Module: Cask::Quarantine Private
- Extended by:
- SystemCommand::Mixin, Utils::Output::Mixin
- Defined in:
- cask/quarantine.rb
Overview
This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.
Helper module for quarantining files.
Defined Under Namespace
Classes: SigningIdentity
Constant Summary collapse
- QUARANTINE_ATTRIBUTE =
This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.
"com.apple.quarantine"- USER_APPROVED_FLAG =
This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.
0x0040- QUARANTINE_SCRIPT =
This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.
T.let((HOMEBREW_LIBRARY_PATH/"cask/utils/quarantine.swift").freeze, Pathname)
- COPY_XATTRS_SCRIPT =
This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.
T.let((HOMEBREW_LIBRARY_PATH/"cask/utils/copy-xattrs.swift").freeze, Pathname)
Class Method Summary collapse
-
.app_management_permissions_granted?(app:, command:) ⇒ Boolean
private
Ensures that Homebrew has permission to update apps on macOS Ventura.
- .available? ⇒ Boolean private
- .cask!(cask: nil, download_path: nil, action: true) ⇒ void private
- .check_quarantine_support ⇒ Array<(Symbol, [String, nil])> private
- .copy_xattrs(from, to, command:) ⇒ void private
- .detect(file) ⇒ Boolean? private
- .inherit_user_approval!(download_path: nil) ⇒ void private
- .propagate(from: nil, to: nil) ⇒ void private
-
.release!(download_path: nil) ⇒ void
private
Fully remove quarantine only when explicitly requested; upgrades preserve it and inherit approval above.
- .signing_identity(_file) ⇒ SigningIdentity? private
- .signing_identity_match(_file, _identity) ⇒ Boolean? private
- .status(file) ⇒ String private
- .toggle_no_translocation_bit(attribute) ⇒ String private
- .user_approved?(file) ⇒ Boolean private
- .xattr_available? ⇒ Boolean private
Methods included from SystemCommand::Mixin
system_command, system_command!
Methods included from Utils::Output::Mixin
issue_reporting_message, odebug, odeprecated, odie, odisabled, ofail, oh1, oh1_title, ohai, ohai_title, onoe, opoo, opoo_outside_github_actions, opoo_without_github_actions_annotation, pretty_deprecated, pretty_disabled, pretty_duration, pretty_install_status, pretty_installed, pretty_uninstalled, pretty_unmarked, pretty_upgradable, pretty_warning
Class Method Details
.app_management_permissions_granted?(app:, command:) ⇒ Boolean
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
Ensures that Homebrew has permission to update apps on macOS Ventura. This may be granted either through the App Management toggle or the Full Disk Access toggle. The system will only show a prompt for App Management, so we ask the user to grant that.
321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 |
# File 'cask/quarantine.rb', line 321 def self.(app:, command:) return true unless app.directory? # To get macOS to prompt the user for permissions, we need to actually attempt to # modify a file in the app. test_file = app/".homebrew-write-test" # We can't use app.writable? here because that conflates several access checks, # including both file ownership and whether system permissions are granted. # Here we just want to check whether sudo would be needed. looks_writable_without_sudo = if app.owned? app.lstat.mode.anybits?(0200) elsif app.grpowned? app.lstat.mode.anybits?(0020) else app.lstat.mode.anybits?(0002) end if looks_writable_without_sudo begin File.write(test_file, "") test_file.delete return true rescue Errno::EACCES, Errno::EPERM # Using error handler below end else begin command.run!( "touch", args: [ test_file, ], print_stderr: false, sudo: true, ) command.run!( "rm", args: [ test_file, ], print_stderr: false, sudo: true, ) return true rescue ErrorDuringExecution => e # We only want to handle "touch" errors here; propagate "sudo" errors up raise e unless e.stderr.include?("touch: #{test_file}: Operation not permitted") end end # Allow undocumented way to skip the prompt. if ENV["HOMEBREW_NO_APP_MANAGEMENT_PERMISSIONS_PROMPT"] opoo <<~EOF Your terminal does not have App Management permissions, so Homebrew will delete and reinstall the app. This may result in some configurations (like notification settings or location in the Dock/Launchpad) being lost. To fix this, go to System Settings → Privacy & Security → App Management and add or enable your terminal. EOF end false end |
.available? ⇒ Boolean
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
113 114 115 116 117 |
# File 'cask/quarantine.rb', line 113 def self.available? @quarantine_support ||= T.let(check_quarantine_support, T.nilable([Symbol, T.nilable(String)])) @quarantine_support[0] == :quarantine_available end |
.cask!(cask: nil, download_path: nil, action: true) ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
This method returns an undefined value.
