Caleb Xu
4eb4c7a970
sandbox: enable strict typing
2024-04-24 21:56:25 -04:00
Caleb Xu
3d5c3a0589
sandbox: add methods for allowing/denying network access
2024-04-22 22:36:00 -04:00
François Lamboley
c561931050
Add a new path in sandbox for Xcode
...
When building a project which has SPM dependencies in Xcode, SPM will try and access (and potentially write in) `/Users/frizlab/Library/Caches/org.swift.swiftpm`.
I have added this path in the write exception for Xcode.
2024-01-12 15:37:24 +01:00
Douglas Eichelberger
3abbf4447e
Some minor regexp match perf improvements
2023-12-27 13:16:36 -08:00
Douglas Eichelberger
24cf6076e8
brew style --fix
2023-04-24 20:42:39 -07:00
Douglas Eichelberger
f3a8241e69
Remove useless T.unsafe wrappers
2023-04-03 17:34:39 -07:00
Mike McQuaid
77c0d38c35
brew style --fix
2022-12-13 11:37:06 +00:00
apainintheneck
9c2293a08e
Move Sandbox check to extend/os
2022-11-23 20:39:59 -08:00
Bo Anderson
5c6160472b
sandbox: allow file-write-setugid
2022-06-10 19:32:32 +01:00
Bo Anderson
8eb4756d3e
sandbox: handle SIGTTOU and SIGTTIN to avoid hangs
2022-01-28 07:01:31 +00:00
Sean Sullivan
c0de9c5497
Comment more thoroughly
2021-09-07 19:49:01 -07:00
Sean Sullivan
1f0f08c30d
Remove redundant begin
2021-09-07 11:15:06 -07:00
Sean Sullivan
c7b36df879
Fix style
2021-09-07 10:09:47 -07:00
Sean Sullivan
c88f4c0645
Use raw block to return tty to proper state
2021-09-06 22:27:43 -07:00
Bo Anderson
9e42ddb011
sandbox: fallback to tput for winsize
2021-09-01 21:09:23 +01:00
Bo Anderson
be41b12e4c
sandbox: restore old WINCH trap
2021-08-25 20:35:11 +01:00
Bo Anderson
d4c691e91e
sandbox: check if stdin/out is associated with a tty
2021-08-24 16:17:39 +01:00
Mike McQuaid
aa04277dc2
sandbox: add comment.
2021-08-24 14:46:00 +01:00
Bo Anderson
0f900edfa2
sandbox: start sandbox in a pseudoterminal
2021-08-24 14:29:17 +01:00
Bo Anderson
e8b82bbe1e
Fix brew style
2021-08-13 13:49:52 +01:00
EricFromCanada
a427de5bee
capitalization fixes
...
"curl" is the binary, while "cURL" is the umbrella project.
2021-01-26 15:36:44 -05:00
EricFromCanada
571179ff0e
pass second argument to ohai when applicable
2021-01-26 15:36:43 -05:00
Markus Reiter
cf169e5270
Fix type errors in Sandbox.
2020-11-29 21:23:54 +01:00
Markus Reiter
da9289eff0
Add more type signatures.
2020-11-13 12:26:36 +01:00
Jonathan Chang
ab7b757400
rubocop: fix Style/NegatedIfElseCondition
2020-11-10 23:28:31 +11:00
Markus Reiter
24ae318a3d
Move type annotations into files.
2020-10-10 14:59:39 +02:00
Markus Reiter
70cfb52158
Document Sandbox.
2020-08-26 03:13:59 +02:00
Seeker
f03aeb41c7
sandbox: use Dir.home instead of HOME
2020-07-10 08:31:10 -07:00
Claudia
23cb93ff1c
sandbox: do not assume home is inside /Users
...
It’s not uncommon to use `/var/${USER}` as a home directory, especially
for shared or CLI-only users.
This fixes an issue where a formula that requires `xcodebuild` is
`brew install`ed from such a shared or CLI-only user account.
