Merge pull request #2524 from MikeMcQuaid/more-env-filtering-fixes
Hide sensitive tokens from install/test/post.
This commit is contained in:
Mike McQuaid
GitHub
commit
11acadaa50
@ -8,10 +8,10 @@ module Homebrew
|
|||||||
def mirror
|
def mirror
|
||||||
odie "This command requires at least formula argument!" if ARGV.named.empty?
|
odie "This command requires at least formula argument!" if ARGV.named.empty?
|
||||||
|
|
||||||
bintray_user = ENV["BINTRAY_USER"]
|
bintray_user = ENV["HOMEBREW_BINTRAY_USER"]
|
||||||
bintray_key = ENV["BINTRAY_KEY"]
|
bintray_key = ENV["HOMEBREW_BINTRAY_KEY"]
|
||||||
if !bintray_user || !bintray_key
|
if !bintray_user || !bintray_key
|
||||||
raise "Missing BINTRAY_USER or BINTRAY_KEY variables!"
|
raise "Missing HOMEBREW_BINTRAY_USER or HOMEBREW_BINTRAY_KEY variables!"
|
||||||
end
|
end
|
||||||
|
|
||||||
ARGV.formulae.each do |f|
|
ARGV.formulae.each do |f|
|
||||||
|
|||||||
@ -263,7 +263,7 @@ module Homebrew
|
|||||||
end
|
end
|
||||||
|
|
||||||
published = []
|
published = []
|
||||||
bintray_creds = { user: ENV["BINTRAY_USER"], key: ENV["BINTRAY_KEY"] }
|
bintray_creds = { user: ENV["HOMEBREW_BINTRAY_USER"], key: ENV["HOMEBREW_BINTRAY_KEY"] }
|
||||||
if bintray_creds[:user] && bintray_creds[:key]
|
if bintray_creds[:user] && bintray_creds[:key]
|
||||||
changed_formulae_names.each do |name|
|
changed_formulae_names.each do |name|
|
||||||
f = Formula[name]
|
f = Formula[name]
|
||||||
@ -272,7 +272,7 @@ module Homebrew
|
|||||||
published << f.full_name
|
published << f.full_name
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
opoo "You must set BINTRAY_USER and BINTRAY_KEY to add or update bottles on Bintray!"
|
opoo "You must set HOMEBREW_BINTRAY_USER and HOMEBREW_BINTRAY_KEY to add or update bottles on Bintray!"
|
||||||
end
|
end
|
||||||
published
|
published
|
||||||
end
|
end
|
||||||
|
|||||||
@ -439,7 +439,7 @@ module Homebrew
|
|||||||
|
|
||||||
message = ""
|
message = ""
|
||||||
|
|
||||||
paths.each do |p|
|
paths(ENV["HOMEBREW_PATH"]).each do |p|
|
||||||
case p
|
case p
|
||||||
when "/usr/bin"
|
when "/usr/bin"
|
||||||
unless $seen_prefix_bin
|
unless $seen_prefix_bin
|
||||||
@ -609,7 +609,7 @@ module Homebrew
|
|||||||
/Applications/Server.app/Contents/ServerRoot/usr/sbin
|
/Applications/Server.app/Contents/ServerRoot/usr/sbin
|
||||||
].map(&:downcase)
|
].map(&:downcase)
|
||||||
|
|
||||||
paths.each do |p|
|
paths(ENV["HOMEBREW_PATH"]).each do |p|
|
||||||
next if whitelist.include?(p.downcase) || !File.directory?(p)
|
next if whitelist.include?(p.downcase) || !File.directory?(p)
|
||||||
|
|
||||||
realpath = Pathname.new(p).realpath.to_s
|
realpath = Pathname.new(p).realpath.to_s
|
||||||
|
|||||||
@ -26,6 +26,13 @@ module EnvActivation
|
|||||||
ensure
|
ensure
|
||||||
replace(old_env)
|
replace(old_env)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def clear_sensitive_environment!
|
||||||
|
ENV.keys.each do |key|
|
||||||
|
next unless /(cookie|key|token)/i =~ key
|
||||||
|
ENV.delete key
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
ENV.extend(EnvActivation)
|
ENV.extend(EnvActivation)
|
||||||
|
|||||||
@ -13,6 +13,7 @@ require "pkg_version"
|
|||||||
require "tap"
|
require "tap"
|
||||||
require "keg"
|
require "keg"
|
||||||
require "migrator"
|
require "migrator"
|
||||||
|
require "extend/ENV"