226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 |
# File 'cask/quarantine.rb', line 226 def self.cask!(cask: nil, download_path: nil, action: true) return if cask.nil? || download_path.nil? return if detect(download_path) odebug "Quarantining #{download_path}" swift = self.swift raise "unexpected nil swift" if swift.nil? quarantiner = system_command(swift, args: [ *swift_target_args, QUARANTINE_SCRIPT, download_path, cask.url.to_s, cask.homepage.to_s, ], print_stderr: false) return if quarantiner.success? case quarantiner.exit_status when 2 raise CaskQuarantineError.new(download_path, "Insufficient parameters") else raise CaskQuarantineError.new(download_path, quarantiner.stderr) end end |
.check_quarantine_support ⇒ Array<(Symbol, [String, nil])>
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
# File 'cask/quarantine.rb', line 66 def self.check_quarantine_support odebug "Checking quarantine support" check_output = nil swift = self.swift status = if !xattr_available? odebug "There's no working version of `xattr` on this system." :xattr_broken elsif swift.nil? odebug "Swift is not available on this system." :no_swift else api_check = system_command(swift, args: [*swift_target_args, QUARANTINE_SCRIPT], print_stderr: false) exit_status = api_check.exit_status check_output = api_check.merged_output.to_s.strip error_output = api_check.stderr.to_s.strip case exit_status when 2 odebug "Quarantine is available." :quarantine_available when 1 # Swift script ran but failed (likely due to CLT issues) odebug "Swift quarantine script failed: #{error_output}" if error_output.include?("does not exist") || error_output.include?("No such file") :swift_broken_clt elsif error_output.include?("compiler") || error_output.include?("SDK") :swift_compilation_failed else :swift_runtime_error end when 127 # Command not found or execution failed odebug "Swift execution failed with exit status 127" :swift_not_executable else odebug "Swift returned unexpected exit status: #{exit_status}" :swift_unexpected_error end end [status, check_output] end |
.copy_xattrs(from, to, command:) ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
This method returns an undefined value.
299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 |
# File 'cask/quarantine.rb', line 299 def self.copy_xattrs(from, to, command:) odebug "Copying xattrs from #{from} to #{to}" swift = self.swift raise "unexpected nil swift" if swift.nil? command.run!( swift, args: [ *swift_target_args, COPY_XATTRS_SCRIPT, from, to, ], sudo: !to.writable?, ) end |
.detect(file) ⇒ Boolean?
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
120 121 122 123 124 125 126 127 128 129 130 |
# File 'cask/quarantine.rb', line 120 def self.detect(file) return if file.nil? odebug "Verifying Gatekeeper status of #{file}" quarantine_status = !status(file).empty? odebug "#{file} is #{quarantine_status ? "quarantined" : "not quarantined"}" quarantine_status end |
.inherit_user_approval!(download_path: nil) ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
This method returns an undefined value.
153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 |
# File 'cask/quarantine.rb', line 153 def self.inherit_user_approval!(download_path: nil) return if !download_path || !detect(download_path) # Preserve quarantine provenance so Gatekeeper still checks the upgraded app while carrying forward # the user's approval only after the upgrade path verifies that its signing identity is unchanged. # https://developer.apple.com/forums/thread/706442 odebug "Inheriting user approval for #{download_path}" xattr = self.xattr raise "unexpected nil xattr" if xattr.nil? quarantiner = system_command(xattr, args: [ "-w", QUARANTINE_ATTRIBUTE, status(download_path).sub(/\A[0-9a-f]+/i) do |flags| (flags.to_i(16) | USER_APPROVED_FLAG).to_s(16).rjust(flags.length, "0") end, download_path, ], print_stderr: false) return if quarantiner.success? raise CaskQuarantineReleaseError.new(download_path, quarantiner.stderr) end |
.propagate(from: nil, to: nil) ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
This method returns an undefined value.
