admin/brew - brew - Gitea: Git with a cup of tea

admin/brew

Author	SHA1	Message	Date
William Woodruff	9d313b23eb	sandbox: disallow backslashes in path filter names This should really be an allowlist rather than a denylist, but for the time being this at least prevents someone from causing an obtuse sandbox error by naming a file something like "foo\". Signed-off-by: William Woodruff <william@yossarian.net>	2024-07-31 12:10:51 -04:00
Rylan Polster	7d16fd9186	Revert "sandbox: deny signal to other processes"	2024-07-15 12:22:02 -04:00
Thierry Moisan	66a479be82	sandbox: deny signal to other processes	2024-07-14 11:21:51 -04:00
William Woodruff	92ef6ef763	Merge pull request #17708 from Homebrew/sandbox-chmod	2024-07-13 16:38:44 -04:00
Rylan Polster	e054a3ccf6	Also restrict SUID/GSID writes in sandbox	2024-07-13 16:28:17 -04:00
Rylan Polster	ea364210f2	Remove unecessary directory check	2024-07-13 15:58:41 -04:00
Rylan Polster	ab46965d95	Deny file mode changes outside of specified paths in sandbox	2024-07-13 15:23:39 -04:00
Rylan Polster	f4e5e0c716	Don't allow special characters in sandbox rule paths Co-authored-by: Thierry Moisan <thierry.moisan@gmail.com>	2024-07-13 14:41:05 -04:00
Markus Reiter	0f0055ede4	Make documentation `@api private` by default.	2024-04-26 19:04:20 +02:00
Caleb Xu	4eb4c7a970	sandbox: enable strict typing	2024-04-24 21:56:25 -04:00
Caleb Xu	3d5c3a0589	sandbox: add methods for allowing/denying network access	2024-04-22 22:36:00 -04:00
François Lamboley	c561931050	Add a new path in sandbox for Xcode When building a project which has SPM dependencies in Xcode, SPM will try and access (and potentially write in) `/Users/frizlab/Library/Caches/org.swift.swiftpm`. I have added this path in the write exception for Xcode.	2024-01-12 15:37:24 +01:00
Douglas Eichelberger	3abbf4447e	Some minor regexp match perf improvements	2023-12-27 13:16:36 -08:00
Douglas Eichelberger	24cf6076e8	brew style --fix	2023-04-24 20:42:39 -07:00
Douglas Eichelberger	f3a8241e69	Remove useless T.unsafe wrappers	2023-04-03 17:34:39 -07:00
Mike McQuaid	77c0d38c35	brew style --fix	2022-12-13 11:37:06 +00:00
apainintheneck	9c2293a08e	Move Sandbox check to extend/os	2022-11-23 20:39:59 -08:00
Bo Anderson	5c6160472b	sandbox: allow file-write-setugid	2022-06-10 19:32:32 +01:00
Bo Anderson	8eb4756d3e	sandbox: handle SIGTTOU and SIGTTIN to avoid hangs	2022-01-28 07:01:31 +00:00
Sean Sullivan	c0de9c5497	Comment more thoroughly	2021-09-07 19:49:01 -07:00
Sean Sullivan	1f0f08c30d	Remove redundant begin	2021-09-07 11:15:06 -07:00
Sean Sullivan	c7b36df879	Fix style	2021-09-07 10:09:47 -07:00
Sean Sullivan	c88f4c0645	Use raw block to return tty to proper state	2021-09-06 22:27:43 -07:00
Bo Anderson	9e42ddb011	sandbox: fallback to tput for winsize	2021-09-01 21:09:23 +01:00
Bo Anderson	be41b12e4c	sandbox: restore old WINCH trap	2021-08-25 20:35:11 +01:00
Bo Anderson	d4c691e91e	sandbox: check if stdin/out is associated with a tty	2021-08-24 16:17:39 +01:00
Mike McQuaid	aa04277dc2	sandbox: add comment.	2021-08-24 14:46:00 +01:00
Bo Anderson	0f900edfa2	sandbox: start sandbox in a pseudoterminal	2021-08-24 14:29:17 +01:00
Bo Anderson	e8b82bbe1e	Fix `brew style`	2021-08-13 13:49:52 +01:00
EricFromCanada	a427de5bee	capitalization fixes "curl" is the binary, while "cURL" is the umbrella project.	2021-01-26 15:36:44 -05:00
EricFromCanada	571179ff0e	pass second argument to ohai when applicable	2021-01-26 15:36:43 -05:00
Markus Reiter	cf169e5270	Fix type errors in `Sandbox`.	2020-11-29 21:23:54 +01:00
Markus Reiter	da9289eff0	Add more type signatures.	2020-11-13 12:26:36 +01:00
Jonathan Chang	ab7b757400	rubocop: fix Style/NegatedIfElseCondition	2020-11-10 23:28:31 +11:00
Markus Reiter	24ae318a3d	Move type annotations into files.	2020-10-10 14:59:39 +02:00
Markus Reiter	70cfb52158	Document `Sandbox`.	2020-08-26 03:13:59 +02:00
Seeker	f03aeb41c7	sandbox: use Dir.home instead of HOME	2020-07-10 08:31:10 -07:00
Claudia	23cb93ff1c	sandbox: do not assume home is inside `/Users` It’s not uncommon to use `/var/${USER}` as a home directory, especially for shared or CLI-only users. This fixes an issue where a formula that requires `xcodebuild` is `brew install`ed from such a shared or CLI-only user account. In that case, `xcodebuild` would fail because it is denied writing to `/var/${USER}/Library/Developer/Xcode`. For details, see: https://gist.github.com/claui/17cd89f8f6b4094ac704f142ea811fd8 Suggested-by: Bo Anderson <mail@boanderson.me>	2020-07-03 15:39:41 +02:00
Issy Long	0041ea21f5	Change occurrences of "whitelist" to "allowlist"	2020-06-06 22:38:32 +01:00
Mike McQuaid	40ec8e69cc	Cleanup Sandbox code Remove unused code and methods.	2020-05-02 13:45:04 +01:00
Mike McQuaid	3381cbf5c7	Use Homebrew::EnvConfig.	2020-04-07 09:58:26 +01:00
Gautham Goli	acde828a45	ARGV: Replace ARGV.verbose? with Homebrew.args.verbose?	2020-02-02 14:00:04 +01:00
Mike McQuaid	1cd75e4298	sandbox: allow more TTYs. This is needed on Catalina. Fixes #6546	2019-10-07 14:51:33 +01:00
Mike McQuaid	36dbad3922	Add frozen_string_literal to all files.	2019-04-20 13:27:36 +09:00
Mike McQuaid	86f43f79ee	Enable/fix optional Ruby frozen string literal usage Combined with https://github.com/Homebrew/homebrew-test-bot/pull/247 this will test Homebrew's use of frozen strings in CI. After this we will then enable it for Homebrew developers and eventually all Homebrew users.	2019-04-19 10:30:41 +09:00
Mike McQuaid	1aa8ad09e2	Deprecate macOS versions below Mavericks And remove all dead/unneeded code.	2019-01-27 12:27:47 +00:00
Markus Reiter	e9b9ea49a1	Update to RuboCop 0.59.1.	2018-09-17 03:45:59 +02:00
Markus Reiter	5b3bbb76c9	Separate staging from download.	2018-07-12 10:39:27 +02:00
Markus Reiter	7762ce32aa	Use more descriptive heredoc names.	2018-07-11 18:15:30 +02:00
Mike McQuaid	83cca40fc9	RuboCop 0.53.0 manual fixes.	2018-03-08 14:10:02 +00:00

1 2

90 Commits