Implement `--require-sha` flag
vitorgalvao opened this issue · 14 comments
Refs #10380.
When using --require-sha
on the command line (or HOMEBREW_CASK_OPTS
) during an install
, before starting the download HBC must check if the cask in question uses sha256 :no_check
. If it does, installation will abort for that specific cask and an explanatory message be given.
Steps for implementation (from the next post):
- Add test for
--require-sha
totest/cask/cli/options_test.rb
- Add option
--require-sha
tolib/hbc/cli.rb
- Add new error
Hbc::CaskNoShasumError
tolib/hbc/exceptions.rb
- Check if
sha256 :no_check
inlib/hbc/cli/install.rb
, and abort if--require-sha
is present - Update documentation (USAGE.md, at a minimum)
- Update man page
Steps for implementation:
- Add test for
--require-sha
totest/cask/cli/options_test.rb
- Add option
--require-sha
tolib/hbc/cli.rb
- Add new error
Hbc::CaskNoShasumError
tolib/hbc/exceptions.rb
- Check if
sha256 :no_check
inlib/hbc/cli/install.rb
, and abort if--require-sha
is present - Update documentation (USAGE.md, at a minimum)
- Update man page
@jawshooah Seem okay?
The man page will also need to be updated. Other than that, I believe that should be sufficient.
Please don’t “+1” this issue (or any other, for that matter), as it only adds noise. We want this implemented, it’s not a vote.
Will remove comments that don’t add to the discussion, to keep the issue focused.
Could we change it to a slight but important difference:
...before starting the download HBC must check if the cask in question uses *contains a sha256 hash and the value is not :no_check. Else, installation will abort for that specific cask and an explanatory message be given.
@fuzzyroddis What’s the difference?
It's a nitpick, but in the original if a cask does not contain any sha256
line rather than sha256 :no_check
then the installation would continue even though it's equivalent to :no_check
There’s no such thing as a cask without a sha256
. It’s mandatory, and casks don’t pass audit without it.
I understand that an audit would catch such a cask, but it's still possible for a cask to exist without a sha256
eg. if it is merged ignoring results of an audit.
Unless I’m misremembering, a cask that does not pass audit will also refuse to install. audit
isn’t just for Travis, it is also a part of HBC.
Wouldn't it be safer to require a sha256
with length 64? Is there a reason you want to only check for :no_check
?
We only do that for casks that have unversioned url
s and hence would break constantly.
Please search our issues and documentation for further questions on this. Everything has already been explained at length multiple times.
Perhaps you misunderstand me, I'm not talking about the use of :no_check
rather this issue which is about --require-sha
. I'm saying that if --require-sha
is used it should check for the existence of a sha256 hash and if there isn't one then fail. Where OP is asking to check for :no_check
instead and fail if it finds it.
Type | hash | :no_check | no sha256 line |
---|---|---|---|
Failing if no hash | ❎ | ✅ | ✅ |
Failing if :no_check | ❎ | ✅ | 🔴 |
This isn't an issue of what :no_check does nor how audit works, its about ensuring the behaviour of --require-sha
never pulls a url without a hash.
Sure it might double up, that audit checks for a hash and then --require-sha
checks again, but I'd say that's the safer way.
Again, there are no casks with no sha256
. :no_check
exists precisely because of that.
Try it. Make a cask with no sha256
and try to install it. HBC will blow up in your face and will not proceed. In the very unlikely and never before heard of case of a cask slipping through with no sha256
, HBC will refuse to install it anyway. This is not an issue. You’re arguing for a case that will never happen.