mirrors/brew
1
0
Fork 0
mirror of https://github.com/Homebrew/brew.git synced 2025-07-14 16:09:03 +08:00
Code Issues Packages Projects Releases Wiki Activity
15,064 Commits 11 Branches 451 Tags
Commit Graph

40 Commits

Author SHA1 Message Date
Markus Reiter
9bee9ca575 Use “squiggly” heredocs. 2017-10-18 14:39:09 +02:00
Mike McQuaid
01e9ec9a9f Rubocop: automatic rule fixes. 2017-09-24 21:23:59 +01:00
Mike McQuaid
12c454822a sandbox: stop printing message. 
We’re always using the sandbox where possible now so this is just
noise for the vast majority of our users.
 2017-08-07 11:16:36 +01:00
Mike McQuaid
fb310c57b1 sandbox: sandbox all taps by default. 
We've been doing this in `brew test-bot`, for our CI and for
homebrew/core long enough that this is a reasonable default that
provides more protection to our users of non-homebrew/core taps.
 2017-07-14 17:00:07 +01:00
ilovezfs
53a677aba6 sandbox: allow write access to /dev/random 
This avoids build failure for `root6`.

MacPorts currently avoids the failure with a patch, as their sandbox
doesn't yet allow write access to `/dev/random` either:
7792b2c565/science/root6/Portfile (L73-L75)
7792b2c565/science/root6/files/patch-disable-hsimple-macro.diff

The relevant code where `/dev/random` is opened with `O_WRONLY` is here:
15673deba5/interpreter/cling/lib/Utils/PlatformPosix.cpp (L63-L82)
 2017-07-11 01:47:36 -07:00
Markus Reiter
2d6ae61314 Re-revert "Fix operator spacing." 2017-06-02 19:22:05 +02:00
ilovezfs
197392b56d Revert "Fix operator spacing." 2017-06-01 04:06:40 -07:00
Markus Reiter
d34ba7395b Fix operator spacing. 2017-05-31 19:53:41 +02:00
Mike McQuaid
7a38bab333 Fixup all RuboCop warnings. 2017-05-29 18:43:18 +01:00
Mike McQuaid
7055abc436 Allow --interactive to access HOME 
This may result in a slightly varied build but it’s generally just far
less annoying to be able to access all your e.g. shell configuration.
 2017-05-09 20:00:11 +01:00
Markus Reiter
84b2276fd8 Use guard clauses. 2016-11-13 23:00:47 +01:00
Mike McQuaid
536c48e804 sandbox: tweak HOMEBREW_REPOSITORY handling. 
If we have a HOMEBREW_REPOSITORY and HOMEBREW_PREFIX mismatch (now the
default) then we can block access to the whole of HOMEBREW_REPOSITORY
rather than just the HOMEBREW_LIBRARY and `.git`.
 2016-09-23 08:29:05 +01:00
Dominyk Tiller
3bbf62f37a
sandbox: loosen restriction around Xcode caching 
It doesn't really need to be as tight as it is currently, certainly outside brew
you can write to here without any special privileges beside being the user,
and being so can tight can cause issues on clean systems or systems where
Xcode hasn't been used before as exposed by https://github.com/Homebrew/homebrew-core/issues/4892.

Closes https://github.com/Homebrew/homebrew-core/issues/4892.
 2016-09-22 05:11:41 +01:00
Dominyk Tiller
c7d75bffeb
sandbox: sandbox homebrew/tex by default 2016-09-21 23:34:18 +01:00
Dominyk Tiller
713437a5ef
sandbox: sandbox homebrew/devel-only by default 2016-09-21 23:14:14 +01:00
Dominyk Tiller
273affabe3
sandbox: sandbox homebrew/fuse by default 2016-09-21 22:14:01 +01:00
Dominyk Tiller
8ddc6aa2d4
sandbox: sandbox homebrew/dupes by default 2016-09-21 20:10:35 +01:00
Mike McQuaid
3982950e61 rubocop --auto-correct all hash-rocket usage. 2016-09-17 16:14:13 +01:00
Mike McQuaid
6693915399 rubocop --auto-correct all remaining files. 
But remove some manual `.freeze`s on constants that shouldn't be
constants.
 2016-09-17 16:14:13 +01:00
Xu Cheng
af3ad3cb86
disable sandbox for 10.5 
Although `sandbox-exec` is available in 10.5, it has very limit
support on the DSL for sandbox profile file(.sb file). Therefore,
sandbox for Homebrew on 10.5 is broken.

