Module: FormulaCellarChecks Private

Extended by:
T::Sig
Included in:
FormulaInstaller, Homebrew::FormulaAuditor
Defined in:
extend/os/linux/formula_cellar_checks.rb,
extend/os/mac/formula_cellar_checks.rb,
formula_cellar_checks.rb

Overview

This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.

Checks to perform on a formula’s cellar.

Constant Summary collapse

VALID_LIBRARY_EXTENSIONS =

This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning. 

%w[.a .jnilib .la .o .so .jar .prl .pm .sh].freeze

Instance Method Summary collapse

Instance Method Details

#audit_installedObject Also known as: generic_audit_installed

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



116
117
118
119
120
121
122
123
 
# File 'extend/os/mac/formula_cellar_checks.rb', line 116

def audit_installed
  generic_audit_installed
  problem_if_output(check_shadowed_headers)
  problem_if_output(check_openssl_links)
  problem_if_output(check_python_framework_links(formula.lib))
  check_linkage
  problem_if_output(check_flat_namespace(formula))
end

#check_binary_arches(formula) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
 
# File 'formula_cellar_checks.rb', line 319

def check_binary_arches(formula)
  return unless formula.prefix.directory?
  # There is no `binary_executable_or_library_files` method for the generic OS
  return if !OS.mac? && !OS.linux?

  keg = Keg.new(formula.prefix)
  mismatches = {}
  keg.binary_executable_or_library_files.each do |file|
    farch = file.arch
    mismatches[file] = farch unless farch == Hardware::CPU.arch
  end
  return if mismatches.empty?

  compatible_universal_binaries, mismatches = mismatches.partition do |file, arch|
    arch == :universal && file.archs.include?(Hardware::CPU.arch)
  end.map(&:to_h) # To prevent transformation into nested arrays

  universal_binaries_expected = if formula.tap.present? && formula.tap.core_tap?
    formula.tap.audit_exception(:universal_binary_allowlist, formula.name)
  else
    true
  end
  return if mismatches.empty? && universal_binaries_expected

  mismatches_expected = formula.tap.blank? ||
                        formula.tap.audit_exception(:mismatched_binary_allowlist, formula.name)
  return if compatible_universal_binaries.empty? && mismatches_expected

  return if universal_binaries_expected && mismatches_expected

  s = ""

  if mismatches.present? && !mismatches_expected
    s += <<~EOS
      Binaries built for a non-native architecture were installed into #{formula}'s prefix.
      The offending files are:
        #{mismatches.map { |m| "#{m.first}\t(#{m.last})" } * "\n  "}
    EOS
  end

  if compatible_universal_binaries.present? && !universal_binaries_expected
    s += <<~EOS
      Unexpected universal binaries were found.
      The offending files are:
        #{compatible_universal_binaries.keys * "\n  "}
    EOS
  end

  s
end

#check_cpuid_instruction(formula) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
 
# File 'formula_cellar_checks.rb', line 287

def check_cpuid_instruction(formula)
  # Checking for `cpuid` only makes sense on Intel:
  # https://en.wikipedia.org/wiki/CPUID
  return unless Hardware::CPU.intel?

  dot_brew_formula = formula.prefix/".brew/#{formula.name}.rb"
  return unless dot_brew_formula.exist?
  # TODO: add methods to `utils/ast` to allow checking for method use
  return unless dot_brew_formula.read.include? "ENV.runtime_cpu_detection"

  # macOS `objdump` is a bit slow, so we prioritise llvm's `llvm-objdump` (~5.7x faster)
  # or binutils' `objdump` (~1.8x faster) if they are installed.
  objdump   = Formula["llvm"].opt_bin/"llvm-objdump" if Formula["llvm"].any_version_installed?
  objdump ||= Formula["binutils"].opt_bin/"objdump" if Formula["binutils"].any_version_installed?
  objdump ||= which("objdump")
  objdump ||= which("objdump", ENV["HOMEBREW_PATH"])

  unless objdump
    return <<~EOS
      No `objdump` found, so cannot check for a `cpuid` instruction. Install `objdump` with
        brew install binutils
    EOS
  end

  keg = Keg.new(formula.prefix)
  return if keg.binary_executable_or_library_files.any? do |file|
    cpuid_instruction?(file, objdump)
  end

  "No `cpuid` instruction detected. #{formula} should not use `ENV.runtime_cpu_detection`."
end

#check_easy_install_pth(lib) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



121
122
123
124
125
126
127
128
129
130
131
132
 
# File 'formula_cellar_checks.rb', line 121

def check_easy_install_pth(lib)
  pth_found = Dir["#{lib}/python{2.7,3}*/site-packages/easy-install.pth"].map { |f| File.dirname(f) }
  return if pth_found.empty?

