Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a HomeBrew formula #2

Closed
janhoy opened this issue May 31, 2022 · 14 comments
Closed

Add a HomeBrew formula #2

janhoy opened this issue May 31, 2022 · 14 comments

Comments

@janhoy
Copy link
Collaborator

janhoy commented May 31, 2022

It would be nice to be able to install openlens as a Cask using brew install openlens on macOS.

So I made a formula at https://github.com/janhoy/homebrew-cask/blob/open-lens/Casks/openlens.rb which works locally. I assume that the .dmg here is UniversalBinary, i.e. will work on both x64 and arm64? I have only tested on arm (M1).

However there are two issues that must be solved for us to submit a PR for it:

  1. The Mac app is not signed, which is a blocker for new users. See Mac app is not trusted #1

  2. This repository needs 30 forks, 30 watchers and 75 stars to be eligible for HomeBrew:

    audit for openlens: failed
 - GitHub repository not notable enough (<30 forks, <30 watchers and <75 stars)
Error: 1 problem in 1 cask detected
@carlocab
Copy link

carlocab commented Jun 2, 2022

Just a few notes:

What you created is actually a cask (installs a pre-built artefact, only works on macOS) rather than a formula (typically built from source, can work on both macOS and Linux).

As for the notability requirement, you can always host your cask in your own tap (a Git repo that contains casks/formulae).

Here are some docs to help you get started:

https://docs.brew.sh/Taps
https://docs.brew.sh/Interesting-Taps-and-Forks
https://docs.brew.sh/How-to-Create-and-Maintain-a-Tap
https://brew.sh/2020/11/18/homebrew-tap-with-bottles-uploaded-to-github-releases/

@janhoy
Copy link
Collaborator Author

janhoy commented Jun 2, 2022

A new tap for just one app sounds overkill, if it requires two commands by the end user (add tap, then install)? Are there any obvious benefit with defining a new tap?

Since we need a signed Mac App, I think a Cask is the right way to go, as it will pull the pre-built (and signed) DMG file from our release repo.

My note above about Universal Binary is false though, so it is x86. As soon as GitHub Actions can build arm, then we can add the arm64 variant.

@carlocab
Copy link

carlocab commented Jun 3, 2022

A new tap for just one app sounds overkill, if it requires two commands by the end user (add tap, then install)?

You can install from taps hosted on GitHub in a single command, as long as the repo name starts with homebrew-. For example, I have a GitHub repo called homebrew-personal, and anyone can install formulae from it using

brew install carlocab/personal/foo

Are there any obvious benefit with defining a new tap?

You get more control over your cask, which some developers prefer. This also means you don't need to meet any of the requirements for inclusion into a Homebrew-owned repository.

@janhoy
Copy link
Collaborator Author

janhoy commented Jun 3, 2022

Got it. Also according to https://docs.brew.sh/Acceptable-Casks this will be an "Unofficial" binray, which will not be approved as a main cas anyway:

An allegedly unmodified compiled binary, by a third-party, of a binary that has no existing build by the owner of the source code.

Thus the tap route is probably the way to go, as it is unlikely that we'll be able to persuade Mirantis to publish official binaries for the open source version, even if we submit a PR for it :(

@carlocab
Copy link

carlocab commented Jun 3, 2022

A formula that builds from source can likely be made acceptable for inclusion in homebrew-core. Just FYI. But you can, of course, choose to host your own cask instead of or in addition to a formula.

@janhoy
Copy link
Collaborator Author

janhoy commented Jun 5, 2022

Can you make a formula sign the Mac binaries? Where would you place the signing certificate?

@alebcay
Copy link

alebcay commented Aug 7, 2022

I don't think there's any precedent of a Homebrew formula signing Mac binaries. You could have the formula download a signing certificate as a resource and use it to sign the binary, but I see no benefit to this approach compared to just distributing a binary that is already signed.

Homebrew does perform "on-the-fly" signing of CLI applications (distributed as formulae) but my understanding is that this ad-hoc signing works differently for apps.

In any case, I think cask is probably the path of choice here. Formulae are usually CLI apps (can't install outside of the Homebrew prefix, so can't install e.g. to /Applications). Neither provides a solution to the issue of the app being untrusted/unsigned.

@jkroepke jkroepke mentioned this issue Aug 12, 2022
Merged
@MuhammedKalkan MuhammedKalkan mentioned this issue Sep 1, 2022
Closed
@Anticom
Copy link

Anticom commented Sep 12, 2022

@janhoy What about https://github.com/ykursadkaya/homebrew-openlens? I've been using it right after openlens came to live. Does your formula add any other improvements over ykursadkaya's one?

@janhoy
Copy link
Collaborator Author

janhoy commented Sep 13, 2022

@janhoy What about https://github.com/ykursadkaya/homebrew-openlens? I've been using it right after openlens came to live. Does your formula add any other improvements over ykursadkaya's one?

Have you tried it? Do they build and sign their own binaries or use the one from this repo?

@Anticom
Copy link

Anticom commented Sep 13, 2022

@janhoy What about https://github.com/ykursadkaya/homebrew-openlens? I've been using it right after openlens came to live. Does your formula add any other improvements over ykursadkaya's one?

Have you tried it? Do they build and sign their own binaries or use the one from this repo?

I'm using it ever since it was created without any issues. The artifacts aren't signed tho, that's a good point!
For me personally that was never a big issue since I've just allowed the execution.

@MuhammedKalkan
Copy link
Owner

Is this still a thing ? Homebrew produces unsigned packages.
And seems this will not be added to mainstream tap, so what is the situation here ?

@jkroepke
Copy link
Collaborator

jkroepke commented Oct 4, 2022

I provided one homebrew Cask here:

https://github.com/jkroepke/homebrew-openlens

brew install jkroepke/openlens/openlens

Homebrew produces unsigned packages.

This is not true. Local builds are always signed with an ad-hoc signature. Cask (with will use pre-build binaries from this repository), are not touched by brew. But this is not a problem, since the pre-build binaries are already signed.

@jkroepke
Copy link
Collaborator

jkroepke commented Oct 4, 2022

@MuhammedKalkan If you want, you can link it in the README.md and close this issue. Since homebrew TAP must be beginn with homebrew-, we are not able to merge the homebrew file into this repository. A Long term solution would be a dedicated GitHub Organization (e.g. openlens-redistribution) where we can put both repositories into it.

@bevrist
Copy link

bevrist commented Nov 3, 2022
edited

I only found this issue after creating this PR for homebrew-cask, but the homebrew-cask maintainers did accept this project as is.
anyone can now install the openlens binaries from this repo via brew install --cask openlens

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@janhoy @jkroepke @Anticom @alebcay @bevrist @MuhammedKalkan @carlocab