Module: OS::Mac::Keg Private

Extended by:

T::Helpers

Includes:

SystemCommand::Mixin

Included in:

Keg

Defined in:

extend/os/mac/keg.rb,
extend/os/mac/keg_relocate.rb

This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.

Defined Under Namespace

Modules: ClassMethods

Constant Summary

VARIABLE_REFERENCE_RX =

This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

T.let(/^@(loader_|executable_|r)path/, Regexp)

FRAMEWORK_RX =

This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

Matches framework references like XXX.framework/Versions/YYY/XXX and XXX.framework/XXX, both with or without a slash-delimited prefix.

%r{(?:^|/)(([^/]+)\.framework/(?:Versions/[^/]+/)?\2)$}

Instance Method Summary

• #binary_executable_or_library_files ⇒ Object
• #codesign_patched_binary(file) ⇒ Object
• #consistent_reproducible_symlink_permissions! ⇒ Object private

  Needed to make symlink permissions consistent on macOS and Linux for reproducible bottles.

• #dylib_id_for(file) ⇒ String private
• #each_linkage_for(file, linkage_type, resolve_variable_references: false, &block) ⇒ void private
• #egrep_args ⇒ Array<(String, String)> private
• #find_dylib(bad_name) ⇒ Pathname^? private
• #find_dylib_suffix_from(bad_name) ⇒ String private
• #fix_dynamic_linkage ⇒ void private
• #fixed_name(file, bad_name) ⇒ String private

  If file is a dylib or bundle itself, look for the dylib named by bad_name relative to the lib directory, so that we can skip the more expensive recursive search if possible.

• #loader_name_for(file, target) ⇒ String private
• #mach_o_files ⇒ Array<Pathname> private
• #prepare_codesign_writable_files(file) ⇒ Object
• #prepare_debug_symbols ⇒ Object
• #prepare_relocation_to_locations ⇒ ::Keg::Relocation private
• #recursive_fgrep_args ⇒ String private
• #relocate_dynamic_linkage(relocation, skip_protodesc_cold: false) ⇒ void private
• #relocated_name_for(old_name, relocation) ⇒ String^? private

Methods included from SystemCommand::Mixin

#system_command, #system_command!

Instance Method Details

#binary_executable_or_library_files ⇒ Object

# File 'extend/os/mac/keg.rb', line 38

def binary_executable_or_library_files = mach_o_files

#codesign_patched_binary(file) ⇒ Object

# File 'extend/os/mac/keg.rb', line 40

def codesign_patched_binary(file)
  return if MacOS.version < :big_sur

  unless ::Hardware::CPU.arm?
    result = system_command("codesign", args: ["--verify", file], print_stderr: false)
    return unless result.stderr.match?(/invalid signature/i)
  end

  odebug "Codesigning #{file}"
  prepare_codesign_writable_files(file) do
    # Use quiet_system to squash notifications about resigning binaries
    # which already have valid signatures.
    return if quiet_system("codesign", "--sign", "-", "--force",
                           "--preserve-metadata=entitlements,requirements,flags,runtime",
                           file)

    # If the codesigning fails, it may be a bug in Apple's codesign utility
    # A known workaround is to copy the file to another inode, then move it back
    # erasing the previous file. Then sign again.
    #
    # TODO: remove this once the bug in Apple's codesign utility is fixed
    Dir::Tmpname.create("workaround") do |tmppath|
      FileUtils.cp file, tmppath
      FileUtils.mv tmppath, file, force: true
    end

    # Try signing again
    odebug "Codesigning (2nd try) #{file}"
    result = system_command("codesign", args: [
      "--sign", "-", "--force",
      "--preserve-metadata=entitlements,requirements,flags,runtime",
      file
    ], print_stderr: false)
    return if result.success?

