admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Merge pull request #9111 from dtrodrigues/checksum-url

Browse Source 
audit: only flag if checksum changes when full url and version stay the same
This commit is contained in:
Dustin Rodrigues 2020-11-13 07:04:03 -05:00 committed by GitHub
commit 24c825efe2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Library/Homebrew/dev-cmd/audit.rb
View File

@ -903,6 +903,7 @@ module Homebrew
current_checksum = formula.stable.checksum current_checksum = formula.stable.checksum
current_version_scheme = formula.version_scheme current_version_scheme = formula.version_scheme
current_revision = formula.revision current_revision = formula.revision
current_url = formula.stable.url
previous_version = nil previous_version = nil
previous_version_scheme = nil previous_version_scheme = nil
@ -911,6 +912,7 @@ module Homebrew
newest_committed_version = nil newest_committed_version = nil
newest_committed_checksum = nil newest_committed_checksum = nil
newest_committed_revision = nil newest_committed_revision = nil
newest_committed_url = nil
fv.rev_list("origin/master") do |rev| fv.rev_list("origin/master") do |rev|
fv.formula_at_revision(rev) do |f| fv.formula_at_revision(rev) do |f|
@ -925,6 +927,7 @@ module Homebrew
newest_committed_version ||= previous_version newest_committed_version ||= previous_version
newest_committed_checksum ||= previous_checksum newest_committed_checksum ||= previous_checksum
newest_committed_revision ||= previous_revision newest_committed_revision ||= previous_revision
newest_committed_url ||= stable.url
end end
break if previous_version && current_version != previous_version break if previous_version && current_version != previous_version
@ -932,9 +935,10 @@ module Homebrew
end end
if current_version == newest_committed_version && if current_version == newest_committed_version &&
current_url == newest_committed_url &&
current_checksum != newest_committed_checksum current_checksum != newest_committed_checksum
problem( problem(
"stable sha256 changed without the version also changing; " \ "stable sha256 changed without the url/version also changing; " \
"please create an issue upstream to rule out malicious " \ "please create an issue upstream to rule out malicious " \
"circumstances and to find out why the file changed.", "circumstances and to find out why the file changed.",
) )

4
Library/Homebrew/test/dev-cmd/audit_spec.rb
View File

@ -682,7 +682,7 @@ module Homebrew
) )
end end
it { is_expected.to match("stable sha256 changed without the version also changing") } it { is_expected.to match("stable sha256 changed without the url/version also changing") }
end end
context "should not change with the same version when not the first commit" do context "should not change with the same version when not the first commit" do
@ -699,7 +699,7 @@ module Homebrew
) )
end end
it { is_expected.to match("stable sha256 changed without the version also changing") } it { is_expected.to match("stable sha256 changed without the url/version also changing") }
end end
context "can change with the different version" do context "can change with the different version" do