Installation of formulae from URLs has many attack vectors and is
fundamentally insecure, unsupported, regularly recommended against and
generally a terrible idea. There's plenty of ways to take that URL,
manually verify it and put it somewhere that Homebrew does support so
let's deprecate this way of doing things.
This is useful for applications that are not signed by the developer and
require Accessibility access.
Because the app is not signed, macOS only authorizes the current binary,
and so when it is updated (and the binary changes) the new version is
unsigned, despite the app still showing as ticked in System Preferences.
The user has to manually untick and retick the app each time.
The ideal fix is for the developer to sign their app, but not all
developers are willing to pay for this, so the best we can do is to
advise users of the workaround/solution.
Refs: https://github.com/Homebrew/homebrew-cask/pull/83157
```
➜ brew audit --online --new-formula --verbose turbogit
turbogit:
* GitHub repository not notable enough (<30 forks, <30 watchers and <75 stars)
* GitHub repository too new (<30 days old)
Error: undefined local variable or method `created_pr_comment' for Homebrew:Module
/usr/local/Homebrew/Library/Homebrew/dev-cmd/audit.rb:148:in `audit'
/usr/local/Homebrew/Library/Homebrew/brew.rb:110:in `<main>'
```
- This was removed in 4f75a77b089e65ff9e03c65d192808aa4ea6842f. We can't
post PR comments from GitHub Actions CI from forks.
- [For a formula named
turbogit](https://github.com/Homebrew/homebrew-core/pull/55208), we
didn't see any of the notability checks fail CI.
- The repo name was getting truncated to `turb`, which didn't exist, so
the audit didn't return anything for this check.
- The Regexp to strip `.git` from the end of was not escaping the `.`,
so it would match anything ending in `git`, not a literal `.git`.
This ensures that dependencies are verified and tapped before they are
fetched. `FormulaInstaller#lock` has been moved into
`FormulaInstaller#install` to avoid locking until necessary.
While we're here, don't compute dependencies before fetching if we're
not going to use them.
Regression introduced in f90612ccf0db03681dc6cbf6585cca5bc27b84b1 (#6718).
`tap_full_name` returned from `use_correct_linux_tap` has been
required (`GitHub.create_fork(tap_full_name)`), but it was never set when the
formula is guessed from args.url, resulting in an API request to
https://api.github.com/repos//forks which 404s (note the missing :owner/:repo),
and subsequently
Error: Unable to fork: Not Found!
1. Repurpose 'vendor_ruby_current_version' variable:
now this is not a pointer to a file but actual version number
2. Introduce 'vendor_ruby_latest_version' variable:
it holds the value of the latest version of portable Ruby
Exit from the 'setup-ruby' function when user issued
`vendor-install` command.
We do so instead of wrapping everything in
```sh
if [[ "$HOMEBREW_COMMAND" != "vendor-install" ]]
```
`git diff` when whitespaces are ignored:
$ git diff -w
diff --git a/Library/Homebrew/utils/ruby.sh b/Library/Homebrew/utils/ruby.sh
index 7974e909c..4be204309 100644
--- a/Library/Homebrew/utils/ruby.sh
+++ b/Library/Homebrew/utils/ruby.sh
@@ -27,8 +27,11 @@ If there's no Homebrew Portable Ruby available for your processor:
unset HOMEBREW_RUBY_PATH
- if [[ "$HOMEBREW_COMMAND" != "vendor-install" ]]
+ if [[ "$HOMEBREW_COMMAND" == "vendor-install" ]]
then
+ return 0
+ fi
+
if [[ -x "$vendor_ruby_path" ]]
then
HOMEBREW_RUBY_PATH="$vendor_ruby_path"
@@ -85,7 +88,6 @@ If there's no Homebrew Portable Ruby available for your processor:
HOMEBREW_RUBY_PATH="$vendor_ruby_path"
fi
fi
- fi
export HOMEBREW_RUBY_PATH
}
