How to disable sandboxing for external taps? #2986
Comments
|
You'll need to configure |
|
That won't work it has to be available at the point when the curl user/password are resolved and var isn't defined at that point. See: https://github.com/phusion/homebrew-passenger/blob/master/Formula/passenger-enterprise.rb#L6-L22 |
|
It looks like you'll need to rely on the |
|
That can't be cached for the users though. Since we can't write to their dotfiles since those are in the home dir. |
|
Right, they'll need to set it in their profile. But you can later cache it in |
|
It only matters while fetching the tarball, so there's no point in putting it somewhere that can't be read while doing so. Basically the formula and tap only exist to allow the users to avoid having to edit their env. If that is no longer a value of homebrew's we'll probably have to pull the formula & tap since it won't offer any benefit any more. |
|
That may well be the case. |
|
That's too bad. I like homebrew, but almost every time I interact with this project user-hostile behaviour is justified by the decisions of just a few people, and that makes me sad. |
|
That's because the bulk of the work on Homebrew the package manager is done by just a few people. Additionally, this is definitely not user-hostile behaviour, quite the opposite. We're making it so users can install from any tap without fearing that it will write random files to random places on their filesystem. This is a valuable security feature. It's a pain for tap maintainers to have to adjust to, I agree, but the writing has been on the wall for a few years for this, I'm afraid. |
In fb310c5 sandboxing was turned on for non homebrew taps, breaking the phusion tap because we cache the user's download token for passenger enterprise in their home dir. How can I disable the sandboxing or keep the cache somewhere allowed?
The text was updated successfully, but these errors were encountered: