admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

disable: allow to disable due to checksum mismatch

Browse Source 
The rationale is that a checksum mismatch is a huge security issue.
This means that the current source file, but maybe the initial one,
might have been compromised.

In the case upstream does not respond quickly to clarify what happened,
or fails to respond, we can now rev-bump the formula, disable and unbottle it,
making sure we stop delivering the potentially malicious code

Further improvements:
- Add the url of the project in the error message to redirect users to
the closed pull request where we disabled this, to centralize the discussion
and avoid the opening of multiple new issues
- Add a warning on brew-update that something is fishy upstream
This commit is contained in:
Michka Popoff 2021-11-15 19:34:19 +01:00
parent ee02773c09
commit 1ce7f1fb7b
No known key found for this signature in database
GPG Key ID: 033D03F151030611
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Library/Homebrew/deprecate_disable.rb
View File

@ -16,6 +16,10 @@ module DeprecateDisable
unsupported: "is not supported upstream", unsupported: "is not supported upstream",
deprecated_upstream: "is deprecated upstream", deprecated_upstream: "is deprecated upstream",
versioned_formula: "is a versioned formula", versioned_formula: "is a versioned formula",
checksum_mismatch: "was built with an initially released source file that had "\
"a different checksum than the current one. " \
"Upstream's repository might have been compromised. " \
"We can re-package this once upstream has confirmed that they retagged their release",
}.freeze }.freeze
def deprecate_disable_info(formula) def deprecate_disable_info(formula)