Closed luckman212 closed 1 year ago
not sure if related to https://github.com/Homebrew/brew/issues/14009
Just a short note to say, issue remains unchanged as of brew 3.6.6
$ brew config
HOMEBREW_VERSION: 3.6.6
ORIGIN: https://github.com/Homebrew/brew
HEAD: 978a452ea7ccdff1ed7377f88add3ff0513ba2b7
Last commit: 2 days ago
Core tap ORIGIN: https://github.com/Homebrew/homebrew-core
Core tap HEAD: 241168f0d4654fba3bba9ed0fa23630581af5ae2
Core tap last commit: 2 hours ago
Core tap branch: master
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_EDITOR: editor_subl
HOMEBREW_GITHUB_API_TOKEN: set
HOMEBREW_GITHUB_PACKAGES_TOKEN: set
HOMEBREW_GITHUB_PACKAGES_USER: luckman212
HOMEBREW_MAKE_JOBS: 8
HOMEBREW_NO_AUTO_UPDATE: set
HOMEBREW_NO_ENV_HINTS: set
HOMEBREW_NO_INSECURE_REDIRECT: set
HOMEBREW_TEMP: /private/tmp/brew
Homebrew Ruby: 2.6.8 => /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/bin/ruby
CPU: octa-core 64-bit arm_firestorm_icestorm
Clang: 14.0.0 build 1400
Git: 2.38.0 => /opt/homebrew/bin/git
Curl: 7.79.1 => /usr/bin/curl
macOS: 12.6-arm64
CLT: 14.0.0.0.1.1661618636
Xcode: 14.0.1
Rosetta 2: false
Seems like a legit bug worth investigating but no-one working on it yet.
The issue here is that DescriptionCacheStore
refuses to read all formulae unless HOMEBREW_EVAL_ALL
is set. Passing --eval-all
is not sufficient.
Per https://github.com/Homebrew/brew/pull/13790#discussion_r961369837, this is intentional. Should we revisit this?
@Rylan12 Thanks for the tip about HOMEBREW_EVAL_ALL
. I'm unclear about what's "unsafe" about it. I assume it's something about some type of injection attack being possible from parsing a malformed description?
For now, adding export HOMEBREW_EVAL_ALL=1
to a small wrapper function in my bash profile has given me a temporary workaround.
I'm unclear about what's "unsafe" about it.
You're going to run potentially untrusted code from every formula and tap on your system.
@MikeMcQuaid Ouch. Ok, but if I only export HOMEBREW_EVAL_ALL
briefly to execute the brew desc
command and not globally, is that "safe" ?
@luckman212 Nope, it's basically unsafe by design, unfortunately, until it's reimplemented another way 😭
Ok @MikeMcQuaid — I'm sufficiently spooked 👻. Will not use.
Here's my hack for now, a little bash script (uses rg
and fd
). I'm sure it's very inefficient but hopefully this is a temporary situation.
brew-search.sh
#!/usr/bin/env bash
repo="$(brew --repo)/Library/Taps/homebrew/homebrew-core/Formula"
cd "$repo" || exit 1
{
rg "^ desc .*$1" --glob '*.rb' --files-with-matches;
fd --strip-cwd-prefix --extension rb "$1";
} |
sort -u |
while read -r FILE; do
DESC=$(sed -En 's/^ desc "(.*)".*$/\1/p' "$FILE")
echo "${FILE%.rb}: $DESC"
done
$ brew-search.sh json.*pars
simdjson: SIMD-accelerated C++ JSON parser
cjson: Ultralightweight JSON parser in ANSI C
json_spirit: C++ JSON parser/generator
json-c: JSON parser for C
jsonlint: JSON parser and validator with a CLI
sbjson: JSON CLI parser & reformatter based on SBJson v5
rapidjson: JSON parser/generator for C++ with SAX and DOM style APIs
Making this potentially unconditionally use the JSON API might make sense.
@Bo98 Yeh, great idea and agreed. Basically anywhere we currently require HOMEBREW_EVAL_ALL
or --eval-all
for functionality using the API makes more sense and anywhere we even support it that's not brew readall
it probably makes more sense.
Making this potentially unconditionally use the JSON API might make sense.
@Bo98 although, thinking about this more, that would of course only work for homebrew/core which, ironically, is pretty much the only place users should trust unconditionally.
brew config
outputbrew doctor
outputVerification
brew update
and am still able to reproduce my issue.brew doctor
and that did not fix my problem.What were you trying to do (and why)?
Trying to search formula names and descriptions as I have always done, but it outputs nothing
brew search
returns the results (but obviously not the descriptions as wanted)What happened (include all command output)?
see above
What did you expect to happen?
Listing of matching formulae + descriptions for search term
ffmpeg
Step-by-step reproduction instructions (by running
brew
commands)