Skip to content

executables_db: avoid Formula#all #135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 23, 2023
Merged

executables_db: avoid Formula#all #135

merged 3 commits into from
Oct 23, 2023

Conversation

woodruffw
Copy link
Member

Instead, collect all formulae from their taps, then load them explicitly via Formulary.

This should fix #133.

@woodruffw
executables_db: avoid Formula#all
3a5acfb 
Instead, collect all formulae from their taps, then load them
explicitly via `Formulary`.

This should fix Homebrew#133.
@woodruffw woodruffw mentioned this pull request Aug 16, 2023
Closed
@github-actions
Copy link

github-actions bot commented Sep 7, 2023

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@github-actions github-actions bot added the stale label Sep 7, 2023
@woodruffw
Copy link
Member Author

Not stale.

@github-actions github-actions bot removed the stale label Sep 7, 2023
@github-actions
Copy link

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@github-actions github-actions bot added the stale label Sep 29, 2023
@woodruffw
Copy link
Member Author

Not stale.

@github-actions github-actions bot removed the stale label Sep 29, 2023
MikeMcQuaid
MikeMcQuaid reviewed Oct 6, 2023
View reviewed changes
Copy link
Member

@MikeMcQuaid MikeMcQuaid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for the long delay here. Have watched this repo.

lib/executables_db.rb Outdated

name = f.full_name
Tap.each do |tap|
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@woodruffw Probably want to limit this to official taps only without --eval-all or just require --eval-all or HOMEBREW_EVAL_ALL to be passed to the relevant commands?

For context: the concern here is arbitrary Ruby execution from untrusted taps/formulae.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, good call -- I'll have some time to update here in the coming days 🙂

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@woodruffw Gentle nudge

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the nudge, looking again today 😅

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

brew which-update now takes --eval-all, which is disabled by default (meaning that, by default, only CoreTap.instance is used).

@woodruffw
add --eval-all, only eval core by default
656af5e 
Signed-off-by: William Woodruff <[email protected]>
@woodruffw
lintage
a565eb7 
Signed-off-by: William Woodruff <[email protected]>
@MikeMcQuaid MikeMcQuaid merged commit 036375f into Homebrew:master Oct 23, 2023
@MikeMcQuaid
Copy link
Member

Thanks again @woodruffw!

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@MikeMcQuaid MikeMcQuaid MikeMcQuaid approved these changes

Assignees
No one assigned
Labels
outdated
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Using brew gives warnings
2 participants
@woodruffw @MikeMcQuaid