search

Homebrew / brew

🍺 The missing package manager for macOS (or Linux)
https://brew.sh
BSD 2-Clause "Simplified" License
41.43k stars 9.74k forks source link

`livecheck` should respect `using: :homebrew_curl` #12341

Closed carlocab closed 2 years ago

carlocab commented 3 years ago

Provide a detailed description of the proposed feature

We have a few formulae that pass using: :homebrew_curl to the stable url to work around issues with the system-provided curl. brew audit already uses Homebrew curl when this argument is present. brew livecheck should do the same.

What is the motivation for the feature?

The system-provided curl is a bit broken on Monterey.

For example, with system curl:

❯ HOMEBREW_FORCE_BREWED_CURL= brew livecheck --debug --verbose libzip
#<Homebrew::CLI::Args named=["libzip"], remaining=["libzip"], d?=true, debug?=true, Display any debugging information.?=false, q?=false, quiet?=false, Make some output more quiet.?=false, v?=true, verbose?=true, Make some output more verbose.?=false, h?=false, help?=false, Show this message.?=false, full_name?=false, Print formulae/casks with fully_qualified names.?=false, tap=nil, Check formulae/casks within the given tap, specified as <user>`/`<repo>.=nil, all?=false, Check all available formulae/casks.?=false, installed?=false, Check formulae/casks that are currently installed.?=false, newer_only?=false, Show the latest version only if it's newer than the formula/cask.?=false, json?=false, Output information in JSON format.?=false, Suppress warnings, don't print a progress bar for JSON output.?=false, formula?=false, formulae?=false, Only check formulae.?=false, cask?=false, casks?=false, Only check casks.?=false>
/opt/homebrew/Library/Homebrew/brew.rb (Formulary::FormulaLoader): loading /opt/homebrew/Library/Taps/homebrew/homebrew-core/Formula/libzip.rb

Formula:          libzip
Livecheckable?:   Yes

URL:              https://libzip.org/download/
Strategies:       PageMatch
Strategy:         PageMatch
Regex:            /href=.*?libzip[._-]v?(\d+(?:\.\d+)+)\.t/i
curl: (35) error:06FFF089:digital envelope routines:CRYPTO_internal:bad key length
Error: libzip: Unable to get versions

You can see this occur in CI here and here.

With Homebrew curl:

❯ HOMEBREW_FORCE_BREWED_CURL=1 brew livecheck --debug --verbose libzip
#<Homebrew::CLI::Args named=["libzip"], remaining=["libzip"], d?=true, debug?=true, Display any debugging information.?=false, q?=false, quiet?=false, Make some output more quiet.?=false, v?=true, verbose?=true, Make some output more verbose.?=false, h?=false, help?=false, Show this message.?=false, full_name?=false, Print formulae/casks with fully_qualified names.?=false, tap=nil, Check formulae/casks within the given tap, specified as <user>`/`<repo>.=nil, all?=false, Check all available formulae/casks.?=false, installed?=false, Check formulae/casks that are currently installed.?=false, newer_only?=false, Show the latest version only if it's newer than the formula/cask.?=false, json?=false, Output information in JSON format.?=false, Suppress warnings, don't print a progress bar for JSON output.?=false, formula?=false, formulae?=false, Only check formulae.?=false, cask?=false, casks?=false, Only check casks.?=false>
/opt/homebrew/Library/Homebrew/brew.rb (Formulary::FormulaLoader): loading /opt/homebrew/Library/Taps/homebrew/homebrew-core/Formula/libzip.rb

Formula:          libzip
Livecheckable?:   Yes

URL:              https://libzip.org/download/
Strategies:       PageMatch
Strategy:         PageMatch
Regex:            /href=.*?libzip[._-]v?(\d+(?:\.\d+)+)\.t/i

Matched Versions:
1.8.0 => #<Version:0x0000000141b0a030 @version="1.8.0", @detected_from_url=false>
libzip : 1.8.0 ==> 1.8.0

How will the feature be relevant to at least 90% of Homebrew users?

brew livecheck is pretty important in keeping formulae updated, and 90% of Homebrew users will be on Monterey (or newer) eventually. Admittedly, Apple will probably have fixed this by then 🤞, but I think it's important for us to have a workaround sooner than that.

More importantly, brew livecheck being broken will be pretty bad for our CI tests.

What alternatives to the feature have been considered?

Not all mutually exclusive:

EricFromCanada commented 3 years ago

Also, curl on Monterey still seems to not have proper support for TLS 1.3, preventing it from contacting the small-but-growing number of TLS-1.3-only hosts (e.g. xiph.org, repology.org).

github-actions[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

hyuraku commented 2 years ago

@carlocab Would you like to close this PR because of https://github.com/Homebrew/brew/pull/12476 ?