From 83f2a69acbb77f6f3a5fffe831b45335f7730377 Mon Sep 17 00:00:00 2001
From: Carlo Cabrera <30379873+carlocab@users.noreply.github.com>
Date: Sat, 1 Jul 2023 23:07:28 +0800
Subject: [PATCH 1/2] rubocops/lines: disallow `quictls` dependencies in
 homebrew/core

QuicTLS is a fork of OpenSSL that adds support for QUIC. We'll probably
end up adding it to homebrew/core at some point (see
Homebrew/homebrew-core#134975), but I don't think we want to actually
use it as a dependency of any formulae in place of OpenSSL.

We ought to only allow it for software that actually require QuicTLS in
place of OpenSSL, but I'm not aware of any existing formulae that have
this requirement.
---
 Library/Homebrew/rubocops/lines.rb | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/Library/Homebrew/rubocops/lines.rb b/Library/Homebrew/rubocops/lines.rb
index 0fbe27452a..a945f81dc1 100644
--- a/Library/Homebrew/rubocops/lines.rb
+++ b/Library/Homebrew/rubocops/lines.rb
@@ -219,6 +219,27 @@ module RuboCop
         end
       end
 
+      # This cop makes sure that formulae depend on `openssl` instead of `quictls`.
+      #
+      # @api private
+      class QuicTLSCheck < FormulaCop
+        extend AutoCorrector
+
+        def audit_formula(_node, _class_node, _parent_class_node, body_node)
+          return if body_node.nil?
+
+          # Enforce use of OpenSSL for TLS dependency in core
+          return if formula_tap != "homebrew-core"
+
+          find_method_with_args(body_node, :depends_on, "quictls") do
+            problem "Formulae in homebrew/core should use 'depends_on \"openssl@3\"' " \
+                    "instead of '#{@offensive_node.source}'." do |corrector|
+              corrector.replace(@offensive_node.source_range, "depends_on \"openssl@3\"")
+            end
+          end
+        end
+      end
+
       # This cop makes sure that formulae do not depend on `pyoxidizer` at build-time
       # or run-time.
       #

From 451bea2713ef2edd749877fd7f4b73ed9d4cf219 Mon Sep 17 00:00:00 2001
From: Carlo Cabrera <30379873+carlocab@users.noreply.github.com>
Date: Fri, 14 Jul 2023 13:13:51 +0800
Subject: [PATCH 2/2] tests: add QuicTLSCheck test

---
 .../test/rubocops/lines/quictls_check_spec.rb | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 Library/Homebrew/test/rubocops/lines/quictls_check_spec.rb

diff --git a/Library/Homebrew/test/rubocops/lines/quictls_check_spec.rb b/Library/Homebrew/test/rubocops/lines/quictls_check_spec.rb
new file mode 100644
index 0000000000..c3f8571a86
--- /dev/null
+++ b/Library/Homebrew/test/rubocops/lines/quictls_check_spec.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require "rubocops/lines"
+
+describe RuboCop::Cop::FormulaAudit::QuicTLSCheck do
+  subject(:cop) { described_class.new }
+
+  context "when auditing formula dependencies" do
+    it "reports an offense when a formula depends on `quictls`" do
+      expect_offense(<<~RUBY, "/homebrew-core/Formula/foo.rb")
+        class Foo < Formula
+          desc "foo"
+          url 'https://brew.sh/foo-1.0.tgz'
+
+          depends_on "quictls"
+          ^^^^^^^^^^^^^^^^^^^^ FormulaAudit/QuicTLSCheck: Formulae in homebrew/core should use 'depends_on "openssl@3"' instead of 'depends_on "quictls"'.
+        end
+      RUBY
+    end
+  end
+end