Module: Homebrew::Trust Private
- Extended by:
- Utils::Output::Mixin
- Defined in:
- trust.rb
This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.
Class Method Summary collapse
- .clear!(type) ⇒ void private
-
.explicitly_trusted_tap?(tap) ⇒ Boolean
private
Whether the tap appears in the trust list, ignoring any implicit official-tap trust.
- .invalidate_tap_references!(name, remote: nil) ⇒ Boolean private
- .normalise_name(name) ⇒ String private
- .replace!(entries) ⇒ void private
- .require_trusted_cask!(token, path) ⇒ void private
- .require_trusted_command!(path, command = nil) ⇒ void private
- .require_trusted_formula!(name, path) ⇒ void private
- .setting_key(type) ⇒ String private
- .target(name, type: nil, include_existing: false, tap_remote: nil) ⇒ Array<(Symbol, String)> private
- .trust!(type, name) ⇒ Boolean private
- .trust_file(home: Dir.home(ENV.fetch("USER"))) ⇒ Pathname private
- .trust_fully_qualified_items!(names, type: nil) ⇒ void private
- .trusted?(type, name) ⇒ Boolean private
- .trusted_cask_file?(path) ⇒ Boolean private
- .trusted_cask_files(files) ⇒ Array<Pathname> private
- .trusted_command_files(files) ⇒ Array<Pathname> private
- .trusted_entries(type) ⇒ Array<String> private
- .trusted_formula_file?(path) ⇒ Boolean private
- .trusted_formula_files(files) ⇒ Array<Pathname> private
- .trusted_tap?(tap) ⇒ Boolean private
- .untrust!(type, name) ⇒ Boolean private
- .untrusted_taps ⇒ Array<Tap> private
- .wholly_untrusted_taps ⇒ Array<Tap> private
Methods included from Utils::Output::Mixin
issue_reporting_message, odebug, odeprecated, odie, odisabled, ofail, oh1, oh1_title, ohai, ohai_title, onoe, opoo, opoo_outside_github_actions, opoo_without_github_actions_annotation, pretty_deprecated, pretty_disabled, pretty_duration, pretty_install_status, pretty_installed, pretty_uninstalled, pretty_unmarked, pretty_upgradable, pretty_warning
Class Method Details
.clear!(type) ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
This method returns an undefined value.
148 149 150 151 152 153 154 |
# File 'trust.rb', line 148 def self.clear!(type) with_trust_store_lock do store = trust_store store.delete(setting_key(type)) write_trust_store(store) end end |
.explicitly_trusted_tap?(tap) ⇒ Boolean
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
Whether the tap appears in the trust list, ignoring any implicit official-tap trust. The
entries may be user/repository names or remote URLs, so match via Tap#matches_reference?.
210 211 212 |
# File 'trust.rb', line 210 def self.explicitly_trusted_tap?(tap) trusted_entries(:tap).any? { |reference| tap.matches_reference?(reference) } end |
.invalidate_tap_references!(name, remote: nil) ⇒ Boolean
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
# File 'trust.rb', line 84 def self.invalidate_tap_references!(name, remote: nil) name = normalise_name(name) references = [name] references << normalise_name(remote) if remote.present? if remote.present? && (remote_reference = Tap.remote_to_reference(remote)) references << normalise_name(remote_reference) end references.uniq! with_trust_store_lock do store = trust_store changed = T.let(false, T::Boolean) store.keys.each do |key| entries = store.fetch(key) filtered_entries = entries.reject do |entry| references.include?(entry) || entry.start_with?("#{name}/") end next if filtered_entries == entries changed = true if filtered_entries.empty? store.delete(key) else store[key] = filtered_entries.sort end end write_trust_store(store) if changed changed end end |
.normalise_name(name) ⇒ String
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
309 310 311 |
# File 'trust.rb', line 309 def self.normalise_name(name) name.downcase end |
.replace!(entries) ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
This method returns an undefined value.
