Module: Homebrew::Trust Private

Extended by:
Utils::Output::Mixin
Defined in:
trust.rb

This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.

Class Method Summary collapse

Methods included from Utils::Output::Mixin

issue_reporting_message, odebug, odeprecated, odie, odisabled, ofail, oh1, oh1_title, ohai, ohai_title, onoe, opoo, opoo_outside_github_actions, opoo_without_github_actions_annotation, pretty_deprecated, pretty_disabled, pretty_duration, pretty_install_status, pretty_installed, pretty_uninstalled, pretty_upgradable

Class Method Details

.clear!(type) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:



142
143
144
145
146
147
148
 
# File 'trust.rb', line 142

def self.clear!(type)
  with_trust_store_lock do
    store = trust_store
    store.delete(setting_key(type))
    write_trust_store(store)
  end
end

.explicitly_trusted_tap?(tap) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Whether the tap appears in the trust list, ignoring any implicit official-tap trust. The entries may be user/repository names or remote URLs, so match via Tap#matches_reference?.

Parameters:

Returns:

  • (Boolean) 


204
205
206
 
# File 'trust.rb', line 204

def self.explicitly_trusted_tap?(tap)
  trusted_entries(:tap).any? { |reference| tap.matches_reference?(reference) }
end

.invalidate_tap_references!(name, remote: nil) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:

  • (Boolean) 


78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
# File 'trust.rb', line 78

def self.invalidate_tap_references!(name, remote: nil)
  name = normalise_name(name)
  references = [name]
  references << normalise_name(remote) if remote.present?
  if remote.present? && (remote_reference = Tap.remote_to_reference(remote))
    references << normalise_name(remote_reference)
  end
  references.uniq!

  with_trust_store_lock do
    store = trust_store
    changed = T.let(false, T::Boolean)
    store.keys.each do |key|
      entries = store.fetch(key)
      filtered_entries = entries.reject do |entry|
        references.include?(entry) || entry.start_with?("#{name}/")
      end
      next if filtered_entries == entries

      changed = true
      if filtered_entries.empty?
        store.delete(key)
      else
        store[key] = filtered_entries.sort
      end
    end
    write_trust_store(store) if changed
    changed
  end
end

.normalise_name(name) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:



303
304
305
 
# File 'trust.rb', line 303

def self.normalise_name(name)
  name.downcase
end

.replace!(entries) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:



151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
 
# File 'trust.rb', line 151

def self.replace!(entries)
  store = T.let({}, T::Hash[String, T::Array[String]])
  entries.each do |type, name|
    key = setting_key(type)
    store[key] ||= []
    store.fetch(key) << normalise_name(name)
  end
  store.keys.each do |key|
    store[key] = store.fetch(key).uniq.sort
  end

  with_trust_store_lock do
    write_trust_store(store)
  end
end

.require_trusted_cask!(token, path) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:



223
224
225
226
227
228
229
230
231
232
233
234
 
# File 'trust.rb', line 223

def self.require_trusted_cask!(token, path)
  return if Homebrew::EnvConfig.no_require_tap_trust?
  return unless (tap = tap_from_path(path))
  return if trusted_tap?(tap)

  full_name = "#{tap.name}/#{::Utils.name_from_full_name(token)}"
  return if trusted?(:cask, full_name)
  return if explicitly_allowed?(:cask, full_name, tap)
  return unless Homebrew::EnvConfig.require_tap_trust?

  raise_untrusted!(:cask, full_name, tap)
end

.require_trusted_command!(path, command = nil) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:



237
238
239
240
241
242
243
244
245
246
247
 
# File 'trust.rb', line 237

def self.require_trusted_command!(path, command = nil)
  return if Homebrew::EnvConfig.no_require_tap_trust?
  return unless (tap = tap_from_path(path))
  return if trusted_tap?(tap)

  full_name = "#{tap.name}/#{command || path.basename(path.extname).to_s.delete_prefix("brew-")}"
  return if trusted?(:command, full_name)
  return unless Homebrew::EnvConfig.require_tap_trust?

  raise_untrusted!(:command, full_name, tap)
end

.require_trusted_formula!(name, path) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:



209
210
211
212
213
214
215
216
217
218
219
220
 
# File 'trust.rb', line 209

def self.require_trusted_formula!(name, path)
  return if Homebrew::EnvConfig.no_require_tap_trust?
  return unless (tap = tap_from_path(path))
  return if trusted_tap?(tap)

  full_name = "#{tap.name}/#{::Utils.name_from_full_name(name)}"
  return if trusted?(:formula, full_name)
  return if explicitly_allowed?(:formula, full_name, tap)
  return unless Homebrew::EnvConfig.require_tap_trust?

  raise_untrusted!(:formula, full_name, tap)
end

.setting_key(type) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:



293
294
295
 
# File 'trust.rb', line 293

def self.setting_key(type)
  SETTING_KEYS.fetch(type).to_s
end

.target(name, type: nil, include_existing: false) ⇒ Array<(Symbol, String)>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

  • name (String)
  • type (Symbol, nil) (defaults to: nil)
  • include_existing (Boolean) (defaults to: false)

Returns:



308
309
310
311
312
 
# File 'trust.rb', line 308

def self.target(name, type: nil, include_existing: false)
  return [type, trust_name(type, name, include_existing:)] if type

  infer_target(name, include_existing:)
end

.trust!(type, name) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:

  • (Boolean) 


