Allow the ability for a system administrator to use
`HOMEBREW_BREW_WRAPPER` and `HOMEBREW_FORCE_BREW_WRAPPER` variables to
enforce the usage of a particular `brew` command for non-trivial (e.g.
`brew --prefix` is considered trivial, it doesn't need to write to the
prefix) Homebrew commands.
This also introduces a `HOMEBREW_ORIGINAL_BREW_FILE` variable for some
internal usage; `HOMEBREW_BREW_FILE` was being used internally for
both "how should we shell out to Homebrew" and "what should we use
to check permissions on Homebrew". `HOMEBREW_ORIGINAL_BREW_FILE` is
now used just for the latter case.
Inspired by conversation in
https://github.com/Homebrew/homebrew-bundle/pull/1551 which suggested
this was worth fixing in wider than just `brew bundle`.
This should really be an allowlist rather than a denylist,
but for the time being this at least prevents someone from
causing an obtuse sandbox error by naming a file something like
"foo\".
Signed-off-by: William Woodruff <william@yossarian.net>
When building a project which has SPM dependencies in Xcode, SPM will try and access (and potentially write in) `/Users/frizlab/Library/Caches/org.swift.swiftpm`.
I have added this path in the write exception for Xcode.
It’s not uncommon to use `/var/${USER}` as a home directory, especially
for shared or CLI-only users.
This fixes an issue where a formula that requires `xcodebuild` is
`brew install`ed from such a shared or CLI-only user account.
In that case, `xcodebuild` would fail because it is denied writing to
`/var/${USER}/Library/Developer/Xcode`.
For details, see: https://gist.github.com/claui/17cd89f8f6b4094ac704f142ea811fd8
Suggested-by: Bo Anderson <mail@boanderson.me>
Combined with https://github.com/Homebrew/homebrew-test-bot/pull/247
this will test Homebrew's use of frozen strings in CI. After this we
will then enable it for Homebrew developers and eventually all Homebrew
users.
