Module: OS::Mac::Keg Private

Extended by:
T::Helpers
Includes:
SystemCommand::Mixin
Included in:
Keg
Defined in:
extend/os/mac/keg.rb,
extend/os/mac/keg_relocate.rb

This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.

Defined Under Namespace

Modules: ClassMethods

Constant Summary collapse

VARIABLE_REFERENCE_RX =

This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning. 

/^@(loader_|executable_|r)path/
FRAMEWORK_RX =

This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

Matches framework references like XXX.framework/Versions/YYY/XXX and XXX.framework/XXX, both with or without a slash-delimited prefix.

%r{(?:^|/)(([^/]+)\.framework/(?:Versions/[^/]+/)?\2)$}

Instance Method Summary collapse

Methods included from SystemCommand::Mixin

#system_command, #system_command!

Instance Method Details

#binary_executable_or_library_filesObject 



38
 
# File 'extend/os/mac/keg.rb', line 38

def binary_executable_or_library_files = mach_o_files

#codesign_patched_binary(file) ⇒ Object 



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'extend/os/mac/keg.rb', line 40

def codesign_patched_binary(file)
  return if MacOS.version < :big_sur

  unless ::Hardware::CPU.arm?
    result = system_command("codesign", args: ["--verify", file], print_stderr: false)
    return unless result.stderr.match?(/invalid signature/i)
  end

  odebug "Codesigning #{file}"
  prepare_codesign_writable_files(file) do
    # Use quiet_system to squash notifications about resigning binaries
    # which already have valid signatures.
    return if quiet_system("codesign", "--sign", "-", "--force",
                           "--preserve-metadata=entitlements,requirements,flags,runtime",
                           file)

    # If the codesigning fails, it may be a bug in Apple's codesign utility
    # A known workaround is to copy the file to another inode, then move it back
    # erasing the previous file. Then sign again.
    #
    # TODO: remove this once the bug in Apple's codesign utility is fixed
    Dir::Tmpname.create("workaround") do |tmppath|
      FileUtils.cp file, tmppath
      FileUtils.mv tmppath, file, force: true
    end

    # Try signing again
    odebug "Codesigning (2nd try) #{file}"
    result = system_command("codesign", args: [
      "--sign", "-", "--force",
      "--preserve-metadata=entitlements,requirements,flags,runtime",
      file
    ], print_stderr: false)
    return if result.success?

    # If it fails again, error out
    onoe <<~EOS
      Failed applying an ad-hoc signature to #{file}:
      #{result.stderr}
    EOS
  end
end

#consistent_reproducible_symlink_permissions!Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Needed to make symlink permissions consistent on macOS and Linux for reproducible bottles.



121
122
123
124
125
 
# File 'extend/os/mac/keg.rb', line 121

def consistent_reproducible_symlink_permissions!
  path.find do |file|
    File.lchmod 0777, file if file.symlink?
  end
end

#dylib_id_for(file) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



143
144
145
146
147
148
149
 
# File 'extend/os/mac/keg_relocate.rb', line 143

def dylib_id_for(file)
  # The new dylib ID should have the same basename as the old dylib ID, not
  # the basename of the file itself.
  basename = File.basename(file.dylib_id)
  relative_dirname = file.dirname.relative_path_from(path)
  (opt_record/relative_dirname/basename).to_s
end

#each_linkage_for(file, linkage_type, resolve_variable_references: false, &block) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



137
138
139
140
141
 
# File 'extend/os/mac/keg_relocate.rb', line 137

def each_linkage_for(file, linkage_type, resolve_variable_references: false, &block)
  file.public_send(linkage_type, resolve_variable_references:)
      .grep_v(VARIABLE_REFERENCE_RX)
      .each(&block)
end

#egrep_argsObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



230
231
232
233
234
 
# File 'extend/os/mac/keg_relocate.rb', line 230

def egrep_args
  grep_bin = "egrep"
  grep_args = "--files-with-matches"
  [grep_bin, grep_args]
end

#find_dylib(bad_name) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



174
175
176
177
178
179
 
# File 'extend/os/mac/keg_relocate.rb', line 174

def find_dylib(bad_name)
  return unless lib.directory?

  suffix = "/#{find_dylib_suffix_from(bad_name)}"
  lib.find { |pn| break pn if pn.to_s.end_with?(suffix) }
end

#find_dylib_suffix_from(bad_name) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



166
167
168
169
170
171
172
 
# File 'extend/os/mac/keg_relocate.rb', line 166

def find_dylib_suffix_from(bad_name)
  if (framework = bad_name.match(FRAMEWORK_RX))
    framework[1]
  else
    File.basename(bad_name)
  end
end