    # If it fails again, error out
    onoe <<~EOS
      Failed applying an ad-hoc signature to #{file}:
      #{result.stderr}
    EOS
  end
end

#consistent_reproducible_symlink_permissions! ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Needed to make symlink permissions consistent on macOS and Linux for reproducible bottles.

# File 'extend/os/mac/keg.rb', line 121

def consistent_reproducible_symlink_permissions!
  path.find do |file|
    File.lchmod 0777, file if file.symlink?
  end
end

#dylib_id_for(file) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• file (Pathname)

Returns:

• (String)

# File 'extend/os/mac/keg_relocate.rb', line 150

def dylib_id_for(file)
  # Swift dylib IDs should be /usr/lib/swift
  return file.dylib_id if file.dylib_id.start_with?("/usr/lib/swift/libswift")

  # The new dylib ID should have the same basename as the old dylib ID, not
  # the basename of the file itself.
  basename = File.basename(file.dylib_id)
  relative_dirname = file.dirname.relative_path_from(path)
  (opt_record/relative_dirname/basename).to_s
end

#each_linkage_for(file, linkage_type, resolve_variable_references: false, &block) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• file (Pathname)
• linkage_type (Symbol)
• resolve_variable_references (Boolean) (defaults to: false)
• block (T.proc.params(arg0: String).void)

# File 'extend/os/mac/keg_relocate.rb', line 143

def each_linkage_for(file, linkage_type, resolve_variable_references: false, &block)
  file.public_send(linkage_type, resolve_variable_references:)
      .grep_v(VARIABLE_REFERENCE_RX)
      .each(&block)
end

#egrep_args ⇒ Array<(String, String)>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Array<(String, String)>)

# File 'extend/os/mac/keg_relocate.rb', line 247

def egrep_args
  grep_bin = "egrep"
  grep_args = "--files-with-matches"
  [grep_bin, grep_args]
end

#find_dylib(bad_name) ⇒ Pathname^?

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• bad_name (String)

Returns:

• (Pathname, nil)

# File 'extend/os/mac/keg_relocate.rb', line 187

def find_dylib(bad_name)
  return unless lib.directory?

  suffix = "/#{find_dylib_suffix_from(bad_name)}"
  lib.find { |pn| break pn if pn.to_s.end_with?(suffix) }
end

#find_dylib_suffix_from(bad_name) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• bad_name (String)

Returns:

• (String)

# File 'extend/os/mac/keg_relocate.rb', line 178

def find_dylib_suffix_from(bad_name)
  if (framework = bad_name.match(FRAMEWORK_RX))
    T.must(framework[1])
  else
    File.basename(bad_name)
  end
end

#fix_dynamic_linkage ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

# File 'extend/os/mac/keg_relocate.rb', line 56

def fix_dynamic_linkage
  mach_o_files.each do |file|
    file.ensure_writable do
      modified = T.let(false, T::Boolean)
      needs_codesigning = T.let(false, T::Boolean)

      modified = change_dylib_id(dylib_id_for(file), file) if file.dylib?
      needs_codesigning ||= modified

      each_linkage_for(file, :dynamically_linked_libraries) do |bad_name|
        # Don't fix absolute paths unless they are rooted in the build directory.
        new_name = if bad_name.start_with?("/") && !rooted_in_build_directory?(bad_name)
          bad_name
        else
          fixed_name(file, bad_name)
        end
        loader_name = loader_name_for(file, new_name)
        modified = change_install_name(bad_name, loader_name, file) if loader_name != bad_name
        needs_codesigning ||= modified
      end

      each_linkage_for(file, :rpaths) do |bad_name|
        new_name = opt_name_for(bad_name)
        loader_name = loader_name_for(file, new_name)
        next if loader_name == bad_name

        modified = change_rpath(bad_name, loader_name, file)
        needs_codesigning ||= modified
      end

      # Strip duplicate rpaths and rpaths rooted in the build directory.
      # We do this separately from the rpath relocation above to avoid
      # failing to relocate an rpath whose variable duplicate we deleted.
      each_linkage_for(file, :rpaths, resolve_variable_references: true) do |bad_name|
        next if !rooted_in_build_directory?(bad_name) && file.rpaths.count(bad_name) == 1

        modified = delete_rpath(bad_name, file)
        needs_codesigning ||= modified
      end

      # codesign the file if needed
      codesign_patched_binary(file) if needs_codesigning
    end
  end

  super
end

#fixed_name(file, bad_name) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

If file is a dylib or bundle itself, look for the dylib named by bad_name relative to the lib directory, so that we can skip the more expensive recursive search if possible.