31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'trust.rb', line 31

def self.trust!(type, name)
  if name.is_a?(Tap)
    raise ArgumentError, "a #{type} trust name must be a String, not a Tap" if type != :tap

    name = name.reference
  end
  key = setting_key(type)
  name = normalise_name(name)
  with_trust_store_lock do
    store = trust_store
    entries = store.fetch(key, [])
    next false if entries.include?(name)

    store[key] = (entries + [name]).sort
    write_trust_store(store)
    true
  end
end

.trust_filePathname

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:



26
27
28
 
# File 'trust.rb', line 26

def self.trust_file
  Pathname.new(ENV.fetch("HOMEBREW_USER_CONFIG_HOME"))/"trust.json"
end

.trust_fully_qualified_items!(names, type: nil) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:



110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
# File 'trust.rb', line 110

def self.trust_fully_qualified_items!(names, type: nil)
  names.each do |name|
    next unless ::Utils.full_name?(name)

    tap_name = name.split("/").first(2).join("/")
    item_name = ::Utils.name_from_full_name(name)
    tap = Tap.fetch(tap_name)
    next if tap.official?

    types = if type == :formula
      tap.formula_files_by_name.key?(item_name) ? [:formula] : []
    elsif type == :cask
      tap.cask_files_by_name.key?(item_name) ? [:cask] : []
    elsif tap.formula_files_by_name.key?(item_name)
      [:formula]
    elsif tap.cask_files_by_name.key?(item_name)
      [:cask]
    else
      []
    end
    types.each do |item_type|
      full_name = "#{tap.name}/#{item_name}"
      if trust!(item_type, item_trust_name(item_type, tap, item_name))
        $stderr.ohai "Trusted #{item_type} #{full_name}"
      end
    end
  rescue Tap::InvalidNameError
    nil
  end
end

.trusted?(type, name) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:

  • (Boolean) 


168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
 
# File 'trust.rb', line 168

def self.trusted?(type, name)
  name = normalise_name(name)
  entries = trusted_entries(type)
  return true if entries.include?(name)

  if type == :tap
    return false if Tap.remote_reference?(name)

    return explicitly_trusted_tap?(Tap.fetch(name))
  end
  return false unless (tap_name = ::Utils.tap_from_full_name(name))

  tap = Tap.fetch(tap_name)
  return true if trusted_tap?(tap)

  item_name = normalise_name(::Utils.name_from_full_name(name))
  return true if entries.include?(item_trust_name(type, tap, item_name))
  return false unless tap.uses_custom_remote?

  entries.any? do |entry|
    next false unless entry.end_with?("/#{item_name}")

    Tap.same_remote?(entry.delete_suffix("/#{item_name}"), tap.remote)
  end
rescue Tap::InvalidNameError
  false
end

.trusted_cask_file?(path) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:

  • (Boolean) 


255
256
257
 
# File 'trust.rb', line 255

def self.trusted_cask_file?(path)
  trusted_file?(:cask, path)
end

.trusted_cask_files(files) ⇒ Array<Pathname>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:



265
266
267
 
# File 'trust.rb', line 265

def self.trusted_cask_files(files)
  trusted_files(:cask, files)
end

.trusted_command_files(files) ⇒ Array<Pathname>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:



270
271
272
 
# File 'trust.rb', line 270

def self.trusted_command_files(files)
  trusted_files(:command, files)
end

.trusted_entries(type) ⇒ Array<String>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:



298
299
300
 
# File 'trust.rb', line 298

def self.trusted_entries(type)
  trust_store.fetch(setting_key(type), [])
end

.trusted_formula_file?(path) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:

  • (Boolean) 


250
251
252
 
# File 'trust.rb', line 250

def self.trusted_formula_file?(path)
  trusted_file?(:formula, path)
end

.trusted_formula_files(files) ⇒ Array<Pathname>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:



260
261
262
 
# File 'trust.rb', line 260

def self.trusted_formula_files(files)
  trusted_files(:formula, files)
end

.trusted_tap?(tap) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:

  • (Boolean) 


197
198
199
 
# File 'trust.rb', line 197

def self.trusted_tap?(tap)
  tap.implicitly_trusted? || explicitly_trusted_tap?(tap)
end

.untrust!(type, name) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:

  • (Boolean) 


51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'trust.rb', line 51

def self.untrust!(type, name)
  key = setting_key(type)
  name = normalise_name(name)
  entries_to_delete = T.let([name], T::Array[String])
  if type != :tap && ::Utils.full_name?(name) && (tap_name = ::Utils.tap_from_full_name(name))
    tap = Tap.fetch(tap_name)
    entries_to_delete << item_trust_name(type, tap, ::Utils.name_from_full_name(name)) if tap.uses_custom_remote?
  end

  with_trust_store_lock do
    store = trust_store
    entries = store.fetch(key, [])
    removed = T.let(false, T::Boolean)
    entries_to_delete.uniq.each { |entry| removed = true if entries.delete(entry) }
    next false unless removed

    if entries.empty?
      store.delete(key)
    else
      store[key] = entries.sort
    end
    write_trust_store(store)
    true
  end
end

.untrusted_tapsArray<Tap>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:



275
276
277
 
# File 'trust.rb', line 275

def self.untrusted_taps
  Tap.installed.reject(&:official?).reject { |tap| trusted_tap?(tap) }.sort_by(&:name)
end

.wholly_untrusted_tapsArray<Tap>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:



280
281
282
 
# File 'trust.rb', line 280

def self.wholly_untrusted_taps
  untrusted_taps.reject { |tap| partially_trusted_tap?(tap) }
end