|
||||||
|
|
||||||
# A formula provides instructions and metadata for Homebrew to install a piece
|
# A formula provides instructions and metadata for Homebrew to install a piece
|
||||||
# of software. Every Homebrew formula is a {Formula}.
|
# of software. Every Homebrew formula is a {Formula}.
|
||||||
@ -1013,10 +1014,17 @@ class Formula
|
|||||||
@prefix_returns_versioned_prefix = true
|
@prefix_returns_versioned_prefix = true
|
||||||
build = self.build
|
build = self.build
|
||||||
self.build = Tab.for_formula(self)
|
self.build = Tab.for_formula(self)
|
||||||
|
|
||||||
old_tmpdir = ENV["TMPDIR"]
|
old_tmpdir = ENV["TMPDIR"]
|
||||||
old_temp = ENV["TEMP"]
|
old_temp = ENV["TEMP"]
|
||||||
old_tmp = ENV["TMP"]
|
old_tmp = ENV["TMP"]
|
||||||
|
old_path = ENV["HOMEBREW_PATH"]
|
||||||
|
|
||||||
ENV["TMPDIR"] = ENV["TEMP"] = ENV["TMP"] = HOMEBREW_TEMP
|
ENV["TMPDIR"] = ENV["TEMP"] = ENV["TMP"] = HOMEBREW_TEMP
|
||||||
|
ENV["HOMEBREW_PATH"] = nil
|
||||||
|
|
||||||
|
ENV.clear_sensitive_environment!
|
||||||
|
|
||||||
with_logging("post_install") do
|
with_logging("post_install") do
|
||||||
post_install
|
post_install
|
||||||
end
|
end
|
||||||
@ -1025,6 +1033,7 @@ class Formula
|
|||||||
ENV["TMPDIR"] = old_tmpdir
|
ENV["TMPDIR"] = old_tmpdir
|
||||||
ENV["TEMP"] = old_temp
|
ENV["TEMP"] = old_temp
|
||||||
ENV["TMP"] = old_tmp
|
ENV["TMP"] = old_tmp
|
||||||
|
ENV["HOMEBREW_PATH"] = old_path
|
||||||
@prefix_returns_versioned_prefix = false
|
@prefix_returns_versioned_prefix = false
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -1664,9 +1673,15 @@ class Formula
|
|||||||
old_temp = ENV["TEMP"]
|
old_temp = ENV["TEMP"]
|
||||||
old_tmp = ENV["TMP"]
|
old_tmp = ENV["TMP"]
|
||||||
old_term = ENV["TERM"]
|
old_term = ENV["TERM"]
|
||||||
|
old_path = ENV["HOMEBREW_PATH"]
|
||||||
|
|
||||||
ENV["CURL_HOME"] = old_curl_home || old_home
|
ENV["CURL_HOME"] = old_curl_home || old_home
|
||||||
ENV["TMPDIR"] = ENV["TEMP"] = ENV["TMP"] = HOMEBREW_TEMP
|
ENV["TMPDIR"] = ENV["TEMP"] = ENV["TMP"] = HOMEBREW_TEMP
|
||||||
ENV["TERM"] = "dumb"
|
ENV["TERM"] = "dumb"
|
||||||
|
ENV["HOMEBREW_PATH"] = nil
|
||||||
|
|
||||||
|
ENV.clear_sensitive_environment!
|
||||||
|
|
||||||
mktemp("#{name}-test") do |staging|
|
mktemp("#{name}-test") do |staging|
|
||||||
staging.retain! if ARGV.keep_tmp?
|
staging.retain! if ARGV.keep_tmp?
|
||||||
@testpath = staging.tmpdir
|
@testpath = staging.tmpdir
|
||||||
@ -1689,6 +1704,7 @@ class Formula
|
|||||||
ENV["TEMP"] = old_temp
|
ENV["TEMP"] = old_temp
|
||||||
ENV["TMP"] = old_tmp
|
ENV["TMP"] = old_tmp
|
||||||
ENV["TERM"] = old_term
|
ENV["TERM"] = old_term
|
||||||
|
ENV["HOMEBREW_PATH"] = old_path
|
||||||
@prefix_returns_versioned_prefix = false
|
@prefix_returns_versioned_prefix = false
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -1925,17 +1941,24 @@ class Formula
|
|||||||
mkdir_p env_home
|
mkdir_p env_home
|
||||||
|
|
||||||
old_home = ENV["HOME"]
|
old_home = ENV["HOME"]
|
||||||
ENV["HOME"] = env_home
|
|
||||||
old_curl_home = ENV["CURL_HOME"]
|
old_curl_home = ENV["CURL_HOME"]
|
||||||
|
old_path = ENV["HOMEBREW_PATH"]
|
||||||
|
|
||||||
|
ENV["HOME"] = env_home
|
||||||
ENV["CURL_HOME"] = old_curl_home || old_home
|
ENV["CURL_HOME"] = old_curl_home || old_home
|
||||||
|
ENV["HOMEBREW_PATH"] = nil
|
||||||
|
|
||||||
setup_home env_home
|
setup_home env_home
|
||||||
|
|
||||||
|
ENV.clear_sensitive_environment!
