mirrors/brew
1
0
Fork 0
mirror of https://github.com/Homebrew/brew.git synced 2025-07-14 16:09:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

Support bash in privileged mode

Browse Source
This commit is contained in:
Bo Anderson 2024-03-21 03:25:49 +00:00
parent c52362669a
commit 636d883008
No known key found for this signature in database
7 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Library/Homebrew/brew.sh
View File

@ -216,7 +216,7 @@ numeric() {
} }
check-run-command-as-root() { check-run-command-as-root() {
[[ "$(id -u)" == 0 ]] || return [[ "$(id -u)" == 0 || "$(id -ur)" == 0 ]] || return
# Allow Azure Pipelines/GitHub Actions/Docker/Concourse/Kubernetes to do everything as root (as it's normal there) # Allow Azure Pipelines/GitHub Actions/Docker/Concourse/Kubernetes to do everything as root (as it's normal there)
[[ -f /.dockerenv ]] && return [[ -f /.dockerenv ]] && return

4
Library/Homebrew/global.rb
View File

@ -106,8 +106,8 @@ module Homebrew
end end
def running_as_root? def running_as_root?
@process_uid ||= Process.uid @process_euid ||= Process.euid
@process_uid.zero? @process_euid.zero?
end end
def owner_uid def owner_uid

2
Library/Homebrew/shims/shared/curl
View File

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/bash -p
# Make our $HOMEBREW_CURL selection universal - including in formulae usage. # Make our $HOMEBREW_CURL selection universal - including in formulae usage.

2
Library/Homebrew/shims/shared/git
View File

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/bash -p
# This script because we support $HOMEBREW_GIT, $HOMEBREW_SVN, etc., Xcode-only and # This script because we support $HOMEBREW_GIT, $HOMEBREW_SVN, etc., Xcode-only and
# no Xcode/CLT configurations. Order is careful to be what the user would want. # no Xcode/CLT configurations. Order is careful to be what the user would want.

3
Library/Homebrew/utils/fork.rb
View File

@ -42,6 +42,9 @@ module Utils
server.close server.close
read.close read.close
write.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) write.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
Process::UID.change_privilege(Process.euid) if Process.euid != Process.uid
yield yield
rescue Exception => e # rubocop:disable Lint/RescueException rescue Exception => e # rubocop:disable Lint/RescueException
error_hash = JSON.parse e.to_json error_hash = JSON.parse e.to_json

7
Library/Homebrew/utils/lock.sh
View File

@ -44,9 +44,12 @@ _create_lock() {
[[ -x "${ruby}" ]] || ruby="$(type -P ruby)" [[ -x "${ruby}" ]] || ruby="$(type -P ruby)"
[[ -x "${python}" ]] || python="$(type -P python)" [[ -x "${python}" ]] || python="$(type -P python)"
if [[ -x "${ruby}" ]] && "${ruby}" -e "exit(RUBY_VERSION >= '1.8.7')" # Use /dev/stdin, otherwise Ruby can error if uid != euid.
# Can't use "-" as that's also blocked:
# https://github.com/ruby/ruby/blob/e51435177e88fc845528dff7cf2bc2b75dd36144/ruby.c#L2333-L2335
if [[ -x "${ruby}" ]] && "${ruby}" /dev/stdin <<<"exit(RUBY_VERSION >= '1.8.7')"
then then
"${ruby}" -e "File.new(${lock_fd}).flock(File::LOCK_EX | File::LOCK_NB) || exit(1)" "${ruby}" /dev/stdin <<<"File.new(${lock_fd}).flock(File::LOCK_EX | File::LOCK_NB) || exit(1)"
elif [[ -x "${python}" ]] elif [[ -x "${python}" ]]
then then
"${python}" -c "import fcntl; fcntl.flock(${lock_fd}, fcntl.LOCK_EX | fcntl.LOCK_NB)" "${python}" -c "import fcntl; fcntl.flock(${lock_fd}, fcntl.LOCK_EX | fcntl.LOCK_NB)"

4
bin/brew
View File

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/bash -p
set -u set -u
# Fail fast with concise message when not using bash # Fail fast with concise message when not using bash
@ -245,4 +245,4 @@ then
fi fi
unset VAR ENV_VAR_NAMES unset VAR ENV_VAR_NAMES
exec /usr/bin/env -i "${FILTERED_ENV[@]}" /bin/bash "${HOMEBREW_LIBRARY}/Homebrew/brew.sh" "$@" exec /usr/bin/env -i "${FILTERED_ENV[@]}" /bin/bash -p "${HOMEBREW_LIBRARY}/Homebrew/brew.sh" "$@"