admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Merge pull request #4768 from reitermarkus/deprecate-gpg-stanza

Browse Source 
Deprecate `gpg` stanza.
This commit is contained in:
Markus Reiter 2018-09-03 21:21:23 +02:00 committed by GitHub
commit 654ad4690a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 31 additions and 339 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Library/Homebrew/cask/lib/hbc/cask.rb
View File

@ -132,7 +132,6 @@ module Hbc
"depends_on" => depends_on, "depends_on" => depends_on,
"conflicts_with" => conflicts_with.to_a, "conflicts_with" => conflicts_with.to_a,
"container" => container, "container" => container,
"gpg" => gpg,
"accessibility_access" => accessibility_access, "accessibility_access" => accessibility_access,
"auto_updates" => auto_updates, "auto_updates" => auto_updates,
} }

6
Library/Homebrew/cask/lib/hbc/dsl.rb
View File

@ -12,7 +12,6 @@ require "hbc/dsl/caveats"
require "hbc/dsl/conflicts_with" require "hbc/dsl/conflicts_with"
require "hbc/dsl/container" require "hbc/dsl/container"
require "hbc/dsl/depends_on" require "hbc/dsl/depends_on"
require "hbc/dsl/gpg"
require "hbc/dsl/postflight" require "hbc/dsl/postflight"
require "hbc/dsl/preflight" require "hbc/dsl/preflight"
require "hbc/dsl/uninstall_postflight" require "hbc/dsl/uninstall_postflight"
@ -64,7 +63,6 @@ module Hbc
:conflicts_with, :conflicts_with,
:container, :container,
:depends_on, :depends_on,
:gpg,
:homepage, :homepage,
:language, :language,
:languages, :languages,
@ -179,10 +177,6 @@ module Hbc
set_unique_stanza(:appcast, args.empty?) { DSL::Appcast.new(*args) } set_unique_stanza(:appcast, args.empty?) { DSL::Appcast.new(*args) }
end end
def gpg(*args)
set_unique_stanza(:gpg, args.empty?) { DSL::Gpg.new(*args) }
end
def container(*args) def container(*args)
set_unique_stanza(:container, args.empty?) do set_unique_stanza(:container, args.empty?) do
DSL::Container.new(*args) DSL::Container.new(*args)

47
Library/Homebrew/cask/lib/hbc/dsl/gpg.rb
View File

@ -1,47 +0,0 @@
module Hbc
class DSL
class Gpg
KEY_PARAMETERS = Set.new [
:key_id,
:key_url,
]
VALID_PARAMETERS = Set.new []
VALID_PARAMETERS.merge KEY_PARAMETERS
attr_accessor(*VALID_PARAMETERS)
attr_accessor :signature
def initialize(signature, parameters = {})
@parameters = parameters
@signature = URI(signature) unless signature == :embedded
parameters.each do |hkey, hvalue|
raise "invalid 'gpg' parameter: '#{hkey.inspect}'" unless VALID_PARAMETERS.include?(hkey)
writer_method = "#{hkey}=".to_sym
hvalue = URI(hvalue) if hkey == :key_url
valid_id?(hvalue) if hkey == :key_id
send(writer_method, hvalue)
end
return if KEY_PARAMETERS.intersection(parameters.keys).length == 1
raise "'gpg' stanza must include exactly one of: '#{KEY_PARAMETERS.to_a}'"
end
def valid_id?(id)
legal_lengths = Set.new [8, 16, 40]
is_valid = id.is_a?(String) && legal_lengths.include?(id.length) && id[/^[0-9a-f]+$/i]
raise "invalid ':key_id' value: '#{id.inspect}'" unless is_valid
is_valid
end
def to_yaml
# bug, :key_url value is not represented as an instance of URI
[@signature, @parameters].to_yaml
end
def to_s
@signature.to_s
end
end
end
end

