In #17694, a call to `sudo --reset-timestamp` was added to prevent
cached credentials being run. Unfortunately, this breaks `brew`
invocation under `sandbox-exec`, which forbids any attempts to
exec setuid executables. This in turn breaks the OCaml opam
package manager, which sandboxes its build commands (including
brew prefix queries): see https://github.com/ocaml/opam/issues/6117
for that error.
This commit just changes the sudo invocation to suppress errors
and continue if it fails, which should be harmless in normal
operation as sudo doesn't emit an error for this option when
invoked normally.
The CDPATH environment variable can affect the behavior of
`cd`, and `cd` takes the `-P`, `-L` and `-e` flags.
(I didn't know about `-e` until looking at the source)
Make quietcd more robust by setting the CDPATH to ''.
I tested this change by running the following commands from a nonstandard
directory, which caused some of tcsh's and perl's dependencies to be recompiled.
$ [path to brew] install tcsh
$ [path to brew] install perl
Here's a link to the source code of `cd` in a mirror of the bash repo.
ec8113b986/builtins/cd.def (L267)
This variable was getting filtered out before so it wasn't possible
for us to use it as the default for HOMEBREW_DEFAULT_CACHE
and HOMEBREW_DEFAULT_LOGS.
`eval` is a much bigger hammer than we need here, so let's try to avoid
that.
Also, we can use the builtin `read` instead of shelling out to `grep`
which will be slightly more efficient.
For a long time people have requested some sort of configuration files
for Homebrew. Now: here's the first version of that.
Similarly to how you can configure Git for a system, a repository or
a user: you can configure Homebrew for a system, a prefix or a user.
The system-wide configuration file is `/etc/homebrew/brew.env`, the
prefix-specific configuration file is
`$HOMEBREW_PREFIX/etc/homebrew/brew.env`
and the user-specific configuration file is `~/.homebrew/brew.env`.
As we need to read these files from Bash in `bin/brew` (so they can)
influence functionality ASAP: they are in a simple format that Bash
can read. It may be that we have more complex array or hash data in
future that's configured through JSON or YAML (most likely JSON as we
use it more) and stored in a `brew.json`/`brew.yaml` file in the same
directory.
As this is relying on `eval` in Bash which is fairly dangerous: we
filter the lines with a regex to ensure we're only permitting setting
`HOMEBREW_*` variables and nothing more.
To give a bit of power to system administrators, the
`HOMEBREW_SYSTEM_ENV_TAKES_PRIORITY` variable can be set in
`/etc/homebrew/brew.env` to ensure that the system-wide configuration
file is loaded last and overrides any prefix or user settings.
Now that we have an actual location for configuration files, let's also
change the `brew livecheck` watchlist configuration file to be in this
directory and deprecate the existing location. As this is a developer
command and the mitigation is to just move the file: we don't need to
follow the normal deprecation process here.
We inherit some variables from the user's environment but prefix them
with `HOMEBREW_`. This is the case for (1) variables documented in the
manpage and also for some (2) variables used internally by `brew`.
We currently treat both types identically, but we should not. In
particular, we allow users to override type (1), but we don't want to do
this for type (2).
This was partially fixed in f4103e5d61526cfbf7f31540ba45ec171adc452e,
but that fix did not go far enough. Some variables that the user should
not be allowed to override can still be overridden.
This change completes the partial fix and refactors the code so that
we're less likely to mistakenly conflate the two types of variables in
the future.