Parameters:

• file (Pathname)
• bad_name (String)

Returns:

• (String)

# File 'extend/os/mac/keg_relocate.rb', line 121

def fixed_name(file, bad_name)
  if bad_name.start_with? ::Keg::PREFIX_PLACEHOLDER
    bad_name.sub(::Keg::PREFIX_PLACEHOLDER, HOMEBREW_PREFIX)
  elsif bad_name.start_with? ::Keg::CELLAR_PLACEHOLDER
    bad_name.sub(::Keg::CELLAR_PLACEHOLDER, HOMEBREW_CELLAR)
  elsif (file.dylib? || file.mach_o_bundle?) && (file.dirname/bad_name).exist?
    "@loader_path/#{bad_name}"
  elsif file.mach_o_executable? && (lib/bad_name).exist?
    "#{lib}/#{bad_name}"
  elsif file.mach_o_executable? && (libexec/"lib"/bad_name).exist?
    "#{libexec}/lib/#{bad_name}"
  elsif (abs_name = find_dylib(bad_name)) && abs_name.exist?
    abs_name.to_s
  else
    opoo "Could not fix #{bad_name} in #{file}"
    bad_name
  end
end

#loader_name_for(file, target) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• file (Pathname)
• target (String)

Returns:

• (String)

# File 'extend/os/mac/keg_relocate.rb', line 105

def loader_name_for(file, target)
  # Use @loader_path-relative install names for other Homebrew-installed binaries.
  if ENV["HOMEBREW_RELOCATABLE_INSTALL_NAMES"] && target.start_with?(HOMEBREW_PREFIX)
    dylib_suffix = find_dylib_suffix_from(target)
    target_dir = Pathname.new(target.delete_suffix(dylib_suffix)).cleanpath

    "@loader_path/#{target_dir.relative_path_from(file.dirname)/dylib_suffix}"
  else
    target
  end
end

#mach_o_files ⇒ Array<Pathname>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Array<Pathname>)

# File 'extend/os/mac/keg_relocate.rb', line 195

def mach_o_files
  hardlinks = Set.new
  mach_o_files = []
  path.find do |pn|
    next if pn.symlink? || pn.directory?
    next if !pn.dylib? && !pn.mach_o_bundle? && !pn.mach_o_executable?
    # if we've already processed a file, ignore its hardlinks (which have the same dev ID and inode)
    # this prevents relocations from being performed on a binary more than once
    next unless hardlinks.add? [pn.stat.dev, pn.stat.ino]

    mach_o_files << pn
  end

  mach_o_files
end

#prepare_codesign_writable_files(file) ⇒ Object

# File 'extend/os/mac/keg.rb', line 83

def prepare_codesign_writable_files(file)
  result = system_command("codesign", args: [
    "--display", "--file-list", "-", file
  ], print_stderr: false)
  return unless result.success?

  files = result.stdout.lines.map { |f| Pathname(f.chomp) }
  saved_perms = {}
  files.each do |f|
    unless f.writable?
      saved_perms[f] = f.stat.mode
      FileUtils.chmod "u+rw", f.to_path
    end
  end
  yield
ensure
  saved_perms&.each do |f, p|
    f.chmod p if p
  end
end

#prepare_debug_symbols ⇒ Object

# File 'extend/os/mac/keg.rb', line 104

def prepare_debug_symbols
  binary_executable_or_library_files.each do |file|
    odebug "Extracting symbols #{file}"

    result = system_command("dsymutil", args: [file], print_stderr: false)
    next if result.success?

