search

Homebrew / brew

🍺 The missing package manager for macOS (or Linux)
https://brew.sh
BSD 2-Clause "Simplified" License
41.11k stars 9.65k forks source link

brew desc --eval-all --formula --search <foo> failing #14010

Closed luckman212 closed 1 year ago

luckman212 commented 1 year ago

brew config output

$ brew config
HOMEBREW_VERSION: 3.6.5-48-g978a452
ORIGIN: https://github.com/Homebrew/brew
HEAD: 978a452ea7ccdff1ed7377f88add3ff0513ba2b7
Last commit: 13 hours ago
Core tap ORIGIN: https://github.com/Homebrew/homebrew-core
Core tap HEAD: 8eb04269fa401e8f12110605571036af20e19730
Core tap last commit: 75 minutes ago
Core tap branch: master
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_EDITOR: editor_subl
HOMEBREW_GITHUB_API_TOKEN: set
HOMEBREW_GITHUB_PACKAGES_TOKEN: set
HOMEBREW_GITHUB_PACKAGES_USER: luckman212
HOMEBREW_MAKE_JOBS: 8
HOMEBREW_NO_AUTO_UPDATE: set
HOMEBREW_NO_ENV_HINTS: set
HOMEBREW_NO_INSECURE_REDIRECT: set
HOMEBREW_TEMP: /private/tmp/brew
Homebrew Ruby: 2.6.8 => /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/bin/ruby
CPU: octa-core 64-bit arm_firestorm_icestorm
Clang: 14.0.0 build 1400
Git: 2.38.0 => /opt/homebrew/bin/git
Curl: 7.79.1 => /usr/bin/curl
macOS: 12.6-arm64
CLT: 14.0.0.0.1.1661618636
Xcode: 14.0.1
Rosetta 2: false

brew doctor output

$ brew doctor
Your system is ready to brew.

Verification

What were you trying to do (and why)?

Trying to search formula names and descriptions as I have always done, but it outputs nothing

$ brew desc --eval-all --formula --search ffmpeg
==> Formulae

brew search returns the results (but obviously not the descriptions as wanted)

$ brew search --formula ffmpeg
==> Formulae
ffmpeg ✔                  ffmpeg2theora             ffmpeg@2.8                ffmpeg@4                  ffmpegthumbnailer

What happened (include all command output)?

see above

What did you expect to happen?

Listing of matching formulae + descriptions for search term ffmpeg

Step-by-step reproduction instructions (by running brew commands)

see above
luckman212 commented 1 year ago

not sure if related to https://github.com/Homebrew/brew/issues/14009

luckman212 commented 1 year ago

Just a short note to say, issue remains unchanged as of brew 3.6.6

$ brew config
HOMEBREW_VERSION: 3.6.6
ORIGIN: https://github.com/Homebrew/brew
HEAD: 978a452ea7ccdff1ed7377f88add3ff0513ba2b7
Last commit: 2 days ago
Core tap ORIGIN: https://github.com/Homebrew/homebrew-core
Core tap HEAD: 241168f0d4654fba3bba9ed0fa23630581af5ae2
Core tap last commit: 2 hours ago
Core tap branch: master
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_EDITOR: editor_subl
HOMEBREW_GITHUB_API_TOKEN: set
HOMEBREW_GITHUB_PACKAGES_TOKEN: set
HOMEBREW_GITHUB_PACKAGES_USER: luckman212
HOMEBREW_MAKE_JOBS: 8
HOMEBREW_NO_AUTO_UPDATE: set
HOMEBREW_NO_ENV_HINTS: set
HOMEBREW_NO_INSECURE_REDIRECT: set
HOMEBREW_TEMP: /private/tmp/brew
Homebrew Ruby: 2.6.8 => /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/bin/ruby
CPU: octa-core 64-bit arm_firestorm_icestorm
Clang: 14.0.0 build 1400
Git: 2.38.0 => /opt/homebrew/bin/git
Curl: 7.79.1 => /usr/bin/curl
macOS: 12.6-arm64
CLT: 14.0.0.0.1.1661618636
Xcode: 14.0.1
Rosetta 2: false
MikeMcQuaid commented 1 year ago

Seems like a legit bug worth investigating but no-one working on it yet.

Rylan12 commented 1 year ago

The issue here is that DescriptionCacheStore refuses to read all formulae unless HOMEBREW_EVAL_ALL is set. Passing --eval-all is not sufficient.

Per https://github.com/Homebrew/brew/pull/13790#discussion_r961369837, this is intentional. Should we revisit this?

luckman212 commented 1 year ago

@Rylan12 Thanks for the tip about HOMEBREW_EVAL_ALL. I'm unclear about what's "unsafe" about it. I assume it's something about some type of injection attack being possible from parsing a malformed description?

For now, adding export HOMEBREW_EVAL_ALL=1 to a small wrapper function in my bash profile has given me a temporary workaround.

MikeMcQuaid commented 1 year ago

I'm unclear about what's "unsafe" about it.

You're going to run potentially untrusted code from every formula and tap on your system.

luckman212 commented 1 year ago

@MikeMcQuaid Ouch. Ok, but if I only export HOMEBREW_EVAL_ALL briefly to execute the brew desc command and not globally, is that "safe" ?

MikeMcQuaid commented 1 year ago

@luckman212 Nope, it's basically unsafe by design, unfortunately, until it's reimplemented another way 😭

luckman212 commented 1 year ago

Ok @MikeMcQuaid — I'm sufficiently spooked 👻. Will not use.

Here's my hack for now, a little bash script (uses rg and fd). I'm sure it's very inefficient but hopefully this is a temporary situation.

Save as brew-search.sh

#!/usr/bin/env bash

repo="$(brew --repo)/Library/Taps/homebrew/homebrew-core/Formula"
cd "$repo" || exit 1
{
  rg "^  desc .*$1" --glob '*.rb' --files-with-matches;
  fd --strip-cwd-prefix --extension rb "$1";
} |
sort -u |
while read -r FILE; do
  DESC=$(sed -En 's/^  desc "(.*)".*$/\1/p' "$FILE")
  echo "${FILE%.rb}: $DESC"
done

Example

$ brew-search.sh json.*pars
simdjson: SIMD-accelerated C++ JSON parser
cjson: Ultralightweight JSON parser in ANSI C
json_spirit: C++ JSON parser/generator
json-c: JSON parser for C
jsonlint: JSON parser and validator with a CLI
sbjson: JSON CLI parser & reformatter based on SBJson v5
rapidjson: JSON parser/generator for C++ with SAX and DOM style APIs
Bo98 commented 1 year ago

Making this potentially unconditionally use the JSON API might make sense.

MikeMcQuaid commented 1 year ago

@Bo98 Yeh, great idea and agreed. Basically anywhere we currently require HOMEBREW_EVAL_ALL or --eval-all for functionality using the API makes more sense and anywhere we even support it that's not brew readall it probably makes more sense.

MikeMcQuaid commented 1 year ago

Making this potentially unconditionally use the JSON API might make sense.

@Bo98 although, thinking about this more, that would of course only work for homebrew/core which, ironically, is pretty much the only place users should trust unconditionally.