  <<~EOS
    'easy-install.pth' files were found.
    These '.pth' files are likely to cause link conflicts.
    Please invoke `setup.py` using 'Language::Python.setup_install_args'.
    The offending files are:
      #{pth_found * "\n  "}
  EOS
end

#check_elisp_dirname(share, name) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
 
# File 'formula_cellar_checks.rb', line 134

def check_elisp_dirname(share, name)
  return unless (share/"emacs/site-lisp").directory?
  # Emacs itself can do what it wants
  return if name == "emacs"

  bad_dir_name = (share/"emacs/site-lisp").children.any? do |child|
    child.directory? && child.basename.to_s != name
  end

  return unless bad_dir_name

  <<~EOS
    Emacs Lisp files were installed into the wrong "site-lisp" subdirectory.
    They should be installed into:
      #{share}/emacs/site-lisp/#{name}
  EOS
end

#check_elisp_root(share, name) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
 
# File 'formula_cellar_checks.rb', line 152

def check_elisp_root(share, name)
  return unless (share/"emacs/site-lisp").directory?
  # Emacs itself can do what it wants
  return if name == "emacs"

  elisps = (share/"emacs/site-lisp").children.select do |file|
    Keg::ELISP_EXTENSIONS.include? file.extname
  end
  return if elisps.empty?

  <<~EOS
    Emacs Lisp files were linked directly to "#{HOMEBREW_PREFIX}/share/emacs/site-lisp".
    This may cause conflicts with other packages.
    They should instead be installed into:
      #{share}/emacs/site-lisp/#{name}
    The offending files are:
      #{elisps * "\n  "}
  EOS
end

#check_env_path(bin) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'formula_cellar_checks.rb', line 10

def check_env_path(bin)
  # warn the user if stuff was installed outside of their PATH
  return unless bin.directory?
  return if bin.children.empty?

  prefix_bin = (HOMEBREW_PREFIX/bin.basename)
  return unless prefix_bin.directory?

  prefix_bin = prefix_bin.realpath
  return if ORIGINAL_PATHS.include? prefix_bin

  <<~EOS
    "#{prefix_bin}" is not in your PATH.
    You can amend this by altering your #{Utils::Shell.profile} file.
  EOS
end

#check_flat_namespace(formula) ⇒ Object 



91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
# File 'extend/os/mac/formula_cellar_checks.rb', line 91

def check_flat_namespace(formula)
  return unless formula.prefix.directory?
  return if formula.tap.present? && formula.tap.audit_exception(:flat_namespace_allowlist, formula.name)

  keg = Keg.new(formula.prefix)
  flat_namespace_files = keg.mach_o_files.reject do |file|
    next true unless file.dylib?

    macho = MachO.open(file)
    if MachO::Utils.fat_magic?(macho.magic)
      macho.machos.map(&:header).all? { |h| h.flag? :MH_TWOLEVEL }
    else
      macho.header.flag? :MH_TWOLEVEL
    end
  end
  return if flat_namespace_files.empty?

  <<~EOS
    Libraries were compiled with a flat namespace.
    This can cause linker errors due to name collisions, and
    is often due to a bug in detecting the macOS version.
      #{flat_namespace_files * "\n  "}
  EOS
end

#check_generic_executables(bin) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'formula_cellar_checks.rb', line 104

def check_generic_executables(bin)
  return unless bin.directory?

  generic_names = %w[service start stop]
  generics = bin.children.select { |g| generic_names.include? g.basename.to_s }
  return if generics.empty?

  <<~EOS
    Generic binaries were installed to "#{bin}".
    Binaries with generic names are likely to conflict with other software.
    Homebrew suggests that this software is installed to "libexec" and then
    symlinked as needed.
    The offending files are:
      #{generics * "\n  "}
  EOS
end

#check_infopagesObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



38
39
40
41
42
43
44
45
46
47
 
# File 'formula_cellar_checks.rb', line 38

def check_infopages
  # Check for info pages that aren't in share/info
  return unless (formula.prefix/"info").directory?

