Module: OS::Mac::Keg Private

Extended by:

T::Helpers

Includes:

SystemCommand::Mixin

Included in:

Keg

Defined in:

extend/os/mac/keg.rb,
extend/os/mac/keg_relocate.rb

This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.

Defined Under Namespace

Modules: ClassMethods

Constant Summary

VARIABLE_REFERENCE_RX =

This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

T.let(/^@(loader_|executable_|r)path/, Regexp)

FRAMEWORK_RX =

This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

Matches framework references like XXX.framework/Versions/YYY/XXX and XXX.framework/XXX, both with or without a slash-delimited prefix.

%r{(?:^|/)(([^/]+)\.framework/(?:Versions/[^/]+/)?\2)$}

Instance Method Summary

• #binary_executable_or_library_files ⇒ Array<MachOShim> private
• #change_dylib_id(id, file) ⇒ Boolean private
• #change_install_name(old, new, file) ⇒ Boolean private
• #change_rpath(old, new, file) ⇒ Boolean private
• #codesign_patched_binary(file) ⇒ Object
• #consistent_reproducible_symlink_permissions! ⇒ Object private

  Needed to make symlink permissions consistent on macOS and Linux for reproducible bottles.

• #delete_rpath(rpath, file) ⇒ Boolean private
• #dylib_id_for(file) ⇒ String private
• #each_linkage_for(file, linkage_type, resolve_variable_references: false, &block) ⇒ void private
• #egrep_args ⇒ Array<(String, String)> private
• #find_dylib(bad_name) ⇒ ::Pathname^? private
• #find_dylib_suffix_from(bad_name) ⇒ String private
• #fix_dynamic_linkage ⇒ void private
• #fixed_name(file, bad_name) ⇒ String private

  If file is a dylib or bundle itself, look for the dylib named by bad_name relative to the lib directory, so that we can skip the more expensive recursive search if possible.

• #formula_preserve_rpath? ⇒ Boolean private
• #initialize(path) ⇒ void private
• #loader_name_for(file, target) ⇒ String private
• #mach_o_files ⇒ Array<MachOShim> private
• #prepare_codesign_writable_files(file) ⇒ Object
• #prepare_debug_symbols ⇒ Object
• #prepare_relocation_to_locations ⇒ ::Keg::Relocation private
• #recursive_fgrep_args ⇒ String private
• #relocate_dynamic_linkage(relocation, skip_protodesc_cold: false) ⇒ void private
• #relocated_name_for(old_name, relocation) ⇒ String^? private

Methods included from SystemCommand::Mixin

#system_command, #system_command!

Instance Method Details

#binary_executable_or_library_files ⇒ Array<MachOShim>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Array<MachOShim>)

# File 'extend/os/mac/keg.rb', line 109

def binary_executable_or_library_files = mach_o_files

#change_dylib_id(id, file) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• id (String)
• file (MachOShim)

Returns:

• (Boolean)

# File 'extend/os/mac/keg.rb', line 46

def change_dylib_id(id, file)
  return false if file.dylib_id == id

  @require_relocation = true
  odebug "Changing dylib ID of #{file}\n  from #{file.dylib_id}\n    to #{id}"
  file.change_dylib_id(id, strict: false)
  true
rescue MachO::MachOError
  onoe <<~EOS
    Failed changing dylib ID of #{file}
      from #{file.dylib_id}
        to #{id}
  EOS
  raise
end

#change_install_name(old, new, file) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• old (String)
• new (String)
• file (MachOShim)

Returns:

• (Boolean)

# File 'extend/os/mac/keg.rb', line 63

def change_install_name(old, new, file)
  return false if old == new

  @require_relocation = true
  odebug "Changing install name in #{file}\n  from #{old}\n    to #{new}"
  file.change_install_name(old, new, strict: false)
  true
rescue MachO::MachOError
  onoe <<~EOS
    Failed changing install name in #{file}
      from #{old}
        to #{new}
  EOS
  raise
end

#change_rpath(old, new, file) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• old (String)
• new (String)
• file (MachOShim)

Returns:

• (Boolean)

# File 'extend/os/mac/keg.rb', line 80

def change_rpath(old, new, file)
  return false if old == new

  @require_relocation = true
  odebug "Changing rpath in #{file}\n  from #{old}\n    to #{new}"
  file.change_rpath(old, new, strict: false)
  true
rescue MachO::MachOError
  onoe <<~EOS
    Failed changing rpath in #{file}
      from #{old}
        to #{new}
  EOS
  raise
end

#codesign_patched_binary(file) ⇒ Object

# File 'extend/os/mac/keg.rb', line 111

def codesign_patched_binary(file)
  return if MacOS.version < :big_sur

  unless ::Hardware::CPU.arm?
    result = system_command("codesign", args: ["--verify", file], print_stderr: false)
    return unless result.stderr.match?(/invalid signature/i)
  end

  odebug "Codesigning #{file}"
  prepare_codesign_writable_files(file) do
    # Use quiet_system to squash notifications about resigning binaries
    # which already have valid signatures.
    return if quiet_system("codesign", "--sign", "-", "--force",
                           "--preserve-metadata=entitlements,requirements,flags,runtime",
                           file)

    # If the codesigning fails, it may be a bug in Apple's codesign utility
    # A known workaround is to copy the file to another inode, then move it back
    # erasing the previous file. Then sign again.
    #
    # TODO: remove this once the bug in Apple's codesign utility is fixed
    Dir::Tmpname.create("workaround") do |tmppath|
      FileUtils.cp file, tmppath
      FileUtils.mv tmppath, file, force: true
    end

    # Try signing again
    odebug "Codesigning (2nd try) #{file}"
    result = system_command("codesign", args: [
      "--sign", "-", "--force",
      "--preserve-metadata=entitlements,requirements,flags,runtime",
      file
    ], print_stderr: false)
    return if result.success?

    # If it fails again, error out
    onoe <<~EOS
      Failed applying an ad-hoc signature to #{file}:
      #{result.stderr}
    EOS
  end
end

#consistent_reproducible_symlink_permissions! ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Needed to make symlink permissions consistent on macOS and Linux for reproducible bottles.

# File 'extend/os/mac/keg.rb', line 193

def consistent_reproducible_symlink_permissions!
  path.find do |file|
    file.lchmod 0777 if file.symlink?
  end
end

#delete_rpath(rpath, file) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• rpath (String)
• file (MachOShim)

Returns:

• (Boolean)

# File 'extend/os/mac/keg.rb', line 97

def delete_rpath(rpath, file)
  odebug "Deleting rpath #{rpath} in #{file}"
  file.delete_rpath(rpath, strict: false)
  true
rescue MachO::MachOError
  onoe <<~EOS
    Failed deleting rpath #{rpath} in #{file}
  EOS
  raise
end

#dylib_id_for(file) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• file (MachOShim)

Returns:

• (String)

# File 'extend/os/mac/keg_relocate.rb', line 152

def dylib_id_for(file)
  # Swift dylib IDs should be /usr/lib/swift
  return file.dylib_id if file.dylib_id.start_with?("/usr/lib/swift/libswift")

  # Preserve @rpath install names if the formula has specified preserve_rpath
  return file.dylib_id if file.dylib_id.start_with?("@rpath") && formula_preserve_rpath?

  # The new dylib ID should have the same basename as the old dylib ID, not
  # the basename of the file itself.
  basename = File.basename(file.dylib_id)
  relative_dirname = file.dirname.relative_path_from(path)
  (opt_record/relative_dirname/basename).to_s
end

#each_linkage_for(file, linkage_type, resolve_variable_references: false, &block) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• file (MachOShim)
• linkage_type (Symbol)
• resolve_variable_references (Boolean) (defaults to: false)
• block (T.proc.params(arg0: String).void)

# File 'extend/os/mac/keg_relocate.rb', line 145

def each_linkage_for(file, linkage_type, resolve_variable_references: false, &block)
  file.public_send(linkage_type, resolve_variable_references:)
      .grep_v(VARIABLE_REFERENCE_RX)
      .each(&block)
end

#egrep_args ⇒ Array<(String, String)>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Array<(String, String)>)

# File 'extend/os/mac/keg_relocate.rb', line 262

def egrep_args
  grep_bin = "egrep"
  grep_args = "--files-with-matches"
  [grep_bin, grep_args]
end

#find_dylib(bad_name) ⇒ ::Pathname^?

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• bad_name (String)

Returns:

• (::Pathname, nil)

# File 'extend/os/mac/keg_relocate.rb', line 199

def find_dylib(bad_name)
  return unless lib.directory?

  suffix = "/#{find_dylib_suffix_from(bad_name)}"
  lib.find { |pn| break pn if pn.to_s.end_with?(suffix) }
end

#find_dylib_suffix_from(bad_name) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• bad_name (String)

Returns:

• (String)

# File 'extend/os/mac/keg_relocate.rb', line 190

def find_dylib_suffix_from(bad_name)
  if (framework = bad_name.match(FRAMEWORK_RX))
    T.must(framework[1])
  else
    File.basename(bad_name)
  end
end