257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 |
# File 'cask/quarantine.rb', line 257 def self.propagate(from: nil, to: nil) return if from.nil? || to.nil? raise CaskError, "#{from} was not quarantined properly." unless detect(from) odebug "Propagating quarantine from #{from} to #{to}" quarantine_status = toggle_no_translocation_bit(status(from)) resolved_paths = Pathname.glob(to/"**/*", File::FNM_DOTMATCH).reject(&:symlink?) system_command!("/usr/bin/xargs", args: [ "-0", "--", "chmod", "-h", "u+w", ], input: resolved_paths.join("\0")) xattr = self.xattr raise "unexpected nil xattr" if xattr.nil? quarantiner = system_command("/usr/bin/xargs", args: [ "-0", "--", xattr, "-w", QUARANTINE_ATTRIBUTE, quarantine_status, ], input: resolved_paths.join("\0"), print_stderr: false) return if quarantiner.success? raise CaskQuarantinePropagationError.new(to, quarantiner.stderr) end |
.release!(download_path: nil) ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
This method returns an undefined value.
Fully remove quarantine only when explicitly requested; upgrades preserve it and inherit approval above.
204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 |
# File 'cask/quarantine.rb', line 204 def self.release!(download_path: nil) return if !download_path || !detect(download_path) odebug "Releasing #{download_path} from quarantine" xattr = self.xattr raise "unexpected nil xattr" if xattr.nil? quarantiner = system_command(xattr, args: [ "-d", QUARANTINE_ATTRIBUTE, download_path, ], print_stderr: false) return if quarantiner.success? raise CaskQuarantineReleaseError.new(download_path, quarantiner.stderr) end |
.signing_identity(_file) ⇒ SigningIdentity?
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
181 |
# File 'cask/quarantine.rb', line 181 def self.signing_identity(_file); end |
.signing_identity_match(_file, _identity) ⇒ Boolean?
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
187 |
# File 'cask/quarantine.rb', line 187 def self.signing_identity_match(_file, _identity); end |
.status(file) ⇒ String
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
133 134 135 136 137 138 139 140 |
# File 'cask/quarantine.rb', line 133 def self.status(file) xattr = self.xattr raise "unexpected nil xattr" if xattr.nil? system_command(xattr, args: ["-p", QUARANTINE_ATTRIBUTE, file], print_stderr: false).stdout.rstrip end |
.toggle_no_translocation_bit(attribute) ⇒ String
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
190 191 192 193 194 195 196 197 198 199 200 |
# File 'cask/quarantine.rb', line 190 def self.toggle_no_translocation_bit(attribute) fields = attribute.split(";") # Fields: status, epoch, download agent, event ID # Let's toggle the app translocation bit, bit 8 # http://www.openradar.me/radar?id=5022734169931776 fields[0] = (fields.fetch(0).to_i(16) | 0x0100).to_s(16).rjust(4, "0") fields.join(";") end |
.user_approved?(file) ⇒ Boolean
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
143 144 145 146 147 148 149 150 |
# File 'cask/quarantine.rb', line 143 def self.user_approved?(file) return false if xattr.nil? quarantine_status = status(file) return false if quarantine_status.empty? quarantine_status.split(";").fetch(0).to_i(16).anybits?(USER_APPROVED_FLAG) end |
.xattr_available? ⇒ Boolean
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
52 53 54 55 56 57 |
# File 'cask/quarantine.rb', line 52 def self.xattr_available? xattr = self.xattr return false if xattr.nil? system_command(xattr, args: ["-h"], print_stderr: false).success? end |