admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Merge pull request #20414 from Homebrew/copilot/fix-18371

Browse Source 
Don't allow installing formulae from paths without HOMEBREW_DEVELOPER
This commit is contained in:
Mike McQuaid 2025-08-12 16:54:06 +00:00 committed by GitHub
commit d5b0809166
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 44 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Library/Homebrew/env_config.rb
View File

@ -238,9 +238,10 @@ module Homebrew
boolean: true, boolean: true,
}, },
HOMEBREW_FORBID_PACKAGES_FROM_PATHS: { HOMEBREW_FORBID_PACKAGES_FROM_PATHS: {
description: "If set, Homebrew will refuse to read formulae or casks provided from file paths, " \ description: "If set, Homebrew will refuse to read formulae or casks provided from file paths, " \
"e.g. `brew install ./package.rb`.", "e.g. `brew install ./package.rb`.",
boolean: true, boolean: true,
default_text: "true unless `$HOMEBREW_DEVELOPER` is set.",
}, },
HOMEBREW_FORCE_API_AUTO_UPDATE: { HOMEBREW_FORCE_API_AUTO_UPDATE: {
description: "If set, update the Homebrew API formula or cask data even if " \ description: "If set, update the Homebrew API formula or cask data even if " \
@ -552,6 +553,7 @@ module Homebrew
CUSTOM_IMPLEMENTATIONS = T.let(Set.new([ CUSTOM_IMPLEMENTATIONS = T.let(Set.new([
:HOMEBREW_MAKE_JOBS, :HOMEBREW_MAKE_JOBS,
:HOMEBREW_CASK_OPTS, :HOMEBREW_CASK_OPTS,
:HOMEBREW_FORBID_PACKAGES_FROM_PATHS,
]).freeze, T::Set[Symbol]) ]).freeze, T::Set[Symbol])
ENVS.each do |env, hash| ENVS.each do |env, hash|
@ -628,6 +630,15 @@ module Homebrew
cask_opts.include?("--require-sha") cask_opts.include?("--require-sha")
end end
sig { returns(T::Boolean) }
def forbid_packages_from_paths?
return true if ENV["HOMEBREW_FORBID_PACKAGES_FROM_PATHS"].present?
# Provide an opt-out for tests and developers.
# Our testing framework installs formulae from file paths all over the place.
ENV["HOMEBREW_TESTS"].blank? && ENV["HOMEBREW_DEVELOPER"].blank?
end
sig { returns(T::Boolean) } sig { returns(T::Boolean) }
def automatically_set_no_install_from_api? def automatically_set_no_install_from_api?
ENV["HOMEBREW_AUTOMATICALLY_SET_NO_INSTALL_FROM_API"].present? ENV["HOMEBREW_AUTOMATICALLY_SET_NO_INSTALL_FROM_API"].present?

30
Library/Homebrew/test/env_config_spec.rb
View File

@ -69,4 +69,34 @@ RSpec.describe Homebrew::EnvConfig do
expect(env_config.make_jobs).to eql("16") expect(env_config.make_jobs).to eql("16")
end end
end end
describe ".forbid_packages_from_paths?" do
before do
ENV["HOMEBREW_FORBID_PACKAGES_FROM_PATHS"] = nil
ENV["HOMEBREW_DEVELOPER"] = nil
ENV["HOMEBREW_TESTS"] = nil
end
it "returns true if HOMEBREW_FORBID_PACKAGES_FROM_PATHS is set" do
ENV["HOMEBREW_FORBID_PACKAGES_FROM_PATHS"] = "1"
expect(env_config.forbid_packages_from_paths?).to be(true)
end
it "returns true if HOMEBREW_DEVELOPER is not set" do
ENV["HOMEBREW_DEVELOPER"] = nil
expect(env_config.forbid_packages_from_paths?).to be(true)
end
it "returns false if HOMEBREW_DEVELOPER is set and HOMEBREW_FORBID_PACKAGES_FROM_PATHS is not set" do
ENV["HOMEBREW_DEVELOPER"] = "1"
ENV["HOMEBREW_FORBID_PACKAGES_FROM_PATHS"] = nil
expect(env_config.forbid_packages_from_paths?).to be(false)
end
it "returns true if both HOMEBREW_DEVELOPER and HOMEBREW_FORBID_PACKAGES_FROM_PATHS are set" do
ENV["HOMEBREW_DEVELOPER"] = "1"
ENV["HOMEBREW_FORBID_PACKAGES_FROM_PATHS"] = "1"
expect(env_config.forbid_packages_from_paths?).to be(true)
end
end
end end