    # If it fails again, error out
    ofail <<~EOS
      Failed to extract symbols from #{file}:
      #{result.stderr}
    EOS
  end
end

#prepare_relocation_to_locations ⇒ ::Keg::Relocation

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (::Keg::Relocation)

# File 'extend/os/mac/keg_relocate.rb', line 212

def prepare_relocation_to_locations
  relocation = super

  brewed_perl = runtime_dependencies&.any? { |dep| dep["full_name"] == "perl" && dep["declared_directly"] }
  perl_path = if brewed_perl || name == "perl"
    "#{HOMEBREW_PREFIX}/opt/perl/bin/perl"
  elsif tab.built_on.present?
    perl_path = "/usr/bin/perl#{tab.built_on["preferred_perl"]}"

    # For `:all` bottles, we could have built this bottle with a Perl we don't have.
    # Such bottles typically don't have strict version requirements.
    perl_path = "/usr/bin/perl#{MacOS.preferred_perl_version}" unless File.exist?(perl_path)

    perl_path
  else
    "/usr/bin/perl#{MacOS.preferred_perl_version}"
  end
  relocation.add_replacement_pair(:perl, ::Keg::PERL_PLACEHOLDER, perl_path)

  if (openjdk = openjdk_dep_name_if_applicable)
    openjdk_path = HOMEBREW_PREFIX/"opt"/openjdk/"libexec/openjdk.jdk/Contents/Home"
    relocation.add_replacement_pair(:java, ::Keg::JAVA_PLACEHOLDER, openjdk_path.to_s)
  end

  relocation
end

#recursive_fgrep_args ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (String)

# File 'extend/os/mac/keg_relocate.rb', line 240

def recursive_fgrep_args
  # Don't recurse into symlinks; the man page says this is the default, but
  # it's wrong. -O is a BSD-grep-only option.
  "-lrO"
end

#relocate_dynamic_linkage(relocation, skip_protodesc_cold: false) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• relocation (::Keg::Relocation)
• skip_protodesc_cold (Boolean) (defaults to: false)

# File 'extend/os/mac/keg_relocate.rb', line 25

def relocate_dynamic_linkage(relocation, skip_protodesc_cold: false)
  mach_o_files.each do |file|
    file.ensure_writable do
      modified = T.let(false, T::Boolean)
      needs_codesigning = T.let(false, T::Boolean)

      if file.dylib?
        id = relocated_name_for(file.dylib_id, relocation)
        modified = change_dylib_id(id, file) if id
        needs_codesigning ||= modified
      end

      each_linkage_for(file, :dynamically_linked_libraries) do |old_name|
        new_name = relocated_name_for(old_name, relocation)
        modified = change_install_name(old_name, new_name, file) if new_name
        needs_codesigning ||= modified
      end

      each_linkage_for(file, :rpaths) do |old_name|
        new_name = relocated_name_for(old_name, relocation)
        modified = change_rpath(old_name, new_name, file) if new_name
        needs_codesigning ||= modified
      end

      # codesign the file if needed
      codesign_patched_binary(file) if needs_codesigning
    end
  end
end

#relocated_name_for(old_name, relocation) ⇒ String^?

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• old_name (String)
• relocation (::Keg::Relocation)

Returns:

• (String, nil)

# File 'extend/os/mac/keg_relocate.rb', line 162

def relocated_name_for(old_name, relocation)
  old_prefix, new_prefix = relocation.replacement_pair_for(:prefix)
  old_cellar, new_cellar = relocation.replacement_pair_for(:cellar)

  if old_name.start_with? old_cellar
    old_name.sub(old_cellar, new_cellar)
  elsif old_name.start_with? old_prefix
    old_name.sub(old_prefix, new_prefix)
  end
end