Class: Sandbox Private

Inherits:

Object

• Object
• Sandbox

Extended by:

Utils::Output::Mixin

Includes:

OS::Linux::Sandbox, OS::Mac::Sandbox, Utils::Output::Mixin

Defined in:

sandbox.rb

Overview

This class is part of a private API. This class may only be used in the Homebrew/brew repository. Third parties should avoid using this class if possible, as it may be removed or changed without warning.

Helper class for running a sub-process inside of a sandboxed environment.

Constant Summary

PRIVILEGED_GROUPS =

This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

Privileged groups that are expected to be able to use a working sandbox.

T.let(%w[admin staff root wheel].freeze, T::Array[String])

Class Method Summary

• .available? ⇒ Boolean private
• .avoid_nested_sandboxing? ⇒ Boolean private

  Skip Homebrew's own sandbox when it is opted into via $HOMEBREW_AVOID_NESTED_SANDBOXING and already running inside another sandbox.

• .configuration_command_messages ⇒ Array<String> private
• .configuration_commands ⇒ Array<String> private
• .configure! ⇒ void private
• .ensure_sandbox_installed!(install_from_tests: false) ⇒ void private
• .executable ⇒ Pathname^? private
• .executable! ⇒ Pathname private
• .executable_candidate_paths ⇒ ::PATH private
• .executable_name ⇒ String private
• .executable_usable?(_candidate) ⇒ Boolean private
• .failure_reason ⇒ String^? private
• .nested_sandbox? ⇒ Boolean private

  Whether Homebrew is itself running inside another sandbox, which would make its own nested sandbox hang (macOS) or fail to start (Linux).

• .reset_state! ⇒ void private
• .run_command(*command, writable_path:, deny_network: false) ⇒ void private
• .sandbox_install_command ⇒ String^? private
• .state ⇒ Symbol private
• .terminal_ioctl_request ⇒ Integer private

Instance Method Summary

• #add_rule(allow:, operation:, filter: nil, modifier: nil) ⇒ void private
• #allow_cvs ⇒ void private
• #allow_fossil ⇒ void private
• #allow_network(path:, type: :literal) ⇒ void private
• #allow_read(path:, type: :literal) ⇒ void private
• #allow_read_if_exists(path:, type: :literal) ⇒ void private
• #allow_write(path:, type: :literal) ⇒ void private
• #allow_write_cellar(formula) ⇒ void private
• #allow_write_log(formula) ⇒ void private
• #allow_write_path(path) ⇒ void private
• #allow_write_path_if_exists(path) ⇒ void private
• #allow_write_temp_and_cache ⇒ void private
• #allow_write_xcode ⇒ void private
• #deny_all_network ⇒ void private
• #deny_read(path:, type: :literal) ⇒ void private
• #deny_read_home ⇒ void private
• #deny_read_path(path) ⇒ void private
• #deny_write(path:, type: :literal) ⇒ void private
• #deny_write_homebrew_repository ⇒ void private
• #deny_write_path(path) ⇒ void private
• #initialize ⇒ void constructor private
• #path_filter(path, type) ⇒ SandboxPathFilter private
• #record_log(file) ⇒ void private
• #run(*args) ⇒ void private

Methods included from Utils::Output::Mixin

issue_reporting_message, odebug, odeprecated, odie, odisabled, ofail, oh1, oh1_title, ohai, ohai_title, onoe, opoo, opoo_outside_github_actions, opoo_without_github_actions_annotation, pretty_deprecated, pretty_disabled, pretty_duration, pretty_install_status, pretty_installed, pretty_uninstalled, pretty_upgradable

Methods included from OS::Linux::Sandbox

bubblewrap_candidate_paths, bubblewrap_executable, bubblewrap_executable!

Constructor Details

#initialize ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 220

def initialize
  @profile = T.let(SandboxProfile.new, SandboxProfile)
  @failed = T.let(false, T::Boolean)
  @logfile = T.let(nil, T.nilable(T.any(String, Pathname)))
  @start = T.let(nil, T.nilable(Time))
end

Class Method Details

.available? ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Boolean)

# File 'sandbox.rb', line 79

def self.available?
  false
end

.avoid_nested_sandboxing? ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Skip Homebrew's own sandbox when it is opted into via $HOMEBREW_AVOID_NESTED_SANDBOXING and already running inside another sandbox. The skip is only supported for an unprivileged user in a custom prefix; error out explaining why rather than silently sandboxing (and hanging) when either is not the case.