30
Library/Homebrew/cask/lib/hbc/installer.rb
View File

@ -22,8 +22,6 @@ module Hbc
include Staged include Staged
include Verify include Verify
PERSISTENT_METADATA_SUBDIRS = ["gpg"].freeze
def initialize(cask, command: SystemCommand, force: false, def initialize(cask, command: SystemCommand, force: false,
skip_cask_deps: false, binaries: true, verbose: false, skip_cask_deps: false, binaries: true, verbose: false,
require_sha: false, upgrade: false, require_sha: false, upgrade: false,
@ -504,12 +502,12 @@ module Hbc
def backup_path def backup_path
return if @cask.staged_path.nil? return if @cask.staged_path.nil?
Pathname.new "#{@cask.staged_path}.upgrading" Pathname("#{@cask.staged_path}.upgrading")
end end
def backup_metadata_path def backup_metadata_path
return if @cask.metadata_versioned_path.nil? return if @cask.metadata_versioned_path.nil?
Pathname.new "#{@cask.metadata_versioned_path}.upgrading" Pathname("#{@cask.metadata_versioned_path}.upgrading")
end end
def gain_permissions_remove(path) def gain_permissions_remove(path)
@ -520,15 +518,13 @@ module Hbc
ohai "Purging files for version #{@cask.version} of Cask #{@cask}" ohai "Purging files for version #{@cask.version} of Cask #{@cask}"
# versioned staged distribution # versioned staged distribution
gain_permissions_remove(backup_path) if !backup_path.nil? && backup_path.exist? gain_permissions_remove(backup_path) if backup_path&.exist?
# Homebrew-Cask metadata # Homebrew-Cask metadata
if backup_metadata_path.directory? return unless backup_metadata_path.directory?
backup_metadata_path.children.each do |subdir|
unless PERSISTENT_METADATA_SUBDIRS.include?(subdir.basename) backup_metadata_path.children.each do |subdir|
gain_permissions_remove(subdir) gain_permissions_remove(subdir)
end
end
end end
backup_metadata_path.rmdir_if_possible backup_metadata_path.rmdir_if_possible
end end
@ -537,18 +533,16 @@ module Hbc
ohai "Purging files for version #{@cask.version} of Cask #{@cask}" ohai "Purging files for version #{@cask.version} of Cask #{@cask}"
# versioned staged distribution # versioned staged distribution
gain_permissions_remove(@cask.staged_path) if !@cask.staged_path.nil? && @cask.staged_path.exist? gain_permissions_remove(@cask.staged_path) if @cask.staged_path&.exist?
# Homebrew-Cask metadata # Homebrew-Cask metadata
if @cask.metadata_versioned_path.respond_to?(:children) && if @cask.metadata_versioned_path.directory?
@cask.metadata_versioned_path.exist?
@cask.metadata_versioned_path.children.each do |subdir| @cask.metadata_versioned_path.children.each do |subdir|
unless PERSISTENT_METADATA_SUBDIRS.include?(subdir.basename) gain_permissions_remove(subdir)
gain_permissions_remove(subdir)
end
end end
@cask.metadata_versioned_path.rmdir_if_possible
end end
@cask.metadata_versioned_path.rmdir_if_possible
@cask.metadata_master_container_path.rmdir_if_possible unless upgrade? @cask.metadata_master_container_path.rmdir_if_possible unless upgrade?
# toplevel staged distribution # toplevel staged distribution

4
Library/Homebrew/cask/lib/hbc/verify.rb
View File

@ -1,5 +1,4 @@
require "hbc/verify/checksum" require "hbc/verify/checksum"
require "hbc/verify/gpg"
module Hbc module Hbc
module Verify module Verify
@ -7,8 +6,7 @@ module Hbc
def verifications def verifications
[ [
Hbc::Verify::Checksum Hbc::Verify::Checksum,
# TODO: Hbc::Verify::Gpg
] ]
end end

4
Library/Homebrew/cask/lib/hbc/verify/checksum.rb
View File

@ -18,7 +18,7 @@ module Hbc
def verify def verify
return unless self.class.me?(cask) return unless self.class.me?(cask)
ohai "Verifying checksum for Cask #{cask}" ohai "Verifying SHA-256 checksum for Cask '#{cask}'."
verify_checksum verify_checksum
end end
@ -36,7 +36,7 @@ module Hbc
raise CaskSha256MissingError.new(cask.token, expected, computed) if expected.nil? || expected.empty? raise CaskSha256MissingError.new(cask.token, expected, computed) if expected.nil? || expected.empty?
if expected == computed if expected == computed
odebug "SHA256 checksums match" odebug "SHA-256 checksums match."
else else
ohai 'Note: running "brew update" may fix sha256 checksum errors' ohai 'Note: running "brew update" may fix sha256 checksum errors'
raise CaskSha256MismatchError.new(cask.token, expected, computed, downloaded_path) raise CaskSha256MismatchError.new(cask.token, expected, computed, downloaded_path)

