From 093e6e11da713d748dcb47d1f7e6198ca82762b3 Mon Sep 17 00:00:00 2001 From: EricFromCanada Date: Thu, 21 Oct 2021 20:51:00 -0400 Subject: [PATCH 1/4] svn: add flags if needed for :trust_cert or remote_exists? --- Library/Homebrew/download_strategy.rb | 5 +---- Library/Homebrew/utils/svn.rb | 17 +++++++++++++++-- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/Library/Homebrew/download_strategy.rb b/Library/Homebrew/download_strategy.rb index 7c08865607..0182eaf713 100644 --- a/Library/Homebrew/download_strategy.rb +++ b/Library/Homebrew/download_strategy.rb @@ -763,10 +763,7 @@ class SubversionDownloadStrategy < VCSDownloadStrategy args << "--ignore-externals" if ignore_externals - if meta[:trust_cert] == true - args << "--trust-server-cert" - args << "--non-interactive" - end + args.concat Utils::Svn.invalid_cert_flags if meta[:trust_cert] == true if target.directory? command! "svn", args: ["update", *args], chdir: target.to_s, timeout: timeout&.remaining diff --git a/Library/Homebrew/utils/svn.rb b/Library/Homebrew/utils/svn.rb index 4c57e04832..5c4269ddd6 100644 --- a/Library/Homebrew/utils/svn.rb +++ b/Library/Homebrew/utils/svn.rb @@ -30,9 +30,22 @@ module Utils def remote_exists?(url) return true unless available? + args = ["ls", url, "--depth", "empty"] + _, stderr, status = system_command("svn", args: args, print_stderr: false) + return status.success? unless stderr.include?("certificate verification failed") + # OK to unconditionally trust here because we're just checking if a URL exists. - system_command("svn", args: ["ls", url, "--depth", "empty", - "--non-interactive", "--trust-server-cert"], print_stderr: false).success? + system_command("svn", args: args.concat(invalid_cert_flags), print_stderr: false).success? + end + + sig { returns(Array) } + def invalid_cert_flags + opoo "Ignoring Subversion certificate errors!" + args = ["--non-interactive", "--trust-server-cert"] + if Version.create(version || "-1") >= Version.create("1.9") + args << "--trust-server-cert-failures=expired,not-yet-valid" + end + args end def clear_version_cache From d0de6ac24960140f16d969cc0abce164393e9009 Mon Sep 17 00:00:00 2001 From: EricFromCanada Date: Wed, 3 Nov 2021 18:25:14 -0400 Subject: [PATCH 2/4] svn: always install brewed version on macOS if required Stock SVN on macOS 10.14 and earlier now throws errors with some certificate providers. --- Library/Homebrew/extend/os/mac/dependency_collector.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Library/Homebrew/extend/os/mac/dependency_collector.rb b/Library/Homebrew/extend/os/mac/dependency_collector.rb index 5efcd96d81..9387bbe50f 100644 --- a/Library/Homebrew/extend/os/mac/dependency_collector.rb +++ b/Library/Homebrew/extend/os/mac/dependency_collector.rb @@ -8,7 +8,7 @@ class DependencyCollector def git_dep_if_needed(tags); end def subversion_dep_if_needed(tags) - Dependency.new("subversion", tags) if MacOS.version >= :catalina + Dependency.new("subversion", tags) end def cvs_dep_if_needed(tags) From 508b48d19e1627db45d33b82e1a2159a010594a5 Mon Sep 17 00:00:00 2001 From: EricFromCanada Date: Wed, 3 Nov 2021 18:26:11 -0400 Subject: [PATCH 3/4] formula_installer: preinstall any pre-fetch dependencies --- Library/Homebrew/dependency_collector.rb | 4 ++-- Library/Homebrew/formula_installer.rb | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/Library/Homebrew/dependency_collector.rb b/Library/Homebrew/dependency_collector.rb index ae039e887a..aee6fb15ab 100644 --- a/Library/Homebrew/dependency_collector.rb +++ b/Library/Homebrew/dependency_collector.rb @@ -45,7 +45,7 @@ class DependencyCollector end def cache_key(spec) - if spec.is_a?(Resource) && spec.download_strategy == CurlDownloadStrategy + if spec.is_a?(Resource) && spec.download_strategy <= CurlDownloadStrategy File.extname(spec.url) else spec @@ -148,7 +148,7 @@ class DependencyCollector strategy = spec.download_strategy if strategy <= HomebrewCurlDownloadStrategy - brewed_curl_dep_if_needed(tags) + @deps << brewed_curl_dep_if_needed(tags) parse_url_spec(spec.url, tags) elsif strategy <= CurlDownloadStrategy parse_url_spec(spec.url, tags) diff --git a/Library/Homebrew/formula_installer.rb b/Library/Homebrew/formula_installer.rb index ffdeed7af5..451f779b37 100644 --- a/Library/Homebrew/formula_installer.rb +++ b/Library/Homebrew/formula_installer.rb @@ -215,6 +215,7 @@ class FormulaInstaller forbidden_license_check check_install_sanity + install_fetch_deps unless ignore_deps? end sig { void } @@ -343,6 +344,19 @@ class FormulaInstaller "#{formula.full_name} requires the latest version of pinned dependencies" end + sig { void } + def install_fetch_deps + return if @compute_dependencies.blank? + + compute_dependencies(use_cache: false) if @compute_dependencies.any? do |dep, options| + next false unless dep.tags == [:build, :test] + + fetch_dependencies + install_dependency(dep, options) + true + end + end + def build_bottle_preinstall @etc_var_dirs ||= [HOMEBREW_PREFIX/"etc", HOMEBREW_PREFIX/"var"] @etc_var_preinstall = Find.find(*@etc_var_dirs.select(&:directory?)).to_a From e5109681c88456743d547d8b3a57f680cc03f9b3 Mon Sep 17 00:00:00 2001 From: EricFromCanada Date: Tue, 9 Nov 2021 14:00:44 -0500 Subject: [PATCH 4/4] tests.yml: no more need for preinstalled subversion --- .github/workflows/tests.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 6fef007db2..7739aaf3d5 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -305,10 +305,6 @@ jobs: - name: Install brew tests dependencies run: | - brew install subversion - brew sh -c "svn --homebrew=print-path" - which svn - which svnadmin brew install curl which curl