Returns:

• (Boolean)

# File 'sandbox.rb', line 95

def self.avoid_nested_sandboxing?
  return false unless Homebrew::EnvConfig.avoid_nested_sandboxing?
  return false unless nested_sandbox?

  if Homebrew.default_prefix?
    odie "Refusing to skip the sandbox: `$HOMEBREW_AVOID_NESTED_SANDBOXING` is set " \
         "inside another sandbox but Homebrew is using its default prefix " \
         "(#{HOMEBREW_PREFIX}); this is only supported in a custom prefix."
  end

  privileged_group = PRIVILEGED_GROUPS.find do |name|
    group = Etc.getgrnam(name)
    group && Process.groups.include?(group.gid)
  rescue ArgumentError
    false
  end
  if privileged_group
    odie "Refusing to skip the sandbox: `$HOMEBREW_AVOID_NESTED_SANDBOXING` is set " \
         "inside another sandbox but you are in the privileged `#{privileged_group}` " \
         "group; this is only supported for an unprivileged user."
  end

  true
end

.configuration_command_messages ⇒ Array<String>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Array<String>)

# File 'sandbox.rb', line 142

def self.configuration_command_messages = []

.configuration_commands ⇒ Array<String>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Array<String>)

# File 'sandbox.rb', line 139

def self.configuration_commands = []

.configure! ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

# File 'sandbox.rb', line 148

def self.configure!
  ensure_sandbox_installed!
  reset_state!
end

.ensure_sandbox_installed!(install_from_tests: false) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• install_from_tests (Boolean) (defaults to: false)

# File 'sandbox.rb', line 121

def self.ensure_sandbox_installed!(install_from_tests: false); end

.executable ⇒ Pathname^?

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Pathname, nil)

# File 'sandbox.rb', line 187

def self.executable
  executable_candidate_paths.each do |path|
    begin
      candidate = Pathname.new(File.expand_path(executable_name, path))
    rescue ArgumentError
      next
    end

    next if !candidate.file? || !candidate.executable?
    next unless executable_usable?(candidate)

    return candidate
  end

  nil
end

.executable! ⇒ Pathname

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Pathname)

# File 'sandbox.rb', line 205

def self.executable!
  executable || raise("#{executable_name} is required to use the sandbox.")
end

.executable_candidate_paths ⇒ ::PATH

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (::PATH)

# File 'sandbox.rb', line 179

def self.executable_candidate_paths
  executable_path = Pathname.new(executable_name)
  return PATH.new(executable_path.dirname) if executable_path.absolute?

  PATH.new(ORIGINAL_PATHS, ENV.fetch("PATH"), HOMEBREW_ORIGINAL_BREW_FILE.dirname)
end

.executable_name ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (String)

Raises:

• (NotImplementedError)

# File 'sandbox.rb', line 174

def self.executable_name
  raise NotImplementedError, "Sandbox is not implemented for this OS."
end

.executable_usable?(_candidate) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• _candidate (Pathname)

Returns:

• (Boolean)

# File 'sandbox.rb', line 210

def self.executable_usable?(_candidate)
  true
end

.failure_reason ⇒ String^?

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (String, nil)

# File 'sandbox.rb', line 129

def self.failure_reason
  return if state == :available

  "The sandbox is not available."
end

.nested_sandbox? ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Whether Homebrew is itself running inside another sandbox, which would make its own nested sandbox hang (macOS) or fail to start (Linux). Overridden per-OS.

Returns:

• (Boolean)

# File 'sandbox.rb', line 87

def self.nested_sandbox? = false

.reset_state! ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

# File 'sandbox.rb', line 136

def self.reset_state!; end

.run_command(*command, writable_path:, deny_network: false) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• command (String, Pathname)
• writable_path (String, Pathname)
• deny_network (Boolean) (defaults to: false)

# File 'sandbox.rb', line 154

def self.run_command(*command, writable_path:, deny_network: false)
  ensure_sandbox_installed!
  raise failure_reason || "The sandbox is not available." unless available?

  writable_path = Pathname(writable_path).expand_path
  if !writable_path.directory? || !writable_path.writable?
    raise UsageError,
          "`#{writable_path}` is not a writable directory."
  end

  writable_path = writable_path.realpath
  sandbox = new
  sandbox.allow_write_temp_and_cache
  sandbox.allow_write_path writable_path
  sandbox.deny_read_home
  sandbox.deny_all_network if deny_network
  sandbox.run "/bin/sh", "-c", "cd \"$1\" && shift && exec \"$@\"", "brew-sandbox-exec", writable_path, *command
end

.sandbox_install_command ⇒ String^?

