From 0c85c07be54d84ff3b96f4a8df11e59ff56597af Mon Sep 17 00:00:00 2001
From: Anil Madhavapeddy <anil@recoil.org>
Date: Thu, 25 Jul 2024 18:08:57 +0100
Subject: [PATCH] bin/brew: do not exit on sudo errors for resetting timestamp

In #17694, a call to `sudo --reset-timestamp` was added to prevent
cached credentials being run. Unfortunately, this breaks `brew`
invocation under `sandbox-exec`, which forbids any attempts to
exec setuid executables.  This in turn breaks the OCaml opam
package manager, which sandboxes its build commands (including
brew prefix queries): see https://github.com/ocaml/opam/issues/6117
for that error.

This commit just changes the sudo invocation to suppress errors
and continue if it fails, which should be harmless in normal
operation as sudo doesn't emit an error for this option when
invoked normally.
---
 bin/brew | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/brew b/bin/brew
index c346974a6a..706c6c615b 100755
--- a/bin/brew
+++ b/bin/brew
@@ -39,7 +39,7 @@ fi
 # Reset sudo timestamp to avoid running unauthorized sudo commands
 if command -v sudo >/dev/null
 then
-  sudo --reset-timestamp
+  sudo --reset-timestamp 2>/dev/null || true
 fi
 
 quiet_cd() {