157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 |
# File 'trust.rb', line 157 def self.replace!(entries) store = T.let({}, T::Hash[String, T::Array[String]]) entries.each do |type, name| key = setting_key(type) store[key] ||= [] store.fetch(key) << normalise_name(name) end store.keys.each do |key| store[key] = store.fetch(key).uniq.sort end with_trust_store_lock do write_trust_store(store) end end |
.require_trusted_cask!(token, path) ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
This method returns an undefined value.
229 230 231 232 233 234 235 236 237 238 239 240 |
# File 'trust.rb', line 229 def self.require_trusted_cask!(token, path) return if Homebrew::EnvConfig.no_require_tap_trust? return unless (tap = tap_from_path(path)) return if trusted_tap?(tap) full_name = "#{tap.name}/#{::Utils.name_from_full_name(token)}" return if trusted?(:cask, full_name) return if explicitly_allowed?(:cask, full_name, tap) return unless Homebrew::EnvConfig.require_tap_trust? raise_untrusted!(:cask, full_name, tap) end |
.require_trusted_command!(path, command = nil) ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
This method returns an undefined value.
243 244 245 246 247 248 249 250 251 252 253 |
# File 'trust.rb', line 243 def self.require_trusted_command!(path, command = nil) return if Homebrew::EnvConfig.no_require_tap_trust? return unless (tap = tap_from_path(path)) return if trusted_tap?(tap) full_name = "#{tap.name}/#{command || path.basename(path.extname).to_s.delete_prefix("brew-")}" return if trusted?(:command, full_name) return unless Homebrew::EnvConfig.require_tap_trust? raise_untrusted!(:command, full_name, tap) end |
.require_trusted_formula!(name, path) ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
This method returns an undefined value.
215 216 217 218 219 220 221 222 223 224 225 226 |
# File 'trust.rb', line 215 def self.require_trusted_formula!(name, path) return if Homebrew::EnvConfig.no_require_tap_trust? return unless (tap = tap_from_path(path)) return if trusted_tap?(tap) full_name = "#{tap.name}/#{::Utils.name_from_full_name(name)}" return if trusted?(:formula, full_name) return if explicitly_allowed?(:formula, full_name, tap) return unless Homebrew::EnvConfig.require_tap_trust? raise_untrusted!(:formula, full_name, tap) end |
.setting_key(type) ⇒ String
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
299 300 301 |
# File 'trust.rb', line 299 def self.setting_key(type) SETTING_KEYS.fetch(type).to_s end |
.target(name, type: nil, include_existing: false, tap_remote: nil) ⇒ Array<(Symbol, String)>
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
318 319 320 321 322 |
# File 'trust.rb', line 318 def self.target(name, type: nil, include_existing: false, tap_remote: nil) return [type, trust_name(type, name, include_existing:, tap_remote:)] if type infer_target(name, include_existing:) end |
.trust!(type, name) ⇒ Boolean
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
# File 'trust.rb', line 37 def self.trust!(type, name) if name.is_a?(Tap) raise ArgumentError, "a #{type} trust name must be a String, not a Tap" if type != :tap name = name.reference end key = setting_key(type) name = normalise_name(name) with_trust_store_lock do store = trust_store entries = store.fetch(key, []) next false if entries.include?(name) store[key] = (entries + [name]).sort write_trust_store(store) true end end |
.trust_file(home: Dir.home(ENV.fetch("USER"))) ⇒ Pathname
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
27 28 29 30 31 32 33 34 |
# File 'trust.rb', line 27 def self.trust_file(home: Dir.home(ENV.fetch("USER"))) user_config_home = Pathname.new(ENV.fetch("HOMEBREW_USER_CONFIG_HOME")) if user_config_home == Pathname.new(Dir.home(ENV.fetch("USER")))/".homebrew" Pathname.new(home.to_s)/".homebrew/trust.json" else user_config_home/"trust.json" end end |
.trust_fully_qualified_items!(names, type: nil) ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
This method returns an undefined value.