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (String, nil)

# File 'sandbox.rb', line 145

def self.sandbox_install_command = nil

.state ⇒ Symbol

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Symbol)

# File 'sandbox.rb', line 124

def self.state
  available? ? :available : :unavailable
end

.terminal_ioctl_request ⇒ Integer

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Integer)

Raises:

• (NotImplementedError)

# File 'sandbox.rb', line 215

def self.terminal_ioctl_request
  raise NotImplementedError, "Sandbox is not implemented for this OS."
end

Instance Method Details

#add_rule(allow:, operation:, filter: nil, modifier: nil) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• allow (Boolean)
• operation (String)
• filter (SandboxPathFilter, nil) (defaults to: nil)
• modifier (String, nil) (defaults to: nil)

# File 'sandbox.rb', line 236

def add_rule(allow:, operation:, filter: nil, modifier: nil)
  rule = SandboxRule.new(allow:, operation:, filter:, modifier:)
  @profile.add_rule(rule)
end

#allow_cvs ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

# File 'sandbox.rb', line 409

def allow_cvs
  allow_write_path "#{Dir.home(ENV.fetch("USER"))}/.cvspass"
end

#allow_fossil ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

# File 'sandbox.rb', line 414

def allow_fossil
  allow_write_path "#{Dir.home(ENV.fetch("USER"))}/.fossil"
  allow_write_path "#{Dir.home(ENV.fetch("USER"))}/.fossil-journal"
end

#allow_network(path:, type: :literal) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• path (String, Pathname)
• type (Symbol) (defaults to: :literal)

# File 'sandbox.rb', line 446

def allow_network(path:, type: :literal)
  add_rule allow: true, operation: "network*", filter: path_filter(path, type)
end

#allow_read(path:, type: :literal) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• path (String, Pathname)
• type (Symbol) (defaults to: :literal)

# File 'sandbox.rb', line 242

def allow_read(path:, type: :literal)
  add_rule allow: true, operation: "file-read*", filter: path_filter(path, type)
end

#allow_read_if_exists(path:, type: :literal) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• path (String, Pathname, nil)
• type (Symbol) (defaults to: :literal)

# File 'sandbox.rb', line 365

def allow_read_if_exists(path:, type: :literal)
  return unless path
  return unless File.exist?(path)

  allow_read path:, type:
end

#allow_write(path:, type: :literal) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• path (String, Pathname)
• type (Symbol) (defaults to: :literal)

# File 'sandbox.rb', line 373

def allow_write(path:, type: :literal)
  add_rule allow: true, operation: "file-write*", filter: path_filter(path, type)
  add_rule allow: true, operation: "file-write-setugid", filter: path_filter(path, type)
  add_rule allow: true, operation: "file-write-mode", filter: path_filter(path, type)
end

#allow_write_cellar(formula) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• formula (Formula)

# File 'sandbox.rb', line 420

def allow_write_cellar(formula)
  allow_write_path formula.rack
  allow_write_path formula.etc
  allow_write_path formula.var
end

#allow_write_log(formula) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• formula (Formula)

# File 'sandbox.rb', line 430

def allow_write_log(formula)
  allow_write_path formula.logs
end

#allow_write_path(path) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• path (String, Pathname)

# File 'sandbox.rb', line 385

def allow_write_path(path)
  allow_write path:, type: :subpath
end

#allow_write_path_if_exists(path) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• path (String, Pathname, nil)

# File 'sandbox.rb', line 390

def allow_write_path_if_exists(path)
  return unless path
  return unless File.exist?(path)

  allow_write_path path
end

#allow_write_temp_and_cache ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

# File 'sandbox.rb', line 403

def allow_write_temp_and_cache
  allow_write_path HOMEBREW_TEMP
  allow_write_path HOMEBREW_CACHE
end