64
Library/Homebrew/cask/lib/hbc/verify/gpg.rb
View File

@ -1,64 +0,0 @@
module Hbc
module Verify
class Gpg
def self.me?(cask)
cask.gpg
end
attr_reader :cask, :downloaded_path
def initialize(cask, downloaded_path, command = SystemCommand)
@command = command
@cask = cask
@downloaded_path = downloaded_path
end
def available?
return @available unless @available.nil?
@available = self.class.me?(cask) && installed?
end
def installed?
cmd = @command.run("/usr/bin/type",
args: ["-p", "gpg"])
# if `gpg` is found, return its absolute path
cmd.success? ? cmd.stdout : false
end
def fetch_sig(force = false)
unversioned_cask = cask.version.is_a?(Symbol)
cached = cask.metadata_subdir("gpg") unless unversioned_cask
meta_dir = cached || cask.metadata_subdir("gpg", :now, true)
sig_path = meta_dir.join("signature.asc")
curl_download cask.gpg.signature, to: sig_path unless cached || force
sig_path
end
def import_key
args = if cask.gpg.key_id
["--recv-keys", cask.gpg.key_id]
elsif cask.gpg.key_url
["--fetch-key", cask.gpg.key_url.to_s]
end
@command.run!("gpg", args: args)
end
def verify
return unless available? && cask.gpg.signature != :embedded
import_key
sig = fetch_sig
ohai "Verifying GPG signature for #{cask}"
@command.run!("gpg",
args: ["--verify", sig, downloaded_path],
print_stdout: true)
end
end
end
end

6
Library/Homebrew/compat/hbc/dsl.rb
View File

@ -1,8 +1,12 @@
module Hbc module Hbc
class DSL class DSL
module Compat module Compat
def gpg(*)
odeprecated "the `gpg` stanza", disable_on: Time.new(2018, 12, 31)
end
def license(*) def license(*)
odisabled "Hbc::DSL#license" odisabled "the `license` stanza"
end end
end end

2
Library/Homebrew/test/cask/cli/install_spec.rb
View File

@ -8,7 +8,7 @@ describe Hbc::CLI::Install, :cask do
it "displays the installation progress" do it "displays the installation progress" do
output = Regexp.new <<~EOS output = Regexp.new <<~EOS
==> Downloading file:.*caffeine.zip ==> Downloading file:.*caffeine.zip
==> Verifying checksum for Cask local-caffeine ==> Verifying SHA-256 checksum for Cask 'local-caffeine'.
==> Installing Cask local-caffeine ==> Installing Cask local-caffeine
==> Moving App 'Caffeine.app' to '.*Caffeine.app'. ==> Moving App 'Caffeine.app' to '.*Caffeine.app'.
.*local-caffeine was successfully installed! .*local-caffeine was successfully installed!

14
Library/Homebrew/test/cask/cli/internal_stanza_spec.rb
View File

@ -1,40 +1,40 @@
describe Hbc::CLI::InternalStanza, :cask do describe Hbc::CLI::InternalStanza, :cask do
it "shows stanza of the Specified Cask" do it "shows stanza of the Specified Cask" do
command = described_class.new("gpg", "with-gpg") command = described_class.new("homepage", "local-caffeine")
expect { expect {
command.run command.run
}.to output("https://example.com/gpg-signature.asc\n").to_stdout }.to output("https://example.com/local-caffeine\n").to_stdout
end end
it "raises an exception when stanza is unknown/unsupported" do it "raises an exception when stanza is unknown/unsupported" do
expect { expect {
described_class.new("this_stanza_does_not_exist", "with-gpg") described_class.new("this_stanza_does_not_exist", "local-caffeine")
}.to raise_error(%r{Unknown/unsupported stanza}) }.to raise_error(%r{Unknown/unsupported stanza})
end end
it "raises an exception when normal stanza is not present on cask" do it "raises an exception when normal stanza is not present on cask" do
command = described_class.new("caveats", "with-gpg") command = described_class.new("caveats", "local-caffeine")
expect { expect {
command.run command.run
}.to raise_error(/no such stanza/) }.to raise_error(/no such stanza/)
end end
it "raises an exception when artifact stanza is not present on cask" do it "raises an exception when artifact stanza is not present on cask" do
command = described_class.new("zap", "with-gpg") command = described_class.new("zap", "local-caffeine")
expect { expect {
command.run command.run
}.to raise_error(/no such stanza/) }.to raise_error(/no such stanza/)
end end
it "raises an exception when 'depends_on' stanza is not present on cask" do it "raises an exception when 'depends_on' stanza is not present on cask" do
command = described_class.new("depends_on", "with-gpg") command = described_class.new("depends_on", "local-caffeine")
expect { expect {
command.run command.run
}.to raise_error(/no such stanza/) }.to raise_error(/no such stanza/)
end end
it "shows all artifact stanzas when using 'artifacts' keyword" do it "shows all artifact stanzas when using 'artifacts' keyword" do
command = described_class.new("artifacts", "with-gpg") command = described_class.new("artifacts", "local-caffeine")
expect { expect {
command.run command.run
}.to output(/Caffeine\.app/).to_stdout }.to output(/Caffeine\.app/).to_stdout