#fix_dynamic_linkageObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
 
# File 'extend/os/mac/keg_relocate.rb', line 53

def fix_dynamic_linkage
  mach_o_files.each do |file|
    file.ensure_writable do
      modified = T.let(false, T::Boolean)
      needs_codesigning = T.let(false, T::Boolean)

      modified = change_dylib_id(dylib_id_for(file), file) if file.dylib?
      needs_codesigning ||= modified

      each_linkage_for(file, :dynamically_linked_libraries) do |bad_name|
        # Don't fix absolute paths unless they are rooted in the build directory.
        new_name = if bad_name.start_with?("/") && !rooted_in_build_directory?(bad_name)
          bad_name
        else
          fixed_name(file, bad_name)
        end
        loader_name = loader_name_for(file, new_name)
        modified = change_install_name(bad_name, loader_name, file) if loader_name != bad_name
        needs_codesigning ||= modified
      end

      each_linkage_for(file, :rpaths) do |bad_name|
        new_name = opt_name_for(bad_name)
        loader_name = loader_name_for(file, new_name)
        next if loader_name == bad_name

        modified = change_rpath(bad_name, loader_name, file)
        needs_codesigning ||= modified
      end

      # Strip duplicate rpaths and rpaths rooted in the build directory.
      # We do this separately from the rpath relocation above to avoid
      # failing to relocate an rpath whose variable duplicate we deleted.
      each_linkage_for(file, :rpaths, resolve_variable_references: true) do |bad_name|
        next if !rooted_in_build_directory?(bad_name) && file.rpaths.count(bad_name) == 1

        modified = delete_rpath(bad_name, file)
        needs_codesigning ||= modified
      end

      # codesign the file if needed
      codesign_patched_binary(file) if needs_codesigning
    end
  end

  generic_fix_dynamic_linkage
end

#fixed_name(file, bad_name) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

If file is a dylib or bundle itself, look for the dylib named by bad_name relative to the lib directory, so that we can skip the more expensive recursive search if possible.



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
# File 'extend/os/mac/keg_relocate.rb', line 116

def fixed_name(file, bad_name)
  if bad_name.start_with? ::Keg::PREFIX_PLACEHOLDER
    bad_name.sub(::Keg::PREFIX_PLACEHOLDER, HOMEBREW_PREFIX)
  elsif bad_name.start_with? ::Keg::CELLAR_PLACEHOLDER
    bad_name.sub(::Keg::CELLAR_PLACEHOLDER, HOMEBREW_CELLAR)
  elsif (file.dylib? || file.mach_o_bundle?) && (file.dirname/bad_name).exist?
    "@loader_path/#{bad_name}"
  elsif file.mach_o_executable? && (lib/bad_name).exist?
    "#{lib}/#{bad_name}"
  elsif file.mach_o_executable? && (libexec/"lib"/bad_name).exist?
    "#{libexec}/lib/#{bad_name}"
  elsif (abs_name = find_dylib(bad_name)) && abs_name.exist?
    abs_name.to_s
  else
    opoo "Could not fix #{bad_name} in #{file}"
    bad_name
  end
end

#loader_name_for(file, target) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



101
102
103
104
105
106
107
108
109
110
111
 
# File 'extend/os/mac/keg_relocate.rb', line 101

def loader_name_for(file, target)
  # Use @loader_path-relative install names for other Homebrew-installed binaries.
  if ENV["HOMEBREW_RELOCATABLE_INSTALL_NAMES"] && target.start_with?(HOMEBREW_PREFIX)
    dylib_suffix = find_dylib_suffix_from(target)
    target_dir = Pathname.new(target.delete_suffix(dylib_suffix)).cleanpath

    "@loader_path/#{target_dir.relative_path_from(file.dirname)/dylib_suffix}"
  else
    target
  end
end

#mach_o_filesObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'extend/os/mac/keg_relocate.rb', line 181

def mach_o_files
  hardlinks = Set.new
  mach_o_files = []
  path.find do |pn|
    next if pn.symlink? || pn.directory?
    next if !pn.dylib? && !pn.mach_o_bundle? && !pn.mach_o_executable?
    # if we've already processed a file, ignore its hardlinks (which have the same dev ID and inode)
    # this prevents relocations from being performed on a binary more than once
    next unless hardlinks.add? [pn.stat.dev, pn.stat.ino]

    mach_o_files << pn
  end

  mach_o_files
end

#prepare_codesign_writable_files(file) ⇒ Object 



83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'extend/os/mac/keg.rb', line 83

def prepare_codesign_writable_files(file)
  result = system_command("codesign", args: [
    "--display", "--file-list", "-", file
  ], print_stderr: false)
  return unless result.success?