#allow_write_xcode ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

# File 'sandbox.rb', line 427

def allow_write_xcode; end

#deny_all_network ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

# File 'sandbox.rb', line 451

def deny_all_network
  add_rule allow: false, operation: "network*"
end

#deny_read(path:, type: :literal) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• path (String, Pathname)
• type (Symbol) (defaults to: :literal)

# File 'sandbox.rb', line 247

def deny_read(path:, type: :literal)
  add_rule allow: false, operation: "file-read*", filter: path_filter(path, type)
end

#deny_read_home ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

# File 'sandbox.rb', line 257

def deny_read_home
  require "trust"

  home = Pathname(Dir.home(ENV.fetch("USER"))).realpath
  if [
    HOMEBREW_PREFIX,
    HOMEBREW_REPOSITORY,
    HOMEBREW_CACHE,
    HOMEBREW_LOGS,
    HOMEBREW_TEMP,
    ENV.fetch("GITHUB_WORKSPACE", nil),
    ENV.fetch("RUNNER_WORKSPACE", nil),
    ENV.fetch("RUNNER_TEMP", nil),
    Homebrew::Trust.trust_file,
    *home_write_paths.select { |path| File.exist?(path) },
  ].compact.any? do |path|
    path = Pathname(path)
    [path.expand_path, (path.realpath if path.exist?)].compact.any? { |pathname| pathname.ascend.include?(home) }
  end
    # When Homebrew or CI needs some `$HOME` paths to stay readable, deny only
    # well-known credential and personal-data paths instead of enumerating all
    # of `$HOME`.
    [
      ".ssh",
      ".aws",
      ".azure",
      ".boto",
      ".docker",
      ".config/fish",
      ".config/gh",
      ".config/gcloud",
      ".config/huggingface",
      ".config/pip",
      ".config/pypoetry",
      ".config/rclone",
      ".config/containers/auth.json",
      ".config/composer/auth.json",
      ".config/sops/age/keys.txt",
      ".gnupg",
      ".git-credentials",
      ".gitconfig",
      ".gsutil",
      ".kube",
      ".netrc",
      ".npmrc",
      ".yarnrc",
      ".yarnrc.yml",
      ".pnpmrc",
      ".bunfig.toml",
      ".pypirc",
      ".pip",
      ".poetry",
      ".local/share/pypoetry",
      ".gem/credentials",
      ".bundle/config",
      ".cargo/credentials",
      ".cargo/credentials.toml",
      ".composer/auth.json",
      ".condarc",
      ".m2/settings.xml",
      ".gradle/gradle.properties",
      ".sbt/1.0/credentials.sbt",
      ".terraform.d/credentials.tfrc.json",
      ".pulumi/credentials.json",
      ".oci/config",
      ".huggingface/token",
      ".cache/huggingface/token",
      ".claude",
      ".claude.json",
      ".kiro",
      ".bash_login",
      ".bash_logout",
      ".bash_profile",
      ".bashrc",
      ".bash_history",
      ".profile",
      ".zlogin",
      ".zlogout",
      ".zprofile",
      ".zshenv",
      ".zshrc",
      ".zsh_history",
      ".python_history",
      ".mysql_history",
      ".psql_history",
      ".env",
      ".env.local",
      "Documents",
      "Movies",
      "Music",
      "Pictures",
      "Library/Keychains",
      "Library/Mobile Documents",
      "Library/CloudStorage",
      "Dropbox",
      "Google Drive",
      "OneDrive",
    ].each do |path|
      path = home/path
      deny_read_path path if path.exist?
    end
    return
  end

  deny_read_path home
end

#deny_read_path(path) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• path (String, Pathname)

# File 'sandbox.rb', line 252

def deny_read_path(path)
  deny_read path:, type: :subpath
end

#deny_write(path:, type: :literal) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• path (String, Pathname)
• type (Symbol) (defaults to: :literal)

# File 'sandbox.rb', line 380

def deny_write(path:, type: :literal)
  add_rule allow: false, operation: "file-write*", filter: path_filter(path, type)
end

#deny_write_homebrew_repository ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

# File 'sandbox.rb', line 435

def deny_write_homebrew_repository
  deny_write path: HOMEBREW_ORIGINAL_BREW_FILE
  if HOMEBREW_PREFIX.to_s == HOMEBREW_REPOSITORY.to_s
    deny_write_path HOMEBREW_LIBRARY
    deny_write_path HOMEBREW_REPOSITORY/".git"
  else
    deny_write_path HOMEBREW_REPOSITORY
  end
end