4
Library/Homebrew/test/cask/cli/reinstall_spec.rb
View File

@ -10,8 +10,8 @@ describe Hbc::CLI::Reinstall, :cask do
output = Regexp.new <<~EOS output = Regexp.new <<~EOS
==> Downloading file:.*caffeine.zip ==> Downloading file:.*caffeine.zip
Already downloaded: .*caffeine.zip Already downloaded: .*--caffeine.zip
==> Verifying checksum for Cask local-caffeine ==> Verifying SHA-256 checksum for Cask 'local-caffeine'.
==> Uninstalling Cask local-caffeine ==> Uninstalling Cask local-caffeine
==> Backing App 'Caffeine.app' up to '.*Caffeine.app'. ==> Backing App 'Caffeine.app' up to '.*Caffeine.app'.
==> Removing App '.*Caffeine.app'. ==> Removing App '.*Caffeine.app'.

74
Library/Homebrew/test/cask/dsl_spec.rb
View File

@ -290,80 +290,6 @@ describe Hbc::DSL, :cask do
end end
end end
describe "GPG stanza" do
context "valid" do
let(:token) { "with-gpg" }
it "is allowed to be specified" do
expect(cask.gpg.to_s).to match(/\S/)
end
end
context "with :key_url" do
let(:token) { "with-gpg-key-url" }
it "is allowed to be specified" do
expect(cask.gpg.to_s).to match(/\S/)
end
end
context "specifying mmultiple times" do
let(:token) { "invalid/invalid-gpg-multiple-stanzas" }
it "is not allowed" do
expect { cask }.to raise_error(Hbc::CaskInvalidError, /'gpg' stanza may only appear once/)
end
end
context "missing GPG key parameters" do
let(:token) { "invalid/invalid-gpg-missing-key" }
it "refuses to load" do
expect { cask }.to raise_error(Hbc::CaskInvalidError, /'gpg' stanza must include exactly one/)
end
end
context "conflicting GPG key parameters" do
let(:token) { "invalid/invalid-gpg-conflicting-keys" }
it "refuses to load" do
expect { cask }.to raise_error(Hbc::CaskInvalidError, /'gpg' stanza must include exactly one/)
end
end
context "invalid GPG signature URLs" do
let(:token) { "invalid/invalid-gpg-signature-url" }
it "refuses to load" do
expect { cask }.to raise_error(Hbc::CaskInvalidError)
end
end
context "invalid GPG key URLs" do
let(:token) { "invalid/invalid-gpg-key-url" }
it "refuses to load" do
expect { cask }.to raise_error(Hbc::CaskInvalidError)
end
end
context "invalid GPG key IDs" do
let(:token) { "invalid/invalid-gpg-key-id" }
it "refuses to load" do
expect { cask }.to raise_error(Hbc::CaskInvalidError)
end
end
context "GPG parameter is unknown" do
let(:token) { "invalid/invalid-gpg-parameter" }
it "refuses to load" do
expect { cask }.to raise_error(Hbc::CaskInvalidError)
end
end
end
describe "depends_on stanza" do describe "depends_on stanza" do
let(:token) { "invalid/invalid-depends-on-key" } let(:token) { "invalid/invalid-depends-on-key" }

