This now requires `HOMEBREW_DISABLE_NO_FORCE_BREW_WRAPPER` to be unset.
If it is set (but only in a `brew.env` file), then we use the new
functionality of checking the path of the parent process.
`HOMEBREW_FORCE_BREW_WRAPPER` can be used as a security/compliance
feature, but allowing it to be disabled by setting
`HOMEBREW_NO_FORCE_BREW_WRAPPER` leaves a pretty large hole in it that
allows it to be sidestepped.
Let's fix that by actually checking the path of the process that called
`brew`, and the verify that that path matches the configured value of
`HOMEBREW_NO_FORCE_BREW_WRAPPER`.
Let's move this from `bin/brew` to make things like e.g. `brew --prefix`
or `brew shellenv` not reset the sudo timestamp.
This is still in a place that ensures that e.g. no untrusted formula or
tap code has been run yet so should have no security implications but
provide mild usability improvements.
It's both unexpected and undesirable for `brew bundle (exec|env|sh)` to
filter the environment and makes these tools less useful.
Not filtering the environment, though, causes issues with the
`brew bundle sh` shell. Fix this up and, while we're here, also improve
the formatting for both `zsh` and `bash` (the default) to use nicer and
more consistent prompts and colours.
To simplify this, consolidate some logic in a new
`Utils::Shell.shell_with_prompt` method and add tests for it and a
similar notice for `brew bundle sh`.
Finally, avoid printing out the notice when `HOMEBREW_NO_ENV_HINTS` is
set.
Allow the ability for a system administrator to use
`HOMEBREW_BREW_WRAPPER` and `HOMEBREW_FORCE_BREW_WRAPPER` variables to
enforce the usage of a particular `brew` command for non-trivial (e.g.
`brew --prefix` is considered trivial, it doesn't need to write to the
prefix) Homebrew commands.
This also introduces a `HOMEBREW_ORIGINAL_BREW_FILE` variable for some
internal usage; `HOMEBREW_BREW_FILE` was being used internally for
both "how should we shell out to Homebrew" and "what should we use
to check permissions on Homebrew". `HOMEBREW_ORIGINAL_BREW_FILE` is
now used just for the latter case.
Inspired by conversation in
https://github.com/Homebrew/homebrew-bundle/pull/1551 which suggested
this was worth fixing in wider than just `brew bundle`.
The current glob check will accept lines like
HOMEBREW_FOO=bar BAD_ENV_VAR=baz
and happily export them, but we don't want that.
Let's tighten up the check to reject lines like the above.
In #17694, a call to `sudo --reset-timestamp` was added to prevent
cached credentials being run. Unfortunately, this breaks `brew`
invocation under `sandbox-exec`, which forbids any attempts to
exec setuid executables. This in turn breaks the OCaml opam
package manager, which sandboxes its build commands (including
brew prefix queries): see https://github.com/ocaml/opam/issues/6117
for that error.
This commit just changes the sudo invocation to suppress errors
and continue if it fails, which should be harmless in normal
operation as sudo doesn't emit an error for this option when
invoked normally.
The CDPATH environment variable can affect the behavior of
`cd`, and `cd` takes the `-P`, `-L` and `-e` flags.
(I didn't know about `-e` until looking at the source)
Make quietcd more robust by setting the CDPATH to ''.
I tested this change by running the following commands from a nonstandard
directory, which caused some of tcsh's and perl's dependencies to be recompiled.
$ [path to brew] install tcsh
$ [path to brew] install perl
Here's a link to the source code of `cd` in a mirror of the bash repo.
ec8113b986/builtins/cd.def (L267)
This variable was getting filtered out before so it wasn't possible
for us to use it as the default for HOMEBREW_DEFAULT_CACHE
and HOMEBREW_DEFAULT_LOGS.
`eval` is a much bigger hammer than we need here, so let's try to avoid
that.
Also, we can use the builtin `read` instead of shelling out to `grep`
which will be slightly more efficient.
For a long time people have requested some sort of configuration files
for Homebrew. Now: here's the first version of that.
Similarly to how you can configure Git for a system, a repository or
a user: you can configure Homebrew for a system, a prefix or a user.
The system-wide configuration file is `/etc/homebrew/brew.env`, the
prefix-specific configuration file is
`$HOMEBREW_PREFIX/etc/homebrew/brew.env`
and the user-specific configuration file is `~/.homebrew/brew.env`.
As we need to read these files from Bash in `bin/brew` (so they can)
influence functionality ASAP: they are in a simple format that Bash
can read. It may be that we have more complex array or hash data in
future that's configured through JSON or YAML (most likely JSON as we
use it more) and stored in a `brew.json`/`brew.yaml` file in the same
directory.
As this is relying on `eval` in Bash which is fairly dangerous: we
filter the lines with a regex to ensure we're only permitting setting
`HOMEBREW_*` variables and nothing more.
To give a bit of power to system administrators, the
`HOMEBREW_SYSTEM_ENV_TAKES_PRIORITY` variable can be set in
`/etc/homebrew/brew.env` to ensure that the system-wide configuration
file is loaded last and overrides any prefix or user settings.
Now that we have an actual location for configuration files, let's also
change the `brew livecheck` watchlist configuration file to be in this
directory and deprecate the existing location. As this is a developer
command and the mitigation is to just move the file: we don't need to
follow the normal deprecation process here.