#deny_write_path(path) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• path (String, Pathname)

# File 'sandbox.rb', line 398

def deny_write_path(path)
  deny_write path:, type: :subpath
end

#path_filter(path, type) ⇒ SandboxPathFilter

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• path (String, Pathname)
• type (Symbol)

Returns:

• (SandboxPathFilter)

# File 'sandbox.rb', line 553

def path_filter(path, type)
  # Any character is allowed: the OS-specific renderer quotes paths safely
  # (the seatbelt renderer escapes the `"` and `\` string delimiters; the
  # Linux sandbox passes each path as a separate argument), so even paths
  # with spaces, parentheses, quotes, backslashes or newlines are expressible.
  filter_path = case type
  when :regex   then path.to_s
  when :subpath, :literal
    expand_realpath(Pathname.new(path)).to_s
  else raise ArgumentError, "Invalid path filter type: #{type}"
  end

  SandboxPathFilter.new(path: filter_path, type:)
end

#record_log(file) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• file (String, Pathname)

# File 'sandbox.rb', line 228

def record_log(file)
  @logfile = file
end

#run(*args) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• args (String, Pathname)

# File 'sandbox.rb', line 456

def run(*args)
  Dir.mktmpdir("homebrew-sandbox", HOMEBREW_TEMP) do |tmpdir|
    allow_network path: File.join(tmpdir, "socket"), type: :literal if allow_network_for_error_pipe?
    @start = T.let(Time.now, T.nilable(Time))

    begin
      command = sandbox_command(args, tmpdir)
      # Start sandbox in a pseudoterminal to prevent access of the parent terminal.
      PTY.open do |controller, worker|
        # Set the PTY's window size to match the parent terminal.
        # Some formula tests are sensitive to the terminal size and fail if this is not set.
        winch = proc do |_sig|
          controller.winsize = if $stdout.tty?
            # We can only use IO#winsize if the IO object is a TTY.
            $stdout.winsize
          else
            # Otherwise, default to tput, if available.
            # This relies on ncurses rather than the system's ioctl.
            [Utils.popen_read("tput", "lines").to_i, Utils.popen_read("tput", "cols").to_i]
          end
        end

        write_to_pty = proc do
          # Don't hang if stdin is not able to be used - throw EIO instead.
          old_ttin = trap(:TTIN, "IGNORE")

          # Update the window size whenever the parent terminal's window size changes.
          old_winch = trap(:WINCH, &winch)
          winch.call(nil)

          stdin_thread = Thread.new do
            IO.copy_stream($stdin, controller)
          rescue Errno::EIO
            # stdin is unavailable - move on.
          end

          stdout_thread = Thread.new do
            controller.each_char { |c| print(c) }
          end

          Utils.safe_fork(directory: tmpdir, yield_parent: true) do |error_pipe|
            if error_pipe
              # Child side
              Process.setsid
              controller.close
              worker.ioctl(self.class.terminal_ioctl_request, 0) # Make this the controlling terminal.

              ensure_child_tty_available

              # Move into a non-denied directory before `exec` so subsequent
              # `getcwd(3)` calls (which walk every parent) never cross a
              # `deny_read_home` path inherited from the caller's CWD.
              Dir.chdir(tmpdir)

              worker.close_on_exec = true
              exec(*command, in: worker, out: worker, err: worker) # And map everything to the PTY.
            else
              # Parent side
              worker.close
            end
          end
        rescue ChildProcessError => e
          raise ErrorDuringExecution.new(command, status: e.status)
        ensure
          stdin_thread&.kill
          stdout_thread&.kill
          trap(:TTIN, old_ttin)
          trap(:WINCH, old_winch)
        end

        if $stdin.tty?
          # If stdin is a TTY, use io.raw to set stdin to a raw, passthrough
          # mode while we copy the input/output of the process spawned in the
          # PTY. After we've finished copying to/from the PTY process, io.raw
          # will restore the stdin TTY to its original state.
          begin
            # Ignore SIGTTOU as setting raw mode will hang if the process is in the background.
            old_ttou = trap(:TTOU, "IGNORE")
            $stdin.raw(&write_to_pty)
          ensure
            trap(:TTOU, old_ttou)
          end
        else
          write_to_pty.call
        end
      end
    rescue
      @failed = true
      raise
    ensure
      record_sandbox_log
    end
  end
end