Merge pull request #22553 from Homebrew/trust-fixes

MikeMcQuaid · web-flow · commit c11c6cd9acc8 · 2026-06-05T19:45:39.000Z
Skip untrusted cleanup formulae
diff --git a/Library/Homebrew/cleanup.rb b/Library/Homebrew/cleanup.rb
@@ -154,6 +154,9 @@ def stale_formula?(pathname, scrub)
 
         formula = begin
           Formulary.from_rack(HOMEBREW_CELLAR/formula_name)
+        rescue Homebrew::UntrustedTapError
+          opoo "Skipping #{formula_name}: tap formula is not trusted"
+          nil
         rescue FormulaUnavailableError, TapFormulaAmbiguityError
           nil
         end
@@ -162,6 +165,9 @@ def stale_formula?(pathname, scrub)
         if formula.blank? && formula_name.delete_suffix!("_bottle_manifest")
           formula = begin
             Formulary.from_rack(HOMEBREW_CELLAR/formula_name)
+          rescue Homebrew::UntrustedTapError
+            opoo "Skipping #{formula_name}: tap formula is not trusted"
+            nil
           rescue FormulaUnavailableError, TapFormulaAmbiguityError
             nil
           end
diff --git a/Library/Homebrew/test/cleanup_spec.rb b/Library/Homebrew/test/cleanup_spec.rb
@@ -69,6 +69,19 @@
       expect(lock_file).to exist
     end
 
+    it "doesn't load untrusted installed formulae while cleaning the cache" do
+      cache_file = HOMEBREW_CACHE/"untrusted--1.0"
+      cache_file.write "cached"
+      (HOMEBREW_CELLAR/"untrusted/1.0").mkpath
+
+      expect(Formulary).to receive(:from_rack).with(HOMEBREW_CELLAR/"untrusted")
+                                              .and_raise(Homebrew::UntrustedTapError)
+
+      expect { cleanup.cleanup_cache([{ path: cache_file, type: nil }]) }
+        .to output(/Skipping untrusted: tap formula is not trusted/).to_stderr
+      expect(cache_file).to exist
+    end
+
     context "when it can't remove a keg" do
       let(:formula_zero_dot_one) { Class.new(Testball) { version "0.1" }.new }
       let(:formula_zero_dot_two) { Class.new(Testball) { version "0.2" }.new }