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 |
# File 'trust.rb', line 116 def self.trust_fully_qualified_items!(names, type: nil) names.each do |name| next unless ::Utils.full_name?(name) tap_name = name.split("/").first(2).join("/") item_name = ::Utils.name_from_full_name(name) tap = Tap.fetch(tap_name) next if tap.official? types = if type == :formula tap.formula_files_by_name.key?(item_name) ? [:formula] : [] elsif type == :cask tap.cask_files_by_name.key?(item_name) ? [:cask] : [] elsif tap.formula_files_by_name.key?(item_name) [:formula] elsif tap.cask_files_by_name.key?(item_name) [:cask] else [] end types.each do |item_type| full_name = "#{tap.name}/#{item_name}" if trust!(item_type, item_trust_name(item_type, tap, item_name)) $stderr.ohai "Trusted #{item_type} #{full_name}" end end rescue Tap::InvalidNameError nil end end |
.trusted?(type, name) ⇒ Boolean
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 |
# File 'trust.rb', line 174 def self.trusted?(type, name) name = normalise_name(name) entries = trusted_entries(type) return true if entries.include?(name) if type == :tap return false if Tap.remote_reference?(name) return explicitly_trusted_tap?(Tap.fetch(name)) end return false unless (tap_name = ::Utils.tap_from_full_name(name)) tap = Tap.fetch(tap_name) return true if trusted_tap?(tap) item_name = normalise_name(::Utils.name_from_full_name(name)) return true if entries.include?(item_trust_name(type, tap, item_name)) return false unless tap.uses_custom_remote? entries.any? do |entry| next false unless entry.end_with?("/#{item_name}") Tap.same_remote?(entry.delete_suffix("/#{item_name}"), tap.remote) end rescue Tap::InvalidNameError false end |
.trusted_cask_file?(path) ⇒ Boolean
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
261 262 263 |
# File 'trust.rb', line 261 def self.trusted_cask_file?(path) trusted_file?(:cask, path) end |
.trusted_cask_files(files) ⇒ Array<Pathname>
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
271 272 273 |
# File 'trust.rb', line 271 def self.trusted_cask_files(files) trusted_files(:cask, files) end |
.trusted_command_files(files) ⇒ Array<Pathname>
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
276 277 278 |
# File 'trust.rb', line 276 def self.trusted_command_files(files) trusted_files(:command, files) end |
.trusted_entries(type) ⇒ Array<String>
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
304 305 306 |
# File 'trust.rb', line 304 def self.trusted_entries(type) trust_store.fetch(setting_key(type), []) end |
.trusted_formula_file?(path) ⇒ Boolean
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
256 257 258 |
# File 'trust.rb', line 256 def self.trusted_formula_file?(path) trusted_file?(:formula, path) end |
.trusted_formula_files(files) ⇒ Array<Pathname>
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
266 267 268 |
# File 'trust.rb', line 266 def self.trusted_formula_files(files) trusted_files(:formula, files) end |
.trusted_tap?(tap) ⇒ Boolean
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
203 204 205 |
# File 'trust.rb', line 203 def self.trusted_tap?(tap) tap.implicitly_trusted? || explicitly_trusted_tap?(tap) end |
.untrust!(type, name) ⇒ Boolean
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'trust.rb', line 57 def self.untrust!(type, name) key = setting_key(type) name = normalise_name(name) entries_to_delete = T.let([name], T::Array[String]) if type != :tap && ::Utils.full_name?(name) && (tap_name = ::Utils.tap_from_full_name(name)) tap = Tap.fetch(tap_name) entries_to_delete << item_trust_name(type, tap, ::Utils.name_from_full_name(name)) if tap.uses_custom_remote? end with_trust_store_lock do store = trust_store entries = store.fetch(key, []) removed = T.let(false, T::Boolean) entries_to_delete.uniq.each { |entry| removed = true if entries.delete(entry) } next false unless removed if entries.empty? store.delete(key) else store[key] = entries.sort end write_trust_store(store) true end end |
.untrusted_taps ⇒ Array<Tap>
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
281 282 283 |
# File 'trust.rb', line 281 def self.untrusted_taps Tap.installed.reject(&:official?).reject { |tap| trusted_tap?(tap) }.sort_by(&:name) end |
.wholly_untrusted_taps ⇒ Array<Tap>
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
286 287 288 |
# File 'trust.rb', line 286 def self.wholly_untrusted_taps untrusted_taps.reject { |tap| partially_trusted_tap?(tap) } end |