  <<~EOS
    A top-level "info" directory was found.
    Homebrew suggests that info pages live under "share".
    This can often be fixed by passing `--infodir=\#{info}` to `configure`.
  EOS
end

#check_jarsObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'formula_cellar_checks.rb', line 49

def check_jars
  return unless formula.lib.directory?

  jars = formula.lib.children.select { |g| g.extname == ".jar" }
  return if jars.empty?

  <<~EOS
    JARs were installed to "#{formula.lib}".
    Installing JARs to "lib" can cause conflicts between packages.
    For Java software, it is typically better for the formula to
    install to "libexec" and then symlink or wrap binaries into "bin".
    See formulae 'activemq', 'jruby', etc. for examples.
    The offending files are:
      #{jars * "\n  "}
  EOS
end

#check_linkageObject 



65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'extend/os/mac/formula_cellar_checks.rb', line 65

def check_linkage
  return unless formula.prefix.directory?

  keg = Keg.new(formula.prefix)

  CacheStoreDatabase.use(:linkage) do |db|
    checker = LinkageChecker.new(keg, formula, cache_db: db)
    next unless checker.broken_library_linkage?

    output = <<~EOS
      #{formula} has broken dynamic library links:
        #{checker.display_test_output}
    EOS

    tab = Tab.for_keg(keg)
    if tab.poured_from_bottle
      output += <<~EOS
        Rebuild this from source with:
          brew reinstall --build-from-source #{formula}
        If that's successful, file an issue#{formula.tap ? " here:\n  #{formula.tap.issues_url}" : "."}
      EOS
    end
    problem_if_output output
  end
end

#check_manpagesObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



27
28
29
30
31
32
33
34
35
36
 
# File 'formula_cellar_checks.rb', line 27

def check_manpages
  # Check for man pages that aren't in share/man
  return unless (formula.prefix/"man").directory?

  <<~EOS
    A top-level "man" directory was found.
    Homebrew requires that man pages live under "share".
    This can often be fixed by passing `--mandir=\#{man}` to `configure`.
  EOS
end

#check_non_executables(bin) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'formula_cellar_checks.rb', line 91

def check_non_executables(bin)
  return unless bin.directory?

  non_exes = bin.children.select { |g| g.directory? || !g.executable? }
  return if non_exes.empty?

  <<~EOS
    Non-executables were installed to "#{bin}".
    The offending files are:
      #{non_exes * "\n  "}
  EOS
end

#check_non_librariesObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'formula_cellar_checks.rb', line 73

def check_non_libraries
  return unless formula.lib.directory?

  non_libraries = formula.lib.children.reject do |g|
    next true if g.directory?

    valid_library_extension? g
  end
  return if non_libraries.empty?

  <<~EOS
    Non-libraries were installed to "#{formula.lib}".
    Installing non-libraries to "lib" is discouraged.
    The offending files are:
      #{non_libraries * "\n  "}
  EOS
end

#check_openssl_linksObject 



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'extend/os/mac/formula_cellar_checks.rb', line 29

def check_openssl_links
  return unless formula.prefix.directory?

  keg = Keg.new(formula.prefix)
  system_openssl = keg.mach_o_files.select do |obj|
    dlls = obj.dynamically_linked_libraries
    dlls.any? { |dll| %r{/usr/lib/lib(crypto|ssl|tls)\..*dylib}.match dll }
  end
  return if system_openssl.empty?

  <<~EOS
    object files were linked against system openssl
    These object files were linked against the deprecated system OpenSSL or
    the system's private LibreSSL.
    Adding `depends_on "openssl"` to the formula may help.
      #{system_openssl * "\n  "}
  EOS
end

#check_plist(prefix, plist) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
 
# File 'formula_cellar_checks.rb', line 231

def check_plist(prefix, plist)
  return unless prefix.directory?

  plist = begin
    Plist.parse_xml(plist)
  rescue
    nil
  end
  return if plist.blank?

  program_location = plist["ProgramArguments"]&.first
  key = "first ProgramArguments value"
  if program_location.blank?
    program_location = plist["Program"]
    key = "Program"
  end
  return if program_location.blank?

  Dir.chdir("/") do
    unless File.exist?(program_location)
      return <<~EOS
        The plist "#{key}" does not exist:
          #{program_location}
      EOS
    end

    return if File.executable?(program_location)
  end

  <<~EOS
    The plist "#{key}" is not executable:
      #{program_location}
  EOS
end

#check_python_framework_links(lib) ⇒ Object 



48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'extend/os/mac/formula_cellar_checks.rb', line 48

def check_python_framework_links(lib)
  python_modules = Pathname.glob lib/"python*/site-packages/**/*.so"
  framework_links = python_modules.select do |obj|
    dlls = obj.dynamically_linked_libraries
    dlls.any? { |dll| /Python\.framework/.match dll }
  end
  return if framework_links.empty?