|
||||||
|
|
||||||
begin
|
begin
|
||||||
yield staging
|
yield staging
|
||||||
ensure
|
ensure
|
||||||
@buildpath = nil
|
@buildpath = nil
|
||||||
ENV["HOME"] = old_home
|
ENV["HOME"] = old_home
|
||||||
ENV["CURL_HOME"] = old_curl_home
|
ENV["CURL_HOME"] = old_curl_home
|
||||||
|
ENV["HOMEBREW_PATH"] = old_path
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@ -53,7 +53,7 @@ HOMEBREW_PULL_OR_COMMIT_URL_REGEX = %r[https://github\.com/([\w-]+)/([\w-]+)?/(?
|
|||||||
|
|
||||||
require "compat" unless ARGV.include?("--no-compat") || ENV["HOMEBREW_NO_COMPAT"]
|
require "compat" unless ARGV.include?("--no-compat") || ENV["HOMEBREW_NO_COMPAT"]
|
||||||
|
|
||||||
ORIGINAL_PATHS = ENV["PATH"].split(File::PATH_SEPARATOR).map do |p|
|
ORIGINAL_PATHS = ENV["HOMEBREW_PATH"].split(File::PATH_SEPARATOR).map do |p|
|
||||||
begin
|
begin
|
||||||
Pathname.new(p).expand_path
|
Pathname.new(p).expand_path
|
||||||
rescue
|
rescue
|
||||||
|
|||||||
@ -122,8 +122,9 @@ describe Homebrew::Diagnostic::Checks do
|
|||||||
specify "#check_user_path_3" do
|
specify "#check_user_path_3" do
|
||||||
begin
|
begin
|
||||||
sbin = HOMEBREW_PREFIX/"sbin"
|
sbin = HOMEBREW_PREFIX/"sbin"
|
||||||
ENV["PATH"] = "#{HOMEBREW_PREFIX}/bin#{File::PATH_SEPARATOR}" +
|
ENV["HOMEBREW_PATH"] =
|
||||||
ENV["PATH"].gsub(/(?:^|#{Regexp.escape(File::PATH_SEPARATOR)})#{Regexp.escape(sbin)}/, "")
|
"#{HOMEBREW_PREFIX}/bin#{File::PATH_SEPARATOR}" +
|
||||||
|
ENV["HOMEBREW_PATH"].gsub(/(?:^|#{Regexp.escape(File::PATH_SEPARATOR)})#{Regexp.escape(sbin)}/, "")
|
||||||
(sbin/"something").mkpath
|
(sbin/"something").mkpath
|
||||||
|
|
||||||
expect(subject.check_user_path_1).to be nil
|
expect(subject.check_user_path_1).to be nil
|
||||||
@ -149,7 +150,9 @@ describe Homebrew::Diagnostic::Checks do
|
|||||||
file = "#{path}/foo-config"
|
file = "#{path}/foo-config"
|
||||||
FileUtils.touch file
|
FileUtils.touch file
|
||||||
FileUtils.chmod 0755, file
|
FileUtils.chmod 0755, file
|
||||||
ENV["PATH"] = "#{path}#{File::PATH_SEPARATOR}#{ENV["PATH"]}"
|
ENV["HOMEBREW_PATH"] =
|
||||||
|
ENV["PATH"] =
|
||||||
|
"#{path}#{File::PATH_SEPARATOR}#{ENV["PATH"]}"
|
||||||
|
|
||||||
expect(subject.check_for_config_scripts)
|
expect(subject.check_for_config_scripts)
|
||||||
.to match('"config" scripts exist')
|
.to match('"config" scripts exist')
|
||||||
|
|||||||
@ -72,6 +72,7 @@ RSpec.shared_context "integration test" do
|
|||||||
|
|
||||||
env.merge!(
|
env.merge!(
|
||||||
"PATH" => path,
|
"PATH" => path,
|
||||||
|
"HOMEBREW_PATH" => path,
|
||||||
"HOMEBREW_BREW_FILE" => HOMEBREW_PREFIX/"bin/brew",
|
"HOMEBREW_BREW_FILE" => HOMEBREW_PREFIX/"bin/brew",
|
||||||
"HOMEBREW_INTEGRATION_TEST" => command_id_from_args(args),
|
"HOMEBREW_INTEGRATION_TEST" => command_id_from_args(args),
|
||||||
"HOMEBREW_TEST_TMPDIR" => TEST_TMPDIR,
|
"HOMEBREW_TEST_TMPDIR" => TEST_TMPDIR,
|
||||||
|
|||||||
@ -406,8 +406,8 @@ def nostdout
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def paths
|
def paths(env_path = ENV["PATH"])
|
||||||
@paths ||= ENV["PATH"].split(File::PATH_SEPARATOR).collect do |p|
|
@paths ||= env_path.split(File::PATH_SEPARATOR).collect do |p|
|
||||||
begin
|
begin
|
||||||
File.expand_path(p).chomp("/")
|
File.expand_path(p).chomp("/")
|
||||||
rescue ArgumentError
|
rescue ArgumentError
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user