ else {
|
|||||||
}
|
}
|
||||||
|
|
||||||
exit(0)
|
exit(0)
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
exit(5)
|
||||||
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user