  <<~EOS
    python modules have explicit framework links
    These python extension modules were linked directly to a Python
    framework binary. They should be linked with -undefined dynamic_lookup
    instead of -lpython or -framework Python.
      #{framework_links * "\n  "}
  EOS
end

#check_python_packages(lib, deps) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
 
# File 'formula_cellar_checks.rb', line 172

def check_python_packages(lib, deps)
  return unless lib.directory?

  lib_subdirs = lib.children
                   .select(&:directory?)
                   .map(&:basename)

  pythons = lib_subdirs.map do |p|
    match = p.to_s.match(/^python(\d+\.\d+)$/)
    next if match.blank?
    next if match.captures.blank?

    match.captures.first
  end.compact

  return if pythons.blank?

  python_deps = deps.map(&:name)
                    .grep(/^python(@.*)?$/)
                    .map { |d| Formula[d].version.to_s[/^\d+\.\d+/] }
                    .compact

  return if python_deps.blank?
  return if pythons.any? { |v| python_deps.include? v }

  pythons = pythons.map { |v| "Python #{v}" }
  python_deps = python_deps.map { |v| "Python #{v}" }

  <<~EOS
    Packages have been installed for:
      #{pythons * "\n  "}
    but this formula depends on:
      #{python_deps * "\n  "}
  EOS
end

#check_python_symlinks(name, keg_only) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



266
267
268
269
270
271
272
273
274
275
276
 
# File 'formula_cellar_checks.rb', line 266

def check_python_symlinks(name, keg_only)
  return unless keg_only
  return unless name.start_with? "python"

  return if %w[pip3 wheel3].none? do |l|
    link = HOMEBREW_PREFIX/"bin"/l
    link.exist? && File.realpath(link).start_with?(HOMEBREW_CELLAR/name)
  end

  "Python formulae that are keg-only should not create `pip3` and `wheel3` symlinks."
end

#check_service_command(formula) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



278
279
280
281
282
283
284
285
 
# File 'formula_cellar_checks.rb', line 278

def check_service_command(formula)
  return unless formula.prefix.directory?
  return unless formula.service?

  return "Service command blank" if formula.service.command.blank?

  "Service command does not exist" unless File.exist?(formula.service.command.first)
end

#check_shadowed_headersObject 



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'extend/os/mac/formula_cellar_checks.rb', line 8

def check_shadowed_headers
  return if ["libtool", "subversion", "berkeley-db"].any? do |formula_name|
    formula.name.start_with?(formula_name)
  end

  return if formula.name&.match?(Version.formula_optionally_versioned_regex(:php))
  return if formula.keg_only? || !formula.include.directory?

  files  = relative_glob(formula.include, "**/*.h")
  files &= relative_glob("#{MacOS.sdk_path}/usr/include", "**/*.h")
  files.map! { |p| File.join(formula.include, p) }

  return if files.empty?

  <<~EOS
    Header files that shadow system header files were installed to "#{formula.include}"
    The offending files are:
      #{files * "\n  "}
  EOS
end

#check_shim_references(prefix) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
 
# File 'formula_cellar_checks.rb', line 208

def check_shim_references(prefix)
  return unless prefix.directory?

  keg = Keg.new(prefix)

  matches = []
  keg.each_unique_file_matching(HOMEBREW_SHIMS_PATH) do |f|
    match = f.relative_path_from(keg.to_path)

    next if match.to_s.match? %r{^share/doc/.+?/INFO_BIN$}

    matches << match
  end

  return if matches.empty?

  <<~EOS
    Files were found with references to the Homebrew shims directory.
    The offending files are:
      #{matches * "\n  "}
  EOS
end

#valid_library_extension?(filename) ⇒ Boolean Also known as: generic_valid_library_extension?

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:

  • (Boolean) 


7
8
9
10
 
# File 'extend/os/linux/formula_cellar_checks.rb', line 7

def valid_library_extension?(filename)
  macos_lib_extensions = %w[.dylib .framework]
  generic_valid_library_extension?(filename) || macos_lib_extensions.include?(filename.extname)
end