#fix_dynamic_linkage ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

# File 'extend/os/mac/keg_relocate.rb', line 58

def fix_dynamic_linkage
  mach_o_files.each do |file|
    file.ensure_writable do
      modified = T.let(false, T::Boolean)
      needs_codesigning = T.let(false, T::Boolean)

      modified = change_dylib_id(dylib_id_for(file), file) if file.dylib?
      needs_codesigning ||= modified

      each_linkage_for(file, :dynamically_linked_libraries) do |bad_name|
        # Don't fix absolute paths unless they are rooted in the build directory.
        new_name = if bad_name.start_with?("/") && !rooted_in_build_directory?(bad_name)
          bad_name
        else
          fixed_name(file, bad_name)
        end
        loader_name = loader_name_for(file, new_name)
        modified = change_install_name(bad_name, loader_name, file) if loader_name != bad_name
        needs_codesigning ||= modified
      end

      each_linkage_for(file, :rpaths) do |bad_name|
        new_name = opt_name_for(bad_name)
        loader_name = loader_name_for(file, new_name)
        next if loader_name == bad_name

        modified = change_rpath(bad_name, loader_name, file)
        needs_codesigning ||= modified
      end

      # Strip duplicate rpaths and rpaths rooted in the build directory.
      # We do this separately from the rpath relocation above to avoid
      # failing to relocate an rpath whose variable duplicate we deleted.
      each_linkage_for(file, :rpaths, resolve_variable_references: true) do |bad_name|
        next if !rooted_in_build_directory?(bad_name) && file.rpaths.count(bad_name) == 1

        modified = delete_rpath(bad_name, file)
        needs_codesigning ||= modified
      end

      # codesign the file if needed
      codesign_patched_binary(file) if needs_codesigning
    end
  end

  super
end

#fixed_name(file, bad_name) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

If file is a dylib or bundle itself, look for the dylib named by bad_name relative to the lib directory, so that we can skip the more expensive recursive search if possible.

Parameters:

• file (MachOShim)
• bad_name (String)

Returns:

• (String)

# File 'extend/os/mac/keg_relocate.rb', line 123

def fixed_name(file, bad_name)
  if bad_name.start_with? ::Keg::PREFIX_PLACEHOLDER
    bad_name.sub(::Keg::PREFIX_PLACEHOLDER, HOMEBREW_PREFIX)
  elsif bad_name.start_with? ::Keg::CELLAR_PLACEHOLDER
    bad_name.sub(::Keg::CELLAR_PLACEHOLDER, HOMEBREW_CELLAR)
  elsif (file.dylib? || file.mach_o_bundle?) && (file.dirname/bad_name).exist?
    "@loader_path/#{bad_name}"
  elsif file.mach_o_executable? && (lib/bad_name).exist?
    "#{lib}/#{bad_name}"
  elsif file.mach_o_executable? && (libexec/"lib"/bad_name).exist?
    "#{libexec}/lib/#{bad_name}"
  elsif (abs_name = find_dylib(bad_name)) && abs_name.exist?
    abs_name.to_s
  else
    opoo "Could not fix #{bad_name} in #{file}"
    bad_name
  end
end

#formula_preserve_rpath? ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Boolean)

# File 'extend/os/mac/keg_relocate.rb', line 167

def formula_preserve_rpath?
  ::Formula[name].preserve_rpath?
rescue FormulaUnavailableError
  false
end

#initialize(path) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• path (::Pathname)

# File 'extend/os/mac/keg.rb', line 39

def initialize(path)
  super

  @require_relocation = T.let(false, T::Boolean)
end

#loader_name_for(file, target) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• file (MachOShim)
• target (String)

Returns:

• (String)

# File 'extend/os/mac/keg_relocate.rb', line 107

def loader_name_for(file, target)
  # Use @loader_path-relative install names for other Homebrew-installed binaries.
  if ENV["HOMEBREW_RELOCATABLE_INSTALL_NAMES"] && target.start_with?(HOMEBREW_PREFIX)
    dylib_suffix = find_dylib_suffix_from(target)
    target_dir = ::Pathname.new(target.delete_suffix(dylib_suffix)).cleanpath

    "@loader_path/#{target_dir.relative_path_from(file.dirname)/dylib_suffix}"
  else
    target
  end
end

#mach_o_files ⇒ Array<MachOShim>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Array<MachOShim>)

# File 'extend/os/mac/keg_relocate.rb', line 207

def mach_o_files
  hardlinks = Set.new
  mach_o_files = []
  path.find do |pn|
    next if pn.symlink? || pn.directory?

    pn = MachOPathname.wrap(pn)
    next if !pn.dylib? && !pn.mach_o_bundle? && !pn.mach_o_executable?