In that case, `xcodebuild` would fail because it is denied writing to
`/var/${USER}/Library/Developer/Xcode`.
For details, see: https://gist.github.com/claui/17cd89f8f6b4094ac704f142ea811fd8
Suggested-by: Bo Anderson <mail@boanderson.me>
2020-07-03 15:39:41 +02:00
Issy Long
0041ea21f5
Change occurrences of "whitelist" to "allowlist"
2020-06-06 22:38:32 +01:00
Mike McQuaid
40ec8e69cc
Cleanup Sandbox code
...
Remove unused code and methods.
2020-05-02 13:45:04 +01:00
Mike McQuaid
3381cbf5c7
Use Homebrew::EnvConfig.
2020-04-07 09:58:26 +01:00
Gautham Goli
acde828a45
ARGV: Replace ARGV.verbose? with Homebrew.args.verbose?
2020-02-02 14:00:04 +01:00
Mike McQuaid
1cd75e4298
sandbox: allow more TTYs.
...
This is needed on Catalina.
Fixes #6546
2019-10-07 14:51:33 +01:00
Mike McQuaid
36dbad3922
Add frozen_string_literal to all files.
2019-04-20 13:27:36 +09:00
Mike McQuaid
86f43f79ee
Enable/fix optional Ruby frozen string literal usage
...
Combined with https://github.com/Homebrew/homebrew-test-bot/pull/247
this will test Homebrew's use of frozen strings in CI. After this we
will then enable it for Homebrew developers and eventually all Homebrew
users.
2019-04-19 10:30:41 +09:00
Mike McQuaid
1aa8ad09e2
Deprecate macOS versions below Mavericks
...
And remove all dead/unneeded code.
2019-01-27 12:27:47 +00:00
Markus Reiter
e9b9ea49a1
Update to RuboCop 0.59.1.
2018-09-17 03:45:59 +02:00
Markus Reiter
5b3bbb76c9
Separate staging from download.
2018-07-12 10:39:27 +02:00
Markus Reiter
7762ce32aa
Use more descriptive heredoc names.
2018-07-11 18:15:30 +02:00
Mike McQuaid
83cca40fc9
RuboCop 0.53.0 manual fixes.
2018-03-08 14:10:02 +00:00
Markus Reiter
9bee9ca575
Use “squiggly” heredocs.
2017-10-18 14:39:09 +02:00
Mike McQuaid
01e9ec9a9f
Rubocop: automatic rule fixes.
2017-09-24 21:23:59 +01:00
Mike McQuaid
12c454822a
sandbox: stop printing message.
...
We’re always using the sandbox where possible now so this is just
noise for the vast majority of our users.
2017-08-07 11:16:36 +01:00
Mike McQuaid
fb310c57b1
sandbox: sandbox all taps by default.
...
We've been doing this in `brew test-bot`, for our CI and for
homebrew/core long enough that this is a reasonable default that
provides more protection to our users of non-homebrew/core taps.
2017-07-14 17:00:07 +01:00
ilovezfs
53a677aba6
sandbox: allow write access to /dev/random
...
This avoids build failure for `root6`.
MacPorts currently avoids the failure with a patch, as their sandbox
doesn't yet allow write access to `/dev/random` either:
7792b2c565/science/root6/Portfile (L73-L75)7792b2c565/science/root6/files/patch-disable-hsimple-macro.diff15673deba5/interpreter/cling/lib/Utils/PlatformPosix.cpp (L63-L82)
2017-07-11 01:47:36 -07:00
Markus Reiter
2d6ae61314
Re-revert "Fix operator spacing."
2017-06-02 19:22:05 +02:00
ilovezfs
197392b56d
Revert "Fix operator spacing."
2017-06-01 04:06:40 -07:00
Markus Reiter
d34ba7395b
Fix operator spacing.
2017-05-31 19:53:41 +02:00
Mike McQuaid
7a38bab333
Fixup all RuboCop warnings.
2017-05-29 18:43:18 +01:00
