-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cask/audit: add audit_min_os #16013
cask/audit: add audit_min_os #16013
Conversation
Library/Homebrew/cask/audit.rb
Outdated
def audit_min_os | ||
odebug "Auditing minimum OS version" | ||
|
||
sparkle_min_os = audit_livecheck_min_os | ||
plist_min_os = audit_plist_min_os | ||
min_os_string = [sparkle_min_os, plist_min_os].max |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Worth noting that this will run as three audits as each audit is automatically run via looking for audit_
-prefixed methods. It seems the intention here is to have one audit that calls these two methods, in which case you will have to rename these to something different and just have audit_min_os
with the audit_
prefix
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just out of curiosity, do you have guesstimates for the number of casks that will fail this audit and how long it will take to run on average? I believe the cask repo runs online audits by default, right?
Library/Homebrew/cask/audit.rb
Outdated
path = tmpdir/artifact_path.relative_path_from(cask.staged_path) | ||
|
||
next unless path.exist? | ||
|
||
plist_path = "#{path}/Contents/Info.plist" | ||
next unless File.exist?(plist_path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: We probably don't need the path check if we're checking for the existence of the file later on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There will probably be a large number of failures, since up until now we've only had an audit for Sparkle. Everything else has either been checking the .plist manually when the cask is added or referring to documentation.
I'm incorporating the comments made by people, but also slowly going through casks and updating min_os versions. If we end up implementing something akin to this audit, I think the effort required to update all the casks won't be trivial. Number of casks affected: Time to run:
|
Thanks for the benchmarks. It doesn't look like it'll be a performance problem. Like you already noted the number of casks this affects is large enough that it will take a lot of work to update all of them. Maybe it'd be better to just apply this to new cask updates so that we can ship it faster and then maybe enable it for all casks later on as a follow-up. |
This makes the most sense. Once it's merged we can create a tracking issue like we've done for our other projects of this scale. |
Agreed. I think making it a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good so far! Have some mild performance concerns but they aren't necessarily specific to this check so could be non-blocking if you'd rather tackle them later.
artifacts.each do |artifact| | ||
artifact_path = artifact.is_a?(Artifact::Pkg) ? artifact.path : artifact.source | ||
path = tmpdir/artifact_path.relative_path_from(cask.staged_path) | ||
plist_path = "#{path}/Contents/Info.plist" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this somehow be the only file that's extracted?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's some overlap between this method and audit_signing
and perhaps it could make sense to have a common method for both? Otherwise, I'm happy to take a look at fixing this later on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@razvanazamfirei any more thoughts on this? I don't know if there's decent enough support in these classes for partial extraction, ok if not, but nice to avoid extracting the entire archive if we can avoid it.
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
artifacts.each do |artifact| | ||
artifact_path = artifact.is_a?(Artifact::Pkg) ? artifact.path : artifact.source | ||
path = tmpdir/artifact_path.relative_path_from(cask.staged_path) | ||
plist_path = "#{path}/Contents/Info.plist" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@razvanazamfirei any more thoughts on this? I don't know if there's decent enough support in these classes for partial extraction, ok if not, but nice to avoid extracting the entire archive if we can avoid it.
Library/Homebrew/cask/audit.rb
Outdated
sparkle_min_os = livecheck_min_os | ||
plist_min_os = cask_plist_min_os | ||
odebug "Minimum OS version: Plist #{plist_min_os} | Sparkle #{sparkle_min_os.inspect}" | ||
min_os_string = [sparkle_min_os, plist_min_os].compact.max |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think .max
will work like how you want/expect on two strings. You probably need to do Version.new
on them both and then compare them instead. String version comparisons can look like they work sometimes but are not worth relying on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@MikeMcQuaid, I did not find great support for the partial extraction. I tried to deduplicate the extraction operation that was duplicated in the signing audit and the minimum OS audit.
Both livecheck_min_os and plist_min_os are a MacOSVersion
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks again @razvanazamfirei, sorry for all the rounds of review!
brew style
with your changes locally?brew typecheck
with your changes locally?brew tests
with your changes locally?This PR adds an audit to ensure that the minimum macOS version specified in the cask matches the minimum macOS version specified by the developer.
It does so by:
audit_livecheck_min_os
to obtain the sparkle version information.audit_plist_min_os
to extract the version information fromInfo.plist
.Note: This will break a lot of casks.