2
Library/Homebrew/test/cask/installer_spec.rb
View File

@ -114,7 +114,7 @@ describe Hbc::Installer, :cask do
<<~EOS <<~EOS
==> Satisfying dependencies ==> Satisfying dependencies
==> Downloading file:#{HOMEBREW_LIBRARY_PATH}/test/support/fixtures/cask/caffeine.zip ==> Downloading file:#{HOMEBREW_LIBRARY_PATH}/test/support/fixtures/cask/caffeine.zip
==> Verifying checksum for Cask with-installer-manual ==> Verifying SHA-256 checksum for Cask 'with-installer-manual'.
==> Installing Cask with-installer-manual ==> Installing Cask with-installer-manual
To complete the installation of Cask with-installer-manual, you must also To complete the installation of Cask with-installer-manual, you must also
run the installer at run the installer at

12
Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-gpg-conflicting-keys.rb
View File

@ -1,12 +0,0 @@
cask 'invalid-gpg-conflicting-keys' do
version '1.2.3'
sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94'
url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip"
homepage 'https://example.com/invalid-gpg-conflicting-keys'
gpg 'https://example.com/gpg-signature.asc',
key_id: '01234567',
key_url: 'https://example.com/gpg-key-url'
app 'Caffeine.app'
end

11
Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-gpg-key-id.rb
View File

@ -1,11 +0,0 @@
cask 'invalid-gpg-key-id' do
version '1.2.3'
sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94'
url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip"
homepage 'https://example.com/invalid-gpg-key-id'
gpg 'https://example.com/gpg-signature.asc',
key_id: '012'
app 'Caffeine.app'
end

11
Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-gpg-key-url.rb
View File

@ -1,11 +0,0 @@
cask 'invalid-gpg-key-url' do
version '1.2.3'
sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94'
url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip"
homepage 'https://example.com/invalid-gpg-key-url'
gpg 'https://example.com/gpg-signature.asc',
key_url: 1
app 'Caffeine.app'
end

10
Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-gpg-missing-key.rb
View File

@ -1,10 +0,0 @@
cask 'invalid-gpg-missing-key' do
version '1.2.3'
sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94'
url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip"
homepage 'https://example.com/invalid-gpg-missing-keys'
gpg 'https://example.com/gpg-signature.asc'
app 'Caffeine.app'
end

13
Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-gpg-multiple-stanzas.rb
View File

@ -1,13 +0,0 @@
cask 'invalid-gpg-multiple-stanzas' do
version '1.2.3'
sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94'
url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip"
homepage 'https://example.com/invalid-gpg-multiple-stanzas'
gpg 'https://example.com/gpg-signature.asc',
key_id: '01234567'
gpg 'https://example.com/gpg-signature.asc',
key_id: '01234567'
app 'Caffeine.app'
end

11
Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-gpg-parameter.rb
View File

@ -1,11 +0,0 @@
cask 'invalid-gpg-parameter' do
version '1.2.3'
sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94'
url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip"
homepage 'https://example.com/invalid-gpg-type'
gpg 'https://example.com/gpg-signature.asc',
no_such_parameter: :value
app 'Caffeine.app'
end

11
Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-gpg-signature-url.rb
View File

@ -1,11 +0,0 @@
cask 'invalid-gpg-signature-url' do
version '1.2.3'
sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94'
url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip"
homepage 'https://example.com/invalid-gpg-signature-url'
gpg 1,
key_id: '01234567'
app 'Caffeine.app'
end

11
Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-gpg-type.rb
View File

@ -1,11 +0,0 @@
cask 'invalid-gpg-type' do
version '1.2.3'
sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94'
url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip"
homepage 'https://example.com/invalid-gpg-type'
gpg 'https://example.com/gpg-signature.asc',
no_such_parameter: :value
app 'Caffeine.app'
end

11
Library/Homebrew/test/support/fixtures/cask/Casks/with-gpg-key-url.rb
View File

@ -1,11 +0,0 @@
cask 'with-gpg-key-url' do
version '1.2.3'
sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94'
url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip"
homepage 'https://example.com/with-gpg-key-url'
gpg 'https://example.com/gpg-signature.asc',
key_url: 'https://example.com/gpg-key-url'
app 'Caffeine.app'
end

11
Library/Homebrew/test/support/fixtures/cask/Casks/with-gpg.rb
View File

@ -1,11 +0,0 @@
cask 'with-gpg' do
version '1.2.3'
sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94'
url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip"
homepage 'https://example.com/with-gpg'
gpg 'https://example.com/gpg-signature.asc',
key_id: '01234567'
app 'Caffeine.app'
end