    # if we've already processed a file, ignore its hardlinks (which have the same dev ID and inode)
    # this prevents relocations from being performed on a binary more than once
    next unless hardlinks.add? [pn.stat.dev, pn.stat.ino]

    mach_o_files << pn
  end

  mach_o_files
end

#prepare_codesign_writable_files(file) ⇒ Object

# File 'extend/os/mac/keg.rb', line 154

def prepare_codesign_writable_files(file)
  result = system_command("codesign", args: [
    "--display", "--file-list", "-", file
  ], print_stderr: false)
  return unless result.success?

  files = result.stdout.lines.map { |f| Pathname(f.chomp) }
  saved_perms = {}
  files.each do |f|
    unless f.writable?
      saved_perms[f] = f.stat.mode
      FileUtils.chmod "u+rw", f.to_path
    end
  end
  yield
ensure
  saved_perms&.each do |f, p|
    f.chmod p if p
  end
end

#prepare_debug_symbols ⇒ Object

# File 'extend/os/mac/keg.rb', line 175

def prepare_debug_symbols
  binary_executable_or_library_files.each do |file|
    file = file.to_s
    odebug "Extracting symbols #{file}"

    result = system_command("dsymutil", args: [file], print_stderr: false)
    next if result.success?

    # If it fails again, error out
    ofail <<~EOS
      Failed to extract symbols from #{file}:
      #{result.stderr}
    EOS
  end
end

#prepare_relocation_to_locations ⇒ ::Keg::Relocation

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (::Keg::Relocation)

# File 'extend/os/mac/keg_relocate.rb', line 227

def prepare_relocation_to_locations
  relocation = super

  brewed_perl = runtime_dependencies&.any? { |dep| dep["full_name"] == "perl" && dep["declared_directly"] }
  perl_path = if brewed_perl || name == "perl"
    "#{HOMEBREW_PREFIX}/opt/perl/bin/perl"
  elsif tab.built_on.present?
    perl_path = "/usr/bin/perl#{tab.built_on["preferred_perl"]}"

    # For `:all` bottles, we could have built this bottle with a Perl we don't have.
    # Such bottles typically don't have strict version requirements.
    perl_path = "/usr/bin/perl#{MacOS.preferred_perl_version}" unless File.exist?(perl_path)

    perl_path
  else
    "/usr/bin/perl#{MacOS.preferred_perl_version}"
  end
  relocation.add_replacement_pair(:perl, ::Keg::PERL_PLACEHOLDER, perl_path)

  if (openjdk = openjdk_dep_name_if_applicable)
    openjdk_path = HOMEBREW_PREFIX/"opt"/openjdk/"libexec/openjdk.jdk/Contents/Home"
    relocation.add_replacement_pair(:java, ::Keg::JAVA_PLACEHOLDER, openjdk_path.to_s)
  end

  relocation
end

#recursive_fgrep_args ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (String)

# File 'extend/os/mac/keg_relocate.rb', line 255

def recursive_fgrep_args
  # Don't recurse into symlinks; the man page says this is the default, but
  # it's wrong. -O is a BSD-grep-only option.
  "-lrO"
end

#relocate_dynamic_linkage(relocation, skip_protodesc_cold: false) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• relocation (::Keg::Relocation)
• skip_protodesc_cold (Boolean) (defaults to: false)

# File 'extend/os/mac/keg_relocate.rb', line 27

def relocate_dynamic_linkage(relocation, skip_protodesc_cold: false)
  mach_o_files.each do |file|
    file.ensure_writable do
      modified = T.let(false, T::Boolean)
      needs_codesigning = T.let(false, T::Boolean)

      if file.dylib?
        id = relocated_name_for(file.dylib_id, relocation)
        modified = change_dylib_id(id, file) if id
        needs_codesigning ||= modified
      end

      each_linkage_for(file, :dynamically_linked_libraries) do |old_name|
        new_name = relocated_name_for(old_name, relocation)
        modified = change_install_name(old_name, new_name, file) if new_name
        needs_codesigning ||= modified
      end

      each_linkage_for(file, :rpaths) do |old_name|
        new_name = relocated_name_for(old_name, relocation)
        modified = change_rpath(old_name, new_name, file) if new_name
        needs_codesigning ||= modified
      end

      # codesign the file if needed
      codesign_patched_binary(file) if needs_codesigning
    end
  end
end

#relocated_name_for(old_name, relocation) ⇒ String^?

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• old_name (String)
• relocation (::Keg::Relocation)

Returns:

• (String, nil)

# File 'extend/os/mac/keg_relocate.rb', line 174

def relocated_name_for(old_name, relocation)
  old_prefix, new_prefix = relocation.replacement_pair_for(:prefix)
  old_cellar, new_cellar = relocation.replacement_pair_for(:cellar)

  if old_name.start_with? old_cellar
    old_name.sub(old_cellar, new_cellar)
  elsif old_name.start_with? old_prefix
    old_name.sub(old_prefix, new_prefix)
  end
end