  files = result.stdout.lines.map { |f| Pathname(f.chomp) }
  saved_perms = {}
  files.each do |f|
    unless f.writable?
      saved_perms[f] = f.stat.mode
      FileUtils.chmod "u+rw", f.to_path
    end
  end
  yield
ensure
  saved_perms&.each do |f, p|
    f.chmod p if p
  end
end

#prepare_debug_symbolsObject 



104
105
106
107
108
109
110
111
112
113
114
115
116
117
 
# File 'extend/os/mac/keg.rb', line 104

def prepare_debug_symbols
  binary_executable_or_library_files.each do |file|
    odebug "Extracting symbols #{file}"

    result = system_command("dsymutil", args: [file], print_stderr: false)
    next if result.success?

    # If it fails again, error out
    ofail <<~EOS
      Failed to extract symbols from #{file}:
      #{result.stderr}
    EOS
  end
end

#prepare_relocation_to_locationsObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
 
# File 'extend/os/mac/keg_relocate.rb', line 197

def prepare_relocation_to_locations
  relocation = generic_prepare_relocation_to_locations

  brewed_perl = runtime_dependencies&.any? { |dep| dep["full_name"] == "perl" && dep["declared_directly"] }
  perl_path = if brewed_perl || name == "perl"
    "#{HOMEBREW_PREFIX}/opt/perl/bin/perl"
  elsif tab.built_on.present?
    perl_path = "/usr/bin/perl#{tab.built_on["preferred_perl"]}"

    # For `:all` bottles, we could have built this bottle with a Perl we don't have.
    # Such bottles typically don't have strict version requirements.
    perl_path = "/usr/bin/perl#{MacOS.preferred_perl_version}" unless File.exist?(perl_path)

    perl_path
  else
    "/usr/bin/perl#{MacOS.preferred_perl_version}"
  end
  relocation.add_replacement_pair(:perl, ::Keg::PERL_PLACEHOLDER, perl_path)

  if (openjdk = openjdk_dep_name_if_applicable)
    openjdk_path = HOMEBREW_PREFIX/"opt"/openjdk/"libexec/openjdk.jdk/Contents/Home"
    relocation.add_replacement_pair(:java, ::Keg::JAVA_PLACEHOLDER, openjdk_path.to_s)
  end

  relocation
end

#recursive_fgrep_argsObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



224
225
226
227
228
 
# File 'extend/os/mac/keg_relocate.rb', line 224

def recursive_fgrep_args
  # Don't recurse into symlinks; the man page says this is the default, but
  # it's wrong. -O is a BSD-grep-only option.
  "-lrO"
end

#relocate_dynamic_linkage(relocation) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'extend/os/mac/keg_relocate.rb', line 23

def relocate_dynamic_linkage(relocation)
  mach_o_files.each do |file|
    file.ensure_writable do
      modified = T.let(false, T::Boolean)
      needs_codesigning = T.let(false, T::Boolean)

      if file.dylib?
        id = relocated_name_for(file.dylib_id, relocation)
        modified = change_dylib_id(id, file)
        needs_codesigning ||= modified
      end

      each_linkage_for(file, :dynamically_linked_libraries) do |old_name|
        new_name = relocated_name_for(old_name, relocation)
        modified = change_install_name(old_name, new_name, file) if new_name
        needs_codesigning ||= modified
      end

      each_linkage_for(file, :rpaths) do |old_name|
        new_name = relocated_name_for(old_name, relocation)
        modified = change_rpath(old_name, new_name, file) if new_name
        needs_codesigning ||= modified
      end

      # codesign the file if needed
      codesign_patched_binary(file) if needs_codesigning
    end
  end
end

#relocated_name_for(old_name, relocation) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning. 



151
152
153
154
155
156
157
158
159
160
 
# File 'extend/os/mac/keg_relocate.rb', line 151

def relocated_name_for(old_name, relocation)
  old_prefix, new_prefix = relocation.replacement_pair_for(:prefix)
  old_cellar, new_cellar = relocation.replacement_pair_for(:cellar)

  if old_name.start_with? old_cellar
    old_name.sub(old_cellar, new_cellar)
  elsif old_name.start_with? old_prefix
    old_name.sub(old_prefix, new_prefix)
  end
end