Closes #735.

Signed-off-by: Xu Cheng <git@xuc.me>
 2016-08-18 13:35:52 +08:00
Xu Cheng
91c5dee5a0
Sandbox.formula?: allow to disable sandbox by user 2016-08-18 13:35:51 +08:00
Mike McQuaid
6e887fbf5a sandbox: add formula? method and sandbox core. 
Add a new `Sandbox.formula?` method to see if a given formula should be
sandboxed. Use the formula to check its tap against a list of
pre-approved taps where we know every formula builds under the sandbox
(currently just homebrew/core).
 2016-08-15 08:33:58 +01:00
Mike McQuaid
fed96385ac sandbox: add test? method. 
Simplify checking if we’re going to sandbox a test with `Sandbox.test?`.
 2016-08-15 08:33:58 +01:00
Tim D. Smith
2aad3e052a Don't report .pyc file writes in sandbox logs 
These are never fatal and often confusing.

Fixes #683.
 2016-08-14 12:21:50 -07:00
Andrew Janke
acc9a7ca85 brew test, install, update-test: add --keep-tmp option 
Also enables sandbox for --interactive and --debug use of install
and test, using automatic retention.

Closes #66.

Signed-off-by: Andrew Janke <andrew@apjanke.net>
 2016-04-18 12:23:08 -04:00
Xu Cheng
a0372e97d8 sandbox: allow certain processes running without sandbox 2015-09-15 11:48:38 +08:00
Xu Cheng
77536e39de sandbox: fix log problem for brew test-bot 2015-08-29 19:36:10 +08:00
Xu Cheng
3b88c070c6 sandbox: better log output 
* use syslog filter instead of grep.
* output sandbox log to stdout when verbose and failed.
* output nothing if sandbox log is empty.

Closes Homebrew/homebrew#43325.

Signed-off-by: Xu Cheng <xucheng@me.com>
 2015-08-28 17:33:09 +08:00
Alex Dunn
9520449823 sandbox: allow writing to /dev/zero 
Closes Homebrew/homebrew#43344.
 2015-08-27 21:46:21 -07:00
Dominyk Tiller
98499d1d29 sandbox: permit /var/tmp & DerivedData 
Long term it would be nice to sandbox everything that writes to DerivedData
but it is essentially a cache directory of sorts.

The downside of allowing stuff to write there particularly is that DerivedData
is notoriously bad at getting cleaned up, so if you do a lot of Xcode-using
installations very quickly, you can chew your disk space up.

Closes Homebrew/homebrew#43276.

Signed-off-by: Dominyk Tiller <dominyktiller@gmail.com>
 2015-08-25 22:01:24 +01:00
Xu Cheng
b121e5fd7b more core file style updated by rubocop 2015-08-06 17:23:56 +08:00
BrewTestBot
13d544e11e Core files style updates. 
Closes Homebrew/homebrew#42354.

Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
 2015-08-03 13:22:35 +01:00
Xu Cheng
2ebd1c974b print sandbox message 
Closes Homebrew/homebrew#42293.

Signed-off-by: Xu Cheng <xucheng@me.com>
 2015-07-31 19:52:36 +08:00
Xu Cheng
8cebb64eec auto disable sandbox for interactive shell 
Closes Homebrew/homebrew#38792.

Signed-off-by: Xu Cheng <xucheng@me.com>
 2015-07-22 15:12:15 +08:00
Xu Cheng
64c0927087 sandbox: fix the rules 
1. `script` (used to fake the tty) requires write access to /dev/ptmx
and /dev/ttys*
2. sandbox profile only accepts `[0-9]` instead of `\d`.
 2015-05-10 17:39:53 +08:00
Jack Nagel
16dfe3dd40 Add Formula#logs 2015-04-25 23:14:05 -04:00
Xu Cheng
fbc47d86ad sandbox: add deny_write_homebrew_library method 2015-04-23 12:33:54 +08:00
Xu Cheng
adedbb86f1 sandbox: record log 
Closes Homebrew/homebrew#38711.

Signed-off-by: Xu Cheng <xucheng@me.com>
 2015-04-17 14:09:24 +08:00
Xu Cheng
a6be0b5bb8 sandbox: redesign API 2015-04-15 19:51:54 +08:00
Xu Cheng
2f529220e7 preliminary write control only sandbox 
Closes Homebrew/homebrew#38361.

Signed-off-by: Xu Cheng <xucheng@me.com>
 2015-04-09 17:42:54 +08:00